Integrate Plugin Center myCloudogu Authentication (#1884)

Allows scm-manager instances to authenticate with the configured plugin center. If the default plugin center is used, a myCloudogu account is used for authentication which in turn enables downloading special myCloudogu plugins directly through the plugin administration page. Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com> Co-authored-by: Matthias Thieroff <93515444+mthieroff@users.noreply.github.com> Co-authored-by: Philipp Ahrendt <philipp.ahrendt@cloudogu.com>
2026-01-30 03:09:13 +01:00 · 2021-12-13 15:15:57 +01:00
parent c95888d491
commit 6eba01161f
84 changed files with 3147 additions and 289 deletions
--- a/scm-webapp/src/main/java/sonia/scm/security/XsrfExcludes.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/XsrfExcludes.java
@@ -0,0 +1,68 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.security;
+
+import com.google.errorprone.annotations.CanIgnoreReturnValue;
+
+import javax.inject.Singleton;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * XsrfExcludes can be used to define request uris which are excluded from xsrf validation.
+ * @since 2.28.0
+ */
+@Singleton
+public class XsrfExcludes {
+
+  private final Set<String> excludes = new HashSet<>();
+
+  /**
+   * Exclude the given request uri from xsrf validation.
+   * @param requestUri request uri
+   */
+  public void add(String requestUri) {
+    excludes.add(requestUri);
+  }
+
+  /**
+   * Include prior excluded request uri to xsrf validation.
+   * @param requestUri request uri
+   * @return {@code true} is uri was excluded
+   */
+  @CanIgnoreReturnValue
+  public boolean remove(String requestUri) {
+    return excludes.remove(requestUri);
+  }
+
+  /**
+   * Returns {@code true} if the request uri is excluded from xsrf validation.
+   * @param requestUri request uri
+   * @return {@code true} if uri is excluded
+   */
+  public boolean contains(String requestUri) {
+    return excludes.contains(requestUri);
+  }
+}