diff --git a/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesAuthorisationRequestManager.java b/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesAuthorisationRequestManager.java index 51dd6e62588..44356d006da 100644 --- a/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesAuthorisationRequestManager.java +++ b/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesAuthorisationRequestManager.java @@ -90,7 +90,10 @@ public void callback(UriInfo uriInfo, List errorValues) { Map> params = getQueryParametersFromState(getState(requestUrl)); errorValues = errorValues == null ? uriInfo.getQueryParameters().get("error") : errorValues; if (errorValues != null && errorValues.contains("access_denied")) { - store(getParameter(params, "oauth_provider")); + String oauthProvider = getParameter(params, "oauth_provider"); + if (!isNullOrEmpty(oauthProvider)) { + store(oauthProvider); + } } } diff --git a/wsmaster/che-core-api-auth-bitbucket/src/main/java/org/eclipse/che/security/oauth1/BitbucketServerOAuthAuthenticator.java b/wsmaster/che-core-api-auth-bitbucket/src/main/java/org/eclipse/che/security/oauth1/BitbucketServerOAuthAuthenticator.java index 39934e2bd67..64c1da387ab 100644 --- a/wsmaster/che-core-api-auth-bitbucket/src/main/java/org/eclipse/che/security/oauth1/BitbucketServerOAuthAuthenticator.java +++ b/wsmaster/che-core-api-auth-bitbucket/src/main/java/org/eclipse/che/security/oauth1/BitbucketServerOAuthAuthenticator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2021 Red Hat, Inc. + * Copyright (c) 2012-2023 Red Hat, Inc. * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 * which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -21,6 +21,7 @@ @Singleton public class BitbucketServerOAuthAuthenticator extends OAuthAuthenticator { public static final String AUTHENTICATOR_NAME = "bitbucket-server"; + private final String bitbucketEndpoint; private final String apiEndpoint; public BitbucketServerOAuthAuthenticator( @@ -33,6 +34,7 @@ public BitbucketServerOAuthAuthenticator( apiEndpoint + "/oauth/1.0/callback", null, privateKey); + this.bitbucketEndpoint = bitbucketEndpoint; this.apiEndpoint = apiEndpoint; } @@ -48,4 +50,9 @@ public String getLocalAuthenticateUrl() { + AUTHENTICATOR_NAME + "&request_method=POST&signature_method=rsa"; } + + @Override + public String getEndpointUrl() { + return bitbucketEndpoint; + } } diff --git a/wsmaster/che-core-api-auth-bitbucket/src/main/java/org/eclipse/che/security/oauth1/NoopOAuthAuthenticator.java b/wsmaster/che-core-api-auth-bitbucket/src/main/java/org/eclipse/che/security/oauth1/NoopOAuthAuthenticator.java index 2042e60e6e5..0a9901fa7d8 100644 --- a/wsmaster/che-core-api-auth-bitbucket/src/main/java/org/eclipse/che/security/oauth1/NoopOAuthAuthenticator.java +++ b/wsmaster/che-core-api-auth-bitbucket/src/main/java/org/eclipse/che/security/oauth1/NoopOAuthAuthenticator.java @@ -51,4 +51,9 @@ public String computeAuthorizationHeader(String userId, String requestMethod, St public String getLocalAuthenticateUrl() { return "Noop URL"; } + + @Override + public String getEndpointUrl() { + return "Noop URL"; + } } diff --git a/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java b/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java index 2ba960cb0eb..2620f753d14 100644 --- a/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java +++ b/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java @@ -60,7 +60,8 @@ public class EmbeddedOAuthAPI implements OAuthAPI { @Named("che.auth.access_denied_error_page") protected String errorPage; - @Inject protected OAuthAuthenticatorProvider providers; + @Inject protected OAuthAuthenticatorProvider oauth2Providers; + @Inject protected org.eclipse.che.security.oauth1.OAuthAuthenticatorProvider oauth1Providers; private String redirectAfterLogin; @Override @@ -126,7 +127,10 @@ public Set getRegisteredAuthenticators(UriInfo uri Set result = new HashSet<>(); final UriBuilder uriBuilder = uriInfo.getBaseUriBuilder().clone().path(OAuthAuthenticationService.class); - for (String name : providers.getRegisteredProviderNames()) { + Set registeredProviderNames = + new HashSet<>(oauth2Providers.getRegisteredProviderNames()); + registeredProviderNames.addAll(oauth1Providers.getRegisteredProviderNames()); + for (String name : registeredProviderNames) { final List links = new LinkedList<>(); links.add( LinksHelper.createLink( @@ -147,11 +151,14 @@ public Set getRegisteredAuthenticators(UriInfo uri .withName("mode") .withRequired(true) .withDefaultValue("federated_login"))); - OAuthAuthenticator authenticator = providers.getAuthenticator(name); + OAuthAuthenticator authenticator = oauth2Providers.getAuthenticator(name); result.add( newDto(OAuthAuthenticatorDescriptor.class) .withName(name) - .withEndpointUrl(authenticator.getEndpointUrl()) + .withEndpointUrl( + authenticator != null + ? authenticator.getEndpointUrl() + : oauth1Providers.getAuthenticator(name).getEndpointUrl()) .withLinks(links)); } return result; @@ -193,7 +200,7 @@ public void invalidateToken(String oauthProvider) } protected OAuthAuthenticator getAuthenticator(String oauthProviderName) throws NotFoundException { - OAuthAuthenticator oauth = providers.getAuthenticator(oauthProviderName); + OAuthAuthenticator oauth = oauth2Providers.getAuthenticator(oauthProviderName); if (oauth == null) { LOG.warn("Unsupported OAuth provider {} ", oauthProviderName); throw new NotFoundException("Unsupported OAuth provider " + oauthProviderName); diff --git a/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticator.java b/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticator.java index 863dece3c50..3abef8aa94e 100644 --- a/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticator.java +++ b/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticator.java @@ -243,6 +243,13 @@ String callback(final URL requestUrl) throws OAuthAuthenticationException { */ public abstract String getLocalAuthenticateUrl(); + /** + * Get endpoint URL. + * + * @return provider's endpoint URL + */ + public abstract String getEndpointUrl(); + /** * Compute the Authorization header to sign the OAuth 1 request. * diff --git a/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticatorProvider.java b/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticatorProvider.java index 4cc3d30ba2c..334ec25e667 100644 --- a/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticatorProvider.java +++ b/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticatorProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2018 Red Hat, Inc. + * Copyright (c) 2012-2023 Red Hat, Inc. * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 * which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -11,6 +11,8 @@ */ package org.eclipse.che.security.oauth1; +import static java.util.stream.Collectors.toUnmodifiableSet; + import java.util.HashMap; import java.util.Map; import java.util.Set; @@ -44,4 +46,15 @@ public OAuthAuthenticatorProvider(final Set oAuthAuthenticat public OAuthAuthenticator getAuthenticator(String oauthProviderName) { return oAuthAuthenticators.get(oauthProviderName); } + + /** + * Gets registered OAuth1 provider names + * + * @return set of registered OAuth1 provider names + */ + public Set getRegisteredProviderNames() { + return oAuthAuthenticators.keySet().stream() + .filter(key -> !"Noop".equals(key)) + .collect(toUnmodifiableSet()); + } } diff --git a/wsmaster/che-core-api-auth/src/test/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPITest.java b/wsmaster/che-core-api-auth/src/test/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPITest.java index 53670aa6e4c..54056d84f45 100644 --- a/wsmaster/che-core-api-auth/src/test/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPITest.java +++ b/wsmaster/che-core-api-auth/src/test/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPITest.java @@ -20,11 +20,14 @@ import static org.testng.Assert.assertEquals; import jakarta.ws.rs.core.Response; +import jakarta.ws.rs.core.UriBuilder; import jakarta.ws.rs.core.UriInfo; import java.lang.reflect.Field; import java.net.URI; +import java.util.Set; import org.eclipse.che.api.auth.shared.dto.OAuthToken; import org.eclipse.che.api.core.NotFoundException; +import org.eclipse.che.security.oauth.shared.dto.OAuthAuthenticatorDescriptor; import org.mockito.InjectMocks; import org.mockito.Mock; import org.mockito.testng.MockitoTestNGListener; @@ -35,7 +38,8 @@ @Listeners(value = MockitoTestNGListener.class) public class EmbeddedOAuthAPITest { - @Mock OAuthAuthenticatorProvider providers; + @Mock OAuthAuthenticatorProvider oauth2Providers; + @Mock org.eclipse.che.security.oauth1.OAuthAuthenticatorProvider oauth1Providers; @InjectMocks EmbeddedOAuthAPI embeddedOAuthAPI; @@ -51,7 +55,7 @@ public void shouldBeAbleToGetUserToken() throws Exception { String provider = "myprovider"; String token = "token123"; OAuthAuthenticator authenticator = mock(OAuthAuthenticator.class); - when(providers.getAuthenticator(eq(provider))).thenReturn(authenticator); + when(oauth2Providers.getAuthenticator(eq(provider))).thenReturn(authenticator); when(authenticator.getToken(anyString())).thenReturn(newDto(OAuthToken.class).withToken(token)); @@ -60,6 +64,26 @@ public void shouldBeAbleToGetUserToken() throws Exception { assertEquals(result.getToken(), token); } + @Test + public void shouldGetRegisteredAuthenticators() throws Exception { + // given + UriInfo uriInfo = mock(UriInfo.class); + when(uriInfo.getBaseUriBuilder()).thenReturn(UriBuilder.fromUri("http://eclipse.che")); + when(oauth2Providers.getRegisteredProviderNames()).thenReturn(Set.of("github")); + when(oauth1Providers.getRegisteredProviderNames()).thenReturn(Set.of("bitbucket")); + org.eclipse.che.security.oauth1.OAuthAuthenticator authenticator = + mock(org.eclipse.che.security.oauth1.OAuthAuthenticator.class); + when(oauth2Providers.getAuthenticator("github")).thenReturn(mock(OAuthAuthenticator.class)); + when(oauth1Providers.getAuthenticator("bitbucket")).thenReturn(authenticator); + + // when + Set registeredAuthenticators = + embeddedOAuthAPI.getRegisteredAuthenticators(uriInfo); + + // then + assertEquals(registeredAuthenticators.size(), 2); + } + @Test public void shouldEncodeRejectErrorForRedirectUrl() throws Exception { // given diff --git a/wsmaster/che-core-api-auth/src/test/java/org/eclipse/che/security/oauth1/OAuthAuthenticatorTest.java b/wsmaster/che-core-api-auth/src/test/java/org/eclipse/che/security/oauth1/OAuthAuthenticatorTest.java index ea1304ecaec..9310afed5d5 100644 --- a/wsmaster/che-core-api-auth/src/test/java/org/eclipse/che/security/oauth1/OAuthAuthenticatorTest.java +++ b/wsmaster/che-core-api-auth/src/test/java/org/eclipse/che/security/oauth1/OAuthAuthenticatorTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2021 Red Hat, Inc. + * Copyright (c) 2012-2023 Red Hat, Inc. * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 * which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -62,6 +62,11 @@ public String getOAuthProvider() { public String getLocalAuthenticateUrl() { return null; } + + @Override + public String getEndpointUrl() { + return null; + } }; }