Skip to content
Permalink
Browse files
Probe if Jira credentials are valid before making the actual API call
Reviewed-by: ehelin
  • Loading branch information
rwestberg committed Sep 28, 2020
1 parent ed999e8 commit 54a35f610b0761eaede8b8d0ce714b49f631f4ab
Showing 5 changed files with 39 additions and 20 deletions.
@@ -29,6 +29,7 @@
requires org.openjdk.skara.mailinglist;
requires org.openjdk.skara.network;
requires java.logging;
requires java.net.http;

exports org.openjdk.skara.bots.notify;

@@ -55,7 +55,7 @@ public Notifier create(BotConfiguration botConfiguration, JSONObject notifierCon

if (credential.username().startsWith("https://")) {
var vaultUrl = URIBuilder.base(credential.username()).build();
var jbsVault = new JbsVault(vaultUrl, credential.password());
var jbsVault = new JbsVault(vaultUrl, credential.password(), issueProject.webUrl());
builder.vault(jbsVault);
} else {
throw new RuntimeException("basic authentication not implemented yet");
@@ -22,22 +22,22 @@
*/
package org.openjdk.skara.bots.notify.issue;

import org.openjdk.skara.network.RestRequest;
import org.openjdk.skara.json.JSON;
import org.openjdk.skara.network.*;

import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.time.*;
import java.util.*;
import java.util.logging.Logger;

public class JbsVault {
private final RestRequest request;
private final String authId;
private final URI authProbe;
private static final Logger log = Logger.getLogger("org.openjdk.skara.bots.notify");

private String cookie;
private Instant expires;

private String checksum(String body) {
try {
@@ -49,20 +49,29 @@ private String checksum(String body) {
}
}

JbsVault(URI vaultUri, String vaultToken) {
JbsVault(URI vaultUri, String vaultToken, URI jiraUri) {
authId = checksum(vaultToken);
request = new RestRequest(vaultUri, authId, () -> Arrays.asList(
"X-Vault-Token", vaultToken
));
this.authProbe = URIBuilder.base(jiraUri).setPath("/rest/api/2/myself").build();
}

String getCookie() {
if ((cookie == null) || Instant.now().isAfter(expires)) {
var result = request.get("").execute();
cookie = result.get("data").get("cookie.name").asString() + "=" + result.get("data").get("cookie.value").asString();
expires = Instant.now().plus(Duration.ofSeconds(result.get("lease_duration").asInt()).dividedBy(2));
log.info("Renewed Jira token (" + cookie + ") - expires " + expires);
if (cookie != null) {
var authProbeRequest = new RestRequest(authProbe, authId, () -> Arrays.asList("Cookie", cookie));
var res = authProbeRequest.get()
.onError(error -> error.statusCode() >= 400 ? Optional.of(JSON.of("AUTH_ERROR")) : Optional.empty())
.execute();
if (res.isObject() && !res.contains("AUTH_ERROR")) {
return cookie;
}
}

// Renewal time
var result = request.get("").execute();
cookie = result.get("data").get("cookie.name").asString() + "=" + result.get("data").get("cookie.value").asString();
log.info("Renewed Jira token (" + cookie + ")");
return cookie;
}

@@ -42,7 +42,7 @@ public IssueTracker create(URI uri, Credential credential, JSONObject configurat
} else {
if (credential.username().startsWith("https://")) {
var vaultUrl = URIBuilder.base(credential.username()).build();
var jiraVault = new JiraVault(vaultUrl, credential.password());
var jiraVault = new JiraVault(vaultUrl, credential.password(), uri);

if (configuration.contains("security") && configuration.contains("visibility")) {
return new JiraHost(uri, jiraVault, configuration.get("visibility").asString(), configuration.get("security").asString());
@@ -22,22 +22,22 @@
*/
package org.openjdk.skara.issuetracker.jira;

import org.openjdk.skara.network.RestRequest;
import org.openjdk.skara.json.JSON;
import org.openjdk.skara.network.*;

import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.time.*;
import java.util.*;
import java.util.logging.Logger;

class JiraVault {
private final RestRequest request;
private final String authId;
private final URI authProbe;
private final Logger log = Logger.getLogger("org.openjdk.skara.issuetracker.jira");

private String cookie;
private Instant expires;

private String checksum(String body) {
try {
@@ -49,20 +49,29 @@ private String checksum(String body) {
}
}

JiraVault(URI vaultUri, String vaultToken) {
JiraVault(URI vaultUri, String vaultToken, URI jiraUri) {
authId = checksum(vaultToken);
request = new RestRequest(vaultUri, authId, () -> Arrays.asList(
"X-Vault-Token", vaultToken
));
this.authProbe = URIBuilder.base(jiraUri).setPath("/rest/api/2/myself").build();
}

String getCookie() {
if ((cookie == null) || Instant.now().isAfter(expires)) {
var result = request.get("").execute();
cookie = result.get("data").get("cookie.name").asString() + "=" + result.get("data").get("cookie.value").asString();
expires = Instant.now().plus(Duration.ofSeconds(result.get("lease_duration").asInt()).dividedBy(2));
log.info("Renewed Jira token (" + cookie + ") - expires " + expires);
if (cookie != null) {
var authProbeRequest = new RestRequest(authProbe, authId, () -> Arrays.asList("Cookie", cookie));
var res = authProbeRequest.get()
.onError(error -> error.statusCode() >= 400 ? Optional.of(JSON.of("AUTH_ERROR")) : Optional.empty())
.execute();
if (res.isObject() && !res.contains("AUTH_ERROR")) {
return cookie;
}
}

// Renewal time
var result = request.get("").execute();
cookie = result.get("data").get("cookie.name").asString() + "=" + result.get("data").get("cookie.value").asString();
log.info("Renewed Jira token (" + cookie + ")");
return cookie;
}

1 comment on commit 54a35f6

@bridgekeeper
Copy link

@bridgekeeper bridgekeeper bot commented on 54a35f6 Sep 28, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.