diff --git a/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsApiClient.java b/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsApiClient.java index 87616776a7..7565be23e7 100644 --- a/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsApiClient.java +++ b/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsApiClient.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2024 Red Hat, Inc. + * Copyright (c) 2012-2025 Red Hat, Inc. * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 * which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -12,9 +12,12 @@ package org.eclipse.che.api.factory.server.azure.devops; import static java.net.HttpURLConnection.HTTP_BAD_REQUEST; +import static java.net.HttpURLConnection.HTTP_FORBIDDEN; +import static java.net.HttpURLConnection.HTTP_MOVED_TEMP; import static java.net.HttpURLConnection.HTTP_NOT_FOUND; import static java.net.HttpURLConnection.HTTP_NO_CONTENT; import static java.net.HttpURLConnection.HTTP_OK; +import static java.net.HttpURLConnection.HTTP_UNAUTHORIZED; import static java.time.Duration.ofSeconds; import static org.eclipse.che.api.factory.server.azure.devops.AzureDevOps.formatAuthorizationHeader; import static org.eclipse.che.commons.lang.StringUtils.trimEnd; @@ -40,6 +43,7 @@ import org.eclipse.che.api.factory.server.scm.exception.ScmBadRequestException; import org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException; import org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException; +import org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException; import org.eclipse.che.commons.lang.concurrent.LoggingUncaughtExceptionHandler; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -80,7 +84,8 @@ public AzureDevOpsApiClient( *

https://learn.microsoft.com/en-us/rest/api/azure/devops/graph/users/get?view=azure-devops-rest-7.0&tabs=HTTP */ public AzureDevOpsUser getUserWithOAuthToken(String token) - throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException { + throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException, + ScmUnauthorizedException { final String url = String.format( "%s/_apis/profile/profiles/me?api-version=%s", @@ -94,7 +99,8 @@ public AzureDevOpsUser getUserWithOAuthToken(String token) * organization. */ public AzureDevOpsUser getUserWithPAT(String pat, String organization) - throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException { + throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException, + ScmUnauthorizedException { final String url = String.format( "%s/%s/_apis/profile/profiles/me?api-version=%s", @@ -103,7 +109,8 @@ public AzureDevOpsUser getUserWithPAT(String pat, String organization) } private AzureDevOpsUser getUser(String url, String authorizationHeader) - throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException { + throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException, + ScmUnauthorizedException { final HttpRequest userDataRequest = HttpRequest.newBuilder(URI.create(url)) .headers("Authorization", authorizationHeader) @@ -129,7 +136,8 @@ private T executeRequest( HttpClient httpClient, HttpRequest request, Function, T> responseConverter) - throws ScmBadRequestException, ScmItemNotFoundException, ScmCommunicationException { + throws ScmBadRequestException, ScmItemNotFoundException, ScmCommunicationException, + ScmUnauthorizedException { try { HttpResponse response = httpClient.send(request, HttpResponse.BodyHandlers.ofInputStream()); @@ -145,6 +153,11 @@ private T executeRequest( throw new ScmBadRequestException(body); case HTTP_NOT_FOUND: throw new ScmItemNotFoundException(body); + case HTTP_UNAUTHORIZED: + case HTTP_FORBIDDEN: + // Azure DevOps tries to redirect to the login page if the user is not authorized. + case HTTP_MOVED_TEMP: + throw new ScmUnauthorizedException(body, "azure-devops", "v2", ""); default: throw new ScmCommunicationException( "Unexpected status code " + response.statusCode() + " " + response, diff --git a/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcher.java b/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcher.java index 2c671c33ac..3cafb79ba8 100644 --- a/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcher.java +++ b/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2024 Red Hat, Inc. + * Copyright (c) 2012-2025 Red Hat, Inc. * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 * which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -163,7 +163,10 @@ public Optional isValid(PersonalAccessToken personalAccessToken) { personalAccessToken.getToken(), personalAccessToken.getScmOrganization()); } return Optional.of(personalAccessToken.getScmUserName().equals(user.getEmailAddress())); - } catch (ScmItemNotFoundException | ScmCommunicationException | ScmBadRequestException e) { + } catch (ScmItemNotFoundException + | ScmCommunicationException + | ScmBadRequestException + | ScmUnauthorizedException e) { return Optional.of(Boolean.FALSE); } } @@ -184,7 +187,7 @@ public Optional> isValid(PersonalAccessTokenParams params) user = azureDevOpsApiClient.getUserWithPAT(params.getToken(), params.getOrganization()); } return Optional.of(Pair.of(Boolean.TRUE, user.getEmailAddress())); - } catch (ScmItemNotFoundException | ScmBadRequestException e) { + } catch (ScmItemNotFoundException | ScmBadRequestException | ScmUnauthorizedException e) { return Optional.empty(); } } diff --git a/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsUserDataFetcher.java b/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsUserDataFetcher.java index b594687eed..cb50ca5344 100644 --- a/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsUserDataFetcher.java +++ b/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsUserDataFetcher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2024 Red Hat, Inc. + * Copyright (c) 2012-2025 Red Hat, Inc. * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 * which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -22,6 +22,7 @@ import org.eclipse.che.api.factory.server.scm.exception.ScmBadRequestException; import org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException; import org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException; +import org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException; /** * Azure DevOps user data fetcher. @@ -48,7 +49,8 @@ public AzureDevOpsUserDataFetcher( @Override protected GitUserData fetchGitUserDataWithOAuthToken(String token) - throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException { + throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException, + ScmUnauthorizedException { AzureDevOpsUser user = azureDevOpsApiClient.getUserWithOAuthToken(token); return new GitUserData(user.getDisplayName(), user.getEmailAddress()); } @@ -56,7 +58,8 @@ protected GitUserData fetchGitUserDataWithOAuthToken(String token) @Override protected GitUserData fetchGitUserDataWithPersonalAccessToken( PersonalAccessToken personalAccessToken) - throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException { + throws ScmItemNotFoundException, ScmCommunicationException, ScmBadRequestException, + ScmUnauthorizedException { AzureDevOpsUser user = azureDevOpsApiClient.getUserWithPAT( personalAccessToken.getToken(), personalAccessToken.getScmOrganization()); diff --git a/wsmaster/che-core-api-factory-azure-devops/src/test/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcherTest.java b/wsmaster/che-core-api-factory-azure-devops/src/test/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcherTest.java index ed51fe091f..996862d9ce 100644 --- a/wsmaster/che-core-api-factory-azure-devops/src/test/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcherTest.java +++ b/wsmaster/che-core-api-factory-azure-devops/src/test/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcherTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2024 Red Hat, Inc. + * Copyright (c) 2012-2025 Red Hat, Inc. * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 * which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -18,6 +18,7 @@ import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo; import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig; import static java.net.HttpURLConnection.HTTP_FORBIDDEN; +import static java.net.HttpURLConnection.HTTP_MOVED_TEMP; import static org.eclipse.che.dto.server.DtoFactory.newDto; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyString; @@ -115,9 +116,22 @@ public void shouldThrowUnauthorizedExceptionIfTokenIsNotValid() throws Exception when(oAuthAPI.getOrRefreshToken(anyString())).thenReturn(oAuthToken); stubFor( get(urlEqualTo("/_apis/profile/profiles/me?api-version=7.0")) - .withHeader(HttpHeaders.AUTHORIZATION, equalTo("token " + azureOauthToken)) + .withHeader(HttpHeaders.AUTHORIZATION, equalTo("Bearer " + azureOauthToken)) .willReturn(aResponse().withStatus(HTTP_FORBIDDEN))); personalAccessTokenFetcher.fetchPersonalAccessToken(subject, wireMockServer.url("/")); } + + @Test(expectedExceptions = ScmUnauthorizedException.class) + public void shouldThrowUnauthorizedExceptionOnRedirectResponse() throws Exception { + Subject subject = new SubjectImpl("Username", "id1", "token", false); + OAuthToken oAuthToken = newDto(OAuthToken.class).withToken(azureOauthToken).withScope(""); + when(oAuthAPI.getOrRefreshToken(anyString())).thenReturn(oAuthToken); + stubFor( + get(urlEqualTo("/_apis/profile/profiles/me?api-version=7.0")) + .withHeader(HttpHeaders.AUTHORIZATION, equalTo("Bearer " + azureOauthToken)) + .willReturn(aResponse().withStatus(HTTP_MOVED_TEMP))); + + personalAccessTokenFetcher.fetchPersonalAccessToken(subject, wireMockServer.url("/")); + } }