Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improving flow when user denies Bitbucket access to Che #19620

Merged
merged 6 commits into from
Apr 28, 2021
Merged

Improving flow when user denies Bitbucket access to Che #19620

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
049c322
redirecting to dashboard after denying authorization
xbaran4 Apr 19, 2021
0480cc9
formatting
xbaran4 Apr 19, 2021
9b8ab9a
added error query parameters
xbaran4 Apr 22, 2021
cc7882f
Merge branch 'master' of https://github.com/eclipse/che into bitbucke…
xbaran4 Apr 22, 2021
d54cf24
Merge branch 'master' of https://github.com/eclipse/che into bitbucke…
xbaran4 Apr 26, 2021
f451d99
implemented requested changes
xbaran4 Apr 26, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ...-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticationException.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
* @author Kevin Pollet
* @author Igor Vinokur
*/
public final class OAuthAuthenticationException extends ServerException {
public class OAuthAuthenticationException extends ServerException {

/**
* Constructs an instance of {@link OAuthAuthenticationException}.
Expand Down
8 changes: 3 additions & 5 deletions ...re-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticationService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,12 +79,10 @@ public Response callback() throws OAuthAuthenticationException, BadRequestExcept

try {
getAuthenticator(providerName).callback(requestUrl);
} catch (UserDeniedOAuthAuthenticationException e) {
redirectUriBuilder.queryParam(ERROR_QUERY_NAME, "access_denied");
skabashnyuk marked this conversation as resolved.
Show resolved Hide resolved
} catch (OAuthAuthenticationException e) {
if (e.getMessage().equalsIgnoreCase("Authorization denied")) {
redirectUriBuilder.queryParam(ERROR_QUERY_NAME, "access_denied");
} else {
redirectUriBuilder.queryParam(ERROR_QUERY_NAME, "invalid_request");
}
redirectUriBuilder.queryParam(ERROR_QUERY_NAME, "invalid_request");
}
return Response.temporaryRedirect(redirectUriBuilder.build()).build();
}
Expand Down
16 changes: 8 additions & 8 deletions ...r/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.util.Base64;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.security.GeneralSecurityException;
Expand Down Expand Up @@ -189,6 +188,11 @@ String callback(final URL requestUrl) throws OAuthAuthenticationException {
getAccessToken.consumerKey = clientId;
getAccessToken.temporaryToken = oauthTemporaryToken;
getAccessToken.verifier = (String) callbackUrl.getFirst(OAUTH_VERIFIER_PARAM_KEY);

if ("denied".equals(getAccessToken.verifier)) {
throw new UserDeniedOAuthAuthenticationException("Authorization denied");
}

getAccessToken.transport = httpTransport;
if (signatureMethod != null && "rsa".equalsIgnoreCase(signatureMethod)) {
getAccessToken.signer = getOAuthRsaSigner();
Expand All @@ -197,13 +201,7 @@ String callback(final URL requestUrl) throws OAuthAuthenticationException {
getOAuthHmacSigner(clientSecret, sharedTokenSecrets.remove(oauthTemporaryToken));
}

final OAuthCredentialsResponse credentials;
try {
credentials = getAccessToken.execute();
} catch (IOException e) {
throw new OAuthAuthenticationException("Authorization denied");
}

final OAuthCredentialsResponse credentials = getAccessToken.execute();
String userId = getParameterFromState(state, USER_ID_PARAM_KEY);

credentialsStoreLock.lock();
Expand All @@ -223,6 +221,8 @@ String callback(final URL requestUrl) throws OAuthAuthenticationException {

return userId;

} catch (OAuthAuthenticationException e) {
throw e;
} catch (Exception e) {
throw new OAuthAuthenticationException(e.getMessage());
}
Expand Down
23 changes: 23 additions & 0 deletions ...src/main/java/org/eclipse/che/security/oauth1/UserDeniedOAuthAuthenticationException.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/*
* Copyright (c) 2012-2018 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*
* Contributors:
* Red Hat, Inc. - initial API and implementation
*/
package org.eclipse.che.security.oauth1;

/** Exception used when a user denies access on the OAuth authorization page. */
public final class UserDeniedOAuthAuthenticationException extends OAuthAuthenticationException {
public UserDeniedOAuthAuthenticationException(String message) {
super(message);
}

public UserDeniedOAuthAuthenticationException(Throwable cause) {
super(cause);
}
}