Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-02 03:25:56 +01:00
Code Issues Packages Projects Releases Activity

Integrate Plugin Center myCloudogu Authentication (#1884)

Browse Source 
Allows scm-manager instances to authenticate with the configured plugin center. If the default plugin center is used, a myCloudogu account is used for authentication which in turn enables downloading special myCloudogu plugins directly through the plugin administration page.

Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
Co-authored-by: Matthias Thieroff <93515444+mthieroff@users.noreply.github.com>
Co-authored-by: Philipp Ahrendt <philipp.ahrendt@cloudogu.com>
This commit is contained in:
Sebastian Sdorra
2021-12-13 15:15:57 +01:00
committed by GitHub
parent c95888d491
commit 6eba01161f
84 changed files with 3147 additions and 289 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/de/user/admin/assets/administration-myC-confirmation.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

BIN
docs/de/user/admin/assets/administration-plugin-center-connected.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
docs/de/user/admin/assets/administration-plugin-center-not-connected.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
docs/de/user/admin/assets/administration-settings-connected.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 41 KiB

BIN
docs/de/user/admin/assets/administration-settings-not-connected.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
docs/de/user/admin/assets/myCloudogu-login.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 145 KiB

26
docs/de/user/admin/plugins.md
View File

@@ -2,14 +2,32 @@
title: Administration
subtitle: Plugins
---
Unter dem Eintrag "Plugins" können mithilfe des externen Plugin-Centers Plugins für den SCM Manager verwaltet werden. Die Plugins werden nach installierten und verfügbaren Plugins unterschieden und nach Funktionsschwerpunkt wie bspw. Workflow oder Authentifizierung gruppiert.
Unter dem Eintrag "Plugins" werden mithilfe des externen Plugin-Centers Plugins für den SCM Manager verwaltet. Die Plugins werden nach installierten und verfügbaren Plugins unterschieden und nach Funktionsschwerpunkt wie bspw. Workflow oder Authentifizierung gruppiert.
Die Plugins können über Funktions-Icons auf den Kacheln verwaltet werden. Systemrelevante Plugins, die der SCM-Manager selbst liefert, können weder deinstalliert noch aktualisiert werden.
Die Plugins können über Aktions-Icons auf den Kacheln verwaltet werden. Systemrelevante Plugins, die der SCM-Manager selbst liefert, können weder deinstalliert noch aktualisiert werden.
Damit Änderungen der Plugins wirksam werden, muss der SCM-Manager-Server neugestartet werden. Das kann nach jeder einzelnen Aktion erfolgen. Es ist aber auch möglich viele unterschiedliche Aktionen wie Installieren, Aktualisieren und Löschen in eine Warteschlange einzureihen und alle Aktionen mit einem einzigen Neustart auszuführen. Wird eine Aktion (Installieren, Deinstallieren, Aktualisieren) für ein Plugin ausgewählt, erscheinen die Schaltflächen "Änderungen ausführen" und "Änderungen abbrechen". Über "Änderungen ausführen" öffnet sich ein Pop-Up Fenster, indem die aktuelle Warteschlange (alle ausgeführten Aktionen ohne Neustart) angezeigt werden. Der Anwender hat nun die Möglichkeit zu entscheiden, ob die Änderungen durch einen Neustart ausgeführt werden sollen. Falls Aktionen, die sich bereits in der Warteschlange befinden nicht mehr erwünscht sind, kann die gesamte Warteschlange über den Button "Änderungen abbrechen" verworfen werden.
Damit Änderungen der Plugins wirksam werden, muss der SCM-Manager-Server neu gestartet werden. Das kann nach jeder einzelnen Aktion erfolgen. Es ist aber auch möglich viele unterschiedliche Aktionen wie Installieren, Aktualisieren und Löschen in eine Warteschlange einzureihen und alle Aktionen mit einem einzigen Neustart auszuführen. Wird eine Aktion (Installieren, Deinstallieren, Aktualisieren) für ein Plugin ausgewählt, erscheinen die Schaltflächen Änderungen ausführen und Änderungen abbrechen. Über Änderungen ausführen öffnet sich ein Pop-Up Fenster, in dem die aktuelle Warteschlange (alle ausgeführten Aktionen ohne Neustart) angezeigt werden. Der Anwender hat nun die Möglichkeit zu entscheiden, ob die Änderungen durch einen Neustart ausgeführt werden sollen. Falls Aktionen, die sich bereits in der Warteschlange befinden nicht mehr erwünscht sind, kann die gesamte Warteschlange über den Button Änderungen abbrechen verworfen werden.
### myCloudogu-Plugins
Einige besondere Plugins sind nur für Instanzen des SCM-Managers verfügbar, die mit myCloudogu verbunden sind. Der SCM-Manager kann über den Button „Mit myCloudogu verbinden“ mit myCloudogu verbunden werden.
![Plugin-Center nicht verbunden, Button zur Verbindung mit myCloudogu](assets/administration-plugin-center-not-connected.png)
Sie werden dann zur myCloudogu-Login-Maske weitergeleitet.
![myCloudogu-Login-Maske](assets/myCloudogu-login.png)
Wenn Sie über ein myCloudogu-Konto verfügen, können Sie sich einloggen. Ansonsten erstellen Sie über einen konföderierten Identitätsanbieter (Google oder github) oder Ihre Email-Adresse ein Konto.
Anschließend werden Sie zurück zum SCM-Manager geleitet und können Details zur verbundenen Instanz und Konto überprüfen. Mit „Verbinden“ bestätigen Sie die Verbindung, mit „Abbrechen“ brechen Sie den Vorgang ab.
![Bestätigung der Verbindung mit myCloudogu](assets/administration-myC-confirmation.png)
Jetzt können Sie im Plugin-Center myCloudogu-Plugins genau wie Basis-Plugins installieren.
![SCM-Manager mit myCloudogu verbunden](assets/administration-plugin-center-connected.png)
Eine Instanz des SCM-Managers muss nur mit einem Konto verbunden werden, damit die myCloudogu-Plugins für die gesamte Instanz zur Verfügung stehen.
Sie können die Verbindung zu myCloudogu jederzeit unter Plugin Center Einstellungen in den Settings lösen.
#### Was ist myCloudogu und warum sollte ich ein Konto erstellen?
myCloudogu ist nicht nur die Heimat der SCM-Manager-Community. Sie können sich auch mit anderen Nutzenden austauschen, Bugs melden oder neue Funktionen im Forum zur Diskussion stellen.
myCloudogu bietet weiter besondere Plugins speziell für die Community an. In der Zukunft folgen weitere nützliche Plugins, die auch gemeinsam mit Partnern bereitgestellt werden.
Nutzen Sie erweiterte Plugin-Funktionen im SCM-Managers, treten Sie mit den Entwicklern in Kontakt und schließen Sie sich [myCloudogu](https://my.cloudogu.com) kostenfrei an!
### Installiert
Auf der Übersicht für installierte Plugins werden alle auf der SCM-Manager Instanz installierten Plugins angezeigt. Optionale Plugins können hier deinstalliert und aktualisiert werden.
Auf der Übersicht für installierte Plugins werden alle auf der SCM-Manager Instanz installierten Plugins angezeigt. Optionale Plugins können hier aktualisiert und deinstalliert werden.
![Administration-Plugins-Installed](assets/administration-plugins-installed.png)

7
docs/de/user/admin/settings.md
View File

@@ -23,8 +23,13 @@ Auf der Login-Seite des SCM-Managers werden hilfreiche Plugins und Features vorg
#### XSRF Protection aktivieren
Um Angriffe auf den SCM-Manager mit Cross Site Scripting (XSS / XSRF) zu erschweren. Dieses Feature ist noch experimentell.
#### Plugin-Center-URL
#### Plugin-Settings
Der SCM-Manager kann ein Plugin-Center anbinden, um schnell und bequem Plugins verwalten zu können. Um ein anderes SCM-Plugin-Center als das vorkonfigurierte zu verwenden, reicht es aus diese URL zu ändern. Läuft der SCM-Manager im Cloudogu EcoSystem kann die Plugin Center URL über einen Eintrag im etcd gesetzt werden.
Wenn das vorkonfigurierte Plugin-Center verwendet wird, kann der SCM-Manager mit myCloudogu verbunden werden.
![Einstellungen, Plugin-Center nicht mit myCloudogu verbunden](assets/administration-settings-not-connected.png)
So können über das Plugin-Center besondere myCloudogu-Plugins bezogen werden. Details sind in der Dokumentation des Plugin-Centers aufgeführt.
Eine bestehende Verbindung zwischen dem SCM-Manager und myCloudogu kann hier aufgehoben werden.
![Einstellungen, Plugin-Center mit myCloudogu verbunden, Button zum Lösen der Verbindung](assets/administration-settings-connected.png)
#### Anonyme Zugriff
Der SCM-Manager 2 hat das Konzept für anonyme Zugriffe über einen "_anonymous"-Benutzer realisiert. Beim Aktivieren des anonymen Zugriffs wird ein neuer Benutzer erstellt mit dem Namen "_anonymous". Dieser Nutzer kann wie ein gewöhnlicher Benutzer für unterschiedliche Aktionen berechtigt werden. Bei einem Zugriff auf den SCM-Manager ohne Zugangsdaten wird dieser anonyme Benutzer verwendet.

BIN
docs/en/user/admin/assets/administration-myC-confirmation.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 63 KiB

BIN
docs/en/user/admin/assets/administration-plugin-center-connected.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
docs/en/user/admin/assets/administration-plugin-center-not-connected.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
docs/en/user/admin/assets/administration-setings-not-connected.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
docs/en/user/admin/assets/administration-settings-connected.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
docs/en/user/admin/assets/myCloudogu-Login.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 101 KiB

26
docs/en/user/admin/plugins.md
View File

@@ -2,18 +2,36 @@
title: Administration
subtitle: Plugins
---
In the plugins section, plugins for SCM-Manager can be managed with the help of the external plugin center. Plugins are distinguished between installed and available plugins and are grouped based on their main functionality like for example workflow or authentication.
In the plugins section, plugins for SCM-Manager can be managed with the help of the external plugin center. Plugins are distinguished between installed and available plugins. They are grouped based on their main functionality like for example workflow or authentication.
Plugins can be managed by functionality icons on the tiles. System relevant plugins that come with SCM-Manager by default cannot be deinstalled or updated.
Plugins can be managed by action icons on the tiles. System relevant plugins that come with SCM-Manager by default cannot be uninstalled or updated.
In order for changes to plugins to become effective, the SCM-Manager server needs to be restarted. That can be done after every single action. It is also possible to queue several actions like the installation of a new plugin, updates or the deletion of a plugin and to perform all actions with one restart. If an action (installation, deinstallation, update) for a plugin was performed, the buttons "Execute changes" and "Abort changes" appear. If you choose to execute the changes, a popup window that shows the current queue (all actions without a restart) appears. Now the user can decide whether to execute the changes by restarting the server. If there are actions in the queue that are no longer desired, the queue can be emptied with the about changes button.
In order for changes to plugins to become effective, the SCM-Manager server needs to be restarted. That can be done after every single action. It is also possible to queue several actions like the installation of a new plugin, updates or the deletion of a plugin and to perform all actions with one restart. If an action (installation, uninstallation, update) for a plugin was performed, the buttons "Execute changes" and "Abort changes" appear. If you choose to execute the changes, a popup window that shows the current queue (all actions without a restart) appears. Now the user can decide whether to execute the changes by restarting the server. If there are actions in the queue that are no longer desired, the queue can be emptied with the abort changes button.
### myCloudogu plugins
Some special plugins are only available to instances of SCM-Manager that are connected to myCloudogu. You may connect your instance by clicking the button “Connect to myCloudogu” ![Plugin-center not connected](assets/administration-plugin-center-not-connected.png).
You will be redirected to a myCloudogu login form. ![myCloudogu-Login-Form](assets/myCloudogu-Login.png) If you already have an account you simply log in. Otherwise you can create an account either by using a confederate identity provider (Google or github)
or with your email.
After a successful login you will return to the SCM-Manager. Here you can review the instance and account to connect. By clicking the button “Connect” you approve the connection and return to the plugin center. ![Confirmation of connection](assets/administration-myC-confirmation.png)
Now you can install myCloudogu plugins like basic plugins.
![Plugin-center connected with myCloudogu](assets/administration-plugin-center-connected.png)
Only one user with sufficient permissions needs to connect the instance with myCloudogu. The myCloudogu plugins can than be installed by every user with suitable permissions.
You can always sever the connection in the plugin center settings in global settings of your instance.
#### What is myCloudogu and why should you create an account?
myCloudogu is not only the home of the SCM-Manager community. You can connect to other users, get help and express feature requests in the forum.
myCloudogu also serves special plugins to provide more value for our community. In the future myCloudogu will offer exiting plugins developed in cooperation with our partners.
To unlock the full power of SCM-Manager and to hang out with our developers, join [myCloudogu](https://my.cloudogu.com/) for free!
### Installed
The overview for installed plugins shows all plugins that are currently installed on the SCM-Manager instance. Plugins that are optional can be deinstalled or updated here.
The overview for installed plugins shows all plugins that are currently installed on the SCM-Manager instance. Optional plugins can be uninstalled or updated here.
![Administration-Plugins-Installed](assets/administration-plugins-installed.png)
### Available
The overview of all available plugins shows all plugins that are compatible with the current version of the SCM-Manager instance that are available through the SCM-plugin-center. The plugins can be downloaded by clicking on the icon and will be installed after a restart of the SCM-Manager server.
Special myCloudogu-plugins can be installed the same way if your instance of SCM-Manager is connected to myCloudogu as described above.
![Administration-Plugins-Available](assets/administration-plugins-available.png)

6
docs/en/user/admin/settings.md
View File

@@ -23,8 +23,12 @@ The login screen of SCM-Manager shows helpful plugins and features. If you want
#### Enable XSRF Protection
Activate this option to make attacks using cross site scripting (XSS / XSRF) on SCM-Manager more difficult. This feature is still in an experimental state.
#### Plugin Center URL
#### Plugin-Settings
A plugin center can be used to conveniently manage plugins. If you want to use a plugin center that is not the default one, you only have to change this URL. If SCM-Manager is operated as part of a Cloudogu EcoSystem, the plugin center URL can be changed in the etcd.
If the default plugin center is used, the SCM-Manager may be connected to myCloudogu to receive special myCloudogu-Plugins. Details can be found in the plugin-center documentation.
![Plugin center settings, not connected to myCloudogu](assets/administration-setings-not-connected.png)
An existing connection between a SCM-Manager and myCloudogu may be severed here.
![Plugin center settings, button sever connection to myCloudogu](assets/administration-settings-connected.png)
#### Anonymous Access
In SCM-Manager 2 the access for anonymous access is realized by using an "_anonymous" user. When the feature is activated, a new user with the name "_anonymous" is created. This user can be authorized just like any other user. This user is used for access to SCM-Manager without login credentials.

40
scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java
View File

@@ -69,6 +69,13 @@ public class ScmConfiguration implements Configuration {
public static final String DEFAULT_PLUGINURL =
"https://plugin-center-api.scm-manager.org/api/v1/plugins/{version}?os={os}&arch={arch}&jre={jre}";
/**
* Default url for plugin center authentication.
* @since 2.28.0
*/
public static final String DEFAULT_PLUGIN_AUTH_URL =
"https://plugin-center-api.scm-manager.org/api/v1/auth/oidc";
/**
* SCM Manager release feed url
*/
@@ -154,6 +161,9 @@ public class ScmConfiguration implements Configuration {
@XmlElement(name = "plugin-url")
private String pluginUrl = DEFAULT_PLUGINURL;
@XmlElement(name = "plugin-auth-url")
private String pluginAuthUrl = DEFAULT_PLUGIN_AUTH_URL;
@XmlElement(name = "release-feed-url")
private String releaseFeedUrl = DEFAULT_RELEASE_FEED_URL;
@@ -163,7 +173,7 @@ public class ScmConfiguration implements Configuration {
* @since 1.34
*/
@XmlElement(name = "login-attempt-limit-timeout")
private long loginAttemptLimitTimeout = TimeUnit.MINUTES.toSeconds(5l);
private long loginAttemptLimitTimeout = TimeUnit.MINUTES.toSeconds(5L);
private boolean enableProxy = false;
@@ -243,6 +253,7 @@ public class ScmConfiguration implements Configuration {
this.realmDescription = other.realmDescription;
this.dateFormat = other.dateFormat;
this.pluginUrl = other.pluginUrl;
this.pluginAuthUrl = other.pluginAuthUrl;
this.anonymousMode = other.anonymousMode;
this.enableProxy = other.enableProxy;
this.proxyPort = other.proxyPort;
@@ -319,6 +330,24 @@ public class ScmConfiguration implements Configuration {
return pluginUrl;
}
/**
* Returns the url which is used for plugin center authentication.
* @return authentication url
* @since 2.28.0
*/
public String getPluginAuthUrl() {
return pluginAuthUrl;
}
/**
* Returns {@code true} if the default plugin auth url is used.
* @return {@code true} if the default plugin auth url is used
* @since 2.28.0
*/
public boolean isDefaultPluginAuthUrl() {
return DEFAULT_PLUGIN_AUTH_URL.equals(pluginAuthUrl);
}
/**
* Returns the url of the rss release feed.
*
@@ -543,6 +572,15 @@ public class ScmConfiguration implements Configuration {
this.pluginUrl = pluginUrl;
}
/**
* Set the url for plugin center authentication.
* @param pluginAuthUrl authentication url
* @since 2.28.0
*/
public void setPluginAuthUrl(String pluginAuthUrl) {
this.pluginAuthUrl = pluginAuthUrl;
}
public void setReleaseFeedUrl(String releaseFeedUrl) {
this.releaseFeedUrl = releaseFeedUrl;
}

12
scm-core/src/main/java/sonia/scm/net/ahc/BaseHttpRequest.java
View File

@@ -106,6 +106,18 @@ public abstract class BaseHttpRequest<T extends BaseHttpRequest>
return self();
}
/**
* Enable authentication with a bearer token.
* @param bearerToken bearer token
* @return http request instance
* @since 2.28.0
*/
public T bearerAuth(String bearerToken) {
headers.put("Authorization", "Bearer ".concat(bearerToken));
return self();
}
/**
* Enable or disabled gzip decoding. The default value is false.
*

1
scm-core/src/main/java/sonia/scm/web/VndMediaType.java
View File

@@ -69,6 +69,7 @@ public class VndMediaType {
public static final String REPOSITORY_TYPE = PREFIX + "repositoryType" + SUFFIX;
public static final String PLUGIN = PREFIX + "plugin" + SUFFIX;
public static final String PLUGIN_COLLECTION = PREFIX + "pluginCollection" + SUFFIX;
public static final String PLUGIN_CENTER_AUTH_INFO = PREFIX + "pluginCenterAuthInfo" + SUFFIX;
public static final String UI_PLUGIN = PREFIX + "uiPlugin" + SUFFIX;
public static final String UI_PLUGIN_COLLECTION = PREFIX + "uiPluginCollection" + SUFFIX;
@SuppressWarnings("squid:S2068")

46
scm-core/src/test/java/sonia/scm/config/ScmConfigurationTest.java Normal file
View File

@@ -0,0 +1,46 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.config;
import org.junit.jupiter.api.Test;
import static org.assertj.core.api.Assertions.assertThat;
class ScmConfigurationTest {
private final ScmConfiguration scmConfiguration = new ScmConfiguration();
@Test
void shouldReturnTrueForInitialPluginAuthUrl() {
assertThat(scmConfiguration.isDefaultPluginAuthUrl()).isTrue();
}
@Test
void shouldReturnFalseIfPluginAuthUrlHasChanged() {
scmConfiguration.setPluginAuthUrl("https://plug.ins/oidc");
assertThat(scmConfiguration.isDefaultPluginAuthUrl()).isFalse();
}
}

96
scm-core/src/test/java/sonia/scm/net/ahc/BaseHttpRequestTest.java
View File

@@ -28,108 +28,116 @@ import com.google.common.collect.Lists;
import com.google.common.collect.Multimap;
import java.io.IOException;
import java.util.Collection;
import org.junit.Test;
import static org.junit.Assert.*;
import static org.hamcrest.Matchers.*;
import org.junit.Before;
import org.junit.runner.RunWith;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.*;
import org.mockito.junit.MockitoJUnitRunner;
import org.mockito.junit.jupiter.MockitoExtension;
/**
*
* @author Sebastian Sdorra
*/
@RunWith(MockitoJUnitRunner.class)
public class BaseHttpRequestTest {
@ExtendWith(MockitoExtension.class)
class BaseHttpRequestTest {
@Mock
private AdvancedHttpClient ahc;
private BaseHttpRequest<AdvancedHttpRequest> request;
@Before
@BeforeEach
public void before(){
request = new AdvancedHttpRequest(ahc, HttpMethod.GET, "https://www.scm-manager.org");
}
@Test
public void testBasicAuth()
{
void shouldAddAuthorizationHeaderWithBasicScheme() {
request.basicAuth("tricia", "mcmillian123");
Multimap<String,String> headers = request.getHeaders();
assertEquals("Basic dHJpY2lhOm1jbWlsbGlhbjEyMw==", headers.get("Authorization").iterator().next());
assertThat(headers.get("Authorization").iterator().next()).isEqualTo("Basic dHJpY2lhOm1jbWlsbGlhbjEyMw==");
}
@Test
public void testQueryString(){
void shouldAddAuthorizationHeaderWithBearerScheme() {
request.bearerAuth("awesome-access-token");
Multimap<String,String> headers = request.getHeaders();
assertThat(headers.get("Authorization").iterator().next()).isEqualTo("Bearer awesome-access-token");
}
@Test
void shouldAppendQueryString(){
request.queryString("a", "b");
assertEquals("https://www.scm-manager.org?a=b", request.getUrl());
assertThat(request.getUrl()).isEqualTo("https://www.scm-manager.org?a=b");
}
@Test
public void testQueryStringMultiple(){
void shouldAppendMultipleQueryStrings(){
request.queryString("a", "b");
request.queryString("c", "d", "e");
assertEquals("https://www.scm-manager.org?a=b&c=d&c=e", request.getUrl());
assertThat(request.getUrl()).isEqualTo("https://www.scm-manager.org?a=b&c=d&c=e");
}
@Test
public void testQueryStringEncoded(){
void shouldEscapeQueryString(){
request.queryString("a", "äüö");
assertEquals("https://www.scm-manager.org?a=%C3%A4%C3%BC%C3%B6", request.getUrl());
assertThat(request.getUrl()).isEqualTo("https://www.scm-manager.org?a=%C3%A4%C3%BC%C3%B6");
}
@Test
public void testQueryStrings(){
Iterable<? extends Object> i1 = Lists.newArrayList("b");
Iterable<? extends Object> i2 = Lists.newArrayList("d", "e");
void shouldAppendQueryStringFromIterable(){
Iterable<?> i1 = Lists.newArrayList("b");
Iterable<?> i2 = Lists.newArrayList("d", "e");
request.queryStrings("a", i1);
request.queryStrings("c", i2);
assertEquals("https://www.scm-manager.org?a=b&c=d&c=e", request.getUrl());
assertThat(request.getUrl()).isEqualTo("https://www.scm-manager.org?a=b&c=d&c=e");
}
@Test
public void testQuerqStringNullValue(){
void ShouldNotAppendQueryStringWithNullValue(){
request.queryString("a", null, "b");
assertEquals("https://www.scm-manager.org?a=&a=b", request.getUrl());
assertThat(request.getUrl()).isEqualTo("https://www.scm-manager.org?a=&a=b");
}
@Test
public void testHeader(){
void shouldAddHeader(){
request.header("a", "b");
assertEquals("b", request.getHeaders().get("a").iterator().next());
assertThat(request.getHeaders().get("a").iterator().next()).isEqualTo("b");
}
@Test
public void testHeaderMultiple(){
void shouldAddHeaderWithMultipleValues(){
request.header("a", "b", "c", "d");
Collection<String> values = request.getHeaders().get("a");
assertThat(values, contains("b", "c", "d"));
assertThat( request.getHeaders().get("a")).contains("b", "c", "d");
}
@Test
public void testRequest() throws IOException{
void shouldExecuteWithClient() throws IOException{
request.request();
verify(ahc).request(request);
}
@Test
public void testBuilderMethods(){
Iterable<? extends Object> i1 = Lists.newArrayList("b");
assertThat(request.decodeGZip(true), instanceOf(AdvancedHttpRequest.class));
assertTrue(request.isDecodeGZip());
assertThat(request.disableCertificateValidation(true), instanceOf(AdvancedHttpRequest.class));
assertTrue(request.isDisableCertificateValidation());
assertThat(request.disableHostnameValidation(true), instanceOf(AdvancedHttpRequest.class));
assertTrue(request.isDisableHostnameValidation());
assertThat(request.ignoreProxySettings(true), instanceOf(AdvancedHttpRequest.class));
assertTrue(request.isIgnoreProxySettings());
assertThat(request.header("a", "b"), instanceOf(AdvancedHttpRequest.class));
assertThat(request.headers("a", i1), instanceOf(AdvancedHttpRequest.class));
assertThat(request.queryString("a", "b"), instanceOf(AdvancedHttpRequest.class));
assertThat(request.queryStrings("a", i1), instanceOf(AdvancedHttpRequest.class));
void shouldApplyValueFromBuilderMethods(){
Iterable<?> i1 = Lists.newArrayList("b");
assertThat(request.decodeGZip(true)).isInstanceOf(AdvancedHttpRequest.class);
assertThat(request.isDecodeGZip()).isTrue();
assertThat(request.disableCertificateValidation(true)).isInstanceOf(AdvancedHttpRequest.class);
assertThat(request.isDisableCertificateValidation()).isTrue();
assertThat(request.disableHostnameValidation(true)).isInstanceOf(AdvancedHttpRequest.class);
assertThat(request.isDisableHostnameValidation()).isTrue();
assertThat(request.ignoreProxySettings(true)).isInstanceOf(AdvancedHttpRequest.class);
assertThat(request.isIgnoreProxySettings()).isTrue();
assertThat(request.header("a", "b")).isInstanceOf(AdvancedHttpRequest.class);
assertThat(request.headers("a", i1)).isInstanceOf(AdvancedHttpRequest.class);
assertThat(request.queryString("a", "b")).isInstanceOf(AdvancedHttpRequest.class);
assertThat(request.queryStrings("a", i1)).isInstanceOf(AdvancedHttpRequest.class);
}
}

4
scm-test/src/main/java/sonia/scm/store/InMemoryConfigurationStore.java
View File

@@ -45,4 +45,8 @@ public class InMemoryConfigurationStore<T> implements ConfigurationStore<T> {
this.object = obejct;
}
@Override
public void delete() {
object = null;
}
}

1
scm-ui/ui-api/src/config.test.ts
View File

@@ -50,6 +50,7 @@ describe("Test config hooks", () => {
namespaceStrategy: "",
emergencyContacts: [],
pluginUrl: "",
pluginAuthUrl: "",
proxyExcludes: [],
proxyPassword: null,
proxyPort: 0,

1
scm-ui/ui-api/src/index.ts
View File

@@ -59,6 +59,7 @@ export * from "./contentType";
export * from "./annotations";
export * from "./search";
export * from "./loginInfo";
export * from "./usePluginCenterAuthInfo";
export { default as ApiProvider } from "./ApiProvider";
export * from "./ApiProvider";

78
scm-ui/ui-api/src/usePluginCenterAuthInfo.ts Normal file
View File

@@ -0,0 +1,78 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
import { ApiResult, useIndexLink } from "./base";
import { Link, PluginCenterAuthenticationInfo } from "@scm-manager/ui-types";
import { useMutation, useQuery, useQueryClient } from "react-query";
import { apiClient } from "./apiclient";
import { useLocation } from "react-router-dom";
export const usePluginCenterAuthInfo = (): ApiResult<PluginCenterAuthenticationInfo> => {
const link = useIndexLink("pluginCenterAuth");
const location = useLocation();
return useQuery<PluginCenterAuthenticationInfo, Error>(
["pluginCenterAuth"],
() => {
if (!link) {
throw new Error("no such plugin center auth link");
}
return apiClient
.get(link)
.then(response => response.json())
.then((result: PluginCenterAuthenticationInfo) => {
if (result._links?.login) {
(result._links.login as Link).href += `?source=${location.pathname}`;
}
return result;
});
},
{
enabled: !!link
}
);
};
export const usePluginCenterLogout = (authenticationInfo: PluginCenterAuthenticationInfo) => {
const queryClient = useQueryClient();
const { mutate, isLoading, error } = useMutation<unknown, Error>(
() => {
if (!authenticationInfo._links.logout) {
throw new Error("authenticationInfo has no logout link");
}
const logout = authenticationInfo._links.logout as Link;
return apiClient.delete(logout.href);
},
{
onSuccess: () => queryClient.invalidateQueries("pluginCenterAuth")
}
);
return {
logout: () => {
mutate();
},
isLoading,
error
};
};

47
scm-ui/ui-components/src/buttons/Button.tsx
View File

@@ -61,32 +61,43 @@ const Button: FC<Props> = ({
loading,
disabled,
action,
color = "default",
color = "default"
}) => {
const renderIcon = () => {
return <>{icon ? <Icon name={icon} color="inherit" className="is-medium pr-1" /> : null}</>;
};
if (link && !disabled) {
return (
<Link
className={classNames(
const classes = classNames(
"button",
"is-" + color,
{ "is-loading": loading },
{ "is-fullwidth": fullWidth },
{ "is-reduced-mobile": reducedMobile },
className
)}
to={link}
aria-label={label}
>
);
const content = (
<>
{renderIcon()}{" "}
{(label || children) && (
<>
{label} {children}
</>
)}
</>
);
if (link && !disabled) {
if (link.includes("://")) {
return (
<a className={classes} href={link} aria-label={label}>
{content}
</a>
);
}
return (
<Link className={classes} to={link} aria-label={label}>
{content}
</Link>
);
}
@@ -96,23 +107,11 @@ const Button: FC<Props> = ({
type={type}
title={title}
disabled={disabled}
onClick={(event) => action && action(event)}
className={classNames(
"button",
"is-" + color,
{ "is-loading": loading },
{ "is-fullwidth": fullWidth },
{ "is-reduced-mobile": reducedMobile },
className
)}
onClick={event => action && action(event)}
className={classes}
{...createAttributesForTesting(testId)}
>
{renderIcon()}{" "}
{(label || children) && (
<>
{label} {children}
</>
)}
{content}
</button>
);
};

13
scm-ui/ui-styles/src/components/_main.scss
View File

@@ -384,6 +384,15 @@ $fa-font-path: "~@fortawesome/fontawesome-free/webfonts";
.has-border-white {
border-color: $white !important;
}
.has-border-success {
border-color: $success !important;
}
.has-border-info {
border-color: $info !important;
}
ul.is-separated {
> li:after {
content: ",\2800";
@@ -396,12 +405,12 @@ ul.is-separated {
// card columns for repo and plugins overview
.card-columns {
.column {
height: 120px;
height: 160px;
margin-bottom: 1.5rem;
.overlay-column {
position: absolute;
height: calc(120px - 1.5rem);
height: calc(160px - 1.5rem);
}
}

1
scm-ui/ui-types/src/Config.ts
View File

@@ -43,6 +43,7 @@ export type Config = HalRepresentation & {
proxyExcludes: string[];
skipFailedAuthenticators: boolean;
pluginUrl: string;
pluginAuthUrl: string;
loginAttemptLimitTimeout: number;
enabledXsrfProtection: boolean;
enabledUserConverter: boolean;

7
scm-ui/ui-types/src/Plugin.ts
View File

@@ -59,3 +59,10 @@ export type PendingPlugins = HalRepresentationWithEmbedded<{
update: Plugin[];
uninstall: Plugin[];
}>;
export type PluginCenterAuthenticationInfo = HalRepresentation & {
principal?: string;
pluginCenterSubject?: string;
date?: string;
default: boolean;
};

15
scm-ui/ui-webapp/public/locales/de/admin.json
View File

@@ -49,7 +49,7 @@
"install": "{{name}} Plugin installieren",
"update": "{{name}} Plugin aktualisieren",
"uninstall": "{{name}} Plugin deinstallieren",
"cloudoguInstall": "Plugin über myCloudogu installieren"
"cloudoguInstall": "{{name}} Plugin installieren"
},
"restart": "Neustarten, um Plugin-Änderungen wirksam zu machen",
"install": "Installieren",
@@ -69,8 +69,8 @@
"version": "Version",
"currentVersion": "Installierte Version",
"newVersion": "Neue Version",
"cloudoguInstallInfo": "Dieses Plugin ist exklusiv über myCloudogu erhältlich. Zum Installieren folgen Sie bitte der Anleitung.",
"cloudoguInstall": "Zur Installationsanleitung",
"cloudoguInstallInfo": "Verbinden Sie Ihre SCM-Manager-Instanz mit ihrem myCloudogu-Account um Zugriff auf myCloudogu-Plugins zu erhalten. Falls Sie noch über keinen Account verfügen, können Sie sich einfach kostenlos registrieren.",
"cloudoguInstall": "Mit myCloudogu verbinden und installieren",
"dependencyNotification": "Mit diesem Plugin werden folgende Abhängigkeiten mit installiert bzw. aktualisiert, wenn sie noch nicht in der aktuellen Version vorhanden sind!",
"optionalDependencyNotification": "Mit diesem Plugin werden folgende optionale Abhängigkeiten mit aktualisiert, falls sie installiert sind!",
"dependencies": "Abhängigkeiten",
@@ -85,6 +85,15 @@
"updateAllInfo": "Die folgenden Plugins werden aktualisiert. Die Änderungen werden nach dem nächsten Neustart wirksam.",
"manualRestartRequired": "Nachdem die Plugin-Änderung durchgeführt wurde, muss SCM-Manager neu gestartet werden.",
"showPending": "Um die folgenden Plugin-Änderungen auszuführen, muss SCM-Manager neu gestartet werden."
},
"myCloudogu": {
"connectionInfo": "Instanz ist mit myCloudogu verbunden.\nAccount: {{pluginCenterSubject}}",
"login": {
"button": {
"label": "Mit <0>myCloudogu</0> verbinden"
},
"description": "Verbinden Sie Ihren SCM-Manager mit <0>myCloudogu</0> um besondere Plugins zu installieren. myCloudogu ist die Heimat der SCM-Manager Community, getragen von Maintainern des SCM-Managers. Sie haben noch kein Konto? Erstellen Sie während der Verbindung der SCM-Manager-Instanz kostenfrei ein myCloudogu-Konto."
}
}
},
"repositoryRole": {

15
scm-ui/ui-webapp/public/locales/de/config.json
View File

@@ -11,6 +11,19 @@
"no-write-permission-notification": "Hinweis: Es fehlen Berechtigungen zum Bearbeiten der Einstellungen!"
}
},
"pluginSettings": {
"subtitle": "Plugin Einstellungen",
"pluginUrl": "Plugin Center URL",
"pluginAuthUrl": "Plugin Center Authentifizierungs URL",
"auth": {
"loading": "Lade Authentifizierungs Informationen ...",
"notAuthenticated": "Das Plugin Center ist nicht authentifiziert",
"authenticate": "Authentifizieren",
"authenticated": "Das Plugin Center ist als <0 /> authentifiziert",
"subjectTooltip": "Authentifiziert als {{ principal }} {{ ago }}",
"logout": "Abmelden"
}
},
"proxySettings": {
"subtitle": "Proxy Einstellungen",
"enable": "Proxy aktivieren",
@@ -54,7 +67,6 @@
"off": "Deaktivieren"
},
"skip-failed-authenticators": "Fehlgeschlagene Authentifizierer überspringen",
"plugin-url": "Plugin Center URL",
"release-feed-url": "Release Feed URL",
"mail-domain-name": "Fallback E-Mail Domain Name",
"enabled-xsrf-protection": "XSRF Protection aktivieren",
@@ -79,6 +91,7 @@
"realmDescriptionHelpText": "Beschreibung des Authentication Realm.",
"dateFormatHelpText": "Moments Datumsformat. Zulässige Formate sind in der MomentJS Dokumentation beschrieben.",
"pluginUrlHelpText": "Die URL der Plugin Center API. Beschreibung der Platzhalter: version = SCM-Manager Version; os = Betriebssystem; arch = Architektur",
"pluginAuthUrlHelpText": "Die URL der Plugin Center Authentifizierungs API.",
"releaseFeedUrlHelpText": "Die URL des RSS Release Feed des SCM-Manager. Darüber wird über die neue SCM-Manager Version informiert. Um diese Funktion zu deaktivieren lassen Sie dieses Feld leer.",
"mailDomainNameHelpText": "Dieser Domain Name wird genutzt, wenn für einen User eine E-Mail-Adresse benötigt wird, für den keine hinterlegt ist. Diese Domain wird nicht zum Versenden von E-Mails genutzt und auch keine anderweitige Verbindung aufgebaut.",
"enableForwardingHelpText": "mod_proxy Port Weiterleitung aktivieren.",

15
scm-ui/ui-webapp/public/locales/en/admin.json
View File

@@ -49,7 +49,7 @@
"install": "Install {{name}} Plugin",
"update": "Update {{name}} Plugin",
"uninstall": "Uninstall {{name}} Plugin",
"cloudoguInstall": "Get plugin from myCloudogu"
"cloudoguInstall": "Install {{name}} Plugin"
},
"restart": "Restart to make plugin changes effective",
"install": "Install",
@@ -69,8 +69,8 @@
"version": "Version",
"currentVersion": "Installed version",
"newVersion": "New version",
"cloudoguInstallInfo": "This plugin is exclusively available via myCloudogu. Follow the instructions to install it.",
"cloudoguInstall": "To Installation Instructions",
"cloudoguInstallInfo": "Connect your SCM-Manager instance with your myCloudogu account to access myCloudogu plugins. If you do not already have an account you can easily register for free.",
"cloudoguInstall": "Connect myCloudogu and install",
"dependencyNotification": "With this plugin, the following dependencies will be installed/updated if their latest versions are not installed yet!",
"optionalDependencyNotification": "With this plugin, the following optional dependencies will be updated if they are installed!",
"dependencies": "Dependencies",
@@ -85,6 +85,15 @@
"updateAllInfo": "The following plugin changes will be executed. You need to restart the SCM-Manager to make these changes effective.",
"manualRestartRequired": "After the plugin change has been made, SCM-Manager must be restarted.",
"showPending": "To execute the following plugin changes, SCM-Manager must be restarted."
},
"myCloudogu": {
"connectionInfo": "Instance is connected to myCloudogu.\nAccount: {{pluginCenterSubject}}",
"login": {
"button": {
"label": "Connect to <0>myCloudogu</0>"
},
"description": "Connect your SCM-Manager with <0>myCloudogu</0> to install special plugins. myCloudogu is the home of the SCM-Manager Community, sustained by the maintainers of the SCM-Manager. You don't have an account yet? Create a free myCloudogu account while connecting your SCM-Manager instance."
}
}
},
"repositoryRole": {

15
scm-ui/ui-webapp/public/locales/en/config.json
View File

@@ -11,6 +11,19 @@
"no-write-permission-notification": "Please note: You do not have the permission to edit the config!"
}
},
"pluginSettings": {
"subtitle": "Plugin Settings",
"pluginUrl": "Plugin Center URL",
"pluginAuthUrl": "Plugin Center Authentication URL",
"auth": {
"loading": "Loading authentication info ...",
"notAuthenticated": "Plugin Center is not authenticated",
"authenticate": "Authenticate",
"authenticated": "Plugin Center is authenticated as <0 />",
"subjectTooltip": "Authenticated by {{ principal }} {{ ago }}",
"logout": "Logout"
}
},
"proxySettings": {
"subtitle": "Proxy Settings",
"enable": "Enable Proxy",
@@ -54,7 +67,6 @@
"off": "Disabled"
},
"skip-failed-authenticators": "Skip Failed Authenticators",
"plugin-url": "Plugin Center URL",
"release-feed-url": "Release Feed URL",
"mail-domain-name": "Fallback Mail Domain Name",
"enabled-xsrf-protection": "Enabled XSRF Protection",
@@ -79,6 +91,7 @@
"realmDescriptionHelpText": "Enter authentication realm description.",
"dateFormatHelpText": "Moments date format. Please have a look at the MomentJS documentation.",
"pluginUrlHelpText": "The url of the Plugin Center API. Explanation of the placeholders: version = SCM-Manager Version; os = Operation System; arch = Architecture",
"pluginAuthUrlHelpText": "The url of the Plugin Center authentication API.",
"releaseFeedUrlHelpText": "The url of the RSS Release Feed for SCM-Manager. This provides up-to-date version information. To disable this feature just leave the url blank.",
"mailDomainNameHelpText": "This domain name will be used to create email addresses for users without one when needed. It will not be used to send mails nor will be accessed otherwise.",
"enableForwardingHelpText": "Enable mod_proxy port forwarding.",

10
scm-ui/ui-webapp/src/admin/components/form/ConfigForm.tsx
View File

@@ -29,6 +29,7 @@ import ProxySettings from "./ProxySettings";
import GeneralSettings from "./GeneralSettings";
import BaseUrlSettings from "./BaseUrlSettings";
import LoginAttempt from "./LoginAttempt";
import PluginSettings from "./PluginSettings";
type Props = {
submitForm: (p: Config) => void;
@@ -65,6 +66,7 @@ const ConfigForm: FC<Props> = ({
proxyExcludes: [],
skipFailedAuthenticators: false,
pluginUrl: "",
pluginAuthUrl: "",
loginAttemptLimitTimeout: 0,
enabledXsrfProtection: true,
enabledUserConverter: false,
@@ -142,7 +144,6 @@ const ConfigForm: FC<Props> = ({
dateFormat={innerConfig.dateFormat}
anonymousMode={innerConfig.anonymousMode}
skipFailedAuthenticators={innerConfig.skipFailedAuthenticators}
pluginUrl={innerConfig.pluginUrl}
releaseFeedUrl={innerConfig.releaseFeedUrl}
mailDomainName={innerConfig.mailDomainName}
enabledXsrfProtection={innerConfig.enabledXsrfProtection}
@@ -168,6 +169,13 @@ const ConfigForm: FC<Props> = ({
hasUpdatePermission={configUpdatePermission}
/>
<hr />
<PluginSettings
pluginUrl={innerConfig.pluginUrl}
pluginAuthUrl={innerConfig.pluginAuthUrl}
onChange={(isValid, changedValue, name) => onChange(isValid, changedValue, name)}
hasUpdatePermission={configUpdatePermission}
/>
<hr />
<ProxySettings
proxyPassword={innerConfig.proxyPassword ? innerConfig.proxyPassword : ""}
proxyPort={innerConfig.proxyPort ? innerConfig.proxyPort : 0}

37
scm-ui/ui-webapp/src/admin/components/form/GeneralSettings.tsx
View File

@@ -41,7 +41,6 @@ type Props = {
dateFormat: string;
anonymousMode: AnonymousMode;
skipFailedAuthenticators: boolean;
pluginUrl: string;
releaseFeedUrl: string;
mailDomainName: string;
enabledXsrfProtection: boolean;
@@ -58,7 +57,6 @@ const GeneralSettings: FC<Props> = ({
realmDescription,
loginInfoUrl,
anonymousMode,
pluginUrl,
releaseFeedUrl,
mailDomainName,
enabledXsrfProtection,
@@ -91,9 +89,6 @@ const GeneralSettings: FC<Props> = ({
const handleNamespaceStrategyChange = (value: string) => {
onChange(true, value, "namespaceStrategy");
};
const handlePluginCenterUrlChange = (value: string) => {
onChange(true, value, "pluginUrl");
};
const handleReleaseFeedUrlChange = (value: string) => {
onChange(true, value, "releaseFeedUrl");
};
@@ -163,21 +158,13 @@ const GeneralSettings: FC<Props> = ({
</div>
</div>
<div className="columns">
<div className="column is-half">
<InputField
label={t("general-settings.plugin-url")}
onChange={handlePluginCenterUrlChange}
value={pluginUrl}
disabled={!hasUpdatePermission}
helpText={t("help.pluginUrlHelpText")}
/>
</div>
<div className="column is-half">
<Select
label={t("general-settings.anonymousMode.title")}
onChange={handleAnonymousMode}
value={anonymousMode}
disabled={!hasUpdatePermission}
className="is-fullwidth"
options={[
{ label: t("general-settings.anonymousMode.full"), value: "FULL" },
{ label: t("general-settings.anonymousMode.protocolOnly"), value: "PROTOCOL_ONLY" },
@@ -187,17 +174,6 @@ const GeneralSettings: FC<Props> = ({
testId={"anonymous-mode-select"}
/>
</div>
</div>
<div className="columns">
<div className="column is-half">
<InputField
label={t("general-settings.release-feed-url")}
onChange={handleReleaseFeedUrlChange}
value={releaseFeedUrl}
disabled={!hasUpdatePermission}
helpText={t("help.releaseFeedUrlHelpText")}
/>
</div>
<div className="column is-half">
<Checkbox
label={t("general-settings.enabled-user-converter")}
@@ -230,6 +206,17 @@ const GeneralSettings: FC<Props> = ({
/>
</div>
</div>
<div className="columns">
<div className="column">
<InputField
label={t("general-settings.release-feed-url")}
onChange={handleReleaseFeedUrlChange}
value={releaseFeedUrl}
disabled={!hasUpdatePermission}
helpText={t("help.releaseFeedUrlHelpText")}
/>
</div>
</div>
<div className="columns">
<div className="column is-full">
<MemberNameTagGroup

124
scm-ui/ui-webapp/src/admin/components/form/PluginCenterAuthentication.tsx Normal file
View File

@@ -0,0 +1,124 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
import React, { FC } from "react";
import { usePluginCenterAuthInfo, usePluginCenterLogout } from "@scm-manager/ui-api";
import { Button, ErrorNotification, Notification, Tooltip, useDateFormatter } from "@scm-manager/ui-components";
import { Link, PluginCenterAuthenticationInfo } from "@scm-manager/ui-types";
import { useLocation } from "react-router-dom";
import styled from "styled-components";
import { Trans, useTranslation } from "react-i18next";
const Message = styled.p`
line-height: 2.5rem;
`;
type Props = {
authenticationInfo: PluginCenterAuthenticationInfo;
};
const PluginCenterSubject: FC<Props> = ({ authenticationInfo }) => {
const formatter = useDateFormatter({ date: authenticationInfo.date });
const [t] = useTranslation("config");
return (
<>
<Tooltip
location="top"
message={t("pluginSettings.auth.subjectTooltip", {
principal: authenticationInfo.principal,
ago: formatter?.formatDistance()
})}
>
<strong>{authenticationInfo.pluginCenterSubject}</strong>
</Tooltip>
</>
);
};
const AuthenticatedInfo: FC<Props> = ({ authenticationInfo }) => {
const { logout, isLoading, error } = usePluginCenterLogout(authenticationInfo);
const [t] = useTranslation("config");
const subject = <PluginCenterSubject authenticationInfo={authenticationInfo} />;
return (
<Notification type="inherit">
<div className="is-full-width is-flex is-justify-content-space-between is-align-content-center">
<Message>
<Trans t={t} i18nKey="pluginSettings.auth.authenticated" components={[subject]} />
</Message>
{authenticationInfo._links.logout ? (
<Button color="warning" loading={isLoading} action={logout}>
{t("pluginSettings.auth.logout")}
</Button>
) : null}
</div>
{error ? (
<div className="pt-4">
<ErrorNotification error={error} />
</div>
) : null}
</Notification>
);
};
const PluginCenterAuthentication: FC = () => {
const { data, isLoading, error } = usePluginCenterAuthInfo();
const location = useLocation();
const [t] = useTranslation("config");
if (isLoading) {
return (
<div className="is-flex is-align-content-center">
<span className="small-loading-spinner pt-1 pr-3" />
<p>{t("pluginSettings.auth.loading")}</p>
</div>
);
}
if (error) {
return <ErrorNotification error={error} />;
}
if (!data) {
return null;
}
if (data.principal) {
return <AuthenticatedInfo authenticationInfo={data} />;
}
return (
<Notification type="inherit" className="is-flex is-justify-content-space-between is-align-content-center">
<Message>{t("pluginSettings.auth.notAuthenticated")}</Message>
{data._links.login ? (
<Button color="primary" link={(data._links.login as Link).href + "?source=" + location.pathname}>
{t("pluginSettings.auth.authenticate")}
</Button>
) : null}
</Notification>
);
};
export default PluginCenterAuthentication;

75
scm-ui/ui-webapp/src/admin/components/form/PluginSettings.tsx Normal file
View File

@@ -0,0 +1,75 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
import React, { FC } from "react";
import { useTranslation } from "react-i18next";
import { InputField, Subtitle } from "@scm-manager/ui-components";
import PluginCenterAuthentication from "./PluginCenterAuthentication";
type Props = {
pluginUrl: string;
pluginAuthUrl: string;
onChange: (isValid: boolean, changedValue: string, name: string) => void;
hasUpdatePermission: boolean;
};
const PluginSettings: FC<Props> = ({ pluginUrl, pluginAuthUrl, onChange, hasUpdatePermission }) => {
const { t } = useTranslation("config");
const handlePluginCenterUrlChange = (value: string) => {
onChange(true, value, "pluginUrl");
};
const handlePluginCenterAuthUrlChange = (value: string) => {
onChange(true, value, "pluginAuthUrl");
};
return (
<div>
<Subtitle subtitle={t("pluginSettings.subtitle")} />
<div className="columns">
<div className="column is-half">
<InputField
label={t("pluginSettings.pluginUrl")}
onChange={handlePluginCenterUrlChange}
value={pluginUrl}
disabled={!hasUpdatePermission}
helpText={t("help.pluginUrlHelpText")}
/>
</div>
<div className="column is-half">
<InputField
label={t("pluginSettings.pluginAuthUrl")}
onChange={handlePluginCenterAuthUrlChange}
value={pluginAuthUrl}
disabled={!hasUpdatePermission}
helpText={t("help.pluginAuthUrlHelpText")}
/>
</div>
</div>
<PluginCenterAuthentication />
</div>
);
};
export default PluginSettings;

61
scm-ui/ui-webapp/src/admin/plugins/components/MyCloudoguBanner.tsx Normal file
View File

@@ -0,0 +1,61 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
import { Button } from "@scm-manager/ui-components";
import * as React from "react";
import { FC } from "react";
import styled from "styled-components";
import { Trans, useTranslation } from "react-i18next";
const MyCloudoguBannerWrapper = styled.div`
border: 1px solid;
`;
type Props = {
loginLink?: string;
};
const MyCloudoguBanner: FC<Props> = ({ loginLink }) => {
const [t] = useTranslation("admin");
return loginLink ? (
<MyCloudoguBannerWrapper className="has-rounded-border is-flex is-flex-direction-column is-align-items-center p-5 mb-4 has-border-success">
<Button className="mb-5 has-text-weight-normal has-border-info" reducedMobile={true} link={loginLink}>
<Trans
t={t}
i18nKey="plugins.myCloudogu.login.button.label"
components={[<span className="mx-1 has-text-info">myCloudogu</span>]}
/>
</Button>
<p className="is-align-self-flex-start is-size-7">
<Trans
t={t}
i18nKey="plugins.myCloudogu.login.description"
components={[<a href="https://my.cloudogu.com/">myCloudogu</a>]}
/>
</p>
</MyCloudoguBannerWrapper>
) : null;
};
export default MyCloudoguBanner;

37
scm-ui/ui-webapp/src/admin/plugins/components/MyCloudoguTag.tsx Normal file
View File

@@ -0,0 +1,37 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
import React from "react";
import styled from "styled-components";
const MyCloudoguTagWrapper = styled.span`
border: solid 1px;
`;
const MyCloudoguTag = () => (
<MyCloudoguTagWrapper className="has-text-info has-border-info has-rounded-border p-1 is-size-7">
myCloudogu
</MyCloudoguTagWrapper>
);
export default MyCloudoguTag;

23
scm-ui/ui-webapp/src/admin/plugins/components/PluginEntry.tsx
View File

@@ -23,15 +23,18 @@
*/
import React, { FC } from "react";
import styled from "styled-components";
import { Link, Plugin } from "@scm-manager/ui-types";
import { Link, Plugin, PluginCenterAuthenticationInfo } from "@scm-manager/ui-types";
import { CardColumn, Icon } from "@scm-manager/ui-components";
import { PluginAction, PluginModalContent } from "../containers/PluginsOverview";
import { useTranslation } from "react-i18next";
import PluginAvatar from "./PluginAvatar";
import classNames from "classnames";
import MyCloudoguTag from "./MyCloudoguTag";
type Props = {
plugin: Plugin;
openModal: (content: PluginModalContent) => void;
pluginCenterAuthInfo?: PluginCenterAuthenticationInfo;
};
const ActionbarWrapper = styled.div`
@@ -59,19 +62,20 @@ const IconWrapper: FC<{ action: () => void }> = ({ action, children }) => {
);
};
const PluginEntry: FC<Props> = ({ plugin, openModal }) => {
const PluginEntry: FC<Props> = ({ plugin, openModal, pluginCenterAuthInfo }) => {
const [t] = useTranslation("admin");
const isInstallable = plugin._links.install && (plugin._links.install as Link).href;
const isUpdatable = plugin._links.update && (plugin._links.update as Link).href;
const isUninstallable = plugin._links.uninstall && (plugin._links.uninstall as Link).href;
const isCloudoguPlugin = plugin.type === "CLOUDOGU";
const isDefaultPluginCenterLoginAvailable = pluginCenterAuthInfo?.default && !!pluginCenterAuthInfo?._links?.login;
const evaluateAction = () => {
if (isInstallable) {
return () => openModal({ plugin, action: PluginAction.INSTALL });
}
if (isCloudoguPlugin) {
if (isCloudoguPlugin && isDefaultPluginCenterLoginAvailable) {
return () => openModal({ plugin, action: PluginAction.CLOUDOGU });
}
@@ -88,7 +92,7 @@ const PluginEntry: FC<Props> = ({ plugin, openModal }) => {
);
const actionBar = () => (
<ActionbarWrapper className="is-flex">
{isCloudoguPlugin && (
{isCloudoguPlugin && isDefaultPluginCenterLoginAvailable && (
<IconWrapper action={() => openModal({ plugin, action: PluginAction.CLOUDOGU })}>
<Icon title={t("plugins.modal.cloudoguInstall")} name="link" color="success-dark" />
</IconWrapper>
@@ -120,8 +124,17 @@ const PluginEntry: FC<Props> = ({ plugin, openModal }) => {
description={plugin.description}
contentRight={plugin.pending || plugin.markedForUninstall ? pendingSpinner() : actionBar()}
footerLeft={<small>{plugin.version}</small>}
footerRight={<small className="level-item is-block shorten-text">{plugin.author}</small>}
footerRight={null}
/>
<div
className={classNames("is-flex", {
"is-justify-content-space-between": isCloudoguPlugin,
"is-justify-content-end": !isCloudoguPlugin
})}
>
{isCloudoguPlugin ? <MyCloudoguTag /> : null}
<small className="level-item is-block shorten-text is-align-self-flex-end">{plugin.author}</small>
</div>
</>
);
};

14
scm-ui/ui-webapp/src/admin/plugins/components/PluginGroupEntry.tsx
View File

@@ -23,18 +23,26 @@
*/
import React, { FC } from "react";
import { CardColumnGroup } from "@scm-manager/ui-components";
import { PluginGroup } from "@scm-manager/ui-types";
import { PluginCenterAuthenticationInfo, PluginGroup } from "@scm-manager/ui-types";
import PluginEntry from "./PluginEntry";
import { PluginModalContent } from "../containers/PluginsOverview";
type Props = {
group: PluginGroup;
openModal: (content: PluginModalContent) => void;
pluginCenterAuthInfo?: PluginCenterAuthenticationInfo;
};
const PluginGroupEntry: FC<Props> = ({ openModal, group }) => {
const PluginGroupEntry: FC<Props> = ({ openModal, group, pluginCenterAuthInfo }) => {
const entries = group.plugins.map(plugin => {
return <PluginEntry plugin={plugin} openModal={openModal} key={plugin.name} />;
return (
<PluginEntry
plugin={plugin}
openModal={openModal}
key={plugin.name}
pluginCenterAuthInfo={pluginCenterAuthInfo}
/>
);
});
return <CardColumnGroup name={group.name} elements={entries} />;
};

14
scm-ui/ui-webapp/src/admin/plugins/components/PluginList.tsx
View File

@@ -22,7 +22,7 @@
* SOFTWARE.
*/
import React, { FC } from "react";
import { Plugin } from "@scm-manager/ui-types";
import { Plugin, PluginCenterAuthenticationInfo } from "@scm-manager/ui-types";
import PluginGroupEntry from "../components/PluginGroupEntry";
import groupByCategory from "./groupByCategory";
import { PluginModalContent } from "../containers/PluginsOverview";
@@ -30,14 +30,22 @@ import { PluginModalContent } from "../containers/PluginsOverview";
type Props = {
plugins: Plugin[];
openModal: (content: PluginModalContent) => void;
pluginCenterAuthInfo?: PluginCenterAuthenticationInfo;
};
const PluginList: FC<Props> = ({ plugins, openModal }) => {
const PluginList: FC<Props> = ({ plugins, openModal, pluginCenterAuthInfo }) => {
const groups = groupByCategory(plugins);
return (
<div className="content is-plugin-page">
{groups.map(group => {
return <PluginGroupEntry group={group} openModal={openModal} key={group.name} />;
return (
<PluginGroupEntry
group={group}
openModal={openModal}
key={group.name}
pluginCenterAuthInfo={pluginCenterAuthInfo}
/>
);
})}
</div>
);

19
scm-ui/ui-webapp/src/admin/plugins/components/PluginModal.tsx
View File

@@ -28,8 +28,9 @@ import styled from "styled-components";
import { Link, Plugin } from "@scm-manager/ui-types";
import { Button, ButtonGroup, Checkbox, ErrorNotification, Modal, Notification } from "@scm-manager/ui-components";
import SuccessNotification from "./SuccessNotification";
import { useInstallPlugin, useUninstallPlugin, useUpdatePlugins } from "@scm-manager/ui-api";
import { useInstallPlugin, usePluginCenterAuthInfo, useUninstallPlugin, useUpdatePlugins } from "@scm-manager/ui-api";
import { PluginAction } from "../containers/PluginsOverview";
import MyCloudoguTag from "./MyCloudoguTag";
type Props = {
plugin: Plugin;
@@ -54,11 +55,16 @@ const ListChild = styled.div`
const PluginModal: FC<Props> = ({ onClose, pluginAction, plugin }) => {
const [t] = useTranslation("admin");
const [shouldRestart, setShouldRestart] = useState<boolean>(false);
const {
data: pluginCenterAuthInfo,
isLoading: isLoadingPluginCenterAuthInfo,
error: pluginCenterAuthInfoError
} = usePluginCenterAuthInfo();
const { isLoading: isInstalling, error: installError, install, isInstalled } = useInstallPlugin();
const { isLoading: isUninstalling, error: uninstallError, uninstall, isUninstalled } = useUninstallPlugin();
const { isLoading: isUpdating, error: updateError, update, isUpdated } = useUpdatePlugins();
const error = installError || uninstallError || updateError;
const loading = isInstalling || isUninstalling || isUpdating;
const error = installError || uninstallError || updateError || pluginCenterAuthInfoError;
const loading = isInstalling || isUninstalling || isUpdating || isLoadingPluginCenterAuthInfo;
const isDone = isInstalled || isUninstalled || isUpdated;
useEffect(() => {
@@ -71,7 +77,7 @@ const PluginModal: FC<Props> = ({ onClose, pluginAction, plugin }) => {
e.preventDefault();
switch (pluginAction) {
case PluginAction.CLOUDOGU:
window.open((plugin._links.cloudoguInstall as Link).href, "_blank");
window.open((pluginCenterAuthInfo?._links?.login as Link).href, "_self");
break;
case PluginAction.INSTALL:
install(plugin, { restart: shouldRestart });
@@ -198,11 +204,16 @@ const PluginModal: FC<Props> = ({ onClose, pluginAction, plugin }) => {
<ListChild className={classNames("field-body", "is-inline-flex")}>{plugin.author}</ListChild>
</div>
{pluginAction === PluginAction.CLOUDOGU && (
<>
<div className="field is-horizontal">
<MyCloudoguTag />
</div>
<div className="field is-horizontal">
<Notification type="info" className="is-full-width">
{t("plugins.modal.cloudoguInstallInfo")}
</Notification>
</div>
</>
)}
{pluginAction === PluginAction.INSTALL && (
<div className="field is-horizontal">

56
scm-ui/ui-webapp/src/admin/plugins/containers/PluginsOverview.tsx
View File

@@ -24,15 +24,17 @@
import * as React from "react";
import { FC, useState } from "react";
import { useTranslation } from "react-i18next";
import { Plugin } from "@scm-manager/ui-types";
import { Link, Plugin } from "@scm-manager/ui-types";
import {
Button,
ButtonGroup,
ErrorNotification,
Icon,
Loading,
Notification,
Subtitle,
Title
Title,
Tooltip
} from "@scm-manager/ui-components";
import PluginsList from "../components/PluginList";
import PluginTopActions from "../components/PluginTopActions";
@@ -41,8 +43,14 @@ import ExecutePendingActionModal from "../components/ExecutePendingActionModal";
import CancelPendingActionModal from "../components/CancelPendingActionModal";
import UpdateAllActionModal from "../components/UpdateAllActionModal";
import ShowPendingModal from "../components/ShowPendingModal";
import { useAvailablePlugins, useInstalledPlugins, usePendingPlugins } from "@scm-manager/ui-api";
import {
useAvailablePlugins,
useInstalledPlugins,
usePendingPlugins,
usePluginCenterAuthInfo
} from "@scm-manager/ui-api";
import PluginModal from "../components/PluginModal";
import MyCloudoguBanner from "../components/MyCloudoguBanner";
export enum PluginAction {
INSTALL = "install",
@@ -73,20 +81,43 @@ const PluginsOverview: FC<Props> = ({ installed }) => {
error: installedPluginsError
} = useInstalledPlugins({ enabled: installed });
const { data: pendingPlugins, isLoading: isLoadingPendingPlugins, error: pendingPluginsError } = usePendingPlugins();
const {
data: pluginCenterAuthInfo,
isLoading: isLoadingPluginCenterAuthInfo,
error: pluginCenterAuthInfoError
} = usePluginCenterAuthInfo();
const [showPendingModal, setShowPendingModal] = useState(false);
const [showExecutePendingModal, setShowExecutePendingModal] = useState(false);
const [showUpdateAllModal, setShowUpdateAllModal] = useState(false);
const [showCancelModal, setShowCancelModal] = useState(false);
const [pluginModalContent, setPluginModalContent] = useState<PluginModalContent | null>(null);
const collection = installed ? installedPlugins : availablePlugins;
const error = (installed ? installedPluginsError : availablePluginsError) || pendingPluginsError;
const loading = (installed ? isLoadingInstalledPlugins : isLoadingAvailablePlugins) || isLoadingPendingPlugins;
const error =
(installed ? installedPluginsError : availablePluginsError) || pendingPluginsError || pluginCenterAuthInfoError;
const loading =
(installed ? isLoadingInstalledPlugins : isLoadingAvailablePlugins) ||
isLoadingPendingPlugins ||
isLoadingPluginCenterAuthInfo;
const isPluginCenterAuthenticated = !!pluginCenterAuthInfo?.pluginCenterSubject;
const isDefaultPluginCenter = pluginCenterAuthInfo?.default;
const renderHeader = (actions: React.ReactNode) => {
return (
<div className="columns">
<div className="column">
<Title title={t("plugins.title")} />
<Title>
{t("plugins.title")}
{isPluginCenterAuthenticated && isDefaultPluginCenter ? (
<Tooltip
message={t("plugins.myCloudogu.connectionInfo", {
pluginCenterSubject: pluginCenterAuthInfo.pluginCenterSubject
})}
multiline={true}
>
<Icon name="check-circle" color="info" className="is-size-5 ml-1" />
</Tooltip>
) : null}
</Title>
<Subtitle subtitle={installed ? t("plugins.installedSubtitle") : t("plugins.availableSubtitle")} />
</div>
<PluginTopActions>{actions}</PluginTopActions>
@@ -165,7 +196,7 @@ const PluginsOverview: FC<Props> = ({ installed }) => {
};
const computeUpdateAllSize = () => {
const outdatedPlugins = collection?._embedded.plugins.filter((p: Plugin) => p._links.update).length;
const outdatedPlugins = collection?._embedded?.plugins.filter((p: Plugin) => p._links.update).length;
return t("plugins.outdatedPlugins", {
count: outdatedPlugins
});
@@ -173,7 +204,13 @@ const PluginsOverview: FC<Props> = ({ installed }) => {
const renderPluginsList = () => {
if (collection?._embedded && collection._embedded.plugins.length > 0) {
return <PluginsList plugins={collection._embedded.plugins} openModal={setPluginModalContent} />;
return (
<PluginsList
plugins={collection._embedded.plugins}
openModal={setPluginModalContent}
pluginCenterAuthInfo={pluginCenterAuthInfo}
/>
);
}
return <Notification type="info">{t("plugins.noPlugins")}</Notification>;
};
@@ -213,6 +250,9 @@ const PluginsOverview: FC<Props> = ({ installed }) => {
<>
{renderHeader(actions)}
<hr className="header-with-actions" />
{isDefaultPluginCenter ? (
<MyCloudoguBanner loginLink={(pluginCenterAuthInfo?._links?.login as Link)?.href} />
) : null}
{renderPluginsList()}
{renderFooter(actions)}
{renderModals()}

47
scm-ui/ui-webapp/src/containers/ExternalError.tsx Normal file
View File

@@ -0,0 +1,47 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
import React from "react";
import { useParams } from "react-router-dom";
import { useTranslation } from "react-i18next";
import { Notification, Page } from "@scm-manager/ui-components";
type LocationState = {
code: string;
};
const ExternalError = () => {
const { code } = useParams<LocationState>();
const [t] = useTranslation(["commons", "plugins"]);
return (
<Page title={t("app.error.title")} subtitle={t(`plugins:errors.${code}.displayName`)}>
<Notification type="danger" role="alert">
{t(`plugins:errors.${code}.description`)}
</Notification>
</Page>
);
};
export default ExternalError;

2
scm-ui/ui-webapp/src/containers/Main.tsx
View File

@@ -50,6 +50,7 @@ import ImportLog from "../repos/importlog/ImportLog";
import CreateRepositoryRoot from "../repos/containers/CreateRepositoryRoot";
import Search from "../search/Search";
import Syntax from "../search/Syntax";
import ExternalError from "./ExternalError";
type Props = {
me: Me;
@@ -76,6 +77,7 @@ const Main: FC<Props> = props => {
<Redirect exact from="/" to={url} />
<Route exact path="/login" component={Login} />
<Route path="/logout" component={Logout} />
<Route path="/error/:code" component={ExternalError} />
<Redirect exact strict from="/repos" to="/repos/" />
<ProtectedRoute exact path="/repos/" component={Overview} authenticated={authenticated} />
<ProtectedRoute path="/repos/create" component={CreateRepositoryRoot} authenticated={authenticated} />

1
scm-webapp/src/main/java/sonia/scm/api/v2/resources/ConfigDto.java
View File

@@ -54,6 +54,7 @@ public class ConfigDto extends HalRepresentation implements UpdateConfigDto {
private Set<String> proxyExcludes;
private boolean skipFailedAuthenticators;
private String pluginUrl;
private String pluginAuthUrl;
private long loginAttemptLimitTimeout;
private boolean enabledXsrfProtection;
private boolean enabledUserConverter;

1
scm-webapp/src/main/java/sonia/scm/api/v2/resources/IndexDtoGenerator.java
View File

@@ -105,6 +105,7 @@ public class IndexDtoGenerator extends HalAppenderMapper {
}
if (PluginPermissions.read().isPermitted()) {
builder.single(link("pluginCenterAuth", resourceLinks.pluginCenterAuth().auth()));
builder.single(link("installedPlugins", resourceLinks.installedPluginCollection().self()));
builder.single(link("availablePlugins", resourceLinks.availablePluginCollection().self()));
}

429
scm-webapp/src/main/java/sonia/scm/api/v2/resources/PluginCenterAuthResource.java Normal file
View File

@@ -0,0 +1,429 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.api.v2.resources;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import de.otto.edison.hal.Link;
import de.otto.edison.hal.Links;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import sonia.scm.ExceptionWithContext;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.plugin.AuthenticationInfo;
import sonia.scm.plugin.PluginCenterAuthenticator;
import sonia.scm.plugin.PluginPermissions;
import sonia.scm.security.AllowAnonymousAccess;
import sonia.scm.security.Impersonator;
import sonia.scm.security.SecureParameterSerializer;
import sonia.scm.security.XsrfExcludes;
import sonia.scm.user.DisplayUser;
import sonia.scm.user.User;
import sonia.scm.user.UserDisplayManager;
import sonia.scm.util.HttpUtil;
import sonia.scm.web.VndMediaType;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.ws.rs.*;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
import java.net.URI;
import java.util.Optional;
import java.util.UUID;
@Singleton
public class PluginCenterAuthResource {
@VisibleForTesting
static final String ERROR_SOURCE_MISSING = "5DSqG6Mcg1";
@VisibleForTesting
static final String ERROR_AUTHENTICATION_DISABLED = "8tSqFDot11";
@VisibleForTesting
static final String ERROR_ALREADY_AUTHENTICATED = "8XSqFEBd41";
@VisibleForTesting
static final String ERROR_PARAMS_MISSING = "52SqQBdpO1";
@VisibleForTesting
static final String ERROR_CHALLENGE_MISSING = "FNSqFKQIR1";
@VisibleForTesting
static final String ERROR_CHALLENGE_DOES_NOT_MATCH = "8ESqFElpI1";
private final ScmPathInfoStore pathInfoStore;
private final PluginCenterAuthenticator authenticator;
private final ScmConfiguration configuration;
private final UserDisplayManager userDisplayManager;
private final XsrfExcludes excludes;
private final ChallengeGenerator challengeGenerator;
private final SecureParameterSerializer parameterSerializer;
private final Impersonator impersonator;
private String challenge;
@Inject
public PluginCenterAuthResource(
ScmPathInfoStore pathInfoStore,
PluginCenterAuthenticator authenticator,
UserDisplayManager userDisplayManager,
ScmConfiguration scmConfiguration,
XsrfExcludes excludes,
SecureParameterSerializer parameterSerializer,
Impersonator impersonator) {
this(
pathInfoStore, authenticator, userDisplayManager, scmConfiguration, excludes, () -> UUID.randomUUID().toString(),
parameterSerializer, impersonator);
}
@VisibleForTesting
PluginCenterAuthResource(
ScmPathInfoStore pathInfoStore,
PluginCenterAuthenticator authenticator,
UserDisplayManager userDisplayManager,
ScmConfiguration configuration,
XsrfExcludes excludes,
ChallengeGenerator challengeGenerator,
SecureParameterSerializer parameterSerializer,
Impersonator impersonator) {
this.pathInfoStore = pathInfoStore;
this.authenticator = authenticator;
this.configuration = configuration;
this.userDisplayManager = userDisplayManager;
this.excludes = excludes;
this.challengeGenerator = challengeGenerator;
this.parameterSerializer = parameterSerializer;
this.impersonator = impersonator;
}
@GET
@Path("")
@Operation(
summary = "Return plugin center auth info",
description = "Return authentication information of plugin center connection",
tags = "Plugin Management",
operationId = "plugin_center_auth_information"
)
@ApiResponse(
responseCode = "200",
description = "success",
content = @Content(
mediaType = VndMediaType.PLUGIN_COLLECTION,
schema = @Schema(implementation = PluginCenterAuthenticationInfoDto.class)
)
)
@ApiResponse(responseCode = "401", description = "not authenticated / invalid credentials")
@ApiResponse(responseCode = "403", description = "not authorized, the current user does not have the \"plugin:read\" privilege")
@ApiResponse(
responseCode = "500",
description = "internal server error",
content = @Content(
mediaType = VndMediaType.ERROR_TYPE,
schema = @Schema(implementation = ErrorDto.class)
)
)
@Produces(VndMediaType.PLUGIN_CENTER_AUTH_INFO)
public Response authenticationInfo(@Context UriInfo uriInfo) {
Optional<AuthenticationInfo> authentication = authenticator.getAuthenticationInfo();
if (authentication.isPresent()) {
return Response.ok(createAuthenticatedDto(uriInfo, authentication.get())).build();
}
PluginCenterAuthenticationInfoDto dto = new PluginCenterAuthenticationInfoDto(createLinks(uriInfo, false));
dto.setDefault(configuration.isDefaultPluginAuthUrl());
return Response.ok(dto).build();
}
private PluginCenterAuthenticationInfoDto createAuthenticatedDto(@Context UriInfo uriInfo, AuthenticationInfo info) {
PluginCenterAuthenticationInfoDto dto = new PluginCenterAuthenticationInfoDto(
createLinks(uriInfo, true)
);
dto.setPrincipal(getPrincipalDisplayName(info.getPrincipal()));
dto.setPluginCenterSubject(info.getPluginCenterSubject());
dto.setDate(info.getDate());
dto.setDefault(configuration.isDefaultPluginAuthUrl());
return dto;
}
@GET
@Path("login")
@Operation(
summary = "Login",
description = "Start the authentication flow to connect the plugin center with an account",
tags = "Plugin Management",
operationId = "plugin_center_auth_login"
)
@ApiResponse(
responseCode = "303",
description = "See other"
)
@ApiResponse(responseCode = "401", description = "not authenticated / invalid credentials")
@ApiResponse(responseCode = "403", description = "not authorized, the current user does not have the \"plugin:write\" privilege")
@ApiResponse(
responseCode = "500",
description = "internal server error",
content = @Content(
mediaType = VndMediaType.ERROR_TYPE,
schema = @Schema(implementation = ErrorDto.class)
)
)
public Response login(@Context UriInfo uriInfo, @QueryParam("source") String source) throws IOException {
String pluginAuthUrl = configuration.getPluginAuthUrl();
if (Strings.isNullOrEmpty(source)) {
return error(ERROR_SOURCE_MISSING);
}
if (Strings.isNullOrEmpty(pluginAuthUrl)) {
return error(ERROR_AUTHENTICATION_DISABLED);
}
if (authenticator.isAuthenticated()) {
return error(ERROR_ALREADY_AUTHENTICATED);
}
challenge = challengeGenerator.create();
URI selfUri = uriInfo.getAbsolutePath();
selfUri = selfUri.resolve(selfUri.getPath().replace("/login", "/callback"));
String principal = SecurityUtils.getSubject().getPrincipal().toString();
AuthParameter parameter = new AuthParameter(
principal,
challenge,
source
);
URI callbackUri = UriBuilder.fromUri(selfUri)
.queryParam("params", parameterSerializer.serialize(parameter))
.build();
excludes.add(callbackUri.getPath());
URI authUri = UriBuilder.fromUri(pluginAuthUrl).queryParam("instance", callbackUri.toASCIIString()).build();
return Response.seeOther(authUri).build();
}
private Links createLinks(UriInfo uriInfo, boolean authenticated) {
String self = uriInfo.getAbsolutePath().toASCIIString();
Links.Builder builder = Links.linkingTo().self(self);
if (PluginPermissions.write().isPermitted()) {
if (authenticated) {
builder.single(Link.link("logout", self));
} else {
URI login = uriInfo.getAbsolutePathBuilder().path("login").build();
builder.single(Link.link("login", login.toASCIIString()));
}
}
return builder.build();
}
private String getPrincipalDisplayName(String principal) {
return userDisplayManager.get(principal).map(DisplayUser::getDisplayName).orElse(principal);
}
@DELETE
@Path("")
@Operation(
summary = "Logout",
description = "Start the authentication flow to connect the plugin center with an account",
tags = "Plugin Management",
operationId = "plugin_center_auth_logout"
)
@ApiResponse(
responseCode = "204",
description = "No content"
)
@ApiResponse(responseCode = "401", description = "not authenticated / invalid credentials")
@ApiResponse(responseCode = "403", description = "not authorized, the current user does not have the \"plugin:write\" privilege")
@ApiResponse(
responseCode = "500",
description = "internal server error",
content = @Content(
mediaType = VndMediaType.ERROR_TYPE,
schema = @Schema(implementation = ErrorDto.class)
)
)
public Response logout() {
authenticator.logout();
return Response.noContent().build();
}
@POST
@Path("callback")
@Operation(
summary = "Finalize authentication",
description = "Callback endpoint for the authentication flow to finalize the authentication",
tags = "Plugin Management",
operationId = "plugin_center_auth_callback"
)
@ApiResponse(
responseCode = "303",
description = "See other"
)
@ApiResponse(responseCode = "401", description = "not authenticated / invalid credentials")
@ApiResponse(responseCode = "403", description = "not authorized, the current user does not have the \"plugin:write\" privilege")
@ApiResponse(
responseCode = "500",
description = "internal server error",
content = @Content(
mediaType = VndMediaType.ERROR_TYPE,
schema = @Schema(implementation = ErrorDto.class)
)
)
@AllowAnonymousAccess
public Response callback(
@Context UriInfo uriInfo,
@QueryParam("params") String encryptedParams,
@FormParam("subject") String subject,
@FormParam("refresh_token") String refreshToken
) throws IOException {
if (Strings.isNullOrEmpty(encryptedParams)) {
return error(ERROR_PARAMS_MISSING);
}
AuthParameter params = parameterSerializer.deserialize(encryptedParams, AuthParameter.class);
Optional<String> error = checkChallenge(params.getChallenge());
if (error.isPresent()) {
return error(error.get());
}
challenge = null;
excludes.remove(uriInfo.getPath());
PrincipalCollection principal = createPrincipalCollection(params);
try (Impersonator.Session session = impersonator.impersonate(principal)) {
authenticator.authenticate(subject, refreshToken);
} catch (ExceptionWithContext ex) {
return error(ex.getCode());
}
return redirect(params.getSource());
}
private PrincipalCollection createPrincipalCollection(AuthParameter params) {
SimplePrincipalCollection principal = new SimplePrincipalCollection(
params.getPrincipal(), "pluginCenterAuth"
);
User user = new User(params.getPrincipal());
principal.add(user, "pluginCenterAuth");
return principal;
}
@GET
@Path("callback")
@Operation(
summary = "Abort authentication",
description = "Callback endpoint for the authentication flow to abort the authentication",
tags = "Plugin Management",
operationId = "plugin_center_auth_callback_abort"
)
@ApiResponse(
responseCode = "303",
description = "See other"
)
@ApiResponse(responseCode = "401", description = "not authenticated / invalid credentials")
@ApiResponse(responseCode = "403", description = "not authorized, the current user does not have the \"plugin:write\" privilege")
@ApiResponse(
responseCode = "500",
description = "internal server error",
content = @Content(
mediaType = VndMediaType.ERROR_TYPE,
schema = @Schema(implementation = ErrorDto.class)
)
)
public Response callbackAbort(@Context UriInfo uriInfo, @QueryParam("params") String encryptedParams) throws IOException {
if (Strings.isNullOrEmpty(encryptedParams)) {
return error(ERROR_PARAMS_MISSING);
}
AuthParameter params = parameterSerializer.deserialize(encryptedParams, AuthParameter.class);
Optional<String> error = checkChallenge(params.getChallenge());
if (error.isPresent()) {
return error(error.get());
}
challenge = null;
excludes.remove(uriInfo.getPath());
return redirect(params.getSource());
}
private Response error(String code) {
return redirect("error/" + code);
}
private Response redirect(String location) {
URI rootUri = pathInfoStore.get().getRootUri();
String path = rootUri.getPath();
if (!Strings.isNullOrEmpty(location)) {
path = HttpUtil.concatenate(path, location);
}
return redirect(rootUri.resolve(path));
}
private Response redirect(URI location) {
return Response.status(Response.Status.SEE_OTHER).location(location).build();
}
private Optional<String> checkChallenge(String challengeFromRequest) {
if (Strings.isNullOrEmpty(challenge)) {
return Optional.of(ERROR_CHALLENGE_MISSING);
}
if (!challenge.equals(challengeFromRequest)) {
return Optional.of(ERROR_CHALLENGE_DOES_NOT_MATCH);
}
return Optional.empty();
}
@FunctionalInterface
interface ChallengeGenerator {
String create();
}
@Data
@NoArgsConstructor
@AllArgsConstructor
static class AuthParameter {
private String principal;
private String challenge;
private String source;
}
}

53
scm-webapp/src/main/java/sonia/scm/api/v2/resources/PluginCenterAuthenticationInfoDto.java Normal file
View File

@@ -0,0 +1,53 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.api.v2.resources;
import com.fasterxml.jackson.annotation.JsonInclude;
import de.otto.edison.hal.HalRepresentation;
import de.otto.edison.hal.Links;
import lombok.Getter;
import lombok.Setter;
import java.time.Instant;
import static com.fasterxml.jackson.annotation.JsonInclude.Include.NON_NULL;
@Getter
@Setter
@SuppressWarnings("java:S2160") // we need no equals here
public class PluginCenterAuthenticationInfoDto extends HalRepresentation {
@JsonInclude(NON_NULL)
private String principal;
@JsonInclude(NON_NULL)
private String pluginCenterSubject;
@JsonInclude(NON_NULL)
private Instant date;
private boolean isDefault;
public PluginCenterAuthenticationInfoDto(Links links) {
super(links);
}
}

5
scm-webapp/src/main/java/sonia/scm/api/v2/resources/PluginDtoMapper.java
View File

@@ -24,6 +24,7 @@
package sonia.scm.api.v2.resources;
import com.google.common.base.Strings;
import de.otto.edison.hal.Links;
import org.mapstruct.Mapper;
import org.mapstruct.Mapping;
@@ -97,7 +98,9 @@ public abstract class PluginDtoMapper {
if (isCloudoguPlugin) {
Optional<String> cloudoguInstallLink = plugin.getDescriptor().getInstallLink();
cloudoguInstallLink.ifPresent(link -> links.single(link("cloudoguInstall", link)));
} else {
}
if (!Strings.isNullOrEmpty(plugin.getDescriptor().getUrl())) {
String href = resourceLinks.availablePlugin().install(information.getName());
appendLink(links, "install", href);
}

14
scm-webapp/src/main/java/sonia/scm/api/v2/resources/PluginRootResource.java
View File

@@ -40,12 +40,19 @@ public class PluginRootResource {
private final Provider<InstalledPluginResource> installedPluginResourceProvider;
private final Provider<AvailablePluginResource> availablePluginResourceProvider;
private final Provider<PendingPluginResource> pendingPluginResourceProvider;
private final Provider<PluginCenterAuthResource> pluginCenterAuthResourceProvider;
@Inject
public PluginRootResource(Provider<InstalledPluginResource> installedPluginResourceProvider, Provider<AvailablePluginResource> availablePluginResourceProvider, Provider<PendingPluginResource> pendingPluginResourceProvider) {
public PluginRootResource(
Provider<InstalledPluginResource> installedPluginResourceProvider,
Provider<AvailablePluginResource> availablePluginResourceProvider,
Provider<PendingPluginResource> pendingPluginResourceProvider,
Provider<PluginCenterAuthResource> pluginCenterAuthResourceProvider
) {
this.installedPluginResourceProvider = installedPluginResourceProvider;
this.availablePluginResourceProvider = availablePluginResourceProvider;
this.pendingPluginResourceProvider = pendingPluginResourceProvider;
this.pluginCenterAuthResourceProvider = pluginCenterAuthResourceProvider;
}
@Path("/installed")
@@ -58,4 +65,9 @@ public class PluginRootResource {
@Path("/pending")
public PendingPluginResource pendingPlugins() { return pendingPluginResourceProvider.get(); }
@Path("/auth")
public PluginCenterAuthResource authResource() {
return pluginCenterAuthResourceProvider.get();
}
}

16
scm-webapp/src/main/java/sonia/scm/api/v2/resources/ResourceLinks.java
View File

@@ -1202,4 +1202,20 @@ class ResourceLinks {
.href();
}
}
public PluginCenterAuthLinks pluginCenterAuth() {
return new PluginCenterAuthLinks(scmPathInfoStore.get().get());
}
static class PluginCenterAuthLinks {
private final LinkBuilder indexLinkBuilder;
PluginCenterAuthLinks(ScmPathInfo pathInfo) {
indexLinkBuilder = new LinkBuilder(pathInfo, PluginRootResource.class, PluginCenterAuthResource.class);
}
String auth() {
return indexLinkBuilder.method("authResource").parameters().method("authenticationInfo").parameters().href();
}
}
}

52
scm-webapp/src/main/java/sonia/scm/plugin/AuthenticationInfo.java Normal file
View File

@@ -0,0 +1,52 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.plugin;
import java.time.Instant;
/**
* Information about the plugin center authentication.
* @since 2.28.0
*/
public interface AuthenticationInfo {
/**
* Returns the username of the SCM-Manager user which has authenticated the plugin center.
* @return SCM-Manager username
*/
String getPrincipal();
/**
* Returns the subject of the plugin center user.
* @return plugin center subject
*/
String getPluginCenterSubject();
/**
* Returns the date on which the authentication was performed.
* @return authentication date
*/
Instant getDate();
}

50
scm-webapp/src/main/java/sonia/scm/plugin/FetchAccessTokenFailedException.java Normal file
View File

@@ -0,0 +1,50 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.plugin;
import sonia.scm.ExceptionWithContext;
import java.util.Collections;
/**
* Exception is thrown if the exchange of a refresh token to an access token fails.
*
* @since 2.28.0
*/
public class FetchAccessTokenFailedException extends ExceptionWithContext {
public FetchAccessTokenFailedException(String message) {
super(Collections.emptyList(), message);
}
public FetchAccessTokenFailedException(String message, Exception cause) {
super(Collections.emptyList(), message, cause);
}
@Override
public String getCode() {
return "AHSqALeEv1";
}
}

26
scm-webapp/src/main/java/sonia/scm/plugin/PluginCenter.java
View File

@@ -24,6 +24,8 @@
package sonia.scm.plugin;
import com.github.legman.Subscribe;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.SCMContextProvider;
@@ -34,8 +36,10 @@ import sonia.scm.util.HttpUtil;
import sonia.scm.util.SystemUtil;
import javax.inject.Inject;
import javax.inject.Singleton;
import java.util.Set;
@Singleton
public class PluginCenter {
private static final String CACHE_NAME = "sonia.cache.plugins";
@@ -55,19 +59,37 @@ public class PluginCenter {
this.cache = cacheManager.getCache(CACHE_NAME);
}
@Subscribe
public void handle(PluginCenterAuthenticationEvent event) {
LOG.debug("clear plugin center cache, because of {}", event);
cache.clear();
}
synchronized Set<AvailablePlugin> getAvailable() {
String url = buildPluginUrl(configuration.getPluginUrl());
Set<AvailablePlugin> plugins = cache.get(url);
if (plugins == null) {
LOG.debug("no cached available plugins found, start fetching");
plugins = loader.load(url);
cache.put(url, plugins);
plugins = fetchAvailablePlugins(url);
} else {
LOG.debug("return available plugins from cache");
}
return plugins;
}
@CanIgnoreReturnValue
private Set<AvailablePlugin> fetchAvailablePlugins(String url) {
Set<AvailablePlugin> plugins = loader.load(url);
cache.put(url, plugins);
return plugins;
}
synchronized void refresh() {
LOG.debug("refresh plugin center cache");
String url = buildPluginUrl(configuration.getPluginUrl());
fetchAvailablePlugins(url);
}
private String buildPluginUrl(String url) {
String os = HttpUtil.encode(SystemUtil.getOS());
String arch = SystemUtil.getArch();

33
scm-webapp/src/main/java/sonia/scm/plugin/PluginCenterAuthenticationEvent.java Normal file
View File

@@ -0,0 +1,33 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.plugin;
/**
* Marker interface for plugin center authentication events such as login or logout.
* @since 2.28.0
*/
public interface PluginCenterAuthenticationEvent {
}

179
scm-webapp/src/main/java/sonia/scm/plugin/PluginCenterAuthenticator.java Normal file
View File

@@ -0,0 +1,179 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.plugin;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.Value;
import org.apache.shiro.SecurityUtils;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.event.ScmEventBus;
import sonia.scm.net.ahc.AdvancedHttpClient;
import sonia.scm.net.ahc.AdvancedHttpResponse;
import sonia.scm.store.ConfigurationStore;
import sonia.scm.store.ConfigurationStoreFactory;
import sonia.scm.util.HttpUtil;
import sonia.scm.xml.XmlInstantAdapter;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
import java.io.IOException;
import java.time.Instant;
import java.util.Optional;
import static sonia.scm.plugin.Tracing.SPAN_KIND;
@Singleton
public class PluginCenterAuthenticator {
@VisibleForTesting
static final String STORE_NAME = "plugin-center-auth";
private final ConfigurationStore<Authentication> configurationStore;
private final ScmConfiguration scmConfiguration;
private final AdvancedHttpClient advancedHttpClient;
private final ScmEventBus eventBus;
@Inject
public PluginCenterAuthenticator(
ConfigurationStoreFactory configurationStore, ScmConfiguration scmConfiguration,
AdvancedHttpClient advancedHttpClient, ScmEventBus eventBus
) {
this.configurationStore = configurationStore.withType(Authentication.class).withName(STORE_NAME).build();
this.scmConfiguration = scmConfiguration;
this.advancedHttpClient = advancedHttpClient;
this.eventBus = eventBus;
}
public void authenticate(String pluginCenterSubject, String refreshToken) {
Preconditions.checkArgument(!Strings.isNullOrEmpty(pluginCenterSubject), "pluginCenterSubject is required");
Preconditions.checkArgument(!Strings.isNullOrEmpty(refreshToken), "refresh token is required");
// only a user which is able to manage plugins, can authenticate the plugin center
PluginPermissions.write().check();
// check if refresh token is valid
Authentication authentication = new Authentication(principal(), pluginCenterSubject, refreshToken, Instant.now());
fetchAccessToken(authentication);
eventBus.post(new PluginCenterLoginEvent(authentication));
}
public void logout() {
PluginPermissions.write().check();
getAuthenticationInfo().ifPresent(authenticationInfo -> {
eventBus.post(new PluginCenterLogoutEvent(authenticationInfo));
configurationStore.delete();
});
}
public boolean isAuthenticated() {
return getAuthentication().isPresent();
}
public Optional<AuthenticationInfo> getAuthenticationInfo() {
PluginPermissions.read().check();
return getAuthentication().map(a -> a);
}
public String fetchAccessToken() {
PluginPermissions.read().check();
Authentication authentication = getAuthentication()
.orElseThrow(() -> new IllegalStateException("An access token can only be obtained, after a prior authentication"));
return fetchAccessToken(authentication);
}
@CanIgnoreReturnValue
private String fetchAccessToken(Authentication authentication) {
String pluginAuthUrl = scmConfiguration.getPluginAuthUrl();
Preconditions.checkState(!Strings.isNullOrEmpty(pluginAuthUrl), "plugin auth url is not configured");
try {
AdvancedHttpResponse response = advancedHttpClient.post(HttpUtil.concatenate(pluginAuthUrl, "refresh"))
.spanKind(SPAN_KIND)
.jsonContent(new RefreshRequest(authentication.getRefreshToken()))
.request();
if (!response.isSuccessful()) {
throw new FetchAccessTokenFailedException("failed to obtain access token, server returned status code " + response.getStatus());
}
RefreshResponse refresh = response.contentFromJson(RefreshResponse.class);
authentication.setRefreshToken(refresh.getRefreshToken());
configurationStore.set(authentication);
return refresh.getAccessToken();
} catch (IOException ex) {
throw new FetchAccessTokenFailedException("failed to obtain an access token", ex);
}
}
private String principal() {
return SecurityUtils.getSubject().getPrincipal().toString();
}
private Optional<Authentication> getAuthentication() {
return configurationStore.getOptional();
}
@Data
@XmlRootElement
@VisibleForTesting
@AllArgsConstructor
@NoArgsConstructor
@XmlAccessorType(XmlAccessType.FIELD)
static class Authentication implements AuthenticationInfo {
private String principal;
private String pluginCenterSubject;
private String refreshToken;
@XmlJavaTypeAdapter(XmlInstantAdapter.class)
private Instant date;
}
@Value
public static class RefreshRequest {
@JsonProperty("refresh_token")
String refreshToken;
}
@Data
public static class RefreshResponse {
@JsonProperty("access_token")
private String accessToken;
@JsonProperty("refresh_token")
private String refreshToken;
}
}

2
scm-webapp/src/main/java/sonia/scm/plugin/PluginCenterDtoMapper.java
View File

@@ -42,6 +42,8 @@ public abstract class PluginCenterDtoMapper {
Set<AvailablePlugin> map(PluginCenterDto pluginCenterDto) {
Set<AvailablePlugin> plugins = new HashSet<>();
for (PluginCenterDto.Plugin plugin : pluginCenterDto.getEmbedded().getPlugins()) {
// plugin center api returns always a download link,
// but for cloudogu plugin without authentication the href is an empty string
String url = plugin.getLinks().get("download").getHref();
String installLink = getInstallLink(plugin);
AvailablePluginDescriptor descriptor = new AvailablePluginDescriptor(

21
scm-webapp/src/main/java/sonia/scm/plugin/PluginCenterLoader.java
View File

@@ -29,6 +29,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.event.ScmEventBus;
import sonia.scm.net.ahc.AdvancedHttpClient;
import sonia.scm.net.ahc.AdvancedHttpRequest;
import javax.inject.Inject;
import java.util.Collections;
@@ -41,17 +42,24 @@ class PluginCenterLoader {
private static final Logger LOG = LoggerFactory.getLogger(PluginCenterLoader.class);
private final AdvancedHttpClient client;
private final PluginCenterAuthenticator authenticator;
private final PluginCenterDtoMapper mapper;
private final ScmEventBus eventBus;
@Inject
public PluginCenterLoader(AdvancedHttpClient client, ScmEventBus eventBus) {
this(client, PluginCenterDtoMapper.INSTANCE, eventBus);
public PluginCenterLoader(AdvancedHttpClient client, ScmEventBus eventBus, PluginCenterAuthenticator authenticator) {
this(client, authenticator, PluginCenterDtoMapper.INSTANCE, eventBus);
}
@VisibleForTesting
PluginCenterLoader(AdvancedHttpClient client, PluginCenterDtoMapper mapper, ScmEventBus eventBus) {
PluginCenterLoader(
AdvancedHttpClient client,
PluginCenterAuthenticator authenticator,
PluginCenterDtoMapper mapper,
ScmEventBus eventBus
) {
this.client = client;
this.authenticator = authenticator;
this.mapper = mapper;
this.eventBus = eventBus;
}
@@ -59,8 +67,11 @@ class PluginCenterLoader {
Set<AvailablePlugin> load(String url) {
try {
LOG.info("fetch plugins from {}", url);
PluginCenterDto pluginCenterDto = client.get(url).spanKind(SPAN_KIND).request()
.contentFromJson(PluginCenterDto.class);
AdvancedHttpRequest request = client.get(url).spanKind(SPAN_KIND);
if (authenticator.isAuthenticated()) {
request.bearerAuth(authenticator.fetchAccessToken());
}
PluginCenterDto pluginCenterDto = request.request().contentFromJson(PluginCenterDto.class);
return mapper.map(pluginCenterDto);
} catch (Exception ex) {
LOG.error("failed to load plugins from plugin center, returning empty list", ex);

38
scm-webapp/src/main/java/sonia/scm/plugin/PluginCenterLoginEvent.java Normal file
View File

@@ -0,0 +1,38 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.plugin;
import lombok.Value;
import sonia.scm.event.Event;
/**
* Event is fired after a successful login to the plugin center.
* @since 2.28.0
*/
@Event
@Value
public class PluginCenterLoginEvent implements PluginCenterAuthenticationEvent {
AuthenticationInfo authenticationInfo;
}

38
scm-webapp/src/main/java/sonia/scm/plugin/PluginCenterLogoutEvent.java Normal file
View File

@@ -0,0 +1,38 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.plugin;
import lombok.Value;
import sonia.scm.event.Event;
/**
* Event is fired after a successful logout from plugin center.
* @since 2.28.0
*/
@Event
@Value
public class PluginCenterLogoutEvent implements PluginCenterAuthenticationEvent {
AuthenticationInfo priorAuthenticationInfo;
}

61
scm-webapp/src/main/java/sonia/scm/plugin/PluginCenterRefresh.java Normal file
View File

@@ -0,0 +1,61 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.plugin;
import sonia.scm.EagerSingleton;
import sonia.scm.schedule.Scheduler;
import javax.inject.Inject;
/**
* Refresh plugin center cache and refresh the token of plugin center authentication.
* @since 2.28.0
*/
@Extension
@EagerSingleton
public class PluginCenterRefresh {
@Inject
@SuppressWarnings("java:S1118") // could not hide constructor
public PluginCenterRefresh(Scheduler scheduler) {
scheduler.schedule("42 42 0/6 * * ?", RefreshTask.class);
}
public static class RefreshTask implements Runnable {
private final PluginCenter pluginCenter;
@Inject
public RefreshTask(PluginCenter pluginCenter) {
this.pluginCenter = pluginCenter;
}
@Override
public void run() {
pluginCenter.refresh();
}
}
}

14
scm-webapp/src/main/java/sonia/scm/plugin/PluginInstaller.java
View File

@@ -29,6 +29,7 @@ import com.google.common.hash.Hashing;
import com.google.common.hash.HashingInputStream;
import sonia.scm.SCMContextProvider;
import sonia.scm.net.ahc.AdvancedHttpClient;
import sonia.scm.net.ahc.AdvancedHttpRequest;
import javax.inject.Inject;
import java.io.IOException;
@@ -40,18 +41,19 @@ import java.util.Optional;
import static sonia.scm.plugin.Tracing.SPAN_KIND;
@SuppressWarnings("UnstableApiUsage")
// guava hash is marked as unstable
@SuppressWarnings("UnstableApiUsage") // guava hash is marked as unstable
class PluginInstaller {
private final SCMContextProvider scmContext;
private final AdvancedHttpClient client;
private final PluginCenterAuthenticator authenticator;
private final SmpDescriptorExtractor smpDescriptorExtractor;
@Inject
public PluginInstaller(SCMContextProvider scmContext, AdvancedHttpClient client, SmpDescriptorExtractor smpDescriptorExtractor) {
public PluginInstaller(SCMContextProvider scmContext, AdvancedHttpClient client, PluginCenterAuthenticator authenticator, SmpDescriptorExtractor smpDescriptorExtractor) {
this.scmContext = scmContext;
this.client = client;
this.authenticator = authenticator;
this.smpDescriptorExtractor = smpDescriptorExtractor;
}
@@ -128,7 +130,11 @@ class PluginInstaller {
}
private InputStream download(AvailablePlugin plugin) throws IOException {
return client.get(plugin.getDescriptor().getUrl()).spanKind(SPAN_KIND).request().contentAsStream();
AdvancedHttpRequest request = client.get(plugin.getDescriptor().getUrl()).spanKind(SPAN_KIND);
if (authenticator.isAuthenticated()) {
request.bearerAuth(authenticator.fetchAccessToken());
}
return request.request().contentAsStream();
}
private Path createFile(AvailablePlugin plugin) throws IOException {

51
scm-webapp/src/main/java/sonia/scm/security/SecureParameterSerializer.java Normal file
View File

@@ -0,0 +1,51 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security;
import com.fasterxml.jackson.databind.ObjectMapper;
import javax.inject.Inject;
import java.io.IOException;
public final class SecureParameterSerializer {
private final ObjectMapper mapper;
@Inject
public SecureParameterSerializer(ObjectMapper mapper) {
this.mapper = mapper;
}
public String serialize(Object object) throws IOException {
String json = mapper.writeValueAsString(object);
return CipherUtil.getInstance().encode(json);
}
public <T> T deserialize(String serialized, Class<T> type) throws IOException {
String decoded = CipherUtil.getInstance().decode(serialized);
return mapper.readValue(decoded, type);
}
}

11
scm-webapp/src/main/java/sonia/scm/security/XsrfAccessTokenValidator.java
View File

@@ -50,16 +50,18 @@ public class XsrfAccessTokenValidator implements AccessTokenValidator {
);
private final Provider<HttpServletRequest> requestProvider;
private final XsrfExcludes excludes;
/**
* Constructs a new instance.
*
* @param requestProvider http request provider
* @param excludes
*/
@Inject
public XsrfAccessTokenValidator(Provider<HttpServletRequest> requestProvider) {
public XsrfAccessTokenValidator(Provider<HttpServletRequest> requestProvider, XsrfExcludes excludes) {
this.requestProvider = requestProvider;
this.excludes = excludes;
}
@Override
@@ -67,6 +69,11 @@ public class XsrfAccessTokenValidator implements AccessTokenValidator {
Optional<String> xsrfClaim = accessToken.getCustom(Xsrf.TOKEN_KEY);
if (xsrfClaim.isPresent()) {
HttpServletRequest request = requestProvider.get();
if (excludes.contains(request.getRequestURI())) {
return true;
}
String xsrfHeaderValue = request.getHeader(Xsrf.HEADER_KEY);
return ALLOWED_METHOD.contains(request.getMethod().toUpperCase(Locale.ENGLISH))
|| xsrfClaim.get().equals(xsrfHeaderValue);

68
scm-webapp/src/main/java/sonia/scm/security/XsrfExcludes.java Normal file
View File

@@ -0,0 +1,68 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import javax.inject.Singleton;
import java.util.HashSet;
import java.util.Set;
/**
* XsrfExcludes can be used to define request uris which are excluded from xsrf validation.
* @since 2.28.0
*/
@Singleton
public class XsrfExcludes {
private final Set<String> excludes = new HashSet<>();
/**
* Exclude the given request uri from xsrf validation.
* @param requestUri request uri
*/
public void add(String requestUri) {
excludes.add(requestUri);
}
/**
* Include prior excluded request uri to xsrf validation.
* @param requestUri request uri
* @return {@code true} is uri was excluded
*/
@CanIgnoreReturnValue
public boolean remove(String requestUri) {
return excludes.remove(requestUri);
}
/**
* Returns {@code true} if the request uri is excluded from xsrf validation.
* @param requestUri request uri
* @return {@code true} if uri is excluded
*/
public boolean contains(String requestUri) {
return excludes.contains(requestUri);
}
}

28
scm-webapp/src/main/resources/locales/de/plugins.json
View File

@@ -366,6 +366,34 @@
"CISPvega31": {
"displayName": "Ungültiger Repository-Typ für Import",
"description": "Der Import ist für den gegebenen Repository-Typen nicht möglich."
},
"5DSqG6Mcg1": {
"displayName": "Fehlender Source Parameter",
"description": "Der Source Parameter wird für die Authentifizierung benötigt."
},
"8tSqFDot11": {
"displayName": "Authentifizierung ist deaktiviert",
"description": "Die Plugin Center Authentifizierung ist deaktiviert."
},
"8XSqFEBd41": {
"displayName": "Authentifizierung bereits durchgeführt",
"description": "Das Plugin Center wurde bereits authentifiziert."
},
"FNSqFKQIR1": {
"displayName": "Fehlender challenge Parameter",
"description": "Die Antwort der Authentifizierung enthält keinen Challenge Parameter."
},
"8ESqFElpI1": {
"displayName": "Falscher challenge Parameter",
"description": "Die Antwort der Authentifizierung enthält einen falschen Challenge Parameter."
},
"AHSqALeEv1": {
"displayName": "Authentifizierung fehlgeschlagen",
"description": "Die Authentifizierung des Plugin Centers ist fehlgeschlagen."
},
"52SqQBdpO1": {
"displayName": "Fehlender params Parameter",
"description": "Die Antwort der Authentifizierung enthält keinen params Parameter."
}
},
"healthCheckFailures": {

28
scm-webapp/src/main/resources/locales/en/plugins.json
View File

@@ -374,6 +374,34 @@
"8wSpi62oJ1": {
"displayName": "Modification failed",
"description": "The modification could not be applied. This can have many reasons, for example a file that could not be moved, invalid file names, etc."
},
"5DSqG6Mcg1": {
"displayName": "Source missing",
"description": "The source parameter is missing."
},
"8tSqFDot11": {
"displayName": "Authentication disabled",
"description": "Plugin center authentication is disabled."
},
"8XSqFEBd41": {
"displayName": "Already authenticated",
"description": "The plugin center is already authenticated."
},
"FNSqFKQIR1": {
"displayName": "Challenge missing",
"description": "The callback for the plugin center authentication is missing the challenge parameter."
},
"8ESqFElpI1": {
"displayName": "Challenge mismatch",
"description": "The provided challenge does not match."
},
"AHSqALeEv1": {
"displayName": "Authentication failed",
"description": "Plugin center authentication failed."
},
"52SqQBdpO1": {
"displayName": "Params missing",
"description": "The parameter params is missing."
}
},
"healthChecksFailures": {

2
scm-webapp/src/test/java/sonia/scm/api/v2/resources/AvailablePluginResourceTest.java
View File

@@ -93,7 +93,7 @@ class AvailablePluginResourceTest {
@BeforeEach
void prepareEnvironment() {
pluginRootResource = new PluginRootResource(null, availablePluginResourceProvider, null);
pluginRootResource = new PluginRootResource(null, availablePluginResourceProvider, null, null);
when(availablePluginResourceProvider.get()).thenReturn(availablePluginResource);
dispatcher.addSingletonResource(pluginRootResource);
}

74
scm-webapp/src/test/java/sonia/scm/api/v2/resources/ConfigDtoToScmConfigurationMapperTest.java
View File

@@ -24,21 +24,18 @@
package sonia.scm.api.v2.resources;
import org.junit.Before;
import org.junit.Test;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.internal.util.collections.Sets;
import org.mockito.junit.jupiter.MockitoExtension;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.security.AnonymousMode;
import java.util.Arrays;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.mockito.MockitoAnnotations.initMocks;
public class ConfigDtoToScmConfigurationMapperTest {
@ExtendWith(MockitoExtension.class)
class ConfigDtoToScmConfigurationMapperTest {
@InjectMocks
private ConfigDtoToScmConfigurationMapperImpl mapper;
@@ -46,53 +43,49 @@ public class ConfigDtoToScmConfigurationMapperTest {
private final String[] expectedExcludes = {"ex", "clude"};
private final String[] expectedUsers = {"trillian", "arthur"};
@Before
public void init() {
initMocks(this);
}
@Test
public void shouldMapFields() {
void shouldMapFields() {
ConfigDto dto = createDefaultDto();
ScmConfiguration config = mapper.map(dto);
assertEquals("prPw", config.getProxyPassword());
assertEquals(42, config.getProxyPort());
assertEquals("srvr", config.getProxyServer());
assertEquals("user", config.getProxyUser());
assertTrue(config.isEnableProxy());
assertEquals("realm", config.getRealmDescription());
assertTrue(config.isDisableGroupingGrid());
assertEquals("yyyy", config.getDateFormat());
assertEquals(AnonymousMode.PROTOCOL_ONLY, config.getAnonymousMode());
assertEquals("baseurl", config.getBaseUrl());
assertTrue(config.isForceBaseUrl());
assertEquals(41, config.getLoginAttemptLimit());
assertTrue("proxyExcludes", config.getProxyExcludes().containsAll(Arrays.asList(expectedExcludes)));
assertTrue(config.isSkipFailedAuthenticators());
assertEquals("https://plug.ins", config.getPluginUrl());
assertEquals(40, config.getLoginAttemptLimitTimeout());
assertTrue(config.isEnabledXsrfProtection());
assertFalse(config.isEnabledUserConverter());
assertEquals("username", config.getNamespaceStrategy());
assertEquals("https://scm-manager.org/login-info", config.getLoginInfoUrl());
assertEquals("hitchhiker.mail", config.getMailDomainName());
assertTrue("emergencyContacts", config.getEmergencyContacts().containsAll(Arrays.asList(expectedUsers)));
assertThat(config.getProxyPassword()).isEqualTo("prPw");
assertThat(config.getProxyPort()).isEqualTo(42);
assertThat(config.getProxyServer()).isEqualTo("srvr");
assertThat(config.getProxyUser()).isEqualTo("user");
assertThat(config.isEnableProxy()).isTrue();
assertThat(config.getRealmDescription()).isEqualTo("realm");
assertThat(config.isDisableGroupingGrid()).isTrue();
assertThat(config.getDateFormat()).isEqualTo("yyyy");
assertThat(config.getAnonymousMode()).isSameAs(AnonymousMode.PROTOCOL_ONLY);
assertThat(config.getBaseUrl()).isEqualTo("baseurl");
assertThat(config.isForceBaseUrl()).isTrue();
assertThat(config.getLoginAttemptLimit()).isEqualTo(41);
assertThat(config.getProxyExcludes()).contains(expectedExcludes);
assertThat(config.isSkipFailedAuthenticators()).isTrue();
assertThat(config.getPluginUrl()).isEqualTo("https://plug.ins");
assertThat(config.getPluginAuthUrl()).isEqualTo("https://plug.ins/oidc");
assertThat(config.getLoginAttemptLimitTimeout()).isEqualTo(40);
assertThat(config.isEnabledXsrfProtection()).isTrue();
assertThat(config.isEnabledUserConverter()).isFalse();
assertThat(config.getNamespaceStrategy()).isEqualTo("username");
assertThat(config.getLoginInfoUrl()).isEqualTo("https://scm-manager.org/login-info");
assertThat(config.getMailDomainName()).isEqualTo("hitchhiker.mail");
assertThat(config.getEmergencyContacts()).contains(expectedUsers);
}
@Test
public void shouldMapAnonymousAccessFieldToAnonymousMode() {
void shouldMapAnonymousAccessFieldToAnonymousMode() {
ConfigDto dto = createDefaultDto();
ScmConfiguration config = mapper.map(dto);
assertEquals(AnonymousMode.PROTOCOL_ONLY, config.getAnonymousMode());
assertThat(config.getAnonymousMode()).isSameAs(AnonymousMode.PROTOCOL_ONLY);
dto.setAnonymousMode(null);
dto.setAnonymousAccessEnabled(false);
ScmConfiguration config2 = mapper.map(dto);
assertEquals(AnonymousMode.OFF, config2.getAnonymousMode());
assertThat(config2.getAnonymousMode()).isSameAs(AnonymousMode.OFF);
}
private ConfigDto createDefaultDto() {
@@ -112,6 +105,7 @@ public class ConfigDtoToScmConfigurationMapperTest {
configDto.setProxyExcludes(Sets.newSet(expectedExcludes));
configDto.setSkipFailedAuthenticators(true);
configDto.setPluginUrl("https://plug.ins");
configDto.setPluginAuthUrl("https://plug.ins/oidc");
configDto.setLoginAttemptLimitTimeout(40);
configDto.setEnabledXsrfProtection(true);
configDto.setNamespaceStrategy("username");

22
scm-webapp/src/test/java/sonia/scm/api/v2/resources/IndexResourceTest.java
View File

@@ -33,6 +33,7 @@ import org.junit.Test;
import sonia.scm.SCMContextProvider;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.initialization.InitializationFinisher;
import sonia.scm.plugin.PluginCenterAuthenticator;
import sonia.scm.search.SearchEngine;
import java.net.URI;
@@ -51,7 +52,6 @@ public class IndexResourceTest {
private SCMContextProvider scmContextProvider;
private IndexResource indexResource;
@Before
public void setUpObjectUnderTest() {
this.configuration = new ScmConfiguration();
@@ -63,10 +63,28 @@ public class IndexResourceTest {
ResourceLinksMock.createMock(URI.create("/")),
scmContextProvider,
configuration,
initializationFinisher, searchEngine);
initializationFinisher,
searchEngine
);
this.indexResource = new IndexResource(generator);
}
@Test
@SubjectAware(username = "dent", password = "secret")
public void shouldRenderPluginCenterAuthLink() {
IndexDto index = indexResource.getIndex();
Assertions.assertThat(index.getLinks().getLinkBy("pluginCenterAuth")).isPresent();
}
@Test
@SubjectAware(username = "trillian", password = "secret")
public void shouldNotRenderPluginCenterLoginLinkIfPermissionsAreMissing() {
IndexDto index = indexResource.getIndex();
Assertions.assertThat(index.getLinks().getLinkBy("pluginCenterAuth")).isNotPresent();
}
@Test
public void shouldRenderLoginUrlsForUnauthenticatedRequest() {
IndexDto index = indexResource.getIndex();

2
scm-webapp/src/test/java/sonia/scm/api/v2/resources/InstalledPluginResourceTest.java
View File

@@ -89,7 +89,7 @@ class InstalledPluginResourceTest {
@BeforeEach
void prepareEnvironment() {
pluginRootResource = new PluginRootResource(installedPluginResourceProvider, null, null);
pluginRootResource = new PluginRootResource(installedPluginResourceProvider, null, null, null);
when(installedPluginResourceProvider.get()).thenReturn(installedPluginResource);
dispatcher.addSingletonResource(pluginRootResource);
}

2
scm-webapp/src/test/java/sonia/scm/api/v2/resources/PendingPluginResourceTest.java
View File

@@ -90,7 +90,7 @@ class PendingPluginResourceTest {
@BeforeEach
void prepareEnvironment() {
dispatcher.registerException(ShiroException.class, Response.Status.UNAUTHORIZED);
PluginRootResource pluginRootResource = new PluginRootResource(null, null, Providers.of(pendingPluginResource));
PluginRootResource pluginRootResource = new PluginRootResource(null, null, Providers.of(pendingPluginResource), null);
dispatcher.addSingletonResource(pluginRootResource);
}

469
scm-webapp/src/test/java/sonia/scm/api/v2/resources/PluginCenterAuthResourceTest.java Normal file
View File

@@ -0,0 +1,469 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.api.v2.resources;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import com.google.inject.util.Providers;
import lombok.Value;
import org.github.sdorra.jse.ShiroExtension;
import org.github.sdorra.jse.SubjectAware;
import org.jboss.resteasy.mock.MockHttpRequest;
import org.jboss.resteasy.mock.MockHttpResponse;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.plugin.AuthenticationInfo;
import sonia.scm.plugin.FetchAccessTokenFailedException;
import sonia.scm.plugin.PluginCenterAuthenticator;
import sonia.scm.security.Impersonator;
import sonia.scm.security.SecureParameterSerializer;
import sonia.scm.security.XsrfExcludes;
import sonia.scm.user.DisplayUser;
import sonia.scm.user.UserDisplayManager;
import sonia.scm.user.UserTestData;
import sonia.scm.web.RestDispatcher;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.time.Instant;
import java.util.Optional;
import java.util.function.Consumer;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.*;
import static sonia.scm.api.v2.resources.PluginCenterAuthResource.*;
@ExtendWith({MockitoExtension.class, ShiroExtension.class})
class PluginCenterAuthResourceTest {
private final RestDispatcher dispatcher = new RestDispatcher();
private final ScmConfiguration scmConfiguration = new ScmConfiguration();
@Mock
private PluginCenterAuthenticator authenticator;
@Mock
private XsrfExcludes excludes;
@Mock
private ChallengeGenerator challengeGenerator;
@Mock
private UserDisplayManager userDisplayManager;
@Mock
private SecureParameterSerializer parameterSerializer;
@Mock
private Impersonator impersonator;
@BeforeEach
void setUpDispatcher() {
ScmPathInfoStore pathInfoStore = new ScmPathInfoStore();
pathInfoStore.set(rootPathInfo);
PluginCenterAuthResource resource = new PluginCenterAuthResource(
pathInfoStore, authenticator, userDisplayManager,
scmConfiguration, excludes, challengeGenerator,
parameterSerializer, impersonator
);
dispatcher.addSingletonResource(
new PluginRootResource(
null,
null,
null,
Providers.of(resource)
)
);
}
@Nested
class GetAuthenticationInfo {
@Test
void shouldReturnEmptyAuthenticationInfo() throws URISyntaxException, IOException {
JsonNode root = getJson("/v2/plugins/auth");
assertThat(root.has("principal")).isFalse();
assertThat(root.has("pluginCenterSubject")).isFalse();
assertThat(root.has("date")).isFalse();
assertThat(root.get("_links").get("self").get("href").asText()).isEqualTo("/v2/plugins/auth");
}
@Test
void shouldReturnTrueForIsDefault() throws URISyntaxException, IOException {
JsonNode root = getJson("/v2/plugins/auth");
assertThat(root.get("default").asBoolean()).isTrue();
}
@Test
void shouldReturnFalseIfTheAuthUrlIsNotDefault() throws URISyntaxException, IOException {
scmConfiguration.setPluginAuthUrl("https://plug.ins");
JsonNode root = getJson("/v2/plugins/auth");
assertThat(root.get("default").asBoolean()).isFalse();
}
@Test
@SubjectAware(value = "marvin", permissions = "plugin:write")
void shouldReturnLoginLinkIfPermitted() throws URISyntaxException, IOException {
JsonNode root = getJson("/v2/plugins/auth");
assertThat(root.get("_links").get("login").get("href").asText()).isEqualTo("/v2/plugins/auth/login");
}
@Test
void shouldReturnAuthenticationInfo() throws IOException, URISyntaxException {
JsonNode root = requestAuthInfo();
assertThat(root.get("principal").asText()).isEqualTo("Tricia McMillan");
assertThat(root.get("pluginCenterSubject").asText()).isEqualTo("tricia.mcmillan@hitchhiker.com");
assertThat(root.get("date").asText()).isNotEmpty();
assertThat(root.get("_links").get("self").get("href").asText()).isEqualTo("/v2/plugins/auth");
}
@Test
void shouldNotReturnLogoutLinkWithoutWritePermission() throws IOException, URISyntaxException {
JsonNode root = requestAuthInfo();
assertThat(root.get("_links").has("logout")).isFalse();
}
@Test
@SubjectAware(value = "marvin", permissions = "plugin:write")
void shouldReturnLogoutLinkIfPermitted() throws IOException, URISyntaxException {
JsonNode root = requestAuthInfo();
assertThat(root.get("_links").get("logout").get("href").asText()).isEqualTo("/v2/plugins/auth");
}
@Test
@SubjectAware(value = "marvin", permissions = "plugin:write")
void shouldNotReturnLogoutLinkIfPermitted() throws IOException, URISyntaxException {
JsonNode root = requestAuthInfo();
assertThat(root.get("_links").get("logout").get("href").asText()).isEqualTo("/v2/plugins/auth");
}
private JsonNode requestAuthInfo() throws IOException, URISyntaxException {
AuthenticationInfo info = new SimpleAuthenticationInfo(
"trillian", "tricia.mcmillan@hitchhiker.com", Instant.now()
);
when(authenticator.getAuthenticationInfo()).thenReturn(Optional.of(info));
DisplayUser user = DisplayUser.from(UserTestData.createTrillian());
when(userDisplayManager.get("trillian")).thenReturn(Optional.of(user));
return getJson("/v2/plugins/auth");
}
}
@Nested
class Logout {
@Test
void shouldLogout() throws URISyntaxException {
MockHttpResponse response = request(MockHttpRequest.delete("/v2/plugins/auth"));
verify(authenticator).logout();
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_NO_CONTENT);
}
}
@Nested
class AuthRequest {
@Test
void shouldReturnErrorRedirectWithoutSourceParameter() throws URISyntaxException {
MockHttpResponse response = get("/v2/plugins/auth/login");
assertError(response, ERROR_SOURCE_MISSING);
}
@Test
void shouldReturnErrorRedirectWithoutPluginAuthUrlParameter() throws URISyntaxException {
scmConfiguration.setPluginAuthUrl("");
MockHttpResponse response = get("/v2/plugins/auth/login?source=/admin/plugins");
assertError(response, ERROR_AUTHENTICATION_DISABLED);
}
@Test
void shouldReturnErrorRedirectIfAlreadyAuthenticated() throws URISyntaxException {
when(authenticator.isAuthenticated()).thenReturn(true);
MockHttpResponse response = get("/v2/plugins/auth/login?source=/admin/plugins");
assertError(response, ERROR_ALREADY_AUTHENTICATED);
}
@Test
@SubjectAware("trillian")
void shouldReturnRedirectToPluginAuthUrl() throws URISyntaxException, IOException {
when(challengeGenerator.create()).thenReturn("abcd");
when(parameterSerializer.serialize(any(AuthParameter.class))).thenReturn("def");
scmConfiguration.setPluginAuthUrl("https://plug.ins");
MockHttpResponse response = get("/v2/plugins/auth/login?source=/admin/plugins");
assertRedirect(response, "https://plug.ins?instance=%2Fv2%2Fplugins%2Fauth%2Fcallback?params%3Ddef");
}
@Test
@SubjectAware("trillian")
void shouldExcludeCallbackFromXsrf() throws URISyntaxException, IOException {
when(challengeGenerator.create()).thenReturn("1234");
when(parameterSerializer.serialize(any(AuthParameter.class))).thenReturn("def");
scmConfiguration.setPluginAuthUrl("https://plug.ins");
get("/v2/plugins/auth/login?source=/admin/plugins");
verify(excludes).add("/v2/plugins/auth/callback");
}
@Test
@SubjectAware("trillian")
void shouldSendAuthParameters() throws URISyntaxException, IOException {
when(challengeGenerator.create()).thenReturn("abc123def");
when(parameterSerializer.serialize(any(AuthParameter.class))).thenReturn("xyz");
get("/v2/plugins/auth/login?source=/admin/plugins");
ArgumentCaptor<AuthParameter> captor = ArgumentCaptor.forClass(AuthParameter.class);
verify(parameterSerializer).serialize(captor.capture());
AuthParameter parameter = captor.getValue();
assertThat(parameter.getChallenge()).isEqualTo("abc123def");
assertThat(parameter.getSource()).isEqualTo("/admin/plugins");
assertThat(parameter.getPrincipal()).isEqualTo("trillian");
}
}
@Nested
@SubjectAware("marvin")
class AbortAuthentication {
@BeforeEach
void setUp() throws IOException {
lenient().when(challengeGenerator.create()).thenReturn("xyz");
lenient().when(parameterSerializer.serialize(any(AuthParameter.class))).thenReturn("secureParams");
}
@Test
void shouldReturnErrorRedirectWithoutParams() throws URISyntaxException {
MockHttpResponse response = get("/v2/plugins/auth/callback");
assertError(response, ERROR_PARAMS_MISSING);
}
@Test
void shouldReturnErrorRedirectWithoutChallenge() throws URISyntaxException, IOException {
mockParams("marvin", null, "/");
MockHttpResponse response = get("/v2/plugins/auth/callback?params=secureParams");
assertError(response, ERROR_CHALLENGE_MISSING);
}
@Test
void shouldReturnErrorRedirectWithChallengeMismatch() throws URISyntaxException, IOException {
mockParams("marvin", "abc", "/repos");
get("/v2/plugins/auth/login?source=/repos");
MockHttpResponse response = get("/v2/plugins/auth/callback?params=secureParams");
assertError(response, ERROR_CHALLENGE_DOES_NOT_MATCH);
}
@Test
void shouldRedirectToRoot() throws URISyntaxException, IOException {
mockParams("marvin", "xyz", null);
get("/v2/plugins/auth/login?source=/repos");
MockHttpResponse response = get("/v2/plugins/auth/callback?params=secureParams");
assertRedirect(response, "/");
}
@Test
void shouldRedirectToSource() throws URISyntaxException, IOException {
mockParams("marvin", "xyz", "/repos");
get("/v2/plugins/auth/login?source=/repos");
MockHttpResponse response = get("/v2/plugins/auth/callback?params=secureParams");
assertRedirect(response, "/repos");
}
@Test
void shouldRemoveCallbackFromXsrf() throws URISyntaxException, IOException {
mockParams("marvin", "xyz", "/repos");
get("/v2/plugins/auth/login?source=/repos");
get("/v2/plugins/auth/callback?params=secureParams");
verify(excludes).remove("/v2/plugins/auth/callback");
}
}
@Nested
@SubjectAware("slarti")
class AuthenticationCallback {
@BeforeEach
void setUp() throws IOException {
lenient().when(challengeGenerator.create()).thenReturn("abc");
lenient().when(parameterSerializer.serialize(any(AuthParameter.class))).thenReturn("secureParams");
}
@Test
void shouldReturnErrorRedirectWithoutParameters() throws URISyntaxException {
MockHttpResponse response = post("/v2/plugins/auth/callback", "trillian", "rf");
assertError(response, ERROR_PARAMS_MISSING);
}
@Test
void shouldReturnErrorRedirectWithoutChallengeParameter() throws URISyntaxException, IOException {
mockParams("slarti", null, "/");
MockHttpResponse response = post("/v2/plugins/auth/callback?params=secureParams", "slarti", "rf");
assertError(response, ERROR_CHALLENGE_MISSING);
}
@Test
void shouldReturnErrorRedirectWithChallengeMismatch() throws URISyntaxException, IOException {
mockParams("slarti", "xyz", "/");
get("/v2/plugins/auth/login?source=/repos");
MockHttpResponse response = post("/v2/plugins/auth/callback?params=secureParams", "trillian", "rf");
assertError(response, ERROR_CHALLENGE_DOES_NOT_MATCH);
}
@Test
void shouldReturnErrorRedirectFromFailedAuthentication() throws URISyntaxException, IOException {
mockParams("slarti", "abc", "/");
FetchAccessTokenFailedException exception = new FetchAccessTokenFailedException("failed ...");
doThrow(exception).when(authenticator).authenticate("slarti", "rf");
get("/v2/plugins/auth/login?source=/repos");
MockHttpResponse response = post("/v2/plugins/auth/callback?params=secureParams", "slarti", "rf");
assertError(response, exception.getCode());
}
@Test
void shouldAuthenticate() throws URISyntaxException, IOException {
mockParams("slarti", "abc", "/");
get("/v2/plugins/auth/login?source=/repos");
post("/v2/plugins/auth/callback?params=secureParams", "slarti", "refresh_token");
verify(authenticator).authenticate("slarti", "refresh_token");
}
@Test
void shouldRedirectToSource() throws URISyntaxException, IOException {
mockParams("slarti", "abc", "/users");
get("/v2/plugins/auth/login?source=/users");
MockHttpResponse response = post("/v2/plugins/auth/callback?params=secureParams", "slarti", "rrrrf");
assertRedirect(response, "/users");
}
@Test
void shouldRemoveCallbackFromXsrf() throws URISyntaxException, IOException {
mockParams("slarti", "abc", "/users");
get("/v2/plugins/auth/login?source=/repos");
post("/v2/plugins/auth/callback?params=secureParams", "slarti", "rf");
verify(excludes).remove("/v2/plugins/auth/callback");
}
}
private void mockParams(String principal, String challenge, String source) throws IOException {
AuthParameter params = new AuthParameter(principal, challenge, source);
when(parameterSerializer.deserialize("secureParams", AuthParameter.class)).thenReturn(params);
}
@CanIgnoreReturnValue
private MockHttpResponse post(String uri, String subject, String refreshToken) throws URISyntaxException {
MockHttpRequest request = MockHttpRequest.post(uri);
request.addFormHeader("subject", subject);
request.addFormHeader("refresh_token", refreshToken);
MockHttpResponse response = new MockHttpResponse();
dispatcher.invoke(request, response);
return response;
}
@CanIgnoreReturnValue
private MockHttpResponse get(String uri) throws URISyntaxException {
MockHttpRequest request = MockHttpRequest.get(uri);
return request(request);
}
private final ObjectMapper mapper = new ObjectMapper();
private JsonNode getJson(String uri) throws URISyntaxException, IOException {
MockHttpResponse response = get(uri);
return mapper.readTree(response.getContentAsString());
}
private MockHttpResponse request(MockHttpRequest request) {
MockHttpResponse response = new MockHttpResponse();
dispatcher.invoke(request, response);
return response;
}
private void assertError(MockHttpResponse response, String code) {
assertRedirect(response, "/error/" + code);
}
private void assertRedirect(MockHttpResponse response, String location) {
assertRedirect(response, (locationHeader) -> assertThat(locationHeader).isEqualTo(location));
}
private void assertRedirect(MockHttpResponse response, Consumer<String> location) {
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_SEE_OTHER);
location.accept(response.getOutputHeaders().getFirst("Location").toString());
}
@Value
private static class SimpleAuthenticationInfo implements AuthenticationInfo {
String principal;
String pluginCenterSubject;
Instant date;
}
private static final ScmPathInfo rootPathInfo = new ScmPathInfo() {
@Override
public URI getApiRestUri() {
return URI.create("/api");
}
@Override
public URI getRootUri() {
return URI.create("/");
}
};
}

10
scm-webapp/src/test/java/sonia/scm/api/v2/resources/PluginDtoMapperTest.java
View File

@@ -165,6 +165,16 @@ class PluginDtoMapperTest {
.isEqualTo("https://hitchhiker.com/v2/plugins/available/scm-cas-plugin/install?restart=true");
}
@Test
void shouldNotAppendInstallLinkWithEmptyDownloadUrl() {
when(subject.isPermitted("plugin:write")).thenReturn(true);
AvailablePlugin plugin = createAvailable(createPluginInformation(), "");
PluginDto dto = mapper.mapAvailable(plugin);
assertThat(dto.getLinks().hasLink("install")).isFalse();
assertThat(dto.getLinks().hasLink("installWithRestart")).isFalse();
}
@Test
void shouldReturnMiscellaneousIfCategoryIsNull() {
PluginInformation information = createPluginInformation();

95
scm-webapp/src/test/java/sonia/scm/api/v2/resources/ScmConfigurationToConfigDtoMapperTest.java
View File

@@ -28,26 +28,28 @@ import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.support.SubjectThreadState;
import org.apache.shiro.util.ThreadContext;
import org.apache.shiro.util.ThreadState;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.internal.util.collections.Sets;
import org.mockito.junit.jupiter.MockitoExtension;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.security.AnonymousMode;
import java.net.URI;
import java.util.Arrays;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.mockito.MockitoAnnotations.initMocks;
public class ScmConfigurationToConfigDtoMapperTest {
@ExtendWith(MockitoExtension.class)
class ScmConfigurationToConfigDtoMapperTest {
private final URI baseUri = URI.create("http://example.com/base/");
@@ -65,78 +67,84 @@ public class ScmConfigurationToConfigDtoMapperTest {
private URI expectedBaseUri;
@Before
public void init() {
initMocks(this);
@BeforeEach
void init() {
expectedBaseUri = baseUri.resolve(ConfigResource.CONFIG_PATH_V2);
subjectThreadState.bind();
ThreadContext.bind(subject);
}
@After
@AfterEach
public void unbindSubject() {
ThreadContext.unbindSubject();
}
@Test
public void shouldMapFields() {
void shouldMapFields() {
ScmConfiguration config = createConfiguration();
when(subject.isPermitted("configuration:write:global")).thenReturn(true);
ConfigDto dto = mapper.map(config);
assertEquals("heartOfGold", dto.getProxyPassword());
assertEquals(1234, dto.getProxyPort());
assertEquals("proxyserver", dto.getProxyServer());
assertEquals("trillian", dto.getProxyUser());
assertTrue(dto.isEnableProxy());
assertEquals("description", dto.getRealmDescription());
assertTrue(dto.isDisableGroupingGrid());
assertEquals("dd", dto.getDateFormat());
assertSame(AnonymousMode.FULL, dto.getAnonymousMode());
assertEquals("baseurl", dto.getBaseUrl());
assertTrue(dto.isForceBaseUrl());
assertEquals(1, dto.getLoginAttemptLimit());
assertTrue("proxyExcludes", dto.getProxyExcludes().containsAll(Arrays.asList(expectedExcludes)));
assertTrue(dto.isSkipFailedAuthenticators());
assertEquals("pluginurl", dto.getPluginUrl());
assertEquals(2, dto.getLoginAttemptLimitTimeout());
assertTrue(dto.isEnabledXsrfProtection());
assertEquals("username", dto.getNamespaceStrategy());
assertEquals("https://scm-manager.org/login-info", dto.getLoginInfoUrl());
assertEquals("https://www.scm-manager.org/download/rss.xml", dto.getReleaseFeedUrl());
assertEquals("scm-manager.local", dto.getMailDomainName());
assertTrue("emergencyContacts", dto.getEmergencyContacts().containsAll(Arrays.asList(expectedUsers)));
assertThat(dto.getProxyPassword()).isEqualTo("heartOfGold");
assertThat(dto.getProxyPort()).isEqualTo(1234);
assertThat(dto.getProxyServer()).isEqualTo("proxyserver");
assertThat(dto.getProxyUser()).isEqualTo("trillian");
assertThat(dto.isEnableProxy()).isTrue();
assertThat(dto.getRealmDescription()).isEqualTo("description");
assertThat(dto.isDisableGroupingGrid()).isTrue();
assertThat(dto.getDateFormat()).isEqualTo("dd");
assertThat(dto.getAnonymousMode()).isSameAs(AnonymousMode.FULL);
assertThat(dto.getBaseUrl()).isEqualTo("baseurl");
assertThat(dto.isForceBaseUrl()).isTrue();
assertThat(dto.getLoginAttemptLimit()).isOne();
assertThat(dto.getProxyExcludes()).contains(expectedExcludes);
assertThat(dto.isSkipFailedAuthenticators()).isTrue();
assertThat(dto.getPluginUrl()).isEqualTo("https://plug.ins");
assertThat(dto.getPluginAuthUrl()).isEqualTo("https://plug.ins/oidc");
assertThat(dto.getLoginAttemptLimitTimeout()).isEqualTo(2);
assertThat(dto.isEnabledXsrfProtection()).isTrue();
assertThat(dto.getNamespaceStrategy()).isEqualTo("username");
assertThat(dto.getLoginInfoUrl()).isEqualTo("https://scm-manager.org/login-info");
assertThat(dto.getReleaseFeedUrl()).isEqualTo("https://www.scm-manager.org/download/rss.xml");
assertThat(dto.getMailDomainName()).isEqualTo("scm-manager.local");
assertThat(dto.getEmergencyContacts()).contains(expectedUsers);
assertLinks(dto);
}
assertEquals(expectedBaseUri.toString(), dto.getLinks().getLinkBy("self").get().getHref());
assertEquals(expectedBaseUri.toString(), dto.getLinks().getLinkBy("update").get().getHref());
private void assertLinks(ConfigDto dto) {
assertThat(dto.getLinks().getLinkBy("self"))
.hasValueSatisfying(link -> assertThat(link.getHref()).isEqualTo(expectedBaseUri.toString()));
assertThat(dto.getLinks().getLinkBy("update"))
.hasValueSatisfying(link -> assertThat(link.getHref()).isEqualTo(expectedBaseUri.toString()));
}
@Test
public void shouldMapFieldsWithoutUpdate() {
void shouldMapFieldsWithoutUpdate() {
ScmConfiguration config = createConfiguration();
when(subject.hasRole("configuration:write:global")).thenReturn(false);
ConfigDto dto = mapper.map(config);
assertEquals("baseurl", dto.getBaseUrl());
assertEquals(expectedBaseUri.toString(), dto.getLinks().getLinkBy("self").get().getHref());
assertFalse(dto.getLinks().hasLink("update"));
assertThat(dto.getBaseUrl()).isEqualTo("baseurl");
assertThat(dto.getLinks().getLinkBy("self"))
.hasValueSatisfying(link -> assertThat(link.getHref()).isEqualTo(expectedBaseUri.toString()));
assertThat(dto.getLinks().hasLink("update")).isFalse();
}
@Test
public void shouldMapAnonymousAccessField() {
void shouldMapAnonymousAccessField() {
ScmConfiguration config = createConfiguration();
when(subject.hasRole("configuration:write:global")).thenReturn(false);
ConfigDto dto = mapper.map(config);
assertTrue(dto.isAnonymousAccessEnabled());
assertThat(dto.isAnonymousAccessEnabled()).isTrue();
config.setAnonymousMode(AnonymousMode.OFF);
ConfigDto secondDto = mapper.map(config);
assertFalse(secondDto.isAnonymousAccessEnabled());
assertThat(secondDto.isAnonymousAccessEnabled()).isFalse();
}
private ScmConfiguration createConfiguration() {
@@ -155,7 +163,8 @@ public class ScmConfigurationToConfigDtoMapperTest {
config.setLoginAttemptLimit(1);
config.setProxyExcludes(Sets.newSet(expectedExcludes));
config.setSkipFailedAuthenticators(true);
config.setPluginUrl("pluginurl");
config.setPluginUrl("https://plug.ins");
config.setPluginAuthUrl("https://plug.ins/oidc");
config.setLoginAttemptLimitTimeout(2);
config.setEnabledXsrfProtection(true);
config.setNamespaceStrategy("username");

302
scm-webapp/src/test/java/sonia/scm/plugin/PluginCenterAuthenticatorTest.java Normal file
View File

@@ -0,0 +1,302 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.plugin;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import org.apache.shiro.authz.AuthorizationException;
import org.github.sdorra.jse.ShiroExtension;
import org.github.sdorra.jse.SubjectAware;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Answers;
import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.event.ScmEventBus;
import sonia.scm.net.ahc.AdvancedHttpClient;
import sonia.scm.net.ahc.AdvancedHttpRequestWithBody;
import sonia.scm.net.ahc.AdvancedHttpResponse;
import sonia.scm.plugin.PluginCenterAuthenticator.RefreshResponse;
import sonia.scm.store.InMemoryConfigurationStoreFactory;
import java.io.IOException;
import java.time.Instant;
import java.util.List;
import java.util.stream.Collectors;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.Mockito.*;
import static sonia.scm.plugin.PluginCenterAuthenticator.*;
import static sonia.scm.plugin.PluginCenterAuthenticator.RefreshRequest;
@ExtendWith({MockitoExtension.class, ShiroExtension.class})
class PluginCenterAuthenticatorTest {
private PluginCenterAuthenticator authenticator;
@Mock
private AdvancedHttpClient advancedHttpClient;
@Mock(answer = Answers.RETURNS_SELF)
private AdvancedHttpRequestWithBody request;
private ScmConfiguration scmConfiguration;
@Mock
private ScmEventBus eventBus;
private final InMemoryConfigurationStoreFactory factory = InMemoryConfigurationStoreFactory.create();
@BeforeEach
void setUpObjectUnderTest() {
scmConfiguration = new ScmConfiguration();
authenticator = new PluginCenterAuthenticator(factory, scmConfiguration, advancedHttpClient, eventBus);
}
@Test
@SubjectAware("marvin")
void shouldFailAuthenticationWithoutPermissions() {
assertThrows(AuthorizationException.class, () -> authenticator.authenticate("marvin@hitchhiker.com", "refresh-token"));
}
@Test
@SubjectAware(value = "marvin", permissions = "plugin:read")
void shouldFailAuthenticationWithReadPermissions() {
assertThrows(AuthorizationException.class, () -> authenticator.authenticate("marvin@hitchhiker.com", "refresh-token"));
}
@Test
@SubjectAware("marvin")
void shouldFailToFetchAccessTokenWithoutPermission() {
assertThrows(AuthorizationException.class, () -> authenticator.fetchAccessToken());
}
@Test
@SubjectAware("marvin")
void shouldFailGetAuthenticationInfoWithoutPermission() {
assertThrows(AuthorizationException.class, () -> authenticator.getAuthenticationInfo());
}
@Test
@SubjectAware("marvin")
void shouldFailLogoutWithoutPermission() {
assertThrows(AuthorizationException.class, () -> authenticator.logout());
}
@Nested
@SubjectAware(value = "trillian", permissions = {"plugin:read", "plugin:write"})
class WithPermissions {
@Test
void shouldReturnFalseWithoutRefreshToken() {
assertThat(authenticator.isAuthenticated()).isFalse();
}
@Test
void shouldFailWithoutRefreshToken() {
assertThrows(IllegalArgumentException.class, () -> authenticator.authenticate("tricia.mcmillan@hitchhiker.com", null));
}
@Test
void shouldFailWithEmptyRefreshToken() {
assertThrows(IllegalArgumentException.class, () -> authenticator.authenticate("tricia.mcmillan@hitchhiker.com", ""));
}
@Test
void shouldFailWithoutSubject() {
assertThrows(IllegalArgumentException.class, () -> authenticator.authenticate(null, "rf"));
}
@Test
void shouldFailWithEmptySubject() {
assertThrows(IllegalArgumentException.class, () -> authenticator.authenticate("", "rf"));
}
@Test
void shouldFailWithoutPluginAuthUrl() {
scmConfiguration.setPluginAuthUrl(null);
assertThrows(IllegalStateException.class, () -> authenticator.authenticate("tricia.mcmillan@hitchhiker.com", "my-awesome-refresh-token"));
}
@Test
void shouldAuthenticate() throws IOException {
mockAuthProtocol("https://plugin-center-api.scm-manager.org/api/v1/auth/oidc/refresh", "access", "refresh");
authenticator.authenticate("tricia.mcmillan@hitchhiker.com", "my-awesome-refresh-token");
assertThat(authenticator.isAuthenticated()).isTrue();
}
@Test
void shouldFireLoginEvent() throws IOException {
mockAuthProtocol("https://plugin-center-api.scm-manager.org/api/v1/auth/oidc/refresh", "access", "refresh");
authenticator.authenticate("tricia.mcmillan@hitchhiker.com", "my-awesome-refresh-token");
ArgumentCaptor<PluginCenterLoginEvent> captor = ArgumentCaptor.forClass(PluginCenterLoginEvent.class);
verify(eventBus).post(captor.capture());
AuthenticationInfo info = captor.getValue().getAuthenticationInfo();
assertThat(info.getPluginCenterSubject()).isEqualTo("tricia.mcmillan@hitchhiker.com");
}
@Test
void shouldFailFetchWithoutPriorAuthentication() {
assertThrows(IllegalStateException.class, () -> authenticator.fetchAccessToken());
}
@Test
void shouldUseUrlFromScmConfiguration() throws IOException {
preAuth("cool-refresh-token");
scmConfiguration.setPluginAuthUrl("https://pca.org/oidc/");
mockAuthProtocol("https://pca.org/oidc/refresh", "access", "refresh");
String accessToken = authenticator.fetchAccessToken();
assertThat(accessToken).isEqualTo("access");
}
@Test
void shouldFailIfFetchFails() throws IOException {
preAuth("cool-refresh-token");
scmConfiguration.setPluginAuthUrl("https://plug.ins/oidc/");
when(advancedHttpClient.post("https://plug.ins/oidc/refresh")).thenReturn(request);
when(request.request()).thenThrow(new IOException("network down down down"));
assertThrows(FetchAccessTokenFailedException.class, () -> authenticator.fetchAccessToken());
}
@Test
void shouldFailIfFetchResponseIsNotSuccessful() throws IOException {
preAuth("cool-refresh-token");
scmConfiguration.setPluginAuthUrl("https://plug.ins/oidc/");
when(advancedHttpClient.post("https://plug.ins/oidc/refresh")).thenReturn(request);
AdvancedHttpResponse response = mock(AdvancedHttpResponse.class);
when(request.request()).thenReturn(response);
when(response.isSuccessful()).thenReturn(false);
assertThrows(FetchAccessTokenFailedException.class, () -> authenticator.fetchAccessToken());
}
@Test
void shouldFetchAccessToken() throws IOException {
preAuth("cool-refresh-token");
mockAuthProtocol("https://plugin-center-api.scm-manager.org/api/v1/auth/oidc/refresh", "access", "refresh");
String accessToken = authenticator.fetchAccessToken();
assertThat(accessToken).isEqualTo("access");
}
@Test
void shouldStoreRefreshTokenAfterFetch() throws IOException {
preAuth("refreshOne");
mockAuthProtocol("https://plugin-center-api.scm-manager.org/api/v1/auth/oidc/refresh", "accessTwo", "refreshTwo");
authenticator.fetchAccessToken();
authenticator.fetchAccessToken();
ArgumentCaptor<RefreshRequest> captor = ArgumentCaptor.forClass(RefreshRequest.class);
verify(request, times(2)).jsonContent(captor.capture());
List<String> refreshTokens = captor.getAllValues()
.stream()
.map(RefreshRequest::getRefreshToken)
.collect(Collectors.toList());
assertThat(refreshTokens).containsExactlyInAnyOrder("refreshOne", "refreshTwo");
}
@Test
void shouldReturnEmptyWithoutPriorAuthentication() {
assertThat(authenticator.getAuthenticationInfo()).isEmpty();
}
@Test
void shouldReturnAuthenticationInfo() {
preAuth("refresh_token");
assertThat(authenticator.getAuthenticationInfo()).hasValueSatisfying(info -> {
assertThat(info.getPluginCenterSubject()).isEqualTo("tricia.mcmillan@hitchhiker.com");
assertThat(info.getPrincipal()).isEqualTo("trillian");
assertThat(info.getDate()).isNotNull();
});
}
@Test
void shouldLogout() {
preAuth("refresh_token");
authenticator.logout();
assertThat(authenticator.isAuthenticated()).isFalse();
assertThat(authenticator.getAuthenticationInfo()).isEmpty();
}
@Test
void shouldFireLogoutEventAfterLogout() {
preAuth("refresh_token");
authenticator.logout();
ArgumentCaptor<PluginCenterLogoutEvent> captor = ArgumentCaptor.forClass(PluginCenterLogoutEvent.class);
verify(eventBus).post(captor.capture());
AuthenticationInfo info = captor.getValue().getPriorAuthenticationInfo();
assertThat(info.getPluginCenterSubject()).isEqualTo("tricia.mcmillan@hitchhiker.com");
}
@SuppressWarnings("unchecked")
private void preAuth(String refreshToken) {
Authentication authentication = new Authentication();
authentication.setPluginCenterSubject("tricia.mcmillan@hitchhiker.com");
authentication.setPrincipal("trillian");
authentication.setRefreshToken(refreshToken);
authentication.setDate(Instant.now());
factory.get(STORE_NAME, null).set(authentication);
}
@CanIgnoreReturnValue
private void mockAuthProtocol(String url, String accessToken, String refreshToken) throws IOException {
when(advancedHttpClient.post(url)).thenReturn(request);
AdvancedHttpResponse response = mock(AdvancedHttpResponse.class);
when(request.request()).thenReturn(response);
RefreshResponse refreshResponse = new RefreshResponse();
refreshResponse.setAccessToken(accessToken);
refreshResponse.setRefreshToken(refreshToken);
when(response.contentFromJson(RefreshResponse.class)).thenReturn(refreshResponse);
when(response.isSuccessful()).thenReturn(true);
}
}
}

43
scm-webapp/src/test/java/sonia/scm/plugin/PluginCenterLoaderTest.java
View File

@@ -32,6 +32,7 @@ import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import sonia.scm.event.ScmEventBus;
import sonia.scm.net.ahc.AdvancedHttpClient;
import sonia.scm.net.ahc.AdvancedHttpRequest;
import sonia.scm.net.ahc.AdvancedHttpResponse;
import java.io.IOException;
@@ -40,8 +41,7 @@ import java.util.Set;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.mockito.Mockito.*;
import static sonia.scm.plugin.Tracing.SPAN_KIND;
@ExtendWith(MockitoExtension.class)
@@ -49,7 +49,7 @@ class PluginCenterLoaderTest {
private static final String PLUGIN_URL = "https://plugins.hitchhiker.com";
@Mock(answer = Answers.RETURNS_DEEP_STUBS)
@Mock
private AdvancedHttpClient client;
@Mock
@@ -58,9 +58,15 @@ class PluginCenterLoaderTest {
@Mock
private ScmEventBus eventBus;
@Mock
private PluginCenterAuthenticator authenticator;
@InjectMocks
private PluginCenterLoader loader;
@Mock(answer = Answers.RETURNS_SELF)
private AdvancedHttpRequest request;
@Test
void shouldFetch() throws IOException {
Set<AvailablePlugin> plugins = Collections.emptySet();
@@ -73,12 +79,16 @@ class PluginCenterLoaderTest {
}
private AdvancedHttpResponse request() throws IOException {
return client.get(PLUGIN_URL).spanKind(SPAN_KIND).request();
when(client.get(PLUGIN_URL)).thenReturn(request);
AdvancedHttpResponse response = mock(AdvancedHttpResponse.class);
when(request.request()).thenReturn(response);
return response;
}
@Test
void shouldReturnEmptySetIfPluginCenterNotBeReached() throws IOException {
when(request()).thenThrow(new IOException("failed to fetch"));
when(client.get(PLUGIN_URL)).thenReturn(request);
when(request.request()).thenThrow(new IOException("failed to fetch"));
Set<AvailablePlugin> fetch = loader.load(PLUGIN_URL);
assertThat(fetch).isEmpty();
@@ -86,10 +96,31 @@ class PluginCenterLoaderTest {
@Test
void shouldFirePluginCenterErrorEvent() throws IOException {
when(request()).thenThrow(new IOException("failed to fetch"));
when(client.get(PLUGIN_URL)).thenReturn(request);
when(request.request()).thenThrow(new IOException("failed to fetch"));
loader.load(PLUGIN_URL);
verify(eventBus).post(any(PluginCenterErrorEvent.class));
}
@Test
void shouldAppendAccessToken() throws IOException {
when(authenticator.isAuthenticated()).thenReturn(true);
when(authenticator.fetchAccessToken()).thenReturn("mega-cool-at");
mockResponse();
loader.load(PLUGIN_URL);
verify(request).bearerAuth("mega-cool-at");
}
private Set<AvailablePlugin> mockResponse() throws IOException {
PluginCenterDto dto = new PluginCenterDto();
Set<AvailablePlugin> plugins = Collections.emptySet();
when(request().contentFromJson(PluginCenterDto.class)).thenReturn(dto);
when(mapper.map(dto)).thenReturn(plugins);
return plugins;
}
}

23
scm-webapp/src/test/java/sonia/scm/plugin/PluginCenterTest.java
View File

@@ -45,6 +45,7 @@ import java.util.Set;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@ExtendWith(MockitoExtension.class)
@@ -86,6 +87,7 @@ class PluginCenterTest {
}
@Test
@SuppressWarnings("unchecked")
void shouldCache() {
Set<AvailablePlugin> first = new HashSet<>();
when(loader.load(anyString())).thenReturn(first, new HashSet<>());
@@ -94,4 +96,25 @@ class PluginCenterTest {
assertThat(pluginCenter.getAvailable()).isSameAs(first);
}
@Test
@SuppressWarnings("unchecked")
void shouldClearCache() {
Set<AvailablePlugin> first = new HashSet<>();
when(loader.load(anyString())).thenReturn(first, new HashSet<>());
assertThat(pluginCenter.getAvailable()).isSameAs(first);
pluginCenter.handle(new PluginCenterLoginEvent(null));
assertThat(pluginCenter.getAvailable()).isNotSameAs(first);
}
@Test
void shouldLoadOnRefresh() {
Set<AvailablePlugin> plugins = new HashSet<>();
when(loader.load(PLUGIN_URL_BASE + "2.0.0")).thenReturn(plugins);
pluginCenter.refresh();
verify(loader).load(PLUGIN_URL_BASE + "2.0.0");
}
}

36
scm-webapp/src/test/java/sonia/scm/plugin/PluginInstallerTest.java
View File

@@ -34,6 +34,7 @@ import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import sonia.scm.SCMContextProvider;
import sonia.scm.net.ahc.AdvancedHttpClient;
import sonia.scm.net.ahc.AdvancedHttpRequest;
import sonia.scm.net.ahc.AdvancedHttpResponse;
import java.io.ByteArrayInputStream;
@@ -46,28 +47,30 @@ import java.util.Collections;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.RETURNS_DEEP_STUBS;
import static org.mockito.Mockito.anyInt;
import static org.mockito.Mockito.lenient;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.mockito.Mockito.*;
import static sonia.scm.plugin.Tracing.SPAN_KIND;
@ExtendWith({MockitoExtension.class})
@ExtendWith(MockitoExtension.class)
class PluginInstallerTest {
@Mock
private SCMContextProvider context;
@Mock(answer = Answers.RETURNS_DEEP_STUBS)
@Mock
private AdvancedHttpClient client;
@Mock
private SmpDescriptorExtractor extractor;
@Mock
private PluginCenterAuthenticator authenticator;
@InjectMocks
private PluginInstaller installer;
@Mock(answer = Answers.RETURNS_SELF)
private AdvancedHttpRequest request;
private Path directory;
@BeforeEach
@@ -108,7 +111,10 @@ class PluginInstallerTest {
}
private AdvancedHttpResponse request(String url) throws IOException {
return client.get(url).spanKind(SPAN_KIND).request();
AdvancedHttpResponse response = mock(AdvancedHttpResponse.class);
when(client.get(url)).thenReturn(request);
when(request.request()).thenReturn(response);
return response;
}
private AvailablePlugin createGitPlugin() {
@@ -121,7 +127,8 @@ class PluginInstallerTest {
@Test
void shouldThrowPluginDownloadException() throws IOException {
when(request("https://download.hitchhiker.com")).thenThrow(new IOException("failed to download"));
when(client.get("https://download.hitchhiker.com")).thenReturn(request);
when(request.request()).thenThrow(new IOException("failed to download"));
PluginInstallationContext context = PluginInstallationContext.empty();
AvailablePlugin gitPlugin = createGitPlugin();
@@ -190,6 +197,17 @@ class PluginInstallerTest {
assertThat(exception.getDownloaded().getVersion()).isEqualTo("1.1.0");
}
@Test
void shouldAppendBearerAuth() throws IOException {
when(authenticator.isAuthenticated()).thenReturn(true);
when(authenticator.fetchAccessToken()).thenReturn("atat");
mockContent("42");
installer.install(PluginInstallationContext.empty(), createGitPlugin());
verify(request).bearerAuth("atat");
}
private AvailablePlugin createPlugin(String name, String url, String checksum) {
PluginInformation information = new PluginInformation();
information.setName(name);

9
scm-webapp/src/test/java/sonia/scm/plugin/PluginTestHelper.java
View File

@@ -28,9 +28,7 @@ import org.mockito.Answers;
import java.util.Optional;
import static org.mockito.Mockito.lenient;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.mockito.Mockito.*;
public class PluginTestHelper {
public static AvailablePlugin createAvailable(String name) {
@@ -62,9 +60,14 @@ public class PluginTestHelper {
}
public static AvailablePlugin createAvailable(PluginInformation information) {
return createAvailable(information, "https://scm-manager.org/download");
}
public static AvailablePlugin createAvailable(PluginInformation information, String url) {
AvailablePluginDescriptor descriptor = mock(AvailablePluginDescriptor.class);
lenient().when(descriptor.getInformation()).thenReturn(information);
lenient().when(descriptor.getInstallLink()).thenReturn(Optional.of("mycloudogu.com/install/my_plugin"));
lenient().when(descriptor.getUrl()).thenReturn(url);
return new AvailablePlugin(descriptor);
}

65
scm-webapp/src/test/java/sonia/scm/security/SecureParameterSerializerTest.java Normal file
View File

@@ -0,0 +1,65 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security;
import com.fasterxml.jackson.databind.ObjectMapper;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import org.junit.jupiter.api.Test;
import java.io.IOException;
import static org.assertj.core.api.Assertions.assertThat;
class SecureParameterSerializerTest {
private final SecureParameterSerializer serializer = new SecureParameterSerializer(new ObjectMapper());
@Test
void shouldSerializeAndDeserialize() throws IOException {
TestObject object = new TestObject("1", 2);
String serialized = serializer.serialize(object);
assertThat(serialized).isNotEmpty();
object = serializer.deserialize(serialized, TestObject.class);
assertThat(object).isNotNull();
assertThat(object.getOne()).isEqualTo("1");
assertThat(object.getTwo()).isEqualTo(2);
}
@Data
@NoArgsConstructor
@AllArgsConstructor
public static class TestObject {
private String one;
private int two;
}
}

40
scm-webapp/src/test/java/sonia/scm/security/XsrfAccessTokenValidatorTest.java
View File

@@ -30,17 +30,14 @@ import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.CsvSource;
import org.junit.jupiter.params.provider.EnumSource;
import org.junit.jupiter.params.provider.ValueSource;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import java.util.Optional;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.lenient;
import static org.mockito.Mockito.when;
@@ -58,6 +55,8 @@ class XsrfAccessTokenValidatorTest {
@Mock
private AccessToken accessToken;
private final XsrfExcludes excludes = new XsrfExcludes();
private XsrfAccessTokenValidator validator;
/**
@@ -65,7 +64,7 @@ class XsrfAccessTokenValidatorTest {
*/
@BeforeEach
void prepareObjectUnderTest() {
validator = new XsrfAccessTokenValidator(() -> request);
validator = new XsrfAccessTokenValidator(() -> request, excludes);
}
@Nested
@@ -86,7 +85,7 @@ class XsrfAccessTokenValidatorTest {
when(request.getHeader(Xsrf.HEADER_KEY)).thenReturn("abc");
// execute and assert
assertTrue(validator.validate(accessToken));
assertThat(validator.validate(accessToken)).isTrue();
}
/**
@@ -99,7 +98,7 @@ class XsrfAccessTokenValidatorTest {
when(request.getHeader(Xsrf.HEADER_KEY)).thenReturn("123");
// execute and assert
assertFalse(validator.validate(accessToken));
assertThat(validator.validate(accessToken)).isFalse();
}
/**
@@ -111,7 +110,7 @@ class XsrfAccessTokenValidatorTest {
when(accessToken.getCustom(Xsrf.TOKEN_KEY)).thenReturn(Optional.of("abc"));
// execute and assert
assertFalse(validator.validate(accessToken));
assertThat(validator.validate(accessToken)).isFalse();
}
/**
@@ -123,30 +122,43 @@ class XsrfAccessTokenValidatorTest {
when(accessToken.getCustom(Xsrf.TOKEN_KEY)).thenReturn(Optional.empty());
// execute and assert
assertTrue(validator.validate(accessToken));
assertThat(validator.validate(accessToken)).isTrue();
}
@Test
void shouldNotValidateExcludedRequest() {
excludes.add("/excluded");
// prepare
when(accessToken.getCustom(Xsrf.TOKEN_KEY)).thenReturn(Optional.of("abc"));
when(request.getRequestURI()).thenReturn("/excluded");
// execute and assert
assertThat(validator.validate(accessToken)).isTrue();
}
}
@ParameterizedTest
@CsvSource({"GET", "HEAD", "OPTIONS"})
@ValueSource(strings = {"GET", "HEAD", "OPTIONS"})
void shouldNotValidateReadRequests(String method) {
// prepare
when(request.getMethod()).thenReturn(method);
when(accessToken.getCustom(Xsrf.TOKEN_KEY)).thenReturn(Optional.of("abc"));
// execute and assert
assertTrue(validator.validate(accessToken));
assertThat(validator.validate(accessToken)).isTrue();
}
@ParameterizedTest
@CsvSource({"POST", "PUT", "DELETE", "PATCH"})
@ValueSource(strings = {"GET", "HEAD", "OPTIONS"})
void shouldFailValidationOfWriteRequests(String method) {
// prepare
when(request.getMethod()).thenReturn(method);
when(accessToken.getCustom(Xsrf.TOKEN_KEY)).thenReturn(Optional.of("abc"));
// execute and assert
assertFalse(validator.validate(accessToken));
assertThat(validator.validate(accessToken)).isTrue();
}
}