Feature/replace id token with access token as bearer auth

README.md

@@ -108,7 +108,7 @@ In order to get access to the different bickbucket repositories, the local devel
 
 To get the token for the local development, feel free to get security token from any page where azure SSO is required. (you can also execute the script below in your browser console)
 ```javascript
-javascript:(function(){let value=JSON.parse(localStorage[Object.keys(localStorage).find(key=>key.includes('idtoken'))])['secret'];navigator.clipboard.writeText(value);alert('Token copied to clipboard');})();
+javascript:(function(){let value=JSON.parse(localStorage[Object.keys(localStorage).find(key=>key.includes('accesstoken'))])['secret'];navigator.clipboard.writeText(value);alert('Token copied to clipboard');})();
 ```
 
 # Azure tokens

openapi/openapi-component_catalog-v1.0.0.yaml

@@ -48,12 +48,6 @@ paths:
           required: true
           schema:
             type: string
-        - name: accessToken
-          in: query
-          description: access token for azure queries.
-          required: true
-          schema:
-            type: string
       responses:
         "200":
           description: A list of Project Component Information
@@ -357,12 +351,6 @@ paths:
           required: true
           schema:
             type: string
-        - name: accessToken
-          in: query
-          description: access token for azure queries.
-          required: true
-          schema:
-            type: string
         - name: sortByTitle
           in: query
           description: Sort the returned CatalogItems by title, either in ascending or descending order.
@@ -436,12 +424,6 @@ paths:
           required: true
           schema:
             type: string
-        - name: accessToken
-          in: query
-          description: access token for azure queries.
-          required: true
-          schema:
-            type: string
       responses:
         "200":
           description: The CatalogItem.
@@ -1224,12 +1206,6 @@ components:
           example: "https://bitbucket.com/projects/DEVSTACK/repos/devstack-component-catalog"
           nullable: true
 
-        accessToken:
-          type: string
-          description: the access token to be used to get azure groups
-          example: "some-access-token"
-          nullable: false
-
         parameters:
           type: array
           description: List of name/value string parameters.

openapi/openapi-projects-info-service-v1.0.0.yaml

@@ -34,13 +34,6 @@ paths:
       description: >
         This endpoint receives an azure token, and returns all the groups associated to the user.
       operationId: getAzureGroups
-      parameters:
-        - name: token
-          in: header
-          required: true
-          schema:
-            type: string
-          description: Azure token used to get the groups.
       responses:
         "200":
           description: List of azure groups associated to the user.
@@ -120,12 +113,6 @@ paths:
         Get all project info and cluster for a given project key.
       operationId: getProjectClusters
       parameters:
-        - name: token
-          in: header
-          required: true
-          schema:
-            type: string
-          description: Azure token used to get the groups.
         - name: projectKey
           in: path
           required: true

src/main/java/org/opendevstack/component_catalog/server/controllers/CatalogItemsApiController.java

@@ -50,18 +50,17 @@ public ResponseEntity<List<CatalogItem>> getCatalogItems(String catalogId, SortO
     }
 
     @Override
-    public ResponseEntity<List<CatalogItem>> getCatalogItemsForProjectKey(String catalogId, String accessToken, SortOrder sortByTitle,
+    public ResponseEntity<List<CatalogItem>> getCatalogItemsForProjectKey(String catalogId, SortOrder sortByTitle,
                                                                           String projectKey) {
         log.debug("User '{}' requested catalog items for catalog id and projectKey: '{}', '{}'",
                 authInfo.getCurrentPrincipalName(), catalogId, projectKey);
         try {
-            var idToken = authenticationFacade.getIdToken();
+            var accessToken = authenticationFacade.getAccessToken();
 
             var catalogItemRequestParams = CatalogRequestParams.builder()
                     .catalogId(catalogId)
                     .sortOrder(sortByTitle)
                     .projectKey(projectKey)
-                    .idToken(idToken)
                     .accessToken(accessToken)
                     .build();
 
@@ -93,16 +92,15 @@ public ResponseEntity<CatalogItem> getCatalogItemById(String id) {
     }
 
     @Override
-    public ResponseEntity<CatalogItem> getCatalogItemByIdForProjectKey(String id, String projectKey, String accessToken) {
+    public ResponseEntity<CatalogItem> getCatalogItemByIdForProjectKey(String id, String projectKey) {
         log.debug("User '{}' requested catalog item with id and projectKey: '{}', '{}'",
                 authInfo.getCurrentPrincipalName(), id, projectKey);
         try {
-            var idToken = authenticationFacade.getIdToken();
+            var accessToken = authenticationFacade.getAccessToken();
 
             var catalogRequestParams = CatalogRequestParams.builder()
                     .catalogItemId(id)
                     .projectKey(projectKey)
-                    .idToken(idToken)
                     .accessToken(accessToken)
                     .build();
             var catItem = catalogItemsApiFacade.fetchCatalogItem(catalogRequestParams);

src/main/java/org/opendevstack/component_catalog/server/controllers/CatalogRequestParams.java

@@ -25,8 +25,5 @@ public class CatalogRequestParams {
     String catalogItemId;
     @Builder.Default
     String projectKey = Strings.EMPTY;
-    String idToken;
     String accessToken;
-
-
 }

src/main/java/org/opendevstack/component_catalog/server/controllers/ProjectComponentsController.java

@@ -1,6 +1,7 @@
 package org.opendevstack.component_catalog.server.controllers;
 
 import org.opendevstack.component_catalog.server.api.ProjectComponentsApi;
+import org.opendevstack.component_catalog.server.facade.AuthenticationFacade;
 import org.opendevstack.component_catalog.server.facade.ProjectComponentsFacade;
 import org.opendevstack.component_catalog.server.model.ProjectComponentInfo;
 import lombok.AllArgsConstructor;
@@ -20,9 +21,12 @@
 @Validated
 public class ProjectComponentsController implements ProjectComponentsApi {
     private final ProjectComponentsFacade projectComponentsFacade;
+    private final AuthenticationFacade authenticationFacade;
 
     @Override
-    public ResponseEntity<List<ProjectComponentInfo>> getProjectComponents(String projectKey, String accessToken) {
+    public ResponseEntity<List<ProjectComponentInfo>> getProjectComponents(String projectKey) {
+        var accessToken = authenticationFacade.getAccessToken();
+
         var componentInfos = Optional
                 .ofNullable(projectComponentsFacade.getProjectComponentsInfo(projectKey, accessToken))
                 .orElse(List.of());

src/main/java/org/opendevstack/component_catalog/server/controllers/ProvisionerActionsApiController.java

@@ -36,7 +36,7 @@ public ResponseEntity<Void> notifyProvisioningStatusUpdate(String projectKey,
                 projectKey, provisioningStatusUpdateRequest.toString());
 
         var normalizedProjectKey = projectKey.toUpperCase();
-        provisionerActionsApiFacade.validateGroupRestrictions(normalizedProjectKey, provisioningStatusUpdateRequest);
+        provisionerActionsApiFacade.validateGroupRestrictions(normalizedProjectKey);
         var normalizedComponentUrl = provisioningStatusUpdateRequest.getComponentUrl().orElse(Strings.EMPTY);
         var parameters = map(provisioningStatusUpdateRequest);
 
@@ -54,7 +54,7 @@ public ResponseEntity<Void> notifyProvisioningStatusUpdatePartially(String proje
                 projectKey, provisioningStatusUpdateRequest.toString());
 
         var normalizedProjectKey = projectKey.toUpperCase();
-        provisionerActionsApiFacade.validateGroupRestrictions(normalizedProjectKey, provisioningStatusUpdateRequest);
+        provisionerActionsApiFacade.validateGroupRestrictions(normalizedProjectKey);
         var normalizedComponentUrl = provisioningStatusUpdateRequest.getComponentUrl().orElse(Strings.EMPTY);
         var parameters = map(provisioningStatusUpdateRequest);
 

src/main/java/org/opendevstack/component_catalog/server/facade/AuthenticationFacade.java

@@ -11,7 +11,7 @@
 @Slf4j
 public class AuthenticationFacade {
 
-    public String getIdToken() {
+    public String getAccessToken() {
         Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
         if (auth == null || !(auth.getPrincipal() instanceof UserPrincipal principal)) {

src/main/java/org/opendevstack/component_catalog/server/facade/CatalogItemsApiFacade.java

@@ -58,15 +58,15 @@ private List<String> getProjectGroups(CatalogRequestParams catalogRequestParams)
         if (catalogRequestParams.getAccessToken() == null) {
             return Collections.emptyList();
         } else {
-            return projectsInfoService.getProjectGroups(catalogRequestParams.getIdToken(), catalogRequestParams.getAccessToken());
+            return projectsInfoService.getProjectGroups(catalogRequestParams.getAccessToken());
         }
     }
 
     private List<String> getClusters(CatalogRequestParams catalogRequestParams) {
         if (catalogRequestParams.getAccessToken() == null) {
             return Collections.emptyList();
         } else {
-            var projectInfo = projectsInfoService.getProjectClusters(catalogRequestParams.getProjectKey(), catalogRequestParams.getIdToken(), catalogRequestParams.getAccessToken());
+            var projectInfo = projectsInfoService.getProjectClusters(catalogRequestParams.getProjectKey(), catalogRequestParams.getAccessToken());
             var clusters = Optional.ofNullable(projectInfo)
                     .map(ProjectInfo::getClusters)
                     .orElse(Collections.emptyList());

src/main/java/org/opendevstack/component_catalog/server/facade/ProjectComponentsFacade.java

@@ -24,7 +24,6 @@ public class ProjectComponentsFacade {
     private final ProvisionerActionsService provisionerActionsService;
     private final ProjectComponentsInfoMapper projectComponentsInfoMapper;
     private final ProjectsInfoService projectsInfoService;
-    private final AuthenticationFacade authenticationFacade;
 
     public List<ProjectComponentInfo> getProjectComponentsInfo(String projectKey, String accessToken) {
         var projectComponents = provisionerActionsService.getProjectComponents(projectKey);
@@ -33,8 +32,7 @@ public List<ProjectComponentInfo> getProjectComponentsInfo(String projectKey, St
             return Collections.emptyList();
         }
 
-        String idToken = authenticationFacade.getIdToken();
-        List<String> userGroups = projectsInfoService.getProjectGroups(idToken, accessToken);
+        List<String> userGroups = projectsInfoService.getProjectGroups(accessToken);
 
         return projectComponents.getComponents()
                 .values()

src/main/java/org/opendevstack/component_catalog/server/facade/ProvisionerActionsApiFacade.java

@@ -33,7 +33,7 @@ public class ProvisionerActionsApiFacade {
                 .toList();
     }
 
-    public void validateGroupRestrictions(String projectKey, ProvisioningStatusUpdateRequest provisioningStatusUpdateRequest) {
+    public void validateGroupRestrictions(String projectKey) {
         var groupRestriction = CatalogItemUserActionGroupsRestriction.builder()
                 .prefix(groupsRestrictionProps.getPrefix())
                 .suffix(groupsRestrictionProps.getSuffix())
@@ -44,7 +44,8 @@ public void validateGroupRestrictions(String projectKey, ProvisioningStatusUpdat
                 .build();
 
         var evaluationRestrictions = new EvaluationRestrictions(projectKey, userActionEntityRestrictions);
-        var userGroups = projectsInfoService.getProjectGroups(authenticationFacade.getIdToken(), provisioningStatusUpdateRequest.getAccessToken());
+        var accessToken = authenticationFacade.getAccessToken();
+        var userGroups = projectsInfoService.getProjectGroups(accessToken);
 
         var params = RestrictionsParams.builder()
                 .userGroups(userGroups)

src/main/java/org/opendevstack/component_catalog/server/services/ApiClientsBuilder.java

@@ -10,13 +10,13 @@
 @Service
 @Slf4j
 public class ApiClientsBuilder {
-    public ApiClient apiClient(String idToken, String baseRestUrl) {
+    public ApiClient apiClient(String accessToken, String baseRestUrl) {
         var apiClient = new ApiClient();
 
         apiClient.setBasePath(baseRestUrl);
 
         var auth = (HttpBearerAuth) apiClient.getAuthentication("bearerAuth");
-        auth.setBearerToken(idToken);
+        auth.setBearerToken(accessToken);
 
         return apiClient;
     }

src/main/java/org/opendevstack/component_catalog/server/services/ProjectsInfoService.java

@@ -23,19 +23,19 @@ public class ProjectsInfoService {
     private ApiClientsBuilder apiClientsBuilder;
 
     @Cacheable
-    public ProjectInfo getProjectClusters(String projectKey, String idToken, String accessToken) {
-        var apiClient = apiClientsBuilder.apiClient(idToken, projectsInfoServiceProps.getBaseRestUrl().toString());
+    public ProjectInfo getProjectClusters(String projectKey, String accessToken) {
+        var apiClient = apiClientsBuilder.apiClient(accessToken, projectsInfoServiceProps.getBaseRestUrl().toString());
         var projectsApi = apiClientsBuilder.projectsApi(apiClient);
 
-        return projectsApi.getProjectClusters(accessToken, projectKey);
+        return projectsApi.getProjectClusters(projectKey);
     }
 
     @Cacheable
-    public List<String> getProjectGroups(String idToken, String accessToken) {
-        var apiClient = apiClientsBuilder.apiClient(idToken, projectsInfoServiceProps.getBaseRestUrl().toString());
+    public List<String> getProjectGroups(String accessToken) {
+        var apiClient = apiClientsBuilder.apiClient(accessToken, projectsInfoServiceProps.getBaseRestUrl().toString());
         var azureGroupsApi = apiClientsBuilder.azureGroupsApi(apiClient);
 
-        return azureGroupsApi.getAzureGroups(accessToken);
+        return azureGroupsApi.getAzureGroups();
     }
 
 }

src/test/java/org/opendevstack/component_catalog/server/controllers/CatalogItemsApiControllerTest.java

@@ -29,7 +29,6 @@
 @ExtendWith(MockitoExtension.class)
 class CatalogItemsApiControllerTest {
 
-    private final String token = "any-acess-token";
     private final String catalogId = "catalog123";
     private final String projectKey = "projectKey123";
     private final String principalName = "testUser";
@@ -101,11 +100,11 @@ void givenValidProjectKey_WhenGetCatalogItemsForProjectKey_ThenReturnItemsList()
         item.setTitle("Item 1");
 
         when(authInfo.getCurrentPrincipalName()).thenReturn(principalName);
-        when(authenticationFacade.getIdToken()).thenReturn("id-token");
+        when(authenticationFacade.getAccessToken()).thenReturn("access-token");
         when(catalogItemsApiFacade.fetchCatalogItems(any())).thenReturn(List.of(item));
 
         // When
-        var response = catalogItemsApiController.getCatalogItemsForProjectKey(catalogId, token, SortOrder.ASC, projectKey);
+        var response = catalogItemsApiController.getCatalogItemsForProjectKey(catalogId, SortOrder.ASC, projectKey);
 
         // Then
         assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
@@ -117,22 +116,22 @@ void givenValidProjectKey_WhenGetCatalogItemsForProjectKey_ThenReturnItemsList()
     @Test
     void givenInvalidProjectKey_WhenGetCatalogItemsForProjectKey_ThenThrowBadRequestException() throws InvalidIdException {
         when(authInfo.getCurrentPrincipalName()).thenReturn("testUser");
-        when(authenticationFacade.getIdToken()).thenReturn("id-token");
+        when(authenticationFacade.getAccessToken()).thenReturn("access-token");
         when(catalogItemsApiFacade.fetchCatalogItems(any())).thenThrow(new InvalidIdException("Invalid ID"));
 
         // When / Then
-        assertThatThrownBy(() -> catalogItemsApiController.getCatalogItemsForProjectKey(catalogId, token, SortOrder.ASC, invalidProjectKey))
+        assertThatThrownBy(() -> catalogItemsApiController.getCatalogItemsForProjectKey(catalogId, SortOrder.ASC, invalidProjectKey))
                 .isInstanceOf(BadRequestException.class)
                 .hasMessageContaining("Invalid catalog id");
     }
 
     @Test
     void givenEmptyResult_WhenGetCatalogItemsForProjectKey_ThenReturnEmptyList() throws InvalidCatalogEntityException {
         when(authInfo.getCurrentPrincipalName()).thenReturn(principalName);
-        when(authenticationFacade.getIdToken()).thenReturn("id-token");
+        when(authenticationFacade.getAccessToken()).thenReturn("access-token");
 
         // When
-        var response = catalogItemsApiController.getCatalogItemsForProjectKey(catalogId, token, SortOrder.ASC, projectKey);
+        var response = catalogItemsApiController.getCatalogItemsForProjectKey(catalogId, SortOrder.ASC, projectKey);
 
         // Then
         assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
@@ -202,13 +201,13 @@ void givenCatalogItemNotFound_WhenGetCatalogItemById_ThenReturnNotFound() throws
     @Test
     void givenValidCatalogId_WhenGetCatalogItemByIdForProjectKey_ThenReturnItem() throws InvalidIdException, InvalidCatalogItemEntityException {
         when(authInfo.getCurrentPrincipalName()).thenReturn(principalName);
-        when(authenticationFacade.getIdToken()).thenReturn("id-token");
+        when(authenticationFacade.getAccessToken()).thenReturn("access-token");
         CatalogItem catalogItem = new CatalogItem();
         catalogItem.setId(catalogItemId);
         when(catalogItemsApiFacade.fetchCatalogItem(any())).thenReturn(catalogItem);
 
         // When
-        var response = catalogItemsApiController.getCatalogItemByIdForProjectKey(catalogId, projectKey, token);
+        var response = catalogItemsApiController.getCatalogItemByIdForProjectKey(catalogId, projectKey);
 
         // Then
         assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
@@ -218,11 +217,11 @@ void givenValidCatalogId_WhenGetCatalogItemByIdForProjectKey_ThenReturnItem() th
     @Test
     void givenInvalidCatalogId_WhenGetCatalogItemByIdForProjectKey_ThenThrowRestEntityNotFoundException() throws InvalidIdException {
         when(authInfo.getCurrentPrincipalName()).thenReturn("testUser");
-        when(authenticationFacade.getIdToken()).thenReturn("id-token");
+        when(authenticationFacade.getAccessToken()).thenReturn("access-token");
         when(catalogItemsApiFacade.fetchCatalogItem(any())).thenThrow(new InvalidIdException("Invalid ID"));
 
         // When / Then
-        assertThatThrownBy(() -> catalogItemsApiController.getCatalogItemByIdForProjectKey(invalidCatalogId, projectKey, token))
+        assertThatThrownBy(() -> catalogItemsApiController.getCatalogItemByIdForProjectKey(invalidCatalogId, projectKey))
                 .isInstanceOf(RestEntityNotFoundException.class)
                 .hasMessageContaining("Catalog item not found");
     }
@@ -231,24 +230,24 @@ void givenInvalidCatalogId_WhenGetCatalogItemByIdForProjectKey_ThenThrowRestEnti
     void givenInvalidCatalogItemEntity_WhenGetCatalogItemByIdForProjectKey_ThenThrowInvalidRestEntityException()
             throws InvalidCatalogItemEntityException, InvalidIdException {
         when(authInfo.getCurrentPrincipalName()).thenReturn("testUser");
-        when(authenticationFacade.getIdToken()).thenReturn("id-token");
+        when(authenticationFacade.getAccessToken()).thenReturn("access-token");
         when(catalogItemsApiFacade.fetchCatalogItem(any())).thenThrow(new InvalidCatalogItemEntityException("Invalid ID"));
 
 
         // When / Then
-        assertThatThrownBy(() -> catalogItemsApiController.getCatalogItemByIdForProjectKey(catalogId, projectKey, token))
+        assertThatThrownBy(() -> catalogItemsApiController.getCatalogItemByIdForProjectKey(catalogId, projectKey))
                 .isInstanceOf(InvalidRestEntityException.class)
                 .hasMessageContaining("Invalid catalog item");
     }
 
     @Test
     void givenCatalogItemNotFound_WhenGetCatalogItemByIdForProjectKey_ThenReturnNotFound() throws InvalidIdException, InvalidCatalogItemEntityException {
         when(authInfo.getCurrentPrincipalName()).thenReturn(principalName);
-        when(authenticationFacade.getIdToken()).thenReturn("id-token");
+        when(authenticationFacade.getAccessToken()).thenReturn("access-token");
         when(catalogItemsApiFacade.fetchCatalogItem(any())).thenReturn(null);
 
         // When
-        var response = catalogItemsApiController.getCatalogItemByIdForProjectKey(catalogId, projectKey, token);
+        var response = catalogItemsApiController.getCatalogItemByIdForProjectKey(catalogId, projectKey);
 
         // Then
         assertThat(response.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND);