Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not pass oauth2 as a username to Git credentials for Bitbucket #662

Merged
merged 2 commits into from Mar 7, 2024
Merged

Do not pass oauth2 as a username to Git credentials for Bitbucket #662

merged 2 commits into from Mar 7, 2024

Conversation

vinokurig
Copy link
Contributor

@vinokurig vinokurig commented Mar 6, 2024
edited

What does this PR do?

Set bitbucket-***** as a token name annotation for bitbucket token secret. This is needed to pass username instead of oauth2 for bitbucket credentials:

che-server/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java

Lines 169 to 184 in 7dc7a61

/**
* Returns username URL segment for git credentials. For OAuth2 tokens it is "oauth2", for others
* - {@param personalAccessToken#getScmUserName()} or just "username" string if the token has a
* non-null {@param personalAccessToken#getScmOrganization()}. This is needed to support providers
* that do not have username in their user object. Such providers have an additional organization
* field.
*/
private String getUsernameSegment(PersonalAccessToken personalAccessToken) {
// Special characters are not allowed in URL username segment, so we need to escape them.
PercentEscaper percentEscaper = new PercentEscaper("", false);
return personalAccessToken.getScmTokenName().startsWith(OAUTH_2_PREFIX)
? "oauth2"
: isNullOrEmpty(personalAccessToken.getScmOrganization())
? percentEscaper.escape(personalAccessToken.getScmUserName())
: "username";
}

This fixes the bug when a private bitbucket.org project is not cloned.

Screenshot/screencast of this PR

What issues does this PR fix or reference?

https://issues.redhat.com/browse/CRW-5952

How to test this PR?

  1. Deploy che with the PR image: `quay.io/eclipse/che-server:pr-662
  2. Setup bitbucket.org oauth
  3. Start a workspace from a private bitbucket.org repository.
    See: the workspace starts successfully.

PR Checklist

As the author of this Pull Request I made sure that:

Reviewers

Reviewers, please comment how you tested the PR when approving it.

ibuziuk
ibuziuk reviewed Mar 6, 2024
View reviewed changes
wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java Outdated
Comment on lines 114 to 116
NameGenerator.generate(
// Do not pass oauth2 as a username to Git credentials for Bitbucket
"bitbucket".equals(providerName) ? providerName + "-" : OAUTH_2_PREFIX, 5),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please, extract the logic to the separate method with a proper javadoc

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinokurig is the providee name the same for on-prem Bitbucket server and SaaS ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, it is the same. We have bitbucket-server implementation but it handles oauth1 only and does not use this logic. OAuth2 flow from both bitbucket and bitbucket server is handled by the bitbucket implementation.

@openshift-ci openshift-ci bot added the lgtm label Mar 6, 2024
@artaleks9
Copy link
Contributor

/retest

1 similar comment
@artaleks9
Copy link
Contributor

/retest

@artaleks9
Copy link
Contributor

Verified on Eclipse Che with quay.io/eclipse/che-server:pr-662 - the functionality works as expected.

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Mar 7, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: artaleks9, ibuziuk, vinokurig

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@vinokurig vinokurig merged commit 6cdf6f6 into main Mar 7, 2024
28 checks passed
@vinokurig vinokurig deleted the CRW-5952 branch March 7, 2024 09:08
vinokurig added a commit that referenced this pull request Mar 7, 2024
@vinokurig
Do not pass oauth2 as a username to Git credentials for Bitbucket (#662)
55ba7ff 
Set bitbucket-***** as a token name annotation for bitbucket token secret. This is needed to pass username instead of oauth2 for bitbucket credentials
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ibuziuk ibuziuk ibuziuk approved these changes

@artaleks9 artaleks9 artaleks9 approved these changes

@SDawley SDawley Awaiting requested review from SDawley SDawley is a code owner

@tolusha tolusha Awaiting requested review from tolusha tolusha is a code owner

Assignees

@ibuziuk ibuziuk

@artaleks9 artaleks9

Labels
lgtm
Projects
None yet
Milestone
No milestone
3 participants
@vinokurig @artaleks9 @ibuziuk