mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-02-27 00:40:51 +01:00
Remove plugin center authentication
Squash commits of branch feature/remove_plugin_center_auth: - Remove plugin center authentication - Fix i18n file - Fix tests - Changelog entry
This commit is contained in:
Florian Scholdei
@@ -1,193 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2020 - present Cloudogu GmbH
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify it under
|
||||
* the terms of the GNU Affero General Public License as published by the Free
|
||||
* Software Foundation, version 3.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
* details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see https://www.gnu.org/licenses/.
|
||||
*/
|
||||
|
||||
package sonia.scm.plugin;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonProperty;
|
||||
import com.google.common.annotations.VisibleForTesting;
|
||||
import com.google.common.base.Preconditions;
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.errorprone.annotations.CanIgnoreReturnValue;
|
||||
import jakarta.inject.Inject;
|
||||
import jakarta.inject.Singleton;
|
||||
import jakarta.xml.bind.annotation.XmlAccessType;
|
||||
import jakarta.xml.bind.annotation.XmlAccessorType;
|
||||
import jakarta.xml.bind.annotation.XmlRootElement;
|
||||
import jakarta.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Value;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import sonia.scm.config.ScmConfiguration;
|
||||
import sonia.scm.event.ScmEventBus;
|
||||
import sonia.scm.net.ahc.AdvancedHttpClient;
|
||||
import sonia.scm.net.ahc.AdvancedHttpResponse;
|
||||
import sonia.scm.store.ConfigurationStore;
|
||||
import sonia.scm.store.ConfigurationStoreFactory;
|
||||
import sonia.scm.util.HttpUtil;
|
||||
import sonia.scm.xml.XmlEncryptionAdapter;
|
||||
import sonia.scm.xml.XmlInstantAdapter;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.time.Instant;
|
||||
import java.util.Optional;
|
||||
|
||||
import static sonia.scm.plugin.Tracing.SPAN_KIND;
|
||||
|
||||
@Singleton
|
||||
public class PluginCenterAuthenticator {
|
||||
|
||||
private static final Logger LOG = LoggerFactory.getLogger(PluginCenterAuthenticator.class);
|
||||
|
||||
@VisibleForTesting
|
||||
static final String STORE_NAME = "plugin-center-auth";
|
||||
|
||||
private final ConfigurationStore<Authentication> configurationStore;
|
||||
private final ScmConfiguration scmConfiguration;
|
||||
private final AdvancedHttpClient advancedHttpClient;
|
||||
private final ScmEventBus eventBus;
|
||||
|
||||
@Inject
|
||||
public PluginCenterAuthenticator(
|
||||
ConfigurationStoreFactory configurationStore, ScmConfiguration scmConfiguration,
|
||||
AdvancedHttpClient advancedHttpClient, ScmEventBus eventBus
|
||||
) {
|
||||
this.configurationStore = configurationStore.withType(Authentication.class).withName(STORE_NAME).build();
|
||||
this.scmConfiguration = scmConfiguration;
|
||||
this.advancedHttpClient = advancedHttpClient;
|
||||
this.eventBus = eventBus;
|
||||
}
|
||||
|
||||
public void authenticate(String pluginCenterSubject, String refreshToken) {
|
||||
Preconditions.checkArgument(!Strings.isNullOrEmpty(pluginCenterSubject), "pluginCenterSubject is required");
|
||||
Preconditions.checkArgument(!Strings.isNullOrEmpty(refreshToken), "refresh token is required");
|
||||
|
||||
// only a user which is able to manage plugins, can authenticate the plugin center
|
||||
PluginPermissions.write().check();
|
||||
|
||||
// check if refresh token is valid
|
||||
Authentication authentication = new Authentication(
|
||||
principal(), pluginCenterSubject, refreshToken, Instant.now(), false
|
||||
);
|
||||
fetchAccessToken(authentication);
|
||||
eventBus.post(new PluginCenterLoginEvent(authentication));
|
||||
}
|
||||
|
||||
public void logout() {
|
||||
PluginPermissions.write().check();
|
||||
|
||||
getAuthenticationInfo().ifPresent(authenticationInfo -> {
|
||||
eventBus.post(new PluginCenterLogoutEvent(authenticationInfo));
|
||||
configurationStore.delete();
|
||||
});
|
||||
}
|
||||
|
||||
public boolean isAuthenticated() {
|
||||
return getAuthentication().isPresent();
|
||||
}
|
||||
|
||||
public Optional<AuthenticationInfo> getAuthenticationInfo() {
|
||||
PluginPermissions.read().check();
|
||||
return getAuthentication().map(a -> a);
|
||||
}
|
||||
|
||||
public Optional<String> fetchAccessToken() {
|
||||
PluginPermissions.read().check();
|
||||
Authentication authentication = getAuthentication()
|
||||
.orElseThrow(() -> new IllegalStateException("An access token can only be obtained, after a prior authentication"));
|
||||
try {
|
||||
return Optional.of(fetchAccessToken(authentication));
|
||||
} catch (FetchAccessTokenFailedException ex) {
|
||||
LOG.warn("failed to fetch access token", ex);
|
||||
return Optional.empty();
|
||||
}
|
||||
}
|
||||
|
||||
@CanIgnoreReturnValue
|
||||
private String fetchAccessToken(Authentication authentication) {
|
||||
String pluginAuthUrl = scmConfiguration.getPluginAuthUrl();
|
||||
Preconditions.checkState(!Strings.isNullOrEmpty(pluginAuthUrl), "plugin auth url is not configured");
|
||||
|
||||
try {
|
||||
AdvancedHttpResponse response = advancedHttpClient.post(HttpUtil.concatenate(pluginAuthUrl, "refresh"))
|
||||
.spanKind(SPAN_KIND)
|
||||
.jsonContent(new RefreshRequest(authentication.getRefreshToken()))
|
||||
.request();
|
||||
|
||||
if (!response.isSuccessful()) {
|
||||
authenticationFailed(authentication);
|
||||
throw new FetchAccessTokenFailedException("failed to obtain access token, server returned status code " + response.getStatus());
|
||||
}
|
||||
|
||||
RefreshResponse refresh = response.contentFromJson(RefreshResponse.class);
|
||||
|
||||
authentication.setRefreshToken(refresh.getRefreshToken());
|
||||
authentication.setFailed(false);
|
||||
configurationStore.set(authentication);
|
||||
|
||||
return refresh.getAccessToken();
|
||||
} catch (IOException ex) {
|
||||
authenticationFailed(authentication);
|
||||
throw new FetchAccessTokenFailedException("failed to obtain an access token", ex);
|
||||
}
|
||||
}
|
||||
|
||||
private void authenticationFailed(Authentication authentication) {
|
||||
authentication.setFailed(true);
|
||||
configurationStore.set(authentication);
|
||||
eventBus.post(new PluginCenterAuthenticationFailedEvent(authentication));
|
||||
}
|
||||
|
||||
private String principal() {
|
||||
return SecurityUtils.getSubject().getPrincipal().toString();
|
||||
}
|
||||
|
||||
private Optional<Authentication> getAuthentication() {
|
||||
return configurationStore.getOptional();
|
||||
}
|
||||
|
||||
@Data
|
||||
@XmlRootElement
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
@XmlAccessorType(XmlAccessType.FIELD)
|
||||
public static class Authentication implements AuthenticationInfo {
|
||||
private String principal;
|
||||
private String pluginCenterSubject;
|
||||
@XmlJavaTypeAdapter(XmlEncryptionAdapter.class)
|
||||
private String refreshToken;
|
||||
@XmlJavaTypeAdapter(XmlInstantAdapter.class)
|
||||
private Instant date;
|
||||
private boolean failed;
|
||||
}
|
||||
|
||||
@Value
|
||||
public static class RefreshRequest {
|
||||
@JsonProperty("refresh_token")
|
||||
String refreshToken;
|
||||
}
|
||||
|
||||
@Data
|
||||
public static class RefreshResponse {
|
||||
@JsonProperty("access_token")
|
||||
private String accessToken;
|
||||
@JsonProperty("refresh_token")
|
||||
private String refreshToken;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user