feat(auth): migrate Bitbucket auth provider to module package

Migrate the Bitbucket auth provider to the new `@backstage/plugin-auth-backend-module-bitbucket-provider` module package. Relates-to: #19476 Signed-off-by: Patrick Jungermann <Patrick.Jungermann@gmail.com>
backstage · Apr 16, 2024 · 99f7ffc · 99f7ffc
1 parent 9ee3f68
commit 99f7ffc
Show file tree

Hide file tree

Showing 21 changed files with 521 additions and 376 deletions.
diff --git a/.changeset/modern-hounds-give.md b/.changeset/modern-hounds-give.md
@@ -0,0 +1,6 @@
+---
+'@backstage/plugin-auth-backend-module-bitbucket-provider': minor
+'@backstage/plugin-auth-backend': minor
+---
+
+Migrate the Bitbucket auth provider to the new `@backstage/plugin-auth-backend-module-bitbucket-provider` module package.
diff --git a/plugins/auth-backend-module-bitbucket-provider/.eslintrc.js b/plugins/auth-backend-module-bitbucket-provider/.eslintrc.js
@@ -0,0 +1 @@
+module.exports = require('@backstage/cli/config/eslint-factory')(__dirname);
diff --git a/plugins/auth-backend-module-bitbucket-provider/README.md b/plugins/auth-backend-module-bitbucket-provider/README.md
@@ -0,0 +1,8 @@
+# Auth Module: Bitbucket Provider
+
+This module provides an Bitbucket.org auth provider implementation for `@backstage/plugin-auth-backend`.
+
+## Links
+
+- [Repository](https://github.com/backstage/backstage/tree/master/plugins/auth-backend-module-bitbucket-provider)
+- [Backstage Project Homepage](https://backstage.io)
diff --git a/plugins/auth-backend-module-bitbucket-provider/api-report.md b/plugins/auth-backend-module-bitbucket-provider/api-report.md
@@ -0,0 +1,34 @@
+## API Report File for "@backstage/plugin-auth-backend-module-bitbucket-provider"
+
+> Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/).
+
+```ts
+import { BackendFeature } from '@backstage/backend-plugin-api';
+import { OAuthAuthenticator } from '@backstage/plugin-auth-node';
+import { OAuthAuthenticatorResult } from '@backstage/plugin-auth-node';
+import { PassportOAuthAuthenticatorHelper } from '@backstage/plugin-auth-node';
+import { PassportProfile } from '@backstage/plugin-auth-node';
+import { SignInResolverFactory } from '@backstage/plugin-auth-node';
+
+// @public (undocumented)
+const authModuleBitbucketProvider: () => BackendFeature;
+export default authModuleBitbucketProvider;
+
+// @public (undocumented)
+export const bitbucketAuthenticator: OAuthAuthenticator<
+  PassportOAuthAuthenticatorHelper,
+  PassportProfile
+>;
+
+// @public
+export namespace bitbucketSignInResolvers {
+  const userIdMatchingUserEntityAnnotation: SignInResolverFactory<
+    OAuthAuthenticatorResult<PassportProfile>,
+    unknown
+  >;
+  const usernameMatchingUserEntityAnnotation: SignInResolverFactory<
+    OAuthAuthenticatorResult<PassportProfile>,
+    unknown
+  >;
+}
+```
diff --git a/plugins/auth-backend-module-bitbucket-provider/catalog-info.yaml b/plugins/auth-backend-module-bitbucket-provider/catalog-info.yaml
@@ -0,0 +1,10 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: backstage-plugin-auth-backend-module-bitbucket-provider
+  title: '@backstage/plugin-auth-backend-module-bitbucket-provider'
+  description: The bitbucket-provider backend module for the auth plugin.
+spec:
+  lifecycle: experimental
+  type: backstage-backend-plugin-module
+  owner: maintainers
diff --git a/plugins/auth-backend-module-bitbucket-provider/config.d.ts b/plugins/auth-backend-module-bitbucket-provider/config.d.ts
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2024 The Backstage Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export interface Config {
+  auth?: {
+    providers?: {
+      /** @visibility frontend */
+      bitbucket?: {
+        [authEnv: string]: {
+          clientId: string;
+          /**
+           * @visibility secret
+           */
+          clientSecret: string;
+        };
+      };
+    };
+  };
+}
diff --git a/plugins/auth-backend-module-bitbucket-provider/dev/index.ts b/plugins/auth-backend-module-bitbucket-provider/dev/index.ts
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2024 The Backstage Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { createBackend } from '@backstage/backend-defaults';
+
+const backend = createBackend();
+
+backend.add(import('@backstage/plugin-auth-backend'));
+backend.add(import('../src'));
+
+backend.start();
diff --git a/plugins/auth-backend-module-bitbucket-provider/package.json b/plugins/auth-backend-module-bitbucket-provider/package.json
@@ -0,0 +1,49 @@
+{
+  "name": "@backstage/plugin-auth-backend-module-bitbucket-provider",
+  "version": "0.0.0",
+  "description": "The bitbucket-provider backend module for the auth plugin.",
+  "backstage": {
+    "role": "backend-plugin-module"
+  },
+  "publishConfig": {
+    "access": "public",
+    "main": "dist/index.cjs.js",
+    "types": "dist/index.d.ts"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/backstage/backstage",
+    "directory": "plugins/auth-backend-module-bitbucket-provider"
+  },
+  "license": "Apache-2.0",
+  "main": "src/index.ts",
+  "types": "src/index.ts",
+  "files": [
+    "dist",
+    "config.d.ts"
+  ],
+  "scripts": {
+    "build": "backstage-cli package build",
+    "clean": "backstage-cli package clean",
+    "lint": "backstage-cli package lint",
+    "prepack": "backstage-cli package prepack",
+    "postpack": "backstage-cli package postpack",
+    "start": "backstage-cli package start",
+    "test": "backstage-cli package test"
+  },
+  "dependencies": {
+    "@backstage/backend-plugin-api": "workspace:^",
+    "@backstage/plugin-auth-node": "workspace:^",
+    "express": "^4.18.2",
+    "passport": "^0.7.0",
+    "passport-bitbucket-oauth2": "^0.1.2"
+  },
+  "devDependencies": {
+    "@backstage/backend-defaults": "workspace:^",
+    "@backstage/backend-test-utils": "workspace:^",
+    "@backstage/cli": "workspace:^",
+    "@backstage/plugin-auth-backend": "workspace:^",
+    "supertest": "^6.3.3"
+  },
+  "configSchema": "config.d.ts"
+}
diff --git a/plugins/auth-backend-module-bitbucket-provider/src/authenticator.ts b/plugins/auth-backend-module-bitbucket-provider/src/authenticator.ts
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2024 The Backstage Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { Strategy as BitbucketStrategy } from 'passport-bitbucket-oauth2';
+import {
+  createOAuthAuthenticator,
+  PassportOAuthAuthenticatorHelper,
+  PassportOAuthDoneCallback,
+  PassportProfile,
+} from '@backstage/plugin-auth-node';
+
+/** @public */
+export const bitbucketAuthenticator = createOAuthAuthenticator({
+  defaultProfileTransform:
+    PassportOAuthAuthenticatorHelper.defaultProfileTransform,
+  initialize({ callbackUrl, config }) {
+    const clientID = config.getString('clientId');
+    const clientSecret = config.getString('clientSecret');
+    const baseURL = 'https://bitbucket.org/site/oauth2';
+
+    return PassportOAuthAuthenticatorHelper.from(
+      new BitbucketStrategy(
+        {
+          clientID,
+          clientSecret,
+          callbackURL: callbackUrl,
+          passReqToCallback: false,
+          baseURL,
+          authorizationURL: `${baseURL}/authorize`,
+          tokenURL: `${baseURL}/access_token`,
+        },
+        (
+          accessToken: string,
+          refreshToken: string,
+          params: any,
+          fullProfile: PassportProfile,
+          done: PassportOAuthDoneCallback,
+        ) => {
+          done(
+            undefined,
+            { fullProfile, params, accessToken },
+            { refreshToken },
+          );
+        },
+      ),
+    );
+  },
+
+  async start(input, helper) {
+    return helper.start(input, {
+      accessType: 'offline',
+      prompt: 'consent',
+    });
+  },
+
+  async authenticate(input, helper) {
+    return helper.authenticate(input);
+  },
+
+  async refresh(input, helper) {
+    return helper.refresh(input);
+  },
+});
diff --git a/plugins/auth-backend-module-bitbucket-provider/src/index.ts b/plugins/auth-backend-module-bitbucket-provider/src/index.ts
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2024 The Backstage Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * The bitbucket-provider backend module for the auth plugin.
+ *
+ * @packageDocumentation
+ */
+
+export { bitbucketAuthenticator } from './authenticator';
+export { authModuleBitbucketProvider as default } from './module';
+export { bitbucketSignInResolvers } from './resolvers';
diff --git a/plugins/auth-backend-module-bitbucket-provider/src/module.test.ts b/plugins/auth-backend-module-bitbucket-provider/src/module.test.ts
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2024 The Backstage Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { mockServices, startTestBackend } from '@backstage/backend-test-utils';
+import { authModuleBitbucketProvider } from './module';
+import request from 'supertest';
+import { decodeOAuthState } from '@backstage/plugin-auth-node';
+
+describe('authModuleBitbucketProvider', () => {
+  it('should start', async () => {
+    const { server } = await startTestBackend({
+      features: [
+        import('@backstage/plugin-auth-backend'),
+        authModuleBitbucketProvider,
+        mockServices.rootConfig.factory({
+          data: {
+            app: {
+              baseUrl: 'http://localhost:3000',
+            },
+            auth: {
+              providers: {
+                bitbucket: {
+                  development: {
+                    clientId: 'my-client-id',
+                    clientSecret: 'my-client-secret',
+                  },
+                },
+              },
+            },
+          },
+        }),
+      ],
+    });
+
+    const agent = request.agent(server);
+
+    const res = await agent.get('/api/auth/bitbucket/start?env=development');
+
+    expect(res.status).toEqual(302);
+
+    const nonceCookie = agent.jar.getCookie('bitbucket-nonce', {
+      domain: 'localhost',
+      path: '/api/auth/bitbucket/handler',
+      script: false,
+      secure: false,
+    });
+    expect(nonceCookie).toBeDefined();
+
+    const startUrl = new URL(res.get('location'));
+    expect(startUrl.origin).toBe('https://bitbucket.org');
+    expect(startUrl.pathname).toBe('/site/oauth2/authorize');
+    expect(Object.fromEntries(startUrl.searchParams)).toEqual({
+      response_type: 'code',
+      client_id: 'my-client-id',
+      redirect_uri: `http://localhost:${server.port()}/api/auth/bitbucket/handler/frame`,
+      state: expect.any(String),
+    });
+
+    expect(decodeOAuthState(startUrl.searchParams.get('state')!)).toEqual({
+      env: 'development',
+      nonce: decodeURIComponent(nonceCookie.value),
+    });
+  });
+});