seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add provider name annotation to PAT secret (#670) 

Add che.eclipse.org/scm-provider-name annotation to Personal Access Token secret.
pull/673/head
Igor Vinokur 2024-03-25 14:57:27 +02:00 committed by GitHub
parent b8e0397b0a
commit 2e27c47f2f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
23 changed files with 180 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManager.java
View File

@ -63,6 +63,7 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken
public static final String NAME_PATTERN = "personal-access-token-";
public static final String ANNOTATION_CHE_USERID = "che.eclipse.org/che-userid";
public static final String ANNOTATION_SCM_PROVIDER_NAME = "che.eclipse.org/scm-provider-name";
public static final String ANNOTATION_SCM_ORGANIZATION = "che.eclipse.org/scm-organization";
public static final String ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID =
"che.eclipse.org/scm-personal-access-token-id";
@ -103,6 +104,7 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken
new ImmutableMap.Builder<String, String>()
.put(ANNOTATION_CHE_USERID, personalAccessToken.getCheUserId())
.put(ANNOTATION_SCM_URL, personalAccessToken.getScmProviderUrl())
.put(ANNOTATION_SCM_PROVIDER_NAME, personalAccessToken.getScmProviderName())
.put(
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID,
personalAccessToken.getScmTokenId())
@ -210,10 +212,11 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken
PersonalAccessToken personalAccessToken =
new PersonalAccessToken(
personalAccessTokenParams.getScmProviderUrl(),
getScmProviderName(personalAccessTokenParams),
secretAnnotations.get(ANNOTATION_CHE_USERID),
personalAccessTokenParams.getOrganization(),
scmUsername.get(),
secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME),
personalAccessTokenParams.getScmTokenName(),
personalAccessTokenParams.getScmTokenId(),
personalAccessTokenParams.getToken());
return Optional.of(personalAccessToken);
@ -239,6 +242,20 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken
return Optional.empty();
}
/**
* Returns the name of the SCM provider. If the name is not set, the name of the token is used.
* This is used to support back compatibility with the old token secrets, which do not have the
* 'che.eclipse.org/scm-provider-name' annotation.
*
* @param params the parameters of the personal access token
* @return the name of the SCM provider
*/
private String getScmProviderName(PersonalAccessTokenParams params) {
return isNullOrEmpty(params.getScmProviderName())
? params.getScmTokenName()
: params.getScmProviderName();
}
private boolean deleteSecretIfMisconfigured(Secret secret) throws InfrastructureException {
Map<String, String> secretAnnotations = secret.getMetadata().getAnnotations();
LOG.debug("Secret annotations: {}", secretAnnotations);
@ -270,15 +287,17 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken
Map<String, String> secretAnnotations = secret.getMetadata().getAnnotations();
String token = new String(Base64.getDecoder().decode(secret.getData().get("token"))).trim();
String configuredOAuthProviderName =
String configuredOAuthTokenName =
secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME);
String configuredTokenId = secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID);
String configuredScmOrganization = secretAnnotations.get(ANNOTATION_SCM_ORGANIZATION);
String configuredScmServerUrl = secretAnnotations.get(ANNOTATION_SCM_URL);
String configuredScmProviderName = secretAnnotations.get(ANNOTATION_SCM_PROVIDER_NAME);
return new PersonalAccessTokenParams(
trimEnd(configuredScmServerUrl, '/'),
configuredOAuthProviderName,
configuredScmProviderName,
configuredOAuthTokenName,
configuredTokenId,
token,
configuredScmOrganization);

12
infrastructures/infrastructure-factory/src/test/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManagerTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -92,7 +92,13 @@ public class KubernetesGitCredentialManagerTest {
PersonalAccessToken token =
new PersonalAccessToken(
"https://bitbucket.com", "cheUser", "username", "token-name", "tid-23434", "token123");
"https://bitbucket.com",
"provider",
"cheUser",
"username",
"token-name",
"tid-23434",
"token123");
// when
kubernetesGitCredentialManager.createOrReplace(token);
@ -174,6 +180,7 @@ public class KubernetesGitCredentialManagerTest {
PersonalAccessToken token =
new PersonalAccessToken(
"https://bitbucket.com",
"provider",
"cheUser",
"username",
"oauth2-token-name",
@ -199,6 +206,7 @@ public class KubernetesGitCredentialManagerTest {
PersonalAccessToken token =
new PersonalAccessToken(
"https://bitbucket.com:5648",
"provider",
"cheUser",
"username",
"token-name",

8
infrastructures/infrastructure-factory/src/test/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManagerTest.java
View File

@ -139,7 +139,13 @@ public class KubernetesPersonalAccessTokenManagerTest {
PersonalAccessToken token =
new PersonalAccessToken(
"https://bitbucket.com", "cheUser", "username", "token-name", "tid-24", "token123");
"https://bitbucket.com",
"provider",
"cheUser",
"username",
"token-name",
"tid-24",
"token123");
// when
personalAccessTokenManager.store(token);

1
wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java
View File

@ -108,6 +108,7 @@ public class EmbeddedOAuthAPI implements OAuthAPI {
personalAccessTokenManager.store(
new PersonalAccessToken(
oauth.getEndpointUrl(),
providerName,
EnvironmentContext.getCurrent().getSubject().getUserId(),
null,
null,

1
wsmaster/che-core-api-auth/src/test/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPITest.java
View File

@ -165,6 +165,7 @@ public class EmbeddedOAuthAPITest {
verify(personalAccessTokenManager).store(tokenCapture.capture());
PersonalAccessToken token = tokenCapture.getValue();
assertEquals(token.getScmProviderUrl(), "http://eclipse.che");
assertEquals(token.getScmProviderName(), "bitbucket");
assertEquals(token.getCheUserId(), "0000-00-0000");
assertTrue(token.getScmTokenId().startsWith("id-"));
assertTrue(token.getScmTokenName().startsWith("bitbucket-"));

11
wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcher.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -49,6 +49,7 @@ public class AzureDevOpsPersonalAccessTokenFetcher implements PersonalAccessToke
private static final Logger LOG =
LoggerFactory.getLogger(AzureDevOpsPersonalAccessTokenFetcher.class);
private static final String OAUTH_PROVIDER_NAME = "azure-devops";
private final String cheApiEndpoint;
private final String azureDevOpsScmApiEndpoint;
private final OAuthAPI oAuthAPI;
@ -87,7 +88,12 @@ public class AzureDevOpsPersonalAccessTokenFetcher implements PersonalAccessToke
Optional<Pair<Boolean, String>> valid =
isValid(
new PersonalAccessTokenParams(
scmServerUrl, tokenName, tokenId, oAuthToken.getToken(), null));
scmServerUrl,
OAUTH_PROVIDER_NAME,
tokenName,
tokenId,
oAuthToken.getToken(),
null));
if (valid.isEmpty()) {
throw buildScmUnauthorizedException(cheSubject);
} else if (!valid.get().first) {
@ -97,6 +103,7 @@ public class AzureDevOpsPersonalAccessTokenFetcher implements PersonalAccessToke
}
return new PersonalAccessToken(
scmServerUrl,
OAUTH_PROVIDER_NAME,
cheSubject.getUserId(),
valid.get().second,
tokenName,

5
wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerPersonalAccessTokenFetcher.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -51,6 +51,8 @@ public class BitbucketServerPersonalAccessTokenFetcher implements PersonalAccess
private static final Logger LOG =
LoggerFactory.getLogger(BitbucketServerPersonalAccessTokenFetcher.class);
private static final String OAUTH_PROVIDER_NAME = "bitbucket-server";
private static final String TOKEN_NAME_TEMPLATE = "che-token-<%s>-<%s>";
public static final Set<String> DEFAULT_TOKEN_SCOPE =
ImmutableSet.of("PROJECT_WRITE", "REPO_WRITE");
@ -96,6 +98,7 @@ public class BitbucketServerPersonalAccessTokenFetcher implements PersonalAccess
LOG.debug("Token created = {} for {}", token.getId(), token.getUser());
return new PersonalAccessToken(
scmServerUrl,
OAUTH_PROVIDER_NAME,
EnvironmentContext.getCurrent().getSubject().getUserId(),
user.getName(),
user.getSlug(),

8
wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerAuthorizingFileContentProviderTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -43,7 +43,7 @@ public class BitbucketServerAuthorizingFileContentProviderTest {
url, urlFetcher, personalAccessTokenManager);
PersonalAccessToken token =
new PersonalAccessToken(TEST_SCHEME + "://" + TEST_HOSTNAME, "user1", "token");
new PersonalAccessToken(TEST_SCHEME + "://" + TEST_HOSTNAME, "provider", "user1", "token");
when(personalAccessTokenManager.getAndStore(anyString())).thenReturn(token);
String fileURL = "https://foo.bar/scm/repo/.devfile";
@ -64,7 +64,7 @@ public class BitbucketServerAuthorizingFileContentProviderTest {
url, urlFetcher, personalAccessTokenManager);
PersonalAccessToken token =
new PersonalAccessToken(TEST_SCHEME + "://" + TEST_HOSTNAME, "user1", "token");
new PersonalAccessToken(TEST_SCHEME + "://" + TEST_HOSTNAME, "provider", "user1", "token");
when(personalAccessTokenManager.getAndStore(eq(TEST_SCHEME + "://" + TEST_HOSTNAME)))
.thenReturn(token);
@ -95,7 +95,7 @@ public class BitbucketServerAuthorizingFileContentProviderTest {
new BitbucketServerAuthorizingFileContentProvider(
url, urlFetcher, personalAccessTokenManager);
PersonalAccessToken token =
new PersonalAccessToken(TEST_SCHEME + "://" + TEST_HOSTNAME, "user1", "token");
new PersonalAccessToken(TEST_SCHEME + "://" + TEST_HOSTNAME, "provider", "user1", "token");
when(personalAccessTokenManager.getAndStore(anyString())).thenReturn(token);
// when

4
wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerScmFileResolverTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -74,7 +74,7 @@ public class BitbucketServerScmFileResolverTest {
final String rawContent = "raw_content";
final String filename = "devfile.yaml";
when(personalAccessTokenManager.getAndStore(anyString()))
.thenReturn(new PersonalAccessToken(SCM_URL, "root", "token123"));
.thenReturn(new PersonalAccessToken(SCM_URL, "provider", "root", "token123"));
when(urlFetcher.fetch(anyString(), eq("Bearer token123"))).thenReturn(rawContent);

10
wsmaster/che-core-api-factory-bitbucket/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcher.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -97,7 +97,12 @@ public class BitbucketPersonalAccessTokenFetcher implements PersonalAccessTokenF
Optional<Pair<Boolean, String>> valid =
isValid(
new PersonalAccessTokenParams(
scmServerUrl, tokenName, tokenId, oAuthToken.getToken(), null));
scmServerUrl,
OAUTH_PROVIDER_NAME,
tokenName,
tokenId,
oAuthToken.getToken(),
null));
if (valid.isEmpty()) {
throw buildScmUnauthorizedException(cheSubject);
} else if (!valid.get().first) {
@ -109,6 +114,7 @@ public class BitbucketPersonalAccessTokenFetcher implements PersonalAccessTokenF
}
return new PersonalAccessToken(
scmServerUrl,
OAUTH_PROVIDER_NAME,
cheSubject.getUserId(),
valid.get().second,
tokenName,

5
wsmaster/che-core-api-factory-bitbucket/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketAuthorizingFileContentProviderTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -82,7 +82,8 @@ public class BitbucketAuthorizingFileContentProviderTest {
// given
URLFetcher urlFetcher = Mockito.mock(URLFetcher.class);
String url = "https://bitbucket.org/workspace/repository/raw/HEAD/devfile.yaml";
PersonalAccessToken personalAccessToken = new PersonalAccessToken(url, "che", "my-token");
PersonalAccessToken personalAccessToken =
new PersonalAccessToken(url, "provider", "che", "my-token");
when(personalAccessTokenManager.getAndStore(anyString())).thenReturn(personalAccessToken);
when(bitbucketApiClient.getFileContent(
eq("workspace"), eq("repository"), eq("HEAD"), eq("devfile.yaml"), eq("my-token")))

18
wsmaster/che-core-api-factory-bitbucket/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcherTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -87,7 +87,12 @@ public class BitbucketPersonalAccessTokenFetcherTest {
.withBodyFile("bitbucket/rest/user/response.json")));
PersonalAccessTokenParams personalAccessTokenParams =
new PersonalAccessTokenParams(
"https://bitbucket.org/", "scmTokenName", "scmTokenId", bitbucketOauthToken, null);
"https://bitbucket.org/",
"provider",
"scmTokenName",
"scmTokenId",
bitbucketOauthToken,
null);
assertTrue(
bitbucketPersonalAccessTokenFetcher.isValid(personalAccessTokenParams).isEmpty(),
"Should not validate SCM server with trailing /");
@ -165,7 +170,12 @@ public class BitbucketPersonalAccessTokenFetcherTest {
PersonalAccessTokenParams params =
new PersonalAccessTokenParams(
"https://bitbucket.org", "params-name", "tid-23434", bitbucketOauthToken, null);
"https://bitbucket.org",
"provider",
"params-name",
"tid-23434",
bitbucketOauthToken,
null);
Optional<Pair<Boolean, String>> valid = bitbucketPersonalAccessTokenFetcher.isValid(params);
assertTrue(valid.isPresent());
@ -188,6 +198,7 @@ public class BitbucketPersonalAccessTokenFetcherTest {
PersonalAccessTokenParams params =
new PersonalAccessTokenParams(
"https://bitbucket.org",
"provider",
OAUTH_2_PREFIX + "-params-name",
"tid-23434",
bitbucketOauthToken,
@ -205,6 +216,7 @@ public class BitbucketPersonalAccessTokenFetcherTest {
PersonalAccessTokenParams params =
new PersonalAccessTokenParams(
"https://bitbucket.org",
"provider",
OAUTH_2_PREFIX + "-token-name",
"tid-23434",
bitbucketOauthToken,

4
wsmaster/che-core-api-factory-bitbucket/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketScmFileResolverTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -75,7 +75,7 @@ public class BitbucketScmFileResolverTest {
when(bitbucketApiClient.getFileContent(
eq("test"), eq("repo"), eq("HEAD"), eq("devfile.yaml"), eq("my-token")))
.thenReturn(rawContent);
var personalAccessToken = new PersonalAccessToken("foo", "che", "my-token");
var personalAccessToken = new PersonalAccessToken("foo", "provider", "che", "my-token");
when(personalAccessTokenManager.getAndStore(anyString())).thenReturn(personalAccessToken);
String content =

16
wsmaster/che-core-api-factory-github-common/src/main/java/org/eclipse/che/api/factory/server/github/AbstractGithubPersonalAccessTokenFetcher.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -37,6 +37,7 @@ public abstract class AbstractGithubPersonalAccessTokenFetcher
private static final Logger LOG =
LoggerFactory.getLogger(AbstractGithubPersonalAccessTokenFetcher.class);
private static final String OAUTH_PROVIDER_NAME = "github";
private final String apiEndpoint;
private final OAuthAPI oAuthAPI;
@ -140,7 +141,15 @@ public abstract class AbstractGithubPersonalAccessTokenFetcher
Optional<Pair<Boolean, String>> valid =
isValid(
new PersonalAccessTokenParams(
scmServerUrl, tokenName, tokenId, oAuthToken.getToken(), null));
scmServerUrl,
// Despite the fact that we may have two GitHub oauth providers, we always set
// "github" to the token provider name. The specific GitHub oauth provider
// references to the specific token by the url parameter.
OAUTH_PROVIDER_NAME,
tokenName,
tokenId,
oAuthToken.getToken(),
null));
if (valid.isEmpty()) {
throw buildScmUnauthorizedException(cheSubject);
} else if (!valid.get().first) {
@ -150,6 +159,7 @@ public abstract class AbstractGithubPersonalAccessTokenFetcher
}
return new PersonalAccessToken(
scmServerUrl,
OAUTH_PROVIDER_NAME,
cheSubject.getUserId(),
valid.get().second,
tokenName,
@ -210,7 +220,7 @@ public abstract class AbstractGithubPersonalAccessTokenFetcher
// The url from the token has the same url as the api client, no need to create a new one.
apiClient = githubApiClient;
} else {
if ("github".equals(params.getScmTokenName())) {
if (OAUTH_PROVIDER_NAME.equals(params.getScmTokenName())) {
apiClient = new GithubApiClient(params.getScmProviderUrl());
} else {
LOG.debug("not a valid url {} for current fetcher ", params.getScmProviderUrl());

8
wsmaster/che-core-api-factory-github/src/test/java/org/eclipse/che/api/factory/server/github/GithubAuthorizingFileContentProviderTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -56,7 +56,7 @@ public class GithubAuthorizingFileContentProviderTest {
new GithubAuthorizingFileContentProvider(githubUrl, urlFetcher, personalAccessTokenManager);
when(personalAccessTokenManager.getAndStore(anyString()))
.thenReturn(new PersonalAccessToken("foo", "che", "my-token"));
.thenReturn(new PersonalAccessToken("foo", "provider", "che", "my-token"));
fileContentProvider.fetchContent("devfile.yaml");
@ -84,7 +84,7 @@ public class GithubAuthorizingFileContentProviderTest {
new GithubAuthorizingFileContentProvider(githubUrl, urlFetcher, personalAccessTokenManager);
when(personalAccessTokenManager.getAndStore(anyString()))
.thenReturn(new PersonalAccessToken(raw_url, "che", "my-token"));
.thenReturn(new PersonalAccessToken(raw_url, "provider", "che", "my-token"));
fileContentProvider.fetchContent(raw_url);
verify(urlFetcher).fetch(eq(raw_url), eq("token my-token"));
@ -145,7 +145,7 @@ public class GithubAuthorizingFileContentProviderTest {
.withServerUrl("https://github.com");
FileContentProvider fileContentProvider =
new GithubAuthorizingFileContentProvider(githubUrl, urlFetcher, personalAccessTokenManager);
var personalAccessToken = new PersonalAccessToken(raw_url, "che", "my-token");
var personalAccessToken = new PersonalAccessToken(raw_url, "provider", "che", "my-token");
when(personalAccessTokenManager.getAndStore(anyString())).thenReturn(personalAccessToken);
fileContentProvider.fetchContent(raw_url);

13
wsmaster/che-core-api-factory-github/src/test/java/org/eclipse/che/api/factory/server/github/GithubPersonalAccessTokenFetcherTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -91,7 +91,12 @@ public class GithubPersonalAccessTokenFetcherTest {
.withBodyFile("github/rest/user/response.json")));
PersonalAccessTokenParams personalAccessTokenParams =
new PersonalAccessTokenParams(
"https://github.com/", "scmTokenName", "scmTokenId", githubOauthToken, null);
"https://github.com/",
"provider",
"scmTokenName",
"scmTokenId",
githubOauthToken,
null);
assertTrue(
githubPATFetcher.isValid(personalAccessTokenParams).isEmpty(),
"Should not validate SCM server with trailing /");
@ -213,7 +218,7 @@ public class GithubPersonalAccessTokenFetcherTest {
PersonalAccessTokenParams params =
new PersonalAccessTokenParams(
wireMockServer.url("/"), "token-name", "tid-23434", githubOauthToken, null);
wireMockServer.url("/"), "provider", "token-name", "tid-23434", githubOauthToken, null);
Optional<Pair<Boolean, String>> valid = githubPATFetcher.isValid(params);
assertTrue(valid.isPresent());
@ -236,6 +241,7 @@ public class GithubPersonalAccessTokenFetcherTest {
PersonalAccessTokenParams params =
new PersonalAccessTokenParams(
wireMockServer.url("/"),
"provider",
OAUTH_2_PREFIX + "-params-name",
"tid-23434",
githubOauthToken,
@ -253,6 +259,7 @@ public class GithubPersonalAccessTokenFetcherTest {
PersonalAccessTokenParams params =
new PersonalAccessTokenParams(
wireMockServer.url("/"),
"provider",
OAUTH_2_PREFIX + "-token-name",
"tid-23434",
githubOauthToken,

4
wsmaster/che-core-api-factory-github/src/test/java/org/eclipse/che/api/factory/server/github/GithubScmFileResolverTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -88,7 +88,7 @@ public class GithubScmFileResolverTest {
lenient()
.when(personalAccessTokenManager.getAndStore(anyString()))
.thenReturn(new PersonalAccessToken("foo", "che", "my-token"));
.thenReturn(new PersonalAccessToken("foo", "provider", "che", "my-token"));
when(githubApiClient.isConnected(eq("https://github.com"))).thenReturn(true);
when(githubApiClient.getLatestCommit(anyString(), anyString(), anyString(), any()))

10
wsmaster/che-core-api-factory-gitlab/src/main/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcher.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -111,7 +111,12 @@ public class GitlabOAuthTokenFetcher implements PersonalAccessTokenFetcher {
Optional<Pair<Boolean, String>> valid =
isValid(
new PersonalAccessTokenParams(
scmServerUrl, tokenName, tokenId, oAuthToken.getToken(), null));
scmServerUrl,
OAUTH_PROVIDER_NAME,
tokenName,
tokenId,
oAuthToken.getToken(),
null));
if (valid.isEmpty()) {
throw buildScmUnauthorizedException(cheSubject);
} else if (!valid.get().first) {
@ -121,6 +126,7 @@ public class GitlabOAuthTokenFetcher implements PersonalAccessTokenFetcher {
}
return new PersonalAccessToken(
scmServerUrl,
OAUTH_PROVIDER_NAME,
cheSubject.getUserId(),
valid.get().second,
tokenName,

6
wsmaster/che-core-api-factory-gitlab/src/test/java/org/eclipse/che/api/factory/server/gitlab/GitlabAuthorizingFileContentProviderTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -35,7 +35,7 @@ public class GitlabAuthorizingFileContentProviderTest {
GitlabUrl gitlabUrl = new GitlabUrl().withHostName("gitlab.net").withSubGroups("eclipse/che");
FileContentProvider fileContentProvider =
new GitlabAuthorizingFileContentProvider(gitlabUrl, urlFetcher, personalAccessTokenManager);
var personalAccessToken = new PersonalAccessToken("foo", "che", "my-token");
var personalAccessToken = new PersonalAccessToken("foo", "provider", "che", "my-token");
when(personalAccessTokenManager.getAndStore(anyString())).thenReturn(personalAccessToken);
fileContentProvider.fetchContent("devfile.yaml");
verify(urlFetcher)
@ -53,7 +53,7 @@ public class GitlabAuthorizingFileContentProviderTest {
new GitlabAuthorizingFileContentProvider(gitlabUrl, urlFetcher, personalAccessTokenManager);
String url =
"https://gitlab.net/api/v4/projects/eclipse%2Fche/repository/files/devfile.yaml/raw";
var personalAccessToken = new PersonalAccessToken(url, "che", "my-token");
var personalAccessToken = new PersonalAccessToken(url, "provider", "che", "my-token");
when(personalAccessTokenManager.getAndStore(anyString())).thenReturn(personalAccessToken);
fileContentProvider.fetchContent(url);

9
wsmaster/che-core-api-factory-gitlab/src/test/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcherTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -179,7 +179,12 @@ public class GitlabOAuthTokenFetcherTest {
PersonalAccessTokenParams params =
new PersonalAccessTokenParams(
wireMockServer.baseUrl(), "oauth2-token-name", "tid-23434", "token123", null);
wireMockServer.baseUrl(),
"provider",
"oauth2-token-name",
"tid-23434",
"token123",
null);
Optional<Pair<Boolean, String>> valid = oAuthTokenFetcher.isValid(params);

4
wsmaster/che-core-api-factory-gitlab/src/test/java/org/eclipse/che/api/factory/server/gitlab/GitlabScmFileResolverTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -73,7 +73,7 @@ public class GitlabScmFileResolverTest {
final String rawContent = "raw_content";
final String filename = "devfile.yaml";
when(personalAccessTokenManager.getAndStore(any(String.class)))
.thenReturn(new PersonalAccessToken(SCM_URL, "root", "token123"));
.thenReturn(new PersonalAccessToken(SCM_URL, "provider", "root", "token123"));
when(urlFetcher.fetch(anyString(), eq("Bearer token123"))).thenReturn(rawContent);

32
wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/PersonalAccessToken.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -22,6 +22,7 @@ import org.eclipse.che.commons.env.EnvironmentContext;
public class PersonalAccessToken {
private final String scmProviderUrl;
private final String scmProviderName;
private final String scmUserName;
/** Organization that user belongs to. Can be null if user is not a member of any organization. */
@Nullable private final String scmOrganization;
@ -33,6 +34,7 @@ public class PersonalAccessToken {
public PersonalAccessToken(
String scmProviderUrl,
String scmProviderName,
String cheUserId,
String scmOrganization,
String scmUserName,
@ -41,6 +43,7 @@ public class PersonalAccessToken {
String token) {
this.scmProviderUrl = scmProviderUrl;
this.scmOrganization = scmOrganization;
this.scmProviderName = scmProviderName;
this.scmUserName = scmUserName;
this.scmTokenName = scmTokenName;
this.scmTokenId = scmTokenId;
@ -50,17 +53,28 @@ public class PersonalAccessToken {
public PersonalAccessToken(
String scmProviderUrl,
String scmProviderName,
String cheUserId,
String scmUserName,
String scmTokenName,
String scmTokenId,
String token) {
this(scmProviderUrl, cheUserId, null, scmUserName, scmTokenName, scmTokenId, token);
}
public PersonalAccessToken(String scmProviderUrl, String scmUserName, String token) {
this(
scmProviderUrl,
scmProviderName,
cheUserId,
null,
scmUserName,
scmTokenName,
scmTokenId,
token);
}
public PersonalAccessToken(
String scmProviderUrl, String scmProviderName, String scmUserName, String token) {
this(
scmProviderUrl,
scmProviderName,
EnvironmentContext.getCurrent().getSubject().getUserId(),
null,
scmUserName,
@ -104,6 +118,7 @@ public class PersonalAccessToken {
if (o == null || getClass() != o.getClass()) return false;
PersonalAccessToken that = (PersonalAccessToken) o;
return Objects.equal(scmProviderUrl, that.scmProviderUrl)
&& Objects.equal(scmProviderName, that.scmProviderName)
&& Objects.equal(scmUserName, that.scmUserName)
&& Objects.equal(scmOrganization, that.scmOrganization)
&& Objects.equal(scmTokenName, that.scmTokenName)
@ -124,6 +139,9 @@ public class PersonalAccessToken {
+ "scmProviderUrl='"
+ scmProviderUrl
+ '\''
+ "scmProviderName='"
+ scmProviderName
+ '\''
+ ", scmUserName='"
+ scmUserName
+ '\''
@ -143,4 +161,8 @@ public class PersonalAccessToken {
+ cheUserId
+ '}';
}
public String getScmProviderName() {
return scmProviderName;
}
}

17
wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/PersonalAccessTokenParams.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2023 Red Hat, Inc.
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@ -14,6 +14,7 @@ package org.eclipse.che.api.factory.server.scm;
/** An object to hold parameters for creating a personal access token. */
public class PersonalAccessTokenParams {
private final String scmProviderUrl;
private final String scmProviderName;
private final String scmTokenName;
private final String scmTokenId;
private final String token;
@ -21,11 +22,13 @@ public class PersonalAccessTokenParams {
public PersonalAccessTokenParams(
String scmProviderUrl,
String scmProviderName,
String scmTokenName,
String scmTokenId,
String token,
String organization) {
this.scmProviderUrl = scmProviderUrl;
this.scmProviderName = scmProviderName;
this.scmTokenName = scmTokenName;
this.scmTokenId = scmTokenId;
this.token = token;
@ -36,6 +39,14 @@ public class PersonalAccessTokenParams {
return scmProviderUrl;
}
/**
* This method returns the provider name if the token is a Personal Access Token, and the token
* name in format oauth2-<random string from 5 chars> if the token is an oauth token. Deprecated:
* We need to add a new method to distinguish oauth tokens from personal access tokens.
*
* @return token name
*/
@Deprecated
public String getScmTokenName() {
return scmTokenName;
}
@ -51,4 +62,8 @@ public class PersonalAccessTokenParams {
public String getOrganization() {
return organization;
}
public String getScmProviderName() {
return scmProviderName;
}
}