mirror of
https://github.com/yu-i-i/overleaf-cep.git
synced 2026-06-11 23:20:47 +02:00
Merge pull request #24721 from overleaf/msm-cleanup-git-oauth-secret
[git-bridge] Cleanup `oauth` clientID/secret GitOrigin-RevId: 48144d928119782d1c7b048b0cb6a4afb6072f28
This commit is contained in:
Miguel Serrano
+7
-14
@@ -30,7 +30,7 @@ public class Config implements JSONSource {
|
||||
config.apiBaseURL,
|
||||
config.postbackURL,
|
||||
config.serviceName,
|
||||
Oauth2.asSanitised(config.oauth2),
|
||||
config.oauth2Server,
|
||||
config.userPasswordEnabled,
|
||||
config.repoStore,
|
||||
SwapStoreConfig.sanitisedCopy(config.swapStore),
|
||||
@@ -46,7 +46,7 @@ public class Config implements JSONSource {
|
||||
private String apiBaseURL;
|
||||
private String postbackURL;
|
||||
private String serviceName;
|
||||
@Nullable private Oauth2 oauth2;
|
||||
@Nullable private String oauth2Server;
|
||||
private boolean userPasswordEnabled;
|
||||
@Nullable private RepoStoreConfig repoStore;
|
||||
@Nullable private SwapStoreConfig swapStore;
|
||||
@@ -70,7 +70,7 @@ public class Config implements JSONSource {
|
||||
String apiBaseURL,
|
||||
String postbackURL,
|
||||
String serviceName,
|
||||
Oauth2 oauth2,
|
||||
String oauth2Server,
|
||||
boolean userPasswordEnabled,
|
||||
RepoStoreConfig repoStore,
|
||||
SwapStoreConfig swapStore,
|
||||
@@ -84,7 +84,7 @@ public class Config implements JSONSource {
|
||||
this.apiBaseURL = apiBaseURL;
|
||||
this.postbackURL = postbackURL;
|
||||
this.serviceName = serviceName;
|
||||
this.oauth2 = oauth2;
|
||||
this.oauth2Server = oauth2Server;
|
||||
this.userPasswordEnabled = userPasswordEnabled;
|
||||
this.repoStore = repoStore;
|
||||
this.swapStore = swapStore;
|
||||
@@ -116,7 +116,7 @@ public class Config implements JSONSource {
|
||||
if (!postbackURL.endsWith("/")) {
|
||||
postbackURL += "/";
|
||||
}
|
||||
oauth2 = new Gson().fromJson(configObject.get("oauth2"), Oauth2.class);
|
||||
oauth2Server = getOptionalString(configObject, "oauth2Server");
|
||||
userPasswordEnabled = getOptionalString(configObject, "userPasswordEnabled").equals("true");
|
||||
repoStore = new Gson().fromJson(configObject.get("repoStore"), RepoStoreConfig.class);
|
||||
swapStore = new Gson().fromJson(configObject.get("swapStore"), SwapStoreConfig.class);
|
||||
@@ -166,19 +166,12 @@ public class Config implements JSONSource {
|
||||
return postbackURL;
|
||||
}
|
||||
|
||||
public boolean isUsingOauth2() {
|
||||
return oauth2 != null;
|
||||
}
|
||||
|
||||
public boolean isUserPasswordEnabled() {
|
||||
return userPasswordEnabled;
|
||||
}
|
||||
|
||||
public Oauth2 getOauth2() {
|
||||
if (!isUsingOauth2()) {
|
||||
throw new AssertionError("Getting oauth2 when not using it");
|
||||
}
|
||||
return oauth2;
|
||||
public String getOauth2Server() {
|
||||
return oauth2Server;
|
||||
}
|
||||
|
||||
public Optional<RepoStoreConfig> getRepoStore() {
|
||||
|
||||
@@ -1,33 +0,0 @@
|
||||
package uk.ac.ic.wlgitbridge.application.config;
|
||||
|
||||
/*
|
||||
* Created by winston on 25/10/15.
|
||||
*/
|
||||
public class Oauth2 {
|
||||
|
||||
private final String oauth2ClientID;
|
||||
private final String oauth2ClientSecret;
|
||||
private final String oauth2Server;
|
||||
|
||||
public Oauth2(String oauth2ClientID, String oauth2ClientSecret, String oauth2Server) {
|
||||
this.oauth2ClientID = oauth2ClientID;
|
||||
this.oauth2ClientSecret = oauth2ClientSecret;
|
||||
this.oauth2Server = oauth2Server;
|
||||
}
|
||||
|
||||
public String getOauth2ClientID() {
|
||||
return oauth2ClientID;
|
||||
}
|
||||
|
||||
public String getOauth2ClientSecret() {
|
||||
return oauth2ClientSecret;
|
||||
}
|
||||
|
||||
public String getOauth2Server() {
|
||||
return oauth2Server;
|
||||
}
|
||||
|
||||
public static Oauth2 asSanitised(Oauth2 oauth2) {
|
||||
return new Oauth2("<oauth2ClientID>", "<oauth2ClientSecret>", oauth2.oauth2Server);
|
||||
}
|
||||
}
|
||||
@@ -151,9 +151,9 @@ public class GitBridgeServer {
|
||||
throws ServletException {
|
||||
final ServletContextHandler servletContextHandler =
|
||||
new ServletContextHandler(ServletContextHandler.SESSIONS);
|
||||
if (config.isUsingOauth2()) {
|
||||
if (config.getOauth2Server() != null) {
|
||||
Filter filter =
|
||||
new Oauth2Filter(snapshotApi, config.getOauth2(), config.isUserPasswordEnabled());
|
||||
new Oauth2Filter(snapshotApi, config.getOauth2Server(), config.isUserPasswordEnabled());
|
||||
servletContextHandler.addFilter(
|
||||
new FilterHolder(filter), "/*", EnumSet.of(DispatcherType.REQUEST));
|
||||
}
|
||||
|
||||
@@ -13,7 +13,6 @@ import javax.servlet.*;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import uk.ac.ic.wlgitbridge.application.config.Oauth2;
|
||||
import uk.ac.ic.wlgitbridge.bridge.snapshot.SnapshotApi;
|
||||
import uk.ac.ic.wlgitbridge.util.Instance;
|
||||
import uk.ac.ic.wlgitbridge.util.Log;
|
||||
@@ -28,13 +27,13 @@ public class Oauth2Filter implements Filter {
|
||||
|
||||
private final SnapshotApi snapshotApi;
|
||||
|
||||
private final Oauth2 oauth2;
|
||||
private final String oauth2Server;
|
||||
|
||||
private final boolean isUserPasswordEnabled;
|
||||
|
||||
public Oauth2Filter(SnapshotApi snapshotApi, Oauth2 oauth2, boolean isUserPasswordEnabled) {
|
||||
public Oauth2Filter(SnapshotApi snapshotApi, String oauth2Server, boolean isUserPasswordEnabled) {
|
||||
this.snapshotApi = snapshotApi;
|
||||
this.oauth2 = oauth2;
|
||||
this.oauth2Server = oauth2Server;
|
||||
this.isUserPasswordEnabled = isUserPasswordEnabled;
|
||||
}
|
||||
|
||||
@@ -108,7 +107,7 @@ public class Oauth2Filter implements Filter {
|
||||
// fail later (for example, in the unlikely event that the token
|
||||
// expired between the two requests). In that case, JGit will
|
||||
// return a 401 without a custom error message.
|
||||
int statusCode = checkAccessToken(oauth2, password, getClientIp(request));
|
||||
int statusCode = checkAccessToken(this.oauth2Server, password, getClientIp(request));
|
||||
if (statusCode == 429) {
|
||||
handleRateLimit(projectId, username, request, response);
|
||||
return;
|
||||
@@ -238,10 +237,9 @@ public class Oauth2Filter implements Filter {
|
||||
"your Overleaf Account Settings."));
|
||||
}
|
||||
|
||||
private int checkAccessToken(Oauth2 oauth2, String accessToken, String clientIp)
|
||||
private int checkAccessToken(String oauth2Server, String accessToken, String clientIp)
|
||||
throws IOException {
|
||||
GenericUrl url =
|
||||
new GenericUrl(oauth2.getOauth2Server() + "/oauth/token/info?client_ip=" + clientIp);
|
||||
GenericUrl url = new GenericUrl(oauth2Server + "/oauth/token/info?client_ip=" + clientIp);
|
||||
HttpRequest request = Instance.httpRequestFactory.buildGetRequest(url);
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
headers.setAuthorization("Bearer " + accessToken);
|
||||
|
||||
Reference in New Issue
Block a user