seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixup! Fix gitlab oauth token validation request

pull/674/head
ivinokur 2024-04-03 14:44:53 +03:00
parent ee61120f2f
commit d86f795d7d
4 changed files with 107 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wsmaster/che-core-api-auth-gitlab/pom.xml
View File

@ -35,6 +35,10 @@
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
</dependency>
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client</artifactId>
</dependency>
<dependency>
<groupId>jakarta.inject</groupId>
<artifactId>jakarta.inject-api</artifactId>

10
wsmaster/che-core-api-auth-gitlab/src/main/java/org/eclipse/che/security/oauth/GitLabOAuthAuthenticator.java
View File

@ -91,11 +91,11 @@ public class GitLabOAuthAuthenticator extends OAuthAuthenticator {
public OAuthToken getToken(String userId) throws IOException {
final OAuthToken token = super.getToken(userId);
try {
if (token == null
|| token.getToken() == null
|| token.getToken().isEmpty()
|| isNullOrEmpty(
getJson(gitlabUserEndpoint, token.getToken(), GitLabUser.class).getId())) {
if (token == null || token.getToken() == null || token.getToken().isEmpty()) {
return null;
}
GitLabUser user = getJson(gitlabUserEndpoint, token.getToken(), GitLabUser.class);
if (user == null || isNullOrEmpty(user.getId())) {
return null;
}
} catch (OAuthAuthenticationException e) {

96
wsmaster/che-core-api-auth-gitlab/src/test/java/org/eclipse/che/security/oauth/GitLabAuthenticatorTest.java Normal file
View File

@ -0,0 +1,96 @@
/*
* Copyright (c) 2012-2024 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*
* Contributors:
* Red Hat, Inc. - initial API and implementation
*/
package org.eclipse.che.security.oauth;
import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
import static com.github.tomakehurst.wiremock.client.WireMock.equalTo;
import static com.github.tomakehurst.wiremock.client.WireMock.get;
import static com.github.tomakehurst.wiremock.client.WireMock.stubFor;
import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertNull;
import com.github.tomakehurst.wiremock.WireMockServer;
import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.common.Slf4jNotifier;
import com.google.api.client.auth.oauth2.StoredCredential;
import com.google.api.client.util.store.MemoryDataStoreFactory;
import com.google.common.net.HttpHeaders;
import java.lang.reflect.Field;
import org.eclipse.che.api.auth.shared.dto.OAuthToken;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
public class GitLabAuthenticatorTest {
WireMockServer wireMockServer;
WireMock wireMock;
@BeforeClass
public void setup() {
wireMockServer =
new WireMockServer(wireMockConfig().notifier(new Slf4jNotifier(false)).dynamicPort());
wireMockServer.start();
WireMock.configureFor("localhost", wireMockServer.port());
wireMock = new WireMock("localhost", wireMockServer.port());
}
@Test
public void shouldGetToken() throws Exception {
// given
GitLabOAuthAuthenticator gitLabOAuthAuthenticator =
new GitLabOAuthAuthenticator(
"id", "secret", wireMockServer.url("/"), "https://che.api.com");
Field flowField = OAuthAuthenticator.class.getDeclaredField("flow");
Field credentialDataStoreField =
((Class) flowField.getGenericType()).getDeclaredField("credentialDataStore");
credentialDataStoreField.setAccessible(true);
credentialDataStoreField.set(
flowField.get(gitLabOAuthAuthenticator),
new MemoryDataStoreFactory()
.getDataStore("test")
.set("userId", new StoredCredential().setAccessToken("token")));
stubFor(
get(urlEqualTo("/api/v4/user"))
.withHeader(HttpHeaders.AUTHORIZATION, equalTo("Bearer token"))
.willReturn(aResponse().withBody("{\"id\": \"testId\"}")));
// when
OAuthToken token = gitLabOAuthAuthenticator.getToken("userId");
// then
assertEquals(token.getToken(), "token");
}
@Test
public void shouldGetEmptyToken() throws Exception {
// given
GitLabOAuthAuthenticator gitLabOAuthAuthenticator =
new GitLabOAuthAuthenticator(
"id", "secret", wireMockServer.url("/"), "https://che.api.com");
Field flowField = OAuthAuthenticator.class.getDeclaredField("flow");
Field credentialDataStoreField =
((Class) flowField.getGenericType()).getDeclaredField("credentialDataStore");
credentialDataStoreField.setAccessible(true);
credentialDataStoreField.set(
flowField.get(gitLabOAuthAuthenticator),
new MemoryDataStoreFactory()
.getDataStore("test")
.set("userId", new StoredCredential().setAccessToken("token")));
stubFor(
get(urlEqualTo("/api/v4/user"))
.withHeader(HttpHeaders.AUTHORIZATION, equalTo("Bearer token"))
.willReturn(aResponse().withBody("{}")));
// when
OAuthToken token = gitLabOAuthAuthenticator.getToken("userId");
// then
assertNull(token);
}
}

3
wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/OAuthAuthenticator.java
View File

@ -285,7 +285,8 @@ public abstract class OAuthAuthenticator {
* none token found for user then {@code null} will be returned, when user have expired token
* and it can't be refreshed then {@code null} will be returned
* @throws IOException when error occurs during token loading
* @see OAuthTokenProvider#getToken(String, String)
* @see OAuthTokenProvider#getToken(String, String) TODO: return Optional<OAuthToken> to avoid
* returning null.
*/
public OAuthToken getToken(String userId) throws IOException {
if (!isConfigured()) {