Add Repository Bearer Authentication

Signed-off-by: Valentijn Scholten <[email protected]>

src/main/java/org/dependencytrack/persistence/RepositoryQueryManager.java

@@ -196,10 +196,11 @@ public Repository createRepository(RepositoryType type, String identifier, Strin
      * @param authenticationRequired if the repository needs authentication or not
      * @param username               the username to access the (authenticated) repository with
      * @param password               the password to access the (authenticated) repository with
+     * @param bearerToken            the bearer token to access the (authenticated) repository with
      * @param enabled                specifies if the repository is enabled
      * @return the updated Repository
      */
-    public Repository updateRepository(UUID uuid, String identifier, String url, boolean internal, boolean authenticationRequired, String username, String password, boolean enabled) {
+    public Repository updateRepository(UUID uuid, String identifier, String url, boolean internal, boolean authenticationRequired, String username, String password, String bearerToken, boolean enabled) {
         final Repository repository = getObjectByUuid(Repository.class, uuid);
         repository.setIdentifier(identifier);
         repository.setUrl(url);
@@ -208,9 +209,11 @@ public Repository updateRepository(UUID uuid, String identifier, String url, boo
         if (!authenticationRequired) {
             repository.setUsername(null);
             repository.setPassword(null);
+            repository.setBearerToken(null);
         } else {
             repository.setUsername(username);
             repository.setPassword(password);
+            repository.setBearerToken(bearerToken);
         }
 
         repository.setEnabled(enabled);

src/main/java/org/dependencytrack/resources/v1/RepositoryResource.java

@@ -226,6 +226,7 @@ public Response createRepository(Repository jsonRepository) {
     })
     @PermissionRequired(Permissions.Constants.SYSTEM_CONFIGURATION)
     public Response updateRepository(Repository jsonRepository) {
+        System.out.println("repo update");
         final Validator validator = super.getValidator();
         failOnValidationError(validator.validateProperty(jsonRepository, "identifier"),
                 validator.validateProperty(jsonRepository, "url")
@@ -234,23 +235,31 @@ public Response updateRepository(Repository jsonRepository) {
         try (QueryManager qm = new QueryManager()) {
             Repository repository = qm.getObjectByUuid(Repository.class, jsonRepository.getUuid());
             if (repository != null) {
+                System.out.println("repo update inner");
                 final String url = StringUtils.trimToNull(jsonRepository.getUrl());
+                String msg = "password";
                 try {
+                    System.out.println("repo password decrypt");
                     // The password is not passed to the front-end, so it should only be overwritten if it is not null or not set to default value coming from ui
                     final String updatedPassword = jsonRepository.getPassword()!=null && !jsonRepository.getPassword().equals(ENCRYPTED_PLACEHOLDER)
                             ? DataEncryption.encryptAsString(jsonRepository.getPassword())
                             : repository.getPassword();
 
                     // The bearerToken is not passed to the front-end, so it should only be overwritten if it is not null or not set to default value coming from ui
+                    System.out.println("repo bearer decrypt");
+                    msg = "bearerToken";
                     final String updatedBearerToken = jsonRepository.getBearerToken()!=null && !jsonRepository.getBearerToken().equals(ENCRYPTED_PLACEHOLDER)
                             ? DataEncryption.encryptAsString(jsonRepository.getBearerToken())
                             : repository.getBearerToken();
 
+                    System.out.println("repo update real");
                     repository = qm.updateRepository(jsonRepository.getUuid(), repository.getIdentifier(), url,
                             jsonRepository.isInternal(), jsonRepository.isAuthenticationRequired(), jsonRepository.getUsername(), updatedPassword, updatedBearerToken, jsonRepository.isEnabled());
+                    System.out.println("repo update done");
                     return Response.ok(repository).build();
                 } catch (Exception e) {
-                    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("The specified repository password could not be encrypted.").build();
+                    e.printStackTrace(System.out);
+                    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("The specified repository %s could not be encrypted.".formatted(msg)).build();
                 }
             } else {
                 return Response.status(Response.Status.NOT_FOUND).entity("The UUID of the repository could not be found.").build();

src/test/java/org/dependencytrack/resources/v1/RepositoryResourceTest.java

@@ -20,6 +20,9 @@
 
 import alpine.server.filters.ApiFilter;
 import alpine.server.filters.AuthenticationFilter;
+
+import org.apache.http.HttpEntity;
+import org.apache.http.util.EntityUtils;
 import org.dependencytrack.JerseyTestRule;
 import org.dependencytrack.ResourceTest;
 import org.dependencytrack.model.Repository;
@@ -286,6 +289,7 @@ public void updateRepositoryTest() throws Exception {
                     repository1.setAuthenticationRequired(false);
                     response = jersey.target(V1_REPOSITORY).request().header(X_API_KEY, apiKey)
                             .post(Entity.entity(repository1, MediaType.APPLICATION_JSON));
+                    System.out.println(response.readEntity(String.class));
                     Assert.assertEquals(200, response.getStatus());
                     break;
                 }