fix(ai): sanitize providerConfig at construction time so all consumers receive clean JSON

ihoffmann-dot · ihoffmann-dot · commit 4aaa0fd166ae · 2026-04-14T13:36:17.000-03:00
diff --git a/dotCMS/src/main/java/com/dotcms/ai/app/AppConfig.java b/dotCMS/src/main/java/com/dotcms/ai/app/AppConfig.java
@@ -62,7 +62,8 @@ public AppConfig(final String host, final Map<String, Secret> secrets) {
         apiUrl = aiAppUtil.discoverEnvSecret(secrets, AppKeys.API_URL, AI_API_URL_KEY);
         apiImageUrl = aiAppUtil.discoverEnvSecret(secrets, AppKeys.API_IMAGE_URL, AI_IMAGE_API_URL_KEY);
         apiEmbeddingsUrl = aiAppUtil.discoverEnvSecret(secrets, AppKeys.API_EMBEDDINGS_URL, AI_EMBEDDINGS_API_URL_KEY);
-        providerConfig = aiAppUtil.discoverSecret(secrets, AppKeys.PROVIDER_CONFIG);
+        final String rawProviderConfig = aiAppUtil.discoverSecret(secrets, AppKeys.PROVIDER_CONFIG);
+        providerConfig = rawProviderConfig != null ? rawProviderConfig.replaceAll("[\\r\\n\\t]", "") : null;
 
         if (StringUtils.isNotBlank(providerConfig)) {
             providerConfigHash = sha256Hex(providerConfig);
@@ -349,7 +350,7 @@ public boolean isEnabled() {
     @com.google.common.annotations.VisibleForTesting
     static JsonNode parseProviderConfig(final String json) {
         try {
-            return MAPPER.readTree(json.replaceAll("[\\r\\n\\t]", ""));
+            return MAPPER.readTree(json);
         } catch (final Exception e) {
             Logger.warn(AppConfig.class, "Failed to parse providerConfig JSON"
                     + " (" + e.getClass().getSimpleName() + "): " + e.getMessage(), e);
diff --git a/dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/LangChain4jAIClient.java b/dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/LangChain4jAIClient.java
@@ -9,7 +9,6 @@
 import com.dotcms.ai.domain.AIProvider;
 import com.dotcms.ai.exception.DotAIAppConfigDisabledException;
 import com.dotcms.ai.exception.DotAIClientConnectException;
-import com.dotcms.rest.api.v1.DotObjectMapperProvider;
 import com.dotmarketing.util.Logger;
 import com.dotmarketing.util.json.JSONArray;
 import com.dotmarketing.util.json.JSONObject;
@@ -66,7 +65,7 @@
 public class LangChain4jAIClient implements AIClient {
 
     private static final Lazy<LangChain4jAIClient> INSTANCE = Lazy.of(LangChain4jAIClient::new);
-    private static final ObjectMapper MAPPER = DotObjectMapperProvider.createDefaultMapper();
+    private static final ObjectMapper MAPPER = new ObjectMapper();
     private static final long MODEL_CACHE_TTL_HOURS = 1;
 
     private final Cache<String, ChatModel> chatModelCache = CacheBuilder.newBuilder()
diff --git a/dotCMS/src/test/java/com/dotcms/ai/app/AppConfigTest.java b/dotCMS/src/test/java/com/dotcms/ai/app/AppConfigTest.java
@@ -68,39 +68,75 @@ public class AppConfigTest {
             "}";
 
     // -------------------------------------------------------------------------
-    // parseProviderConfig — unit tests on the static method directly
+    // Real-world JSON format from the dotAI Apps config (formatted, 3 sections)
+    // API key matches the actual structure: sk-proj-<164 chars>
     // -------------------------------------------------------------------------
 
+    private static final String REAL_API_KEY =
+            "sk-proj-EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" +
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF";
+
+    /** Exact format the user pastes into the Apps UI textarea (pretty-printed, 3 sections). */
+    private static final String REAL_WORLD_FORMATTED_CONFIG =
+            "{\n" +
+            "   \"chat\":{\n" +
+            "      \"provider\":\"openai\",\n" +
+            "      \"apiKey\":\"" + REAL_API_KEY + "\",\n" +
+            "      \"model\":\"o4-mini\",\n" +
+            "      \"maxCompletionTokens\":16384,\n" +
+            "      \"temperature\":1.0,\n" +
+            "      \"maxRetries\":3\n" +
+            "   },\n" +
+            "   \"embeddings\":{\n" +
+            "      \"provider\":\"openai\",\n" +
+            "      \"apiKey\":\"" + REAL_API_KEY + "\",\n" +
+            "      \"model\":\"text-embedding-3-small\"\n" +
+            "   },\n" +
+            "   \"image\":{\n" +
+            "      \"provider\":\"openai\",\n" +
+            "      \"apiKey\":\"" + REAL_API_KEY + "\",\n" +
+            "      \"model\":\"gpt-image-1\",\n" +
+            "      \"size\":\"1024x1024\"\n" +
+            "   }\n" +
+            "}";
+
     @Test
-    public void test_parseProviderConfig_cleanJson_parsesModelNames() {
-        final JsonNode root = AppConfig.parseProviderConfig(CLEAN_PROVIDER_CONFIG);
+    public void test_parseProviderConfig_realWorldFormattedJson_parsesAllSections() {
+        final JsonNode root = AppConfig.parseProviderConfig(REAL_WORLD_FORMATTED_CONFIG);
 
-        assertFalse("Parse should not return empty node for valid JSON", root.isEmpty());
-        assertEquals("gpt-4o-mini",           root.path("chat").path("model").asText());
-        assertEquals("text-embedding-ada-002", root.path("embeddings").path("model").asText());
+        assertFalse("Formatted JSON should parse successfully", root.isEmpty());
+        assertEquals("o4-mini",                root.path("chat").path("model").asText());
+        assertEquals("text-embedding-3-small", root.path("embeddings").path("model").asText());
+        assertEquals("gpt-image-1",            root.path("image").path("model").asText());
     }
 
     @Test
-    public void test_parseProviderConfig_embeddedNewlines_parsesModelNames() {
-        // This is the real-world failure scenario: apiKey contains a literal \n
-        final JsonNode root = AppConfig.parseProviderConfig(WRAPPED_PROVIDER_CONFIG);
+    public void test_appConfig_realWorldFormattedJson_isEnabled_allModelsSet() {
+        final AppConfig config = buildAppConfig(REAL_WORLD_FORMATTED_CONFIG);
 
-        assertFalse("Parse should succeed even with embedded newlines in string values", root.isEmpty());
-        assertEquals("gpt-4o-mini",           root.path("chat").path("model").asText());
-        assertEquals("text-embedding-ada-002", root.path("embeddings").path("model").asText());
+        assertTrue("AppConfig should be enabled with real-world formatted providerConfig", config.isEnabled());
+        assertEquals("o4-mini",                config.getModel().getCurrentModel());
+        assertEquals("text-embedding-3-small", config.getEmbeddingsModel().getCurrentModel());
+        assertEquals("gpt-image-1",            config.getImageModel().getCurrentModel());
     }
 
-    @Test
-    public void test_parseProviderConfig_windowsLineEndings_parsesModelNames() {
-        // Windows-style \r\n in the apiKey values
-        final String crlfJson = WRAPPED_PROVIDER_CONFIG.replace("\n", "\r\n");
+    // -------------------------------------------------------------------------
+    // parseProviderConfig — unit tests on the static method directly
+    // -------------------------------------------------------------------------
 
-        final JsonNode root = AppConfig.parseProviderConfig(crlfJson);
+    @Test
+    public void test_parseProviderConfig_cleanJson_parsesModelNames() {
+        final JsonNode root = AppConfig.parseProviderConfig(CLEAN_PROVIDER_CONFIG);
 
-        assertFalse(root.isEmpty());
-        assertEquals("gpt-4o-mini", root.path("chat").path("model").asText());
+        assertFalse("Parse should not return empty node for valid JSON", root.isEmpty());
+        assertEquals("gpt-4o-mini",           root.path("chat").path("model").asText());
+        assertEquals("text-embedding-ada-002", root.path("embeddings").path("model").asText());
     }
 
+    // Note: parseProviderConfig receives already-sanitized JSON (sanitization happens in the
+    // constructor before calling this method). Embedded-newline scenarios are covered by
+    // test_appConfig_withWrappedProviderConfig_isEnabled below.
+
     @Test
     public void test_parseProviderConfig_null_returnsEmptyObjectNode() {
         final JsonNode root = AppConfig.parseProviderConfig(null);
