github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/InitGitHub.java - plugins/github - Git at Google

 // Copyright (C) 2013 The Android Open Source Project
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 // http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package com.googlesource.gerrit.plugins.github;

 import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.CONF_KEY_SECTION;
 import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.CIPHER_ALGORITHM_DEFAULT;
 import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.CIPHER_ALGO_CONFIG_LABEL;
 import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.CURRENT_CONFIG_LABEL;
 import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.IS_CURRENT_DEFAULT;
 import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.KEY_ID_DEFAULT;
 import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.PASSWORD_DEVICE_CONFIG_LABEL;
 import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.PASSWORD_LENGTH_CONFIG_LABEL;
 import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.PASSWORD_LENGTH_DEFAULT;
 import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.SECRET_KEY_ALGORITHM_DEFAULT;
 import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.SECRET_KEY_CONFIG_LABEL;
 import static com.googlesource.gerrit.plugins.github.oauth.PasswordGenerator.DEFAULT_PASSWORD_FILE;

 import com.google.common.base.Strings;
 import com.google.gerrit.extensions.annotations.PluginName;
 import com.google.gerrit.extensions.client.AuthType;
 import com.google.gerrit.pgm.init.api.ConsoleUI;
 import com.google.gerrit.pgm.init.api.InitFlags;
 import com.google.gerrit.pgm.init.api.InitStep;
 import com.google.gerrit.pgm.init.api.InitUtil;
 import com.google.gerrit.pgm.init.api.Section;
 import com.google.gerrit.server.config.SitePaths;
 import com.google.inject.Inject;
 import com.googlesource.gerrit.plugins.github.oauth.PasswordGenerator;
 import java.net.URISyntaxException;
 import java.nio.file.Path;
 import java.util.EnumSet;
 import java.util.Optional;
 import org.eclipse.jgit.storage.file.FileBasedConfig;

 public class InitGitHub implements InitStep {
   private static final String GITHUB_URL = "https://github.com";
   private static final String GITHUB_API_URL = "https://api.github.com";
   private static final String GITHUB_REGISTER_APPLICATION_PATH = "/settings/applications/new";
   private static final String GERRIT_OAUTH_CALLBACK_PATH = "oauth";

   private final Path pluginData;
   private final ConsoleUI ui;
   private final Section auth;
   private final Section httpd;
   private final Section github;
   private final Section gerrit;
   private final Section.Factory sections;
   private final FileBasedConfig cfg;

   @Inject
   InitGitHub(
       @PluginName String pluginName,
       SitePaths site,
       final ConsoleUI ui,
       final Section.Factory sections,
       InitFlags flags) {
     this.pluginData = site.data_dir.resolve(pluginName);
     this.ui = ui;
     this.sections = sections;
     this.cfg = flags.cfg;
     this.github = sections.get("github", null);
     this.httpd = sections.get("httpd", null);
     this.auth = sections.get("auth", null);
     this.gerrit = sections.get("gerrit", null);
   }

   @Override
   public void run() throws Exception {
     ui.header("GitHub Integration");

     github.string("GitHub URL", "url", GITHUB_URL);
     github.string("GitHub API URL", "apiUrl", GITHUB_API_URL);
     ui.message(
         "\nNOTE: You might need to configure a proxy using http.proxy"
             + " if you run Gerrit behind a firewall.\n");

     String gerritUrl = getAssumedCanonicalWebUrl();
     ui.header("GitHub OAuth registration and credentials");
     ui.message(
         "Register Gerrit as GitHub application on:\n" + "%s%s\n\n",
         github.get("url"), GITHUB_REGISTER_APPLICATION_PATH);
     ui.message("Settings (assumed Gerrit URL: %s)\n", gerritUrl);
     ui.message("* Application name: Gerrit Code Review\n");
     ui.message("* Homepage URL: %s\n", gerritUrl);
     ui.message("* Authorization callback URL: %s%s\n\n", gerritUrl, GERRIT_OAUTH_CALLBACK_PATH);
     ui.message("After registration is complete, enter the generated OAuth credentials:\n");

     github.string("GitHub Client ID", "clientId", null);
     github.passwordForKey("GitHub Client Secret", "clientSecret");

     AuthType authType =
         auth.select(
             "Gerrit OAuth implementation",
             "type",
             AuthType.HTTP,
             EnumSet.of(AuthType.HTTP, AuthType.OAUTH));
     if (authType.equals(AuthType.HTTP)) {
       auth.string("HTTP Authentication Header", "httpHeader", "GITHUB_USER");
       httpd.set("filterClass", "com.googlesource.gerrit.plugins.github.oauth.OAuthFilter");
       authSetDefault("httpExternalIdHeader", "GITHUB_OAUTH_TOKEN");
       authSetDefault("loginUrl", "/login");
       authSetDefault("loginText", "Sign-in with GitHub");
       authSetDefault("registerPageUrl", "/#/register");
     } else {
       httpd.unset("filterClass");
       httpd.unset("httpHeader");
     }

     setupGitHubOAuthTokenCipher();
   }

   private void setupGitHubOAuthTokenCipher() {
     ui.header("GitHub OAuth token cipher configuration");
     Optional<String> maybeCurrentKeyId = getCurrentKeyId();

     boolean configureNewPasswordDevice = false;
     if (maybeCurrentKeyId.isPresent()) {
       if (!ui.yesno(
           false,
           "Current GitHub OAuth token cipher is configured under the %s key id. Do you want to configure a new one?",
           maybeCurrentKeyId.get())) {
         return;
       }

       String notUniqueKeyIdPrefix = "K";
       do {
         String newKeyId = ui.readString("some-key-id", "%sey identifier", notUniqueKeyIdPrefix);
         if (cfg.getSubsections(CONF_KEY_SECTION).contains(newKeyId)) {
           notUniqueKeyIdPrefix =
               String.format(
                   "Provided key id '%s' already exists. Please provide a different key.", newKeyId);
           continue;
         }

         cfg.setBoolean(CONF_KEY_SECTION, maybeCurrentKeyId.get(), CURRENT_CONFIG_LABEL, false);
         maybeCurrentKeyId = Optional.of(newKeyId);
         configureNewPasswordDevice = true;
         break;
       } while (true);
     }

     String currentKeyId = maybeCurrentKeyId.orElse(KEY_ID_DEFAULT);
     ui.message("Configuring GitHub OAuth token cipher under '%s' key id\n", currentKeyId);
     Section gitHubKey = sections.get(CONF_KEY_SECTION, currentKeyId);

     gitHubKey.set(CURRENT_CONFIG_LABEL, "true");

     Path defaultPasswordPath = pluginData.resolve(DEFAULT_PASSWORD_FILE);
     String currentPasswordPath =
         gitHubKey.string(
             "Password file or device",
             PASSWORD_DEVICE_CONFIG_LABEL,
             configureNewPasswordDevice ? null : defaultPasswordPath.toString());
     if (defaultPasswordPath.toString().equalsIgnoreCase(currentPasswordPath)) {
       pluginData.toFile().mkdirs();
       if (new PasswordGenerator().generate(Path.of(currentPasswordPath))) {
         ui.message(
             "New password (%d bytes long) was generated under '%s' file.\n",
             PASSWORD_LENGTH_DEFAULT, currentPasswordPath);
       } else {
         ui.message(
             "The file under '%s' path already exists. Password wasn't regenerated.\n",
             currentPasswordPath);
       }
     } else {
       // ask for length only if default password is not used
       gitHubKey.set(
           PASSWORD_LENGTH_CONFIG_LABEL,
           String.valueOf(ui.readInt(PASSWORD_LENGTH_DEFAULT, "Password length in bytes")));
     }

     gitHubKey.string(
         "The algorithm to be used to encrypt the provided password",
         SECRET_KEY_CONFIG_LABEL,
         SECRET_KEY_ALGORITHM_DEFAULT);

     gitHubKey.string(
         "The algorithm to be used for encryption/decryption",
         CIPHER_ALGO_CONFIG_LABEL,
         CIPHER_ALGORITHM_DEFAULT);
   }

   private Optional<String> getCurrentKeyId() {
     return cfg.getSubsections(CONF_KEY_SECTION).stream()
         .filter(
             keyId ->
                 cfg.getBoolean(CONF_KEY_SECTION, keyId, CURRENT_CONFIG_LABEL, IS_CURRENT_DEFAULT))
         .findFirst();
   }

   private void authSetDefault(String key, String defValue) {
     if (Strings.isNullOrEmpty(auth.get(key))) {
       auth.set(key, defValue);
     }
   }

   private String getAssumedCanonicalWebUrl() {
     String url = gerrit.get("canonicalWebUrl");
     if (url != null) {
       return url;
     }

     String httpListen = httpd.get("listenUrl");
     if (httpListen != null) {
       try {
         return InitUtil.toURI(httpListen).toString();
       } catch (URISyntaxException e) {
       }
     }

     return String.format("http://%s:8080/", InitUtil.hostname());
   }

   @Override
   public void postRun() throws Exception {}
 }
	// Copyright (C) 2013 The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	package com.googlesource.gerrit.plugins.github;

	import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.CONF_KEY_SECTION;
	import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.CIPHER_ALGORITHM_DEFAULT;
	import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.CIPHER_ALGO_CONFIG_LABEL;
	import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.CURRENT_CONFIG_LABEL;
	import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.IS_CURRENT_DEFAULT;
	import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.KEY_ID_DEFAULT;
	import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.PASSWORD_DEVICE_CONFIG_LABEL;
	import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.PASSWORD_LENGTH_CONFIG_LABEL;
	import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.PASSWORD_LENGTH_DEFAULT;
	import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.SECRET_KEY_ALGORITHM_DEFAULT;
	import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.SECRET_KEY_CONFIG_LABEL;
	import static com.googlesource.gerrit.plugins.github.oauth.PasswordGenerator.DEFAULT_PASSWORD_FILE;

	import com.google.common.base.Strings;
	import com.google.gerrit.extensions.annotations.PluginName;
	import com.google.gerrit.extensions.client.AuthType;
	import com.google.gerrit.pgm.init.api.ConsoleUI;
	import com.google.gerrit.pgm.init.api.InitFlags;
	import com.google.gerrit.pgm.init.api.InitStep;
	import com.google.gerrit.pgm.init.api.InitUtil;
	import com.google.gerrit.pgm.init.api.Section;
	import com.google.gerrit.server.config.SitePaths;
	import com.google.inject.Inject;
	import com.googlesource.gerrit.plugins.github.oauth.PasswordGenerator;
	import java.net.URISyntaxException;
	import java.nio.file.Path;
	import java.util.EnumSet;
	import java.util.Optional;
	import org.eclipse.jgit.storage.file.FileBasedConfig;

	public class InitGitHub implements InitStep {
	private static final String GITHUB_URL = "https://github.com";
	private static final String GITHUB_API_URL = "https://api.github.com";
	private static final String GITHUB_REGISTER_APPLICATION_PATH = "/settings/applications/new";
	private static final String GERRIT_OAUTH_CALLBACK_PATH = "oauth";

	private final Path pluginData;
	private final ConsoleUI ui;
	private final Section auth;
	private final Section httpd;
	private final Section github;
	private final Section gerrit;
	private final Section.Factory sections;
	private final FileBasedConfig cfg;

	@Inject
	InitGitHub(
	@PluginName String pluginName,
	SitePaths site,
	final ConsoleUI ui,
	final Section.Factory sections,
	InitFlags flags) {
	this.pluginData = site.data_dir.resolve(pluginName);
	this.ui = ui;
	this.sections = sections;
	this.cfg = flags.cfg;
	this.github = sections.get("github", null);
	this.httpd = sections.get("httpd", null);
	this.auth = sections.get("auth", null);
	this.gerrit = sections.get("gerrit", null);
	}

	@Override
	public void run() throws Exception {
	ui.header("GitHub Integration");

	github.string("GitHub URL", "url", GITHUB_URL);
	github.string("GitHub API URL", "apiUrl", GITHUB_API_URL);
	ui.message(
	"\nNOTE: You might need to configure a proxy using http.proxy"
	+ " if you run Gerrit behind a firewall.\n");

	String gerritUrl = getAssumedCanonicalWebUrl();
	ui.header("GitHub OAuth registration and credentials");
	ui.message(
	"Register Gerrit as GitHub application on:\n" + "%s%s\n\n",
	github.get("url"), GITHUB_REGISTER_APPLICATION_PATH);
	ui.message("Settings (assumed Gerrit URL: %s)\n", gerritUrl);
	ui.message("* Application name: Gerrit Code Review\n");
	ui.message("* Homepage URL: %s\n", gerritUrl);
	ui.message("* Authorization callback URL: %s%s\n\n", gerritUrl, GERRIT_OAUTH_CALLBACK_PATH);
	ui.message("After registration is complete, enter the generated OAuth credentials:\n");

	github.string("GitHub Client ID", "clientId", null);
	github.passwordForKey("GitHub Client Secret", "clientSecret");

	AuthType authType =
	auth.select(
	"Gerrit OAuth implementation",
	"type",
	AuthType.HTTP,
	EnumSet.of(AuthType.HTTP, AuthType.OAUTH));
	if (authType.equals(AuthType.HTTP)) {
	auth.string("HTTP Authentication Header", "httpHeader", "GITHUB_USER");
	httpd.set("filterClass", "com.googlesource.gerrit.plugins.github.oauth.OAuthFilter");
	authSetDefault("httpExternalIdHeader", "GITHUB_OAUTH_TOKEN");
	authSetDefault("loginUrl", "/login");
	authSetDefault("loginText", "Sign-in with GitHub");
	authSetDefault("registerPageUrl", "/#/register");
	} else {
	httpd.unset("filterClass");
	httpd.unset("httpHeader");
	}

	setupGitHubOAuthTokenCipher();
	}

	private void setupGitHubOAuthTokenCipher() {
	ui.header("GitHub OAuth token cipher configuration");
	Optional<String> maybeCurrentKeyId = getCurrentKeyId();

	boolean configureNewPasswordDevice = false;
	if (maybeCurrentKeyId.isPresent()) {
	if (!ui.yesno(
	false,
	"Current GitHub OAuth token cipher is configured under the %s key id. Do you want to configure a new one?",
	maybeCurrentKeyId.get())) {
	return;
	}

	String notUniqueKeyIdPrefix = "K";
	do {
	String newKeyId = ui.readString("some-key-id", "%sey identifier", notUniqueKeyIdPrefix);
	if (cfg.getSubsections(CONF_KEY_SECTION).contains(newKeyId)) {
	notUniqueKeyIdPrefix =
	String.format(
	"Provided key id '%s' already exists. Please provide a different key.", newKeyId);
	continue;
	}

	cfg.setBoolean(CONF_KEY_SECTION, maybeCurrentKeyId.get(), CURRENT_CONFIG_LABEL, false);
	maybeCurrentKeyId = Optional.of(newKeyId);
	configureNewPasswordDevice = true;
	break;
	} while (true);
	}

	String currentKeyId = maybeCurrentKeyId.orElse(KEY_ID_DEFAULT);
	ui.message("Configuring GitHub OAuth token cipher under '%s' key id\n", currentKeyId);
	Section gitHubKey = sections.get(CONF_KEY_SECTION, currentKeyId);

	gitHubKey.set(CURRENT_CONFIG_LABEL, "true");

	Path defaultPasswordPath = pluginData.resolve(DEFAULT_PASSWORD_FILE);
	String currentPasswordPath =
	gitHubKey.string(
	"Password file or device",
	PASSWORD_DEVICE_CONFIG_LABEL,
	configureNewPasswordDevice ? null : defaultPasswordPath.toString());
	if (defaultPasswordPath.toString().equalsIgnoreCase(currentPasswordPath)) {
	pluginData.toFile().mkdirs();
	if (new PasswordGenerator().generate(Path.of(currentPasswordPath))) {
	ui.message(
	"New password (%d bytes long) was generated under '%s' file.\n",
	PASSWORD_LENGTH_DEFAULT, currentPasswordPath);
	} else {
	ui.message(
	"The file under '%s' path already exists. Password wasn't regenerated.\n",
	currentPasswordPath);
	}
	} else {
	// ask for length only if default password is not used
	gitHubKey.set(
	PASSWORD_LENGTH_CONFIG_LABEL,
	String.valueOf(ui.readInt(PASSWORD_LENGTH_DEFAULT, "Password length in bytes")));
	}

	gitHubKey.string(
	"The algorithm to be used to encrypt the provided password",
	SECRET_KEY_CONFIG_LABEL,
	SECRET_KEY_ALGORITHM_DEFAULT);

	gitHubKey.string(
	"The algorithm to be used for encryption/decryption",
	CIPHER_ALGO_CONFIG_LABEL,
	CIPHER_ALGORITHM_DEFAULT);
	}

	private Optional<String> getCurrentKeyId() {
	return cfg.getSubsections(CONF_KEY_SECTION).stream()
	.filter(
	keyId ->
	cfg.getBoolean(CONF_KEY_SECTION, keyId, CURRENT_CONFIG_LABEL, IS_CURRENT_DEFAULT))
	.findFirst();
	}

	private void authSetDefault(String key, String defValue) {
	if (Strings.isNullOrEmpty(auth.get(key))) {
	auth.set(key, defValue);
	}
	}

	private String getAssumedCanonicalWebUrl() {
	String url = gerrit.get("canonicalWebUrl");
	if (url != null) {
	return url;
	}

	String httpListen = httpd.get("listenUrl");
	if (httpListen != null) {
	try {
	return InitUtil.toURI(httpListen).toString();
	} catch (URISyntaxException e) {
	}
	}

	return String.format("http://%s:8080/", InitUtil.hostname());
	}

	@Override
	public void postRun() throws Exception {}
	}