From 5c789ca55f71a33725f2ad843f746953ca421360 Mon Sep 17 00:00:00 2001 From: Basil Crow Date: Sun, 12 Sep 2021 08:07:45 -0700 Subject: [PATCH] [JENKINS-66303] Prepare Gitlab Authentication for core Guava upgrade --- pom.xml | 4 + .../plugins/GitLabAuthenticationToken.java | 122 +++++++----------- 2 files changed, 50 insertions(+), 76 deletions(-) diff --git a/pom.xml b/pom.xml index 685c02d..e6d8934 100644 --- a/pom.xml +++ b/pom.xml @@ -79,6 +79,10 @@ + + io.jenkins.plugins + caffeine-api + org.jenkins-ci.plugins mailer diff --git a/src/main/java/org/jenkinsci/plugins/GitLabAuthenticationToken.java b/src/main/java/org/jenkinsci/plugins/GitLabAuthenticationToken.java index 8b13174..1dd9b19 100755 --- a/src/main/java/org/jenkinsci/plugins/GitLabAuthenticationToken.java +++ b/src/main/java/org/jenkinsci/plugins/GitLabAuthenticationToken.java @@ -27,20 +27,19 @@ of this software and associated documentation files (the "Software"), to deal package org.jenkinsci.plugins; import java.io.IOException; +import java.io.UncheckedIOException; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Set; -import java.util.concurrent.Callable; -import java.util.concurrent.ExecutionException; import java.util.concurrent.TimeUnit; import java.util.logging.Level; import java.util.logging.Logger; -import com.google.common.cache.Cache; -import com.google.common.cache.CacheBuilder; +import com.github.benmanes.caffeine.cache.Cache; +import com.github.benmanes.caffeine.cache.Caffeine; import org.acegisecurity.GrantedAuthority; import org.acegisecurity.GrantedAuthorityImpl; @@ -79,19 +78,19 @@ public class GitLabAuthenticationToken extends AbstractAuthenticationToken { /** * Cache for faster organization based security */ - private static final Cache> userOrganizationCache = CacheBuilder.newBuilder() + private static final Cache> userOrganizationCache = Caffeine.newBuilder() .expireAfterWrite(1, TimeUnit.HOURS).build(); - private static final Cache> repositoryCollaboratorsCache = CacheBuilder.newBuilder() + private static final Cache> repositoryCollaboratorsCache = Caffeine.newBuilder() .expireAfterWrite(1, TimeUnit.HOURS).build(); - private static final Cache> repositoriesByUserCache = CacheBuilder.newBuilder() + private static final Cache> repositoriesByUserCache = Caffeine.newBuilder() .expireAfterWrite(1, TimeUnit.HOURS).build(); - private static final Cache publicRepositoryCache = CacheBuilder.newBuilder() + private static final Cache publicRepositoryCache = Caffeine.newBuilder() .expireAfterWrite(1, TimeUnit.HOURS).build(); - private static final Cache> groupRepositoriesCache = CacheBuilder.newBuilder() + private static final Cache> groupRepositoriesCache = Caffeine.newBuilder() .expireAfterWrite(1, TimeUnit.HOURS).build(); private final List authorities = new ArrayList<>(); @@ -190,23 +189,20 @@ public GitlabUser getMyself() { * @return whether given candidate belongs to a given organization */ public boolean hasOrganizationPermission(String candidateName, String organization) { - try { - Set v = userOrganizationCache.get(candidateName, new Callable>() { - @Override - public Set call() throws Exception { - List groups = gitLabAPI.getGroups(); - Set groupsNames = new HashSet(); - for (GitlabGroup group : groups) { - groupsNames.add(group.getName()); - } - return groupsNames; + Set v = userOrganizationCache.get(candidateName, unused -> { + try { + List groups = gitLabAPI.getGroups(); + Set groupsNames = new HashSet(); + for (GitlabGroup group : groups) { + groupsNames.add(group.getName()); } - }); + return groupsNames; + } catch (IOException e) { + throw new UncheckedIOException("authorization failed for user = " + candidateName, e); + } + }); - return v.contains(organization); - } catch (ExecutionException e) { - throw new RuntimeException("authorization failed for user = " + candidateName, e); - } + return v != null && v.contains(organization); } public boolean hasRepositoryPermission(final String repositoryName) { @@ -214,18 +210,15 @@ public boolean hasRepositoryPermission(final String repositoryName) { } public Set myRepositories() { - try { - Set myRepositories = repositoriesByUserCache.get(getName(), new Callable>() { - @Override - public Set call() throws Exception { - // Get user's projects - List userRepositoryList = gitLabAPI.getProjects(); - Set repositoryNames = Collections.emptySet(); - if (userRepositoryList != null) { - repositoryNames = listToNames(userRepositoryList); - } - // Disable for security reason. - // If enabled, even group guest can manage all group jobs. + Set myRepositories = repositoriesByUserCache.get(getName(), unused -> { + // Get user's projects + List userRepositoryList = gitLabAPI.getProjects(); + Set repositoryNames = Collections.emptySet(); + if (userRepositoryList != null) { + repositoryNames = listToNames(userRepositoryList); + } + // Disable for security reason. + // If enabled, even group guest can manage all group jobs. // // Get user's groups // List userGroups = gitLabAPI.getGroups(); // if (userGroups != null) { @@ -237,18 +230,13 @@ public Set call() throws Exception { // } // } // } - return repositoryNames; - } - }); + return repositoryNames; + }); - return myRepositories; - } catch (ExecutionException e) { - LOGGER.log(Level.SEVERE, "an exception was thrown", e); - throw new RuntimeException("authorization failed for user = " + getName(), e); - } + return myRepositories; } - public Set listToNames(Collection repositories) throws IOException { + public Set listToNames(Collection repositories) { Set names = new HashSet(); for (GitlabProject repository : repositories) { // String ownerName = repository.getOwner().getUsername(); @@ -261,26 +249,18 @@ public Set listToNames(Collection repositories) throws IO } public boolean isPublicRepository(final String repositoryName) { - try { - Boolean isPublic = publicRepositoryCache.get(repositoryName, new Callable() { - @Override - public Boolean call() throws Exception { - GitlabProject repository = loadRepository(repositoryName); - if (repository == null) { - // We don't have access so it must not be public (it - // could be non-existant) - return Boolean.FALSE; - } else { - return Boolean.TRUE.equals(repository.isPublic()); - } - } - }); + Boolean isPublic = publicRepositoryCache.get(repositoryName, unused -> { + GitlabProject repository = loadRepository(repositoryName); + if (repository == null) { + // We don't have access so it must not be public (it + // could be non-existant) + return Boolean.FALSE; + } else { + return Boolean.TRUE.equals(repository.isPublic()); + } + }); - return isPublic.booleanValue(); - } catch (ExecutionException e) { - LOGGER.log(Level.SEVERE, "an exception was thrown", e); - throw new RuntimeException("authorization failed for user = " + getName(), e); - } + return isPublic != null && isPublic.booleanValue(); } private static final Logger LOGGER = Logger.getLogger(GitLabAuthenticationToken.class.getName()); @@ -349,18 +329,8 @@ public GitLabOAuthUserDetails getUserDetails(String username) { } public List getGroupProjects(final GitlabGroup group) { - try { - List groupProjects = groupRepositoriesCache.get(group.getFullPath(), new Callable>() { - @Override - public List call() throws Exception { - return gitLabAPI.getGroupProjects(group); - } - }); + List groupProjects = groupRepositoriesCache.get(group.getFullPath(), unused -> gitLabAPI.getGroupProjects(group)); - return groupProjects; - } catch (ExecutionException e) { - LOGGER.log(Level.SEVERE, "an exception was thrown", e); - throw new RuntimeException("authorization failed for user = " + getName(), e); - } + return groupProjects; } }