diff --git a/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManager.java b/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManager.java index 18c825cce7..8d8880912c 100644 --- a/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManager.java +++ b/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManager.java @@ -71,8 +71,14 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken public static final String ANNOTATION_SCM_ORGANIZATION = "che.eclipse.org/scm-organization"; public static final String ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID = "che.eclipse.org/scm-personal-access-token-id"; + public static final String ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_IS_OAUTH = + "che.eclipse.org/scm-personal-access-token-is-oauth"; + + @Deprecated + // This annotation is deprecated and will be removed in the future. public static final String ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME = "che.eclipse.org/scm-personal-access-token-name"; + public static final String ANNOTATION_SCM_URL = "che.eclipse.org/scm-url"; public static final String TOKEN_DATA_FIELD = "token"; @@ -112,9 +118,6 @@ public void store(PersonalAccessToken personalAccessToken) .put( ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID, personalAccessToken.getScmTokenId()) - .put( - ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME, - personalAccessToken.getScmTokenName()) .build()) .withLabels(SECRET_LABELS) .build(); @@ -214,7 +217,9 @@ private List doGetPersonalAccessTokens( PersonalAccessToken personalAccessToken = new PersonalAccessToken( personalAccessTokenParams.getScmProviderUrl(), - getScmProviderName(personalAccessTokenParams), + getScmProviderName( + personalAccessTokenParams.getScmProviderName(), + personalAccessTokenParams.getScmTokenName()), secretAnnotations.get(ANNOTATION_CHE_USERID), personalAccessTokenParams.getOrganization(), scmUsername.get(), @@ -273,13 +278,12 @@ private List doGetPersonalAccessTokenSecrets(KubernetesNamespaceMeta nam * This is used to support back compatibility with the old token secrets, which do not have the * 'che.eclipse.org/scm-provider-name' annotation. * - * @param params the parameters of the personal access token + * @param providerName the name of the SCM provider + * @param tokenName the name of the token * @return the name of the SCM provider */ - private String getScmProviderName(PersonalAccessTokenParams params) { - return isNullOrEmpty(params.getScmProviderName()) - ? params.getScmTokenName() - : params.getScmProviderName(); + private String getScmProviderName(@Nullable String providerName, String tokenName) { + return isNullOrEmpty(providerName) ? tokenName : providerName; } private boolean deleteSecretIfMisconfigured(Secret secret) throws InfrastructureException { @@ -289,8 +293,8 @@ private boolean deleteSecretIfMisconfigured(Secret secret) throws Infrastructure LOG.debug("SCM server URL: {}", configuredScmServerUrl); String configuredCheUserId = secretAnnotations.get(ANNOTATION_CHE_USERID); LOG.debug("Che user ID: {}", configuredCheUserId); - String configuredOAuthProviderName = - secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME); + String providerName = secretAnnotations.get(ANNOTATION_SCM_PROVIDER_NAME); + String configuredOAuthProviderName = getScmProviderName(providerName, getTokenName(secret)); LOG.debug("OAuth provider name: {}", configuredOAuthProviderName); // if any of the required annotations is missing, the secret is not valid @@ -309,24 +313,42 @@ private boolean deleteSecretIfMisconfigured(Secret secret) throws Infrastructure return false; } + /** + * Returns the token name. If the token name is not set, the name of the secret in format: + * personal-access-token- is used. This is used to support back compatibility with the + * old token secrets, which do not have the 'che.eclipse.org/scm-provider-name' annotation, but + * have the deprecated 'che.eclipse.org/scm-personal-access-token-name' annotation. + * + * @param secret the secret + * @return the token name + */ + private String getTokenName(Secret secret) { + String tokenName = + secret.getMetadata().getAnnotations().get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME); + String secretName = secret.getMetadata().getName(); + return isNullOrEmpty(tokenName) + ? secretName.substring(secretName.lastIndexOf("-") + 1) + : tokenName; + } + private PersonalAccessTokenParams secret2PersonalAccessTokenParams(Secret secret) { Map secretAnnotations = secret.getMetadata().getAnnotations(); String token = new String(Base64.getDecoder().decode(secret.getData().get("token"))).trim(); - String configuredOAuthTokenName = - secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME); String configuredTokenId = secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID); String configuredScmOrganization = secretAnnotations.get(ANNOTATION_SCM_ORGANIZATION); String configuredScmServerUrl = secretAnnotations.get(ANNOTATION_SCM_URL); String configuredScmProviderName = secretAnnotations.get(ANNOTATION_SCM_PROVIDER_NAME); + String configuredIsOauth = secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_IS_OAUTH); return new PersonalAccessTokenParams( trimEnd(configuredScmServerUrl, '/'), configuredScmProviderName, - configuredOAuthTokenName, + getTokenName(secret), configuredTokenId, token, - configuredScmOrganization); + configuredScmOrganization, + Boolean.parseBoolean(configuredIsOauth)); } private boolean isSecretMatchesSearchCriteria( @@ -337,8 +359,8 @@ private boolean isSecretMatchesSearchCriteria( Map secretAnnotations = secret.getMetadata().getAnnotations(); String configuredScmServerUrl = secretAnnotations.get(ANNOTATION_SCM_URL); String configuredCheUserId = secretAnnotations.get(ANNOTATION_CHE_USERID); - String configuredOAuthProviderName = - secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME); + String providerName = secretAnnotations.get(ANNOTATION_SCM_PROVIDER_NAME); + String configuredOAuthProviderName = getScmProviderName(providerName, getTokenName(secret)); return (configuredCheUserId.equals(cheUser.getUserId())) && (oAuthProviderName == null || oAuthProviderName.equals(configuredOAuthProviderName)) @@ -391,8 +413,7 @@ private void removePreviousTokenSecretsIfPresent(String scmServerUrl) @Override public void storeGitCredentials(String scmServerUrl) - throws UnsatisfiedScmPreconditionException, ScmConfigurationPersistenceException, - ScmCommunicationException, ScmUnauthorizedException { + throws UnsatisfiedScmPreconditionException, ScmConfigurationPersistenceException { Subject subject = EnvironmentContext.getCurrent().getSubject(); Optional tokenOptional = get(subject, scmServerUrl); if (tokenOptional.isPresent()) { diff --git a/infrastructures/infrastructure-factory/src/test/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManagerTest.java b/infrastructures/infrastructure-factory/src/test/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManagerTest.java index 703accfdf9..a555f83ac3 100644 --- a/infrastructures/infrastructure-factory/src/test/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManagerTest.java +++ b/infrastructures/infrastructure-factory/src/test/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManagerTest.java @@ -102,10 +102,11 @@ public void shouldTrimBlankCharsInToken() throws Exception { ObjectMeta meta1 = new ObjectMetaBuilder() + .withName(NAME_PATTERN + "token_name") .withCreationTimestamp("2021-07-01T12:00:00Z") .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user", @@ -186,10 +187,11 @@ public void testGetTokenFromNamespace() throws Exception { ObjectMeta meta1 = new ObjectMetaBuilder() + .withName(NAME_PATTERN + "token_name_1") .withCreationTimestamp("2021-07-01T12:00:00Z") .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -198,10 +200,11 @@ public void testGetTokenFromNamespace() throws Exception { .build(); ObjectMeta meta2 = new ObjectMetaBuilder() + .withName(NAME_PATTERN + "token_name_2") .withCreationTimestamp("2021-07-02T12:00:00Z") .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -210,10 +213,11 @@ public void testGetTokenFromNamespace() throws Exception { .build(); ObjectMeta meta3 = new ObjectMetaBuilder() + .withName(NAME_PATTERN + "token_name_3") .withCreationTimestamp("2021-07-03T12:00:00Z") .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user2", @@ -257,9 +261,10 @@ public void shouldGetTokenFromASecretWithSCMUsername() throws Exception { ObjectMeta metaData = new ObjectMetaBuilder() + .withName(NAME_PATTERN + "token_name") .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -302,6 +307,53 @@ public void shouldGetTokenFromASecretWithoutSCMUsername() throws Exception { ObjectMeta metaData = new ObjectMetaBuilder() + .withName(NAME_PATTERN + "token_name") + .withAnnotations( + Map.of( + ANNOTATION_SCM_PROVIDER_NAME, + "github", + ANNOTATION_CHE_USERID, + "user1", + ANNOTATION_SCM_URL, + "http://host1")) + .build(); + + Secret secret = new SecretBuilder().withMetadata(metaData).withData(data).build(); + + when(secrets.get(any(LabelSelector.class))).thenReturn(singletonList(secret)); + + // when + Optional tokenOptional = + personalAccessTokenManager.get( + new SubjectImpl("user", "user1", "t1", false), "http://host1"); + + // then + assertTrue(tokenOptional.isPresent()); + assertEquals(tokenOptional.get().getCheUserId(), "user1"); + assertEquals(tokenOptional.get().getScmProviderUrl(), "http://host1"); + assertEquals(tokenOptional.get().getToken(), "token1"); + } + + // TODO remove this test after removing the deprecated scm-personal-access-token-name annotation + @Test + public void shouldGetTokenFromASecretWithTokenNameButWithoutProviderAnnotation() + throws Exception { + + KubernetesNamespaceMeta meta = new KubernetesNamespaceMetaImpl("test"); + when(namespaceFactory.list()).thenReturn(singletonList(meta)); + KubernetesNamespace kubernetesnamespace = Mockito.mock(KubernetesNamespace.class); + KubernetesSecrets secrets = Mockito.mock(KubernetesSecrets.class); + when(namespaceFactory.access(eq(null), eq(meta.getName()))).thenReturn(kubernetesnamespace); + when(kubernetesnamespace.secrets()).thenReturn(secrets); + when(scmPersonalAccessTokenFetcher.getScmUsername(any(PersonalAccessTokenParams.class))) + .thenReturn(Optional.of("user")); + + Map data = + Map.of("token", Base64.getEncoder().encodeToString("token1".getBytes(UTF_8))); + + ObjectMeta metaData = + new ObjectMetaBuilder() + .withName(NAME_PATTERN + "token_name") .withAnnotations( Map.of( ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME, @@ -347,10 +399,11 @@ public void testGetTokenFromNamespaceWithTrailingSlashMismatch() throws Exceptio ObjectMeta meta1 = new ObjectMetaBuilder() + .withName(NAME_PATTERN + "token_name_1") .withCreationTimestamp("2021-07-01T12:00:00Z") .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -359,10 +412,11 @@ public void testGetTokenFromNamespaceWithTrailingSlashMismatch() throws Exceptio .build(); ObjectMeta meta2 = new ObjectMetaBuilder() + .withName(NAME_PATTERN + "token_name_2") .withCreationTimestamp("2021-08-01T12:00:00Z") .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -406,13 +460,10 @@ public void shouldDeleteMisconfiguredTokensOnGet() throws Exception { Map.of("token", Base64.getEncoder().encodeToString("token1".getBytes(UTF_8))); ObjectMeta meta1 = new ObjectMetaBuilder() + .withName(NAME_PATTERN + "token_name") .withNamespace("test") .withAnnotations( - Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME, - "github", - ANNOTATION_CHE_USERID, - "user1")) + Map.of(ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1")) .build(); Secret secret1 = new SecretBuilder().withMetadata(meta1).withData(data1).build(); when(secrets.get(any(LabelSelector.class))).thenReturn(Arrays.asList(secret1)); @@ -443,9 +494,10 @@ public void shouldDeleteInvalidTokensOnGet() throws Exception { Map.of("token", Base64.getEncoder().encodeToString("token1".getBytes(UTF_8))); ObjectMeta meta1 = new ObjectMetaBuilder() + .withName(NAME_PATTERN + "token_name") .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -491,10 +543,11 @@ public void shouldReturnFirstValidTokenAndDeleteTheInvalidOne() throws Exception Map.of("token", Base64.getEncoder().encodeToString("token2".getBytes(UTF_8))); ObjectMeta meta1 = new ObjectMetaBuilder() + .withName(NAME_PATTERN + "token_name_1") .withCreationTimestamp("2021-07-01T12:00:00Z") .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -505,10 +558,11 @@ public void shouldReturnFirstValidTokenAndDeleteTheInvalidOne() throws Exception .build(); ObjectMeta meta2 = new ObjectMetaBuilder() + .withName(NAME_PATTERN + "token_name_2") .withCreationTimestamp("2021-07-02T12:00:00Z") .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", diff --git a/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcher.java b/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcher.java index 5721dbf3af..43a05e318a 100644 --- a/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcher.java +++ b/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcher.java @@ -108,7 +108,8 @@ private PersonalAccessToken fetchOrRefreshPersonalAccessToken( tokenName, tokenId, oAuthToken.getToken(), - null)); + null, + true)); if (valid.isEmpty()) { throw buildScmUnauthorizedException(cheSubject); } else if (!valid.get().first) { diff --git a/wsmaster/che-core-api-factory-bitbucket/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcher.java b/wsmaster/che-core-api-factory-bitbucket/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcher.java index 5ad3380f31..200536e294 100644 --- a/wsmaster/che-core-api-factory-bitbucket/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcher.java +++ b/wsmaster/che-core-api-factory-bitbucket/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcher.java @@ -117,7 +117,8 @@ private PersonalAccessToken fetchOrRefreshPersonalAccessToken( tokenName, tokenId, oAuthToken.getToken(), - null)); + null, + true)); if (valid.isEmpty()) { throw buildScmUnauthorizedException(cheSubject); } else if (!valid.get().first) { diff --git a/wsmaster/che-core-api-factory-bitbucket/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcherTest.java b/wsmaster/che-core-api-factory-bitbucket/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcherTest.java index 04ffb68bbf..ba806a53cb 100644 --- a/wsmaster/che-core-api-factory-bitbucket/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcherTest.java +++ b/wsmaster/che-core-api-factory-bitbucket/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcherTest.java @@ -92,7 +92,8 @@ public void shouldNotValidateSCMServerWithTrailingSlash() throws Exception { "scmTokenName", "scmTokenId", bitbucketOauthToken, - null); + null, + true); assertTrue( bitbucketPersonalAccessTokenFetcher.isValid(personalAccessTokenParams).isEmpty(), "Should not validate SCM server with trailing /"); @@ -175,7 +176,8 @@ public void shouldValidatePersonalToken() throws Exception { "params-name", "tid-23434", bitbucketOauthToken, - null); + null, + true); Optional> valid = bitbucketPersonalAccessTokenFetcher.isValid(params); assertTrue(valid.isPresent()); @@ -202,7 +204,8 @@ public void shouldValidateOauthToken() throws Exception { OAUTH_2_PREFIX + "-params-name", "tid-23434", bitbucketOauthToken, - null); + null, + true); Optional> valid = bitbucketPersonalAccessTokenFetcher.isValid(params); assertTrue(valid.isPresent()); @@ -220,7 +223,8 @@ public void shouldNotValidateExpiredOauthToken() throws Exception { OAUTH_2_PREFIX + "-token-name", "tid-23434", bitbucketOauthToken, - null); + null, + true); assertFalse(bitbucketPersonalAccessTokenFetcher.isValid(params).isPresent()); } diff --git a/wsmaster/che-core-api-factory-github-common/src/main/java/org/eclipse/che/api/factory/server/github/AbstractGithubPersonalAccessTokenFetcher.java b/wsmaster/che-core-api-factory-github-common/src/main/java/org/eclipse/che/api/factory/server/github/AbstractGithubPersonalAccessTokenFetcher.java index df0f70c64f..e4503ec300 100644 --- a/wsmaster/che-core-api-factory-github-common/src/main/java/org/eclipse/che/api/factory/server/github/AbstractGithubPersonalAccessTokenFetcher.java +++ b/wsmaster/che-core-api-factory-github-common/src/main/java/org/eclipse/che/api/factory/server/github/AbstractGithubPersonalAccessTokenFetcher.java @@ -156,7 +156,8 @@ public PersonalAccessToken fetchPersonalAccessToken(Subject cheSubject, String s tokenName, tokenId, oAuthToken.getToken(), - null)); + null, + true)); if (valid.isEmpty()) { throw buildScmUnauthorizedException(cheSubject); } else if (!valid.get().first) { @@ -227,7 +228,7 @@ public Optional> isValid(PersonalAccessTokenParams params) // The url from the token has the same url as the api client, no need to create a new one. apiClient = githubApiClient; } else { - if (OAUTH_PROVIDER_NAME.equals(params.getScmTokenName())) { + if (OAUTH_PROVIDER_NAME.equals(params.getScmProviderName())) { apiClient = new GithubApiClient(params.getScmProviderUrl()); } else { LOG.debug("not a valid url {} for current fetcher ", params.getScmProviderUrl()); @@ -235,7 +236,7 @@ public Optional> isValid(PersonalAccessTokenParams params) } } try { - if (params.getScmTokenName() != null && params.getScmTokenName().startsWith(OAUTH_2_PREFIX)) { + if (params.isOauthToken()) { Pair pair = apiClient.getTokenScopes(params.getToken()); return Optional.of( Pair.of( diff --git a/wsmaster/che-core-api-factory-github/src/test/java/org/eclipse/che/api/factory/server/github/GithubPersonalAccessTokenFetcherTest.java b/wsmaster/che-core-api-factory-github/src/test/java/org/eclipse/che/api/factory/server/github/GithubPersonalAccessTokenFetcherTest.java index 2193a349ec..b81c5e254a 100644 --- a/wsmaster/che-core-api-factory-github/src/test/java/org/eclipse/che/api/factory/server/github/GithubPersonalAccessTokenFetcherTest.java +++ b/wsmaster/che-core-api-factory-github/src/test/java/org/eclipse/che/api/factory/server/github/GithubPersonalAccessTokenFetcherTest.java @@ -96,7 +96,8 @@ public void shouldNotValidateSCMServerWithTrailingSlash() throws Exception { "scmTokenName", "scmTokenId", githubOauthToken, - null); + null, + true); assertTrue( githubPATFetcher.isValid(personalAccessTokenParams).isEmpty(), "Should not validate SCM server with trailing /"); @@ -218,7 +219,13 @@ public void shouldValidatePersonalToken() throws Exception { PersonalAccessTokenParams params = new PersonalAccessTokenParams( - wireMockServer.url("/"), "provider", "token-name", "tid-23434", githubOauthToken, null); + wireMockServer.url("/"), + "provider", + "token-name", + "tid-23434", + githubOauthToken, + null, + true); Optional> valid = githubPATFetcher.isValid(params); assertTrue(valid.isPresent()); @@ -245,7 +252,8 @@ public void shouldValidateOauthToken() throws Exception { OAUTH_2_PREFIX + "-params-name", "tid-23434", githubOauthToken, - null); + null, + true); Optional> valid = githubPATFetcher.isValid(params); assertTrue(valid.isPresent()); @@ -263,7 +271,8 @@ public void shouldNotValidateExpiredOauthToken() throws Exception { OAUTH_2_PREFIX + "-token-name", "tid-23434", githubOauthToken, - null); + null, + true); assertFalse(githubPATFetcher.isValid(params).isPresent()); } diff --git a/wsmaster/che-core-api-factory-gitlab/src/main/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcher.java b/wsmaster/che-core-api-factory-gitlab/src/main/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcher.java index c5e59cd2d9..efcd6cc23b 100644 --- a/wsmaster/che-core-api-factory-gitlab/src/main/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcher.java +++ b/wsmaster/che-core-api-factory-gitlab/src/main/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcher.java @@ -131,7 +131,8 @@ private PersonalAccessToken fetchOrRefreshPersonalAccessToken( tokenName, tokenId, oAuthToken.getToken(), - null)); + null, + true)); if (valid.isEmpty()) { throw buildScmUnauthorizedException(cheSubject); } else if (!valid.get().first) { diff --git a/wsmaster/che-core-api-factory-gitlab/src/test/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcherTest.java b/wsmaster/che-core-api-factory-gitlab/src/test/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcherTest.java index 45aab1561b..8ee2526764 100644 --- a/wsmaster/che-core-api-factory-gitlab/src/test/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcherTest.java +++ b/wsmaster/che-core-api-factory-gitlab/src/test/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcherTest.java @@ -184,7 +184,8 @@ public void shouldValidateOAuthToken() throws Exception { "oauth2-token-name", "tid-23434", "token123", - null); + null, + true); Optional> valid = oAuthTokenFetcher.isValid(params); diff --git a/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/PersonalAccessTokenParams.java b/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/PersonalAccessTokenParams.java index 3b06b65b6f..bb16edede3 100644 --- a/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/PersonalAccessTokenParams.java +++ b/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/PersonalAccessTokenParams.java @@ -20,19 +20,23 @@ public class PersonalAccessTokenParams { private final String token; private final String organization; + private final boolean isOauthToken; + public PersonalAccessTokenParams( String scmProviderUrl, String scmProviderName, String scmTokenName, String scmTokenId, String token, - String organization) { + String organization, + boolean isOauthToken) { this.scmProviderUrl = scmProviderUrl; this.scmProviderName = scmProviderName; this.scmTokenName = scmTokenName; this.scmTokenId = scmTokenId; this.token = token; this.organization = organization; + this.isOauthToken = isOauthToken; } public String getScmProviderUrl() { @@ -51,6 +55,10 @@ public String getScmTokenName() { return scmTokenName; } + public boolean isOauthToken() { + return isOauthToken; + } + public String getScmTokenId() { return scmTokenId; }