commit
ivinokur
parent
be4383abac
commit
aa44cd33c9
|
|
@ -12,10 +12,10 @@
|
|||
package org.eclipse.che.api.factory.server.scm;
|
||||
|
||||
import com.google.inject.AbstractModule;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesAuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesGitCredentialManager;
|
||||
import org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesPersonalAccessTokenManager;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
|
||||
public class KubernetesScmModule extends AbstractModule {
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -28,10 +28,10 @@ import java.util.List;
|
|||
import java.util.Map;
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Singleton;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.scm.exception.ScmConfigurationPersistenceException;
|
||||
import org.eclipse.che.api.factory.server.scm.exception.UnsatisfiedScmPreconditionException;
|
||||
import org.eclipse.che.api.workspace.server.spi.InfrastructureException;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
import org.eclipse.che.workspace.infrastructure.kubernetes.CheServerKubernetesClientFactory;
|
||||
import org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta;
|
||||
import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory;
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ package org.eclipse.che.api.factory.server.scm.kubernetes;
|
|||
import static com.google.common.base.Strings.isNullOrEmpty;
|
||||
import static java.lang.String.format;
|
||||
import static java.nio.charset.StandardCharsets.UTF_8;
|
||||
import static org.eclipse.che.api.factory.server.scm.PersonalAccessTokenFetcher.OAUTH_2_PREFIX;
|
||||
import static org.eclipse.che.api.factory.server.scm.PersonalAccessTokenFetcher.OAUTH_2_SUFFIX;
|
||||
import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_AUTOMOUNT;
|
||||
import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_DEV_WORKSPACE_MOUNT_PATH;
|
||||
import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_GIT_CREDENTIALS;
|
||||
|
|
@ -176,7 +176,7 @@ public class KubernetesGitCredentialManager implements GitCredentialManager {
|
|||
private String getUsernameSegment(PersonalAccessToken personalAccessToken) {
|
||||
// Special characters are not allowed in URL username segment, so we need to escape them.
|
||||
PercentEscaper percentEscaper = new PercentEscaper("", false);
|
||||
return personalAccessToken.getScmTokenName().startsWith(OAUTH_2_PREFIX)
|
||||
return personalAccessToken.getScmProviderName().startsWith(OAUTH_2_SUFFIX)
|
||||
? "oauth2"
|
||||
: isNullOrEmpty(personalAccessToken.getScmOrganization())
|
||||
? percentEscaper.escape(personalAccessToken.getScmUserName())
|
||||
|
|
|
|||
|
|
@ -65,8 +65,8 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken
|
|||
public static final String ANNOTATION_SCM_ORGANIZATION = "che.eclipse.org/scm-organization";
|
||||
public static final String ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID =
|
||||
"che.eclipse.org/scm-personal-access-token-id";
|
||||
public static final String ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME =
|
||||
"che.eclipse.org/scm-personal-access-token-name";
|
||||
public static final String ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME =
|
||||
"che.eclipse.org/scm-personal-access-provider-name";
|
||||
public static final String ANNOTATION_SCM_URL = "che.eclipse.org/scm-url";
|
||||
public static final String TOKEN_DATA_FIELD = "token";
|
||||
|
||||
|
|
@ -103,8 +103,8 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken
|
|||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID,
|
||||
personalAccessToken.getScmTokenId())
|
||||
.put(
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
|
||||
personalAccessToken.getScmTokenName())
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME,
|
||||
personalAccessToken.getScmProviderName())
|
||||
.build())
|
||||
.withLabels(SECRET_LABELS)
|
||||
.build();
|
||||
|
|
@ -182,6 +182,7 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken
|
|||
.secrets()
|
||||
.get(KUBERNETES_PERSONAL_ACCESS_TOKEN_LABEL_SELECTOR);
|
||||
for (Secret secret : secrets) {
|
||||
migrate(secret, oAuthProviderName);
|
||||
if (deleteSecretIfMisconfigured(secret)) {
|
||||
continue;
|
||||
}
|
||||
|
|
@ -201,7 +202,7 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken
|
|||
secretAnnotations.get(ANNOTATION_CHE_USERID),
|
||||
personalAccessTokenParams.getOrganization(),
|
||||
scmUsername.get(),
|
||||
secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME),
|
||||
secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME),
|
||||
personalAccessTokenParams.getScmTokenId(),
|
||||
personalAccessTokenParams.getToken());
|
||||
return Optional.of(personalAccessToken);
|
||||
|
|
@ -225,13 +226,33 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken
|
|||
return Optional.empty();
|
||||
}
|
||||
|
||||
private void migrate(Secret secret, String providerName) throws InfrastructureException {
|
||||
String oldAnnotation =
|
||||
secret.getMetadata().getAnnotations().get("che.eclipse.org/scm-personal-access-token-name");
|
||||
if (!isNullOrEmpty(oldAnnotation)) {
|
||||
secret
|
||||
.getMetadata()
|
||||
.getAnnotations()
|
||||
.remove("che.eclipse.org/scm-personal-access-token-name");
|
||||
secret
|
||||
.getMetadata()
|
||||
.getAnnotations()
|
||||
.put(ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, providerName);
|
||||
cheServerKubernetesClientFactory
|
||||
.create()
|
||||
.secrets()
|
||||
.inNamespace(secret.getMetadata().getNamespace())
|
||||
.createOrReplace(secret);
|
||||
}
|
||||
}
|
||||
|
||||
private boolean deleteSecretIfMisconfigured(Secret secret) throws InfrastructureException {
|
||||
Map<String, String> secretAnnotations = secret.getMetadata().getAnnotations();
|
||||
|
||||
String configuredScmServerUrl = secretAnnotations.get(ANNOTATION_SCM_URL);
|
||||
String configuredCheUserId = secretAnnotations.get(ANNOTATION_CHE_USERID);
|
||||
String configuredOAuthProviderName =
|
||||
secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME);
|
||||
secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME);
|
||||
|
||||
// if any of the required annotations is missing, the secret is not valid
|
||||
if (isNullOrEmpty(configuredScmServerUrl)
|
||||
|
|
@ -253,7 +274,7 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken
|
|||
|
||||
String token = new String(Base64.getDecoder().decode(secret.getData().get("token"))).trim();
|
||||
String configuredOAuthProviderName =
|
||||
secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME);
|
||||
secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME);
|
||||
String configuredTokenId = secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID);
|
||||
String configuredScmOrganization = secretAnnotations.get(ANNOTATION_SCM_ORGANIZATION);
|
||||
String configuredScmServerUrl = secretAnnotations.get(ANNOTATION_SCM_URL);
|
||||
|
|
@ -275,7 +296,7 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken
|
|||
String configuredScmServerUrl = secretAnnotations.get(ANNOTATION_SCM_URL);
|
||||
String configuredCheUserId = secretAnnotations.get(ANNOTATION_CHE_USERID);
|
||||
String configuredOAuthProviderName =
|
||||
secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME);
|
||||
secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME);
|
||||
|
||||
return (configuredCheUserId.equals(cheUser.getUserId()))
|
||||
&& (oAuthProviderName == null || oAuthProviderName.equals(configuredOAuthProviderName))
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ public class KubernetesPersonalAccessTokenManagerTest {
|
|||
new ObjectMetaBuilder()
|
||||
.withAnnotations(
|
||||
Map.of(
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME,
|
||||
"github",
|
||||
ANNOTATION_CHE_USERID,
|
||||
"user",
|
||||
|
|
@ -181,7 +181,7 @@ public class KubernetesPersonalAccessTokenManagerTest {
|
|||
new ObjectMetaBuilder()
|
||||
.withAnnotations(
|
||||
Map.of(
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME,
|
||||
"github",
|
||||
ANNOTATION_CHE_USERID,
|
||||
"user1",
|
||||
|
|
@ -192,7 +192,7 @@ public class KubernetesPersonalAccessTokenManagerTest {
|
|||
new ObjectMetaBuilder()
|
||||
.withAnnotations(
|
||||
Map.of(
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME,
|
||||
"github",
|
||||
ANNOTATION_CHE_USERID,
|
||||
"user1",
|
||||
|
|
@ -203,7 +203,7 @@ public class KubernetesPersonalAccessTokenManagerTest {
|
|||
new ObjectMetaBuilder()
|
||||
.withAnnotations(
|
||||
Map.of(
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME,
|
||||
"github",
|
||||
ANNOTATION_CHE_USERID,
|
||||
"user2",
|
||||
|
|
@ -249,7 +249,7 @@ public class KubernetesPersonalAccessTokenManagerTest {
|
|||
new ObjectMetaBuilder()
|
||||
.withAnnotations(
|
||||
Map.of(
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME,
|
||||
"github",
|
||||
ANNOTATION_CHE_USERID,
|
||||
"user1",
|
||||
|
|
@ -294,7 +294,7 @@ public class KubernetesPersonalAccessTokenManagerTest {
|
|||
new ObjectMetaBuilder()
|
||||
.withAnnotations(
|
||||
Map.of(
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME,
|
||||
"github",
|
||||
ANNOTATION_CHE_USERID,
|
||||
"user1",
|
||||
|
|
@ -339,7 +339,7 @@ public class KubernetesPersonalAccessTokenManagerTest {
|
|||
new ObjectMetaBuilder()
|
||||
.withAnnotations(
|
||||
Map.of(
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME,
|
||||
"github",
|
||||
ANNOTATION_CHE_USERID,
|
||||
"user1",
|
||||
|
|
@ -350,7 +350,7 @@ public class KubernetesPersonalAccessTokenManagerTest {
|
|||
new ObjectMetaBuilder()
|
||||
.withAnnotations(
|
||||
Map.of(
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME,
|
||||
"github",
|
||||
ANNOTATION_CHE_USERID,
|
||||
"user1",
|
||||
|
|
@ -397,7 +397,7 @@ public class KubernetesPersonalAccessTokenManagerTest {
|
|||
.withNamespace("test")
|
||||
.withAnnotations(
|
||||
Map.of(
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME,
|
||||
"github",
|
||||
ANNOTATION_CHE_USERID,
|
||||
"user1"))
|
||||
|
|
@ -433,7 +433,7 @@ public class KubernetesPersonalAccessTokenManagerTest {
|
|||
new ObjectMetaBuilder()
|
||||
.withAnnotations(
|
||||
Map.of(
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME,
|
||||
"github",
|
||||
ANNOTATION_CHE_USERID,
|
||||
"user1",
|
||||
|
|
@ -480,7 +480,7 @@ public class KubernetesPersonalAccessTokenManagerTest {
|
|||
new ObjectMetaBuilder()
|
||||
.withAnnotations(
|
||||
Map.of(
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME,
|
||||
"github",
|
||||
ANNOTATION_CHE_USERID,
|
||||
"user1",
|
||||
|
|
@ -493,7 +493,7 @@ public class KubernetesPersonalAccessTokenManagerTest {
|
|||
new ObjectMetaBuilder()
|
||||
.withAnnotations(
|
||||
Map.of(
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
|
||||
ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME,
|
||||
"github",
|
||||
ANNOTATION_CHE_USERID,
|
||||
"user1",
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ public class OAuthTokenSecretsConfigurator implements NamespaceConfigurator {
|
|||
&& s.getMetadata()
|
||||
.getAnnotations()
|
||||
.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME)
|
||||
.startsWith(PersonalAccessTokenFetcher.OAUTH_2_PREFIX))
|
||||
.startsWith(PersonalAccessTokenFetcher.OAUTH_2_SUFFIX))
|
||||
.forEach(
|
||||
s -> {
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -43,10 +43,6 @@
|
|||
<groupId>org.eclipse.che.core</groupId>
|
||||
<artifactId>che-core-api-auth-github-common</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.che.core</groupId>
|
||||
<artifactId>che-core-api-auth-github-common</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.che.core</groupId>
|
||||
<artifactId>che-core-commons-annotations</artifactId>
|
||||
|
|
|
|||
|
|
@ -59,6 +59,10 @@
|
|||
<groupId>org.eclipse.che.core</groupId>
|
||||
<artifactId>che-core-api-dto</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.che.core</groupId>
|
||||
<artifactId>che-core-api-factory</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.che.core</groupId>
|
||||
<artifactId>che-core-commons-annotations</artifactId>
|
||||
|
|
|
|||
|
|
@ -40,6 +40,11 @@ import org.eclipse.che.api.core.UnauthorizedException;
|
|||
import org.eclipse.che.api.core.rest.shared.dto.Link;
|
||||
import org.eclipse.che.api.core.rest.shared.dto.LinkParameter;
|
||||
import org.eclipse.che.api.core.util.LinksHelper;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessToken;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
||||
import org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException;
|
||||
import org.eclipse.che.api.factory.server.scm.exception.ScmConfigurationPersistenceException;
|
||||
import org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException;
|
||||
import org.eclipse.che.commons.env.EnvironmentContext;
|
||||
import org.eclipse.che.commons.subject.Subject;
|
||||
import org.eclipse.che.security.oauth.shared.dto.OAuthAuthenticatorDescriptor;
|
||||
|
|
@ -62,6 +67,8 @@ public class EmbeddedOAuthAPI implements OAuthAPI {
|
|||
|
||||
@Inject protected OAuthAuthenticatorProvider oauth2Providers;
|
||||
@Inject protected org.eclipse.che.security.oauth1.OAuthAuthenticatorProvider oauth1Providers;
|
||||
|
||||
@Inject private PersonalAccessTokenManager personalAccessTokenManager;
|
||||
private String redirectAfterLogin;
|
||||
|
||||
@Override
|
||||
|
|
@ -177,10 +184,20 @@ public class EmbeddedOAuthAPI implements OAuthAPI {
|
|||
if (token != null) {
|
||||
return token;
|
||||
}
|
||||
Optional<PersonalAccessToken> tokenOptional =
|
||||
personalAccessTokenManager.get(subject, oauthProvider);
|
||||
if (tokenOptional.isPresent()) {
|
||||
PersonalAccessToken tokenDto = tokenOptional.get();
|
||||
return newDto(OAuthToken.class).withToken(tokenDto.getToken());
|
||||
}
|
||||
throw new UnauthorizedException(
|
||||
"OAuth token for user " + subject.getUserId() + " was not found");
|
||||
} catch (IOException e) {
|
||||
throw new ServerException(e.getLocalizedMessage(), e);
|
||||
} catch (ScmCommunicationException
|
||||
| ScmUnauthorizedException
|
||||
| ScmConfigurationPersistenceException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ import org.eclipse.che.api.auth.shared.dto.OAuthToken;
|
|||
import org.eclipse.che.api.core.*;
|
||||
import org.eclipse.che.api.core.rest.Service;
|
||||
import org.eclipse.che.api.core.rest.annotations.Required;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.security.oauth.shared.dto.OAuthAuthenticatorDescriptor;
|
||||
|
||||
/** RESTful wrapper for OAuthAuthenticator. */
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import java.util.Map;
|
|||
import javax.inject.Inject;
|
||||
import javax.inject.Singleton;
|
||||
import org.eclipse.che.api.core.ApiException;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.BaseFactoryParameterResolver;
|
||||
import org.eclipse.che.api.factory.server.FactoryParametersResolver;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
||||
|
|
@ -37,7 +38,6 @@ import org.eclipse.che.api.workspace.shared.dto.ProjectConfigDto;
|
|||
import org.eclipse.che.api.workspace.shared.dto.SourceStorageDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.ProjectDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.SourceDto;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
|
||||
/**
|
||||
* Provides Factory Parameters resolver for Azure DevOps repositories.
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ public class AzureDevOpsPersonalAccessTokenFetcher implements PersonalAccessToke
|
|||
|
||||
try {
|
||||
oAuthToken = oAuthAPI.getToken(AzureDevOps.PROVIDER_NAME);
|
||||
String tokenName = NameGenerator.generate(OAUTH_2_PREFIX, 5);
|
||||
String tokenName = NameGenerator.generate(OAUTH_2_SUFFIX, 5);
|
||||
String tokenId = NameGenerator.generate("id-", 5);
|
||||
Optional<Pair<Boolean, String>> valid =
|
||||
isValid(
|
||||
|
|
@ -132,8 +132,8 @@ public class AzureDevOpsPersonalAccessTokenFetcher implements PersonalAccessToke
|
|||
|
||||
try {
|
||||
AzureDevOpsUser user;
|
||||
if (personalAccessToken.getScmTokenName() != null
|
||||
&& personalAccessToken.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
|
||||
if (personalAccessToken.getScmProviderName() != null
|
||||
&& personalAccessToken.getScmProviderName().startsWith(OAUTH_2_SUFFIX)) {
|
||||
user = azureDevOpsApiClient.getUserWithOAuthToken(personalAccessToken.getToken());
|
||||
} else {
|
||||
user =
|
||||
|
|
@ -155,7 +155,8 @@ public class AzureDevOpsPersonalAccessTokenFetcher implements PersonalAccessToke
|
|||
|
||||
try {
|
||||
AzureDevOpsUser user;
|
||||
if (params.getScmTokenName() != null && params.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
|
||||
if (params.getScmProviderName() != null
|
||||
&& params.getScmProviderName().startsWith(OAUTH_2_SUFFIX)) {
|
||||
user = azureDevOpsApiClient.getUserWithOAuthToken(params.getToken());
|
||||
} else {
|
||||
user = azureDevOpsApiClient.getUserWithPAT(params.getToken(), params.getOrganization());
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ import static org.eclipse.che.api.factory.server.azure.devops.AzureDevOps.getAut
|
|||
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Named;
|
||||
import org.eclipse.che.api.auth.shared.dto.OAuthToken;
|
||||
import org.eclipse.che.api.factory.server.scm.AbstractGitUserDataFetcher;
|
||||
import org.eclipse.che.api.factory.server.scm.GitUserData;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessToken;
|
||||
|
|
@ -23,7 +22,6 @@ import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
|||
import org.eclipse.che.api.factory.server.scm.exception.ScmBadRequestException;
|
||||
import org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException;
|
||||
import org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException;
|
||||
import org.eclipse.che.security.oauth.OAuthAPI;
|
||||
|
||||
/**
|
||||
* Azure DevOps user data fetcher.
|
||||
|
|
@ -37,24 +35,16 @@ public class AzureDevOpsUserDataFetcher extends AbstractGitUserDataFetcher {
|
|||
|
||||
@Inject
|
||||
public AzureDevOpsUserDataFetcher(
|
||||
OAuthAPI oAuthTokenFetcher,
|
||||
PersonalAccessTokenManager personalAccessTokenManager,
|
||||
AzureDevOpsApiClient azureDevOpsApiClient,
|
||||
@Named("che.api") String cheApiEndpoint,
|
||||
@Named("che.integration.azure.devops.application_scopes") String[] scopes) {
|
||||
super(AzureDevOps.PROVIDER_NAME, personalAccessTokenManager, oAuthTokenFetcher);
|
||||
super(AzureDevOps.PROVIDER_NAME, personalAccessTokenManager);
|
||||
this.scopes = scopes;
|
||||
this.cheApiEndpoint = cheApiEndpoint;
|
||||
this.azureDevOpsApiClient = azureDevOpsApiClient;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected GitUserData fetchGitUserDataWithOAuthToken(OAuthToken oAuthToken)
|
||||
throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException {
|
||||
AzureDevOpsUser user = azureDevOpsApiClient.getUserWithOAuthToken(oAuthToken.getToken());
|
||||
return new GitUserData(user.getDisplayName(), user.getEmailAddress());
|
||||
}
|
||||
|
||||
@Override
|
||||
protected GitUserData fetchGitUserDataWithPersonalAccessToken(
|
||||
PersonalAccessToken personalAccessToken)
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import javax.inject.Inject;
|
|||
import javax.inject.Singleton;
|
||||
import org.eclipse.che.api.core.ApiException;
|
||||
import org.eclipse.che.api.core.BadRequestException;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.BaseFactoryParameterResolver;
|
||||
import org.eclipse.che.api.factory.server.FactoryParametersResolver;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
||||
|
|
@ -33,7 +34,6 @@ import org.eclipse.che.api.factory.shared.dto.ScmInfoDto;
|
|||
import org.eclipse.che.api.workspace.server.devfile.URLFetcher;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.ProjectDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.SourceDto;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
|
||||
/**
|
||||
* Provides Factory Parameters resolver for both public and private bitbucket repositories.
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ public class BitbucketServerURLParser {
|
|||
try {
|
||||
Optional<PersonalAccessToken> token =
|
||||
personalAccessTokenManager.get(EnvironmentContext.getCurrent().getSubject(), serverUrl);
|
||||
return token.isPresent() && token.get().getScmTokenName().equals(OAUTH_PROVIDER_NAME);
|
||||
return token.isPresent() && token.get().getScmProviderName().equals(OAUTH_PROVIDER_NAME);
|
||||
} catch (ScmConfigurationPersistenceException
|
||||
| ScmUnauthorizedException
|
||||
| ScmCommunicationException exception) {
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ import java.util.Map;
|
|||
import java.util.Optional;
|
||||
import org.eclipse.che.api.core.ApiException;
|
||||
import org.eclipse.che.api.core.model.factory.ScmInfo;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
||||
import org.eclipse.che.api.factory.server.urlfactory.DevfileFilenamesProvider;
|
||||
import org.eclipse.che.api.factory.server.urlfactory.RemoteFactoryUrl;
|
||||
|
|
@ -45,7 +46,6 @@ import org.eclipse.che.api.workspace.server.devfile.URLFetcher;
|
|||
import org.eclipse.che.api.workspace.shared.dto.devfile.DevfileDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.MetadataDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.SourceDto;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
import org.eclipse.che.security.oauth.OAuthAPI;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.testng.MockitoTestNGListener;
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import javax.inject.Inject;
|
|||
import javax.inject.Singleton;
|
||||
import org.eclipse.che.api.core.ApiException;
|
||||
import org.eclipse.che.api.core.BadRequestException;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.BaseFactoryParameterResolver;
|
||||
import org.eclipse.che.api.factory.server.FactoryParametersResolver;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
||||
|
|
@ -34,7 +35,6 @@ import org.eclipse.che.api.factory.shared.dto.ScmInfoDto;
|
|||
import org.eclipse.che.api.workspace.server.devfile.URLFetcher;
|
||||
import org.eclipse.che.api.workspace.shared.dto.ProjectConfigDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.ProjectDto;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
|
||||
/** Provides Factory Parameters resolver for bitbucket repositories. */
|
||||
@Singleton
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ import java.util.Map;
|
|||
import java.util.Optional;
|
||||
import org.eclipse.che.api.core.ApiException;
|
||||
import org.eclipse.che.api.core.model.factory.ScmInfo;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
||||
import org.eclipse.che.api.factory.server.urlfactory.DevfileFilenamesProvider;
|
||||
import org.eclipse.che.api.factory.server.urlfactory.ProjectConfigDtoMerger;
|
||||
|
|
@ -49,7 +50,6 @@ import org.eclipse.che.api.workspace.shared.dto.devfile.DevfileDto;
|
|||
import org.eclipse.che.api.workspace.shared.dto.devfile.MetadataDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.ProjectDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.SourceDto;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
import org.mockito.Captor;
|
||||
import org.mockito.Mock;
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ import static com.github.tomakehurst.wiremock.client.WireMock.stubFor;
|
|||
import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
|
||||
import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
|
||||
import static java.net.HttpURLConnection.HTTP_FORBIDDEN;
|
||||
import static org.eclipse.che.api.factory.server.scm.PersonalAccessTokenFetcher.OAUTH_2_PREFIX;
|
||||
import static org.eclipse.che.api.factory.server.scm.PersonalAccessTokenFetcher.OAUTH_2_SUFFIX;
|
||||
import static org.eclipse.che.dto.server.DtoFactory.newDto;
|
||||
import static org.mockito.ArgumentMatchers.anyString;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
|
@ -188,7 +188,7 @@ public class BitbucketPersonalAccessTokenFetcherTest {
|
|||
PersonalAccessTokenParams params =
|
||||
new PersonalAccessTokenParams(
|
||||
"https://bitbucket.org",
|
||||
OAUTH_2_PREFIX + "-params-name",
|
||||
OAUTH_2_SUFFIX + "-params-name",
|
||||
"tid-23434",
|
||||
bitbucketOauthToken,
|
||||
null);
|
||||
|
|
@ -205,7 +205,7 @@ public class BitbucketPersonalAccessTokenFetcherTest {
|
|||
PersonalAccessTokenParams params =
|
||||
new PersonalAccessTokenParams(
|
||||
"https://bitbucket.org",
|
||||
OAUTH_2_PREFIX + "-token-name",
|
||||
OAUTH_2_SUFFIX + "-token-name",
|
||||
"tid-23434",
|
||||
bitbucketOauthToken,
|
||||
null);
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import java.util.Map;
|
|||
import javax.inject.Inject;
|
||||
import javax.inject.Singleton;
|
||||
import org.eclipse.che.api.core.ApiException;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.BaseFactoryParameterResolver;
|
||||
import org.eclipse.che.api.factory.server.FactoryParametersResolver;
|
||||
import org.eclipse.che.api.factory.server.FactoryResolverPriority;
|
||||
|
|
@ -35,7 +36,6 @@ import org.eclipse.che.api.factory.shared.dto.ScmInfoDto;
|
|||
import org.eclipse.che.api.workspace.server.devfile.URLFetcher;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.ProjectDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.SourceDto;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
|
||||
/**
|
||||
* Provides Factory Parameters resolver for Git Ssh repositories.
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ import jakarta.validation.constraints.NotNull;
|
|||
import java.util.Map;
|
||||
import org.eclipse.che.api.core.ApiException;
|
||||
import org.eclipse.che.api.core.BadRequestException;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.BaseFactoryParameterResolver;
|
||||
import org.eclipse.che.api.factory.server.FactoryParametersResolver;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
||||
|
|
@ -29,7 +30,6 @@ import org.eclipse.che.api.factory.shared.dto.*;
|
|||
import org.eclipse.che.api.workspace.server.devfile.URLFetcher;
|
||||
import org.eclipse.che.api.workspace.shared.dto.ProjectConfigDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.ProjectDto;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
|
||||
/**
|
||||
* Provides Factory Parameters resolver for github repositories.
|
||||
|
|
|
|||
|
|
@ -135,12 +135,11 @@ public abstract class AbstractGithubPersonalAccessTokenFetcher
|
|||
}
|
||||
try {
|
||||
oAuthToken = oAuthAPI.getToken(providerName);
|
||||
String tokenName = NameGenerator.generate(OAUTH_2_PREFIX, 5);
|
||||
String tokenId = NameGenerator.generate("id-", 5);
|
||||
Optional<Pair<Boolean, String>> valid =
|
||||
isValid(
|
||||
new PersonalAccessTokenParams(
|
||||
scmServerUrl, tokenName, tokenId, oAuthToken.getToken(), null));
|
||||
scmServerUrl, providerName, tokenId, oAuthToken.getToken(), null));
|
||||
if (valid.isEmpty()) {
|
||||
throw buildScmUnauthorizedException(cheSubject);
|
||||
} else if (!valid.get().first) {
|
||||
|
|
@ -152,7 +151,7 @@ public abstract class AbstractGithubPersonalAccessTokenFetcher
|
|||
scmServerUrl,
|
||||
cheSubject.getUserId(),
|
||||
valid.get().second,
|
||||
tokenName,
|
||||
providerName,
|
||||
tokenId,
|
||||
oAuthToken.getToken());
|
||||
} catch (UnauthorizedException e) {
|
||||
|
|
@ -185,8 +184,8 @@ public abstract class AbstractGithubPersonalAccessTokenFetcher
|
|||
}
|
||||
|
||||
try {
|
||||
if (personalAccessToken.getScmTokenName() != null
|
||||
&& personalAccessToken.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
|
||||
if (personalAccessToken.getScmProviderName() != null
|
||||
&& personalAccessToken.getScmProviderName().startsWith(OAUTH_2_SUFFIX)) {
|
||||
String[] scopes = githubApiClient.getTokenScopes(personalAccessToken.getToken()).second;
|
||||
return Optional.of(containsScopes(scopes, DEFAULT_TOKEN_SCOPES));
|
||||
} else {
|
||||
|
|
@ -210,7 +209,7 @@ public abstract class AbstractGithubPersonalAccessTokenFetcher
|
|||
// The url from the token has the same url as the api client, no need to create a new one.
|
||||
apiClient = githubApiClient;
|
||||
} else {
|
||||
if ("github".equals(params.getScmTokenName())) {
|
||||
if ("github".equals(params.getScmProviderName())) {
|
||||
apiClient = new GithubApiClient(params.getScmProviderUrl());
|
||||
} else {
|
||||
LOG.debug("not a valid url {} for current fetcher ", params.getScmProviderUrl());
|
||||
|
|
@ -218,7 +217,8 @@ public abstract class AbstractGithubPersonalAccessTokenFetcher
|
|||
}
|
||||
}
|
||||
try {
|
||||
if (params.getScmTokenName() != null && params.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
|
||||
if (params.getScmProviderName() != null
|
||||
&& params.getScmProviderName().startsWith(OAUTH_2_SUFFIX)) {
|
||||
Pair<String, String[]> pair = apiClient.getTokenScopes(params.getToken());
|
||||
return Optional.of(
|
||||
Pair.of(
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ public abstract class AbstractGithubURLParser {
|
|||
tokenManager.get(EnvironmentContext.getCurrent().getSubject(), serverUrl);
|
||||
if (token.isPresent()) {
|
||||
PersonalAccessToken accessToken = token.get();
|
||||
return accessToken.getScmTokenName().equals(providerName);
|
||||
return accessToken.getScmProviderName().equals(providerName);
|
||||
}
|
||||
} catch (ScmConfigurationPersistenceException
|
||||
| ScmUnauthorizedException
|
||||
|
|
|
|||
|
|
@ -13,10 +13,8 @@ package org.eclipse.che.api.factory.server.github;
|
|||
|
||||
import static com.google.common.base.Strings.isNullOrEmpty;
|
||||
|
||||
import com.google.common.base.Joiner;
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import java.util.Set;
|
||||
import org.eclipse.che.api.auth.shared.dto.OAuthToken;
|
||||
import org.eclipse.che.api.factory.server.scm.AbstractGitUserDataFetcher;
|
||||
import org.eclipse.che.api.factory.server.scm.GitUserData;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessToken;
|
||||
|
|
@ -24,7 +22,6 @@ import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
|||
import org.eclipse.che.api.factory.server.scm.exception.ScmBadRequestException;
|
||||
import org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException;
|
||||
import org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException;
|
||||
import org.eclipse.che.security.oauth.OAuthAPI;
|
||||
|
||||
/** GitHub user data retriever. */
|
||||
public abstract class AbstractGithubUserDataFetcher extends AbstractGitUserDataFetcher {
|
||||
|
|
@ -44,27 +41,15 @@ public abstract class AbstractGithubUserDataFetcher extends AbstractGitUserDataF
|
|||
/** Constructor used for testing only. */
|
||||
public AbstractGithubUserDataFetcher(
|
||||
String apiEndpoint,
|
||||
OAuthAPI oAuthTokenFetcher,
|
||||
PersonalAccessTokenManager personalAccessTokenManager,
|
||||
GithubApiClient githubApiClient,
|
||||
String providerName) {
|
||||
super(providerName, personalAccessTokenManager, oAuthTokenFetcher);
|
||||
super(providerName, personalAccessTokenManager);
|
||||
this.providerName = providerName;
|
||||
this.githubApiClient = githubApiClient;
|
||||
this.apiEndpoint = apiEndpoint;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected GitUserData fetchGitUserDataWithOAuthToken(OAuthToken oAuthToken)
|
||||
throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException {
|
||||
GithubUser user = githubApiClient.getUser(oAuthToken.getToken());
|
||||
if (isNullOrEmpty(user.getName()) || isNullOrEmpty(user.getEmail())) {
|
||||
throw new ScmItemNotFoundException(NO_USERNAME_AND_EMAIL_ERROR_MESSAGE);
|
||||
} else {
|
||||
return new GitUserData(user.getName(), user.getEmail());
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected GitUserData fetchGitUserDataWithPersonalAccessToken(
|
||||
PersonalAccessToken personalAccessToken)
|
||||
|
|
@ -80,13 +65,4 @@ public abstract class AbstractGithubUserDataFetcher extends AbstractGitUserDataF
|
|||
return new GitUserData(user.getName(), user.getEmail());
|
||||
}
|
||||
}
|
||||
|
||||
protected String getLocalAuthenticateUrl() {
|
||||
return apiEndpoint
|
||||
+ "/oauth/authenticate?oauth_provider="
|
||||
+ providerName
|
||||
+ "&scope="
|
||||
+ Joiner.on(',').join(DEFAULT_TOKEN_SCOPES)
|
||||
+ "&request_method=POST&signature_method=rsa";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,11 +13,11 @@ package org.eclipse.che.api.factory.server.github;
|
|||
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Singleton;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
||||
import org.eclipse.che.api.factory.server.urlfactory.ProjectConfigDtoMerger;
|
||||
import org.eclipse.che.api.factory.server.urlfactory.URLFactoryBuilder;
|
||||
import org.eclipse.che.api.workspace.server.devfile.URLFetcher;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
|
||||
/**
|
||||
* Provides Factory Parameters resolver for github repositories.
|
||||
|
|
|
|||
|
|
@ -13,11 +13,11 @@ package org.eclipse.che.api.factory.server.github;
|
|||
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Singleton;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
||||
import org.eclipse.che.api.factory.server.urlfactory.ProjectConfigDtoMerger;
|
||||
import org.eclipse.che.api.factory.server.urlfactory.URLFactoryBuilder;
|
||||
import org.eclipse.che.api.workspace.server.devfile.URLFetcher;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
|
||||
/**
|
||||
* Provides Factory Parameters resolver for github repositories.
|
||||
|
|
|
|||
|
|
@ -26,11 +26,9 @@ public class GithubUserDataFetcher extends AbstractGithubUserDataFetcher {
|
|||
public GithubUserDataFetcher(
|
||||
@Named("che.api") String apiEndpoint,
|
||||
@Nullable @Named("che.integration.github.oauth_endpoint") String oauthEndpoint,
|
||||
OAuthAPI oAuthTokenFetcher,
|
||||
PersonalAccessTokenManager personalAccessTokenManager) {
|
||||
super(
|
||||
apiEndpoint,
|
||||
oAuthTokenFetcher,
|
||||
personalAccessTokenManager,
|
||||
new GithubApiClient(oauthEndpoint),
|
||||
OAUTH_PROVIDER_NAME);
|
||||
|
|
@ -41,11 +39,6 @@ public class GithubUserDataFetcher extends AbstractGithubUserDataFetcher {
|
|||
OAuthAPI oAuthTokenFetcher,
|
||||
PersonalAccessTokenManager personalAccessTokenManager,
|
||||
GithubApiClient githubApiClient) {
|
||||
super(
|
||||
apiEndpoint,
|
||||
oAuthTokenFetcher,
|
||||
personalAccessTokenManager,
|
||||
githubApiClient,
|
||||
OAUTH_PROVIDER_NAME);
|
||||
super(apiEndpoint, personalAccessTokenManager, githubApiClient, OAUTH_PROVIDER_NAME);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ import javax.inject.Inject;
|
|||
import javax.inject.Named;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
||||
import org.eclipse.che.commons.annotation.Nullable;
|
||||
import org.eclipse.che.security.oauth.OAuthAPI;
|
||||
|
||||
/** GitHub user data retriever. */
|
||||
public class GithubUserDataFetcherSecond extends AbstractGithubUserDataFetcher {
|
||||
|
|
@ -26,11 +25,9 @@ public class GithubUserDataFetcherSecond extends AbstractGithubUserDataFetcher {
|
|||
public GithubUserDataFetcherSecond(
|
||||
@Named("che.api") String apiEndpoint,
|
||||
@Nullable @Named("che.integration.github.oauth_endpoint_2") String oauthEndpoint,
|
||||
OAuthAPI oAuthTokenFetcher,
|
||||
PersonalAccessTokenManager personalAccessTokenManager) {
|
||||
super(
|
||||
apiEndpoint,
|
||||
oAuthTokenFetcher,
|
||||
personalAccessTokenManager,
|
||||
new GithubApiClient(oauthEndpoint),
|
||||
OAUTH_PROVIDER_NAME);
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@ import java.util.Map;
|
|||
import java.util.Optional;
|
||||
import org.eclipse.che.api.core.ApiException;
|
||||
import org.eclipse.che.api.core.model.factory.ScmInfo;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
||||
import org.eclipse.che.api.factory.server.urlfactory.DevfileFilenamesProvider;
|
||||
import org.eclipse.che.api.factory.server.urlfactory.ProjectConfigDtoMerger;
|
||||
|
|
@ -51,7 +52,6 @@ import org.eclipse.che.api.workspace.shared.dto.devfile.DevfileDto;
|
|||
import org.eclipse.che.api.workspace.shared.dto.devfile.MetadataDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.ProjectDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.SourceDto;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
import org.mockito.Captor;
|
||||
import org.mockito.Mock;
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
|
|||
import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
|
||||
import static java.net.HttpURLConnection.HTTP_FORBIDDEN;
|
||||
import static org.eclipse.che.api.factory.server.github.GithubPersonalAccessTokenFetcher.DEFAULT_TOKEN_SCOPES;
|
||||
import static org.eclipse.che.api.factory.server.scm.PersonalAccessTokenFetcher.OAUTH_2_PREFIX;
|
||||
import static org.eclipse.che.api.factory.server.scm.PersonalAccessTokenFetcher.OAUTH_2_SUFFIX;
|
||||
import static org.eclipse.che.dto.server.DtoFactory.newDto;
|
||||
import static org.mockito.ArgumentMatchers.anyString;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
|
@ -236,7 +236,7 @@ public class GithubPersonalAccessTokenFetcherTest {
|
|||
PersonalAccessTokenParams params =
|
||||
new PersonalAccessTokenParams(
|
||||
wireMockServer.url("/"),
|
||||
OAUTH_2_PREFIX + "-params-name",
|
||||
OAUTH_2_SUFFIX + "-params-name",
|
||||
"tid-23434",
|
||||
githubOauthToken,
|
||||
null);
|
||||
|
|
@ -253,7 +253,7 @@ public class GithubPersonalAccessTokenFetcherTest {
|
|||
PersonalAccessTokenParams params =
|
||||
new PersonalAccessTokenParams(
|
||||
wireMockServer.url("/"),
|
||||
OAUTH_2_PREFIX + "-token-name",
|
||||
OAUTH_2_SUFFIX + "-token-name",
|
||||
"tid-23434",
|
||||
githubOauthToken,
|
||||
null);
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import javax.inject.Inject;
|
|||
import javax.inject.Singleton;
|
||||
import org.eclipse.che.api.core.ApiException;
|
||||
import org.eclipse.che.api.core.BadRequestException;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.BaseFactoryParameterResolver;
|
||||
import org.eclipse.che.api.factory.server.FactoryParametersResolver;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
||||
|
|
@ -33,7 +34,6 @@ import org.eclipse.che.api.factory.shared.dto.ScmInfoDto;
|
|||
import org.eclipse.che.api.workspace.server.devfile.URLFetcher;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.ProjectDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.SourceDto;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
|
||||
/**
|
||||
* Provides Factory Parameters resolver for Gitlab repositories.
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ public class GitlabOAuthTokenFetcher implements PersonalAccessTokenFetcher {
|
|||
OAuthToken oAuthToken;
|
||||
try {
|
||||
oAuthToken = oAuthAPI.getToken(OAUTH_PROVIDER_NAME);
|
||||
String tokenName = NameGenerator.generate(OAUTH_2_PREFIX, 5);
|
||||
String tokenName = NameGenerator.generate(OAUTH_2_SUFFIX, 5);
|
||||
String tokenId = NameGenerator.generate("id-", 5);
|
||||
Optional<Pair<Boolean, String>> valid =
|
||||
isValid(
|
||||
|
|
@ -152,7 +152,7 @@ public class GitlabOAuthTokenFetcher implements PersonalAccessTokenFetcher {
|
|||
GitlabApiClient gitlabApiClient = getApiClient(personalAccessToken.getScmProviderUrl());
|
||||
if (gitlabApiClient == null
|
||||
|| !gitlabApiClient.isConnected(personalAccessToken.getScmProviderUrl())) {
|
||||
if (personalAccessToken.getScmTokenName().equals(OAUTH_PROVIDER_NAME)) {
|
||||
if (personalAccessToken.getScmProviderName().equals(OAUTH_PROVIDER_NAME)) {
|
||||
gitlabApiClient = new GitlabApiClient(personalAccessToken.getScmProviderUrl());
|
||||
} else {
|
||||
LOG.debug(
|
||||
|
|
@ -160,8 +160,8 @@ public class GitlabOAuthTokenFetcher implements PersonalAccessTokenFetcher {
|
|||
return Optional.empty();
|
||||
}
|
||||
}
|
||||
if (personalAccessToken.getScmTokenName() != null
|
||||
&& personalAccessToken.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
|
||||
if (personalAccessToken.getScmProviderName() != null
|
||||
&& personalAccessToken.getScmProviderName().startsWith(OAUTH_2_SUFFIX)) {
|
||||
// validation OAuth token by special API call
|
||||
try {
|
||||
GitlabOauthTokenInfo info =
|
||||
|
|
@ -190,7 +190,7 @@ public class GitlabOAuthTokenFetcher implements PersonalAccessTokenFetcher {
|
|||
public Optional<Pair<Boolean, String>> isValid(PersonalAccessTokenParams params) {
|
||||
GitlabApiClient gitlabApiClient = getApiClient(params.getScmProviderUrl());
|
||||
if (gitlabApiClient == null || !gitlabApiClient.isConnected(params.getScmProviderUrl())) {
|
||||
if (OAUTH_PROVIDER_NAME.equals(params.getScmTokenName())) {
|
||||
if (OAUTH_PROVIDER_NAME.equals(params.getScmProviderName())) {
|
||||
gitlabApiClient = new GitlabApiClient(params.getScmProviderUrl());
|
||||
} else {
|
||||
LOG.debug("not a valid url {} for current fetcher ", params.getScmProviderUrl());
|
||||
|
|
@ -199,7 +199,8 @@ public class GitlabOAuthTokenFetcher implements PersonalAccessTokenFetcher {
|
|||
}
|
||||
try {
|
||||
GitlabUser user = gitlabApiClient.getUser(params.getToken());
|
||||
if (params.getScmTokenName() != null && params.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
|
||||
if (params.getScmProviderName() != null
|
||||
&& params.getScmProviderName().startsWith(OAUTH_2_SUFFIX)) {
|
||||
// validation OAuth token by special API call
|
||||
GitlabOauthTokenInfo info = gitlabApiClient.getOAuthTokenInfo(params.getToken());
|
||||
return Optional.of(
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ public class GitlabUrlParser {
|
|||
personalAccessTokenManager.get(EnvironmentContext.getCurrent().getSubject(), serverUrl);
|
||||
if (token.isPresent()) {
|
||||
PersonalAccessToken accessToken = token.get();
|
||||
return accessToken.getScmTokenName().equals(OAUTH_PROVIDER_NAME);
|
||||
return accessToken.getScmProviderName().equals(OAUTH_PROVIDER_NAME);
|
||||
}
|
||||
} catch (ScmConfigurationPersistenceException
|
||||
| ScmUnauthorizedException
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ import java.util.List;
|
|||
import java.util.Set;
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Named;
|
||||
import org.eclipse.che.api.auth.shared.dto.OAuthToken;
|
||||
import org.eclipse.che.api.factory.server.scm.*;
|
||||
import org.eclipse.che.api.factory.server.scm.exception.ScmBadRequestException;
|
||||
import org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException;
|
||||
|
|
@ -29,7 +28,6 @@ import org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException
|
|||
import org.eclipse.che.commons.annotation.Nullable;
|
||||
import org.eclipse.che.commons.lang.StringUtils;
|
||||
import org.eclipse.che.inject.ConfigurationException;
|
||||
import org.eclipse.che.security.oauth.OAuthAPI;
|
||||
|
||||
/** Gitlab OAuth token retriever. */
|
||||
public class GitlabUserDataFetcher extends AbstractGitUserDataFetcher {
|
||||
|
|
@ -48,9 +46,8 @@ public class GitlabUserDataFetcher extends AbstractGitUserDataFetcher {
|
|||
@Nullable @Named("che.integration.gitlab.server_endpoints") String gitlabEndpoints,
|
||||
@Nullable @Named("che.integration.gitlab.oauth_endpoint") String oauthEndpoint,
|
||||
@Named("che.api") String apiEndpoint,
|
||||
PersonalAccessTokenManager personalAccessTokenManager,
|
||||
OAuthAPI oAuthTokenFetcher) {
|
||||
super(OAUTH_PROVIDER_NAME, personalAccessTokenManager, oAuthTokenFetcher);
|
||||
PersonalAccessTokenManager personalAccessTokenManager) {
|
||||
super(OAUTH_PROVIDER_NAME, personalAccessTokenManager);
|
||||
this.apiEndpoint = apiEndpoint;
|
||||
if (gitlabEndpoints != null) {
|
||||
this.registeredGitlabEndpoints =
|
||||
|
|
@ -69,16 +66,6 @@ public class GitlabUserDataFetcher extends AbstractGitUserDataFetcher {
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected GitUserData fetchGitUserDataWithOAuthToken(OAuthToken oAuthToken)
|
||||
throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException {
|
||||
for (String gitlabServerEndpoint : this.registeredGitlabEndpoints) {
|
||||
GitlabUser user = new GitlabApiClient(gitlabServerEndpoint).getUser(oAuthToken.getToken());
|
||||
return new GitUserData(user.getName(), user.getEmail());
|
||||
}
|
||||
throw new ScmCommunicationException("Failed to retrieve git user data from Gitlab");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected GitUserData fetchGitUserDataWithPersonalAccessToken(
|
||||
PersonalAccessToken personalAccessToken)
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ import java.util.Map;
|
|||
import java.util.Optional;
|
||||
import org.eclipse.che.api.core.ApiException;
|
||||
import org.eclipse.che.api.core.model.factory.ScmInfo;
|
||||
import org.eclipse.che.api.factory.server.AuthorisationRequestManager;
|
||||
import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
|
||||
import org.eclipse.che.api.factory.server.urlfactory.DevfileFilenamesProvider;
|
||||
import org.eclipse.che.api.factory.server.urlfactory.RemoteFactoryUrl;
|
||||
|
|
@ -45,7 +46,6 @@ import org.eclipse.che.api.workspace.server.devfile.URLFetcher;
|
|||
import org.eclipse.che.api.workspace.shared.dto.devfile.DevfileDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.MetadataDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.SourceDto;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.testng.MockitoTestNGListener;
|
||||
import org.testng.annotations.BeforeMethod;
|
||||
|
|
|
|||
|
|
@ -60,8 +60,7 @@ public class GitlabUserDataFetcherTest {
|
|||
wireMockServer.url("/"),
|
||||
wireMockServer.url("/"),
|
||||
"http://che.api",
|
||||
personalAccessTokenManager,
|
||||
oAuthTokenFetcher);
|
||||
personalAccessTokenManager);
|
||||
|
||||
stubFor(
|
||||
get(urlEqualTo("/api/v4/user"))
|
||||
|
|
|
|||
|
|
@ -62,14 +62,6 @@
|
|||
<groupId>jakarta.ws.rs</groupId>
|
||||
<artifactId>jakarta.ws.rs-api</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.che.core</groupId>
|
||||
<artifactId>che-core-api-auth</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.che.core</groupId>
|
||||
<artifactId>che-core-api-auth-shared</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.che.core</groupId>
|
||||
<artifactId>che-core-api-core</artifactId>
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
* Contributors:
|
||||
* Red Hat, Inc. - initial API and implementation
|
||||
*/
|
||||
package org.eclipse.che.security.oauth;
|
||||
package org.eclipse.che.api.factory.server;
|
||||
|
||||
import jakarta.ws.rs.core.UriInfo;
|
||||
import java.util.List;
|
||||
|
|
@ -29,7 +29,6 @@ import org.eclipse.che.api.factory.shared.dto.FactoryVisitor;
|
|||
import org.eclipse.che.api.workspace.server.devfile.FileContentProvider;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.DevfileDto;
|
||||
import org.eclipse.che.api.workspace.shared.dto.devfile.ProjectDto;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
|
||||
public class BaseFactoryParameterResolver {
|
||||
|
||||
|
|
|
|||
|
|
@ -42,7 +42,6 @@ import org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException
|
|||
import org.eclipse.che.api.factory.server.scm.exception.UnknownScmProviderException;
|
||||
import org.eclipse.che.api.factory.server.scm.exception.UnsatisfiedScmPreconditionException;
|
||||
import org.eclipse.che.api.factory.shared.dto.FactoryMetaDto;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
|
||||
/**
|
||||
* Defines Factory REST API.
|
||||
|
|
|
|||
|
|
@ -12,12 +12,9 @@
|
|||
package org.eclipse.che.api.factory.server.scm;
|
||||
|
||||
import java.util.Optional;
|
||||
import org.eclipse.che.api.auth.shared.dto.OAuthToken;
|
||||
import org.eclipse.che.api.core.*;
|
||||
import org.eclipse.che.api.factory.server.scm.exception.*;
|
||||
import org.eclipse.che.commons.env.EnvironmentContext;
|
||||
import org.eclipse.che.commons.subject.Subject;
|
||||
import org.eclipse.che.security.oauth.OAuthAPI;
|
||||
|
||||
/**
|
||||
* Abstraction to fetch git user data from the specific git provider using OAuth 2.0 or personal
|
||||
|
|
@ -28,52 +25,29 @@ import org.eclipse.che.security.oauth.OAuthAPI;
|
|||
public abstract class AbstractGitUserDataFetcher implements GitUserDataFetcher {
|
||||
protected final String oAuthProviderName;
|
||||
protected final PersonalAccessTokenManager personalAccessTokenManager;
|
||||
protected final OAuthAPI oAuthTokenFetcher;
|
||||
|
||||
public AbstractGitUserDataFetcher(
|
||||
String oAuthProviderName,
|
||||
PersonalAccessTokenManager personalAccessTokenManager,
|
||||
OAuthAPI oAuthTokenFetcher) {
|
||||
String oAuthProviderName, PersonalAccessTokenManager personalAccessTokenManager) {
|
||||
this.oAuthProviderName = oAuthProviderName;
|
||||
this.personalAccessTokenManager = personalAccessTokenManager;
|
||||
this.oAuthTokenFetcher = oAuthTokenFetcher;
|
||||
}
|
||||
|
||||
public GitUserData fetchGitUserData()
|
||||
throws ScmUnauthorizedException, ScmCommunicationException,
|
||||
ScmConfigurationPersistenceException, ScmItemNotFoundException, ScmBadRequestException {
|
||||
Subject cheSubject = EnvironmentContext.getCurrent().getSubject();
|
||||
try {
|
||||
OAuthToken oAuthToken = oAuthTokenFetcher.getToken(oAuthProviderName);
|
||||
return fetchGitUserDataWithOAuthToken(oAuthToken);
|
||||
} catch (UnauthorizedException e) {
|
||||
throw new ScmUnauthorizedException(
|
||||
cheSubject.getUserName()
|
||||
+ " is not authorized in "
|
||||
+ oAuthProviderName
|
||||
+ " OAuth provider.",
|
||||
oAuthProviderName,
|
||||
"2.0",
|
||||
getLocalAuthenticateUrl());
|
||||
} catch (NotFoundException e) {
|
||||
Optional<PersonalAccessToken> personalAccessToken =
|
||||
personalAccessTokenManager.get(cheSubject, oAuthProviderName, null);
|
||||
if (personalAccessToken.isPresent()) {
|
||||
return fetchGitUserDataWithPersonalAccessToken(personalAccessToken.get());
|
||||
}
|
||||
throw new ScmCommunicationException(
|
||||
"There are no tokes for the user " + cheSubject.getUserId());
|
||||
} catch (ServerException | ForbiddenException | BadRequestException | ConflictException e) {
|
||||
throw new ScmCommunicationException(e.getMessage(), e);
|
||||
Optional<PersonalAccessToken> tokenOptional =
|
||||
personalAccessTokenManager.get(cheSubject, oAuthProviderName, null);
|
||||
if (tokenOptional.isPresent()) {
|
||||
return fetchGitUserDataWithPersonalAccessToken(tokenOptional.get());
|
||||
}
|
||||
throw new ScmCommunicationException(
|
||||
"There are no tokes for the user " + cheSubject.getUserId());
|
||||
}
|
||||
|
||||
protected abstract GitUserData fetchGitUserDataWithOAuthToken(OAuthToken oAuthToken)
|
||||
throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException;
|
||||
|
||||
protected abstract GitUserData fetchGitUserDataWithPersonalAccessToken(
|
||||
PersonalAccessToken personalAccessToken)
|
||||
throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException;
|
||||
|
||||
protected abstract String getLocalAuthenticateUrl();
|
||||
// protected abstract String getLocalAuthenticateUrl();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
package org.eclipse.che.api.factory.server.scm;
|
||||
|
||||
import static com.google.common.base.Strings.isNullOrEmpty;
|
||||
import static org.eclipse.che.api.factory.server.scm.PersonalAccessTokenFetcher.OAUTH_2_PREFIX;
|
||||
import static org.eclipse.che.api.factory.server.scm.PersonalAccessTokenFetcher.OAUTH_2_SUFFIX;
|
||||
import static org.eclipse.che.api.factory.server.scm.exception.ExceptionMessages.getDevfileConnectionErrorMessage;
|
||||
|
||||
import java.io.FileNotFoundException;
|
||||
|
|
@ -85,8 +85,8 @@ public class AuthorizingFileContentProvider<T extends RemoteFactoryUrl>
|
|||
authorization =
|
||||
formatAuthorization(
|
||||
token.getToken(),
|
||||
token.getScmTokenName() == null
|
||||
|| !token.getScmTokenName().startsWith(OAUTH_2_PREFIX));
|
||||
token.getScmProviderName() == null
|
||||
|| !token.getScmProviderName().startsWith(OAUTH_2_SUFFIX));
|
||||
} else {
|
||||
authorization = getCredentialsAuthorization(credentials);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ public class PersonalAccessToken {
|
|||
/** Organization that user belongs to. Can be null if user is not a member of any organization. */
|
||||
@Nullable private final String scmOrganization;
|
||||
|
||||
private final String scmTokenName;
|
||||
private final String scmProviderName;
|
||||
private final String scmTokenId;
|
||||
private final String token;
|
||||
private final String cheUserId;
|
||||
|
|
@ -36,13 +36,13 @@ public class PersonalAccessToken {
|
|||
String cheUserId,
|
||||
String scmOrganization,
|
||||
String scmUserName,
|
||||
String scmTokenName,
|
||||
String scmProviderName,
|
||||
String scmTokenId,
|
||||
String token) {
|
||||
this.scmProviderUrl = scmProviderUrl;
|
||||
this.scmOrganization = scmOrganization;
|
||||
this.scmUserName = scmUserName;
|
||||
this.scmTokenName = scmTokenName;
|
||||
this.scmProviderName = scmProviderName;
|
||||
this.scmTokenId = scmTokenId;
|
||||
this.token = token;
|
||||
this.cheUserId = cheUserId;
|
||||
|
|
@ -52,10 +52,10 @@ public class PersonalAccessToken {
|
|||
String scmProviderUrl,
|
||||
String cheUserId,
|
||||
String scmUserName,
|
||||
String scmTokenName,
|
||||
String scmProviderName,
|
||||
String scmTokenId,
|
||||
String token) {
|
||||
this(scmProviderUrl, cheUserId, null, scmUserName, scmTokenName, scmTokenId, token);
|
||||
this(scmProviderUrl, cheUserId, null, scmUserName, scmProviderName, scmTokenId, token);
|
||||
}
|
||||
|
||||
public PersonalAccessToken(String scmProviderUrl, String scmUserName, String token) {
|
||||
|
|
@ -73,8 +73,8 @@ public class PersonalAccessToken {
|
|||
return scmProviderUrl;
|
||||
}
|
||||
|
||||
public String getScmTokenName() {
|
||||
return scmTokenName;
|
||||
public String getScmProviderName() {
|
||||
return scmProviderName;
|
||||
}
|
||||
|
||||
public String getScmTokenId() {
|
||||
|
|
@ -106,7 +106,7 @@ public class PersonalAccessToken {
|
|||
return Objects.equal(scmProviderUrl, that.scmProviderUrl)
|
||||
&& Objects.equal(scmUserName, that.scmUserName)
|
||||
&& Objects.equal(scmOrganization, that.scmOrganization)
|
||||
&& Objects.equal(scmTokenName, that.scmTokenName)
|
||||
&& Objects.equal(scmProviderName, that.scmProviderName)
|
||||
&& Objects.equal(scmTokenId, that.scmTokenId)
|
||||
&& Objects.equal(token, that.token)
|
||||
&& Objects.equal(cheUserId, that.cheUserId);
|
||||
|
|
@ -115,7 +115,13 @@ public class PersonalAccessToken {
|
|||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hashCode(
|
||||
scmProviderUrl, scmUserName, scmOrganization, scmTokenName, scmTokenId, token, cheUserId);
|
||||
scmProviderUrl,
|
||||
scmUserName,
|
||||
scmOrganization,
|
||||
scmProviderName,
|
||||
scmTokenId,
|
||||
token,
|
||||
cheUserId);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -131,7 +137,7 @@ public class PersonalAccessToken {
|
|||
+ scmOrganization
|
||||
+ '\''
|
||||
+ ", scmTokenName='"
|
||||
+ scmTokenName
|
||||
+ scmProviderName
|
||||
+ '\''
|
||||
+ ", scmTokenId='"
|
||||
+ scmTokenId
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ import org.eclipse.che.commons.subject.Subject;
|
|||
public interface PersonalAccessTokenFetcher {
|
||||
|
||||
/** Prefix for token names indication it is OAuth token (to differentiate from PAT-s) */
|
||||
String OAUTH_2_PREFIX = "oauth2-";
|
||||
String OAUTH_2_SUFFIX = "-oauth2";
|
||||
|
||||
/**
|
||||
* Retrieve new PersonalAccessToken from concrete scm provider
|
||||
|
|
|
|||
|
|
@ -14,19 +14,19 @@ package org.eclipse.che.api.factory.server.scm;
|
|||
/** An object to hold parameters for creating a personal access token. */
|
||||
public class PersonalAccessTokenParams {
|
||||
private final String scmProviderUrl;
|
||||
private final String scmTokenName;
|
||||
private final String scmProviderName;
|
||||
private final String scmTokenId;
|
||||
private final String token;
|
||||
private final String organization;
|
||||
|
||||
public PersonalAccessTokenParams(
|
||||
String scmProviderUrl,
|
||||
String scmTokenName,
|
||||
String scmProviderName,
|
||||
String scmTokenId,
|
||||
String token,
|
||||
String organization) {
|
||||
this.scmProviderUrl = scmProviderUrl;
|
||||
this.scmTokenName = scmTokenName;
|
||||
this.scmProviderName = scmProviderName;
|
||||
this.scmTokenId = scmTokenId;
|
||||
this.token = token;
|
||||
this.organization = organization;
|
||||
|
|
@ -36,8 +36,8 @@ public class PersonalAccessTokenParams {
|
|||
return scmProviderUrl;
|
||||
}
|
||||
|
||||
public String getScmTokenName() {
|
||||
return scmTokenName;
|
||||
public String getScmProviderName() {
|
||||
return scmProviderName;
|
||||
}
|
||||
|
||||
public String getScmTokenId() {
|
||||
|
|
|
|||
|
|
@ -80,8 +80,7 @@ public class ScmPersonalAccessTokenFetcher {
|
|||
* {@link PersonalAccessTokenFetcher#isValid(PersonalAccessTokenParams)} method. If any of the
|
||||
* fetchers return an scm username, return it. Otherwise, return null.
|
||||
*/
|
||||
public Optional<String> getScmUsername(PersonalAccessTokenParams params)
|
||||
throws UnknownScmProviderException, ScmUnauthorizedException, ScmCommunicationException {
|
||||
public Optional<String> getScmUsername(PersonalAccessTokenParams params) throws UnknownScmProviderException {
|
||||
for (PersonalAccessTokenFetcher fetcher : personalAccessTokenFetchers) {
|
||||
Optional<Pair<Boolean, String>> isValid = fetcher.isValid(params);
|
||||
if (isValid.isPresent() && isValid.get().first) {
|
||||
|
|
|
|||
|
|
@ -19,7 +19,6 @@ import static org.testng.Assert.assertTrue;
|
|||
|
||||
import java.util.Map;
|
||||
import org.eclipse.che.api.factory.server.urlfactory.URLFactoryBuilder;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.testng.MockitoTestNGListener;
|
||||
import org.testng.annotations.BeforeMethod;
|
||||
|
|
|
|||
|
|
@ -63,7 +63,6 @@ import org.eclipse.che.api.user.server.model.impl.UserImpl;
|
|||
import org.eclipse.che.commons.env.EnvironmentContext;
|
||||
import org.eclipse.che.commons.subject.SubjectImpl;
|
||||
import org.eclipse.che.dto.server.DtoFactory;
|
||||
import org.eclipse.che.security.oauth.AuthorisationRequestManager;
|
||||
import org.everrest.assured.EverrestJetty;
|
||||
import org.everrest.core.Filter;
|
||||
import org.everrest.core.GenericContainerRequest;
|
||||
|
|
|
|||
Loading…
Reference in New Issue