Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explicitly set Bitbucket Server provider name, fix GitHub url parser #689

Merged
merged 3 commits into from
Jun 8, 2024
Merged

Explicitly set Bitbucket Server provider name, fix GitHub url parser #689

merged 3 commits into from
Jun 8, 2024

Conversation

vinokurig
Copy link
Contributor

@vinokurig vinokurig commented May 31, 2024
edited
Loading

What does this PR do?

  • Return 'bitbucket-server' on oauth list request if the provider is Bitbucket server. If the provider is Bitbucket SAAS, return bitbucket.
  • Do not test GitHub repository urls with user request if the url is a GitHub SAAS url.

Screenshot/screencast of this PR

What issues does this PR fix or reference?

eclipse-che/che#22971

How to test this PR?

  1. Deploy che with the PR image: quay.io/eclipse/che-server:pr-689
  2. Configure BitBucket server oauth2.
  3. Call <che-endpoint/api/oauth> api request, see: the provider name is bitbucket-server`
  4. Re-configure the oauth secret to BitBucket SAAS.
  5. Call <che-endpoint/api/oauth> api request, see: the provider name is bitbucket`

PR Checklist

As the author of this Pull Request I made sure that:

Reviewers

Reviewers, please comment how you tested the PR when approving it.

@vinokurig
Specify Bitbucket Server provider naem, fix GitHub url parser
fa88e1e 
Signed-off-by: ivinokur <ivinokur@redhat.com>
@vinokurig vinokurig mentioned this pull request May 31, 2024
Merged
ibuziuk
ibuziuk reviewed Jun 6, 2024
View reviewed changes
...auth-bitbucket/src/main/java/org/eclipse/che/security/oauth/BitbucketOAuthAuthenticator.java Outdated
@@ -52,7 +54,7 @@ public String getAuthenticateUrl(URL requestUrl, List<String> scopes) {

@Override
public final String getOAuthProvider() {
return "bitbucket";
return BITBUCKET_CLOUD_ENDPOINT.equals(bitbucketEndpoint) ? "bitbucket" : "bitbucket-server";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we extract consts as well for bitbucket / bitbucket-server ? would be nice to add comments java docs as well

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

ibuziuk
ibuziuk approved these changes Jun 6, 2024
View reviewed changes
Copy link
Member

@ibuziuk ibuziuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor comments about consts extractions

@openshift-ci openshift-ci bot added lgtm and removed lgtm labels Jun 6, 2024
tolusha
tolusha approved these changes Jun 6, 2024
View reviewed changes
...-common/src/main/java/org/eclipse/che/api/factory/server/github/AbstractGithubURLParser.java
// Try to call an API request to see if the URL matches GitHub.
|| isApiRequestRelevant(trimmedUrl);
// Try to call an API request to see if the URL matches self-hosted GitHub Enterprise.
|| (!GITHUB_SAAS_ENDPOINT.equals(endpoint) && isApiRequestRelevant(trimmedUrl));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we rename isApiRequestRelevant to isGitHubServerURLValid ?
Add some comments please:

// We need to check if the given URL is a valid GitHub URL.
 // 1. Check if the given URL matches the GitHub URL patterns. It works if OAuth is configured and
 // GitHub server URL is known or the repository URL points to GitHub SaaS (https://github.com).
 // 2. Check whether PAT is configured for the GitHub server URL. It is sufficient to confirm that the URL
 // is a valid GitHub URL.
 // 3. Check if the given URL is a valid GitHub URL by reaching the endpoint of the GitHub server and
 // Analysing the response. This query basically only needs to be performed if the specified repository URL
 // does not point to GitHub SaaS.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we rename isApiRequestRelevant to isGitHubServerURLValid ?

I think that isApiRequestRelevant is a more specific name. We already validate the GitHub Server url on each step:

  1. The GitHub Server url might be configured so the regex will detect it.
  2. A user token secret from the GitHub Server might be present.
  3. If all the checks above returned false, we finally send a test request.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added the javadocs to the corresponding steps.

@openshift-ci openshift-ci bot added the lgtm label Jun 6, 2024
@vinokurig vinokurig mentioned this pull request Jun 6, 2024
Merged
@openshift-ci openshift-ci bot removed the lgtm label Jun 7, 2024
@artaleks9
Copy link
Contributor

Verified on Eclipse Che with quay.io/eclipse/che-server:pr-689 - the functionality works properly

Responses on the <che-endpoint/api/oauth> API requests:

[{"name":"bitbucket-server","endpointUrl":"https://bitbucket-bitbucket.apps.ds-airgap-v16.crw-qe.com","links":[{"method":"GET","parameters":[{"name":"oauth_provider","defaultValue":"bitbucket-server","required":true,"valid":[]},{"name":"mode","defaultValue":"federated_login","required":true,"valid":[]}],"rel":"Authenticate URL","href":"https://eclipse-che.apps.cluster-hx4vv.dynamic.redhatworkshops.io/api/oauth/authenticate"}]}]

-------

[{"name":"bitbucket","endpointUrl":"https://bitbucket.org","links":[{"method":"GET","parameters":[{"name":"oauth_provider","defaultValue":"bitbucket","required":true,"valid":[]},{"name":"mode","defaultValue":"federated_login","required":true,"valid":[]}],"rel":"Authenticate URL","href":"https://eclipse-che.apps.cluster-hx4vv.dynamic.redhatworkshops.io/api/oauth/authenticate"}]}]

@openshift-ci openshift-ci bot added the lgtm label Jun 7, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jun 7, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: artaleks9, ibuziuk, tolusha, vinokurig

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@vinokurig vinokurig merged commit fc37de3 into main Jun 8, 2024
28 checks passed
@vinokurig vinokurig deleted the che-22971 branch June 8, 2024 13:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ibuziuk ibuziuk ibuziuk approved these changes

@tolusha tolusha tolusha approved these changes

@artaleks9 artaleks9 artaleks9 approved these changes

@SDawley SDawley Awaiting requested review from SDawley SDawley is a code owner

Assignees

@ibuziuk ibuziuk

@tolusha tolusha

@artaleks9 artaleks9

Labels
lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vinokurig @artaleks9 @ibuziuk @tolusha