eclipse-che · vinokurig · Jun 29, 2022 · Jun 10, 2022 · Jun 17, 2022 · Jun 22, 2022
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -135,6 +135,13 @@ public Optional<PersonalAccessToken> get(Subject cheUser, String scmServerUrl)
       throws ScmConfigurationPersistenceException, ScmUnauthorizedException,
           ScmCommunicationException {
 
+    return get(cheUser, scmServerUrl, true);
+  }
+
+  @Override
+  public Optional<PersonalAccessToken> get(Subject cheUser, String scmServerUrl, boolean validate)
+      throws ScmConfigurationPersistenceException, ScmUnauthorizedException,
+          ScmCommunicationException {
     try {
       for (KubernetesNamespaceMeta namespaceMeta : namespaceFactory.list()) {
         List<Secret> secrets =
@@ -156,7 +163,7 @@ public Optional<PersonalAccessToken> get(Subject cheUser, String scmServerUrl)
                     annotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME),
                     annotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID),
                     new String(Base64.getDecoder().decode(secret.getData().get("token"))));
-            if (scmPersonalAccessTokenFetcher.isValid(token)) {
+            if (!validate || scmPersonalAccessTokenFetcher.isValid(token)) {
               return Optional.of(token);
             } else {
               // Removing token that is no longer valid. If several tokens exist the next one could

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -49,7 +49,6 @@ public String computeAuthorizationHeader(String userId, String requestMethod, St
 
   @Override
   public String getLocalAuthenticateUrl() {
-    throw new RuntimeException(
-        "The fallback noop authenticator cannot be used for authentication. Make sure OAuth is properly configured.");
+    return "Empty URL";
 personalAccessToken.getScmProviderUrl(), new NoopOAuthAuthenticator()); 
 personalAccessToken.getScmProviderUrl(), new NoopOAuthAuthenticator()); 
   }
 }
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -25,6 +25,8 @@
 import org.eclipse.che.api.factory.server.bitbucket.server.BitbucketPersonalAccessToken;
 import org.eclipse.che.api.factory.server.bitbucket.server.BitbucketServerApiClient;
 import org.eclipse.che.api.factory.server.bitbucket.server.BitbucketUser;
+import org.eclipse.che.api.factory.server.bitbucket.server.HttpBitbucketServerApiClient;
+import org.eclipse.che.api.factory.server.bitbucket.server.NoopBitbucketServerApiClient;
 import org.eclipse.che.api.factory.server.scm.PersonalAccessToken;
 import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenFetcher;
 import org.eclipse.che.api.factory.server.scm.exception.ScmBadRequestException;
@@ -33,6 +35,7 @@
 import org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException;
 import org.eclipse.che.commons.env.EnvironmentContext;
 import org.eclipse.che.commons.subject.Subject;
+import org.eclipse.che.security.oauth1.NoopOAuthAuthenticator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -103,6 +106,20 @@ public PersonalAccessToken fetchPersonalAccessToken(Subject cheUser, String scmS
   @Override
   public Optional<Boolean> isValid(PersonalAccessToken personalAccessToken)
       throws ScmCommunicationException, ScmUnauthorizedException {
+    // If BitBucket oAuth is not configured try to find a manually added user namespace token.
+    if (bitbucketServerApiClient instanceof NoopBitbucketServerApiClient
+        && personalAccessToken.getScmTokenName().equals("bitbucket-server")) {
+      HttpBitbucketServerApiClient apiClient =
+          new HttpBitbucketServerApiClient(
+              personalAccessToken.getScmProviderUrl(), new NoopOAuthAuthenticator());
+      try {
+        apiClient.getUser(personalAccessToken.getScmUserName(), personalAccessToken.getToken());
+        return Optional.of(Boolean.TRUE);
+      } catch (ScmItemNotFoundException exception) {
+        // Even if the user not found, it means the token is valid.
+        return Optional.of(Boolean.TRUE);
+      }
+    }
     if (!bitbucketServerApiClient.isConnected(personalAccessToken.getScmProviderUrl())) {
       LOG.debug("not a valid url {} for current fetcher ", personalAccessToken.getScmProviderUrl());
       return Optional.empty();

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -17,13 +17,20 @@
 import jakarta.validation.constraints.NotNull;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Optional;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import javax.inject.Inject;
 import javax.inject.Named;
 import javax.inject.Singleton;
+import org.eclipse.che.api.factory.server.scm.PersonalAccessToken;
+import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
+import org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException;
+import org.eclipse.che.api.factory.server.scm.exception.ScmConfigurationPersistenceException;
+import org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException;
 import org.eclipse.che.api.factory.server.urlfactory.DevfileFilenamesProvider;
 import org.eclipse.che.commons.annotation.Nullable;
+import org.eclipse.che.commons.env.EnvironmentContext;
 import org.eclipse.che.commons.lang.StringUtils;
 
 /**
@@ -35,15 +42,18 @@
 public class BitbucketURLParser {
 
   private final DevfileFilenamesProvider devfileFilenamesProvider;
+  private final PersonalAccessTokenManager personalAccessTokenManager;
   private static final String bitbucketUrlPatternTemplate =
       "^(?<host>%s)/scm/(?<project>[^/]++)/(?<repo>[^.]++).git(\\?at=)?(?<branch>[\\w\\d-_]*)";
   private final List<Pattern> bitbucketUrlPatterns = new ArrayList<>();
 
   @Inject
   public BitbucketURLParser(
       @Nullable @Named("che.integration.bitbucket.server_endpoints") String bitbucketEndpoints,
-      DevfileFilenamesProvider devfileFilenamesProvider) {
+      DevfileFilenamesProvider devfileFilenamesProvider,
+      PersonalAccessTokenManager personalAccessTokenManager) {
     this.devfileFilenamesProvider = devfileFilenamesProvider;
+    this.personalAccessTokenManager = personalAccessTokenManager;
     if (bitbucketEndpoints != null) {
       for (String bitbucketEndpoint : Splitter.on(",").split(bitbucketEndpoints)) {
         String trimmedEndpoint = StringUtils.trimEnd(bitbucketEndpoint, '/');
@@ -54,8 +64,27 @@ public BitbucketURLParser(
   }
 
   public boolean isValid(@NotNull String url) {
-    return !bitbucketUrlPatterns.isEmpty()
-        && bitbucketUrlPatterns.stream().anyMatch(pattern -> pattern.matcher(url).matches());
+    if (!bitbucketUrlPatterns.isEmpty()) {
+      return bitbucketUrlPatterns.stream().anyMatch(pattern -> pattern.matcher(url).matches());
+    } else {
+      // If Bitbucket server URL is not configured try to find it in a manually added user namespace
+      // token.
+      String serverUrl =
+          url.substring(0, url.indexOf("/scm") > 0 ? url.indexOf("/scm") : url.length());
+      if (Pattern.compile(format(bitbucketUrlPatternTemplate, serverUrl)).matcher(url).matches()) {
+        try {
+          Optional<PersonalAccessToken> token =
+              personalAccessTokenManager.get(
+                  EnvironmentContext.getCurrent().getSubject(), serverUrl, false);
+          return token.isPresent() && token.get().getScmTokenName().equals("bitbucket-server");
+        } catch (ScmConfigurationPersistenceException
+            | ScmUnauthorizedException
+            | ScmCommunicationException exception) {
+          return false;
+        }
+      }
+      return false;
+    }
   }
 
   /**
@@ -64,8 +93,25 @@ public boolean isValid(@NotNull String url) {
    * BitbucketUrl objects.
    */
   public BitbucketUrl parse(String url) {
-
     if (bitbucketUrlPatterns.isEmpty()) {
+      String trimmedUrl = url.substring(0, url.indexOf("/scm"));
+      try {
+        Optional<PersonalAccessToken> token =
+            personalAccessTokenManager.get(
+                EnvironmentContext.getCurrent().getSubject(), trimmedUrl);
+        if (token.isPresent()) {
+          Pattern pattern =
+              Pattern.compile(format(bitbucketUrlPatternTemplate, token.get().getScmProviderUrl()));
+          Matcher matcher = pattern.matcher(url);
+          if (matcher.matches()) {
+            return parse(matcher);
+          }
+        }
+      } catch (ScmConfigurationPersistenceException
+          | ScmUnauthorizedException
+          | ScmCommunicationException exception) {
+        throw new UnsupportedOperationException("Token is not valid");
+      }
       throw new UnsupportedOperationException(
           "The Bitbucket integration is not configured properly and cannot be used at this moment."
               + "Please refer to docs to check the Bitbucket integration instructions");
@@ -82,6 +128,10 @@ public BitbucketUrl parse(String url) {
                         format(
                             "The given url %s is not a valid Bitbucket server URL. Check either URL or server configuration.",
                             url)));
+    return parse(matcher);
+  }
+
+  private BitbucketUrl parse(Matcher matcher) {
     String host = matcher.group("host");
     String project = matcher.group("project");
     String repoName = matcher.group("repo");

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -17,6 +17,7 @@
 import org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException;
 import org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException;
 import org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException;
+import org.eclipse.che.commons.annotation.Nullable;
 import org.eclipse.che.commons.subject.Subject;
 
 /** Bitbucket Server API client. */
@@ -36,13 +37,14 @@ BitbucketUser getUser(Subject cheUser)
       throws ScmUnauthorizedException, ScmCommunicationException, ScmItemNotFoundException;
 
   /**
-   * @param slug
+   * @param slug scm username.
+   * @param token token to override. Pass {@code null} to use token from the authentication flow.
    * @return - Retrieve the {@link BitbucketUser} matching the supplied userSlug.
    * @throws ScmItemNotFoundException
    * @throws ScmUnauthorizedException
    * @throws ScmCommunicationException
    */
-  BitbucketUser getUser(String slug)
+  BitbucketUser getUser(String slug, @Nullable String token)
       throws ScmItemNotFoundException, ScmUnauthorizedException, ScmCommunicationException;
 
   /**

@@ -46,6 +46,7 @@
 import org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException;
 import org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException;
 import org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException;
+import org.eclipse.che.commons.annotation.Nullable;
 import org.eclipse.che.commons.env.EnvironmentContext;
 import org.eclipse.che.commons.lang.concurrent.LoggingUncaughtExceptionHandler;
 import org.eclipse.che.commons.subject.Subject;
@@ -128,12 +129,16 @@ public BitbucketUser getUser(Subject cheUser)
   }
 
   @Override
-  public BitbucketUser getUser(String slug)
+  public BitbucketUser getUser(String slug, @Nullable String token)
       throws ScmItemNotFoundException, ScmUnauthorizedException, ScmCommunicationException {
     URI uri = serverUri.resolve("/rest/api/1.0/users/" + slug);
     HttpRequest request =
         HttpRequest.newBuilder(uri)
-            .headers("Authorization", computeAuthorizationHeader("GET", uri.toString()))
+            .headers(
+                "Authorization",
+                token != null
+                    ? "Bearer " + token
+                    : computeAuthorizationHeader("GET", uri.toString()))
             .timeout(DEFAULT_HTTP_TIMEOUT)
             .build();
 
@@ -308,7 +313,7 @@ private Optional<BitbucketUser> findCurrentUser(Set<String> userSlugs)
       throws ScmCommunicationException, ScmUnauthorizedException, ScmItemNotFoundException {
 
     for (String userSlug : userSlugs) {
-      BitbucketUser user = getUser(userSlug);
+      BitbucketUser user = getUser(userSlug, null);
       try {
         getPersonalAccessTokens(userSlug);
         return Optional.of(user);

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -17,6 +17,7 @@
 import org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException;
 import org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException;
 import org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException;
+import org.eclipse.che.commons.annotation.Nullable;
 import org.eclipse.che.commons.subject.Subject;
 
 /**
@@ -37,7 +38,7 @@ public BitbucketUser getUser(Subject cheUser)
   }
 
   @Override
-  public BitbucketUser getUser(String slug)
+  public BitbucketUser getUser(String slug, @Nullable String token)
       throws ScmItemNotFoundException, ScmUnauthorizedException, ScmCommunicationException {
     throw new RuntimeException(
         "The fallback noop api client cannot be used for real operation. Make sure Bitbucket OAuth1 is properly configured.");

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -19,6 +19,7 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyMap;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static org.testng.Assert.assertEquals;
@@ -68,7 +69,10 @@ public class BitbucketServerAuthorizingFactoryParametersResolverTest {
   @BeforeMethod
   protected void init() {
     bitbucketURLParser =
-        new BitbucketURLParser("http://bitbucket.2mcl.com", devfileFilenamesProvider);
+        new BitbucketURLParser(
+            "http://bitbucket.2mcl.com",
+            devfileFilenamesProvider,
+            mock(PersonalAccessTokenManager.class));
     assertNotNull(this.bitbucketURLParser);
     bitbucketServerFactoryParametersResolver =
         new BitbucketServerAuthorizingFactoryParametersResolver(

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -14,6 +14,7 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 import static org.testng.Assert.*;
 
@@ -47,7 +48,9 @@ public class BitbucketServerScmFileResolverTest {
 
   @BeforeMethod
   protected void init() {
-    bitbucketURLParser = new BitbucketURLParser(SCM_URL, devfileFilenamesProvider);
+    bitbucketURLParser =
+        new BitbucketURLParser(
+            SCM_URL, devfileFilenamesProvider, mock(PersonalAccessTokenManager.class));
     assertNotNull(this.bitbucketURLParser);
     serverScmFileResolver =
         new BitbucketServerScmFileResolver(

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -11,9 +11,11 @@
  */
 package org.eclipse.che.api.factory.server.bitbucket;
 
+import static org.mockito.Mockito.mock;
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertTrue;
 
+import org.eclipse.che.api.factory.server.scm.PersonalAccessTokenManager;
 import org.eclipse.che.api.factory.server.urlfactory.DevfileFilenamesProvider;
 import org.mockito.Mock;
 import org.mockito.testng.MockitoTestNGListener;
@@ -34,7 +36,9 @@ public class BitbucketURLParserTest {
   public void setUp() {
     bitbucketURLParser =
         new BitbucketURLParser(
-            "https://bitbucket.2mcl.com,https://bbkt.com", devfileFilenamesProvider);
+            "https://bitbucket.2mcl.com,https://bbkt.com",
+            devfileFilenamesProvider,
+            mock(PersonalAccessTokenManager.class));
   }
 
   /** Check URLs are valid with regexp */

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -95,7 +95,7 @@ public void testGetUser()
                     .withHeader("Content-Type", "application/json; charset=utf-8")
                     .withBodyFile("bitbucket/rest/api/1.0/users/ksmster/response.json")));
 
-    BitbucketUser user = bitbucketServer.getUser("ksmster");
+    BitbucketUser user = bitbucketServer.getUser("ksmster", null);
     assertNotNull(user);
   }