From 6217a757e338d090bf5cd62b47371764a4bd78af Mon Sep 17 00:00:00 2001 From: Rene Pfeuffer Date: Thu, 13 Feb 2020 09:16:29 +0100 Subject: [PATCH 1/7] Add xsrf token to hg callbacks --- scm-plugins/scm-hg-plugin/pom.xml | 13 ++++++ .../sonia/scm/repository/HgEnvironment.java | 20 +++++++- .../sonia/scm/repository/HgHookManager.java | 4 +- .../resources/sonia/scm/python/scmhooks.py | 4 +- .../scm/repository/HgEnvironmentTest.java | 46 +++++++++++++++++++ 5 files changed, 83 insertions(+), 4 deletions(-) create mode 100644 scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgEnvironmentTest.java diff --git a/scm-plugins/scm-hg-plugin/pom.xml b/scm-plugins/scm-hg-plugin/pom.xml index e57652bf0f..2dfd89c8fb 100644 --- a/scm-plugins/scm-hg-plugin/pom.xml +++ b/scm-plugins/scm-hg-plugin/pom.xml @@ -27,6 +27,19 @@ + + + io.jsonwebtoken + jjwt-impl + 0.10.5 + provided + + + io.jsonwebtoken + jjwt-jackson + 0.10.5 + test + diff --git a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgEnvironment.java b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgEnvironment.java index 1d227fb54e..085e1516eb 100644 --- a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgEnvironment.java +++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgEnvironment.java @@ -36,8 +36,11 @@ package sonia.scm.repository; //~--- non-JDK imports -------------------------------------------------------- import com.google.inject.ProvisionException; +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.Jwts; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import sonia.scm.security.CipherUtil; import sonia.scm.web.HgUtil; import javax.servlet.http.HttpServletRequest; @@ -65,6 +68,8 @@ public final class HgEnvironment private static final String SCM_BEARER_TOKEN = "SCM_BEARER_TOKEN"; + private static final String SCM_XSRF = "SCM_XSRF"; + //~--- constructors --------------------------------------------------------- /** @@ -115,7 +120,8 @@ public final class HgEnvironment try { String credentials = hookManager.getCredentials(); - environment.put(SCM_BEARER_TOKEN, credentials); + environment.put(SCM_BEARER_TOKEN, CipherUtil.getInstance().encode(credentials)); + extractXsrfKey(environment, credentials); } catch (ProvisionException e) { LOG.debug("could not create bearer token; looks like currently we are not in a request; probably you can ignore the following exception:", e); } @@ -123,4 +129,16 @@ public final class HgEnvironment environment.put(ENV_URL, hookUrl); environment.put(ENV_CHALLENGE, hookManager.getChallenge()); } + + private static void extractXsrfKey(Map environment, String credentials) { + // we need to remove the signature, because we cannot access the key and otherwise the parser would fail + String[] tokenParts = credentials.split("\\."); + String tokenWithoutSignature = tokenParts[0] + "." + tokenParts[1] + "."; + Claims claims = (Claims) Jwts.parser().parse(tokenWithoutSignature).getBody(); + + Object xsrf = claims.get("xsrf"); + if (xsrf != null) { + environment.put(SCM_XSRF, xsrf.toString()); + } + } } diff --git a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgHookManager.java b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgHookManager.java index 6815bdad96..9784f3d49d 100644 --- a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgHookManager.java +++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgHookManager.java @@ -200,7 +200,7 @@ public class HgHookManager { AccessToken accessToken = accessTokenBuilderFactory.create().build(); - return CipherUtil.getInstance().encode(accessToken.compact()); + return accessToken.compact(); } //~--- methods -------------------------------------------------------------- @@ -279,7 +279,7 @@ public class HgHookManager //J- return HttpUtil.getUriWithoutEndSeperator( MoreObjects.firstNonNull( - configuration.getBaseUrl(), + configuration.getBaseUrl(), "http://localhost:8080/scm" ) ).concat("/hook/hg/"); diff --git a/scm-plugins/scm-hg-plugin/src/main/resources/sonia/scm/python/scmhooks.py b/scm-plugins/scm-hg-plugin/src/main/resources/sonia/scm/python/scmhooks.py index 637aa16331..ca8d7736a7 100644 --- a/scm-plugins/scm-hg-plugin/src/main/resources/sonia/scm/python/scmhooks.py +++ b/scm-plugins/scm-hg-plugin/src/main/resources/sonia/scm/python/scmhooks.py @@ -41,6 +41,7 @@ import os, urllib, urllib2 baseUrl = os.environ['SCM_URL'] challenge = os.environ['SCM_CHALLENGE'] token = os.environ['SCM_BEARER_TOKEN'] +xsrf = os.environ['SCM_XSRF'] repositoryId = os.environ['SCM_REPOSITORY_ID'] def printMessages(ui, msgs): @@ -59,6 +60,7 @@ def callHookUrl(ui, repo, hooktype, node): proxy_handler = urllib2.ProxyHandler({}) opener = urllib2.build_opener(proxy_handler) req = urllib2.Request(url, data) + req.add_header("X-XSRF-Token", xsrf) conn = opener.open(req) if 200 <= conn.code < 300: ui.debug( "scm-hook " + hooktype + " success with status code " + str(conn.code) + "\n" ) @@ -101,7 +103,7 @@ def preHook(ui, repo, hooktype, node=None, source=None, pending=None, **kwargs): # older mercurial versions if pending != None: pending() - + # newer mercurial version # we have to make in-memory changes visible to external process # this does not happen automatically, because mercurial treat our hooks as internal hooks diff --git a/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgEnvironmentTest.java b/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgEnvironmentTest.java new file mode 100644 index 0000000000..2d4468122a --- /dev/null +++ b/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgEnvironmentTest.java @@ -0,0 +1,46 @@ +package sonia.scm.repository; + + +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Mock; +import org.mockito.junit.jupiter.MockitoExtension; + +import java.util.HashMap; +import java.util.Map; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.entry; +import static org.mockito.Mockito.when; + +@ExtendWith(MockitoExtension.class) +class HgEnvironmentTest { + + private static final String CREDENTIALS_WITH_XSRF = "eyJhbGciOiJIUzI1NiJ9.eyJ4c3JmIjoiZjlhMWRiNzQtM2UwNS00YTMwLTlkODMtNjZmNWQ1MDc3Y2FjIiwic3ViIjoic2NtYWRtaW4iLCJqdGkiOiI2d1JxTWpyelYxSCIsImlhdCI6MTU4MTU4MTI3OSwiZXhwIjoxNTgxNTg0ODc5LCJzY20tbWFuYWdlci5yZWZyZXNoRXhwaXJhdGlvbiI6MTU4MTYyNDQ3OTczMCwic2NtLW1hbmFnZXIucGFyZW50VG9rZW5JZCI6IjZ3UnFNanJ6VjFIIn0.O5MADk9scaHgYNPDFh7Nd9R2rMZyDuMs7LuC4OSA3jA"; + private static final String CREDENTIALS_WITHOUT_XSRF = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzY21hZG1pbiIsImp0aSI6IjdvUnFNbERrRTFOIiwiaWF0IjoxNTgxNTgxNjAxLCJleHAiOjE1ODE1ODUyMDEsInNjbS1tYW5hZ2VyLnJlZnJlc2hFeHBpcmF0aW9uIjoxNTgxNjI0ODAxNjc5LCJzY20tbWFuYWdlci5wYXJlbnRUb2tlbklkIjoiN29ScU1sRGtFMU4ifQ.KaTPjT09xtIEZDBOM28pSgyYSEtVZ37gcyTp1_3sTGA"; + + @Mock + HgRepositoryHandler handler; + @Mock + HgHookManager hookManager; + + @Test + void shouldExtractXsrfTokenWhenSet() { + when(hookManager.getCredentials()).thenReturn(CREDENTIALS_WITH_XSRF); + + Map environment = new HashMap<>(); + HgEnvironment.prepareEnvironment(environment, handler, hookManager); + + assertThat(environment).contains(entry("SCM_XSRF", "f9a1db74-3e05-4a30-9d83-66f5d5077cac")); + } + + @Test + void shouldIgnoreXsrfWhenNotSet() { + when(hookManager.getCredentials()).thenReturn(CREDENTIALS_WITHOUT_XSRF); + + Map environment = new HashMap<>(); + HgEnvironment.prepareEnvironment(environment, handler, hookManager); + + assertThat(environment).doesNotContainKeys("SCM_XSRF"); + } +} From 1ebad2f0802a440271fbb85997b1e78eb7ccb9f7 Mon Sep 17 00:00:00 2001 From: Rene Pfeuffer Date: Thu, 13 Feb 2020 09:20:26 +0100 Subject: [PATCH 2/7] Log change --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a4f080c9e0..ebfa5b64f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Upgrade [Mockito](https://site.mockito.org/) to version 2.28.2 in order to fix tests on Java versions > 8 - Upgrade smp-maven-plugin to version 1.0.0-rc3 +### Fixed +- Modification for mercurial repositories with enabled XSRF protection + ## 2.0.0-rc3 - 2020-01-31 ### Fixed - Broken plugin order fixed From c4dee747e32303f41961b2f8f70e636e503ca318 Mon Sep 17 00:00:00 2001 From: Rene Pfeuffer Date: Thu, 13 Feb 2020 10:34:40 +0100 Subject: [PATCH 3/7] Put default for xsrf environment key Otherwise the python script scmhooks.py fails, because the environment access with a missing key raises an error. --- .../src/main/java/sonia/scm/repository/HgEnvironment.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgEnvironment.java b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgEnvironment.java index 085e1516eb..1bcbcc321a 100644 --- a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgEnvironment.java +++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgEnvironment.java @@ -139,6 +139,8 @@ public final class HgEnvironment Object xsrf = claims.get("xsrf"); if (xsrf != null) { environment.put(SCM_XSRF, xsrf.toString()); + } else { + environment.put(SCM_XSRF, "-"); } } } From defad2af5bbc54f283e363a0ca7f1a625c931fc0 Mon Sep 17 00:00:00 2001 From: Rene Pfeuffer Date: Thu, 13 Feb 2020 11:27:25 +0100 Subject: [PATCH 4/7] Remove token expiration from test --- .../java/sonia/scm/repository/HgEnvironmentTest.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgEnvironmentTest.java b/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgEnvironmentTest.java index 2d4468122a..678a1f70c5 100644 --- a/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgEnvironmentTest.java +++ b/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgEnvironmentTest.java @@ -16,8 +16,8 @@ import static org.mockito.Mockito.when; @ExtendWith(MockitoExtension.class) class HgEnvironmentTest { - private static final String CREDENTIALS_WITH_XSRF = "eyJhbGciOiJIUzI1NiJ9.eyJ4c3JmIjoiZjlhMWRiNzQtM2UwNS00YTMwLTlkODMtNjZmNWQ1MDc3Y2FjIiwic3ViIjoic2NtYWRtaW4iLCJqdGkiOiI2d1JxTWpyelYxSCIsImlhdCI6MTU4MTU4MTI3OSwiZXhwIjoxNTgxNTg0ODc5LCJzY20tbWFuYWdlci5yZWZyZXNoRXhwaXJhdGlvbiI6MTU4MTYyNDQ3OTczMCwic2NtLW1hbmFnZXIucGFyZW50VG9rZW5JZCI6IjZ3UnFNanJ6VjFIIn0.O5MADk9scaHgYNPDFh7Nd9R2rMZyDuMs7LuC4OSA3jA"; - private static final String CREDENTIALS_WITHOUT_XSRF = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzY21hZG1pbiIsImp0aSI6IjdvUnFNbERrRTFOIiwiaWF0IjoxNTgxNTgxNjAxLCJleHAiOjE1ODE1ODUyMDEsInNjbS1tYW5hZ2VyLnJlZnJlc2hFeHBpcmF0aW9uIjoxNTgxNjI0ODAxNjc5LCJzY20tbWFuYWdlci5wYXJlbnRUb2tlbklkIjoiN29ScU1sRGtFMU4ifQ.KaTPjT09xtIEZDBOM28pSgyYSEtVZ37gcyTp1_3sTGA"; + private static final String CREDENTIALS_WITH_XSRF = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkZW50Iiwic2NtLW1hbmFnZXIucGFyZW50VG9rZW5JZCI6IkFCQyIsInhzcmYiOiJYU1JGIFRva2VuIiwiaWF0IjoxNTgxNTg3MzUzLCJqdGkiOiJFV1JxTjlNMTQ5In0.jgsIoE_2TnTEwbuaqQp8XyKpId5qlYURmYamf9m_08w"; + private static final String CREDENTIALS_WITHOUT_XSRF = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkZW50Iiwic2NtLW1hbmFnZXIucGFyZW50VG9rZW5JZCI6IkFCQyIsImlhdCI6MTU4MTU4NzM1MywianRpIjoiRVdScU45TTE0OSJ9.VdMz5-NpREiIvLEw9JVJNEUnoY0am0j1lZ0kisblayk"; @Mock HgRepositoryHandler handler; @@ -31,16 +31,16 @@ class HgEnvironmentTest { Map environment = new HashMap<>(); HgEnvironment.prepareEnvironment(environment, handler, hookManager); - assertThat(environment).contains(entry("SCM_XSRF", "f9a1db74-3e05-4a30-9d83-66f5d5077cac")); + assertThat(environment).contains(entry("SCM_XSRF", "XSRF Token")); } @Test - void shouldIgnoreXsrfWhenNotSet() { + void shouldIgnoreXsrfWhenNotSetButStillContainDummy() { when(hookManager.getCredentials()).thenReturn(CREDENTIALS_WITHOUT_XSRF); Map environment = new HashMap<>(); HgEnvironment.prepareEnvironment(environment, handler, hookManager); - assertThat(environment).doesNotContainKeys("SCM_XSRF"); + assertThat(environment).containsKeys("SCM_XSRF"); } } From 97cc0e7b9c96a96ebe648c50e9b60ab49f04aa13 Mon Sep 17 00:00:00 2001 From: Rene Pfeuffer Date: Mon, 17 Feb 2020 11:08:08 +0100 Subject: [PATCH 5/7] Use access key directly, not the jwt token --- .../main/java/sonia/scm/security/Xsrf.java | 10 ++++---- .../sonia/scm/repository/HgEnvironment.java | 24 ++++++------------- .../sonia/scm/repository/HgHookManager.java | 7 ++---- .../scm/repository/HgEnvironmentTest.java | 18 ++++++++++---- .../java/sonia/scm/repository/HgTestUtil.java | 6 +++-- 5 files changed, 31 insertions(+), 34 deletions(-) rename {scm-webapp => scm-core}/src/main/java/sonia/scm/security/Xsrf.java (94%) diff --git a/scm-webapp/src/main/java/sonia/scm/security/Xsrf.java b/scm-core/src/main/java/sonia/scm/security/Xsrf.java similarity index 94% rename from scm-webapp/src/main/java/sonia/scm/security/Xsrf.java rename to scm-core/src/main/java/sonia/scm/security/Xsrf.java index f9ee8a0872..83e83c80b4 100644 --- a/scm-webapp/src/main/java/sonia/scm/security/Xsrf.java +++ b/scm-core/src/main/java/sonia/scm/security/Xsrf.java @@ -32,15 +32,15 @@ package sonia.scm.security; /** * Shared constants for Xsrf related classes. - * + * * @author Sebastian Sdorra * @since 2.0.0 */ public final class Xsrf { - - static final String HEADER_KEY = "X-XSRF-Token"; - - static final String TOKEN_KEY = "xsrf"; + + public static final String HEADER_KEY = "X-XSRF-Token"; + + public static final String TOKEN_KEY = "xsrf"; private Xsrf() { } diff --git a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgEnvironment.java b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgEnvironment.java index 1bcbcc321a..a9328c1129 100644 --- a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgEnvironment.java +++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgEnvironment.java @@ -36,11 +36,11 @@ package sonia.scm.repository; //~--- non-JDK imports -------------------------------------------------------- import com.google.inject.ProvisionException; -import io.jsonwebtoken.Claims; -import io.jsonwebtoken.Jwts; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import sonia.scm.security.AccessToken; import sonia.scm.security.CipherUtil; +import sonia.scm.security.Xsrf; import sonia.scm.web.HgUtil; import javax.servlet.http.HttpServletRequest; @@ -119,9 +119,9 @@ public final class HgEnvironment } try { - String credentials = hookManager.getCredentials(); - environment.put(SCM_BEARER_TOKEN, CipherUtil.getInstance().encode(credentials)); - extractXsrfKey(environment, credentials); + AccessToken accessToken = hookManager.getAccessToken(); + environment.put(SCM_BEARER_TOKEN, CipherUtil.getInstance().encode(accessToken.compact())); + extractXsrfKey(environment, accessToken); } catch (ProvisionException e) { LOG.debug("could not create bearer token; looks like currently we are not in a request; probably you can ignore the following exception:", e); } @@ -130,17 +130,7 @@ public final class HgEnvironment environment.put(ENV_CHALLENGE, hookManager.getChallenge()); } - private static void extractXsrfKey(Map environment, String credentials) { - // we need to remove the signature, because we cannot access the key and otherwise the parser would fail - String[] tokenParts = credentials.split("\\."); - String tokenWithoutSignature = tokenParts[0] + "." + tokenParts[1] + "."; - Claims claims = (Claims) Jwts.parser().parse(tokenWithoutSignature).getBody(); - - Object xsrf = claims.get("xsrf"); - if (xsrf != null) { - environment.put(SCM_XSRF, xsrf.toString()); - } else { - environment.put(SCM_XSRF, "-"); - } + private static void extractXsrfKey(Map environment, AccessToken accessToken) { + environment.put(SCM_XSRF, accessToken.getCustom(Xsrf.TOKEN_KEY).orElse("-")); } } diff --git a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgHookManager.java b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgHookManager.java index 9784f3d49d..314bd85b57 100644 --- a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgHookManager.java +++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgHookManager.java @@ -49,7 +49,6 @@ import sonia.scm.config.ScmConfigurationChangedEvent; import sonia.scm.net.ahc.AdvancedHttpClient; import sonia.scm.security.AccessToken; import sonia.scm.security.AccessTokenBuilderFactory; -import sonia.scm.security.CipherUtil; import sonia.scm.util.HttpUtil; import sonia.scm.util.Util; @@ -196,11 +195,9 @@ public class HgHookManager return this.challenge.equals(challenge); } - public String getCredentials() + public AccessToken getAccessToken() { - AccessToken accessToken = accessTokenBuilderFactory.create().build(); - - return accessToken.compact(); + return accessTokenBuilderFactory.create().build(); } //~--- methods -------------------------------------------------------------- diff --git a/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgEnvironmentTest.java b/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgEnvironmentTest.java index 678a1f70c5..2718e0b899 100644 --- a/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgEnvironmentTest.java +++ b/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgEnvironmentTest.java @@ -5,20 +5,22 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; +import sonia.scm.security.AccessToken; +import sonia.scm.security.Xsrf; import java.util.HashMap; import java.util.Map; +import static java.util.Optional.empty; +import static java.util.Optional.of; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.entry; +import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @ExtendWith(MockitoExtension.class) class HgEnvironmentTest { - private static final String CREDENTIALS_WITH_XSRF = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkZW50Iiwic2NtLW1hbmFnZXIucGFyZW50VG9rZW5JZCI6IkFCQyIsInhzcmYiOiJYU1JGIFRva2VuIiwiaWF0IjoxNTgxNTg3MzUzLCJqdGkiOiJFV1JxTjlNMTQ5In0.jgsIoE_2TnTEwbuaqQp8XyKpId5qlYURmYamf9m_08w"; - private static final String CREDENTIALS_WITHOUT_XSRF = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkZW50Iiwic2NtLW1hbmFnZXIucGFyZW50VG9rZW5JZCI6IkFCQyIsImlhdCI6MTU4MTU4NzM1MywianRpIjoiRVdScU45TTE0OSJ9.VdMz5-NpREiIvLEw9JVJNEUnoY0am0j1lZ0kisblayk"; - @Mock HgRepositoryHandler handler; @Mock @@ -26,7 +28,10 @@ class HgEnvironmentTest { @Test void shouldExtractXsrfTokenWhenSet() { - when(hookManager.getCredentials()).thenReturn(CREDENTIALS_WITH_XSRF); + AccessToken accessToken = mock(AccessToken.class); + when(accessToken.compact()).thenReturn(""); + when(accessToken.getCustom(Xsrf.TOKEN_KEY)).thenReturn(of("XSRF Token")); + when(hookManager.getAccessToken()).thenReturn(accessToken); Map environment = new HashMap<>(); HgEnvironment.prepareEnvironment(environment, handler, hookManager); @@ -36,7 +41,10 @@ class HgEnvironmentTest { @Test void shouldIgnoreXsrfWhenNotSetButStillContainDummy() { - when(hookManager.getCredentials()).thenReturn(CREDENTIALS_WITHOUT_XSRF); + AccessToken accessToken = mock(AccessToken.class); + when(accessToken.compact()).thenReturn(""); + when(accessToken.getCustom(Xsrf.TOKEN_KEY)).thenReturn(empty()); + when(hookManager.getAccessToken()).thenReturn(accessToken); Map environment = new HashMap<>(); HgEnvironment.prepareEnvironment(environment, handler, hookManager); diff --git a/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgTestUtil.java b/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgTestUtil.java index ee5117b276..a5be01465f 100644 --- a/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgTestUtil.java +++ b/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/HgTestUtil.java @@ -38,6 +38,7 @@ package sonia.scm.repository; import org.junit.Assume; import sonia.scm.SCMContext; import sonia.scm.TempDirRepositoryLocationResolver; +import sonia.scm.security.AccessToken; import sonia.scm.store.InMemoryConfigurationStoreFactory; import javax.servlet.http.HttpServletRequest; @@ -107,7 +108,6 @@ public final class HgTestUtil RepositoryLocationResolver repositoryLocationResolver = new TempDirRepositoryLocationResolver(directory); HgRepositoryHandler handler = new HgRepositoryHandler(new InMemoryConfigurationStoreFactory(), new HgContextProvider(), repositoryLocationResolver, null, null); - Path repoDir = directory.toPath(); handler.init(context); return handler; @@ -128,7 +128,9 @@ public final class HgTestUtil "http://localhost:8081/scm/hook/hg/"); when(hookManager.createUrl(any(HttpServletRequest.class))).thenReturn( "http://localhost:8081/scm/hook/hg/"); - when(hookManager.getCredentials()).thenReturn(""); + AccessToken accessToken = mock(AccessToken.class); + when(accessToken.compact()).thenReturn(""); + when(hookManager.getAccessToken()).thenReturn(accessToken); return hookManager; } From e53629e1525e4a9d977ccdcd3693b4a9cf078fbc Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Tue, 18 Feb 2020 14:40:43 +0100 Subject: [PATCH 6/7] remove jwt libraries from scm-hg-plugin --- scm-plugins/scm-hg-plugin/pom.xml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/scm-plugins/scm-hg-plugin/pom.xml b/scm-plugins/scm-hg-plugin/pom.xml index 2dfd89c8fb..c89d7a085d 100644 --- a/scm-plugins/scm-hg-plugin/pom.xml +++ b/scm-plugins/scm-hg-plugin/pom.xml @@ -28,18 +28,6 @@ - - io.jsonwebtoken - jjwt-impl - 0.10.5 - provided - - - io.jsonwebtoken - jjwt-jackson - 0.10.5 - test - From d8249609208e3521ce59cc1c1c83308c4387ae03 Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Tue, 18 Feb 2020 13:42:31 +0000 Subject: [PATCH 7/7] Close branch bugfix/hg_edit_with_xsrf