New dependencies on licensed extensions are not covered by existing licenses when upgrading licensed extensions

[raphj]

When upgrading a licensed extension with a new dependency to another licensed extension, the newly added dependency is not covered by the existing valid license. i.e the existing valid license for the "parent" extension is not considered valid for the dependency.

This caused xwikisas/xwiki-pro-macros#286. The bug can also be reproduced with xwikisas/xwiki-pro-macros#78 (which has gone unnoticed so far).

The dependencies need to be reanalyzed when upgrading extensions, and the new artifact ids need to be added to the valid license.

When handling this, please remove or adjust the workaround added at xwikisas/xwiki-pro-macros#286 (xwikisas/xwiki-pro-macros@c242742) on Pro Macros

[mflorea]

The list of dependencies that should be covered by the license are included in the license when it is generated. So if we add paid deps after the license was generated, we currently need to re-generate the license to have the updated list of deps.

On the licensing application side, we could detect when a license needs to be re-generated. E.g.:

• have an extension upgrade listener that catches licensed extension upgrades
• collect the list of licensed deps for both the previous and new extension version (the one being upgraded)
• if the two list differs then make a call to store to regenerate the license then fetch the license from the store and apply it

By re-generate the license I mean: create a new license page with the updated "Dependent Extension Ids" field and with expiration date increased by 1 second. Have a safety measure to block such a request if the previous license was generated very recently (less than X time ago, like 1h or 1 day). The store could also do the same check as the client instance and only re-generate if the deps have changed.