Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make OAuth prefix used for storing credentials configurable; use port… #15114

Draft
wants to merge 19 commits into
base: master
Choose a base branch
from
Draft

Make OAuth prefix used for storing credentials configurable; use port… #15114

wants to merge 19 commits into from

Conversation

chenkins
Copy link
Contributor

Resolves #15113

@chenkins chenkins requested a review from a team as a code owner September 12, 2023 16:32
@chenkins chenkins self-assigned this Sep 12, 2023
@chenkins chenkins requested a review from dkocher September 12, 2023 16:32
@chenkins chenkins mentioned this pull request Sep 13, 2023
Closed
13 tasks
@AliveDevil
Copy link
Contributor

AliveDevil commented Sep 13, 2023
edited
Loading

On Windows the OAuth Token is attached to the Credential Manager entry for a host in an additional "page"/attribute.

Basically:

protocol://user@hostname:port/
|- username: user
|- password: …
\  Metadata
    |-  OAuth Access Token: …
    |- OAuth Refresh Token: …
    \  OAuth Expiry: …

Thus the configurable oauth prefix isn't used there.
To make this work an additional credential manager entry for the OAuth connection has to be created.

https://github.com/iterate-ch/cyberduck/blob/master/core/src/main/csharp/ch/cyberduck/core/CredentialManagerPasswordStore.cs#L115

@dkocher dkocher marked this pull request as draft September 13, 2023 07:55
@chenkins chenkins force-pushed the feature/GH-15113-oauth-prefix-factory branch 2 times, most recently from ac17560 to ec72ed9 Compare September 26, 2023 13:11
chenkins
chenkins commented Sep 27, 2023
View reviewed changes
core/src/main/java/ch/cyberduck/core/OAuthPrefixService.java Outdated Show resolved Hide resolved
core/src/main/csharp/ch/cyberduck/core/CredentialManagerPasswordStore.cs Outdated
if (protocol.isPortConfigurable() && !Equals(protocol.getDefaultPort(), bookmark.getPort()))
isOAuth = true;
OAuthPrefixService oAuthPrefix = new OAuthPrefixServiceFactory().create(bookmark);
hostname = oAuthPrefix.getIdentifier();
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AliveDevil looks dodgy to assign identifier to hostname

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, that's what I called the field, could change that to identifier, which holds either OAuthPrefix.getIdentifier() or bookmark.getHostname() (in non-OAuth path).
Which is then built to duck:identifier:port?user= (OAuth) or duck:fqdn:port?user= (Default).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This causes a regression as previously entries were saved using bookmark.getProtocol().getOAuthTokenUrl() when available.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only using the protocol identifier and no token URL will cause entries to be saved with the same key for bookmarks using same protocol but different OAuth endpoint.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AliveDevil The previous default was duck:identifier:fqdn:port?user= , not duck:fqdn:port?user= ?

core/src/main/java/ch/cyberduck/core/OAuthPrefixServiceFactory.java Outdated Show resolved Hide resolved
core/src/main/java/ch/cyberduck/core/DefaultOAuthPrefixService.java Outdated Show resolved Hide resolved
core/src/main/java/ch/cyberduck/core/preferences/Preferences.java Outdated Show resolved Hide resolved
@chenkins chenkins marked this pull request as ready for review October 20, 2023 20:54
@chenkins chenkins requested a review from dkocher October 20, 2023 20:54
@dkocher dkocher marked this pull request as draft October 23, 2023 07:23
@chenkins chenkins force-pushed the feature/GH-15113-oauth-prefix-factory branch from ec72ed9 to 10c08c1 Compare October 23, 2023 11:59
@dkocher dkocher force-pushed the feature/GH-15113-oauth-prefix-factory branch from 247781e to fb98028 Compare October 27, 2023 08:42
@dkocher dkocher assigned dkocher and unassigned chenkins Oct 27, 2023
@dkocher dkocher force-pushed the feature/GH-15113-oauth-prefix-factory branch from fb98028 to 507c612 Compare October 27, 2023 18:25
@dkocher dkocher modified the milestones: 8.7.1, 9.0 Oct 27, 2023
@dkocher dkocher marked this pull request as ready for review October 27, 2023 18:41
@dkocher dkocher force-pushed the feature/GH-15113-oauth-prefix-factory branch 3 times, most recently from 6b5dbe3 to f311e4f Compare October 29, 2023 19:55
@dkocher
Copy link
Contributor

dkocher commented Oct 30, 2023

Refactored to protocol service PasswordStorePrefixService

  • Default implementation implements current behaviour of DefaultHostPasswordStore
  • New specific implementation for Windows implements current behaviour of CredentialManagerPasswordStore

chenkins
chenkins commented Oct 30, 2023
View reviewed changes
core/src/main/java/ch/cyberduck/core/DefaultHostPasswordStore.java Show resolved Hide resolved
core/src/main/java/ch/cyberduck/core/AbstractProtocol.java Outdated Show resolved Hide resolved
core/src/main/java/ch/cyberduck/core/PasswordStorePrefixService.java Outdated Show resolved Hide resolved
core/src/main/java/ch/cyberduck/core/preferences/Preferences.java Outdated Show resolved Hide resolved
core/src/main/java/ch/cyberduck/core/DefaultPasswordStorePrefixService.java Outdated Show resolved Hide resolved
windows/src/main/csharp/ch/cyberduck/ui/core/preferences/ApplicationPreferences.cs Outdated Show resolved Hide resolved
cli/src/main/csharp/ch/cyberduck/cli/WindowsTerminalPreferences.cs Outdated Show resolved Hide resolved
core/src/main/java/ch/cyberduck/core/PasswordStorePrefixService.java Outdated Show resolved Hide resolved
core/src/main/java/ch/cyberduck/core/PasswordStorePrefixService.java Outdated Show resolved Hide resolved
core/src/main/java/ch/cyberduck/core/DefaultHostPasswordStore.java Show resolved Hide resolved
@dkocher dkocher mentioned this pull request Nov 1, 2023
Closed
@dkocher dkocher linked an issue Nov 1, 2023 that may be closed by this pull request
Shared OAuth refresh token not accepted #15284
Closed
@dkocher dkocher force-pushed the feature/GH-15113-oauth-prefix-factory branch from a30e21e to fe35500 Compare November 22, 2023 16:26
dkocher
dkocher reviewed Nov 22, 2023
View reviewed changes
core/src/main/csharp/ch/cyberduck/core/CredentialManagerPasswordStore.cs
if (!string.IsNullOrWhiteSpace(cred.Password))
{
return cred.Password;
}

return base.findLoginPassword(bookmark);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because the base implementation will load the platform specific implementation of the prefix service this will cause a regression in failure finding deprecated store entries.

@dkocher dkocher force-pushed the feature/GH-15113-oauth-prefix-factory branch from 23accf1 to 8650ca9 Compare November 22, 2023 20:24
ylangisc
ylangisc reviewed Nov 23, 2023
View reviewed changes
core/src/main/java/ch/cyberduck/core/DefaultHostPasswordStore.java
return null;
}
final PasswordStoreDescriptorService service = bookmark.getProtocol().getFeature(PasswordStoreDescriptorService.class);
final String prefix = service.getDescriptor(bookmark);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unused.

ylangisc
ylangisc reviewed Nov 23, 2023
View reviewed changes
core/src/main/java/ch/cyberduck/core/DefaultHostPasswordStore.java
final Credentials credentials = bookmark.getCredentials();
if(StringUtils.isEmpty(credentials.getUsername())) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is this case handled in the new implementation?

ylangisc
ylangisc reviewed Nov 23, 2023
View reviewed changes
core/src/main/java/ch/cyberduck/core/DefaultPasswordStoreDescriptorService.java
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Introduce variables, e.g. URI.create(bookmark.getProtocol().getOAuthTokenUrl()) to avoid duplicate code which is not very readable as you always have to check if there is any difference to the previous usage.

ylangisc
ylangisc reviewed Nov 23, 2023
View reviewed changes
core/src/main/csharp/ch/cyberduck/core/CredentialManagerPasswordStore.cs
var credentials = bookmark.getCredentials();

var targetBuilder = new UriBuilder(PreferencesFactory.get().getProperty("application.container.name"), string.Empty);
PasswordStoreDescriptorService service = (PasswordStoreDescriptorService)bookmark.getProtocol().getFeature(typeof(PasswordStorePrefixService));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wrong type PasswordStorePrefixService.

ylangisc
ylangisc reviewed Nov 23, 2023
View reviewed changes
core/src/main/csharp/ch/cyberduck/core/CredentialManagerPasswordStore.cs
string hostname = service.getHostname(bookmark);
if (!string.IsNullOrWhiteSpace(hostname))
{
pathBuilder.Append(hostname);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing : between prefix and hostname?

ylangisc
ylangisc reviewed Nov 23, 2023
View reviewed changes
core/src/main/csharp/ch/cyberduck/core/CredentialManagerPasswordStore.cs
@@ -211,27 +221,37 @@ public override void save(Host bookmark)

private static Uri ToUri(Host bookmark)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing test coverage for such methods.

ylangisc
ylangisc reviewed Nov 23, 2023
View reviewed changes
core/src/main/csharp/ch/cyberduck/core/CredentialManagerPasswordStore.cs
var pathBuilder = new StringBuilder();
pathBuilder.Append(protocol.getIdentifier());
if (protocol.isHostnameConfigurable() || !(protocol.isTokenConfigurable() || protocol.isOAuthConfigurable()))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this equivalent to the new checks in CredentialManagerPasswordStoreDescriptorService which are different.

@dkocher dkocher modified the milestones: 8.7.2, 9.0 Nov 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AliveDevil AliveDevil AliveDevil left review comments

@ylangisc ylangisc ylangisc left review comments

@dkocher dkocher dkocher requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@dkocher dkocher

Labels
None yet
Projects
None yet
Milestone
10.0
4 participants
@chenkins @AliveDevil @dkocher @ylangisc