-
Notifications
You must be signed in to change notification settings - Fork 5.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(auth): migrate Bitbucket auth provider to module package
Migrate the Bitbucket auth provider to the new `@backstage/plugin-auth-backend-module-bitbucket-provider` module package. Relates-to: #19476 Signed-off-by: Patrick Jungermann <Patrick.Jungermann@gmail.com>
- Loading branch information
1 parent
9ee3f68
commit 99f7ffc
Showing
21 changed files
with
521 additions
and
376 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
--- | ||
'@backstage/plugin-auth-backend-module-bitbucket-provider': minor | ||
'@backstage/plugin-auth-backend': minor | ||
--- | ||
|
||
Migrate the Bitbucket auth provider to the new `@backstage/plugin-auth-backend-module-bitbucket-provider` module package. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
module.exports = require('@backstage/cli/config/eslint-factory')(__dirname); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# Auth Module: Bitbucket Provider | ||
|
||
This module provides an Bitbucket.org auth provider implementation for `@backstage/plugin-auth-backend`. | ||
|
||
## Links | ||
|
||
- [Repository](https://github.com/backstage/backstage/tree/master/plugins/auth-backend-module-bitbucket-provider) | ||
- [Backstage Project Homepage](https://backstage.io) |
34 changes: 34 additions & 0 deletions
34
plugins/auth-backend-module-bitbucket-provider/api-report.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
## API Report File for "@backstage/plugin-auth-backend-module-bitbucket-provider" | ||
|
||
> Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/). | ||
```ts | ||
import { BackendFeature } from '@backstage/backend-plugin-api'; | ||
import { OAuthAuthenticator } from '@backstage/plugin-auth-node'; | ||
import { OAuthAuthenticatorResult } from '@backstage/plugin-auth-node'; | ||
import { PassportOAuthAuthenticatorHelper } from '@backstage/plugin-auth-node'; | ||
import { PassportProfile } from '@backstage/plugin-auth-node'; | ||
import { SignInResolverFactory } from '@backstage/plugin-auth-node'; | ||
|
||
// @public (undocumented) | ||
const authModuleBitbucketProvider: () => BackendFeature; | ||
export default authModuleBitbucketProvider; | ||
|
||
// @public (undocumented) | ||
export const bitbucketAuthenticator: OAuthAuthenticator< | ||
PassportOAuthAuthenticatorHelper, | ||
PassportProfile | ||
>; | ||
|
||
// @public | ||
export namespace bitbucketSignInResolvers { | ||
const userIdMatchingUserEntityAnnotation: SignInResolverFactory< | ||
OAuthAuthenticatorResult<PassportProfile>, | ||
unknown | ||
>; | ||
const usernameMatchingUserEntityAnnotation: SignInResolverFactory< | ||
OAuthAuthenticatorResult<PassportProfile>, | ||
unknown | ||
>; | ||
} | ||
``` |
10 changes: 10 additions & 0 deletions
10
plugins/auth-backend-module-bitbucket-provider/catalog-info.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
apiVersion: backstage.io/v1alpha1 | ||
kind: Component | ||
metadata: | ||
name: backstage-plugin-auth-backend-module-bitbucket-provider | ||
title: '@backstage/plugin-auth-backend-module-bitbucket-provider' | ||
description: The bitbucket-provider backend module for the auth plugin. | ||
spec: | ||
lifecycle: experimental | ||
type: backstage-backend-plugin-module | ||
owner: maintainers |
32 changes: 32 additions & 0 deletions
32
plugins/auth-backend-module-bitbucket-provider/config.d.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
/* | ||
* Copyright 2024 The Backstage Authors | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
export interface Config { | ||
auth?: { | ||
providers?: { | ||
/** @visibility frontend */ | ||
bitbucket?: { | ||
[authEnv: string]: { | ||
clientId: string; | ||
/** | ||
* @visibility secret | ||
*/ | ||
clientSecret: string; | ||
}; | ||
}; | ||
}; | ||
}; | ||
} |
24 changes: 24 additions & 0 deletions
24
plugins/auth-backend-module-bitbucket-provider/dev/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
/* | ||
* Copyright 2024 The Backstage Authors | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
import { createBackend } from '@backstage/backend-defaults'; | ||
|
||
const backend = createBackend(); | ||
|
||
backend.add(import('@backstage/plugin-auth-backend')); | ||
backend.add(import('../src')); | ||
|
||
backend.start(); |
49 changes: 49 additions & 0 deletions
49
plugins/auth-backend-module-bitbucket-provider/package.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
{ | ||
"name": "@backstage/plugin-auth-backend-module-bitbucket-provider", | ||
"version": "0.0.0", | ||
"description": "The bitbucket-provider backend module for the auth plugin.", | ||
"backstage": { | ||
"role": "backend-plugin-module" | ||
}, | ||
"publishConfig": { | ||
"access": "public", | ||
"main": "dist/index.cjs.js", | ||
"types": "dist/index.d.ts" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "https://github.com/backstage/backstage", | ||
"directory": "plugins/auth-backend-module-bitbucket-provider" | ||
}, | ||
"license": "Apache-2.0", | ||
"main": "src/index.ts", | ||
"types": "src/index.ts", | ||
"files": [ | ||
"dist", | ||
"config.d.ts" | ||
], | ||
"scripts": { | ||
"build": "backstage-cli package build", | ||
"clean": "backstage-cli package clean", | ||
"lint": "backstage-cli package lint", | ||
"prepack": "backstage-cli package prepack", | ||
"postpack": "backstage-cli package postpack", | ||
"start": "backstage-cli package start", | ||
"test": "backstage-cli package test" | ||
}, | ||
"dependencies": { | ||
"@backstage/backend-plugin-api": "workspace:^", | ||
"@backstage/plugin-auth-node": "workspace:^", | ||
"express": "^4.18.2", | ||
"passport": "^0.7.0", | ||
"passport-bitbucket-oauth2": "^0.1.2" | ||
}, | ||
"devDependencies": { | ||
"@backstage/backend-defaults": "workspace:^", | ||
"@backstage/backend-test-utils": "workspace:^", | ||
"@backstage/cli": "workspace:^", | ||
"@backstage/plugin-auth-backend": "workspace:^", | ||
"supertest": "^6.3.3" | ||
}, | ||
"configSchema": "config.d.ts" | ||
} |
76 changes: 76 additions & 0 deletions
76
plugins/auth-backend-module-bitbucket-provider/src/authenticator.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
/* | ||
* Copyright 2024 The Backstage Authors | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
import { Strategy as BitbucketStrategy } from 'passport-bitbucket-oauth2'; | ||
import { | ||
createOAuthAuthenticator, | ||
PassportOAuthAuthenticatorHelper, | ||
PassportOAuthDoneCallback, | ||
PassportProfile, | ||
} from '@backstage/plugin-auth-node'; | ||
|
||
/** @public */ | ||
export const bitbucketAuthenticator = createOAuthAuthenticator({ | ||
defaultProfileTransform: | ||
PassportOAuthAuthenticatorHelper.defaultProfileTransform, | ||
initialize({ callbackUrl, config }) { | ||
const clientID = config.getString('clientId'); | ||
const clientSecret = config.getString('clientSecret'); | ||
const baseURL = 'https://bitbucket.org/site/oauth2'; | ||
|
||
return PassportOAuthAuthenticatorHelper.from( | ||
new BitbucketStrategy( | ||
{ | ||
clientID, | ||
clientSecret, | ||
callbackURL: callbackUrl, | ||
passReqToCallback: false, | ||
baseURL, | ||
authorizationURL: `${baseURL}/authorize`, | ||
tokenURL: `${baseURL}/access_token`, | ||
}, | ||
( | ||
accessToken: string, | ||
refreshToken: string, | ||
params: any, | ||
fullProfile: PassportProfile, | ||
done: PassportOAuthDoneCallback, | ||
) => { | ||
done( | ||
undefined, | ||
{ fullProfile, params, accessToken }, | ||
{ refreshToken }, | ||
); | ||
}, | ||
), | ||
); | ||
}, | ||
|
||
async start(input, helper) { | ||
return helper.start(input, { | ||
accessType: 'offline', | ||
prompt: 'consent', | ||
}); | ||
}, | ||
|
||
async authenticate(input, helper) { | ||
return helper.authenticate(input); | ||
}, | ||
|
||
async refresh(input, helper) { | ||
return helper.refresh(input); | ||
}, | ||
}); |
25 changes: 25 additions & 0 deletions
25
plugins/auth-backend-module-bitbucket-provider/src/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
/* | ||
* Copyright 2024 The Backstage Authors | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
/** | ||
* The bitbucket-provider backend module for the auth plugin. | ||
* | ||
* @packageDocumentation | ||
*/ | ||
|
||
export { bitbucketAuthenticator } from './authenticator'; | ||
export { authModuleBitbucketProvider as default } from './module'; | ||
export { bitbucketSignInResolvers } from './resolvers'; |
77 changes: 77 additions & 0 deletions
77
plugins/auth-backend-module-bitbucket-provider/src/module.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
/* | ||
* Copyright 2024 The Backstage Authors | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
import { mockServices, startTestBackend } from '@backstage/backend-test-utils'; | ||
import { authModuleBitbucketProvider } from './module'; | ||
import request from 'supertest'; | ||
import { decodeOAuthState } from '@backstage/plugin-auth-node'; | ||
|
||
describe('authModuleBitbucketProvider', () => { | ||
it('should start', async () => { | ||
const { server } = await startTestBackend({ | ||
features: [ | ||
import('@backstage/plugin-auth-backend'), | ||
authModuleBitbucketProvider, | ||
mockServices.rootConfig.factory({ | ||
data: { | ||
app: { | ||
baseUrl: 'http://localhost:3000', | ||
}, | ||
auth: { | ||
providers: { | ||
bitbucket: { | ||
development: { | ||
clientId: 'my-client-id', | ||
clientSecret: 'my-client-secret', | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
}), | ||
], | ||
}); | ||
|
||
const agent = request.agent(server); | ||
|
||
const res = await agent.get('/api/auth/bitbucket/start?env=development'); | ||
|
||
expect(res.status).toEqual(302); | ||
|
||
const nonceCookie = agent.jar.getCookie('bitbucket-nonce', { | ||
domain: 'localhost', | ||
path: '/api/auth/bitbucket/handler', | ||
script: false, | ||
secure: false, | ||
}); | ||
expect(nonceCookie).toBeDefined(); | ||
|
||
const startUrl = new URL(res.get('location')); | ||
expect(startUrl.origin).toBe('https://bitbucket.org'); | ||
expect(startUrl.pathname).toBe('/site/oauth2/authorize'); | ||
expect(Object.fromEntries(startUrl.searchParams)).toEqual({ | ||
response_type: 'code', | ||
client_id: 'my-client-id', | ||
redirect_uri: `http://localhost:${server.port()}/api/auth/bitbucket/handler/frame`, | ||
state: expect.any(String), | ||
}); | ||
|
||
expect(decodeOAuthState(startUrl.searchParams.get('state')!)).toEqual({ | ||
env: 'development', | ||
nonce: decodeURIComponent(nonceCookie.value), | ||
}); | ||
}); | ||
}); |
Oops, something went wrong.