-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set Github token through workspace master Rest API. Added a force act… #4438
Set Github token through workspace master Rest API. Added a force act… #4438
Conversation
…ivation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
|
||
@POST | ||
@Path("token") | ||
@Produces(MediaType.APPLICATION_JSON) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will remove produces
We should add this to git documentation https://github.com/eclipse/che-docs/blob/master/src/main/_docs/use-che-as-an-ide/ide-git-svn.md . |
Build success. https://ci.codenvycorp.com/job/che-pullrequests-build/2184/ |
…rce activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't like the idea to change existed OAuthAuthenticationService.java it's potential security hole. Can you do
OpenshiftOAuthTokenSetterService with single method POST and OpenshiftOAuthTokenProvider that connected to OpenshiftOAuthTokenSetterService ?
Build success. https://ci.codenvycorp.com/job/che-pullrequests-build/2186/ |
GET token is a potential security hole, POST isn't. It is not secured to get its token stolen, but setting a token ... I don't see how it can be a security hole |
I don't see it either (now). But my butt told be that this is too risky to have it on non-openshift specific environment. And I would like to do that by moving such code in openshift specific REST service and custom OAuthTokenProvider. |
@skabashnyuk sorry I don't get why you think this is risky. Please provide good reasons not to approve it. This is a very generic use case that may be used not only by openshift: a third party application that want to integrate Che and not recreate another clientid/secret to perform another oauth flow. We could even add a UI and let the user set his personal token created in Github. |
@skabashnyuk I don't see why this should be related to OpenShift |
The reason is that the method you want to add is not a part of general OAuth flow and is made only for some specific rare use case. |
BTW how are you going to protect the system from attack of such kind |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with Sergii that this functionality is not part of OAuth flow, so it should not be integrated into OAuth service.
Here is my view on why it doesn't fit:
Our app uses tokens to access Github API.
OAuth specifies how to retrieve these tokens.
Setting token from personal application tokens list/from file/from another source is not part of OAuth flow.
This looks like part of single sign on process, which is not part of OAuth.
So generally I'm +1 in addition possibility to provide API token in a way that is not supposed by OAuth flow. But it should be done separately from our OAuth service.
@@ -45,6 +45,7 @@ che.oauth.github.clientsecret=oauth.github.clientsecret | |||
che.oauth.github.authuri=oauth.github.authuri | |||
che.oauth.github.tokenuri=oauth.github.tokenuri | |||
che.oauth.github.redirecturis=oauth.github.redirecturis | |||
che.oauth.github.forceactivation=oauth.github.forceactivation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BTW aliases file is for renaming of properties. So you should not modify it when you add new property.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, will remove it in a fixup
I'm going to create a new PR to master and make few fixup ( the one from @garagatyi , + use createAndStoreCredential method) so we can discuss about that for a merge to master. I'm going to merge that in our branch for the time being as we need this About the flow. If it's not in the flow, then we should ask Google not make I guess if you loop curl post ... it will store in a map in the same entry so no OOM |
…rce activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
#4444 for a merge to master, I'm merging this one to openshift-connector |
Build success. https://ci.codenvycorp.com/job/che-pullrequests-build/2192/ |
…rce act… (#4438) Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
#4438) Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
…rce act… (#4438) Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
@JamesDrummond this will not be part of 5.6.0 |
@sunix I have a lot of pr's to go through so I can check to the hour which ones are part of current release. The ones that are merged same day of release I try to get right but again there are many to go through. Be sure to put a milestone label, anytime you merge, to the next release milestone which in this case 5.7.0 . |
eclipse-che#4438) Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
eclipse-che#4438) Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
#4438) Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
#4438) Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
#4438) Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
#4438) Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
#4438) Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
#4438) Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
#4438) Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
#4438) Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
#4438) Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret Signed-off-by: Sun Seng David Tan <sutan@redhat.com>
Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret
Signed-off-by: Sun Seng David Tan sutan@redhat.com
What does this PR do?
che.oauth.github.forceactivation
to force registration of Github Oauth provider, even without client id/secret (actually setNULL
string for these value)What issues does this PR fix or reference?
https://issues.jboss.org/browse/CHE-151
Changelog
Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret
Release Notes
Set Github token through workspace master Rest API. Added a force activation property variable to register Github Oauth provider even without client id/secret
Docs PR