Integrate Plugin Center myCloudogu Authentication (#1884)

Allows scm-manager instances to authenticate with the configured plugin center. If the default plugin center is used, a myCloudogu account is used for authentication which in turn enables downloading special myCloudogu plugins directly through the plugin administration page. Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com> Co-authored-by: Matthias Thieroff <93515444+mthieroff@users.noreply.github.com> Co-authored-by: Philipp Ahrendt <philipp.ahrendt@cloudogu.com>
2025-11-04 20:45:52 +01:00 · 2021-12-13 15:15:57 +01:00
parent c95888d491
commit 6eba01161f
84 changed files with 3147 additions and 289 deletions
--- a/scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java
+++ b/scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java
@@ -69,6 +69,13 @@ public class ScmConfiguration implements Configuration {
  public static final String DEFAULT_PLUGINURL =
    "https://plugin-center-api.scm-manager.org/api/v1/plugins/{version}?os={os}&arch={arch}&jre={jre}";

+  /**
+   * Default url for plugin center authentication.
+   * @since 2.28.0
+   */
+  public static final String DEFAULT_PLUGIN_AUTH_URL =
+    "https://plugin-center-api.scm-manager.org/api/v1/auth/oidc";
+
  /**
   * SCM Manager release feed url
   */
@@ -154,6 +161,9 @@ public class ScmConfiguration implements Configuration {
  @XmlElement(name = "plugin-url")
  private String pluginUrl = DEFAULT_PLUGINURL;

+  @XmlElement(name = "plugin-auth-url")
+  private String pluginAuthUrl = DEFAULT_PLUGIN_AUTH_URL;
+
  @XmlElement(name = "release-feed-url")
  private String releaseFeedUrl = DEFAULT_RELEASE_FEED_URL;

@@ -163,7 +173,7 @@ public class ScmConfiguration implements Configuration {
   * @since 1.34
   */
  @XmlElement(name = "login-attempt-limit-timeout")
-  private long loginAttemptLimitTimeout = TimeUnit.MINUTES.toSeconds(5l);
+  private long loginAttemptLimitTimeout = TimeUnit.MINUTES.toSeconds(5L);


  private boolean enableProxy = false;
@@ -243,6 +253,7 @@ public class ScmConfiguration implements Configuration {
    this.realmDescription = other.realmDescription;
    this.dateFormat = other.dateFormat;
    this.pluginUrl = other.pluginUrl;
+    this.pluginAuthUrl = other.pluginAuthUrl;
    this.anonymousMode = other.anonymousMode;
    this.enableProxy = other.enableProxy;
    this.proxyPort = other.proxyPort;
@@ -319,6 +330,24 @@ public class ScmConfiguration implements Configuration {
    return pluginUrl;
  }

+  /**
+   * Returns the url which is used for plugin center authentication.
+   * @return authentication url
+   * @since 2.28.0
+   */
+  public String getPluginAuthUrl() {
+    return pluginAuthUrl;
+  }
+
+  /**
+   * Returns {@code true} if the default plugin auth url is used.
+   * @return {@code true} if the default plugin auth url is used
+   * @since 2.28.0
+   */
+  public boolean isDefaultPluginAuthUrl() {
+    return DEFAULT_PLUGIN_AUTH_URL.equals(pluginAuthUrl);
+  }
+
  /**
   * Returns the url of the rss release feed.
   *
@@ -543,6 +572,15 @@ public class ScmConfiguration implements Configuration {
    this.pluginUrl = pluginUrl;
  }

+  /**
+   * Set the url for plugin center authentication.
+   * @param pluginAuthUrl authentication url
+   * @since 2.28.0
+   */
+  public void setPluginAuthUrl(String pluginAuthUrl) {
+    this.pluginAuthUrl = pluginAuthUrl;
+  }
+
  public void setReleaseFeedUrl(String releaseFeedUrl) {
    this.releaseFeedUrl = releaseFeedUrl;
  }
--- a/scm-core/src/main/java/sonia/scm/net/ahc/BaseHttpRequest.java
+++ b/scm-core/src/main/java/sonia/scm/net/ahc/BaseHttpRequest.java
@@ -106,6 +106,18 @@ public abstract class BaseHttpRequest<T extends BaseHttpRequest>
    return self();
  }

+  /**
+   * Enable authentication with a bearer token.
+   * @param bearerToken bearer token
+   * @return http request instance
+   * @since 2.28.0
+   */
+  public T bearerAuth(String bearerToken) {
+    headers.put("Authorization", "Bearer ".concat(bearerToken));
+
+    return self();
+  }
+
  /**
   * Enable or disabled gzip decoding. The default value is false.
   *
--- a/scm-core/src/main/java/sonia/scm/web/VndMediaType.java
+++ b/scm-core/src/main/java/sonia/scm/web/VndMediaType.java
@@ -69,6 +69,7 @@ public class VndMediaType {
  public static final String REPOSITORY_TYPE = PREFIX + "repositoryType" + SUFFIX;
  public static final String PLUGIN = PREFIX + "plugin" + SUFFIX;
  public static final String PLUGIN_COLLECTION = PREFIX + "pluginCollection" + SUFFIX;
+  public static final String PLUGIN_CENTER_AUTH_INFO = PREFIX + "pluginCenterAuthInfo" + SUFFIX;
  public static final String UI_PLUGIN = PREFIX + "uiPlugin" + SUFFIX;
  public static final String UI_PLUGIN_COLLECTION = PREFIX + "uiPluginCollection" + SUFFIX;
  @SuppressWarnings("squid:S2068")
--- a/scm-core/src/test/java/sonia/scm/config/ScmConfigurationTest.java
+++ b/scm-core/src/test/java/sonia/scm/config/ScmConfigurationTest.java
@@ -0,0 +1,46 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.config;
+
+import org.junit.jupiter.api.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class ScmConfigurationTest {
+
+  private final ScmConfiguration scmConfiguration = new ScmConfiguration();
+
+  @Test
+  void shouldReturnTrueForInitialPluginAuthUrl() {
+    assertThat(scmConfiguration.isDefaultPluginAuthUrl()).isTrue();
+  }
+
+  @Test
+  void shouldReturnFalseIfPluginAuthUrlHasChanged() {
+    scmConfiguration.setPluginAuthUrl("https://plug.ins/oidc");
+    assertThat(scmConfiguration.isDefaultPluginAuthUrl()).isFalse();
+  }
+
+}
--- a/scm-core/src/test/java/sonia/scm/net/ahc/BaseHttpRequestTest.java
+++ b/scm-core/src/test/java/sonia/scm/net/ahc/BaseHttpRequestTest.java
@@ -28,108 +28,116 @@ import com.google.common.collect.Lists;
 import com.google.common.collect.Multimap;
 import java.io.IOException;
 import java.util.Collection;
-import org.junit.Test;
-import static org.junit.Assert.*;
-import static org.hamcrest.Matchers.*;
-import org.junit.Before;
-import org.junit.runner.RunWith;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
+
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.*;
-import org.mockito.junit.MockitoJUnitRunner;
+import org.mockito.junit.jupiter.MockitoExtension;

 /**
 *
 * @author Sebastian Sdorra
 */
-@RunWith(MockitoJUnitRunner.class)
-public class BaseHttpRequestTest {
+@ExtendWith(MockitoExtension.class)
+class BaseHttpRequestTest {

  @Mock
  private AdvancedHttpClient ahc;
  
  private BaseHttpRequest<AdvancedHttpRequest> request;
  
-  @Before
+  @BeforeEach
  public void before(){
    request = new AdvancedHttpRequest(ahc, HttpMethod.GET, "https://www.scm-manager.org");
  }

  @Test
-  public void testBasicAuth()
-  {
+  void shouldAddAuthorizationHeaderWithBasicScheme() {
    request.basicAuth("tricia", "mcmillian123");
    Multimap<String,String> headers = request.getHeaders();
-    assertEquals("Basic dHJpY2lhOm1jbWlsbGlhbjEyMw==", headers.get("Authorization").iterator().next());
+    assertThat(headers.get("Authorization").iterator().next()).isEqualTo("Basic dHJpY2lhOm1jbWlsbGlhbjEyMw==");
+  }
+
+  @Test
+  void shouldAddAuthorizationHeaderWithBearerScheme() {
+    request.bearerAuth("awesome-access-token");
+    Multimap<String,String> headers = request.getHeaders();
+    assertThat(headers.get("Authorization").iterator().next()).isEqualTo("Bearer awesome-access-token");
  }
  
  @Test
-  public void testQueryString(){
+  void shouldAppendQueryString(){
    request.queryString("a", "b");
-    assertEquals("https://www.scm-manager.org?a=b", request.getUrl());
+    assertThat(request.getUrl()).isEqualTo("https://www.scm-manager.org?a=b");
  }
  
  @Test
-  public void testQueryStringMultiple(){
+  void shouldAppendMultipleQueryStrings(){
    request.queryString("a", "b");
    request.queryString("c", "d", "e");
-    assertEquals("https://www.scm-manager.org?a=b&c=d&c=e", request.getUrl());
+    assertThat(request.getUrl()).isEqualTo("https://www.scm-manager.org?a=b&c=d&c=e");
  }
  
  @Test
-  public void testQueryStringEncoded(){
+  void shouldEscapeQueryString(){
    request.queryString("a", "äüö");
-    assertEquals("https://www.scm-manager.org?a=%C3%A4%C3%BC%C3%B6", request.getUrl());
+    assertThat(request.getUrl()).isEqualTo("https://www.scm-manager.org?a=%C3%A4%C3%BC%C3%B6");
  }
  
  @Test
-  public void testQueryStrings(){
-    Iterable<? extends Object> i1 = Lists.newArrayList("b");
-    Iterable<? extends Object> i2 = Lists.newArrayList("d", "e");
+  void shouldAppendQueryStringFromIterable(){
+    Iterable<?> i1 = Lists.newArrayList("b");
+    Iterable<?> i2 = Lists.newArrayList("d", "e");
    request.queryStrings("a", i1);
    request.queryStrings("c", i2);
-    assertEquals("https://www.scm-manager.org?a=b&c=d&c=e", request.getUrl());
+
+    assertThat(request.getUrl()).isEqualTo("https://www.scm-manager.org?a=b&c=d&c=e");
  }
  
  @Test
-  public void testQuerqStringNullValue(){
+  void ShouldNotAppendQueryStringWithNullValue(){
    request.queryString("a", null, "b");
-    assertEquals("https://www.scm-manager.org?a=&a=b", request.getUrl());
+    assertThat(request.getUrl()).isEqualTo("https://www.scm-manager.org?a=&a=b");
  }
  
  @Test
-  public void testHeader(){
+  void shouldAddHeader(){
    request.header("a", "b");
-    assertEquals("b", request.getHeaders().get("a").iterator().next());
+    assertThat(request.getHeaders().get("a").iterator().next()).isEqualTo("b");
  }
  
  @Test
-  public void testHeaderMultiple(){
+  void shouldAddHeaderWithMultipleValues(){
    request.header("a", "b", "c", "d");
-    Collection<String> values = request.getHeaders().get("a");
-    assertThat(values, contains("b", "c", "d"));
+    assertThat( request.getHeaders().get("a")).contains("b", "c", "d");
  }
  
  @Test
-  public void testRequest() throws IOException{
+  void shouldExecuteWithClient() throws IOException{
    request.request();
+
    verify(ahc).request(request);
  }
  
  @Test
-  public void testBuilderMethods(){
-    Iterable<? extends Object> i1 = Lists.newArrayList("b");
-    assertThat(request.decodeGZip(true), instanceOf(AdvancedHttpRequest.class));
-    assertTrue(request.isDecodeGZip());
-    assertThat(request.disableCertificateValidation(true), instanceOf(AdvancedHttpRequest.class));
-    assertTrue(request.isDisableCertificateValidation());
-    assertThat(request.disableHostnameValidation(true), instanceOf(AdvancedHttpRequest.class));
-    assertTrue(request.isDisableHostnameValidation());
-    assertThat(request.ignoreProxySettings(true), instanceOf(AdvancedHttpRequest.class));
-    assertTrue(request.isIgnoreProxySettings());
-    assertThat(request.header("a", "b"), instanceOf(AdvancedHttpRequest.class));
-    assertThat(request.headers("a", i1), instanceOf(AdvancedHttpRequest.class));
-    assertThat(request.queryString("a", "b"), instanceOf(AdvancedHttpRequest.class));
-    assertThat(request.queryStrings("a", i1), instanceOf(AdvancedHttpRequest.class));
+  void shouldApplyValueFromBuilderMethods(){
+    Iterable<?> i1 = Lists.newArrayList("b");
+    assertThat(request.decodeGZip(true)).isInstanceOf(AdvancedHttpRequest.class);
+    assertThat(request.isDecodeGZip()).isTrue();
+    assertThat(request.disableCertificateValidation(true)).isInstanceOf(AdvancedHttpRequest.class);
+    assertThat(request.isDisableCertificateValidation()).isTrue();
+    assertThat(request.disableHostnameValidation(true)).isInstanceOf(AdvancedHttpRequest.class);
+    assertThat(request.isDisableHostnameValidation()).isTrue();
+    assertThat(request.ignoreProxySettings(true)).isInstanceOf(AdvancedHttpRequest.class);
+    assertThat(request.isIgnoreProxySettings()).isTrue();
+    assertThat(request.header("a", "b")).isInstanceOf(AdvancedHttpRequest.class);
+    assertThat(request.headers("a", i1)).isInstanceOf(AdvancedHttpRequest.class);
+    assertThat(request.queryString("a", "b")).isInstanceOf(AdvancedHttpRequest.class);
+    assertThat(request.queryStrings("a", i1)).isInstanceOf(AdvancedHttpRequest.class);
  }

 }