On handling raw devfile urls, request content by the url, and check if the content is a devfile. If yes treat the url as a raw devfile url.
---------
Signed-off-by: ivinokur <ivinokur@redhat.com>
Co-authored-by: Anatolii Bazko <abazko@redhat.com>
- Change the validation API request to get current user request. The /rest/api/1.0/application-properties request is irrelevant as it does not require a token.
- Pass oath token to the getPersonalAccessToken() API request in order to avoid circular getToken() request.
Some SCM providers like BItBucket Server decode the callback url so that cause IllegalArgumentException error. Catch the error and decode the redirect url.
Move AuthorisationRequestManager interface towsmaster/che-core-api-factory module in order to avoid circular dependency.
Rework the get oauth token method to return an oauth token from kubernetes secrets if token is not found in the system memory of the che-server pod. If provider name value is not configured in the kubernetes secret oauth token, get the token by mapping it by provider url from the secret and oauth provider name from the aouth config secret.
Pass status code to Exception on Unauthorised to GitHub Error in order to be able to recognise GitHub Server url if oAuth is not configured and no PAT is present.
Add a common exception message and use it for cases when:
The devfile location is unavailable.
The devfile content is is not valid: e.g the response content is an html content of an scm authorisation page.
Add necessary checks to the GithubURLParser and AbstractGithubURLParser classes in order to support PAT for GitHub Enterprise server without configuring oAuth.
Change the getHostName() function to getProviderUrl() in order to fix an error while updating an oauth token on workspace start.
Throw ScmUnauthorizedException if an oAuth token is not valid, for the dashboard to open the authorisation page and update the token.
If user rejects an scm provider authorisation request while creating or starting existed workspace store the name of the scm provider in the workspace-preferences config-map. The workspace create/start step must proceed without token fetch step. If user creates another workspace or starts existed workspace from an scm provider which name is stored in the config-map, do not ask the authorisation as it was already rejected once.
Encode the &error_code=access_denied query param for the callback url in order to fix the bug when the authentication request appears again if it was rejected.
Return the SSH factory resolver in order to handle SSH urls from unsupported SCM providers.
Add a priority value for all factory resolvers to be able to control resolver's priority.
---------
Co-authored-by: Aleksandr Shmaraiev <oshmarai@redhat.com>
Add a null check to prevent NullPointer exception while reading body from the GitHub API response. response.body() should not return null according to the java documentation, but the NullPointer exception was found in the customer debug logs
A user claims that he couldn't start a workspace form GitLab repository because of the raw file location request doesn't contain the ref query parameter. Rework the way of generating the GitLab raw file location function to permanently add the ref query param.
Duplicate the git-credentials secret creation step on create personal access token secret. Currently this step is performed on workspace provision step but in this case the PAT secret might be initialised when the provision is finished. In order to synchronise the personal access token secret and git credentials secret creation step duplicate the git credentials secret creation step after the PAT secret creation step.
Refactor the get(scmServerUrl) function in the KubernetesPersonalAccessTokenManager class
Mykhailo Kuznietsov