Merge remote-tracking branch 'oauth/master'

* oauth/master:
  Bump scribe version to 6.9.0
  Upgrade bazlets to latest master to build with 3.1.3 API
  Add support for GitHub Enterprise OAuth
  Init: Default to yes only for currently configured providers
  Bump required Bazel version to 2.1.0
  Upgrade bazlets to latest stable-3.0 to build with 3.0.7 API
  Upgrade bazlets to latest stable-2.16 to build with 2.16.16 API
  Documentation: Add missing footer that links to plugin index page
  Add an empty tools/BUILD file explicitly for Bazel
  Documentation: Add missing plugin standalone and in-tree testing
  Upgrade bazlets to latest stable-2.16
  Upgrade bazlets to latest master
  Upgrade bazlets to latest stable-3.0
  Upgrade bazlets to latest stable-2.16
  Upgrade bazlets to latest stable-2.15
  Upgrade bazlets to latest stable-2.14
  Replace ExpectedException with assertThrows
  Add .apt_generated to .gitignore
  Bump Bazel version to 2.0.0
  Upgrade bazlets to latest master to build with 3.1.2 API
  Upgrade bazlets to latest stable-3.0 to build with 3.0.6 API
  Upgrade bazlets to latest stable-2.16 to build with 2.16.15 API
  Upgrade bazlets to latest master to build with 3.1.1 API
  Upgrade bazlets to latest stable-2.16 to build with 2.16.14 API
  Upgrade bazlets to latest stable-3.0 to build with 3.0.5 API
  Fix NullPointerException in init in batch mode
  Upgrade bazlets to latest master to build with 3.1.0 API
  Upgrade bazlets to latest stable-3.0 to build with 3.0.4 API
  Upgrade bazlets to latest stable-2.16 to build with 2.16.13 API
  Upgrade bazlets to latest master to build with 3.1.0-rc3 API
  Upgrade bazlets to latest stable-3.0
  Upgrade bazlets to latest stable-2.16
  Upgrade bazlets to latest stable-2.15 to build with 2.15.18 API
  Upgrade bazlets to latest stable-2.15
  Upgrade bazlets to latest stable-2.14
  Bazel: Migrate workspace status script to python
  Check that root URL is absolute URL
  Upgrade bazlets to latest master to build with 3.1.0-rc2 API
  Upgrade bazlets to latest stable-2.16
  Upgrade bazlets to latest stable-2.15
  Upgrade bazlets to latest stable-2.14
  Bump Bazel version to 1.1.0
  Upgrade bazlets to latest master to build with 3.1.0-rc1 API
  Upgrade bazlets to latest master to build with 3.1.0-rc0 API
  Remove bazel-genfiles from .gitignore
  Replace bazel-genfiles with bazel-bin in documentation
  Upgrade bazlets to latest stable-3.0 to build with 3.0.3 API
  Bump bazel version to 1.0.0
  Add support for GitHub Enterprise OAuth
  Upgrade bazlets to latest stable-2.16 to build with 2.16.12 API
  Upgrade bazlets to latest stable-2.15 to build with 2.15.17 API
  Switch required bazel version to 0.29.1
  Upgrade bazlets to latest master
  Upgrade bazlets to latest stable-3.0
  Upgrade bazlets to latest stable-2.16
  Upgrade bazlets to latest stable-2.15
  Bump required bazel version to 1.0.0rc2
  Upgrade bazlets to latest stable-2.14
  Upgrade bazlets to latest stable-2.15
  Upgrade bazlets to latest stable-2.14
  Bazel: Add fixes for --incompatible_load_java_rules_from_bzl
  Upgrade bazlets to latest stable-3.0 to build with 3.0.2 API
  Upgrade bazlets to latest stable-2.16 to build with 2.16.11.1 API
  Upgrade bazlets to latest stable-2.15 to build with 2.15.16 API
  Upgrade bazlets to latest stable-2.15 to build with 2.15.15 API
  Upgrade bazlets to latest master
  Upgrade bazlets to latest stable-3.0
  Upgrade bazlets to latest stable-2.16 to build with 2.16.10 API
  Upgrade bazlets to latest stable-3.0 to build with 3.0.1 API
  Upgrade bazlets to latest stable-2.16
  Upgrade bazlets to latest stable-2.15
  Upgrade bazlets to latest stable-2.14
  Upgrade bazlets to latest stable-2.15
  Upgrade bazlets to latest stable-2.14
  Upgrade bazlets to latest stable-2.16 to build with 2.16.9 API
  Upgrade bazlets to latest stable-2.15
  Upgrade bazlets to latest stable-2.14
  Upgrade bazlets to latest stable-2.15 to build with 2.15.14 API

Change-Id: Ib4e1a9609cc9049da5a609bfac7a1b6ba23514f3

.bazelrc

@@ -1,2 +1,2 @@
-build --workspace_status_command=./tools/workspace-status.sh
+build --workspace_status_command="python ./tools/workspace_status.py"
 test --build_tests_only

.bazelversion

@@ -0,0 +1 @@
+2.1.0

.gitignore

@@ -1,8 +1,8 @@
+/.apt_generated
 /.classpath
 /.project
 /.settings
 /bazel-bin
-/bazel-genfiles
 /bazel-gerrit-oauth-provider
 /bazel-out
 /bazel-testlogs

BUILD

@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("//tools/bzl:junit.bzl", "junit_tests")
 load(
     "//tools/bzl:plugin.bzl",
@@ -19,7 +20,8 @@ gerrit_plugin(
     resources = glob(["src/main/resources/**/*"]),
     deps = [
         "@commons-codec//jar:neverlink",
-        "@scribe//jar",
+        "@jackson-databind//jar",
+        "@scribejava-core//jar",
     ],
 )
 
@@ -38,6 +40,6 @@ java_library(
     visibility = ["//visibility:public"],
     exports = PLUGIN_DEPS + PLUGIN_TEST_DEPS + [
         ":gerrit-oauth-provider__plugin",
-        "@scribe//jar",
+        "@mockito//jar",
     ],
 )

README.md

@@ -40,7 +40,7 @@ following:
 Install
 -------
 
-Copy the `bazel-genfiles/oauth.jar` to
+Copy the `bazel-bin/oauth.jar` to
 `$gerrit_site/plugins` and re-run init to configure it:
 
 ```

WORKSPACE

@@ -3,26 +3,26 @@ workspace(name = "com_github_davido_gerrit_oauth_provider")
 load("//:bazlets.bzl", "load_bazlets")
 
 load_bazlets(
-    commit = "d826d85285bb22d3fe817fe165a7e1d3472f65fa",
+    commit = "f30a992da9fc855dce819875afb59f9dd6f860cd",
     #local_path = "/home/<user>/projects/bazlets",
 )
 
 # Snapshot Plugin API
-load(
-    "@com_googlesource_gerrit_bazlets//:gerrit_api_maven_local.bzl",
-    "gerrit_api_maven_local",
-)
+#load(
+#    "@com_googlesource_gerrit_bazlets//:gerrit_api_maven_local.bzl",
+#    "gerrit_api_maven_local",
+#)
 
 # Load snapshot Plugin API
-gerrit_api_maven_local()
+#gerrit_api_maven_local()
 
 # Release Plugin API
-#load(
-#    "@com_googlesource_gerrit_bazlets//:gerrit_api.bzl",
-#    "gerrit_api",
-#)
+load(
+    "@com_googlesource_gerrit_bazlets//:gerrit_api.bzl",
+    "gerrit_api",
+)
 
-#gerrit_api()
+gerrit_api()
 
 load(":external_plugin_deps.bzl", "external_plugin_deps")
 

external_plugin_deps.bzl

@@ -1,10 +1,24 @@
 load("//tools/bzl:maven_jar.bzl", "maven_jar")
 
 def external_plugin_deps(omit_commons_codec = True):
+    JACKSON_VERS = "2.10.2"
     maven_jar(
-        name = "scribe",
-        artifact = "org.scribe:scribe:1.3.7",
-        sha1 = "583921bed46635d9f529ef5f14f7c9e83367bc6e",
+        name = "scribejava-core",
+        artifact = "com.github.scribejava:scribejava-core:6.9.0",
+        sha1 = "ed761f450d8382f75787e8fee9ae52e7ec768747",
+    )
+    maven_jar(
+        name = "jackson-annotations",
+        artifact = "com.fasterxml.jackson.core:jackson-annotations:" + JACKSON_VERS,
+        sha1 = "3a13b6105946541b8d4181a0506355b5fae63260",
+    )
+    maven_jar(
+        name = "jackson-databind",
+        artifact = "com.fasterxml.jackson.core:jackson-databind:" + JACKSON_VERS,
+        sha1 = "0528de95f198afafbcfb0c09d2e43b6e0ea663ec",
+        deps = [
+            "@jackson-annotations//jar",
+        ],
     )
     if not omit_commons_codec:
         maven_jar(

src/main/java/com/googlesource/gerrit/plugins/oauth/AirVantageApi.java

@@ -14,43 +14,31 @@
 
 package com.googlesource.gerrit.plugins.oauth;
 
-import static java.lang.String.format;
-
-import org.scribe.builder.api.DefaultApi20;
-import org.scribe.extractors.AccessTokenExtractor;
-import org.scribe.extractors.JsonTokenExtractor;
-import org.scribe.model.OAuthConfig;
-import org.scribe.model.Verb;
-import org.scribe.oauth.OAuthService;
+import com.github.scribejava.core.builder.api.DefaultApi20;
+import com.github.scribejava.core.extractors.OAuth2AccessTokenExtractor;
+import com.github.scribejava.core.extractors.TokenExtractor;
+import com.github.scribejava.core.model.OAuth2AccessToken;
+import com.github.scribejava.core.oauth2.bearersignature.BearerSignature;
+import com.github.scribejava.core.oauth2.bearersignature.BearerSignatureURIQueryParameter;
 
 public class AirVantageApi extends DefaultApi20 {
-
-  private static final String AUTHORIZE_URL =
-      "https://eu.airvantage.net/api/oauth/authorize?client_id=%s&response_type=code";
-  private static final String ACCESS_TOKEN_ENDPOINT = "https://eu.airvantage.net/api/oauth/token";
-
   @Override
-  public String getAuthorizationUrl(OAuthConfig config) {
-    return format(AUTHORIZE_URL, config.getApiKey());
+  public String getAuthorizationBaseUrl() {
+    return "https://eu.airvantage.net/api/oauth/authorize";
   }
 
   @Override
   public String getAccessTokenEndpoint() {
-    return ACCESS_TOKEN_ENDPOINT;
-  }
-
-  @Override
-  public Verb getAccessTokenVerb() {
-    return Verb.POST;
+    return "https://eu.airvantage.net/api/oauth/token";
   }
 
   @Override
-  public AccessTokenExtractor getAccessTokenExtractor() {
-    return new JsonTokenExtractor();
+  public BearerSignature getBearerSignature() {
+    return BearerSignatureURIQueryParameter.instance();
   }
 
   @Override
-  public OAuthService createService(OAuthConfig config) {
-    return new OAuth20ServiceImpl(this, config);
+  public TokenExtractor<OAuth2AccessToken> getAccessTokenExtractor() {
+    return OAuth2AccessTokenExtractor.instance();
   }
 }

src/main/java/com/googlesource/gerrit/plugins/oauth/AirVantageOAuthService.java

@@ -18,6 +18,12 @@
 import static javax.servlet.http.HttpServletResponse.SC_OK;
 import static org.slf4j.LoggerFactory.getLogger;
 
+import com.github.scribejava.core.builder.ServiceBuilder;
+import com.github.scribejava.core.model.OAuth2AccessToken;
+import com.github.scribejava.core.model.OAuthRequest;
+import com.github.scribejava.core.model.Response;
+import com.github.scribejava.core.model.Verb;
+import com.github.scribejava.core.oauth.OAuth20Service;
 import com.google.common.base.CharMatcher;
 import com.google.gerrit.extensions.annotations.PluginName;
 import com.google.gerrit.extensions.auth.oauth.OAuthServiceProvider;
@@ -33,13 +39,7 @@
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
 import java.io.IOException;
-import org.scribe.builder.ServiceBuilder;
-import org.scribe.model.OAuthRequest;
-import org.scribe.model.Response;
-import org.scribe.model.Token;
-import org.scribe.model.Verb;
-import org.scribe.model.Verifier;
-import org.scribe.oauth.OAuthService;
+import java.util.concurrent.ExecutionException;
 import org.slf4j.Logger;
 
 @Singleton
@@ -49,7 +49,7 @@ public class AirVantageOAuthService implements OAuthServiceProvider {
   private static final String AV_PROVIDER_PREFIX = "airvantage-oauth:";
   private static final String PROTECTED_RESOURCE_URL =
       "https://eu.airvantage.net/api/v1/users/current";
-  private final OAuthService service;
+  private final OAuth20Service service;
 
   @Inject
   AirVantageOAuthService(
@@ -60,59 +60,68 @@ public class AirVantageOAuthService implements OAuthServiceProvider {
     String canonicalWebUrl = CharMatcher.is('/').trimTrailingFrom(urlProvider.get()) + "/";
 
     service =
-        new ServiceBuilder()
-            .provider(AirVantageApi.class)
-            .apiKey(cfg.getString(InitOAuth.CLIENT_ID))
+        new ServiceBuilder(cfg.getString(InitOAuth.CLIENT_ID))
             .apiSecret(cfg.getString(InitOAuth.CLIENT_SECRET))
             .callback(canonicalWebUrl + "oauth")
-            .build();
+            .build(new AirVantageApi());
   }
 
   @Override
   public OAuthUserInfo getUserInfo(OAuthToken token) throws IOException {
     OAuthRequest request = new OAuthRequest(Verb.GET, PROTECTED_RESOURCE_URL);
-    Token t = new Token(token.getToken(), token.getSecret(), token.getRaw());
+    OAuth2AccessToken t = new OAuth2AccessToken(token.getToken(), token.getRaw());
     service.signRequest(t, request);
-    Response response = request.send();
-    if (response.getCode() != SC_OK) {
-      throw new IOException(
-          String.format(
-              "Status %s (%s) for request %s",
-              response.getCode(), response.getBody(), request.getUrl()));
-    }
-    JsonElement userJson = JSON.newGson().fromJson(response.getBody(), JsonElement.class);
-    if (log.isDebugEnabled()) {
-      log.debug("User info response: {}", response.getBody());
-    }
-    if (userJson.isJsonObject()) {
-      JsonObject jsonObject = userJson.getAsJsonObject();
-      JsonElement id = jsonObject.get("uid");
-      if (id == null || id.isJsonNull()) {
-        throw new IOException("Response doesn't contain uid field");
+
+    JsonElement userJson = null;
+    try (Response response = service.execute(request)) {
+      if (response.getCode() != SC_OK) {
+        throw new IOException(
+            String.format(
+                "Status %s (%s) for request %s",
+                response.getCode(), response.getBody(), request.getUrl()));
       }
-      JsonElement email = jsonObject.get("email");
-      JsonElement name = jsonObject.get("name");
-      return new OAuthUserInfo(
-          AV_PROVIDER_PREFIX + id.getAsString(),
-          null,
-          email.getAsString(),
-          name.getAsString(),
-          id.getAsString());
+      userJson = JSON.newGson().fromJson(response.getBody(), JsonElement.class);
+      if (log.isDebugEnabled()) {
+        log.debug("User info response: {}", response.getBody());
+      }
+      if (userJson.isJsonObject()) {
+        JsonObject jsonObject = userJson.getAsJsonObject();
+        JsonElement id = jsonObject.get("uid");
+        if (id == null || id.isJsonNull()) {
+          throw new IOException("Response doesn't contain uid field");
+        }
+        JsonElement email = jsonObject.get("email");
+        JsonElement name = jsonObject.get("name");
+        return new OAuthUserInfo(
+            AV_PROVIDER_PREFIX + id.getAsString(),
+            null,
+            email.getAsString(),
+            name.getAsString(),
+            id.getAsString());
+      }
+    } catch (ExecutionException | InterruptedException e) {
+      throw new RuntimeException("Cannot retrieve user info resource", e);
     }
 
     throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", userJson));
   }
 
   @Override
   public OAuthToken getAccessToken(OAuthVerifier rv) {
-    Verifier vi = new Verifier(rv.getValue());
-    Token to = service.getAccessToken(null, vi);
-    return new OAuthToken(to.getToken(), to.getSecret(), to.getRawResponse());
+    try {
+      OAuth2AccessToken accessToken = service.getAccessToken(rv.getValue());
+      return new OAuthToken(
+          accessToken.getAccessToken(), accessToken.getTokenType(), accessToken.getRawResponse());
+    } catch (InterruptedException | ExecutionException | IOException e) {
+      String msg = "Cannot retrieve access token";
+      log.error(msg, e);
+      throw new RuntimeException(msg, e);
+    }
   }
 
   @Override
   public String getAuthorizationUrl() {
-    return service.getAuthorizationUrl(null);
+    return service.getAuthorizationUrl();
   }
 
   @Override