Change the getHostName() function to getProviderUrl() in order to fix an error while updating an oauth token on workspace start.
Throw ScmUnauthorizedException if an oAuth token is not valid, for the dashboard to open the authorisation page and update the token.
If user rejects an scm provider authorisation request while creating or starting existed workspace store the name of the scm provider in the workspace-preferences config-map. The workspace create/start step must proceed without token fetch step. If user creates another workspace or starts existed workspace from an scm provider which name is stored in the config-map, do not ask the authorisation as it was already rejected once.
Encode the &error_code=access_denied query param for the callback url in order to fix the bug when the authentication request appears again if it was rejected.
Return the SSH factory resolver in order to handle SSH urls from unsupported SCM providers.
Add a priority value for all factory resolvers to be able to control resolver's priority.
---------
Co-authored-by: Aleksandr Shmaraiev <oshmarai@redhat.com>
Add a null check to prevent NullPointer exception while reading body from the GitHub API response. response.body() should not return null according to the java documentation, but the NullPointer exception was found in the customer debug logs
A user claims that he couldn't start a workspace form GitLab repository because of the raw file location request doesn't contain the ref query parameter. Rework the way of generating the GitLab raw file location function to permanently add the ref query param.
Duplicate the git-credentials secret creation step on create personal access token secret. Currently this step is performed on workspace provision step but in this case the PAT secret might be initialised when the provision is finished. In order to synchronise the personal access token secret and git credentials secret creation step duplicate the git credentials secret creation step after the PAT secret creation step.
Refactor the get(scmServerUrl) function in the KubernetesPersonalAccessTokenManager class
Remove the personalAccessTokenManager.get() call from the OAuth API getToken() method. The OAuth API must not know anything about PAT secrets. It should get tokens only by requesting an SCM provider OAuth API.
Fix validating the Bitbucket-Server PAT method by requesting user instead of requesting.
This prevents the code execution going to a recursive loop: bitbucketServerApiClient.getPersonalAccessToken() calls oauthApi.getToken() which referred to personalAccessTokenManager.getToken() which validated the token by calling scmPersonalAccessTokenFetcher.getScmUsername() -> bitbucketServerApiClient.getPersonalAccessToken().
Do not substring .git while parsing Azure DevOps Urls. Azure doesn't add the .git suffix neither to the generated clone URLs nor to the browser repository URLs.
Change user.getName() to user.getLogin() in the GitHub getTokenScopes() API request, in order to fix a bug where NullPointer exception is appeared when a GitHub user request returns a user with null in the name field.
Ignore the che.eclipse.org/scm-username annotation when fetching token from a PAT secret. Instead fetch the username from the isValid(<token>) request.
Pass string to ObjectMapper instead of InputStream in order to avoid No content to map due to end-of-input error caused by jdk.internal.net.http.ResponseSubscribers$HttpResponseInputStream.
An error was discovered in our customers environment
On workspace start iterate user PAT secrets. If a PAT secret is not included to the devworkspace-merged-git-credentials secret, create a git credentials secret based on the PAT secret.
Remove the redundant logic of creation an empty workspace-credentials-secret secret.
Pass user neme instead of user id when creating a PAT secret for bitbucket-server in order to fix the generation of thegit-credentials-secret secret which requires the user name: https://<user name>:<token>@<host name>.
Change the OAUTH_PROVIDER_NAME constant from bitbucket to bitbucket-server in order to fix the git user data initialisation flow, when a PAT is initialised in a user namespace.
Override the getCredentials() method in the BitbucketUrl class to intercept bitbucket URL with username e.g. https://user@bitbucket.org/eclipse/che. Return empty credentials for such urls.
When Che creates a workspace from a repository URL, first we iterate and find a related git provider handler, then we gat a devfile location according to the handler rules. If we pass an unsupported git repository url we will have a default handler which will try find a devfile by the same url as the repository. In that case we will have an html content as a devfile.
We need to check the content before parsing the devfile, and throw a specific error in case if the content is not yaml.
Mykhailo Kuznietsov