Skip to content

Commit

Permalink
fixup! Omit scm-username annotation from the PAT secret
Browse files Browse the repository at this point in the history
  • Loading branch information
vinokurig committed Jul 24, 2023
1 parent ea736d1 commit 75bf468
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 17 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -203,8 +203,19 @@ public Optional<Boolean> isValid(PersonalAccessToken personalAccessToken) {
}

try {
String[] scopes = githubApiClient.getTokenScopes(personalAccessToken.getToken()).second;
return Optional.of(containsScopes(scopes, DEFAULT_TOKEN_SCOPES));
if (personalAccessToken.getScmTokenName() != null
&& personalAccessToken.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
String[] scopes = githubApiClient.getTokenScopes(personalAccessToken.getToken()).second;
return Optional.of(containsScopes(scopes, DEFAULT_TOKEN_SCOPES));
} else {
// No REST API for PAT-s in Github found yet. Just try to do some action.
GithubUser user = githubApiClient.getUser(personalAccessToken.getToken());
if (personalAccessToken.getScmUserName().equals(user.getLogin())) {
return Optional.of(Boolean.TRUE);
} else {
return Optional.of(Boolean.FALSE);
}
}
} catch (ScmItemNotFoundException | ScmCommunicationException | ScmBadRequestException e) {
return Optional.of(Boolean.FALSE);
}
Expand All @@ -217,11 +228,18 @@ public Optional<Pair<Boolean, String>> isValid(PersonalAccessTokenParams params)
return Optional.empty();
}
try {
Pair<String, String[]> pair = githubApiClient.getTokenScopes(params.getToken());
return Optional.of(
Pair.of(
containsScopes(pair.second, DEFAULT_TOKEN_SCOPES) ? Boolean.TRUE : Boolean.FALSE,
pair.first));
if (params.getScmTokenName() != null && params.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
Pair<String, String[]> pair = githubApiClient.getTokenScopes(params.getToken());
return Optional.of(
Pair.of(
containsScopes(pair.second, DEFAULT_TOKEN_SCOPES) ? Boolean.TRUE : Boolean.FALSE,
pair.first));
} else {
// TODO: add PAT scope validation
// No REST API for PAT-s in Github found yet. Just try to do some action.
GithubUser user = githubApiClient.getUser(params.getToken());
return Optional.of(Pair.of(Boolean.TRUE, user.getLogin()));
}
} catch (ScmItemNotFoundException | ScmCommunicationException | ScmBadRequestException e) {
return Optional.empty();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -193,18 +193,20 @@ public Optional<Pair<Boolean, String>> isValid(PersonalAccessTokenParams params)
}
try {
GitlabUser user = gitlabApiClient.getUser(params.getToken());
String[] scopes;
if (params.getScmTokenName() != null && params.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
scopes = gitlabApiClient.getOAuthTokenInfo(params.getToken()).getScope();
} else {
scopes = gitlabApiClient.getPersonalAccessTokenInfo(params.getToken()).getScopes();
// validation OAuth token by special API call
GitlabOauthTokenInfo info = gitlabApiClient.getOAuthTokenInfo(params.getToken());
return Optional.of(
Pair.of(
Sets.newHashSet(info.getScope()).containsAll(DEFAULT_TOKEN_SCOPES)
? Boolean.TRUE
: Boolean.FALSE,
user.getUsername()));
}
return Optional.of(
Pair.of(
Sets.newHashSet(scopes).containsAll(DEFAULT_TOKEN_SCOPES)
? Boolean.TRUE
: Boolean.FALSE,
user.getUsername()));
// validating personal access token from secret. Since PAT API is accessible only in
// latest GitLab version, we just perform check by accessing something from API.
// TODO: add PAT scope validation
return Optional.of(Pair.of(Boolean.TRUE, user.getUsername()));
} catch (ScmItemNotFoundException | ScmCommunicationException | ScmBadRequestException e) {
return Optional.empty();
}
Expand Down

0 comments on commit 75bf468

Please sign in to comment.