From 1edc87c2ca22de5ced68bcd591b92ff879a8ea59 Mon Sep 17 00:00:00 2001 From: Igor Vinokur Date: Tue, 25 Jul 2023 14:05:28 +0300 Subject: [PATCH] fixup! Omit scm-username annotation from the PAT secret --- ...ucketServerPersonalAccessTokenFetcher.java | 2 +- .../bitbucket/BitbucketServerURLParser.java | 2 +- .../BitbucketServerUserDataFetcher.java | 2 +- .../HttpBitbucketServerApiClient.java | 30 ++++++++++++------- .../server/BitbucketServerApiClient.java | 17 ++++++----- .../server/NoopBitbucketServerApiClient.java | 10 +++++-- ...tServerPersonalAccessTokenFetcherTest.java | 24 +++++++-------- .../BitbucketServerUserDataFetcherTest.java | 2 +- .../HttpBitbucketServerApiClientTest.java | 4 +-- 9 files changed, 54 insertions(+), 39 deletions(-) diff --git a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerPersonalAccessTokenFetcher.java b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerPersonalAccessTokenFetcher.java index 81b83a2cec..5d22669cca 100644 --- a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerPersonalAccessTokenFetcher.java +++ b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerPersonalAccessTokenFetcher.java @@ -78,7 +78,7 @@ public class BitbucketServerPersonalAccessTokenFetcher implements PersonalAccess final String tokenName = format(TOKEN_NAME_TEMPLATE, cheUser.getUserId(), apiEndpoint.getHost()); try { - BitbucketUser user = bitbucketServerApiClient.getUser(null); + BitbucketUser user = bitbucketServerApiClient.getUser(); LOG.debug("Current bitbucket user {} ", user); // cleanup existed List existingTokens = diff --git a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerURLParser.java b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerURLParser.java index 7fcea295db..b76d4d517a 100644 --- a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerURLParser.java +++ b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerURLParser.java @@ -116,7 +116,7 @@ public class BitbucketServerURLParser { ""); // If the user request catches the unauthorised error, it means that the provided url // belongs to Bitbucket. - bitbucketServerApiClient.getUser(null); + bitbucketServerApiClient.getUser(); } catch (ScmItemNotFoundException | ScmCommunicationException e) { return false; } catch (ScmUnauthorizedException e) { diff --git a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerUserDataFetcher.java b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerUserDataFetcher.java index 282a08b093..5fcf024a25 100644 --- a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerUserDataFetcher.java +++ b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerUserDataFetcher.java @@ -80,7 +80,7 @@ public class BitbucketServerUserDataFetcher implements GitUserDataFetcher { for (String bitbucketServerEndpoint : this.registeredBitbucketEndpoints) { if (bitbucketServerApiClient.isConnected(bitbucketServerEndpoint)) { try { - BitbucketUser user = bitbucketServerApiClient.getUser(null); + BitbucketUser user = bitbucketServerApiClient.getUser(); return new GitUserData(user.getDisplayName(), user.getEmailAddress()); } catch (ScmItemNotFoundException e) { throw new ScmCommunicationException(e.getMessage(), e); diff --git a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/HttpBitbucketServerApiClient.java b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/HttpBitbucketServerApiClient.java index e09f3c4b2c..0ba18e6cde 100644 --- a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/HttpBitbucketServerApiClient.java +++ b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/HttpBitbucketServerApiClient.java @@ -37,6 +37,7 @@ import java.net.http.HttpResponse; import java.time.Duration; import java.util.ArrayList; import java.util.List; +import java.util.Optional; import java.util.Set; import java.util.concurrent.Executors; import java.util.function.Function; @@ -110,12 +111,18 @@ public class HttpBitbucketServerApiClient implements BitbucketServerApiClient { } @Override - public BitbucketUser getUser(@Nullable String token) + public BitbucketUser getUser(String token) throws ScmItemNotFoundException, ScmUnauthorizedException, ScmCommunicationException { - return getUser(getUserSlug(token), token); + return getUser(getUserSlug(Optional.of(token)), Optional.of(token)); } - private String getUserSlug(@Nullable String token) + @Override + public BitbucketUser getUser() + throws ScmItemNotFoundException, ScmUnauthorizedException, ScmCommunicationException { + return getUser(getUserSlug(Optional.empty()), Optional.empty()); + } + + private String getUserSlug(Optional token) throws ScmCommunicationException, ScmUnauthorizedException, ScmItemNotFoundException { URI uri; try { @@ -129,8 +136,8 @@ public class HttpBitbucketServerApiClient implements BitbucketServerApiClient { HttpRequest.newBuilder(uri) .headers( "Authorization", - token != null - ? "Bearer " + token + token.isPresent() + ? "Bearer " + token.get() : computeAuthorizationHeader("GET", uri.toString())) .timeout(DEFAULT_HTTP_TIMEOUT) .build(); @@ -152,7 +159,7 @@ public class HttpBitbucketServerApiClient implements BitbucketServerApiClient { } } - private BitbucketUser getUser(String slug, @Nullable String token) + private BitbucketUser getUser(String slug, Optional token) throws ScmItemNotFoundException, ScmUnauthorizedException, ScmCommunicationException { URI uri; try { @@ -166,8 +173,8 @@ public class HttpBitbucketServerApiClient implements BitbucketServerApiClient { HttpRequest.newBuilder(uri) .headers( "Authorization", - token != null - ? "Bearer " + token + token.isPresent() + ? "Bearer " + token.get() : computeAuthorizationHeader("GET", uri.toString())) .timeout(DEFAULT_HTTP_TIMEOUT) .build(); @@ -255,7 +262,7 @@ public class HttpBitbucketServerApiClient implements BitbucketServerApiClient { ScmItemNotFoundException { BitbucketPersonalAccessToken token = new BitbucketPersonalAccessToken(tokenName, permissions, 90); - URI uri = serverUri.resolve("./rest/access-tokens/1.0/users/" + getUserSlug(null)); + URI uri = serverUri.resolve("./rest/access-tokens/1.0/users/" + getUserSlug(Optional.empty())); try { HttpRequest request = @@ -298,7 +305,7 @@ public class HttpBitbucketServerApiClient implements BitbucketServerApiClient { try { return doGetItems( BitbucketPersonalAccessToken.class, - "./rest/access-tokens/1.0/users/" + getUserSlug(null), + "./rest/access-tokens/1.0/users/" + getUserSlug(Optional.empty()), null); } catch (ScmBadRequestException e) { throw new ScmCommunicationException(e.getMessage(), e); @@ -309,7 +316,8 @@ public class HttpBitbucketServerApiClient implements BitbucketServerApiClient { public BitbucketPersonalAccessToken getPersonalAccessToken(Long tokenId) throws ScmItemNotFoundException, ScmUnauthorizedException, ScmCommunicationException { URI uri = - serverUri.resolve("./rest/access-tokens/1.0/users/" + getUserSlug(null) + "/" + tokenId); + serverUri.resolve( + "./rest/access-tokens/1.0/users/" + getUserSlug(Optional.empty()) + "/" + tokenId); HttpRequest request = HttpRequest.newBuilder(uri) .headers( diff --git a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/server/BitbucketServerApiClient.java b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/server/BitbucketServerApiClient.java index fcf4d8c711..399e112aa6 100644 --- a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/server/BitbucketServerApiClient.java +++ b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/server/BitbucketServerApiClient.java @@ -17,7 +17,6 @@ import org.eclipse.che.api.factory.server.scm.exception.ScmBadRequestException; import org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException; import org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException; import org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException; -import org.eclipse.che.commons.annotation.Nullable; /** Bitbucket Server API client. */ public interface BitbucketServerApiClient { @@ -28,13 +27,17 @@ public interface BitbucketServerApiClient { boolean isConnected(String bitbucketServerUrl); /** - * @param token token to override. Pass {@code null} to use token from the authentication flow. - * @return - Retrieve the {@link BitbucketUser} matching the supplied userSlug. - * @throws ScmItemNotFoundException - * @throws ScmUnauthorizedException - * @throws ScmCommunicationException + * @param token token to authorise the user request. + * @return - authenticated {@link BitbucketUser}. */ - BitbucketUser getUser(@Nullable String token) + BitbucketUser getUser(String token) + throws ScmItemNotFoundException, ScmUnauthorizedException, ScmCommunicationException; + + /** + * @return Retrieve the authenticated {@link BitbucketUser} using an OAuth token. + * @return - authenticated {@link BitbucketUser}. + */ + BitbucketUser getUser() throws ScmItemNotFoundException, ScmUnauthorizedException, ScmCommunicationException; /** diff --git a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/server/NoopBitbucketServerApiClient.java b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/server/NoopBitbucketServerApiClient.java index 447ab5bae7..600ecc3f1c 100644 --- a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/server/NoopBitbucketServerApiClient.java +++ b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/server/NoopBitbucketServerApiClient.java @@ -17,7 +17,6 @@ import org.eclipse.che.api.factory.server.scm.exception.ScmBadRequestException; import org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException; import org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException; import org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException; -import org.eclipse.che.commons.annotation.Nullable; /** * Implementation of @{@link BitbucketServerApiClient} that is going to be deployed in container in @@ -30,7 +29,14 @@ public class NoopBitbucketServerApiClient implements BitbucketServerApiClient { } @Override - public BitbucketUser getUser(@Nullable String token) + public BitbucketUser getUser(String token) + throws ScmItemNotFoundException, ScmUnauthorizedException, ScmCommunicationException { + throw new RuntimeException( + "The fallback noop api client cannot be used for real operation. Make sure Bitbucket OAuth1 is properly configured."); + } + + @Override + public BitbucketUser getUser() throws ScmItemNotFoundException, ScmUnauthorizedException, ScmCommunicationException { throw new RuntimeException( "The fallback noop api client cannot be used for real operation. Make sure Bitbucket OAuth1 is properly configured."); diff --git a/wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerPersonalAccessTokenFetcherTest.java b/wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerPersonalAccessTokenFetcherTest.java index 59b7090afc..bff6ca6f30 100644 --- a/wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerPersonalAccessTokenFetcherTest.java +++ b/wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerPersonalAccessTokenFetcherTest.java @@ -14,7 +14,6 @@ package org.eclipse.che.api.factory.server.bitbucket; import static java.lang.String.valueOf; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.doThrow; -import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import static org.testng.Assert.assertEquals; @@ -29,7 +28,6 @@ import java.net.MalformedURLException; import java.net.URL; import java.util.Collections; import java.util.Optional; -import org.eclipse.che.api.auth.shared.dto.OAuthToken; import org.eclipse.che.api.core.BadRequestException; import org.eclipse.che.api.core.ConflictException; import org.eclipse.che.api.core.ForbiddenException; @@ -63,7 +61,7 @@ public class BitbucketServerPersonalAccessTokenFetcherTest { String someBitbucketURL = "https://some.bitbucketserver.com"; Subject subject; @Mock BitbucketServerApiClient bitbucketServerApiClient; - @Mock PersonalAccessTokenParams personalAccessToken; + @Mock PersonalAccessTokenParams personalAccessTokenParams; @Mock OAuthAPI oAuthAPI; BitbucketUser bitbucketUser; BitbucketServerPersonalAccessTokenFetcher fetcher; @@ -134,7 +132,7 @@ public class BitbucketServerPersonalAccessTokenFetcherTest { throws ScmUnauthorizedException, ScmCommunicationException, ScmItemNotFoundException { // given when(bitbucketServerApiClient.isConnected(eq(someNotBitbucketURL))).thenReturn(true); - doThrow(exception).when(bitbucketServerApiClient).getUser(null); + doThrow(exception).when(bitbucketServerApiClient).getUser(); // when fetcher.fetchPersonalAccessToken(subject, someNotBitbucketURL); } @@ -145,7 +143,7 @@ public class BitbucketServerPersonalAccessTokenFetcherTest { ScmBadRequestException { // given when(bitbucketServerApiClient.isConnected(eq(someBitbucketURL))).thenReturn(true); - when(bitbucketServerApiClient.getUser(null)).thenReturn(bitbucketUser); + when(bitbucketServerApiClient.getUser()).thenReturn(bitbucketUser); when(bitbucketServerApiClient.getPersonalAccessTokens()).thenReturn(Collections.emptyList()); when(bitbucketServerApiClient.createPersonalAccessTokens( @@ -168,7 +166,7 @@ public class BitbucketServerPersonalAccessTokenFetcherTest { throws ScmUnauthorizedException, ScmCommunicationException, ScmItemNotFoundException, ScmBadRequestException { when(bitbucketServerApiClient.isConnected(eq(someBitbucketURL))).thenReturn(true); - when(bitbucketServerApiClient.getUser(null)).thenReturn(bitbucketUser); + when(bitbucketServerApiClient.getUser()).thenReturn(bitbucketUser); when(bitbucketServerApiClient.getPersonalAccessTokens()) .thenReturn(ImmutableList.of(bitbucketPersonalAccessToken, bitbucketPersonalAccessToken2)); when(bitbucketServerApiClient.createPersonalAccessTokens( @@ -191,7 +189,7 @@ public class BitbucketServerPersonalAccessTokenFetcherTest { ScmBadRequestException { // given when(bitbucketServerApiClient.isConnected(eq(someBitbucketURL))).thenReturn(true); - when(bitbucketServerApiClient.getUser(null)).thenReturn(bitbucketUser); + when(bitbucketServerApiClient.getUser()).thenReturn(bitbucketUser); when(bitbucketServerApiClient.getPersonalAccessTokens()).thenReturn(Collections.emptyList()); doThrow(ScmBadRequestException.class) .when(bitbucketServerApiClient) @@ -209,11 +207,11 @@ public class BitbucketServerPersonalAccessTokenFetcherTest { ServerException, ConflictException, UnauthorizedException, NotFoundException, BadRequestException { // given - when(oAuthAPI.getToken(eq("bitbucket"))).thenReturn(mock(OAuthToken.class)); - when(personalAccessToken.getScmProviderUrl()).thenReturn(someNotBitbucketURL); + when(personalAccessTokenParams.getToken()).thenReturn("token"); + when(personalAccessTokenParams.getScmProviderUrl()).thenReturn(someNotBitbucketURL); when(bitbucketServerApiClient.isConnected(eq(someNotBitbucketURL))).thenReturn(false); // when - Optional> result = fetcher.isValid(personalAccessToken); + Optional> result = fetcher.isValid(personalAccessTokenParams); // then assertTrue(result.isEmpty()); } @@ -222,14 +220,14 @@ public class BitbucketServerPersonalAccessTokenFetcherTest { public void shouldBeAbleToValidateToken() throws ScmUnauthorizedException, ScmCommunicationException, ScmItemNotFoundException { // given - when(personalAccessToken.getScmProviderUrl()).thenReturn(someBitbucketURL); - when(personalAccessToken.getScmTokenId()) + when(personalAccessTokenParams.getScmProviderUrl()).thenReturn(someBitbucketURL); + when(personalAccessTokenParams.getScmTokenId()) .thenReturn(Long.toString(bitbucketPersonalAccessToken.getId())); when(bitbucketServerApiClient.isConnected(eq(someBitbucketURL))).thenReturn(true); when(bitbucketServerApiClient.getPersonalAccessToken(eq(bitbucketPersonalAccessToken.getId()))) .thenReturn(bitbucketPersonalAccessToken); // when - Optional> result = fetcher.isValid(personalAccessToken); + Optional> result = fetcher.isValid(personalAccessTokenParams); // then assertFalse(result.isEmpty()); assertTrue(result.get().first); diff --git a/wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerUserDataFetcherTest.java b/wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerUserDataFetcherTest.java index 25d6179972..afca9935ab 100644 --- a/wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerUserDataFetcherTest.java +++ b/wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerUserDataFetcherTest.java @@ -64,7 +64,7 @@ public class BitbucketServerUserDataFetcherTest { ScmBadRequestException, ScmConfigurationPersistenceException { // given when(bitbucketServerApiClient.isConnected(eq(someBitbucketURL))).thenReturn(true); - when(bitbucketServerApiClient.getUser(null)).thenReturn(bitbucketUser); + when(bitbucketServerApiClient.getUser()).thenReturn(bitbucketUser); // when GitUserData gitUserData = fetcher.fetchGitUserData(); // then diff --git a/wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/HttpBitbucketServerApiClientTest.java b/wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/HttpBitbucketServerApiClientTest.java index 6d663df17d..aab91a4c22 100644 --- a/wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/HttpBitbucketServerApiClientTest.java +++ b/wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/HttpBitbucketServerApiClientTest.java @@ -121,7 +121,7 @@ public class HttpBitbucketServerApiClientTest { .withHeader("Content-Type", "application/json; charset=utf-8") .withBodyFile("bitbucket/rest/api/1.0/users/ksmster/response.json"))); - BitbucketUser user = bitbucketServer.getUser(null); + BitbucketUser user = bitbucketServer.getUser(); assertNotNull(user); } @@ -338,7 +338,7 @@ public class HttpBitbucketServerApiClientTest { .withBodyFile("bitbucket/rest/api/1.0/users/ksmster/response.json"))); // when - bitbucketServer.getUser(null); + bitbucketServer.getUser(); // then verify(oAuthAPI, times(2)).getToken(eq("bitbucket"));