Merge pull request #14 from larscheid-schmitzhermes/fix/correct-teams-api

call new teams api

Author: schmitzhermes

Dockerfile

@@ -0,0 +1,8 @@
+FROM sonatype/nexus3:3.3.2
+USER root
+RUN mkdir -p /opt/sonatype/nexus/system/com/larscheidschmitzhermes/nexus3-github-oauth-plugin/1.1.0/
+COPY target/nexus3-github-oauth-plugin-1.1.0.jar /opt/sonatype/nexus/system/com/larscheidschmitzhermes/nexus3-github-oauth-plugin/1.1.0/
+COPY target/feature/feature.xml /opt/sonatype/nexus/system/com/larscheidschmitzhermes/nexus3-github-oauth-plugin/1.1.0/nexus3-github-oauth-plugin-1.1.0-features.xml
+COPY pom.xml /opt/sonatype/nexus/system/com/larscheidschmitzhermes/nexus3-github-oauth-plugin/1.1.0/nexus3-github-oauth-plugin-1.1.0.pom
+RUN echo '<?xml version="1.0" encoding="UTF-8"?><metadata><groupId>com.larscheidschmitzhermes</groupId><artifactId>nexus3-github-oauth-plugin</artifactId><versioning><release>1.1.0</release><versions><version>1.1.0</version></versions><lastUpdated>20170630132608</lastUpdated></versioning></metadata>' > /opt/sonatype/nexus/system/com/larscheidschmitzhermes/nexus3-github-oauth-plugin/maven-metadata-local.xml
+RUN echo "mvn\:com.larscheidschmitzhermes/nexus3-github-oauth-plugin/1.1.0 = 200" >> /opt/sonatype/nexus/etc/karaf/startup.properties

README.md

@@ -49,7 +49,7 @@ The following lines will:
 - add the plugin to the `karaf` `startup.properties`.
 ```shell
 mkdir -p /opt/sonatype/nexus/system/com/larscheidschmitzhermes/ &&\
-wget -O /opt/sonatype/nexus/system/com/larscheidschmitzhermes/nexus3-github-oauth-plugin.zip https://github.com/larscheid-schmitzhermes/nexus3-github-oauth-plugin/releases/download/1.0.0/nexus3-github-oauth-plugin.zip &&\
+wget -O /opt/sonatype/nexus/system/com/larscheidschmitzhermes/nexus3-github-oauth-plugin.zip https://github.com/larscheid-schmitzhermes/nexus3-github-oauth-plugin/releases/download/1.1.0/nexus3-github-oauth-plugin.zip &&\
 unzip /opt/sonatype/nexus/system/com/larscheidschmitzhermes/nexus3-github-oauth-plugin.zip -d /opt/sonatype/nexus/system/com/larscheidschmitzhermes/ &&\
 echo "mvn\:com.larscheidschmitzhermes/nexus3-github-oauth-plugin/1.0.0 = 200" >> /opt/sonatype/nexus/etc/karaf/startup.properties
 ```
@@ -73,6 +73,12 @@ github.principal.cache.ttl=PT1M
 #### 3. Restart Nexus
 Restart your Nexus instance to let it pick up your changes.
 
+## Development
+
+You can build the project with the integrated maven wrapper like so: `./mvnw clean package`
+
+Use the [`Dockerfile`](Dockerfile) to quickly spin up a nexus with the plugin already preinstalled.
+
 ## Credits
 
 The whole project is heavily influenced by the [nexus3-crowd-plugin](https://github.com/pingunaut/nexus3-crowd-plugin).

pom.xml

@@ -20,7 +20,7 @@
 
     <groupId>com.larscheidschmitzhermes</groupId>
     <artifactId>nexus3-github-oauth-plugin</artifactId>
-    <version>1.0.0</version>
+    <version>1.1.0</version>
 
     <name>${project.groupId}:${project.artifactId}</name>
     <packaging>bundle</packaging>

src/main/java/com/larscheidschmitzhermes/nexus3/github/oauth/plugin/api/GithubApiClient.java

@@ -2,10 +2,6 @@
 
 import java.io.IOException;
 import java.io.InputStreamReader;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.Collections;
-import java.util.HashSet;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
@@ -124,51 +120,24 @@ private GithubUser retrieveGithubUser(String loginName, char[] token) throws Git
     }
 
     private Set<String> generateRolesFromGithubOrgMemberships(char[] token) throws GithubAuthenticationException{
-        HttpGet orgsRequest = new HttpGet(configuration.getGithubOrgsUri());
-        orgsRequest.addHeader(constructGithubAuthorizationHeader(token));
-        HttpResponse orgsResponse;
+        HttpGet teamsRequest = new HttpGet(configuration.getGithubUserTeamsUri());
+        teamsRequest.addHeader(constructGithubAuthorizationHeader(token));
+        HttpResponse teamsResponse;
 
-        Set<GithubOrg> orgs;
+        Set<GithubTeam> teams;
         try {
-            orgsResponse = client.execute(orgsRequest);
-             orgs = mapper.readValue(new InputStreamReader(orgsResponse.getEntity().getContent()), new TypeReference<Set<GithubOrg>>() {
-            });
+            teamsResponse = client.execute(teamsRequest);
+            teams = mapper.readValue(new InputStreamReader(teamsResponse.getEntity().getContent()), new TypeReference<Set<GithubTeam>>() {});
         } catch (IOException e) {
-            orgsRequest.releaseConnection();
+            teamsRequest.releaseConnection();
             throw new GithubAuthenticationException(e);
         }
 
-        Set<String> roles = new HashSet<>();
-
-        for (GithubOrg org : orgs) {
-            roles.addAll(retrieveTeamMembershipsInOrg(org, token).stream().map(team -> mapGithubTeamToNexusRole(org, team)).collect(Collectors.toList()));
-        }
-
-        return roles;
-    }
-
-    private Set<GithubTeam> retrieveTeamMembershipsInOrg(GithubOrg org, char[] token) {
-        HttpGet teamsRequest;
-        try {
-            teamsRequest = new HttpGet(new URI(org.getUrl() + configuration.getGithubTeamsInOrgPath()));
-        } catch (URISyntaxException e) {
-            LOGGER.warn("error creating uri" ,e);
-            return Collections.emptySet();
-        }
-        teamsRequest.addHeader(constructGithubAuthorizationHeader(token));
-        try {
-            HttpResponse teamsResponse = client.execute(teamsRequest);
-            return mapper.readValue(new InputStreamReader(teamsResponse.getEntity().getContent()), new TypeReference<Set<GithubTeam>>() {
-            });
-        } catch (IOException e) {
-            teamsRequest.releaseConnection();
-            LOGGER.warn("Failed to get teams in " + org.getUrl(),e);
-            return Collections.emptySet();
-        }
+        return teams.stream().map(this::mapGithubTeamToNexusRole).collect(Collectors.toSet());
     }
 
-    private String mapGithubTeamToNexusRole(GithubOrg org, GithubTeam team) {
-        return org.getLogin() + "/" + team.getName();
+    private String mapGithubTeamToNexusRole(GithubTeam team) {
+        return team.getOrganization().getLogin() + "/" + team.getName();
     }
 
     private BasicHeader constructGithubAuthorizationHeader(char[] token) {

src/main/java/com/larscheidschmitzhermes/nexus3/github/oauth/plugin/api/GithubOrg.java

@@ -5,7 +5,6 @@
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class GithubOrg {
     private String login;
-    private String url;
 
     public String getLogin() {
         return login;
@@ -14,12 +13,4 @@ public String getLogin() {
     public void setLogin(String login) {
         this.login = login;
     }
-
-    public String getUrl() {
-        return url;
-    }
-
-    public void setUrl(String url) {
-        this.url = url;
-    }
 }

src/main/java/com/larscheidschmitzhermes/nexus3/github/oauth/plugin/api/GithubTeam.java

@@ -6,11 +6,21 @@
 public class GithubTeam {
     private String name;
 
+    private GithubOrg organization;
+
     public String getName() {
         return name;
     }
 
     public void setName(String name) {
         this.name = name;
     }
+
+    public GithubOrg getOrganization() {
+        return organization;
+    }
+
+    public void setOrganization(GithubOrg organization) {
+        this.organization = organization;
+    }
 }

src/main/java/com/larscheidschmitzhermes/nexus3/github/oauth/plugin/configuration/GithubOauthConfiguration.java

@@ -21,9 +21,7 @@ public class GithubOauthConfiguration {
 
     private static final String GITHUB_USER_PATH = "/user";
 
-    private static final String GITHUB_ORGS_PATH = "/user/orgs";
-
-    private static final String GITHUB_TEAMS_IN_ORG_PATH = "/teams";
+    private static final String GITHUB_USER_TEAMS_PATH = "/user/teams";
 
     private static final Duration DEFAULT_PRINCIPAL_CACHE_TTL = Duration.ofMinutes(1);
 
@@ -52,18 +50,12 @@ public String getGithubApiUrl() {
         return configuration.getProperty(GITHUB_API_URL_KEY, DEFAULT_GITHUB_URL);
     }
 
-    public String getGithubTeamsInOrgPath() {
-        return GITHUB_TEAMS_IN_ORG_PATH;
-    }
-
-    public String getGithubOrgsUri() {
-       return getGithubApiUrl() + GITHUB_ORGS_PATH;
-    }
-
     public String getGithubUserUri() {
         return getGithubApiUrl() + GITHUB_USER_PATH;
     }
 
+    public String getGithubUserTeamsUri() { return getGithubApiUrl() + GITHUB_USER_TEAMS_PATH; }
+
     public Duration getPrincipalCacheTtl() {
         return Duration.parse(configuration.getProperty(GITHUB_PRINCIPAL_CACHE_TTL_KEY, DEFAULT_PRINCIPAL_CACHE_TTL.toString()));
     }

src/test/java/com/larscheidschmitzhermes/nexus3/github/oauth/plugin/GithubApiClientTest.java

@@ -7,7 +7,6 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import com.larscheidschmitzhermes.nexus3.github.oauth.plugin.configuration.GithubOauthConfiguration;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.methods.HttpGet;
@@ -23,27 +22,25 @@
 import com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubOrg;
 import com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubTeam;
 import com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubUser;
+import com.larscheidschmitzhermes.nexus3.github.oauth.plugin.configuration.GithubOauthConfiguration;
 import com.larscheidschmitzhermes.nexus3.github.oauth.plugin.configuration.MockGithubOauthConfiguration;
 
 @RunWith(MockitoJUnitRunner.class)
 public class GithubApiClientTest {
     private MockGithubOauthConfiguration config = new MockGithubOauthConfiguration(Duration.ofDays(1));
     private ObjectMapper mapper = new ObjectMapper();
 
-    private List<GithubOrg> mockOrgs(){
-        List<GithubOrg> orgs = new ArrayList<>();
+    private List<GithubTeam> mockTeams(){
         GithubOrg org = new GithubOrg();
         org.setLogin("TEST-ORG");
-        org.setUrl("www.example.com/test-org");
-        orgs.add(org);
-        return orgs;
-    }
 
-    private List<GithubTeam> mockTeams(){
         List<GithubTeam> teams = new ArrayList<>();
+
         GithubTeam team = new GithubTeam();
+        team.setOrganization(org);
         team.setName("admin");
         teams.add(team);
+
         return teams;
     }
 
@@ -70,17 +67,14 @@ private HttpClient fullyFunctionalMockClient() throws IOException{
         return mockClient;
     }
     private void mockResponsesForGithubAuthRequest(HttpClient mockClient) throws IOException {
-        HttpResponse mockOrgRespone = createMockResponse(mockOrgs());
         HttpResponse mockTeamResponse = createMockResponse(mockTeams());
         HttpResponse mockUserResponse = createMockResponse(mockUser("Hans Wurst"));
 
         Mockito.when(mockClient.execute(Mockito.any())).thenAnswer(invocationOnMock -> {
             String uriString = ((HttpGet) invocationOnMock.getArguments()[0]).getURI().toString();
-            if (uriString.equals(config.getGithubOrgsUri().toString())){
-                return mockOrgRespone;
-            }else if(uriString.matches(".*/teams.*")){
+            if (uriString.equals(config.getGithubUserTeamsUri())) {
                 return mockTeamResponse;
-            }else if(uriString.equals(config.getGithubUserUri().toString())){
+            } else if (uriString.equals(config.getGithubUserUri().toString())) {
                 return mockUserResponse;
             }
             return null;
@@ -89,17 +83,14 @@ private void mockResponsesForGithubAuthRequest(HttpClient mockClient) throws IOE
 
     private HttpClient mockClientWithNullUsername()throws IOException{
         HttpClient mockClient = Mockito.mock(HttpClient.class);
-        HttpResponse mockOrgRespone = createMockResponse(mockOrgs());
         HttpResponse mockTeamResponse = createMockResponse(mockTeams());
         HttpResponse mockUserResponse = createMockResponse(mockUser(null));
 
         Mockito.when(mockClient.execute(Mockito.any())).thenAnswer(invocationOnMock -> {
             String uriString = ((HttpGet) invocationOnMock.getArguments()[0]).getURI().toString();
-            if (uriString.equals(config.getGithubOrgsUri().toString())){
-                return mockOrgRespone;
-            }else if(uriString.matches(".*/teams.*")){
+            if (uriString.equals(config.getGithubUserTeamsUri())) {
                 return mockTeamResponse;
-            }else if(uriString.equals(config.getGithubUserUri().toString())){
+            } else if (uriString.equals(config.getGithubUserUri().toString())){
                 return mockUserResponse;
             }
             return null;
@@ -161,8 +152,8 @@ public void cachedPrincipalReturnsIfNotExpired() throws Exception {
         char[] token = "DUMMY".toCharArray();
         clientToTest.authz(login, token);
 
-        // We make 3 calls to Github for a single auth check
-        Mockito.verify(mockClient, Mockito.times(3)).execute(Mockito.any(HttpGet.class));
+        // We make 2 calls to Github for a single auth check
+        Mockito.verify(mockClient, Mockito.times(2)).execute(Mockito.any(HttpGet.class));
         Mockito.verifyNoMoreInteractions(mockClient);
 
         // This invocation should hit the cache and should not use the client
@@ -179,8 +170,8 @@ public void principalCacheHonorsTtl() throws Exception {
         char[] token = "DUMMY".toCharArray();
 
         clientToTest.authz("demo-user", token);
-        // We make 3 calls to Github for a single auth check
-        Mockito.verify(mockClient, Mockito.times(3)).execute(Mockito.any(HttpGet.class));
+        // We make 2 calls to Github for a single auth check
+        Mockito.verify(mockClient, Mockito.times(2)).execute(Mockito.any(HttpGet.class));
         Mockito.verifyNoMoreInteractions(mockClient);
 
         // Wait a bit for the cache to become invalidated
@@ -191,8 +182,8 @@ public void principalCacheHonorsTtl() throws Exception {
         mockResponsesForGithubAuthRequest(mockClient);
         // This should also hit Github because the cache TTL has elapsed
         clientToTest.authz("demo-user", token);
-        // We make 3 calls to Github for a single auth check
-        Mockito.verify(mockClient, Mockito.times(3)).execute(Mockito.any(HttpGet.class));
+        // We make 2 calls to Github for a single auth check
+        Mockito.verify(mockClient, Mockito.times(2)).execute(Mockito.any(HttpGet.class));
         Mockito.verifyNoMoreInteractions(mockClient);
     }