diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0dadd85 --- /dev/null +++ b/.gitignore @@ -0,0 +1,13 @@ +# Intellij files +.idea/ + +# gradle's output dir +build/ + +# the gradle temp dir +.gradle + +# Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored) +!gradle-wrapper.jar + +classes/ diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..dc66523 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,5 @@ +## 0.0.1 - TBD + +Initial release of plugin + +- Supports only user authentication diff --git a/INSTALL.md b/INSTALL.md new file mode 100644 index 0000000..859aba9 --- /dev/null +++ b/INSTALL.md @@ -0,0 +1,35 @@ +# Google oauth plugin for GoCD + +## Requirements + +* GoCD server version v17.5.0 or above +* Google [API credentials](https://console.developers.google.com/apis/credentials) + +## Installation + +Copy the file `build/libs/google-oauth-authorization-plugin-VERSION.jar` to the GoCD server under `${GO_SERVER_DIR}/plugins/external` +and restart the server. The `GO_SERVER_DIR` is usually `/var/lib/go-server` on Linux and `C:\Program Files\Go Server` +on Windows. + +## Configuration + +### Configure Google API credentials + +1. Login to [API credentials](https://console.developers.google.com/apis/credentials) +2. Click on **_Create credentials_** and select `OAuth Client Id` +4. Select `Web application` as a Application type +5. Provide appropriate **_Name_** to your api credentials +6. Specify `http://<>/go/plugin/cd.go.authorization.google/authenticate` in **_Authorized redirect URIs +_**. Click on **_Create_** +7. Yay!! You have created google api credentials +8. Note **_Client ID_** and **_Client Secret_**, you will need it to configure plugin in next step + +### Configure Plugin + +1. Login to `GoCD server` as admin and navigate to **_Admin_** _>_ **_Security_** _>_ **_Authorization Configuration_** +2. Click on **_Add_** to create new authorization configuration + 1. Specify `id` for auth config + 2. Select `Google oauth authorization plugin for GoCD` for **_Plugin id_** + 3. Specify **_Client ID_** and **_Client Secret_** + 4. Optionally, you can specify `Allowed Domains` settings to restrict user login from specified domains + 5. Save your configuration \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..b112304 --- /dev/null +++ b/README.md @@ -0,0 +1,33 @@ +# Google oauth plugin for GoCD + +The plugin allows user to login in GoCD using google account. It is implemented using [GoCD authorization endpoint](https://plugin-api.gocd.org/17.5.0/authorization/). Older [Google Oauth Plugin](https://github.com/gocd-contrib/gocd-oauth-login/tree/master/google) was implemented using `GoCD authentication endpoint`, which was deprecated in [GoCD release 17.5.0](https://www.gocd.org/releases/#17.5.0). Hence, we have provided this plugin as its replacement. + +# Installation + +Installation documentation available [here](INSTALL.md) + +# Capabilities + +* Currently supports only authentication capability + +## Building the code base + +To build the jar, run `./gradlew clean test assemble` + +## License + +```plain +Copyright 2017 ThoughtWorks, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/build.gradle b/build.gradle new file mode 100644 index 0000000..057a0c2 --- /dev/null +++ b/build.gradle @@ -0,0 +1,92 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +apply plugin: 'java' + +group = 'cd.go' +version = '0.0.1' + +project.ext.pluginDesc = [ + id : 'cd.go.authorization.google', + version : project.version, + goCdVersion: '17.3.0', + name : 'Google oauth authorization plugin for GoCD', + description: 'Google oauth authorization plugin for GoCD', + vendorName : 'GoCD Contributors', + vendorUrl : 'https://github.com/gocd/google-authorization-plugin' +] + +sourceCompatibility = 1.8 +targetCompatibility = 1.8 + +repositories { + jcenter() + mavenLocal() +} + +dependencies { + compileOnly group: 'cd.go.plugin', name: 'go-plugin-api', version: '17.4.0' + compile group: 'com.google.code.gson', name: 'gson', version: '2.8.0' + compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.5' + compile group: 'commons-io', name: 'commons-io', version: '2.5' + compile group: 'commons-codec', name: 'commons-codec', version: '1.10' + compile group: 'org.brickred', name: 'socialauth', version: '4.14' + + compile group: 'org.apache.commons', name: 'commons-collections4', version: '4.1' + + testCompile group: 'cd.go.plugin', name: 'go-plugin-api', version: '17.4.0' + testCompile group: 'junit', name: 'junit', version: '4.12' + testCompile group: 'org.mockito', name: 'mockito-core', version: '2.2.28' + testCompile group: 'org.hamcrest', name: 'hamcrest-library', version: '1.3' + testCompile group: 'org.skyscreamer', name: 'jsonassert', version: '1.4.0' +} + +processResources { + from("src/main/resource-templates") { + filesMatching('plugin.xml') { + expand project.pluginDesc + } + + filesMatching('plugin.properties') { + expand project.pluginDesc + } + } +} + +sourceSets { + test { + java { + compileClasspath += configurations.compileOnly + runtimeClasspath += configurations.compileOnly + } + } +} + +jar { + from(configurations.compile) { + into "lib/" + } + +// This is useful for debugging + from(sourceSets.main.java) { + into "/" + } +} + +task deploy(type: Copy) { + from jar + into '../../../gocd/server/plugins/external/' +} \ No newline at end of file diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000..deedc7f Binary files /dev/null and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 0000000..cb0d145 --- /dev/null +++ b/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,6 @@ +#Wed Jul 05 19:39:24 IST 2017 +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-4.0-all.zip diff --git a/gradlew b/gradlew new file mode 100755 index 0000000..9aa616c --- /dev/null +++ b/gradlew @@ -0,0 +1,169 @@ +#!/usr/bin/env bash + +############################################################################## +## +## Gradle start up script for UN*X +## +############################################################################## + +# Attempt to set APP_HOME +# Resolve links: $0 may be a link +PRG="$0" +# Need this for relative symlinks. +while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null + +APP_NAME="Gradle" +APP_BASE_NAME=`basename "$0"` + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS="" + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD="maximum" + +warn ( ) { + echo "$*" +} + +die ( ) { + echo + echo "$*" + echo + exit 1 +} + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "`uname`" in + CYGWIN* ) + cygwin=true + ;; + Darwin* ) + darwin=true + ;; + MINGW* ) + msys=true + ;; + NONSTOP* ) + nonstop=true + ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD="java" + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then + MAX_FD_LIMIT=`ulimit -H -n` + if [ $? -eq 0 ] ; then + if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then + MAX_FD="$MAX_FD_LIMIT" + fi + ulimit -n $MAX_FD + if [ $? -ne 0 ] ; then + warn "Could not set maximum file descriptor limit: $MAX_FD" + fi + else + warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" + fi +fi + +# For Darwin, add options to specify how the application appears in the dock +if $darwin; then + GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" +fi + +# For Cygwin, switch paths to Windows format before running java +if $cygwin ; then + APP_HOME=`cygpath --path --mixed "$APP_HOME"` + CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` + + # We build the pattern for arguments to be converted via cygpath + ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` + SEP="" + for dir in $ROOTDIRSRAW ; do + ROOTDIRS="$ROOTDIRS$SEP$dir" + SEP="|" + done + OURCYGPATTERN="(^($ROOTDIRS))" + # Add a user-defined pattern to the cygpath arguments + if [ "$GRADLE_CYGPATTERN" != "" ] ; then + OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" + fi + # Now convert the arguments - kludge to limit ourselves to /bin/sh + i=0 + for arg in "$@" ; do + CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` + CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option + + if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition + eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` + else + eval `echo args$i`="\"$arg\"" + fi + i=$((i+1)) + done + case $i in + (0) set -- ;; + (1) set -- "$args0" ;; + (2) set -- "$args0" "$args1" ;; + (3) set -- "$args0" "$args1" "$args2" ;; + (4) set -- "$args0" "$args1" "$args2" "$args3" ;; + (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + esac +fi + +# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules +function splitJvmOpts() { + JVM_OPTS=("$@") +} +eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS +JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME" + +# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong +if [[ "$(uname)" == "Darwin" ]] && [[ "$HOME" == "$PWD" ]]; then + cd "$(dirname "$0")" +fi + +exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100644 index 0000000..e95643d --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,84 @@ +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS= + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto init + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto init + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:init +@rem Get command-line arguments, handling Windows variants + +if not "%OS%" == "Windows_NT" goto win9xME_args + +:win9xME_args +@rem Slurp the command line arguments. +set CMD_LINE_ARGS= +set _SKIP=2 + +:win9xME_args_slurp +if "x%~1" == "x" goto execute + +set CMD_LINE_ARGS=%* + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/settings.gradle b/settings.gradle new file mode 100644 index 0000000..f88c89c --- /dev/null +++ b/settings.gradle @@ -0,0 +1,17 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +rootProject.name = 'google-oauth-authorization-plugin' diff --git a/src/main/java/cd/go/authorization/google/Constants.java b/src/main/java/cd/go/authorization/google/Constants.java new file mode 100644 index 0000000..c9fb7fa --- /dev/null +++ b/src/main/java/cd/go/authorization/google/Constants.java @@ -0,0 +1,32 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google; + +import com.thoughtworks.go.plugin.api.GoPluginIdentifier; + +import java.util.Collections; + +public interface Constants { + // The type of this extension + String EXTENSION_TYPE = "authorization"; + + // The extension point API version that this plugin understands + String API_VERSION = "1.0"; + + // the identifier of this plugin + GoPluginIdentifier PLUGIN_IDENTIFIER = new GoPluginIdentifier(EXTENSION_TYPE, Collections.singletonList(API_VERSION)); +} diff --git a/src/main/java/cd/go/authorization/google/GooglePlugin.java b/src/main/java/cd/go/authorization/google/GooglePlugin.java new file mode 100644 index 0000000..30f5c49 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/GooglePlugin.java @@ -0,0 +1,82 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google; + +import cd.go.authorization.google.exceptions.NoSuchRequestHandlerException; +import cd.go.authorization.google.executors.*; +import cd.go.authorization.google.requests.*; +import com.thoughtworks.go.plugin.api.GoApplicationAccessor; +import com.thoughtworks.go.plugin.api.GoPlugin; +import com.thoughtworks.go.plugin.api.GoPluginIdentifier; +import com.thoughtworks.go.plugin.api.annotation.Extension; +import com.thoughtworks.go.plugin.api.exceptions.UnhandledRequestTypeException; +import com.thoughtworks.go.plugin.api.logging.Logger; +import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; + +import static cd.go.authorization.google.Constants.PLUGIN_IDENTIFIER; + +@Extension +public class GooglePlugin implements GoPlugin { + public static final Logger LOG = Logger.getLoggerFor(GooglePlugin.class); + + private GoApplicationAccessor accessor; + + @Override + public void initializeGoApplicationAccessor(GoApplicationAccessor accessor) { + this.accessor = accessor; + } + + @Override + public GoPluginApiResponse handle(GoPluginApiRequest request) throws UnhandledRequestTypeException { + try { + switch (RequestFromServer.fromString(request.requestName())) { + case REQUEST_GET_PLUGIN_ICON: + return new GetPluginIconRequestExecutor().execute(); + case REQUEST_GET_CAPABILITIES: + return new GetCapabilitiesRequestExecutor().execute(); + case REQUEST_GET_AUTH_CONFIG_METADATA: + return new GetAuthConfigMetadataRequestExecutor().execute(); + case REQUEST_AUTH_CONFIG_VIEW: + return new GetAuthConfigViewRequestExecutor().execute(); + case REQUEST_VALIDATE_AUTH_CONFIG: + return AuthConfigValidateRequest.from(request).execute(); + case REQUEST_VERIFY_CONNECTION: + return VerifyConnectionRequest.from(request).execute(); + case REQUEST_AUTHORIZATION_SERVER_REDIRECT_URL: + return GetAuthorizationServerUrlRequest.from(request).execute(); + case REQUEST_ACCESS_TOKEN: + return FetchAccessTokenRequest.from(request).execute(); + case REQUEST_AUTHENTICATE_USER: + return UserAuthenticationRequest.from(request).execute(); + default: + throw new UnhandledRequestTypeException(request.requestName()); + } + } catch (NoSuchRequestHandlerException e) { + LOG.warn(e.getMessage()); + return null; + } catch (Exception e) { + LOG.error("Error while executing request " + request.requestName(), e); + throw new RuntimeException(e); + } + } + + @Override + public GoPluginIdentifier pluginIdentifier() { + return PLUGIN_IDENTIFIER; + } +} diff --git a/src/main/java/cd/go/authorization/google/GoogleProvider.java b/src/main/java/cd/go/authorization/google/GoogleProvider.java new file mode 100644 index 0000000..2e5d4c3 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/GoogleProvider.java @@ -0,0 +1,124 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google; + +import cd.go.authorization.google.exceptions.InvalidDomainException; +import cd.go.authorization.google.models.GoogleConfiguration; +import cd.go.authorization.google.models.TokenInfo; +import cd.go.authorization.google.models.User; +import org.brickred.socialauth.Permission; +import org.brickred.socialauth.Profile; +import org.brickred.socialauth.SocialAuthManager; +import org.brickred.socialauth.util.AccessGrant; + +import java.io.UnsupportedEncodingException; +import java.net.MalformedURLException; +import java.net.URL; +import java.net.URLDecoder; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; + +import static cd.go.authorization.google.GooglePlugin.LOG; +import static java.text.MessageFormat.format; + +public class GoogleProvider implements Provider { + private final GoogleConfiguration googleConfiguration; + private final SocialAuthManager authManager; + private final URLCache urlCache; + + public GoogleProvider(GoogleConfiguration pluginConfiguration, SocialAuthManager authManager) { + this(pluginConfiguration, authManager, URLCache.getInstance()); + } + + GoogleProvider(GoogleConfiguration pluginConfiguration, SocialAuthManager authManager, URLCache urlCache) { + this.googleConfiguration = pluginConfiguration; + this.authManager = authManager; + this.urlCache = urlCache; + } + + @Override + public String getProviderName() { + return "googleplus"; + } + + @Override + public Permission permission() { + return Permission.AUTHENTICATE_ONLY; + } + + public void verifyConnection() throws Exception { + //TODO: + } + + @Override + public String authorizationServerUrl(String callbackUrl) throws Exception { + final String authenticationUrl = authManager.getAuthenticationUrl(getProviderName(), callbackUrl, permission()); + String state = urlParams(authenticationUrl).get("state"); + urlCache.getInstance().cache(state, callbackUrl); + return authenticationUrl; + } + + @Override + public TokenInfo accessToken(Map params) throws Exception { + final AccessGrant accessGrant = authManager.createAccessGrant(getProviderName(), params.get("code"), urlCache.getAndRemove(params.get("state"))); + authManager.disconnectProvider(getProviderName()); + return new TokenInfo(accessGrant); + } + + @Override + public User userProfile(AccessGrant accessGrant) throws Exception { + try { + final Profile userProfile = authManager.connect(accessGrant).getUserProfile(); + final List allowedDomains = googleConfiguration.allowedDomains(); + final User user = new User(userProfile); + + if (allowedDomains.isEmpty()) { + return user; + } + + final String domainOfLoggedInUser = userProfile.getEmail().substring(userProfile.getEmail().indexOf("@") + 1); + for (String domainName : allowedDomains) { + if (domainOfLoggedInUser.equals(domainName)) { + return user; + } + } + + LOG.error(format("Domain `{0}` is invalid. Supported domains are `{1}`", domainOfLoggedInUser, allowedDomains)); + throw InvalidDomainException.invalidDomain(domainOfLoggedInUser, allowedDomains.toString()); + } finally { + authManager.disconnectProvider(getProviderName()); + } + } + + @Override + public GoogleConfiguration pluginConfiguration() { + return googleConfiguration; + } + + private Map urlParams(String url) throws UnsupportedEncodingException, MalformedURLException { + URL urlObject = new URL(url); + Map query_pairs = new LinkedHashMap(); + String query = urlObject.getQuery(); + String[] pairs = query.split("&"); + for (String pair : pairs) { + int idx = pair.indexOf("="); + query_pairs.put(URLDecoder.decode(pair.substring(0, idx), "UTF-8"), URLDecoder.decode(pair.substring(idx + 1), "UTF-8")); + } + return query_pairs; + } +} diff --git a/src/main/java/cd/go/authorization/google/Provider.java b/src/main/java/cd/go/authorization/google/Provider.java new file mode 100644 index 0000000..8db6f93 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/Provider.java @@ -0,0 +1,25 @@ +package cd.go.authorization.google; + +import cd.go.authorization.google.models.PluginConfiguration; +import cd.go.authorization.google.models.TokenInfo; +import cd.go.authorization.google.models.User; +import org.brickred.socialauth.Permission; +import org.brickred.socialauth.util.AccessGrant; + +import java.util.Map; + +public interface Provider { + String getProviderName(); + + Permission permission(); + + String authorizationServerUrl(String callbackUrl) throws Exception; + + TokenInfo accessToken(Map params) throws Exception; + + User userProfile(AccessGrant accessGrant) throws Exception; + + T pluginConfiguration(); + + void verifyConnection() throws Exception; +} diff --git a/src/main/java/cd/go/authorization/google/URLCache.java b/src/main/java/cd/go/authorization/google/URLCache.java new file mode 100644 index 0000000..f25cd1b --- /dev/null +++ b/src/main/java/cd/go/authorization/google/URLCache.java @@ -0,0 +1,31 @@ +package cd.go.authorization.google; + +import org.apache.commons.collections4.map.PassiveExpiringMap; + +public class URLCache { + private final PassiveExpiringMap urlCache = new PassiveExpiringMap(30000); + + public void cache(String key, String url) { + urlCache.put(key, url); + } + + public static URLCache getInstance() { + return InstanceHolder.URL_CACHE; + } + + public void remove(String state) { + urlCache.remove(state); + } + + public String get(String state) { + return urlCache.get(state); + } + + public String getAndRemove(String state) { + return urlCache.remove(state); + } + + private static final class InstanceHolder { + private static final URLCache URL_CACHE = new URLCache(); + } +} diff --git a/src/main/java/cd/go/authorization/google/annotation/FieldMetadata.java b/src/main/java/cd/go/authorization/google/annotation/FieldMetadata.java new file mode 100644 index 0000000..0f589df --- /dev/null +++ b/src/main/java/cd/go/authorization/google/annotation/FieldMetadata.java @@ -0,0 +1,54 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.annotation; + +import com.google.gson.annotations.Expose; +import com.google.gson.annotations.SerializedName; + +public class FieldMetadata implements Metadata { + + @Expose + @SerializedName("required") + private boolean required; + + @Expose + @SerializedName("secure") + private boolean secure; + + private FieldType type; + + public FieldMetadata(boolean required, boolean secure, FieldType type) { + this.required = required; + this.secure = secure; + this.type = type; + } + + @Override + public boolean isRequired() { + return required; + } + + @Override + public boolean isSecure() { + return secure; + } + + @Override + public FieldType getType() { + return type; + } +} diff --git a/src/main/java/cd/go/authorization/google/annotation/FieldType.java b/src/main/java/cd/go/authorization/google/annotation/FieldType.java new file mode 100644 index 0000000..213bba3 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/annotation/FieldType.java @@ -0,0 +1,57 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.annotation; + +public enum FieldType { + STRING { + @Override + public String validate(String value) { + return null; + } + }, + + POSITIVE_DECIMAL { + @Override + public String validate(String value) { + try { + if (Long.parseLong(value) < 0) { + return "must be positive decimal"; + } + } catch (Exception e) { + return "must be positive decimal"; + } + return null; + } + }, + + NUMBER { + @Override + public String validate(String value) { + try { + if (Double.parseDouble(value) < 0) { + return "must be number"; + } + } catch (Exception e) { + return "must be number"; + } + + return null; + } + }; + + public abstract String validate(String value); +} diff --git a/src/main/java/cd/go/authorization/google/annotation/Metadata.java b/src/main/java/cd/go/authorization/google/annotation/Metadata.java new file mode 100644 index 0000000..eda2496 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/annotation/Metadata.java @@ -0,0 +1,25 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.annotation; + +public interface Metadata { + boolean isRequired(); + + boolean isSecure(); + + FieldType getType(); +} diff --git a/src/main/java/cd/go/authorization/google/annotation/MetadataHelper.java b/src/main/java/cd/go/authorization/google/annotation/MetadataHelper.java new file mode 100644 index 0000000..3d90e47 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/annotation/MetadataHelper.java @@ -0,0 +1,38 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.annotation; + + +import java.lang.reflect.Field; +import java.util.*; + +public class MetadataHelper { + + public static List getMetadata(Class clazz) { + Field[] fields = clazz.getDeclaredFields(); + List metadata = new ArrayList<>(); + for (Field field : fields) { + ProfileField profileField = field.getAnnotation(ProfileField.class); + if (profileField != null) { + final FieldMetadata fieldMetadata = new FieldMetadata(profileField.required(), profileField.secure(), profileField.type()); + final ProfileMetadata profileMetadata = new ProfileMetadata<>(profileField.key(), fieldMetadata); + metadata.add(profileMetadata); + } + } + return metadata; + } +} diff --git a/src/main/java/cd/go/authorization/google/annotation/MetadataValidator.java b/src/main/java/cd/go/authorization/google/annotation/MetadataValidator.java new file mode 100644 index 0000000..cc852a4 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/annotation/MetadataValidator.java @@ -0,0 +1,40 @@ +package cd.go.authorization.google.annotation; + +import cd.go.authorization.google.models.GoogleConfiguration; + +import java.util.*; + +public class MetadataValidator { + + public List> validate(GoogleConfiguration configuration) { + + Map properties = configuration.toProperties(); + + List> result = new ArrayList<>(); + List knownFields = new ArrayList<>(); + + for (ProfileMetadata field : MetadataHelper.getMetadata(configuration.getClass())) { + knownFields.add(field.getKey()); + + Map validationError = field.validate(properties.get(field.getKey())); + + if (!validationError.isEmpty()) { + result.add(validationError); + } + } + + + Set set = new HashSet<>(properties.keySet()); + set.removeAll(knownFields); + + if (!set.isEmpty()) { + for (String key : set) { + LinkedHashMap validationError = new LinkedHashMap<>(); + validationError.put("key", key); + validationError.put("message", "Is an unknown property"); + result.add(validationError); + } + } + return result; + } +} diff --git a/src/main/java/cd/go/authorization/google/annotation/ProfileField.java b/src/main/java/cd/go/authorization/google/annotation/ProfileField.java new file mode 100644 index 0000000..1ed295a --- /dev/null +++ b/src/main/java/cd/go/authorization/google/annotation/ProfileField.java @@ -0,0 +1,34 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.annotation; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Target(ElementType.FIELD) +@Retention(RetentionPolicy.RUNTIME) +public @interface ProfileField { + String key(); + + boolean required(); + + boolean secure(); + + FieldType type() default FieldType.STRING; +} diff --git a/src/main/java/cd/go/authorization/google/annotation/ProfileMetadata.java b/src/main/java/cd/go/authorization/google/annotation/ProfileMetadata.java new file mode 100644 index 0000000..27702dd --- /dev/null +++ b/src/main/java/cd/go/authorization/google/annotation/ProfileMetadata.java @@ -0,0 +1,68 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.annotation; + +import com.google.gson.annotations.Expose; +import com.google.gson.annotations.SerializedName; +import org.apache.commons.lang3.StringUtils; + +import java.util.HashMap; +import java.util.Map; + +public class ProfileMetadata { + + @Expose + @SerializedName("key") + private String key; + + @Expose + @SerializedName("metadata") + private T metadata; + + public ProfileMetadata(String key, T metadata) { + this.key = key; + this.metadata = metadata; + } + + public Map validate(String input) { + HashMap result = new HashMap<>(); + String validationError = doValidate(input); + if (StringUtils.isNotBlank(validationError)) { + result.put("key", key); + result.put("message", validationError); + } + return result; + } + + protected String doValidate(String input) { + if (isRequired()) { + if (StringUtils.isBlank(input)) { + return this.key + " must not be blank."; + } + } + return null; + } + + + public String getKey() { + return key; + } + + public boolean isRequired() { + return metadata.isRequired(); + } +} \ No newline at end of file diff --git a/src/main/java/cd/go/authorization/google/exceptions/InvalidDomainException.java b/src/main/java/cd/go/authorization/google/exceptions/InvalidDomainException.java new file mode 100644 index 0000000..f47ee7c --- /dev/null +++ b/src/main/java/cd/go/authorization/google/exceptions/InvalidDomainException.java @@ -0,0 +1,13 @@ +package cd.go.authorization.google.exceptions; + +import static java.text.MessageFormat.format; + +public class InvalidDomainException extends RuntimeException { + public InvalidDomainException(String message) { + super(message); + } + + public static InvalidDomainException invalidDomain(String domainName, String supportedDomains) { + return new InvalidDomainException(format("Domain `{0}` is invalid. Supported domains are `{1}`", domainName, supportedDomains)); + } +} diff --git a/src/main/java/cd/go/authorization/google/exceptions/InvalidUsernameException.java b/src/main/java/cd/go/authorization/google/exceptions/InvalidUsernameException.java new file mode 100644 index 0000000..d69ce60 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/exceptions/InvalidUsernameException.java @@ -0,0 +1,23 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.exceptions; + +public class InvalidUsernameException extends RuntimeException { + public InvalidUsernameException(String message) { + super(message); + } +} diff --git a/src/main/java/cd/go/authorization/google/exceptions/NoAuthorizationConfigurationException.java b/src/main/java/cd/go/authorization/google/exceptions/NoAuthorizationConfigurationException.java new file mode 100644 index 0000000..dc08b6a --- /dev/null +++ b/src/main/java/cd/go/authorization/google/exceptions/NoAuthorizationConfigurationException.java @@ -0,0 +1,23 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.exceptions; + +public class NoAuthorizationConfigurationException extends RuntimeException { + public NoAuthorizationConfigurationException(String message) { + super(message); + } +} diff --git a/src/main/java/cd/go/authorization/google/exceptions/NoSuchRequestHandlerException.java b/src/main/java/cd/go/authorization/google/exceptions/NoSuchRequestHandlerException.java new file mode 100644 index 0000000..26921bf --- /dev/null +++ b/src/main/java/cd/go/authorization/google/exceptions/NoSuchRequestHandlerException.java @@ -0,0 +1,23 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.exceptions; + +public class NoSuchRequestHandlerException extends RuntimeException { + public NoSuchRequestHandlerException(String message) { + super(message); + } +} diff --git a/src/main/java/cd/go/authorization/google/executors/AuthConfigValidateRequestExecutor.java b/src/main/java/cd/go/authorization/google/executors/AuthConfigValidateRequestExecutor.java new file mode 100644 index 0000000..3555eec --- /dev/null +++ b/src/main/java/cd/go/authorization/google/executors/AuthConfigValidateRequestExecutor.java @@ -0,0 +1,42 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + + +import cd.go.authorization.google.annotation.MetadataValidator; +import cd.go.authorization.google.requests.AuthConfigValidateRequest; +import com.google.gson.Gson; +import com.thoughtworks.go.plugin.api.response.DefaultGoPluginApiResponse; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; + +import java.util.List; +import java.util.Map; + + +public class AuthConfigValidateRequestExecutor implements RequestExecutor { + private static final Gson GSON = new Gson(); + private final AuthConfigValidateRequest request; + + public AuthConfigValidateRequestExecutor(AuthConfigValidateRequest request) { + this.request = request; + } + + public GoPluginApiResponse execute() throws Exception { + final List> validationResult = new MetadataValidator().validate(request.googleConfiguration()); + return DefaultGoPluginApiResponse.success(GSON.toJson(validationResult)); + } +} diff --git a/src/main/java/cd/go/authorization/google/executors/FetchAccessTokenRequestExecutor.java b/src/main/java/cd/go/authorization/google/executors/FetchAccessTokenRequestExecutor.java new file mode 100644 index 0000000..101f499 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/executors/FetchAccessTokenRequestExecutor.java @@ -0,0 +1,43 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.exceptions.NoAuthorizationConfigurationException; +import cd.go.authorization.google.models.GoogleConfiguration; +import cd.go.authorization.google.models.TokenInfo; +import cd.go.authorization.google.requests.FetchAccessTokenRequest; +import com.thoughtworks.go.plugin.api.response.DefaultGoPluginApiResponse; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; + +public class FetchAccessTokenRequestExecutor implements RequestExecutor { + private final FetchAccessTokenRequest request; + + public FetchAccessTokenRequestExecutor(FetchAccessTokenRequest request) { + this.request = request; + } + + public GoPluginApiResponse execute() throws Exception { + if (request.authConfigs().isEmpty()) { + throw new NoAuthorizationConfigurationException("[Get Access Token] No authorization configuration found."); + } + + final GoogleConfiguration configuration = request.authConfigs().get(0).getConfiguration(); + + final TokenInfo tokenInfo = configuration.provider().accessToken(request.requestParameters()); + return DefaultGoPluginApiResponse.success(tokenInfo.toJSON()); + } +} diff --git a/src/main/java/cd/go/authorization/google/executors/GetAuthConfigMetadataRequestExecutor.java b/src/main/java/cd/go/authorization/google/executors/GetAuthConfigMetadataRequestExecutor.java new file mode 100644 index 0000000..6098aad --- /dev/null +++ b/src/main/java/cd/go/authorization/google/executors/GetAuthConfigMetadataRequestExecutor.java @@ -0,0 +1,36 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.annotation.MetadataHelper; +import cd.go.authorization.google.annotation.ProfileMetadata; +import cd.go.authorization.google.models.GoogleConfiguration; +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; +import com.thoughtworks.go.plugin.api.response.DefaultGoPluginApiResponse; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; + +import java.util.List; + +public class GetAuthConfigMetadataRequestExecutor implements RequestExecutor { + private static final Gson GSON = new GsonBuilder().excludeFieldsWithoutExposeAnnotation().create(); + + public GoPluginApiResponse execute() throws Exception { + final List authConfigMetadata = MetadataHelper.getMetadata(GoogleConfiguration.class); + return DefaultGoPluginApiResponse.success( GSON.toJson(authConfigMetadata)); + } +} diff --git a/src/main/java/cd/go/authorization/google/executors/GetAuthConfigViewRequestExecutor.java b/src/main/java/cd/go/authorization/google/executors/GetAuthConfigViewRequestExecutor.java new file mode 100644 index 0000000..5e3ec96 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/executors/GetAuthConfigViewRequestExecutor.java @@ -0,0 +1,35 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.utils.Util; +import com.google.gson.Gson; +import com.google.gson.JsonObject; +import com.thoughtworks.go.plugin.api.response.DefaultGoPluginApiResponse; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; + +public class GetAuthConfigViewRequestExecutor implements RequestExecutor { + private static final Gson GSON = new Gson(); + + @Override + public GoPluginApiResponse execute() throws Exception { + JsonObject jsonObject = new JsonObject(); + jsonObject.addProperty("template", Util.readResource("/auth-config.template.html")); + return DefaultGoPluginApiResponse.success( GSON.toJson(jsonObject)); + } + +} diff --git a/src/main/java/cd/go/authorization/google/executors/GetAuthorizationServerUrlRequestExecutor.java b/src/main/java/cd/go/authorization/google/executors/GetAuthorizationServerUrlRequestExecutor.java new file mode 100644 index 0000000..fa22728 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/executors/GetAuthorizationServerUrlRequestExecutor.java @@ -0,0 +1,45 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.Provider; +import cd.go.authorization.google.exceptions.NoAuthorizationConfigurationException; +import cd.go.authorization.google.requests.GetAuthorizationServerUrlRequest; +import com.thoughtworks.go.plugin.api.response.DefaultGoPluginApiResponse; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; + +import java.util.Collections; + +import static cd.go.authorization.google.utils.Util.GSON; + +public class GetAuthorizationServerUrlRequestExecutor implements RequestExecutor { + private final GetAuthorizationServerUrlRequest request; + + public GetAuthorizationServerUrlRequestExecutor(GetAuthorizationServerUrlRequest request) { + this.request = request; + } + + public GoPluginApiResponse execute() throws Exception { + if (request.authConfigs().isEmpty()) { + throw new NoAuthorizationConfigurationException("[Authorization Server Url] No authorization configuration found."); + } + + final Provider provider = request.authConfigs().get(0).getConfiguration().provider(); + + return DefaultGoPluginApiResponse.success(GSON.toJson(Collections.singletonMap("authorization_server_url", provider.authorizationServerUrl(request.callbackUrl())))); + } +} diff --git a/src/main/java/cd/go/authorization/google/executors/GetCapabilitiesRequestExecutor.java b/src/main/java/cd/go/authorization/google/executors/GetCapabilitiesRequestExecutor.java new file mode 100644 index 0000000..7a3dae7 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/executors/GetCapabilitiesRequestExecutor.java @@ -0,0 +1,36 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.models.Capabilities; +import cd.go.authorization.google.models.SupportedAuthType; +import com.thoughtworks.go.plugin.api.response.DefaultGoPluginApiResponse; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; + +import static com.thoughtworks.go.plugin.api.response.DefaultGoApiResponse.SUCCESS_RESPONSE_CODE; + +public class GetCapabilitiesRequestExecutor { + + public GoPluginApiResponse execute() { + Capabilities capabilities = getCapabilities(); + return new DefaultGoPluginApiResponse(SUCCESS_RESPONSE_CODE, capabilities.toJSON()); + } + + Capabilities getCapabilities() { + return new Capabilities(SupportedAuthType.Web, true, false); + } +} diff --git a/src/main/java/cd/go/authorization/google/executors/GetPluginIconRequestExecutor.java b/src/main/java/cd/go/authorization/google/executors/GetPluginIconRequestExecutor.java new file mode 100644 index 0000000..1f2695a --- /dev/null +++ b/src/main/java/cd/go/authorization/google/executors/GetPluginIconRequestExecutor.java @@ -0,0 +1,46 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + + +import cd.go.authorization.google.utils.Util; +import com.google.gson.Gson; +import com.google.gson.JsonObject; +import com.thoughtworks.go.plugin.api.response.DefaultGoPluginApiResponse; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; +import org.apache.commons.codec.binary.Base64; + +public class GetPluginIconRequestExecutor implements RequestExecutor { + private static final Gson GSON = new Gson(); + + @Override + public GoPluginApiResponse execute() throws Exception { + JsonObject jsonObject = new JsonObject(); + jsonObject.addProperty("content_type", getContentType()); + jsonObject.addProperty("data", Base64.encodeBase64String(Util.readResourceBytes(getIcon()))); + return DefaultGoPluginApiResponse.success( GSON.toJson(jsonObject)); + + } + + private String getContentType() { + return "image/png"; + } + + private String getIcon() { + return "/logo.png"; + } +} diff --git a/src/main/java/cd/go/authorization/google/executors/RequestExecutor.java b/src/main/java/cd/go/authorization/google/executors/RequestExecutor.java new file mode 100644 index 0000000..34cb3a3 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/executors/RequestExecutor.java @@ -0,0 +1,24 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; + +public interface RequestExecutor { + + GoPluginApiResponse execute() throws Exception; +} diff --git a/src/main/java/cd/go/authorization/google/executors/RequestFromServer.java b/src/main/java/cd/go/authorization/google/executors/RequestFromServer.java new file mode 100644 index 0000000..b28d2ea --- /dev/null +++ b/src/main/java/cd/go/authorization/google/executors/RequestFromServer.java @@ -0,0 +1,69 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.exceptions.NoSuchRequestHandlerException; + +public enum RequestFromServer { + + REQUEST_GET_PLUGIN_ICON(Constants.REQUEST_PREFIX + ".get-icon"), + REQUEST_GET_CAPABILITIES(Constants.REQUEST_PREFIX + ".get-capabilities"), + + REQUEST_GET_AUTH_CONFIG_METADATA(String.join(".", Constants.REQUEST_PREFIX, Constants._AUTH_CONFIG_METADATA, "get-metadata")), + REQUEST_AUTH_CONFIG_VIEW(String.join(".", Constants.REQUEST_PREFIX, Constants._AUTH_CONFIG_METADATA, "get-view")), + REQUEST_VALIDATE_AUTH_CONFIG(String.join(".", Constants.REQUEST_PREFIX, Constants._AUTH_CONFIG_METADATA, "validate")), + REQUEST_VERIFY_CONNECTION(String.join(".", Constants.REQUEST_PREFIX, Constants._AUTH_CONFIG_METADATA, "verify-connection")), + + REQUEST_GET_ROLE_CONFIG_METADATA(String.join(".", Constants.REQUEST_PREFIX, Constants._ROLE_CONFIG_METADATA, "get-metadata")), + REQUEST_ROLE_CONFIG_VIEW(String.join(".", Constants.REQUEST_PREFIX, Constants._ROLE_CONFIG_METADATA, "get-view")), + REQUEST_VALIDATE_ROLE_CONFIG(String.join(".", Constants.REQUEST_PREFIX, Constants._ROLE_CONFIG_METADATA, "validate")), + + REQUEST_AUTHENTICATE_USER(Constants.REQUEST_PREFIX + ".authenticate-user"), + REQUEST_SEARCH_USERS(Constants.REQUEST_PREFIX + ".search-users"), + + REQUEST_AUTHORIZATION_SERVER_REDIRECT_URL(Constants.REQUEST_PREFIX + ".authorization-server-url"), + REQUEST_ACCESS_TOKEN(Constants.REQUEST_PREFIX + ".fetch-access-token"); + + private final String requestName; + + RequestFromServer(String requestName) { + this.requestName = requestName; + } + + public static RequestFromServer fromString(String requestName) { + if (requestName != null) { + for (RequestFromServer requestFromServer : RequestFromServer.values()) { + if (requestName.equalsIgnoreCase(requestFromServer.requestName)) { + return requestFromServer; + } + } + } + + throw new NoSuchRequestHandlerException("Request " + requestName + " is not supported by plugin."); + } + + public String requestName() { + return requestName; + } + + private interface Constants { + String REQUEST_PREFIX = "go.cd.authorization"; + String _AUTH_CONFIG_METADATA = "auth-config"; + String _ROLE_CONFIG_METADATA = "role-config"; + } +} + diff --git a/src/main/java/cd/go/authorization/google/executors/UserAuthenticationRequestExecutor.java b/src/main/java/cd/go/authorization/google/executors/UserAuthenticationRequestExecutor.java new file mode 100644 index 0000000..fb61c30 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/executors/UserAuthenticationRequestExecutor.java @@ -0,0 +1,57 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.Provider; +import cd.go.authorization.google.exceptions.NoAuthorizationConfigurationException; +import cd.go.authorization.google.models.User; +import cd.go.authorization.google.requests.UserAuthenticationRequest; +import com.google.gson.Gson; +import com.thoughtworks.go.plugin.api.response.DefaultGoPluginApiResponse; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +import static com.thoughtworks.go.plugin.api.response.DefaultGoApiResponse.SUCCESS_RESPONSE_CODE; + +public class UserAuthenticationRequestExecutor implements RequestExecutor { + private static final Gson GSON = new Gson(); + private final UserAuthenticationRequest request; + + public UserAuthenticationRequestExecutor(UserAuthenticationRequest request) { + this.request = request; + } + + @Override + public GoPluginApiResponse execute() throws Exception { + if (request.authConfigs().isEmpty()) { + throw new NoAuthorizationConfigurationException("[Authenticate] No authorization configuration found."); + } + + final Provider provider = request.authConfigs().get(0).getConfiguration().provider(); + final User user = provider.userProfile(request.tokenInfo().toAccessGrant()); + + Map userMap = new HashMap<>(); + userMap.put("user", user); + userMap.put("roles", Collections.emptyList()); + + DefaultGoPluginApiResponse response = new DefaultGoPluginApiResponse(SUCCESS_RESPONSE_CODE, GSON.toJson(userMap)); + return response; + } +} diff --git a/src/main/java/cd/go/authorization/google/executors/VerifyConnectionRequestExecutor.java b/src/main/java/cd/go/authorization/google/executors/VerifyConnectionRequestExecutor.java new file mode 100644 index 0000000..399ef68 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/executors/VerifyConnectionRequestExecutor.java @@ -0,0 +1,96 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.annotation.MetadataValidator; +import cd.go.authorization.google.models.GoogleConfiguration; +import cd.go.authorization.google.requests.VerifyConnectionRequest; +import com.google.gson.Gson; +import com.thoughtworks.go.plugin.api.response.DefaultGoPluginApiResponse; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; +import com.thoughtworks.go.plugin.api.response.validation.ValidationError; +import com.thoughtworks.go.plugin.api.response.validation.ValidationResult; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import static cd.go.authorization.google.GooglePlugin.LOG; + +public class VerifyConnectionRequestExecutor implements RequestExecutor { + private static final Gson GSON = new Gson(); + private final VerifyConnectionRequest request; + + public VerifyConnectionRequestExecutor(VerifyConnectionRequest request) { + this.request = request; + } + + @Override + public GoPluginApiResponse execute() throws Exception { + List> errors = validate(); + if (errors.size() != 0) { + return validationFailureResponse(errors); + } + + ValidationResult validationResult = verifyConnection(request.googleConfiguration()); + if (!validationResult.isSuccessful()) { + return verifyConnectionFailureResponse(validationResult); + } + + return successResponse(); + } + + private List> validate() { + return new MetadataValidator().validate(request.googleConfiguration()); + } + + private ValidationResult verifyConnection(GoogleConfiguration configuration) { + final ValidationResult result = new ValidationResult(); + + try { + configuration.provider().verifyConnection(); + } catch (Exception e) { + result.addError(new ValidationError(e.getMessage())); + LOG.error("[Verify Connection] Verify connection failed with errors.", e); + } + return result; + } + + private GoPluginApiResponse successResponse() { + return responseWith("success", "Connection ok", null); + } + + private GoPluginApiResponse verifyConnectionFailureResponse(ValidationResult validationResult) { + return responseWith("failure", validationResult.getErrors().get(0).getMessage(), null); + } + + private GoPluginApiResponse validationFailureResponse(List> errors) { + return responseWith("validation-failed", "Validation failed for the given Auth Config", errors); + } + + private GoPluginApiResponse responseWith(String status, String message, List> errors) { + HashMap response = new HashMap<>(); + response.put("status", status); + response.put("message", message); + + if (errors != null && errors.size() > 0) { + response.put("errors", errors); + } + + return DefaultGoPluginApiResponse.success(GSON.toJson(response)); + } +} diff --git a/src/main/java/cd/go/authorization/google/models/AuthConfig.java b/src/main/java/cd/go/authorization/google/models/AuthConfig.java new file mode 100644 index 0000000..3f105cd --- /dev/null +++ b/src/main/java/cd/go/authorization/google/models/AuthConfig.java @@ -0,0 +1,38 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.models; + +import com.google.gson.annotations.Expose; +import com.google.gson.annotations.SerializedName; + +public class AuthConfig { + @Expose + @SerializedName("id") + private String id; + + @Expose + @SerializedName("configuration") + private GoogleConfiguration configuration; + + public String getId() { + return id; + } + + public GoogleConfiguration getConfiguration() { + return configuration; + } +} diff --git a/src/main/java/cd/go/authorization/google/models/Capabilities.java b/src/main/java/cd/go/authorization/google/models/Capabilities.java new file mode 100644 index 0000000..445abdf --- /dev/null +++ b/src/main/java/cd/go/authorization/google/models/Capabilities.java @@ -0,0 +1,44 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.models; + +import com.google.gson.annotations.Expose; +import com.google.gson.annotations.SerializedName; + +import static cd.go.authorization.google.utils.Util.GSON; + +public class Capabilities { + @Expose + @SerializedName("supported_auth_type") + private final SupportedAuthType supportedAuthType; + @Expose + @SerializedName("can_search") + private final boolean canSearch; + @Expose + @SerializedName("can_authorize") + private final boolean canAuthorize; + + public Capabilities(SupportedAuthType supportedAuthType, boolean canSearch, boolean canAuthorize) { + this.supportedAuthType = supportedAuthType; + this.canSearch = canSearch; + this.canAuthorize = canAuthorize; + } + + public String toJSON() { + return GSON.toJson(this); + } +} diff --git a/src/main/java/cd/go/authorization/google/models/GoogleConfiguration.java b/src/main/java/cd/go/authorization/google/models/GoogleConfiguration.java new file mode 100644 index 0000000..2b8edae --- /dev/null +++ b/src/main/java/cd/go/authorization/google/models/GoogleConfiguration.java @@ -0,0 +1,110 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.models; + +import cd.go.authorization.google.GoogleProvider; +import cd.go.authorization.google.Provider; +import cd.go.authorization.google.annotation.ProfileField; +import cd.go.authorization.google.utils.Util; +import com.google.gson.annotations.Expose; +import com.google.gson.annotations.SerializedName; +import com.google.gson.reflect.TypeToken; +import org.brickred.socialauth.SocialAuthConfig; +import org.brickred.socialauth.SocialAuthManager; + +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import static cd.go.authorization.google.utils.Util.GSON; + +public class GoogleConfiguration implements PluginConfiguration { + + @Expose + @SerializedName("ClientId") + @ProfileField(key = "ClientId", required = true, secure = true) + private String clientId; + + @Expose + @SerializedName("ClientSecret") + @ProfileField(key = "ClientSecret", required = true, secure = true) + private String clientSecret; + + @Expose + @SerializedName("AllowedDomains") + @ProfileField(key = "AllowedDomains", required = false, secure = false) + private String allowedDomains; + + public GoogleConfiguration() { + } + + public GoogleConfiguration(String allowedDomains, String clientId, String clientSecret) { + this.allowedDomains = allowedDomains; + this.clientId = clientId; + this.clientSecret = clientSecret; + } + + @Override + public Properties configuration() { + Properties properties = new Properties(); + properties.put("googleapis.com.consumer_key", clientId); + properties.put("googleapis.com.consumer_secret", clientSecret); + properties.put("www.google.com.custom_permissions", "https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/userinfo.profile,https://www.googleapis.com/auth/plus.me"); + return properties; + } + + public List allowedDomains() { + return Util.splitIntoLinesAndTrimSpaces(allowedDomains); + } + + @Override + public String clientId() { + return clientId; + } + + @Override + public String clientSecret() { + return clientSecret; + } + + @Override + public String toJSON() { + return GSON.toJson(this); + } + + @Override + public Provider provider() throws Exception { + return new GoogleProvider(this, socialAuthManager()); + } + + private SocialAuthManager socialAuthManager() throws Exception { + final SocialAuthConfig socialAuthConfiguration = SocialAuthConfig.getDefault(); + socialAuthConfiguration.load(configuration()); + final SocialAuthManager manager = new SocialAuthManager(); + manager.setSocialAuthConfig(socialAuthConfiguration); + return manager; + } + + public static GoogleConfiguration fromJSON(String json) { + return GSON.fromJson(json, GoogleConfiguration.class); + } + + public Map toProperties() { + return GSON.fromJson(toJSON(), new TypeToken>() { + }.getType()); + } +} diff --git a/src/main/java/cd/go/authorization/google/models/OpenidConfiguration.java b/src/main/java/cd/go/authorization/google/models/OpenidConfiguration.java new file mode 100644 index 0000000..947c263 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/models/OpenidConfiguration.java @@ -0,0 +1,177 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.models; + +import com.google.gson.annotations.Expose; +import com.google.gson.annotations.SerializedName; + +import java.io.Reader; +import java.util.Collections; +import java.util.List; + +import static cd.go.authorization.google.utils.Util.GSON; + +public class OpenidConfiguration { + + @Expose + @SerializedName("issuer") + private String issuer; + + @Expose + @SerializedName("authorization_endpoint") + private String authorizationEndpoint; + + @Expose + @SerializedName("token_endpoint") + private String tokenEndpoint; + + @Expose + @SerializedName("userinfo_endpoint") + private String userinfoEndpoint; + + @Expose + @SerializedName("jwks_uri") + private String jwksUri; + + @Expose + @SerializedName("response_types_supported") + private List responseTypesSupported; + + @Expose + @SerializedName("response_modes_supported") + private List responseModesSupported; + + @Expose + @SerializedName("grant_types_supported") + private List grantTypesSupported; + + @Expose + @SerializedName("subject_types_supported") + private List subjectTypesSupported; + + @Expose + @SerializedName("id_token_signing_alg_values_supported") + private List idTokenSigningAlgValuesSupported; + + @Expose + @SerializedName("scopes_supported") + private List scopesSupported; + + @Expose + @SerializedName("token_endpoint_auth_methods_supported") + private List tokenEndpointAuthMethodsSupported; + + @Expose + @SerializedName("claims_supported") + private List claimsSupported; + + @Expose + @SerializedName("code_challenge_methods_supported") + private List codeChallengeMethodsSupported; + + @Expose + @SerializedName("introspection_endpoint_auth_methods_supported") + private List introspectionEndpointAuthMethodsSupported; + + @Expose + @SerializedName("revocation_endpoint_auth_methods_supported") + private List revocationEndpointAuthMethodsSupported; + + @Expose + @SerializedName("introspection_endpoint") + private String introspectionEndpoint; + + @Expose + @SerializedName("revocation_endpoint") + private String revocationEndpoint; + + public static OpenidConfiguration fromJSON(Reader reader) { + return GSON.fromJson(reader, OpenidConfiguration.class); + } + + public String issuer() { + return issuer; + } + + public String authorizationEndpoint() { + return authorizationEndpoint; + } + + public String tokenEndpoint() { + return tokenEndpoint; + } + + public String userinfoEndpoint() { + return userinfoEndpoint; + } + + public String jwksUri() { + return jwksUri; + } + + public List responseTypesSupported() { + return Collections.unmodifiableList(responseTypesSupported); + } + + public List responseModesSupported() { + return Collections.unmodifiableList(responseModesSupported); + } + + public List grantTypesSupported() { + return Collections.unmodifiableList(grantTypesSupported); + } + + public List subjectTypesSupported() { + return Collections.unmodifiableList(subjectTypesSupported); + } + + public List idTokenSigningAlgValuesSupported() { + return Collections.unmodifiableList(idTokenSigningAlgValuesSupported); + } + + public List scopesSupported() { + return Collections.unmodifiableList(scopesSupported); + } + + public List tokenEndpointAuthMethodsSupported() { + return Collections.unmodifiableList(tokenEndpointAuthMethodsSupported); + } + + public List claimsSupported() { + return Collections.unmodifiableList(claimsSupported); + } + + public List codeChallengeMethodsSupported() { + return Collections.unmodifiableList(codeChallengeMethodsSupported); + } + + public List introspectionEndpointAuthMethodsSupported() { + return Collections.unmodifiableList(introspectionEndpointAuthMethodsSupported); + } + + public List revocationEndpointAuthMethodsSupported() { + return Collections.unmodifiableList(revocationEndpointAuthMethodsSupported); + } + + public String introspectionEndpoint() { + return introspectionEndpoint; + } + + public String revocationEndpoint() { + return revocationEndpoint; + } +} diff --git a/src/main/java/cd/go/authorization/google/models/PluginConfiguration.java b/src/main/java/cd/go/authorization/google/models/PluginConfiguration.java new file mode 100644 index 0000000..33b172c --- /dev/null +++ b/src/main/java/cd/go/authorization/google/models/PluginConfiguration.java @@ -0,0 +1,18 @@ +package cd.go.authorization.google.models; + +import cd.go.authorization.google.Provider; + +import java.util.Properties; + +public interface PluginConfiguration { + + Properties configuration(); + + String clientId(); + + String clientSecret(); + + String toJSON(); + + Provider provider() throws Exception; +} diff --git a/src/main/java/cd/go/authorization/google/models/SupportedAuthType.java b/src/main/java/cd/go/authorization/google/models/SupportedAuthType.java new file mode 100644 index 0000000..1caf20e --- /dev/null +++ b/src/main/java/cd/go/authorization/google/models/SupportedAuthType.java @@ -0,0 +1,26 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.models; + +import com.google.gson.annotations.SerializedName; + +public enum SupportedAuthType { + @SerializedName("password") + Password, + @SerializedName("web") + Web +} diff --git a/src/main/java/cd/go/authorization/google/models/TokenInfo.java b/src/main/java/cd/go/authorization/google/models/TokenInfo.java new file mode 100644 index 0000000..03b7e00 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/models/TokenInfo.java @@ -0,0 +1,118 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.models; + +import com.google.gson.annotations.Expose; +import com.google.gson.annotations.SerializedName; +import org.brickred.socialauth.Permission; +import org.brickred.socialauth.util.AccessGrant; + +import static cd.go.authorization.google.utils.Util.GSON; + +public class TokenInfo { + + @Expose + @SerializedName("provider_id") + private String providerId; + + @Expose + @SerializedName("access_token") + private String accessToken; + + @Expose + @SerializedName("secret") + private String secret; + + @Expose + @SerializedName("token_type") + private String tokenType; + + @Expose + @SerializedName("expires_in") + private int expiresIn; + + @Expose + @SerializedName("scope") + private String scope; + + @Expose + @SerializedName("id_token") + private String idToken; + + private TokenInfo() { + } + + public TokenInfo(AccessGrant accessGrant) { + this( + accessGrant.getProviderId(), + accessGrant.getKey(), + accessGrant.getSecret(), + attribute(accessGrant, "token_type"), + Integer.parseInt(attribute(accessGrant, "expires")), + accessGrant.getPermission().getScope(), + attribute(accessGrant, "id_token") + ); + } + + protected TokenInfo(String providerId, String accessToken, String secret, String tokenType, int expiresIn, String scope, String idToken) { + this.providerId = providerId; + this.accessToken = accessToken; + this.secret = secret; + this.tokenType = tokenType; + this.expiresIn = expiresIn; + this.scope = scope; + this.idToken = idToken; + } + + public String accessToken() { + return accessToken; + } + + public String tokenType() { + return tokenType; + } + + public int expiresIn() { + return expiresIn; + } + + public String scope() { + return scope; + } + + public String idToken() { + return idToken; + } + + public String toJSON() { + return GSON.toJson(this); + } + + public AccessGrant toAccessGrant() { + final AccessGrant accessGrant = new AccessGrant(accessToken, secret); + accessGrant.setProviderId(providerId); + accessGrant.setPermission(new Permission(scope)); + accessGrant.setAttribute("expires", expiresIn); + accessGrant.setAttribute("id_token", idToken); + accessGrant.setAttribute("token_type", tokenType); + return accessGrant; + } + + private static String attribute(AccessGrant accessGrant, String attributeName) { + return accessGrant.getAttribute(attributeName).toString(); + } +} diff --git a/src/main/java/cd/go/authorization/google/models/User.java b/src/main/java/cd/go/authorization/google/models/User.java new file mode 100644 index 0000000..e7030ef --- /dev/null +++ b/src/main/java/cd/go/authorization/google/models/User.java @@ -0,0 +1,65 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.models; + +import com.google.gson.annotations.Expose; +import com.google.gson.annotations.SerializedName; +import org.brickred.socialauth.Profile; + +public class User { + @Expose + @SerializedName("username") + private String username; + + @Expose + @SerializedName("display_name") + private String displayName; + + @Expose + @SerializedName("email") + private String emailId; + + public User(String username, String displayName, String emailId) { + this.username = username; + this.displayName = displayName; + this.emailId = emailId == null ? null : emailId.toLowerCase().trim(); + } + + public User(Profile userProfile) { + this(userProfile.getEmail(), userProfile.getFullName(), userProfile.getEmail()); + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + + User user = (User) o; + + if (username != null ? !username.equals(user.username) : user.username != null) return false; + if (displayName != null ? !displayName.equals(user.displayName) : user.displayName != null) return false; + return emailId != null ? emailId.equals(user.emailId) : user.emailId == null; + } + + @Override + public int hashCode() { + int result = username != null ? username.hashCode() : 0; + result = 31 * result + (displayName != null ? displayName.hashCode() : 0); + result = 31 * result + (emailId != null ? emailId.hashCode() : 0); + return result; + } +} \ No newline at end of file diff --git a/src/main/java/cd/go/authorization/google/requests/AuthConfigValidateRequest.java b/src/main/java/cd/go/authorization/google/requests/AuthConfigValidateRequest.java new file mode 100644 index 0000000..43a0570 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/requests/AuthConfigValidateRequest.java @@ -0,0 +1,42 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.requests; + +import cd.go.authorization.google.executors.AuthConfigValidateRequestExecutor; +import cd.go.authorization.google.models.GoogleConfiguration; +import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest; + +public class AuthConfigValidateRequest extends Request { + private final GoogleConfiguration googleConfiguration; + + public AuthConfigValidateRequest(GoogleConfiguration googleConfiguration) { + this.googleConfiguration = googleConfiguration; + } + + public static final AuthConfigValidateRequest from(GoPluginApiRequest apiRequest) { + return new AuthConfigValidateRequest(GoogleConfiguration.fromJSON(apiRequest.requestBody())); + } + + public GoogleConfiguration googleConfiguration() { + return googleConfiguration; + } + + @Override + public AuthConfigValidateRequestExecutor executor() { + return new AuthConfigValidateRequestExecutor(this); + } +} diff --git a/src/main/java/cd/go/authorization/google/requests/FetchAccessTokenRequest.java b/src/main/java/cd/go/authorization/google/requests/FetchAccessTokenRequest.java new file mode 100644 index 0000000..011db16 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/requests/FetchAccessTokenRequest.java @@ -0,0 +1,44 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.requests; + +import cd.go.authorization.google.executors.FetchAccessTokenRequestExecutor; +import cd.go.authorization.google.models.AuthConfig; +import com.google.gson.annotations.Expose; +import com.google.gson.annotations.SerializedName; +import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest; + +import java.util.List; + +public class FetchAccessTokenRequest extends Request { + @Expose + @SerializedName("auth_configs") + private List authConfigs; + + public static FetchAccessTokenRequest from(GoPluginApiRequest apiRequest) { + return Request.from(apiRequest, FetchAccessTokenRequest.class); + } + + public List authConfigs() { + return authConfigs; + } + + @Override + public FetchAccessTokenRequestExecutor executor() { + return new FetchAccessTokenRequestExecutor(this); + } +} diff --git a/src/main/java/cd/go/authorization/google/requests/GetAuthorizationServerUrlRequest.java b/src/main/java/cd/go/authorization/google/requests/GetAuthorizationServerUrlRequest.java new file mode 100644 index 0000000..7cf6e11 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/requests/GetAuthorizationServerUrlRequest.java @@ -0,0 +1,52 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.requests; + +import cd.go.authorization.google.executors.GetAuthorizationServerUrlRequestExecutor; +import cd.go.authorization.google.models.AuthConfig; +import com.google.gson.annotations.Expose; +import com.google.gson.annotations.SerializedName; +import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest; + +import java.util.List; + +public class GetAuthorizationServerUrlRequest extends Request { + @Expose + @SerializedName("authorization_server_callback_url") + private String callbackUrl; + + @Expose + @SerializedName("auth_configs") + private List authConfigs; + + public static GetAuthorizationServerUrlRequest from(GoPluginApiRequest apiRequest) { + return Request.from(apiRequest, GetAuthorizationServerUrlRequest.class); + } + + public String callbackUrl() { + return callbackUrl; + } + + public List authConfigs() { + return authConfigs; + } + + @Override + public GetAuthorizationServerUrlRequestExecutor executor() { + return new GetAuthorizationServerUrlRequestExecutor(this); + } +} diff --git a/src/main/java/cd/go/authorization/google/requests/Request.java b/src/main/java/cd/go/authorization/google/requests/Request.java new file mode 100644 index 0000000..a49477d --- /dev/null +++ b/src/main/java/cd/go/authorization/google/requests/Request.java @@ -0,0 +1,49 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.requests; + +import cd.go.authorization.google.executors.RequestExecutor; +import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; + +import java.util.Map; + +import static cd.go.authorization.google.utils.Util.GSON; + +public abstract class Request { + protected GoPluginApiRequest apiRequest; + + public static T from(GoPluginApiRequest apiRequest, Class clazz) { + final T request = GSON.fromJson(apiRequest.requestBody(), clazz); + request.apiRequest = apiRequest; + return request; + } + + public abstract RequestExecutor executor(); + + public Map requestParameters() { + return apiRequest.requestParameters(); + } + + public Map requestHeaders() { + return apiRequest.requestHeaders(); + } + + public GoPluginApiResponse execute() throws Exception { + return executor().execute(); + } +} diff --git a/src/main/java/cd/go/authorization/google/requests/UserAuthenticationRequest.java b/src/main/java/cd/go/authorization/google/requests/UserAuthenticationRequest.java new file mode 100644 index 0000000..d3711a1 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/requests/UserAuthenticationRequest.java @@ -0,0 +1,53 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.requests; + +import cd.go.authorization.google.executors.UserAuthenticationRequestExecutor; +import cd.go.authorization.google.models.AuthConfig; +import cd.go.authorization.google.models.TokenInfo; +import com.google.gson.annotations.Expose; +import com.google.gson.annotations.SerializedName; +import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest; + +import java.util.List; + +public class UserAuthenticationRequest extends Request { + @Expose + @SerializedName("auth_configs") + private List authConfigs; + + @Expose + @SerializedName("credentials") + private TokenInfo tokenInfo; + + public static UserAuthenticationRequest from(GoPluginApiRequest apiRequest) { + return Request.from(apiRequest, UserAuthenticationRequest.class); + } + + public List authConfigs() { + return authConfigs; + } + + public TokenInfo tokenInfo() { + return tokenInfo; + } + + @Override + public UserAuthenticationRequestExecutor executor() { + return new UserAuthenticationRequestExecutor(this); + } +} diff --git a/src/main/java/cd/go/authorization/google/requests/VerifyConnectionRequest.java b/src/main/java/cd/go/authorization/google/requests/VerifyConnectionRequest.java new file mode 100644 index 0000000..9df60b8 --- /dev/null +++ b/src/main/java/cd/go/authorization/google/requests/VerifyConnectionRequest.java @@ -0,0 +1,43 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.requests; + +import cd.go.authorization.google.executors.RequestExecutor; +import cd.go.authorization.google.executors.VerifyConnectionRequestExecutor; +import cd.go.authorization.google.models.GoogleConfiguration; +import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest; + +public class VerifyConnectionRequest extends Request { + private final GoogleConfiguration configuration; + + private VerifyConnectionRequest(GoogleConfiguration configuration) { + this.configuration = configuration; + } + + public static VerifyConnectionRequest from(GoPluginApiRequest apiRequest) { + return new VerifyConnectionRequest(GoogleConfiguration.fromJSON(apiRequest.requestBody())); + } + + public GoogleConfiguration googleConfiguration() { + return configuration; + } + + @Override + public RequestExecutor executor() { + return new VerifyConnectionRequestExecutor(this); + } +} diff --git a/src/main/java/cd/go/authorization/google/utils/Util.java b/src/main/java/cd/go/authorization/google/utils/Util.java new file mode 100644 index 0000000..422963b --- /dev/null +++ b/src/main/java/cd/go/authorization/google/utils/Util.java @@ -0,0 +1,71 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.utils; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; +import org.apache.commons.io.IOUtils; + +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.StringReader; +import java.nio.charset.StandardCharsets; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Properties; + +import static org.apache.commons.lang3.StringUtils.isBlank; + +public class Util { + public static final Gson GSON = new GsonBuilder().excludeFieldsWithoutExposeAnnotation().create(); + + public static String readResource(String resourceFile) { + try (InputStreamReader reader = new InputStreamReader(Util.class.getResourceAsStream(resourceFile), StandardCharsets.UTF_8)) { + return IOUtils.toString(reader); + } catch (IOException e) { + throw new RuntimeException("Could not find resource " + resourceFile, e); + } + } + + public static byte[] readResourceBytes(String resourceFile) { + try (InputStream in = Util.class.getResourceAsStream(resourceFile)) { + return IOUtils.toByteArray(in); + } catch (IOException e) { + throw new RuntimeException("Could not find resource " + resourceFile, e); + } + } + + public static String pluginId() { + String s = readResource("/plugin.properties"); + try { + Properties properties = new Properties(); + properties.load(new StringReader(s)); + return (String) properties.get("name"); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + + public static List splitIntoLinesAndTrimSpaces(String lines) { + if (isBlank(lines)) { + return Collections.emptyList(); + } + return Arrays.asList(lines.split("\\s*[\r\n]+\\s*")); + } +} diff --git a/src/main/resource-templates/plugin.properties b/src/main/resource-templates/plugin.properties new file mode 100644 index 0000000..ccaac8b --- /dev/null +++ b/src/main/resource-templates/plugin.properties @@ -0,0 +1,17 @@ +# +# Copyright 2017 ThoughtWorks, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name=${id} diff --git a/src/main/resource-templates/plugin.xml b/src/main/resource-templates/plugin.xml new file mode 100644 index 0000000..096c13c --- /dev/null +++ b/src/main/resource-templates/plugin.xml @@ -0,0 +1,28 @@ + + + + + ${name} + ${version} + ${goCdVersion} + ${description} + + ${vendorName} + ${vendorUrl} + + + diff --git a/src/main/resources/auth-config.template.html b/src/main/resources/auth-config.template.html new file mode 100644 index 0000000..1ded8ad --- /dev/null +++ b/src/main/resources/auth-config.template.html @@ -0,0 +1,128 @@ + + +
+ + +
+ + + {{GOINPUTNAME[ClientId].$error.server}} +
+ +
+ + + {{GOINPUTNAME[ClientSecret].$error.server}} +
+ +
+ + + {{GOINPUTNAME[AllowedDomains].$error.server}} +
+
\ No newline at end of file diff --git a/src/main/resources/github-logo.png b/src/main/resources/github-logo.png new file mode 100644 index 0000000..192846a Binary files /dev/null and b/src/main/resources/github-logo.png differ diff --git a/src/main/resources/logo.png b/src/main/resources/logo.png new file mode 100644 index 0000000..c2a4df8 Binary files /dev/null and b/src/main/resources/logo.png differ diff --git a/src/main/resources/role-config.template.html b/src/main/resources/role-config.template.html new file mode 100644 index 0000000..86f592b --- /dev/null +++ b/src/main/resources/role-config.template.html @@ -0,0 +1,23 @@ + + +
+ + + {{GOINPUTNAME[ExampleField].$error.server}} +
diff --git a/src/test/java/cd/go/authorization/google/GoogleProviderTest.java b/src/test/java/cd/go/authorization/google/GoogleProviderTest.java new file mode 100644 index 0000000..e2958b1 --- /dev/null +++ b/src/test/java/cd/go/authorization/google/GoogleProviderTest.java @@ -0,0 +1,119 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google; + +import cd.go.authorization.google.exceptions.InvalidDomainException; +import cd.go.authorization.google.models.GoogleConfiguration; +import cd.go.authorization.google.models.TokenInfo; +import cd.go.authorization.google.models.User; +import org.brickred.socialauth.AuthProvider; +import org.brickred.socialauth.Permission; +import org.brickred.socialauth.Profile; +import org.brickred.socialauth.SocialAuthManager; +import org.brickred.socialauth.util.AccessGrant; +import org.junit.Before; +import org.junit.Test; + +import java.util.HashMap; +import java.util.Map; + +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertThat; +import static org.mockito.Mockito.*; + +public class GoogleProviderTest { + + private GoogleConfiguration googleConfiguration; + private GoogleProvider googleProvider; + private SocialAuthManager socialAuthManager; + private URLCache urlCache; + + @Before + public void setUp() throws Exception { + googleConfiguration = new GoogleConfiguration("example.com", + "client-id", "client-secret"); + socialAuthManager = mock(SocialAuthManager.class); + urlCache = URLCache.getInstance(); + + googleProvider = new GoogleProvider(googleConfiguration, socialAuthManager, urlCache); + } + + @Test + public void shouldBuildAuthorizationServerUrl() throws Exception { + final String callbackUrl = "https://go.server.url/plugin/cd.go.authorization.google/authenticate"; + when(socialAuthManager.getAuthenticationUrl(googleProvider.getProviderName(), callbackUrl, googleProvider.permission())).thenReturn("https://authentication-url?state=foo"); + + assertThat(googleProvider.authorizationServerUrl(callbackUrl), is("https://authentication-url?state=foo")); + verify(socialAuthManager).getAuthenticationUrl(googleProvider.getProviderName(), callbackUrl, googleProvider.permission()); + } + + @Test + public void shouldGetAccessTokenUsingCode() throws Exception { + Map params = new HashMap<>(); + params.put("code", "some-code"); + params.put("state", "foo"); + final AccessGrant accessGrant = mock(AccessGrant.class); + urlCache.cache("foo", "bar"); + + when(accessGrant.getProviderId()).thenReturn(googleProvider.getProviderName()); + when(accessGrant.getKey()).thenReturn("access-token"); + when(accessGrant.getSecret()).thenReturn("secret"); + when(accessGrant.getPermission()).thenReturn(new Permission("scope")); + when(accessGrant.getAttribute("token_type")).thenReturn("token_type"); + when(accessGrant.getAttribute("expires")).thenReturn("3600"); + when(accessGrant.getAttribute("id_token")).thenReturn("id_token"); + when(socialAuthManager.createAccessGrant(googleProvider.getProviderName(), "some-code", "bar")).thenReturn(accessGrant); + + final TokenInfo tokenInfo = googleProvider.accessToken(params); + + assertNotNull(tokenInfo); + assertThat(tokenInfo.accessToken(), is("access-token")); + verify(socialAuthManager).createAccessGrant(googleProvider.getProviderName(), "some-code", "bar"); + verify(socialAuthManager).disconnectProvider(googleProvider.getProviderName()); + } + + @Test + public void shouldGetUserUsingAccessToken() throws Exception { + final AccessGrant accessGrant = mock(AccessGrant.class); + final AuthProvider authProvider = mock(AuthProvider.class); + final Profile profile = mock(Profile.class); + + when(socialAuthManager.connect(accessGrant)).thenReturn(authProvider); + when(authProvider.getUserProfile()).thenReturn(profile); + when(profile.getEmail()).thenReturn("bob@example.com"); + when(profile.getFullName()).thenReturn("Bob Ford"); + + final User user = googleProvider.userProfile(accessGrant); + + assertThat(user, is(new User("bob@example.com", "Bob Ford", "bob@example.com"))); + } + + @Test(expected = InvalidDomainException.class) + public void shouldErrorOutIfDomainIsNotWhiteListed() throws Exception { + final AccessGrant accessGrant = mock(AccessGrant.class); + final AuthProvider authProvider = mock(AuthProvider.class); + final Profile profile = mock(Profile.class); + + when(socialAuthManager.connect(accessGrant)).thenReturn(authProvider); + when(authProvider.getUserProfile()).thenReturn(profile); + when(profile.getEmail()).thenReturn("bob@foo.com"); + when(profile.getFullName()).thenReturn("Bob Ford"); + + googleProvider.userProfile(accessGrant); + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/executors/AuthConfigValidateRequestExecutorTest.java b/src/test/java/cd/go/authorization/google/executors/AuthConfigValidateRequestExecutorTest.java new file mode 100644 index 0000000..258264b --- /dev/null +++ b/src/test/java/cd/go/authorization/google/executors/AuthConfigValidateRequestExecutorTest.java @@ -0,0 +1,62 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.requests.AuthConfigValidateRequest; +import com.google.gson.Gson; +import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; +import org.junit.Before; +import org.junit.Test; +import org.skyscreamer.jsonassert.JSONAssert; +import org.skyscreamer.jsonassert.JSONCompareMode; + +import java.util.Collections; + +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +public class AuthConfigValidateRequestExecutorTest { + + private GoPluginApiRequest request; + + @Before + public void setup() throws Exception { + request = mock(GoPluginApiRequest.class); + } + + @Test + public void shouldValidateMandatoryKeys() throws Exception { + when(request.requestBody()).thenReturn(new Gson().toJson(Collections.emptyMap())); + + GoPluginApiResponse response = AuthConfigValidateRequest.from(request).execute(); + String json = response.responseBody(); + + String expectedJSON = "[\n" + + " {\n" + + " \"message\": \"ClientId must not be blank.\",\n" + + " \"key\": \"ClientId\"\n" + + " },\n" + + " {\n" + + " \"message\": \"ClientSecret must not be blank.\",\n" + + " \"key\": \"ClientSecret\"\n" + + " }\n" + + "]"; + + JSONAssert.assertEquals(expectedJSON, json, JSONCompareMode.NON_EXTENSIBLE); + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/executors/FetchAccessTokenRequestExecutorTest.java b/src/test/java/cd/go/authorization/google/executors/FetchAccessTokenRequestExecutorTest.java new file mode 100644 index 0000000..34b590f --- /dev/null +++ b/src/test/java/cd/go/authorization/google/executors/FetchAccessTokenRequestExecutorTest.java @@ -0,0 +1,103 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.Provider; +import cd.go.authorization.google.exceptions.NoAuthorizationConfigurationException; +import cd.go.authorization.google.models.AuthConfig; +import cd.go.authorization.google.models.GoogleConfiguration; +import cd.go.authorization.google.models.TokenInfo; +import cd.go.authorization.google.requests.FetchAccessTokenRequest; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; +import org.mockito.Mock; +import org.skyscreamer.jsonassert.JSONAssert; + +import java.util.Collections; + +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.assertThat; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +public class FetchAccessTokenRequestExecutorTest { + @Rule + public ExpectedException thrown = ExpectedException.none(); + @Mock + private FetchAccessTokenRequest request; + @Mock + private AuthConfig authConfig; + @Mock + private GoogleConfiguration pluginConfiguration; + @Mock + private Provider provider; + private FetchAccessTokenRequestExecutor executor; + + @Before + public void setUp() throws Exception { + initMocks(this); + + when(authConfig.getConfiguration()).thenReturn(pluginConfiguration); + when(pluginConfiguration.provider()).thenReturn(provider); + + executor = new FetchAccessTokenRequestExecutor(request); + } + + @Test + public void shouldErrorOutIfAuthConfigIsNotProvided() throws Exception { + when(request.authConfigs()).thenReturn(Collections.emptyList()); + + thrown.expect(NoAuthorizationConfigurationException.class); + thrown.expectMessage("[Get Access Token] No authorization configuration found."); + + executor.execute(); + } + + @Test + public void shouldFetchAccessToken() throws Exception { + final StubbedTokenInfo tokenInfo = new StubbedTokenInfo("googleplus", "access-token", "secret", "token", 3600, "profile", "id-token"); + + when(request.authConfigs()).thenReturn(Collections.singletonList(authConfig)); + when(request.requestParameters()).thenReturn(Collections.singletonMap("code", "code-received-in-previous-step")); + when(provider.accessToken(request.requestParameters())).thenReturn(tokenInfo); + + final GoPluginApiResponse response = executor.execute(); + + + String expectedJSON = "{\n" + + " \"provider_id\": \"googleplus\",\n" + + " \"access_token\": \"access-token\",\n" + + " \"secret\": \"secret\",\n" + + " \"token_type\": \"token\",\n" + + " \"expires_in\": 3600,\n" + + " \"scope\": \"profile\",\n" + + " \"id_token\": \"id-token\"\n" + + "}"; + + assertThat(response.responseCode(), is(200)); + JSONAssert.assertEquals(expectedJSON, response.responseBody(), true); + } + + private class StubbedTokenInfo extends TokenInfo { + public StubbedTokenInfo(String providerId, String accessToken, String secret, String tokenType, int expiresIn, String scope, String idToken) { + super(providerId, accessToken, secret, tokenType, expiresIn, scope, idToken); + } + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/executors/GetAuthConfigMetadataRequestExecutorTest.java b/src/test/java/cd/go/authorization/google/executors/GetAuthConfigMetadataRequestExecutorTest.java new file mode 100644 index 0000000..1ae3953 --- /dev/null +++ b/src/test/java/cd/go/authorization/google/executors/GetAuthConfigMetadataRequestExecutorTest.java @@ -0,0 +1,72 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.annotation.MetadataHelper; +import cd.go.authorization.google.models.GoogleConfiguration; +import com.google.gson.Gson; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; +import org.junit.Test; +import org.skyscreamer.jsonassert.JSONAssert; + +import java.util.List; + +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; + +public class GetAuthConfigMetadataRequestExecutorTest { + + @Test + public void shouldSerializeAllFields() throws Exception { + GoPluginApiResponse response = new GetAuthConfigMetadataRequestExecutor().execute(); + List list = new Gson().fromJson(response.responseBody(), List.class); + assertEquals(list.size(), MetadataHelper.getMetadata(GoogleConfiguration.class).size()); + } + + @Test + public void assertJsonStructure() throws Exception { + GoPluginApiResponse response = new GetAuthConfigMetadataRequestExecutor().execute(); + + assertThat(response.responseCode(), is(200)); + String expectedJSON = "[\n" + + " {\n" + + " \"key\": \"ClientId\",\n" + + " \"metadata\": {\n" + + " \"required\": true,\n" + + " \"secure\": true\n" + + " }\n" + + " },\n" + + " {\n" + + " \"key\": \"ClientSecret\",\n" + + " \"metadata\": {\n" + + " \"required\": true,\n" + + " \"secure\": true\n" + + " }\n" + + " },\n" + + " {\n" + + " \"key\": \"AllowedDomains\",\n" + + " \"metadata\": {\n" + + " \"required\": false,\n" + + " \"secure\": false\n" + + " }\n" + + " }\n" + + "]"; + + JSONAssert.assertEquals(expectedJSON, response.responseBody(), true); + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/executors/GetAuthConfigViewRequestExecutorTest.java b/src/test/java/cd/go/authorization/google/executors/GetAuthConfigViewRequestExecutorTest.java new file mode 100644 index 0000000..8c8695c --- /dev/null +++ b/src/test/java/cd/go/authorization/google/executors/GetAuthConfigViewRequestExecutorTest.java @@ -0,0 +1,55 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.annotation.MetadataHelper; +import cd.go.authorization.google.annotation.ProfileMetadata; +import cd.go.authorization.google.models.GoogleConfiguration; +import cd.go.authorization.google.utils.Util; +import com.google.gson.Gson; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; +import org.junit.Test; + +import java.util.HashMap; +import java.util.Map; + +import static org.hamcrest.Matchers.*; +import static org.junit.Assert.assertThat; + +public class GetAuthConfigViewRequestExecutorTest { + + @Test + public void shouldRenderTheTemplateInJSON() throws Exception { + GoPluginApiResponse response = new GetAuthConfigViewRequestExecutor().execute(); + assertThat(response.responseCode(), is(200)); + Map hashSet = new Gson().fromJson(response.responseBody(), HashMap.class); + assertThat(hashSet, hasEntry("template", Util.readResource("/auth-config.template.html"))); + } + + @Test + public void allFieldsShouldBePresentInView() throws Exception { + String template = Util.readResource("/auth-config.template.html"); + + for (ProfileMetadata field : MetadataHelper.getMetadata(GoogleConfiguration.class)) { + assertThat(template, containsString("ng-model=\"" + field.getKey() + "\"")); + assertThat(template, containsString("{{GOINPUTNAME[" + + field.getKey() + "].$error.server}}")); + } + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/executors/GetAuthorizationServerUrlRequestExecutorTest.java b/src/test/java/cd/go/authorization/google/executors/GetAuthorizationServerUrlRequestExecutorTest.java new file mode 100644 index 0000000..9f48bef --- /dev/null +++ b/src/test/java/cd/go/authorization/google/executors/GetAuthorizationServerUrlRequestExecutorTest.java @@ -0,0 +1,83 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.GoogleProvider; +import cd.go.authorization.google.exceptions.NoAuthorizationConfigurationException; +import cd.go.authorization.google.models.AuthConfig; +import cd.go.authorization.google.models.GoogleConfiguration; +import cd.go.authorization.google.requests.GetAuthorizationServerUrlRequest; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; +import org.mockito.Mock; + +import java.util.Collections; + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.startsWith; +import static org.junit.Assert.assertThat; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +public class GetAuthorizationServerUrlRequestExecutorTest { + + @Rule + public ExpectedException thrown = ExpectedException.none(); + @Mock + private GetAuthorizationServerUrlRequest request; + @Mock + private AuthConfig authConfig; + @Mock + private GoogleConfiguration googleConfiguration; + @Mock + private GoogleProvider provider; + + private GetAuthorizationServerUrlRequestExecutor executor; + + @Before + public void setUp() throws Exception { + initMocks(this); + + executor = new GetAuthorizationServerUrlRequestExecutor(request); + } + + @Test + public void shouldErrorOutIfAuthConfigIsNotProvided() throws Exception { + when(request.authConfigs()).thenReturn(Collections.emptyList()); + + thrown.expect(NoAuthorizationConfigurationException.class); + thrown.expectMessage("[Authorization Server Url] No authorization configuration found."); + + executor.execute(); + } + + @Test + public void shouldReturnAuthorizationServerUrl() throws Exception { + when(authConfig.getConfiguration()).thenReturn(googleConfiguration); + when(request.authConfigs()).thenReturn(Collections.singletonList(authConfig)); + when(googleConfiguration.provider()).thenReturn(provider); + when(provider.authorizationServerUrl(request.callbackUrl())).thenReturn("https://authorization-server-url"); + + final GoPluginApiResponse response = executor.execute(); + + assertThat(response.responseCode(), is(200)); + assertThat(response.responseBody(), startsWith("{\"authorization_server_url\":\"https://authorization-server-url\"}")); + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/executors/GetCapabilitiesRequestExecutorTest.java b/src/test/java/cd/go/authorization/google/executors/GetCapabilitiesRequestExecutorTest.java new file mode 100644 index 0000000..968d2e4 --- /dev/null +++ b/src/test/java/cd/go/authorization/google/executors/GetCapabilitiesRequestExecutorTest.java @@ -0,0 +1,37 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; +import org.junit.Test; +import org.skyscreamer.jsonassert.JSONAssert; + +public class GetCapabilitiesRequestExecutorTest { + + @Test + public void shouldSupportWebAuthenticationCapabilities() throws Exception { + GoPluginApiResponse response = new GetCapabilitiesRequestExecutor().execute(); + + String expectedJSON = "{\n" + + " \"supported_auth_type\":\"web\",\n" + + " \"can_authorize\":false,\n" + + " \"can_search\":true\n" + + "}"; + + JSONAssert.assertEquals(expectedJSON, response.responseBody(), true); + } +} diff --git a/src/test/java/cd/go/authorization/google/executors/GetPluginIconRequestExecutorTest.java b/src/test/java/cd/go/authorization/google/executors/GetPluginIconRequestExecutorTest.java new file mode 100644 index 0000000..686ce84 --- /dev/null +++ b/src/test/java/cd/go/authorization/google/executors/GetPluginIconRequestExecutorTest.java @@ -0,0 +1,40 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.utils.Util; +import com.google.gson.Gson; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; +import org.apache.commons.codec.binary.Base64; +import org.junit.Test; + +import java.util.HashMap; + +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.assertThat; + +public class GetPluginIconRequestExecutorTest { + + @Test + public void rendersIconInBase64() throws Exception { + GoPluginApiResponse response = new GetPluginIconRequestExecutor().execute(); + HashMap hashMap = new Gson().fromJson(response.responseBody(), HashMap.class); + assertThat(hashMap.size(), is(2)); + assertThat(hashMap.get("content_type"), is("image/png")); + assertThat(Util.readResourceBytes("/logo.png"), is(Base64.decodeBase64(hashMap.get("data")))); + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/executors/UserAuthenticationRequestExecutorTest.java b/src/test/java/cd/go/authorization/google/executors/UserAuthenticationRequestExecutorTest.java new file mode 100644 index 0000000..6de38fd --- /dev/null +++ b/src/test/java/cd/go/authorization/google/executors/UserAuthenticationRequestExecutorTest.java @@ -0,0 +1,104 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.GoogleProvider; +import cd.go.authorization.google.exceptions.NoAuthorizationConfigurationException; +import cd.go.authorization.google.models.AuthConfig; +import cd.go.authorization.google.models.GoogleConfiguration; +import cd.go.authorization.google.models.TokenInfo; +import cd.go.authorization.google.models.User; +import cd.go.authorization.google.requests.UserAuthenticationRequest; +import com.thoughtworks.go.plugin.api.response.GoPluginApiResponse; +import org.brickred.socialauth.util.AccessGrant; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; +import org.mockito.Mock; +import org.skyscreamer.jsonassert.JSONAssert; + +import java.util.Collections; + +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.assertThat; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +public class UserAuthenticationRequestExecutorTest { + + @Rule + public ExpectedException thrown = ExpectedException.none(); + @Mock + private UserAuthenticationRequest request; + @Mock + private AuthConfig authConfig; + @Mock + private GoogleConfiguration googleConfiguration; + @Mock + private GoogleProvider googleProvider; + private UserAuthenticationRequestExecutor executor; + + @Before + public void setUp() throws Exception { + initMocks(this); + + when(authConfig.getConfiguration()).thenReturn(googleConfiguration); + when(googleConfiguration.provider()).thenReturn(googleProvider); + + executor = new UserAuthenticationRequestExecutor(request); + } + + @Test + public void shouldErrorOutIfAuthConfigIsNotProvided() throws Exception { + when(request.authConfigs()).thenReturn(Collections.emptyList()); + + thrown.expect(NoAuthorizationConfigurationException.class); + thrown.expectMessage("[Authenticate] No authorization configuration found."); + + executor.execute(); + } + + @Test + public void shouldAuthenticate() throws Exception { + final StubbedTokenInfo tokenInfo = new StubbedTokenInfo("googleplus", "access-token", "token", "secret", 3600, "profile", "id-token"); + when(request.authConfigs()).thenReturn(Collections.singletonList(authConfig)); + when(request.tokenInfo()).thenReturn(tokenInfo); + when(googleProvider.userProfile(any(AccessGrant.class))).thenReturn(new User("bford", "Bob", "email")); + + final GoPluginApiResponse response = executor.execute(); + + String expectedJSON = "{\n" + + " \"roles\": [],\n" + + " \"user\": {\n" + + " \"username\": \"bford\",\n" + + " \"display_name\": \"Bob\",\n" + + " \"email\": \"email\"\n" + + " }\n" + + "}"; + + assertThat(response.responseCode(), is(200)); + JSONAssert.assertEquals(expectedJSON, response.responseBody(), true); + } + + private class StubbedTokenInfo extends TokenInfo { + public StubbedTokenInfo(String providerId, String accessToken, String secret, String tokenType, int expiresIn, String scope, String idToken) { + super(providerId, accessToken, secret, tokenType, expiresIn, scope, idToken); + } + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/executors/VerifyConnectionRequestExecutorTest.java b/src/test/java/cd/go/authorization/google/executors/VerifyConnectionRequestExecutorTest.java new file mode 100644 index 0000000..73da72f --- /dev/null +++ b/src/test/java/cd/go/authorization/google/executors/VerifyConnectionRequestExecutorTest.java @@ -0,0 +1,42 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.executors; + +import cd.go.authorization.google.requests.VerifyConnectionRequest; +import org.junit.Before; +import org.junit.Test; + +import static org.mockito.Mockito.mock; + +public class VerifyConnectionRequestExecutorTest { + private VerifyConnectionRequest request; + + @Before + public void setup() throws Exception { + request = mock(VerifyConnectionRequest.class); + } + + @Test + public void shouldReturnFailureResponseIfVerifyConnectionFails() throws Exception { + //TODO: + } + + @Test + public void shouldReturnSuccessResponseOnSuccessfulVerification() throws Exception { + //TODO: + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/models/GoogleConfigurationTest.java b/src/test/java/cd/go/authorization/google/models/GoogleConfigurationTest.java new file mode 100644 index 0000000..4d9eca6 --- /dev/null +++ b/src/test/java/cd/go/authorization/google/models/GoogleConfigurationTest.java @@ -0,0 +1,70 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.models; + +import org.junit.Test; +import org.skyscreamer.jsonassert.JSONAssert; + +import java.util.Map; + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.Matchers.contains; +import static org.hamcrest.Matchers.hasEntry; +import static org.junit.Assert.assertThat; + +public class GoogleConfigurationTest { + + @Test + public void shouldDeserializeGoogleConfiguration() throws Exception { + final GoogleConfiguration googleConfiguration = GoogleConfiguration.fromJSON("{\n" + + " \"AllowedDomains\": \"example.co.in\",\n" + + " \"ClientId\": \"client-id\",\n" + + " \"ClientSecret\": \"client-secret\"\n" + + "}"); + + assertThat(googleConfiguration.allowedDomains(), contains("example.co.in")); + assertThat(googleConfiguration.clientId(), is("client-id")); + assertThat(googleConfiguration.clientSecret(), is("client-secret")); + } + + @Test + public void shouldSerializeToJSON() throws Exception { + GoogleConfiguration googleConfiguration = new GoogleConfiguration( + "example.co.in", "client-id", "client-secret"); + + String expectedJSON = "{\n" + + " \"AllowedDomains\": \"example.co.in\",\n" + + " \"ClientId\": \"client-id\",\n" + + " \"ClientSecret\": \"client-secret\"\n" + + "}"; + + JSONAssert.assertEquals(expectedJSON, googleConfiguration.toJSON(), true); + + } + + @Test + public void shouldConvertConfigurationToProperties() throws Exception { + GoogleConfiguration googleConfiguration = new GoogleConfiguration( + "example.co.in", "client-id", "client-secret"); + + final Map properties = googleConfiguration.toProperties(); + + assertThat(properties, hasEntry("AllowedDomains", "example.co.in")); + assertThat(properties, hasEntry("ClientId", "client-id")); + assertThat(properties, hasEntry("ClientSecret", "client-secret")); + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/requests/AuthConfigValidateRequestTest.java b/src/test/java/cd/go/authorization/google/requests/AuthConfigValidateRequestTest.java new file mode 100644 index 0000000..6129ad1 --- /dev/null +++ b/src/test/java/cd/go/authorization/google/requests/AuthConfigValidateRequestTest.java @@ -0,0 +1,57 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.requests; + +import cd.go.authorization.google.models.GoogleConfiguration; +import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest; +import org.hamcrest.Matchers; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; + +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.assertThat; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +public class AuthConfigValidateRequestTest { + @Mock + private GoPluginApiRequest apiRequest; + + @Before + public void setUp() throws Exception { + initMocks(this); + } + + @Test + public void shouldDeserializeGoPluginApiRequestToAuthConfigValidateRequest() throws Exception { + String responseBody = "{\n" + + " \"AllowedDomains\": \"example.com\",\n" + + " \"ClientId\": \"client-id\",\n" + + " \"ClientSecret\": \"client-secret\"\n" + + "}"; + + when(apiRequest.requestBody()).thenReturn(responseBody); + + final AuthConfigValidateRequest request = AuthConfigValidateRequest.from(apiRequest); + final GoogleConfiguration googleConfiguration = request.googleConfiguration(); + + assertThat(googleConfiguration.allowedDomains(), Matchers.contains("example.com")); + assertThat(googleConfiguration.clientId(), is("client-id")); + assertThat(googleConfiguration.clientSecret(), is("client-secret")); + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/requests/FetchAccessTokenRequestTest.java b/src/test/java/cd/go/authorization/google/requests/FetchAccessTokenRequestTest.java new file mode 100644 index 0000000..d73a6a9 --- /dev/null +++ b/src/test/java/cd/go/authorization/google/requests/FetchAccessTokenRequestTest.java @@ -0,0 +1,71 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.requests; + +import cd.go.authorization.google.executors.FetchAccessTokenRequestExecutor; +import cd.go.authorization.google.models.AuthConfig; +import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; + +import static org.hamcrest.CoreMatchers.instanceOf; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.Matchers.contains; +import static org.hamcrest.Matchers.hasSize; +import static org.junit.Assert.assertThat; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +public class FetchAccessTokenRequestTest { + @Mock + private GoPluginApiRequest apiRequest; + + @Before + public void setUp() throws Exception { + initMocks(this); + } + + @Test + public void shouldDeserializeGoPluginApiRequestToFetchAccessTokenRequest() throws Exception { + String responseBody = "{\n" + + " \"auth_configs\": [\n" + + " {\n" + + " \"id\": \"google-auth-config\",\n" + + " \"configuration\": {\n" + + " \"AllowedDomains\": \"example.co.in\",\n" + + " \"ClientId\": \"client-id\",\n" + + " \"ClientSecret\": \"client-secret\"\n" + + " }\n" + + " }\n" + + " ]\n" + + "}"; + + when(apiRequest.requestBody()).thenReturn(responseBody); + + final FetchAccessTokenRequest request = FetchAccessTokenRequest.from(apiRequest); + + assertThat(request.authConfigs(), hasSize(1)); + assertThat(request.executor(), instanceOf(FetchAccessTokenRequestExecutor.class)); + + final AuthConfig authConfig = request.authConfigs().get(0); + assertThat(authConfig.getId(), is("google-auth-config")); + assertThat(authConfig.getConfiguration().allowedDomains(), contains("example.co.in")); + assertThat(authConfig.getConfiguration().clientId(), is("client-id")); + assertThat(authConfig.getConfiguration().clientSecret(), is("client-secret")); + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/requests/GetAuthorizationServerUrlRequestTest.java b/src/test/java/cd/go/authorization/google/requests/GetAuthorizationServerUrlRequestTest.java new file mode 100644 index 0000000..5f9b9ca --- /dev/null +++ b/src/test/java/cd/go/authorization/google/requests/GetAuthorizationServerUrlRequestTest.java @@ -0,0 +1,76 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.requests; + +import cd.go.authorization.google.executors.GetAuthorizationServerUrlRequestExecutor; +import cd.go.authorization.google.models.AuthConfig; +import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; + +import static org.hamcrest.CoreMatchers.instanceOf; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.Matchers.contains; +import static org.hamcrest.Matchers.hasSize; +import static org.junit.Assert.assertThat; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +public class GetAuthorizationServerUrlRequestTest { + @Mock + private GoPluginApiRequest apiRequest; + + @Before + public void setUp() throws Exception { + initMocks(this); + } + + @Test + public void shouldDeserializeGoPluginApiRequestToGetAuthorizationServerUrlRequest() throws Exception { + String responseBody = "{\n" + + " \"authorization_server_callback_url\": \"https://redirect.url\",\n" + + " \"auth_configs\": [\n" + + " {\n" + + " \"id\": \"google-config\",\n" + + " \"configuration\": {\n" + + " \"AllowedDomains\": \"example.com\",\n" + + " \"ClientId\": \"client-id\",\n" + + " \"ClientSecret\": \"client-secret\"\n" + + " }\n" + + " }\n" + + " ]\n" + + "}"; + + when(apiRequest.requestBody()).thenReturn(responseBody); + + final GetAuthorizationServerUrlRequest request = GetAuthorizationServerUrlRequest.from(apiRequest); + + assertThat(request.authConfigs(), hasSize(1)); + assertThat(request.executor(), instanceOf(GetAuthorizationServerUrlRequestExecutor.class)); + + final AuthConfig authConfig = request.authConfigs().get(0); + + assertThat(request.callbackUrl(), is("https://redirect.url")); + + assertThat(authConfig.getId(), is("google-config")); + assertThat(authConfig.getConfiguration().allowedDomains(), contains("example.com")); + assertThat(authConfig.getConfiguration().clientId(), is("client-id")); + assertThat(authConfig.getConfiguration().clientSecret(), is("client-secret")); + + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/requests/UserAuthenticationRequestTest.java b/src/test/java/cd/go/authorization/google/requests/UserAuthenticationRequestTest.java new file mode 100644 index 0000000..30c2ac4 --- /dev/null +++ b/src/test/java/cd/go/authorization/google/requests/UserAuthenticationRequestTest.java @@ -0,0 +1,80 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.requests; + +import cd.go.authorization.google.executors.UserAuthenticationRequestExecutor; +import cd.go.authorization.google.models.AuthConfig; +import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; + +import static org.hamcrest.CoreMatchers.instanceOf; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.hasSize; +import static org.junit.Assert.assertThat; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +public class UserAuthenticationRequestTest { + @Mock + private GoPluginApiRequest apiRequest; + + @Before + public void setUp() throws Exception { + initMocks(this); + } + + @Test + public void shouldDeserializeGoPluginApiRequestToUserAuthenticationRequest() throws Exception { + String responseBody = "{\n" + + " \"authorization_server_callback_url\": \"https://redirect.url\",\n" + + " \"credentials\": {\n" + + " \"access_token\": \"access-token\",\n" + + " \"token_type\": \"token\",\n" + + " \"expires_in\": 3600,\n" + + " \"scope\": \"profile\",\n" + + " \"id_token\": \"id-token\"\n" + + " },\n" + + " \"auth_configs\": [\n" + + " {\n" + + " \"id\": \"google-config\",\n" + + " \"configuration\": {\n" + + " \"ClientId\": \"client-id\",\n" + + " \"AllowedDomains\": \"example.com\",\n" + + " \"ClientSecret\": \"client-secret\"\n" + + " }\n" + + " }\n" + + " ]\n" + + "}"; + + when(apiRequest.requestBody()).thenReturn(responseBody); + + final UserAuthenticationRequest request = UserAuthenticationRequest.from(apiRequest); + + assertThat(request.authConfigs(), hasSize(1)); + assertThat(request.executor(), instanceOf(UserAuthenticationRequestExecutor.class)); + + final AuthConfig authConfig = request.authConfigs().get(0); + + assertThat(authConfig.getId(), is("google-config")); + assertThat(authConfig.getConfiguration().clientId(), is("client-id")); + assertThat(authConfig.getConfiguration().clientSecret(), is("client-secret")); + assertThat(authConfig.getConfiguration().allowedDomains(), containsInAnyOrder("example.com")); + } +} \ No newline at end of file diff --git a/src/test/java/cd/go/authorization/google/requests/VerifyConnectionRequestTest.java b/src/test/java/cd/go/authorization/google/requests/VerifyConnectionRequestTest.java new file mode 100644 index 0000000..54695c4 --- /dev/null +++ b/src/test/java/cd/go/authorization/google/requests/VerifyConnectionRequestTest.java @@ -0,0 +1,63 @@ +/* + * Copyright 2017 ThoughtWorks, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package cd.go.authorization.google.requests; + +import cd.go.authorization.google.executors.VerifyConnectionRequestExecutor; +import cd.go.authorization.google.models.GoogleConfiguration; +import com.thoughtworks.go.plugin.api.request.GoPluginApiRequest; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; + +import static org.hamcrest.CoreMatchers.instanceOf; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.Matchers.contains; +import static org.junit.Assert.assertThat; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +public class VerifyConnectionRequestTest { + @Mock + private GoPluginApiRequest apiRequest; + + @Before + public void setUp() throws Exception { + initMocks(this); + } + + @Test + public void shouldDeserializeGoPluginApiRequestToVerifyConnectionRequest() throws Exception { + String responseBody = "{\n" + + " \"GoServerUrl\": \"https://your.go.server.url\",\n" + + " \"AllowedDomains\": \"example.com\",\n" + + " \"ClientId\": \"client-id\",\n" + + " \"ClientSecret\": \"client-secret\"\n" + + "}"; + + when(apiRequest.requestBody()).thenReturn(responseBody); + + final VerifyConnectionRequest request = VerifyConnectionRequest.from(apiRequest); + final GoogleConfiguration googleConfiguration = request.googleConfiguration(); + + assertThat(request.executor(), instanceOf(VerifyConnectionRequestExecutor.class)); + + assertThat(googleConfiguration.allowedDomains(), contains("example.com")); + assertThat(googleConfiguration.clientId(), is("client-id")); + assertThat(googleConfiguration.clientSecret(), is("client-secret")); + } + +} \ No newline at end of file