Merge pull request #45 from vrushaliwaykole/authorization-v2

Use authorisation extension v2.

Author: bdpiprava

build.gradle

@@ -24,7 +24,7 @@ apply from: 'plugin-helpers.gradle'
 sourceCompatibility = 1.8
 targetCompatibility = 1.8
 
-project.ext.pluginVersion = '2.2.0'
+project.ext.pluginVersion = '3.0.0'
 project.ext.fullVersion = project.git.distVersion() ? "${project.pluginVersion}-${project.git.distVersion()}" : project.pluginVersion
 
 version = project.fullVersion
@@ -34,7 +34,7 @@ project.ext.pluginDesc = [
         id         : 'cd.go.authorization.github',
         repo       : rootProject.name,
         version    : project.fullVersion,
-        goCdVersion: '17.5.0',
+        goCdVersion: '19.2.0',
         name       : 'GitHub OAuth authorization plugin',
         description: 'GitHub OAuth authorization plugin for GoCD',
         vendorName : 'GoCD Contributors',
@@ -59,6 +59,7 @@ dependencies {
     testCompile group: 'org.skyscreamer', name: 'jsonassert', version: '1.5.0'
     testCompile group: 'org.jsoup', name: 'jsoup', version: '1.11.3'
     testCompile group: 'com.squareup.okhttp3', name: 'mockwebserver', version: '3.12.0'
+    testCompile group: 'org.jsoup', name: 'jsoup', version: '1.11.3'
 }
 
 sourceSets {

plugin-helpers.gradle

@@ -22,9 +22,9 @@ static String gitRevision() {
 }
 
 static String distVersion() {
-    def process = "git rev-list --count HEAD".execute()
+    def process = "git rev-list HEAD".execute()
     process.waitFor()
-    return process.text.stripIndent().trim()
+    return process.text.stripIndent().trim().split("\n").size()
 }
 
 static def getLastTag(boolean isExperimental) {

src/main/java/cd/go/authorization/github/Constants.java

@@ -25,7 +25,7 @@ public interface Constants {
     String EXTENSION_TYPE = "authorization";
 
     // The extension point API version that this plugin understands
-    String API_VERSION = "1.0";
+    String API_VERSION = "2.0";
 
     // the identifier of this plugin
     GoPluginIdentifier PLUGIN_IDENTIFIER = new GoPluginIdentifier(EXTENSION_TYPE, Collections.singletonList(API_VERSION));

src/main/java/cd/go/authorization/github/GitHubAuthenticator.java

@@ -45,7 +45,7 @@ public LoggedInUserInfo authenticate(TokenInfo tokenInfo, AuthConfig authConfig)
         final List<String> allowedOrganizations = authConfig.gitHubConfiguration().organizationsAllowed();
         final LoggedInUserInfo loggedInUserInfo = new LoggedInUserInfo(gitHub);
 
-        if (allowedOrganizations.isEmpty() || membershipChecker.isAMemberOfAtLeastOneOrganization(loggedInUserInfo, authConfig, allowedOrganizations)) {
+        if (allowedOrganizations.isEmpty() || membershipChecker.isAMemberOfAtLeastOneOrganization(loggedInUserInfo.getGitHubUser(), authConfig, allowedOrganizations)) {
             LOG.info(format("[Authenticate] User `{0}` authenticated successfully.", loggedInUserInfo.getUser().username()));
             return loggedInUserInfo;
         }

src/main/java/cd/go/authorization/github/GitHubAuthorizer.java

@@ -17,9 +17,8 @@
 package cd.go.authorization.github;
 
 import cd.go.authorization.github.models.AuthConfig;
-import cd.go.authorization.github.models.LoggedInUserInfo;
 import cd.go.authorization.github.models.Role;
-import cd.go.authorization.github.models.User;
+import org.kohsuke.github.GHUser;
 
 import java.io.IOException;
 import java.util.ArrayList;
@@ -39,37 +38,36 @@ public GitHubAuthorizer(MembershipChecker membershipChecker) {
         this.membershipChecker = membershipChecker;
     }
 
-    public List<String> authorize(LoggedInUserInfo loggedInUserInfo, AuthConfig authConfig, List<Role> roles) throws IOException {
-        final User user = loggedInUserInfo.getUser();
+    public List<String> authorize(GHUser user, AuthConfig authConfig, List<Role> roles) throws IOException {
         final List<String> assignedRoles = new ArrayList<>();
 
         if (roles.isEmpty()) {
             return assignedRoles;
         }
 
-        LOG.debug(format("[Authorize] Authorizing user {0}", user.username()));
+        LOG.debug(format("[Authorize] Authorizing user {0}", user.getLogin()));
 
         for (Role role : roles) {
             final List<String> allowedUsers = role.roleConfiguration().users();
-            if (!allowedUsers.isEmpty() && allowedUsers.contains(user.username().toLowerCase())) {
-                LOG.info(format("[Authorize] Assigning role `{0}` to user `{1}`. As user belongs to allowed users list.", role.name(), user.username()));
+            if (!allowedUsers.isEmpty() && allowedUsers.contains(user.getLogin().toLowerCase())) {
+                LOG.info(format("[Authorize] Assigning role `{0}` to user `{1}`. As user belongs to allowed users list.", role.name(), user.getLogin()));
                 assignedRoles.add(role.name());
                 continue;
             }
 
-            if (membershipChecker.isAMemberOfAtLeastOneOrganization(loggedInUserInfo, authConfig, role.roleConfiguration().organizations())) {
-                LOG.debug(format("[Authorize] Assigning role `{0}` to user `{1}`. As user is a member of at least one organization.", role.name(), user.username()));
+            if (membershipChecker.isAMemberOfAtLeastOneOrganization(user, authConfig, role.roleConfiguration().organizations())) {
+                LOG.debug(format("[Authorize] Assigning role `{0}` to user `{1}`. As user is a member of at least one organization.", role.name(), user.getLogin()));
                 assignedRoles.add(role.name());
                 continue;
             }
 
-            if (membershipChecker.isAMemberOfAtLeastOneTeamOfOrganization(loggedInUserInfo, authConfig, role.roleConfiguration().teams())) {
-                LOG.debug(format("[Authorize] Assigning role `{0}` to user `{1}`. As user is a member of at least one team of the organization.", role.name(), user.username()));
+            if (membershipChecker.isAMemberOfAtLeastOneTeamOfOrganization(user, authConfig, role.roleConfiguration().teams())) {
+                LOG.debug(format("[Authorize] Assigning role `{0}` to user `{1}`. As user is a member of at least one team of the organization.", role.name(), user.getLogin()));
                 assignedRoles.add(role.name());
             }
         }
 
-        LOG.debug(format("[Authorize] User `{0}` is authorized with `{1}` role(s).", user.username(), assignedRoles));
+        LOG.debug(format("[Authorize] User `{0}` is authorized with `{1}` role(s).", user.getLogin(), assignedRoles));
 
         return assignedRoles;
     }

src/main/java/cd/go/authorization/github/GitHubPlugin.java

@@ -42,7 +42,7 @@ public void initializeGoApplicationAccessor(GoApplicationAccessor accessor) {
     }
 
     @Override
-    public GoPluginApiResponse handle(GoPluginApiRequest request) throws UnhandledRequestTypeException {
+    public GoPluginApiResponse handle(GoPluginApiRequest request) {
         try {
             switch (RequestFromServer.fromString(request.requestName())) {
                 case REQUEST_GET_PLUGIN_ICON:
@@ -67,10 +67,14 @@ public GoPluginApiResponse handle(GoPluginApiRequest request) throws UnhandledRe
                     return GetAuthorizationServerUrlRequest.from(request).execute();
                 case REQUEST_ACCESS_TOKEN:
                     return FetchAccessTokenRequest.from(request).execute();
+                case REQUEST_IS_VALID_USER:
+                    return ValidateUserRequest.from(request).execute();
                 case REQUEST_AUTHENTICATE_USER:
                     return UserAuthenticationRequest.from(request).execute();
                 case REQUEST_SEARCH_USERS:
-                    return new SearchUsersRequestExecutor(request).execute();
+                    return SearchUsersRequest.from(request).execute();
+                case REQUEST_GET_USER_ROLES:
+                    return GetRolesRequest.from(request).execute();
                 default:
                     throw new UnhandledRequestTypeException(request.requestName());
             }

src/main/java/cd/go/authorization/github/MembershipChecker.java

@@ -17,77 +17,64 @@
 package cd.go.authorization.github;
 
 import cd.go.authorization.github.models.AuthConfig;
-import cd.go.authorization.github.models.LoggedInUserInfo;
 import org.kohsuke.github.GHOrganization;
 import org.kohsuke.github.GHTeam;
+import org.kohsuke.github.GHUser;
 import org.kohsuke.github.GitHub;
 
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
 
 import static cd.go.authorization.github.GitHubPlugin.LOG;
-import static cd.go.authorization.github.utils.Util.toLowerCase;
 import static java.text.MessageFormat.format;
 
 public class MembershipChecker {
+    private GitHubClientBuilder clientBuilder;
 
-    public boolean isAMemberOfAtLeastOneOrganization(LoggedInUserInfo loggedInUserInfo, AuthConfig authConfig, List<String> organizationsAllowed) throws IOException {
+    public MembershipChecker() {
+        this(new GitHubClientBuilder());
+    }
+
+    MembershipChecker(GitHubClientBuilder clientBuilder) {
+        this.clientBuilder = clientBuilder;
+    }
+
+
+    public boolean isAMemberOfAtLeastOneOrganization(GHUser ghUser, AuthConfig authConfig, List<String> organizationsAllowed) throws IOException {
         if (organizationsAllowed.isEmpty()) {
             LOG.debug("[MembershipChecker] No organizations provided.");
             return false;
         }
 
-        if (authConfig.gitHubConfiguration().authorizeUsingPersonalAccessToken()) {
-            return checkMembershipUsingPersonalAccessToken(loggedInUserInfo, authConfig, organizationsAllowed);
-        }
-
-        return checkMembershipUsingUsersAccessToken(loggedInUserInfo, organizationsAllowed);
+        return checkMembershipUsingPersonalAccessToken(ghUser, authConfig, organizationsAllowed);
     }
 
-    private boolean checkMembershipUsingPersonalAccessToken(LoggedInUserInfo loggedInUserInfo, AuthConfig authConfig, List<String> organizationsAllowed) throws IOException {
-        final GitHub gitHubForPersonalAccessToken = authConfig.gitHubConfiguration().gitHubClient();
+    private boolean checkMembershipUsingPersonalAccessToken(GHUser ghUser, AuthConfig authConfig, List<String> organizationsAllowed) throws IOException {
+        final GitHub gitHubForPersonalAccessToken = clientBuilder.build(null, authConfig.gitHubConfiguration());
 
         for (String organizationName : organizationsAllowed) {
             final GHOrganization organization = gitHubForPersonalAccessToken.getOrganization(organizationName);
-            if (organization != null && organization.hasMember(loggedInUserInfo.getGitHubUser())) {
-                LOG.info(format("[MembershipChecker] User `{0}` is a member of `{1}` organization.", loggedInUserInfo.getUser().username(), organizationName));
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    private boolean checkMembershipUsingUsersAccessToken(LoggedInUserInfo loggedInUserInfo, List<String> organizationsAllowed) throws IOException {
-        final Map<String, GHOrganization> myGitHubOrganizations = loggedInUserInfo.getGitHub().getMyOrganizations();
-
-        for (String organizationName : myGitHubOrganizations.keySet()) {
-            if (organizationsAllowed.contains(toLowerCase(organizationName))) {
-                LOG.info(format("[MembershipChecker] User `{0}` is a member of `{1}` organization.", loggedInUserInfo.getUser().username(), organizationName));
+            if (organization != null && organization.hasMember(ghUser)) {
+                LOG.info(format("[MembershipChecker] User `{0}` is a member of `{1}` organization.", ghUser.getLogin(), organizationName));
                 return true;
             }
         }
 
         return false;
     }
 
-    public boolean isAMemberOfAtLeastOneTeamOfOrganization(LoggedInUserInfo loggedInUserInfo, AuthConfig authConfig, Map<String, List<String>> organizationAndTeamsAllowed) throws IOException {
+    public boolean isAMemberOfAtLeastOneTeamOfOrganization(GHUser ghUser, AuthConfig authConfig, Map<String, List<String>> organizationAndTeamsAllowed) throws IOException {
         if (organizationAndTeamsAllowed.isEmpty()) {
             LOG.debug("[MembershipChecker] No teams provided.");
             return false;
         }
 
-        if (authConfig.gitHubConfiguration().authorizeUsingPersonalAccessToken()) {
-            return checkTeamMembershipUsingPersonalAccessToken(loggedInUserInfo, authConfig, organizationAndTeamsAllowed);
-        }
-
-        return checkTeamMembershipUsingUserAccessToken(loggedInUserInfo, organizationAndTeamsAllowed);
+        return checkTeamMembershipUsingPersonalAccessToken(ghUser, authConfig, organizationAndTeamsAllowed);
     }
 
-    private boolean checkTeamMembershipUsingPersonalAccessToken(LoggedInUserInfo loggedInUserInfo, AuthConfig authConfig, Map<String, List<String>> organizationAndTeamsAllowed) throws IOException {
-        final GitHub gitHubForPersonalAccessToken = authConfig.gitHubConfiguration().gitHubClient();
+    private boolean checkTeamMembershipUsingPersonalAccessToken(GHUser ghUser, AuthConfig authConfig, Map<String, List<String>> organizationAndTeamsAllowed) throws IOException {
+        final GitHub gitHubForPersonalAccessToken = clientBuilder.build(null, authConfig.gitHubConfiguration());
 
         for (String organizationName : organizationAndTeamsAllowed.keySet()) {
             final GHOrganization organization = gitHubForPersonalAccessToken.getOrganization(organizationName);
@@ -97,8 +84,8 @@ private boolean checkTeamMembershipUsingPersonalAccessToken(LoggedInUserInfo log
                 final Map<String, GHTeam> teamsFromGitHub = organization.getTeams();
 
                 for (GHTeam team : teamsFromGitHub.values()) {
-                    if (allowedTeamsFromRole.contains(team.getName().toLowerCase()) && team.hasMember(loggedInUserInfo.getGitHubUser())) {
-                        LOG.info(format("[MembershipChecker] User `{0}` is a member of `{1}` team.", loggedInUserInfo.getUser().username(), team.getName()));
+                    if (allowedTeamsFromRole.contains(team.getName().toLowerCase()) && team.hasMember(ghUser)) {
+                        LOG.info(format("[MembershipChecker] User `{0}` is a member of `{1}` team.", ghUser.getLogin(), team.getName()));
                         return true;
                     }
                 }
@@ -107,26 +94,4 @@ private boolean checkTeamMembershipUsingPersonalAccessToken(LoggedInUserInfo log
 
         return false;
     }
-
-    private boolean checkTeamMembershipUsingUserAccessToken(LoggedInUserInfo loggedInUserInfo, Map<String, List<String>> organizationAndTeamsAllowed) throws IOException {
-        final Map<String, Set<GHTeam>> myGitHubOrganizationsAndTeams = loggedInUserInfo.getGitHub().getMyTeams();
-
-        for (String organizationName : myGitHubOrganizationsAndTeams.keySet()) {
-            final List<String> teamsAllowed = organizationAndTeamsAllowed.get(toLowerCase(organizationName));
-
-            if (teamsAllowed == null || teamsAllowed.isEmpty()) {
-                LOG.debug(format("[MembershipChecker] No teams specified for organization `{0}`.", organizationName));
-                continue;
-            }
-
-            for (GHTeam myGitHubTeam : myGitHubOrganizationsAndTeams.get(organizationName)) {
-                if (teamsAllowed.contains(toLowerCase(myGitHubTeam.getName()))) {
-                    LOG.debug(format("[MembershipChecker] User is a member of `{0}:{1}` team.", organizationName, myGitHubTeam.getName()));
-                    return true;
-                }
-            }
-        }
-
-        return false;
-    }
 }

src/main/java/cd/go/authorization/github/executors/AuthConfigValidateRequestExecutor.java

@@ -34,15 +34,15 @@ public AuthConfigValidateRequestExecutor(AuthConfigValidateRequest request) {
         this.request = request;
     }
 
-    public GoPluginApiResponse execute() throws Exception {
+    public GoPluginApiResponse execute() {
         final GitHubConfiguration gitHubConfiguration = request.githubConfiguration();
         final ValidationResult validationResult = new MetadataValidator().validate(gitHubConfiguration);
 
         if (gitHubConfiguration.authenticateWith() == AuthenticateWith.GITHUB_ENTERPRISE && Util.isBlank(gitHubConfiguration.gitHubEnterpriseUrl())) {
             validationResult.addError("GitHubEnterpriseUrl", "GitHubEnterpriseUrl must not be blank.");
         }
 
-        if (gitHubConfiguration.authorizeUsingPersonalAccessToken() && Util.isBlank(gitHubConfiguration.personalAccessToken())) {
+        if (Util.isBlank(gitHubConfiguration.personalAccessToken())) {
             validationResult.addError("PersonalAccessToken", "PersonalAccessToken must not be blank.");
         }
 

src/main/java/cd/go/authorization/github/executors/GetAuthConfigViewRequestExecutor.java

@@ -26,7 +26,7 @@
 public class GetAuthConfigViewRequestExecutor implements RequestExecutor {
 
     @Override
-    public GoPluginApiResponse execute() throws Exception {
+    public GoPluginApiResponse execute() {
         JsonObject jsonObject = new JsonObject();
         jsonObject.addProperty("template", Util.readResource("/auth-config.template.html"));
         return DefaultGoPluginApiResponse.success(GSON.toJson(jsonObject));

src/main/java/cd/go/authorization/github/executors/GetCapabilitiesRequestExecutor.java

@@ -31,6 +31,6 @@ public GoPluginApiResponse execute() {
     }
 
     Capabilities getCapabilities() {
-        return new Capabilities(SupportedAuthType.Web, true, true);
+        return new Capabilities(SupportedAuthType.Web, true, true, true);
     }
 }