Probe if Jira credentials are valid before making the actual API call

openjdk · Sep 25, 2020 · d3149d8 · d3149d8
1 parent 29a27d5
commit d3149d8
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 20 deletions.
diff --git a/bots/notify/src/main/java/module-info.java b/bots/notify/src/main/java/module-info.java
@@ -29,6 +29,7 @@
     requires org.openjdk.skara.mailinglist;
     requires org.openjdk.skara.network;
     requires java.logging;
+    requires java.net.http;
 
     exports org.openjdk.skara.bots.notify;
 

diff --git a/bots/notify/src/main/java/org/openjdk/skara/bots/notify/issue/IssueNotifierFactory.java b/bots/notify/src/main/java/org/openjdk/skara/bots/notify/issue/IssueNotifierFactory.java
@@ -55,7 +55,7 @@ public Notifier create(BotConfiguration botConfiguration, JSONObject notifierCon
 
             if (credential.username().startsWith("https://")) {
                 var vaultUrl = URIBuilder.base(credential.username()).build();
-                var jbsVault = new JbsVault(vaultUrl, credential.password());
+                var jbsVault = new JbsVault(vaultUrl, credential.password(), issueProject.webUrl());
                 builder.vault(jbsVault);
             } else {
                 throw new RuntimeException("basic authentication not implemented yet");

diff --git a/bots/notify/src/main/java/org/openjdk/skara/bots/notify/issue/JbsVault.java b/bots/notify/src/main/java/org/openjdk/skara/bots/notify/issue/JbsVault.java
@@ -22,22 +22,22 @@
  */
 package org.openjdk.skara.bots.notify.issue;
 
-import org.openjdk.skara.network.RestRequest;
+import org.openjdk.skara.json.JSON;
+import org.openjdk.skara.network.*;
 
 import java.net.URI;
 import java.nio.charset.StandardCharsets;
 import java.security.*;
-import java.time.*;
 import java.util.*;
 import java.util.logging.Logger;
 
 public class JbsVault {
     private final RestRequest request;
     private final String authId;
+    private final URI authProbe;
     private static final Logger log = Logger.getLogger("org.openjdk.skara.bots.notify");
 
     private String cookie;
-    private Instant expires;
 
     private String checksum(String body) {
         try {
@@ -49,20 +49,29 @@ private String checksum(String body) {
         }
     }
 
-    JbsVault(URI vaultUri, String vaultToken) {
+    JbsVault(URI vaultUri, String vaultToken, URI jiraUri) {
         authId = checksum(vaultToken);
         request = new RestRequest(vaultUri, authId, () -> Arrays.asList(
                 "X-Vault-Token", vaultToken
         ));
+        this.authProbe = URIBuilder.base(jiraUri).setPath("/rest/api/2/myself").build();
     }
 
     String getCookie() {
-        if ((cookie == null) || Instant.now().isAfter(expires)) {
-            var result = request.get("").execute();
-            cookie = result.get("data").get("cookie.name").asString() + "=" + result.get("data").get("cookie.value").asString();
-            expires = Instant.now().plus(Duration.ofSeconds(result.get("lease_duration").asInt()).dividedBy(2));
-            log.info("Renewed Jira token (" + cookie + ") - expires " + expires);
+        if (cookie != null) {
+            var authProbeRequest = new RestRequest(authProbe, authId, () -> Arrays.asList("Cookie", cookie));
+            var res = authProbeRequest.get()
+                                      .onError(error -> error.statusCode() >= 400 ? Optional.of(JSON.of("AUTH_ERROR")) : Optional.empty())
+                                      .execute();
+            if (res.isObject() && !res.contains("AUTH_ERROR")) {
+                return cookie;
+            }
         }
+
+        // Renewal time
+        var result = request.get("").execute();
+        cookie = result.get("data").get("cookie.name").asString() + "=" + result.get("data").get("cookie.value").asString();
+        log.info("Renewed Jira token (" + cookie + ")");
         return cookie;
     }
 

diff --git a/issuetracker/src/main/java/org/openjdk/skara/issuetracker/jira/JiraIssueTrackerFactory.java b/issuetracker/src/main/java/org/openjdk/skara/issuetracker/jira/JiraIssueTrackerFactory.java
@@ -42,7 +42,7 @@ public IssueTracker create(URI uri, Credential credential, JSONObject configurat
         } else {
             if (credential.username().startsWith("https://")) {
                 var vaultUrl = URIBuilder.base(credential.username()).build();
-                var jiraVault = new JiraVault(vaultUrl, credential.password());
+                var jiraVault = new JiraVault(vaultUrl, credential.password(), uri);
 
                 if (configuration.contains("security") && configuration.contains("visibility")) {
                     return new JiraHost(uri, jiraVault, configuration.get("visibility").asString(), configuration.get("security").asString());

diff --git a/issuetracker/src/main/java/org/openjdk/skara/issuetracker/jira/JiraVault.java b/issuetracker/src/main/java/org/openjdk/skara/issuetracker/jira/JiraVault.java
@@ -22,22 +22,22 @@
  */
 package org.openjdk.skara.issuetracker.jira;
 
-import org.openjdk.skara.network.RestRequest;
+import org.openjdk.skara.json.JSON;
+import org.openjdk.skara.network.*;
 
 import java.net.URI;
 import java.nio.charset.StandardCharsets;
 import java.security.*;
-import java.time.*;
 import java.util.*;
 import java.util.logging.Logger;
 
 class JiraVault {
     private final RestRequest request;
     private final String authId;
+    private final URI authProbe;
     private final Logger log = Logger.getLogger("org.openjdk.skara.issuetracker.jira");
 
     private String cookie;
-    private Instant expires;
 
     private String checksum(String body) {
         try {
@@ -49,20 +49,29 @@ private String checksum(String body) {
         }
     }
 
-    JiraVault(URI vaultUri, String vaultToken) {
+    JiraVault(URI vaultUri, String vaultToken, URI jiraUri) {
         authId = checksum(vaultToken);
         request = new RestRequest(vaultUri, authId, () -> Arrays.asList(
                 "X-Vault-Token", vaultToken
         ));
+        this.authProbe = URIBuilder.base(jiraUri).setPath("/rest/api/2/myself").build();
     }
 
     String getCookie() {
-        if ((cookie == null) || Instant.now().isAfter(expires)) {
-            var result = request.get("").execute();
-            cookie = result.get("data").get("cookie.name").asString() + "=" + result.get("data").get("cookie.value").asString();
-            expires = Instant.now().plus(Duration.ofSeconds(result.get("lease_duration").asInt()).dividedBy(2));
-            log.info("Renewed Jira token (" + cookie + ") - expires " + expires);
+        if (cookie != null) {
+            var authProbeRequest = new RestRequest(authProbe, authId, () -> Arrays.asList("Cookie", cookie));
+            var res = authProbeRequest.get()
+                    .onError(error -> error.statusCode() >= 400 ? Optional.of(JSON.of("AUTH_ERROR")) : Optional.empty())
+                    .execute();
+            if (res.isObject() && !res.contains("AUTH_ERROR")) {
+                return cookie;
+            }
         }
+
+        // Renewal time
+        var result = request.get("").execute();
+        cookie = result.get("data").get("cookie.name").asString() + "=" + result.get("data").get("cookie.value").asString();
+        log.info("Renewed Jira token (" + cookie + ")");
         return cookie;
     }