diff --git a/src/main/java/org/dependencytrack/model/Repository.java b/src/main/java/org/dependencytrack/model/Repository.java index 688045718f..91a8048da1 100644 --- a/src/main/java/org/dependencytrack/model/Repository.java +++ b/src/main/java/org/dependencytrack/model/Repository.java @@ -100,6 +100,10 @@ public class Repository implements Serializable { @Column(name = "PASSWORD") private String password; + @Persistent + @Column(name = "BEARERTOKEN") + private String bearerToken; + @Persistent(customValueStrategy = "uuid") @Index(name = "REPOSITORY_UUID_IDX") // Cannot be @Unique. Microsoft SQL Server throws an exception @Column(name = "UUID", jdbcType = "VARCHAR", length = 36, allowsNull = "true") @@ -189,6 +193,16 @@ public void setPassword(String password) { this.password = password; } + @JsonIgnore + public String getBearerToken() { + return bearerToken; + } + + @JsonProperty(value = "bearerToken") + public void setBearerToken(String bearerToken) { + this.bearerToken = bearerToken; + } + public UUID getUuid() { return uuid; } diff --git a/src/main/java/org/dependencytrack/persistence/DefaultObjectGenerator.java b/src/main/java/org/dependencytrack/persistence/DefaultObjectGenerator.java index 1cc6729b57..949f7fd708 100644 --- a/src/main/java/org/dependencytrack/persistence/DefaultObjectGenerator.java +++ b/src/main/java/org/dependencytrack/persistence/DefaultObjectGenerator.java @@ -214,23 +214,23 @@ private List getBadgesPermissions(final List fullList) { public void loadDefaultRepositories() { try (QueryManager qm = new QueryManager()) { LOGGER.info("Synchronizing default repositories to datastore"); - qm.createRepository(RepositoryType.CPAN, "cpan-public-registry", "https://fastapi.metacpan.org/v1/", true, false, false, null, null); - qm.createRepository(RepositoryType.GEM, "rubygems.org", "https://rubygems.org/", true, false, false, null, null); - qm.createRepository(RepositoryType.HEX, "hex.pm", "https://hex.pm/", true, false, false, null, null); - qm.createRepository(RepositoryType.HACKAGE, "hackage.haskell.org", "https://hackage.haskell.org/", true, false, false, null, null); - qm.createRepository(RepositoryType.MAVEN, "central", "https://repo1.maven.org/maven2/", true, false, false, null, null); - qm.createRepository(RepositoryType.MAVEN, "atlassian-public", "https://packages.atlassian.com/content/repositories/atlassian-public/", true, false, false, null, null); - qm.createRepository(RepositoryType.MAVEN, "jboss-releases", "https://repository.jboss.org/nexus/content/repositories/releases/", true, false, false, null, null); - qm.createRepository(RepositoryType.MAVEN, "clojars", "https://repo.clojars.org/", true, false, false, null, null); - qm.createRepository(RepositoryType.MAVEN, "google-android", "https://maven.google.com/", true, false, false, null, null); - qm.createRepository(RepositoryType.NIXPKGS, "nixpkgs-unstable", "https://channels.nixos.org/nixpkgs-unstable/packages.json.br", true, false, false, null, null); - qm.createRepository(RepositoryType.NPM, "npm-public-registry", "https://registry.npmjs.org/", true, false, false, null, null); - qm.createRepository(RepositoryType.PYPI, "pypi.org", "https://pypi.org/", true, false, false, null, null); - qm.createRepository(RepositoryType.NUGET, "nuget-gallery", "https://api.nuget.org/", true, false, false, null, null); - qm.createRepository(RepositoryType.COMPOSER, "packagist", "https://repo.packagist.org/", true, false, false, null, null); - qm.createRepository(RepositoryType.CARGO, "crates.io", "https://crates.io", true, false, false, null, null); - qm.createRepository(RepositoryType.GO_MODULES, "proxy.golang.org", "https://proxy.golang.org", true, false, false, null, null); - qm.createRepository(RepositoryType.GITHUB, "github.com", "https://github.com", true, false, false, null, null); + qm.createRepository(RepositoryType.CPAN, "cpan-public-registry", "https://fastapi.metacpan.org/v1/", true, false, false, null, null, null); + qm.createRepository(RepositoryType.GEM, "rubygems.org", "https://rubygems.org/", true, false, false, null, null, null); + qm.createRepository(RepositoryType.HEX, "hex.pm", "https://hex.pm/", true, false, false, null, null, null); + qm.createRepository(RepositoryType.HACKAGE, "hackage.haskell.org", "https://hackage.haskell.org/", true, false, false, null, null, null); + qm.createRepository(RepositoryType.MAVEN, "central", "https://repo1.maven.org/maven2/", true, false, false, null, null, null); + qm.createRepository(RepositoryType.MAVEN, "atlassian-public", "https://packages.atlassian.com/content/repositories/atlassian-public/", true, false, false, null, null, null); + qm.createRepository(RepositoryType.MAVEN, "jboss-releases", "https://repository.jboss.org/nexus/content/repositories/releases/", true, false, false, null, null, null); + qm.createRepository(RepositoryType.MAVEN, "clojars", "https://repo.clojars.org/", true, false, false, null, null, null); + qm.createRepository(RepositoryType.MAVEN, "google-android", "https://maven.google.com/", true, false, false, null, null, null); + qm.createRepository(RepositoryType.NIXPKGS, "nixpkgs-unstable", "https://channels.nixos.org/nixpkgs-unstable/packages.json.br", true, false, false, null, null, null); + qm.createRepository(RepositoryType.NPM, "npm-public-registry", "https://registry.npmjs.org/", true, false, false, null, null, null); + qm.createRepository(RepositoryType.PYPI, "pypi.org", "https://pypi.org/", true, false, false, null, null, null); + qm.createRepository(RepositoryType.NUGET, "nuget-gallery", "https://api.nuget.org/", true, false, false, null, null, null); + qm.createRepository(RepositoryType.COMPOSER, "packagist", "https://repo.packagist.org/", true, false, false, null, null, null); + qm.createRepository(RepositoryType.CARGO, "crates.io", "https://crates.io", true, false, false, null, null, null); + qm.createRepository(RepositoryType.GO_MODULES, "proxy.golang.org", "https://proxy.golang.org", true, false, false, null, null, null); + qm.createRepository(RepositoryType.GITHUB, "github.com", "https://github.com", true, false, false, null, null, null); } } diff --git a/src/main/java/org/dependencytrack/persistence/QueryManager.java b/src/main/java/org/dependencytrack/persistence/QueryManager.java index 56b3cc312b..c0f1620597 100644 --- a/src/main/java/org/dependencytrack/persistence/QueryManager.java +++ b/src/main/java/org/dependencytrack/persistence/QueryManager.java @@ -1237,12 +1237,12 @@ public boolean repositoryExist(RepositoryType type, String identifier) { return getRepositoryQueryManager().repositoryExist(type, identifier); } - public Repository createRepository(RepositoryType type, String identifier, String url, boolean enabled, boolean internal, boolean isAuthenticationRequired, String username, String password) { - return getRepositoryQueryManager().createRepository(type, identifier, url, enabled, internal, isAuthenticationRequired, username, password); + public Repository createRepository(RepositoryType type, String identifier, String url, boolean enabled, boolean internal, boolean isAuthenticationRequired, String username, String password, String bearerToken) { + return getRepositoryQueryManager().createRepository(type, identifier, url, enabled, internal, isAuthenticationRequired, username, password, bearerToken); } - public Repository updateRepository(UUID uuid, String identifier, String url, boolean internal, boolean authenticationRequired, String username, String password, boolean enabled) { - return getRepositoryQueryManager().updateRepository(uuid, identifier, url, internal, authenticationRequired, username, password, enabled); + public Repository updateRepository(UUID uuid, String identifier, String url, boolean internal, boolean authenticationRequired, String username, String password, String bearerToken, boolean enabled) { + return getRepositoryQueryManager().updateRepository(uuid, identifier, url, internal, authenticationRequired, username, password, bearerToken, enabled); } public RepositoryMetaComponent getRepositoryMetaComponent(RepositoryType repositoryType, String namespace, String name) { diff --git a/src/main/java/org/dependencytrack/persistence/RepositoryQueryManager.java b/src/main/java/org/dependencytrack/persistence/RepositoryQueryManager.java index 59094731f3..d124a703d0 100644 --- a/src/main/java/org/dependencytrack/persistence/RepositoryQueryManager.java +++ b/src/main/java/org/dependencytrack/persistence/RepositoryQueryManager.java @@ -143,9 +143,10 @@ public boolean repositoryExist(RepositoryType type, String identifier) { * @param isAuthenticationRequired if the repository needs authentication or not * @param username the username to access the (authenticated) repository with * @param password the password to access the (authenticated) repository with + * @param bearerToken the token to access the (authenticated) repository with * @return the created Repository */ - public Repository createRepository(RepositoryType type, String identifier, String url, boolean enabled, boolean internal, boolean isAuthenticationRequired, String username, String password) { + public Repository createRepository(RepositoryType type, String identifier, String url, boolean enabled, boolean internal, boolean isAuthenticationRequired, String username, String password, String bearerToken) { if (repositoryExist(type, identifier)) { return null; } @@ -166,15 +167,21 @@ public Repository createRepository(RepositoryType type, String identifier, Strin repo.setEnabled(enabled); repo.setInternal(internal); repo.setAuthenticationRequired(isAuthenticationRequired); - if (Boolean.TRUE.equals(isAuthenticationRequired) && (username != null || password != null)) { + if (Boolean.TRUE.equals(isAuthenticationRequired) && (username != null || password != null || bearerToken != null)) { repo.setUsername(StringUtils.trimToNull(username)); + String msg = "password"; try { if (password != null) { repo.setPassword(DataEncryption.encryptAsString(password)); } + msg = "bearerToken"; + if (bearerToken != null) { + repo.setBearerToken(DataEncryption.encryptAsString(bearerToken)); + } } catch (Exception e) { - LOGGER.error("An error occurred while saving password in encrypted state"); + LOGGER.error("An error occurred while saving %s in encrypted state".formatted(msg)); } + } return persist(repo); } diff --git a/src/main/java/org/dependencytrack/resources/v1/RepositoryResource.java b/src/main/java/org/dependencytrack/resources/v1/RepositoryResource.java index bc7d1077e2..9365fc2fbc 100644 --- a/src/main/java/org/dependencytrack/resources/v1/RepositoryResource.java +++ b/src/main/java/org/dependencytrack/resources/v1/RepositoryResource.java @@ -198,7 +198,8 @@ public Response createRepository(Repository jsonRepository) { jsonRepository.isEnabled(), jsonRepository.isInternal(), jsonRepository.isAuthenticationRequired(), - jsonRepository.getUsername(), jsonRepository.getPassword()); + jsonRepository.getUsername(), jsonRepository.getPassword(), + jsonRepository.getBearerToken()); return Response.status(Response.Status.CREATED).entity(repository).build(); } else { @@ -240,8 +241,13 @@ public Response updateRepository(Repository jsonRepository) { ? DataEncryption.encryptAsString(jsonRepository.getPassword()) : repository.getPassword(); + // The bearerToken is not passed to the front-end, so it should only be overwritten if it is not null or not set to default value coming from ui + final String updatedBearerToken = jsonRepository.getBearerToken()!=null && !jsonRepository.getBearerToken().equals(ENCRYPTED_PLACEHOLDER) + ? DataEncryption.encryptAsString(jsonRepository.getBearerToken()) + : repository.getBearerToken(); + repository = qm.updateRepository(jsonRepository.getUuid(), repository.getIdentifier(), url, - jsonRepository.isInternal(), jsonRepository.isAuthenticationRequired(), jsonRepository.getUsername(), updatedPassword, jsonRepository.isEnabled()); + jsonRepository.isInternal(), jsonRepository.isAuthenticationRequired(), jsonRepository.getUsername(), updatedPassword, updatedBearerToken, jsonRepository.isEnabled()); return Response.ok(repository).build(); } catch (Exception e) { return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("The specified repository password could not be encrypted.").build(); diff --git a/src/main/java/org/dependencytrack/tasks/repositories/AbstractMetaAnalyzer.java b/src/main/java/org/dependencytrack/tasks/repositories/AbstractMetaAnalyzer.java index 3ff19a30b9..2e9ce3d977 100644 --- a/src/main/java/org/dependencytrack/tasks/repositories/AbstractMetaAnalyzer.java +++ b/src/main/java/org/dependencytrack/tasks/repositories/AbstractMetaAnalyzer.java @@ -52,6 +52,8 @@ public abstract class AbstractMetaAnalyzer implements IMetaAnalyzer { protected String password; + protected String bearerToken; + /** * {@inheritDoc} */ @@ -66,9 +68,10 @@ public void setRepositoryBaseUrl(String baseUrl) { this.baseUrl = baseUrl; } - public void setRepositoryUsernameAndPassword(String username, String password) { + public void setCredentials(String username, String password, String bearerToken) { this.username = StringUtils.trimToNull(username); this.password = StringUtils.trimToNull(password); + this.bearerToken = StringUtils.trimToNull(bearerToken); } protected String urlEncode(final String value) { @@ -105,8 +108,8 @@ protected CloseableHttpResponse processHttpRequest(String url) throws IOExceptio URIBuilder uriBuilder = new URIBuilder(url); final HttpUriRequest request = new HttpGet(uriBuilder.build().toString()); request.addHeader("accept", "application/json"); - if (username != null || password != null) { - request.addHeader("Authorization", HttpUtil.basicAuthHeaderValue(username, password)); + if (username != null || password != null || bearerToken != null) { + request.addHeader("Authorization", HttpUtil.constructAuthHeaderValue(username, password, bearerToken)); } return HttpClientPool.getClient().execute(request); }catch (URISyntaxException ex){ diff --git a/src/main/java/org/dependencytrack/tasks/repositories/GithubMetaAnalyzer.java b/src/main/java/org/dependencytrack/tasks/repositories/GithubMetaAnalyzer.java index a717801862..dba0f20239 100644 --- a/src/main/java/org/dependencytrack/tasks/repositories/GithubMetaAnalyzer.java +++ b/src/main/java/org/dependencytrack/tasks/repositories/GithubMetaAnalyzer.java @@ -66,15 +66,6 @@ public void setRepositoryBaseUrl(String baseUrl) { this.repositoryUrl = baseUrl; } - /** - * {@inheritDoc} - */ - @Override - public void setRepositoryUsernameAndPassword(String username, String password) { - this.repositoryUser = username; - this.repositoryPassword = password; - } - /** * {@inheritDoc} */ diff --git a/src/main/java/org/dependencytrack/tasks/repositories/IMetaAnalyzer.java b/src/main/java/org/dependencytrack/tasks/repositories/IMetaAnalyzer.java index 7afdc968db..05db5dbe60 100644 --- a/src/main/java/org/dependencytrack/tasks/repositories/IMetaAnalyzer.java +++ b/src/main/java/org/dependencytrack/tasks/repositories/IMetaAnalyzer.java @@ -41,12 +41,13 @@ public interface IMetaAnalyzer { /** * Sets the username and password (or access token) to use for authentication with the repository. Should not be used for repositories that do not - * use Basic authentication. + * use Basic or Bearer authentication. * @param username the username for access to the repository. * @param password the password or access token to be used for the repository. + * @param bearerToken the password or access token to be used for the repository. * @since 4.6.0 */ - void setRepositoryUsernameAndPassword(String username, String password); + void setCredentials(String username, String password, String bearerToken); /** * Returns the type of repositry the analyzer supports. @@ -154,7 +155,7 @@ public void setRepositoryBaseUrl(String baseUrl) { } @Override - public void setRepositoryUsernameAndPassword(String username, String password) { + public void setCredentials(String username, String password, String bearerToken) { } diff --git a/src/main/java/org/dependencytrack/tasks/repositories/RepositoryMetaAnalyzerTask.java b/src/main/java/org/dependencytrack/tasks/repositories/RepositoryMetaAnalyzerTask.java index 3ee9019a91..753c41412d 100644 --- a/src/main/java/org/dependencytrack/tasks/repositories/RepositoryMetaAnalyzerTask.java +++ b/src/main/java/org/dependencytrack/tasks/repositories/RepositoryMetaAnalyzerTask.java @@ -180,11 +180,16 @@ private void analyze(final QueryManager qm, final Component component, final IMe if (Boolean.TRUE.equals(repository.isAuthenticationRequired())) { try { + LOGGER.error("decrypting credentials"); String decryptedPassword = null; + String decryptedBearerToken = null; + if (repository.getBearerToken() != null) { + decryptedBearerToken = DebugDataEncryption.decryptAsString(repository.getBearerToken()); + } if (repository.getPassword() != null) { decryptedPassword = DebugDataEncryption.decryptAsString(repository.getPassword()); } - analyzer.setRepositoryUsernameAndPassword(repository.getUsername(), decryptedPassword); + analyzer.setCredentials(repository.getUsername(), decryptedPassword, decryptedBearerToken); } catch (Exception e) { LOGGER.error("Failed decrypting password for repository: " + repository.getIdentifier(), e); } diff --git a/src/main/java/org/dependencytrack/upgrade/UpgradeItems.java b/src/main/java/org/dependencytrack/upgrade/UpgradeItems.java index 8fa30e9b58..924777c4d4 100644 --- a/src/main/java/org/dependencytrack/upgrade/UpgradeItems.java +++ b/src/main/java/org/dependencytrack/upgrade/UpgradeItems.java @@ -41,6 +41,7 @@ class UpgradeItems { UPGRADE_ITEMS.add(org.dependencytrack.upgrade.v4110.v4110Updater.class); UPGRADE_ITEMS.add(org.dependencytrack.upgrade.v4120.v4120Updater.class); UPGRADE_ITEMS.add(org.dependencytrack.upgrade.v4122.v4122Updater.class); + UPGRADE_ITEMS.add(org.dependencytrack.upgrade.v4130.v4130Updater.class); } static List> getUpgradeItems() { diff --git a/src/main/java/org/dependencytrack/util/HttpUtil.java b/src/main/java/org/dependencytrack/util/HttpUtil.java index 58103f1b3b..204686f0b0 100644 --- a/src/main/java/org/dependencytrack/util/HttpUtil.java +++ b/src/main/java/org/dependencytrack/util/HttpUtil.java @@ -21,6 +21,8 @@ import java.util.Base64; import java.util.Objects; +import org.apache.commons.lang3.StringUtils; + import static org.apache.http.HttpHeaders.AUTHORIZATION; public final class HttpUtil { @@ -31,10 +33,6 @@ public final class HttpUtil { private HttpUtil() { } - public static String basicAuthHeader(final String username, final String password) { - return AUTHORIZATION + ": " + basicAuthHeaderValue(username, password); - } - public static String basicAuthHeaderValue(final String username, final String password) { return "Basic " + Base64.getEncoder().encodeToString( @@ -42,4 +40,21 @@ public static String basicAuthHeaderValue(final String username, final String pa .getBytes() ); } + + public static String basicAuthHeader(final String username, final String password) { + return AUTHORIZATION + ": " + basicAuthHeaderValue(username, password); + } + + public static String bearerAuthHeaderValue(final String bearerToken) { + return "Bearer " + bearerToken; + } + + public static String constructAuthHeaderValue(final String username, final String password, final String bearerToken) { + if (StringUtils.isNotBlank(bearerToken)) { + return bearerAuthHeaderValue(bearerToken); + } else { + return basicAuthHeaderValue(username, password); + } + } + } diff --git a/src/test/java/org/dependencytrack/tasks/RepoMetaAnalysisTaskTest.java b/src/test/java/org/dependencytrack/tasks/RepoMetaAnalysisTaskTest.java index 02455e160b..b608e56c07 100644 --- a/src/test/java/org/dependencytrack/tasks/RepoMetaAnalysisTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/RepoMetaAnalysisTaskTest.java @@ -11,6 +11,7 @@ import org.dependencytrack.model.Component; import org.dependencytrack.model.ConfigPropertyConstants; import org.dependencytrack.model.Project; +import org.dependencytrack.model.Repository; import org.dependencytrack.model.RepositoryMetaComponent; import org.dependencytrack.model.RepositoryType; import org.dependencytrack.tasks.repositories.RepositoryMetaAnalyzerTask; @@ -70,7 +71,7 @@ public void informTestNullPassword() throws Exception { 20210213164433 - + """.getBytes(), new ContentTypeHeader(MediaType.APPLICATION_JSON)) ) .withHeader("X-CheckSum-MD5", "md5hash") @@ -85,7 +86,7 @@ public void informTestNullPassword() throws Exception { component.setName("junit"); component.setPurl(new PackageURL("pkg:maven/junit/junit@4.12")); qm.createComponent(component, false); - qm.createRepository(RepositoryType.MAVEN, "test", wireMockRule.baseUrl(), true, false, true, "testuser", null); + qm.createRepository(RepositoryType.MAVEN, "test", wireMockRule.baseUrl(), true, false, true, "testuser", null, null); new RepositoryMetaAnalyzerTask().inform(new RepositoryMetaEvent(List.of(component))); RepositoryMetaComponent metaComponent = qm.getRepositoryMetaComponent(RepositoryType.MAVEN, "junit", "junit"); qm.getPersistenceManager().refresh(metaComponent); @@ -116,7 +117,7 @@ public void informTestNullUserName() throws Exception { 20210213164433 - + """.getBytes(), new ContentTypeHeader(MediaType.APPLICATION_JSON)) ) .withHeader("X-CheckSum-MD5", "md5hash") @@ -131,7 +132,7 @@ public void informTestNullUserName() throws Exception { component.setName("test1"); component.setPurl(new PackageURL("pkg:maven/test1/test1@1.2.0")); qm.createComponent(component, false); - qm.createRepository(RepositoryType.MAVEN, "test", wireMockRule.baseUrl(), true, false, true, null, "testPassword"); + qm.createRepository(RepositoryType.MAVEN, "test", wireMockRule.baseUrl(), true, false, true, null, "testPassword", null); new RepositoryMetaAnalyzerTask().inform(new RepositoryMetaEvent(List.of(component))); RepositoryMetaComponent metaComponent = qm.getRepositoryMetaComponent(RepositoryType.MAVEN, "test1", "test1"); qm.getPersistenceManager().refresh(metaComponent); @@ -162,7 +163,7 @@ public void informTestNullUserNameAndPassword() throws Exception { 20210213164433 - + """.getBytes(), new ContentTypeHeader(MediaType.APPLICATION_JSON)) ) .withHeader("X-CheckSum-MD5", "md5hash") @@ -177,7 +178,7 @@ public void informTestNullUserNameAndPassword() throws Exception { component.setName("junit"); component.setPurl(new PackageURL("pkg:maven/test2/test2@4.12")); qm.createComponent(component, false); - qm.createRepository(RepositoryType.MAVEN, "test", wireMockRule.baseUrl(), true, false, false, null, null); + qm.createRepository(RepositoryType.MAVEN, "test", wireMockRule.baseUrl(), true, false, false, null, null, null); new RepositoryMetaAnalyzerTask().inform(new RepositoryMetaEvent(List.of(component))); RepositoryMetaComponent metaComponent = qm.getRepositoryMetaComponent(RepositoryType.MAVEN, "test2", "test2"); qm.getPersistenceManager().refresh(metaComponent); @@ -186,7 +187,7 @@ public void informTestNullUserNameAndPassword() throws Exception { @Test public void informTestUserNameAndPassword() throws Exception { - WireMock.stubFor(WireMock.get(WireMock.anyUrl()) + WireMock.stubFor(WireMock.get(WireMock.anyUrl()).withHeader("Authorization", containing("Basic")) .willReturn(WireMock.aResponse() .withStatus(200) .withResponseBody(Body.ofBinaryOrText(""" @@ -208,7 +209,7 @@ public void informTestUserNameAndPassword() throws Exception { 20210213164433 - + """.getBytes(), new ContentTypeHeader(MediaType.APPLICATION_JSON)) ) .withHeader("X-CheckSum-MD5", "md5hash") @@ -223,10 +224,57 @@ public void informTestUserNameAndPassword() throws Exception { component.setName("test3"); component.setPurl(new PackageURL("pkg:maven/test3/test3@4.12")); qm.createComponent(component, false); - qm.createRepository(RepositoryType.MAVEN, "test", wireMockRule.baseUrl(), true, false, true, "testUser", "testPassword"); + qm.createRepository(RepositoryType.MAVEN, "test", wireMockRule.baseUrl(), true, false, true, "testUser", "testPassword", null); new RepositoryMetaAnalyzerTask().inform(new RepositoryMetaEvent(List.of(component))); RepositoryMetaComponent metaComponent = qm.getRepositoryMetaComponent(RepositoryType.MAVEN, "test3", "test3"); qm.getPersistenceManager().refresh(metaComponent); assertThat(metaComponent.getLatestVersion()).isEqualTo("4.13.2"); } + + @Test + public void informTestBearerToken() throws Exception { + WireMock.stubFor(WireMock.get(WireMock.anyUrl()).withHeader("Authorization", containing("Bearer")) + .willReturn(WireMock.aResponse() + .withStatus(200) + .withResponseBody(Body.ofBinaryOrText(""" + + test4 + test4 + + 4.13.2 + 4.13.2 + + 4.13-beta-1 + 4.13-beta-2 + 4.13-beta-3 + 4.13-rc-1 + 4.13-rc-2 + 4.13 + 4.13.1 + 4.13.2 + + 20210213164433 + + + """.getBytes(), new ContentTypeHeader(MediaType.APPLICATION_JSON)) + ) + .withHeader("X-CheckSum-MD5", "md5hash") + .withHeader("X-Checksum-SHA1", "sha1hash") + .withHeader("X-Checksum-SHA512", "sha512hash") + .withHeader("X-Checksum-SHA256", "sha256hash") + .withHeader("Last-Modified", "Thu, 07 Jul 2022 14:00:00 GMT"))); + EventService.getInstance().subscribe(RepositoryMetaEvent.class, RepositoryMetaAnalyzerTask.class); + Project project = qm.createProject("Acme Example", null, "1.0", null, null, null, true, false); + Component component = new Component(); + component.setProject(project); + component.setName("test4"); + component.setPurl(new PackageURL("pkg:maven/test4/test4@4.12")); + qm.createComponent(component, false); + qm.createRepository(RepositoryType.MAVEN, "test", wireMockRule.baseUrl(), true, false, true, null, null, "bearer_token"); + new RepositoryMetaAnalyzerTask().inform(new RepositoryMetaEvent(List.of(component))); + RepositoryMetaComponent metaComponent = qm.getRepositoryMetaComponent(RepositoryType.MAVEN, "test4", "test4"); + qm.getPersistenceManager().refresh(metaComponent); + assertThat(metaComponent.getLatestVersion()).isEqualTo("4.13.2"); + } + } diff --git a/src/test/java/org/dependencytrack/tasks/repositories/NugetMetaAnalyzerTest.java b/src/test/java/org/dependencytrack/tasks/repositories/NugetMetaAnalyzerTest.java index 0cf52204f1..58f3797338 100644 --- a/src/test/java/org/dependencytrack/tasks/repositories/NugetMetaAnalyzerTest.java +++ b/src/test/java/org/dependencytrack/tasks/repositories/NugetMetaAnalyzerTest.java @@ -71,8 +71,8 @@ public void testAnalyzer() throws Exception { // This test is to check if the analyzer is excluding pre-release versions - // The test is transitent depending on the current version of the package - // retrieved from the repository at the time of running. + // The test is transitent depending on the current version of the package + // retrieved from the repository at the time of running. // When it was created, the latest release version was 9.0.0-preview.1.24080.9 @Test public void testAnalyzerExcludingPreRelease() throws Exception { @@ -91,8 +91,8 @@ public void testAnalyzerExcludingPreRelease() throws Exception { } // This test is to check if the analyzer is including pre-release versions - // The test is transitent depending on the current version of the package - // retrieved from the repository at the time of running. + // The test is transitent depending on the current version of the package + // retrieved from the repository at the time of running. // When it was created, the latest release version was 9.0.0-preview.1.24080.9 @Test public void testAnalyzerIncludingPreRelease() throws Exception { @@ -161,7 +161,7 @@ public void testAnalyzerWithPrivatePackageRepository() throws Exception { Component component = new Component(); component.setPurl(new PackageURL("pkg:nuget/NUnitPrivate@5.0.1")); NugetMetaAnalyzer analyzer = new NugetMetaAnalyzer(); - analyzer.setRepositoryUsernameAndPassword(null, "password"); + analyzer.setCredentials(null, "password", null); analyzer.setRepositoryBaseUrl("http://localhost:1080"); MetaModel metaModel = analyzer.analyze(component); Assert.assertEquals("5.0.2", metaModel.getLatestVersion()); diff --git a/src/test/java/org/dependencytrack/util/HttpUtilTest.java b/src/test/java/org/dependencytrack/util/HttpUtilTest.java index 8810174eb5..5459c7404a 100644 --- a/src/test/java/org/dependencytrack/util/HttpUtilTest.java +++ b/src/test/java/org/dependencytrack/util/HttpUtilTest.java @@ -21,17 +21,23 @@ import org.junit.Assert; import org.junit.Test; -public class HttpUtilTest { +public class HttpUtilTest { - @Test - public void testBasicAuthHeader() throws Exception { - String header = HttpUtil.basicAuthHeader("username", "password"); - Assert.assertEquals("Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=", header); - } - - @Test public void testBasicAuthHeaderValue() throws Exception { String authvalue = HttpUtil.basicAuthHeaderValue("username", "password"); Assert.assertEquals("Basic dXNlcm5hbWU6cGFzc3dvcmQ=", authvalue); } -} + + @Test + public void testBearerAuthHeader() throws Exception { + String authvalue = HttpUtil.constructAuthHeaderValue("username", "password", "bearer_token"); + Assert.assertEquals("Bearer bearer_token", authvalue); + } + + @Test + public void testBasicAuthHeader() throws Exception { + String authvalue = HttpUtil.basicAuthHeader("username", "password"); + Assert.assertEquals("Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=", authvalue); + } + +}