seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixup! Omit scm-username annotation from the PAT secret

pull/533/head
Igor Vinokur 2023-07-21 12:14:03 +03:00
parent ea736d1b21
commit 75bf4685fe
2 changed files with 37 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
wsmaster/che-core-api-factory-github/src/main/java/org/eclipse/che/api/factory/server/github/GithubPersonalAccessTokenFetcher.java
View File

@ -203,8 +203,19 @@ public class GithubPersonalAccessTokenFetcher implements PersonalAccessTokenFetc
}
try {
String[] scopes = githubApiClient.getTokenScopes(personalAccessToken.getToken()).second;
return Optional.of(containsScopes(scopes, DEFAULT_TOKEN_SCOPES));
if (personalAccessToken.getScmTokenName() != null
&& personalAccessToken.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
String[] scopes = githubApiClient.getTokenScopes(personalAccessToken.getToken()).second;
return Optional.of(containsScopes(scopes, DEFAULT_TOKEN_SCOPES));
} else {
// No REST API for PAT-s in Github found yet. Just try to do some action.
GithubUser user = githubApiClient.getUser(personalAccessToken.getToken());
if (personalAccessToken.getScmUserName().equals(user.getLogin())) {
return Optional.of(Boolean.TRUE);
} else {
return Optional.of(Boolean.FALSE);
}
}
} catch (ScmItemNotFoundException | ScmCommunicationException | ScmBadRequestException e) {
return Optional.of(Boolean.FALSE);
}
@ -217,11 +228,18 @@ public class GithubPersonalAccessTokenFetcher implements PersonalAccessTokenFetc
return Optional.empty();
}
try {
Pair<String, String[]> pair = githubApiClient.getTokenScopes(params.getToken());
return Optional.of(
Pair.of(
containsScopes(pair.second, DEFAULT_TOKEN_SCOPES) ? Boolean.TRUE : Boolean.FALSE,
pair.first));
if (params.getScmTokenName() != null && params.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
Pair<String, String[]> pair = githubApiClient.getTokenScopes(params.getToken());
return Optional.of(
Pair.of(
containsScopes(pair.second, DEFAULT_TOKEN_SCOPES) ? Boolean.TRUE : Boolean.FALSE,
pair.first));
} else {
// TODO: add PAT scope validation
// No REST API for PAT-s in Github found yet. Just try to do some action.
GithubUser user = githubApiClient.getUser(params.getToken());
return Optional.of(Pair.of(Boolean.TRUE, user.getLogin()));
}
} catch (ScmItemNotFoundException | ScmCommunicationException | ScmBadRequestException e) {
return Optional.empty();
}

22
wsmaster/che-core-api-factory-gitlab/src/main/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcher.java
View File

@ -193,18 +193,20 @@ public class GitlabOAuthTokenFetcher implements PersonalAccessTokenFetcher {
}
try {
GitlabUser user = gitlabApiClient.getUser(params.getToken());
String[] scopes;
if (params.getScmTokenName() != null && params.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
scopes = gitlabApiClient.getOAuthTokenInfo(params.getToken()).getScope();
} else {
scopes = gitlabApiClient.getPersonalAccessTokenInfo(params.getToken()).getScopes();
// validation OAuth token by special API call
GitlabOauthTokenInfo info = gitlabApiClient.getOAuthTokenInfo(params.getToken());
return Optional.of(
Pair.of(
Sets.newHashSet(info.getScope()).containsAll(DEFAULT_TOKEN_SCOPES)
? Boolean.TRUE
: Boolean.FALSE,
user.getUsername()));
}
return Optional.of(
Pair.of(
Sets.newHashSet(scopes).containsAll(DEFAULT_TOKEN_SCOPES)
? Boolean.TRUE
: Boolean.FALSE,
user.getUsername()));
// validating personal access token from secret. Since PAT API is accessible only in
// latest GitLab version, we just perform check by accessing something from API.
// TODO: add PAT scope validation
return Optional.of(Pair.of(Boolean.TRUE, user.getUsername()));
} catch (ScmItemNotFoundException | ScmCommunicationException | ScmBadRequestException e) {
return Optional.empty();
}