Add rest resource for api keys

2026-06-23 21:31:08 +02:00 · 2020-09-29 11:08:36 +02:00
parent 4129f55f27
commit 905fc4158a
18 changed files with 401 additions and 38 deletions
--- a/scm-webapp/src/main/java/sonia/scm/security/ApiKeyService.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/ApiKeyService.java
@@ -44,30 +44,32 @@ import static java.util.stream.Collectors.toList;
 import static org.apache.commons.lang.RandomStringUtils.random;
 import static sonia.scm.AlreadyExistsException.alreadyExists;

-class ApiKeyService {
+public class ApiKeyService {

  public static final int KEY_LENGTH = 20;

  private final ConfigurationEntryStore<ApiKeyCollection> store;
  private final PasswordService passwordService;
-  private final Supplier<String> keyGenerator;
+  private final KeyGenerator keyGenerator;
+  private final Supplier<String> passphraseGenerator;

  private final Striped<ReadWriteLock> locks = Striped.readWriteLock(10);

  @Inject
-  ApiKeyService(ConfigurationEntryStoreFactory storeFactory, PasswordService passwordService) {
-    this(storeFactory, passwordService, () -> random(KEY_LENGTH, 0, 0, true, true, null, new SecureRandom()));
+  ApiKeyService(ConfigurationEntryStoreFactory storeFactory, KeyGenerator keyGenerator, PasswordService passwordService) {
+    this(storeFactory, passwordService, keyGenerator, () -> random(KEY_LENGTH, 0, 0, true, true, null, new SecureRandom()));
  }

-  ApiKeyService(ConfigurationEntryStoreFactory storeFactory, PasswordService passwordService, Supplier<String> keyGenerator) {
+  ApiKeyService(ConfigurationEntryStoreFactory storeFactory, PasswordService passwordService, KeyGenerator keyGenerator, Supplier<String> passphraseGenerator) {
    this.store = storeFactory.withType(ApiKeyCollection.class).withName("apiKeys").build();
    this.passwordService = passwordService;
    this.keyGenerator = keyGenerator;
+    this.passphraseGenerator = passphraseGenerator;
  }

-  String createNewKey(String name, String role) {
+  public String createNewKey(String name, String role) {
    String user = currentUser();
-    String passphrase = keyGenerator.get();
+    String passphrase = passphraseGenerator.get();
    String hashedPassphrase = passwordService.encryptPassword(passphrase);
    Lock lock = locks.get(user).writeLock();
    lock.lock();
@@ -76,7 +78,7 @@ class ApiKeyService {
        throw alreadyExists(ContextEntry.ContextBuilder.entity(ApiKeyWithPassphrase.class, name));
      }
      final ApiKeyCollection apiKeyCollection = store.getOptional(user).orElse(new ApiKeyCollection(emptyList()));
-      final ApiKeyCollection newApiKeyCollection = apiKeyCollection.add(new ApiKeyWithPassphrase(name, role, hashedPassphrase));
+      final ApiKeyCollection newApiKeyCollection = apiKeyCollection.add(new ApiKeyWithPassphrase(keyGenerator.createKey(), name, role, hashedPassphrase));
      store.put(user, newApiKeyCollection);
    } finally {
      lock.unlock();
@@ -84,17 +86,17 @@ class ApiKeyService {
    return passphrase;
  }

-  void remove(String name) {
+  public void remove(String id) {
    String user = currentUser();
    Lock lock = locks.get(user).writeLock();
    lock.lock();
    try {
-      if (!containsName(user, name)) {
+      if (!containsId(user, id)) {
        return;
      }
      store.getOptional(user).ifPresent(
        apiKeyCollection -> {
-          final ApiKeyCollection newApiKeyCollection = apiKeyCollection.remove(apiKeyWithPassphrase -> name.equals(apiKeyWithPassphrase.getName()));
+          final ApiKeyCollection newApiKeyCollection = apiKeyCollection.remove(key -> id.equals(key.getId()));
          store.put(user, newApiKeyCollection);
        }
      );
@@ -103,7 +105,7 @@ class ApiKeyService {
    }
  }

-  Optional<String> check(String user, String keyName, String passphrase) {
+  Optional<String> check(String user, String id, String passphrase) {
    Lock lock = locks.get(user).readLock();
    lock.lock();
    try {
@@ -111,7 +113,7 @@ class ApiKeyService {
        .get(user)
        .getKeys()
        .stream()
-        .filter(key -> key.getName().equals(keyName))
+        .filter(key -> key.getId().equals(id))
        .filter(key -> passwordService.passwordsMatch(passphrase, key.getPassphrase()))
        .map(ApiKeyWithPassphrase::getRole)
        .findAny();
@@ -120,7 +122,7 @@ class ApiKeyService {
    }
  }

-  Collection<ApiKey> getKeys() {
+  public Collection<ApiKey> getKeys() {
    return store.get(currentUser()).getKeys().stream().map(ApiKey::new).collect(toList());
  }

@@ -128,12 +130,21 @@ class ApiKeyService {
    return ThreadContext.getSubject().getPrincipals().getPrimaryPrincipal().toString();
  }

+  private boolean containsId(String user, String id) {
+    return store
+      .getOptional(user)
+      .map(ApiKeyCollection::getKeys)
+      .orElse(emptyList())
+      .stream()
+      .anyMatch(key -> key.getId().equals(id));
+  }
+
  private boolean containsName(String user, String name) {
    return store
      .getOptional(user)
      .map(ApiKeyCollection::getKeys)
      .orElse(emptyList())
      .stream()
-      .anyMatch(key -> key.getName().equals(name));
+      .anyMatch(key -> key.getDisplayName().equals(name));
  }
 }