Merged in feature/changes-for-cas-plugin (pull request #135)

Changes for cas plugin
2025-11-13 08:55:44 +01:00 · 2018-12-18 14:57:00 +00:00
parent 480801d3b0 3bb8546388
commit 53eab1dc4b
13 changed files with 220 additions and 12 deletions
--- a/scm-core/src/main/java/sonia/scm/security/AccessToken.java
+++ b/scm-core/src/main/java/sonia/scm/security/AccessToken.java
@@ -80,8 +80,20 @@ public interface AccessToken {
   */
  Date getExpiration();

+  /**
+   * Returns refresh expiration of token.
+   *
+   * @return refresh expiration
+   */
  Optional<Date> getRefreshExpiration();

+  /**
+   * Returns id of the parent key.
+   *
+   * @return parent key id
+   */
+  Optional<String> getParentKey();
+
  /**
   * Returns the scope of the token. The scope is able to reduce the permissions of the subject in the context of this
   * token. For example we could issue a token which can only be used to read a single repository. for more informations
--- a/scm-core/src/main/java/sonia/scm/security/AccessTokenCookieIssuer.java
+++ b/scm-core/src/main/java/sonia/scm/security/AccessTokenCookieIssuer.java
@@ -0,0 +1,30 @@
+package sonia.scm.security;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Generates cookies and invalidates access token cookies.
+ *
+ * @author Sebastian Sdorra
+ * @since 2.0.0
+ */
+public interface AccessTokenCookieIssuer {
+
+  /**
+   * Creates a cookie for token authentication and attaches it to the response.
+   *
+   * @param request http servlet request
+   * @param response http servlet response
+   * @param accessToken access token
+   */
+  void authenticate(HttpServletRequest request, HttpServletResponse response, AccessToken accessToken);
+  /**
+   * Invalidates the authentication cookie.
+   *
+   * @param request http servlet request
+   * @param response http servlet response
+   */
+  void invalidate(HttpServletRequest request, HttpServletResponse response);
+
+}
--- a/scm-core/src/main/java/sonia/scm/security/DefaultCipherHandler.java
+++ b/scm-core/src/main/java/sonia/scm/security/DefaultCipherHandler.java
@@ -164,7 +164,7 @@ public class DefaultCipherHandler implements CipherHandler {
    String result = null;

    try {
-      byte[] encodedInput = Base64.getDecoder().decode(value);
+      byte[] encodedInput = Base64.getUrlDecoder().decode(value);
      byte[] salt = new byte[SALT_LENGTH];
      byte[] encoded = new byte[encodedInput.length - SALT_LENGTH];

@@ -221,7 +221,7 @@ public class DefaultCipherHandler implements CipherHandler {
      System.arraycopy(salt, 0, result, 0, SALT_LENGTH);
      System.arraycopy(encodedInput, 0, result, SALT_LENGTH,
        result.length - SALT_LENGTH);
-      res = new String(Base64.getEncoder().encode(result), ENCODING);
+      res = new String(Base64.getUrlEncoder().encode(result), ENCODING);
    } catch (IOException | GeneralSecurityException ex) {
      throw new CipherException("could not encode string", ex);
    }
--- a/scm-core/src/main/java/sonia/scm/xml/XmlInstantAdapter.java
+++ b/scm-core/src/main/java/sonia/scm/xml/XmlInstantAdapter.java
@@ -0,0 +1,25 @@
+package sonia.scm.xml;
+
+import javax.xml.bind.annotation.adapters.XmlAdapter;
+import java.time.Instant;
+import java.time.format.DateTimeFormatter;
+import java.time.temporal.TemporalAccessor;
+
+/**
+ * JAXB adapter for {@link Instant} objects.
+ *
+ * @since 2.0.0
+ */
+public class XmlInstantAdapter extends XmlAdapter<String, Instant> {
+
+  @Override
+  public String marshal(Instant instant) {
+    return DateTimeFormatter.ISO_INSTANT.format(instant);
+  }
+
+  @Override
+  public Instant unmarshal(String text) {
+    TemporalAccessor parsed = DateTimeFormatter.ISO_INSTANT.parse(text);
+    return Instant.from(parsed);
+  }
+}
--- a/scm-core/src/test/java/sonia/scm/xml/XmlInstantAdapterTest.java
+++ b/scm-core/src/test/java/sonia/scm/xml/XmlInstantAdapterTest.java
@@ -0,0 +1,47 @@
+package sonia.scm.xml;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.junitpioneer.jupiter.TempDirectory;
+
+import javax.xml.bind.JAXB;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import java.nio.file.Path;
+import java.time.Instant;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+@ExtendWith(TempDirectory.class)
+class XmlInstantAdapterTest {
+
+  @Test
+  void shouldMarshalAndUnmarshalInstant(@TempDirectory.TempDir Path tempDirectory) {
+    Path path = tempDirectory.resolve("instant.xml");
+
+    Instant instant = Instant.now();
+    InstantObject object = new InstantObject(instant);
+    JAXB.marshal(object, path.toFile());
+
+    InstantObject unmarshaled = JAXB.unmarshal(path.toFile(), InstantObject.class);
+    assertEquals(instant, unmarshaled.instant);
+  }
+
+  @XmlRootElement(name = "instant-object")
+  @XmlAccessorType(XmlAccessType.FIELD)
+  public static class InstantObject {
+
+    @XmlJavaTypeAdapter(XmlInstantAdapter.class)
+    private Instant instant;
+
+    public InstantObject() {
+    }
+
+    InstantObject(Instant instant) {
+      this.instant = instant;
+    }
+  }
+
+}