Feature/replace id token with access token as bearer auth (#29)

* [remove-id-token] - Get rid of idToken and replace it by accessToken.

* [remove-id-token] - Update ProjectsInfoService as accessToken will be bearerToken from now on.

* [remove-id-token] - Update tests.

* [remove-id-token] - Rename id-token.

* [remove-id-token] - Clean method with an unused param.

Author: sergio-soria-bi

README.md

@@ -108,7 +108,7 @@ In order to get access to the different bickbucket repositories, the local devel
 
 To get the token for the local development, feel free to get security token from any page where azure SSO is required. (you can also execute the script below in your browser console)
 ```javascript
-javascript:(function(){let value=JSON.parse(localStorage[Object.keys(localStorage).find(key=>key.includes('idtoken'))])['secret'];navigator.clipboard.writeText(value);alert('Token copied to clipboard');})();
+javascript:(function(){let value=JSON.parse(localStorage[Object.keys(localStorage).find(key=>key.includes('accesstoken'))])['secret'];navigator.clipboard.writeText(value);alert('Token copied to clipboard');})();
 ```
 
 # Azure tokens

openapi/openapi-component_catalog-v1.0.0.yaml

@@ -48,12 +48,6 @@ paths:
           required: true
           schema:
             type: string
-        - name: accessToken
-          in: query
-          description: access token for azure queries.
-          required: true
-          schema:
-            type: string
       responses:
         "200":
           description: A list of Project Component Information
@@ -357,12 +351,6 @@ paths:
           required: true
           schema:
             type: string
-        - name: accessToken
-          in: query
-          description: access token for azure queries.
-          required: true
-          schema:
-            type: string
         - name: sortByTitle
           in: query
           description: Sort the returned CatalogItems by title, either in ascending or descending order.
@@ -436,12 +424,6 @@ paths:
           required: true
           schema:
             type: string
-        - name: accessToken
-          in: query
-          description: access token for azure queries.
-          required: true
-          schema:
-            type: string
       responses:
         "200":
           description: The CatalogItem.
@@ -1224,12 +1206,6 @@ components:
           example: "https://bitbucket.com/projects/DEVSTACK/repos/devstack-component-catalog"
           nullable: true
 
-        accessToken:
-          type: string
-          description: the access token to be used to get azure groups
-          example: "some-access-token"
-          nullable: false
-
         parameters:
           type: array
           description: List of name/value string parameters.

openapi/openapi-projects-info-service-v1.0.0.yaml

@@ -34,13 +34,6 @@ paths:
       description: >
         This endpoint receives an azure token, and returns all the groups associated to the user.
       operationId: getAzureGroups
-      parameters:
-        - name: token
-          in: header
-          required: true
-          schema:
-            type: string
-          description: Azure token used to get the groups.
       responses:
         "200":
           description: List of azure groups associated to the user.
@@ -120,12 +113,6 @@ paths:
         Get all project info and cluster for a given project key.
       operationId: getProjectClusters
       parameters:
-        - name: token
-          in: header
-          required: true
-          schema:
-            type: string
-          description: Azure token used to get the groups.
         - name: projectKey
           in: path
           required: true

src/main/java/org/opendevstack/component_catalog/server/controllers/CatalogItemsApiController.java

@@ -50,18 +50,17 @@ public ResponseEntity<List<CatalogItem>> getCatalogItems(String catalogId, SortO
     }
 
     @Override
-    public ResponseEntity<List<CatalogItem>> getCatalogItemsForProjectKey(String catalogId, String accessToken, SortOrder sortByTitle,
+    public ResponseEntity<List<CatalogItem>> getCatalogItemsForProjectKey(String catalogId, SortOrder sortByTitle,
                                                                           String projectKey) {
         log.debug("User '{}' requested catalog items for catalog id and projectKey: '{}', '{}'",
                 authInfo.getCurrentPrincipalName(), catalogId, projectKey);
         try {
-            var idToken = authenticationFacade.getIdToken();
+            var accessToken = authenticationFacade.getAccessToken();
 
             var catalogItemRequestParams = CatalogRequestParams.builder()
                     .catalogId(catalogId)
                     .sortOrder(sortByTitle)
                     .projectKey(projectKey)
-                    .idToken(idToken)
                     .accessToken(accessToken)
                     .build();
 
@@ -93,16 +92,15 @@ public ResponseEntity<CatalogItem> getCatalogItemById(String id) {
     }
 
     @Override
-    public ResponseEntity<CatalogItem> getCatalogItemByIdForProjectKey(String id, String projectKey, String accessToken) {
+    public ResponseEntity<CatalogItem> getCatalogItemByIdForProjectKey(String id, String projectKey) {
         log.debug("User '{}' requested catalog item with id and projectKey: '{}', '{}'",
                 authInfo.getCurrentPrincipalName(), id, projectKey);
         try {
-            var idToken = authenticationFacade.getIdToken();
+            var accessToken = authenticationFacade.getAccessToken();
 
             var catalogRequestParams = CatalogRequestParams.builder()
                     .catalogItemId(id)
                     .projectKey(projectKey)
-                    .idToken(idToken)
                     .accessToken(accessToken)
                     .build();
             var catItem = catalogItemsApiFacade.fetchCatalogItem(catalogRequestParams);

src/main/java/org/opendevstack/component_catalog/server/controllers/CatalogRequestParams.java

@@ -25,8 +25,5 @@ public class CatalogRequestParams {
     String catalogItemId;
     @Builder.Default
     String projectKey = Strings.EMPTY;
-    String idToken;
     String accessToken;
-
-
 }

src/main/java/org/opendevstack/component_catalog/server/controllers/ProjectComponentsController.java

@@ -1,6 +1,7 @@
 package org.opendevstack.component_catalog.server.controllers;
 
 import org.opendevstack.component_catalog.server.api.ProjectComponentsApi;
+import org.opendevstack.component_catalog.server.facade.AuthenticationFacade;
 import org.opendevstack.component_catalog.server.facade.ProjectComponentsFacade;
 import org.opendevstack.component_catalog.server.model.ProjectComponentInfo;
 import lombok.AllArgsConstructor;
@@ -20,9 +21,12 @@
 @Validated
 public class ProjectComponentsController implements ProjectComponentsApi {
     private final ProjectComponentsFacade projectComponentsFacade;
+    private final AuthenticationFacade authenticationFacade;
 
     @Override
-    public ResponseEntity<List<ProjectComponentInfo>> getProjectComponents(String projectKey, String accessToken) {
+    public ResponseEntity<List<ProjectComponentInfo>> getProjectComponents(String projectKey) {
+        var accessToken = authenticationFacade.getAccessToken();
+
         var componentInfos = Optional
                 .ofNullable(projectComponentsFacade.getProjectComponentsInfo(projectKey, accessToken))
                 .orElse(List.of());

src/main/java/org/opendevstack/component_catalog/server/controllers/ProvisionerActionsApiController.java

@@ -36,7 +36,7 @@ public ResponseEntity<Void> notifyProvisioningStatusUpdate(String projectKey,
                 projectKey, provisioningStatusUpdateRequest.toString());
 
         var normalizedProjectKey = projectKey.toUpperCase();
-        provisionerActionsApiFacade.validateGroupRestrictions(normalizedProjectKey, provisioningStatusUpdateRequest);
+        provisionerActionsApiFacade.validateGroupRestrictions(normalizedProjectKey);
         var normalizedComponentUrl = provisioningStatusUpdateRequest.getComponentUrl().orElse(Strings.EMPTY);
         var parameters = map(provisioningStatusUpdateRequest);
 
@@ -54,7 +54,7 @@ public ResponseEntity<Void> notifyProvisioningStatusUpdatePartially(String proje
                 projectKey, provisioningStatusUpdateRequest.toString());
 
         var normalizedProjectKey = projectKey.toUpperCase();
-        provisionerActionsApiFacade.validateGroupRestrictions(normalizedProjectKey, provisioningStatusUpdateRequest);
+        provisionerActionsApiFacade.validateGroupRestrictions(normalizedProjectKey);
         var normalizedComponentUrl = provisioningStatusUpdateRequest.getComponentUrl().orElse(Strings.EMPTY);
         var parameters = map(provisioningStatusUpdateRequest);
 

src/main/java/org/opendevstack/component_catalog/server/facade/AuthenticationFacade.java

@@ -11,7 +11,7 @@
 @Slf4j
 public class AuthenticationFacade {
 
-    public String getIdToken() {
+    public String getAccessToken() {
         Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
         if (auth == null || !(auth.getPrincipal() instanceof UserPrincipal principal)) {

src/main/java/org/opendevstack/component_catalog/server/facade/CatalogItemsApiFacade.java

@@ -58,15 +58,15 @@ private List<String> getProjectGroups(CatalogRequestParams catalogRequestParams)
         if (catalogRequestParams.getAccessToken() == null) {
             return Collections.emptyList();
         } else {
-            return projectsInfoService.getProjectGroups(catalogRequestParams.getIdToken(), catalogRequestParams.getAccessToken());
+            return projectsInfoService.getProjectGroups(catalogRequestParams.getAccessToken());
         }
     }
 
     private List<String> getClusters(CatalogRequestParams catalogRequestParams) {
         if (catalogRequestParams.getAccessToken() == null) {
             return Collections.emptyList();
         } else {
-            var projectInfo = projectsInfoService.getProjectClusters(catalogRequestParams.getProjectKey(), catalogRequestParams.getIdToken(), catalogRequestParams.getAccessToken());
+            var projectInfo = projectsInfoService.getProjectClusters(catalogRequestParams.getProjectKey(), catalogRequestParams.getAccessToken());
             var clusters = Optional.ofNullable(projectInfo)
                     .map(ProjectInfo::getClusters)
                     .orElse(Collections.emptyList());

src/main/java/org/opendevstack/component_catalog/server/facade/ProjectComponentsFacade.java

@@ -24,7 +24,6 @@ public class ProjectComponentsFacade {
     private final ProvisionerActionsService provisionerActionsService;
     private final ProjectComponentsInfoMapper projectComponentsInfoMapper;
     private final ProjectsInfoService projectsInfoService;
-    private final AuthenticationFacade authenticationFacade;
 
     public List<ProjectComponentInfo> getProjectComponentsInfo(String projectKey, String accessToken) {
         var projectComponents = provisionerActionsService.getProjectComponents(projectKey);
@@ -33,8 +32,7 @@ public List<ProjectComponentInfo> getProjectComponentsInfo(String projectKey, St
             return Collections.emptyList();
         }
 
-        String idToken = authenticationFacade.getIdToken();
-        List<String> userGroups = projectsInfoService.getProjectGroups(idToken, accessToken);
+        List<String> userGroups = projectsInfoService.getProjectGroups(accessToken);
 
         return projectComponents.getComponents()
                 .values()