Skip to content

Commit de3040c

Browse files
Feature/replace id token with access token as bearer auth (#29)
* [remove-id-token] - Get rid of idToken and replace it by accessToken. * [remove-id-token] - Update ProjectsInfoService as accessToken will be bearerToken from now on. * [remove-id-token] - Update tests. * [remove-id-token] - Rename id-token. * [remove-id-token] - Clean method with an unused param.
1 parent de64f7c commit de3040c

22 files changed

+106
-155
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@ In order to get access to the different bickbucket repositories, the local devel
108108

109109
To get the token for the local development, feel free to get security token from any page where azure SSO is required. (you can also execute the script below in your browser console)
110110
```javascript
111-
javascript:(function(){let value=JSON.parse(localStorage[Object.keys(localStorage).find(key=>key.includes('idtoken'))])['secret'];navigator.clipboard.writeText(value);alert('Token copied to clipboard');})();
111+
javascript:(function(){let value=JSON.parse(localStorage[Object.keys(localStorage).find(key=>key.includes('accesstoken'))])['secret'];navigator.clipboard.writeText(value);alert('Token copied to clipboard');})();
112112
```
113113

114114
# Azure tokens

openapi/openapi-component_catalog-v1.0.0.yaml

Lines changed: 0 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -48,12 +48,6 @@ paths:
4848
required: true
4949
schema:
5050
type: string
51-
- name: accessToken
52-
in: query
53-
description: access token for azure queries.
54-
required: true
55-
schema:
56-
type: string
5751
responses:
5852
"200":
5953
description: A list of Project Component Information
@@ -357,12 +351,6 @@ paths:
357351
required: true
358352
schema:
359353
type: string
360-
- name: accessToken
361-
in: query
362-
description: access token for azure queries.
363-
required: true
364-
schema:
365-
type: string
366354
- name: sortByTitle
367355
in: query
368356
description: Sort the returned CatalogItems by title, either in ascending or descending order.
@@ -436,12 +424,6 @@ paths:
436424
required: true
437425
schema:
438426
type: string
439-
- name: accessToken
440-
in: query
441-
description: access token for azure queries.
442-
required: true
443-
schema:
444-
type: string
445427
responses:
446428
"200":
447429
description: The CatalogItem.
@@ -1224,12 +1206,6 @@ components:
12241206
example: "https://bitbucket.com/projects/DEVSTACK/repos/devstack-component-catalog"
12251207
nullable: true
12261208

1227-
accessToken:
1228-
type: string
1229-
description: the access token to be used to get azure groups
1230-
example: "some-access-token"
1231-
nullable: false
1232-
12331209
parameters:
12341210
type: array
12351211
description: List of name/value string parameters.

openapi/openapi-projects-info-service-v1.0.0.yaml

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -34,13 +34,6 @@ paths:
3434
description: >
3535
This endpoint receives an azure token, and returns all the groups associated to the user.
3636
operationId: getAzureGroups
37-
parameters:
38-
- name: token
39-
in: header
40-
required: true
41-
schema:
42-
type: string
43-
description: Azure token used to get the groups.
4437
responses:
4538
"200":
4639
description: List of azure groups associated to the user.
@@ -120,12 +113,6 @@ paths:
120113
Get all project info and cluster for a given project key.
121114
operationId: getProjectClusters
122115
parameters:
123-
- name: token
124-
in: header
125-
required: true
126-
schema:
127-
type: string
128-
description: Azure token used to get the groups.
129116
- name: projectKey
130117
in: path
131118
required: true

src/main/java/org/opendevstack/component_catalog/server/controllers/CatalogItemsApiController.java

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -50,18 +50,17 @@ public ResponseEntity<List<CatalogItem>> getCatalogItems(String catalogId, SortO
5050
}
5151

5252
@Override
53-
public ResponseEntity<List<CatalogItem>> getCatalogItemsForProjectKey(String catalogId, String accessToken, SortOrder sortByTitle,
53+
public ResponseEntity<List<CatalogItem>> getCatalogItemsForProjectKey(String catalogId, SortOrder sortByTitle,
5454
String projectKey) {
5555
log.debug("User '{}' requested catalog items for catalog id and projectKey: '{}', '{}'",
5656
authInfo.getCurrentPrincipalName(), catalogId, projectKey);
5757
try {
58-
var idToken = authenticationFacade.getIdToken();
58+
var accessToken = authenticationFacade.getAccessToken();
5959

6060
var catalogItemRequestParams = CatalogRequestParams.builder()
6161
.catalogId(catalogId)
6262
.sortOrder(sortByTitle)
6363
.projectKey(projectKey)
64-
.idToken(idToken)
6564
.accessToken(accessToken)
6665
.build();
6766

@@ -93,16 +92,15 @@ public ResponseEntity<CatalogItem> getCatalogItemById(String id) {
9392
}
9493

9594
@Override
96-
public ResponseEntity<CatalogItem> getCatalogItemByIdForProjectKey(String id, String projectKey, String accessToken) {
95+
public ResponseEntity<CatalogItem> getCatalogItemByIdForProjectKey(String id, String projectKey) {
9796
log.debug("User '{}' requested catalog item with id and projectKey: '{}', '{}'",
9897
authInfo.getCurrentPrincipalName(), id, projectKey);
9998
try {
100-
var idToken = authenticationFacade.getIdToken();
99+
var accessToken = authenticationFacade.getAccessToken();
101100

102101
var catalogRequestParams = CatalogRequestParams.builder()
103102
.catalogItemId(id)
104103
.projectKey(projectKey)
105-
.idToken(idToken)
106104
.accessToken(accessToken)
107105
.build();
108106
var catItem = catalogItemsApiFacade.fetchCatalogItem(catalogRequestParams);

src/main/java/org/opendevstack/component_catalog/server/controllers/CatalogRequestParams.java

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,5 @@ public class CatalogRequestParams {
2525
String catalogItemId;
2626
@Builder.Default
2727
String projectKey = Strings.EMPTY;
28-
String idToken;
2928
String accessToken;
30-
31-
3229
}

src/main/java/org/opendevstack/component_catalog/server/controllers/ProjectComponentsController.java

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package org.opendevstack.component_catalog.server.controllers;
22

33
import org.opendevstack.component_catalog.server.api.ProjectComponentsApi;
4+
import org.opendevstack.component_catalog.server.facade.AuthenticationFacade;
45
import org.opendevstack.component_catalog.server.facade.ProjectComponentsFacade;
56
import org.opendevstack.component_catalog.server.model.ProjectComponentInfo;
67
import lombok.AllArgsConstructor;
@@ -20,9 +21,12 @@
2021
@Validated
2122
public class ProjectComponentsController implements ProjectComponentsApi {
2223
private final ProjectComponentsFacade projectComponentsFacade;
24+
private final AuthenticationFacade authenticationFacade;
2325

2426
@Override
25-
public ResponseEntity<List<ProjectComponentInfo>> getProjectComponents(String projectKey, String accessToken) {
27+
public ResponseEntity<List<ProjectComponentInfo>> getProjectComponents(String projectKey) {
28+
var accessToken = authenticationFacade.getAccessToken();
29+
2630
var componentInfos = Optional
2731
.ofNullable(projectComponentsFacade.getProjectComponentsInfo(projectKey, accessToken))
2832
.orElse(List.of());

src/main/java/org/opendevstack/component_catalog/server/controllers/ProvisionerActionsApiController.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ public ResponseEntity<Void> notifyProvisioningStatusUpdate(String projectKey,
3636
projectKey, provisioningStatusUpdateRequest.toString());
3737

3838
var normalizedProjectKey = projectKey.toUpperCase();
39-
provisionerActionsApiFacade.validateGroupRestrictions(normalizedProjectKey, provisioningStatusUpdateRequest);
39+
provisionerActionsApiFacade.validateGroupRestrictions(normalizedProjectKey);
4040
var normalizedComponentUrl = provisioningStatusUpdateRequest.getComponentUrl().orElse(Strings.EMPTY);
4141
var parameters = map(provisioningStatusUpdateRequest);
4242

@@ -54,7 +54,7 @@ public ResponseEntity<Void> notifyProvisioningStatusUpdatePartially(String proje
5454
projectKey, provisioningStatusUpdateRequest.toString());
5555

5656
var normalizedProjectKey = projectKey.toUpperCase();
57-
provisionerActionsApiFacade.validateGroupRestrictions(normalizedProjectKey, provisioningStatusUpdateRequest);
57+
provisionerActionsApiFacade.validateGroupRestrictions(normalizedProjectKey);
5858
var normalizedComponentUrl = provisioningStatusUpdateRequest.getComponentUrl().orElse(Strings.EMPTY);
5959
var parameters = map(provisioningStatusUpdateRequest);
6060

src/main/java/org/opendevstack/component_catalog/server/facade/AuthenticationFacade.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
@Slf4j
1212
public class AuthenticationFacade {
1313

14-
public String getIdToken() {
14+
public String getAccessToken() {
1515
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
1616

1717
if (auth == null || !(auth.getPrincipal() instanceof UserPrincipal principal)) {

src/main/java/org/opendevstack/component_catalog/server/facade/CatalogItemsApiFacade.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,15 +58,15 @@ private List<String> getProjectGroups(CatalogRequestParams catalogRequestParams)
5858
if (catalogRequestParams.getAccessToken() == null) {
5959
return Collections.emptyList();
6060
} else {
61-
return projectsInfoService.getProjectGroups(catalogRequestParams.getIdToken(), catalogRequestParams.getAccessToken());
61+
return projectsInfoService.getProjectGroups(catalogRequestParams.getAccessToken());
6262
}
6363
}
6464

6565
private List<String> getClusters(CatalogRequestParams catalogRequestParams) {
6666
if (catalogRequestParams.getAccessToken() == null) {
6767
return Collections.emptyList();
6868
} else {
69-
var projectInfo = projectsInfoService.getProjectClusters(catalogRequestParams.getProjectKey(), catalogRequestParams.getIdToken(), catalogRequestParams.getAccessToken());
69+
var projectInfo = projectsInfoService.getProjectClusters(catalogRequestParams.getProjectKey(), catalogRequestParams.getAccessToken());
7070
var clusters = Optional.ofNullable(projectInfo)
7171
.map(ProjectInfo::getClusters)
7272
.orElse(Collections.emptyList());

src/main/java/org/opendevstack/component_catalog/server/facade/ProjectComponentsFacade.java

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,6 @@ public class ProjectComponentsFacade {
2424
private final ProvisionerActionsService provisionerActionsService;
2525
private final ProjectComponentsInfoMapper projectComponentsInfoMapper;
2626
private final ProjectsInfoService projectsInfoService;
27-
private final AuthenticationFacade authenticationFacade;
2827

2928
public List<ProjectComponentInfo> getProjectComponentsInfo(String projectKey, String accessToken) {
3029
var projectComponents = provisionerActionsService.getProjectComponents(projectKey);
@@ -33,8 +32,7 @@ public List<ProjectComponentInfo> getProjectComponentsInfo(String projectKey, St
3332
return Collections.emptyList();
3433
}
3534

36-
String idToken = authenticationFacade.getIdToken();
37-
List<String> userGroups = projectsInfoService.getProjectGroups(idToken, accessToken);
35+
List<String> userGroups = projectsInfoService.getProjectGroups(accessToken);
3836

3937
return projectComponents.getComponents()
4038
.values()

0 commit comments

Comments
 (0)