eclipse · paul-marechal · Nov 25, 2023 · Dec 9, 2024 · Dec 9, 2024 · Dec 9, 2024
diff --git a/server/src/main/java/org/eclipse/openvsx/OVSXConfig.java b/server/src/main/java/org/eclipse/openvsx/OVSXConfig.java
@@ -0,0 +1,108 @@
+package org.eclipse.openvsx;
+
+import static java.util.Collections.emptyMap;
+
+import java.util.Map;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * TODO: use lombok to reduce boilerplate, it's very needed.
+ */
+@Configuration
+@ConfigurationProperties(prefix = "ovsx")
+public class OVSXConfig {
+
+    private AuthConfig auth = new AuthConfig();
+
+    public AuthConfig getAuth() {
+        return auth;
+    }
+
+    public void setAuth(AuthConfig authConfig) {
+        this.auth = authConfig;
+    }
+
+    public static class AuthConfig {
+
+        private String provider = "github";
+
+        /**
+         * Configuration example:
+         * <pre><code>
+         * ovsx:
+         *   auth:
+         *     attribute-names:
+         *       github: # provider name
+         *         login: field-returned-by-your-provider
+         * </code></pre>
+         */
+        private Map<String, AttributeNames> attributeNames = emptyMap();
+
+        public String getProvider() {
+            return provider;
+        }
+
+        public void setProvider(String provider) {
+            this.provider = provider;
+        }
+
+        public Map<String, AttributeNames> getAttributeNames() {
+            return attributeNames;
+        }
+
+        public void setAttributeNames(Map<String, AttributeNames> attributeNames) {
+            this.attributeNames = attributeNames;
+        }
+
+        public static class AttributeNames {
+
+            private String avatarUrl;
+            private String email;
+            private String fullName;
+            private String loginName;
+            private String providerUrl;
+
+            public String getAvatarUrl() {
+                return avatarUrl;
+            }
+
+            public void setAvatarUrl(String avatarUrl) {
+                this.avatarUrl = avatarUrl;
+            }
+
+            public String getEmail() {
+                return email;
+            }
+
+            public void setEmail(String email) {
+                this.email = email;
+            }
+
+            public String getFullName() {
+                return fullName;
+            }
+
+            public void setFullName(String fullName) {
+                this.fullName = fullName;
+            }
+
+            public String getLoginName() {
+                return loginName;
+            }
+
+            public void setLoginName(String loginName) {
+                this.loginName = loginName;
+            }
+
+            public String getProviderUrl() {
+                return providerUrl;
+            }
+
+            public void setProviderUrl(String providerUrl) {
+                this.providerUrl = providerUrl;
+            }
+        }
+    }
+}
diff --git a/server/src/main/java/org/eclipse/openvsx/UserAPI.java b/server/src/main/java/org/eclipse/openvsx/UserAPI.java
@@ -53,17 +53,20 @@ public class UserAPI {
     private final UserService users;
     private final EclipseService eclipse;
     private final StorageUtilService storageUtil;
+    private final OVSXConfig config;
 
     public UserAPI(
             RepositoryService repositories,
             UserService users,
             EclipseService eclipse,
-            StorageUtilService storageUtil
+            StorageUtilService storageUtil,
+            OVSXConfig config
     ) {
         this.repositories = repositories;
         this.users = users;
         this.eclipse = eclipse;
         this.storageUtil = storageUtil;
+        this.config = config;
     }
 
     /**
@@ -73,7 +76,7 @@ public UserAPI(
         path = "/login"
     )
     public ModelAndView login(ModelMap model) {
-        return new ModelAndView("redirect:/oauth2/authorization/github", model);
+        return new ModelAndView("redirect:/oauth2/authorization/" + config.getAuth().getProvider(), model);
     }
 
     /**

diff --git a/server/src/main/java/org/eclipse/openvsx/UserService.java b/server/src/main/java/org/eclipse/openvsx/UserService.java
@@ -9,9 +9,15 @@
  ********************************************************************************/
 package org.eclipse.openvsx;
 
-import com.google.common.base.Joiner;
-import jakarta.persistence.EntityManager;
-import jakarta.transaction.Transactional;
+import static org.eclipse.openvsx.cache.CacheService.CACHE_NAMESPACE_DETAILS_JSON;
+import static org.eclipse.openvsx.util.UrlUtil.createApiUrl;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.util.List;
+import java.util.Objects;
+import java.util.UUID;
+
 import org.apache.commons.lang3.SerializationUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.tika.Tika;
@@ -27,23 +33,24 @@
 import org.eclipse.openvsx.json.NamespaceDetailsJson;
 import org.eclipse.openvsx.json.ResultJson;
 import org.eclipse.openvsx.repositories.RepositoryService;
+import org.eclipse.openvsx.security.AuthUser;
 import org.eclipse.openvsx.security.IdPrincipal;
 import org.eclipse.openvsx.storage.StorageUtilService;
-import org.eclipse.openvsx.util.*;
+import org.eclipse.openvsx.util.ErrorResultException;
+import org.eclipse.openvsx.util.NamingUtil;
+import org.eclipse.openvsx.util.NotFoundException;
+import org.eclipse.openvsx.util.TempFile;
+import org.eclipse.openvsx.util.TimeUtil;
+import org.eclipse.openvsx.util.UrlUtil;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Component;
 import org.springframework.web.multipart.MultipartFile;
 
-import java.io.IOException;
-import java.nio.file.Files;
-import java.util.List;
-import java.util.Objects;
-import java.util.UUID;
+import com.google.common.base.Joiner;
 
-import static org.eclipse.openvsx.cache.CacheService.CACHE_NAMESPACE_DETAILS_JSON;
-import static org.eclipse.openvsx.util.UrlUtil.createApiUrl;
+import jakarta.persistence.EntityManager;
+import jakarta.transaction.Transactional;
 
 @Component
 public class UserService {
@@ -80,44 +87,44 @@ public UserData findLoggedInUser() {
     }
 
     @Transactional
-    public UserData registerNewUser(OAuth2User oauth2User) {
+    public UserData registerNewUser(AuthUser authUser) {
         var user = new UserData();
-        user.setProvider("github");
-        user.setAuthId(oauth2User.getName());
-        user.setLoginName(oauth2User.getAttribute("login"));
-        user.setFullName(oauth2User.getAttribute("name"));
-        user.setEmail(oauth2User.getAttribute("email"));
-        user.setProviderUrl(oauth2User.getAttribute("html_url"));
-        user.setAvatarUrl(oauth2User.getAttribute("avatar_url"));
+        user.setProvider(authUser.getProviderId());
+        user.setAuthId(authUser.getAuthId());
+        user.setLoginName(authUser.getLoginName());
+        user.setFullName(authUser.getFullName());
+        user.setEmail(authUser.getEmail());
+        user.setProviderUrl(authUser.getProviderUrl());
+        user.setAvatarUrl(authUser.getAvatarUrl());
         entityManager.persist(user);
         return user;
     }
 
     @Transactional
-    public UserData updateExistingUser(UserData user, OAuth2User oauth2User) {
-        if ("github".equals(user.getProvider())) {
+    public UserData updateExistingUser(UserData user, AuthUser authUser) {
+        if (authUser.getProviderId().equals(user.getProvider())) {
             var updated = false;
-            String loginName = oauth2User.getAttribute("login");
+            String loginName = authUser.getLoginName();
             if (loginName != null && !loginName.equals(user.getLoginName())) {
                 user.setLoginName(loginName);
                 updated = true;
             }
-            String fullName = oauth2User.getAttribute("name");
+            String fullName = authUser.getFullName();
             if (fullName != null && !fullName.equals(user.getFullName())) {
                 user.setFullName(fullName);
                 updated = true;
             }
-            String email = oauth2User.getAttribute("email");
+            String email = authUser.getEmail();
             if (email != null && !email.equals(user.getEmail())) {
                 user.setEmail(email);
                 updated = true;
             }
-            String providerUrl = oauth2User.getAttribute("html_url");
+            String providerUrl = authUser.getProviderUrl();
             if (providerUrl != null && !providerUrl.equals(user.getProviderUrl())) {
                 user.setProviderUrl(providerUrl);
                 updated = true;
             }
-            String avatarUrl = oauth2User.getAttribute("avatar_url");
+            String avatarUrl = authUser.getAvatarUrl();
             if (avatarUrl != null && !avatarUrl.equals(user.getAvatarUrl())) {
                 user.setAvatarUrl(avatarUrl);
                 updated = true;
@@ -315,4 +322,4 @@ public ResultJson deleteAccessToken(UserData user, long id) {
         token.setActive(false);
         return ResultJson.success("Deleted access token for user " + user.getLoginName() + ".");
     }
-}
+}
diff --git a/server/src/main/java/org/eclipse/openvsx/security/AuthUser.java b/server/src/main/java/org/eclipse/openvsx/security/AuthUser.java
@@ -0,0 +1,48 @@
+/********************************************************************************
+ * Copyright (c) 2023 Ericsson and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ ********************************************************************************/
+package org.eclipse.openvsx.security;
+
+/**
+ * Encapsulate information about freshly authenticated users.
+ *
+ * Different OAuth2 providers may return the same information with different
+ * attribute keys. This interface allows bridging arbitrary providers.
+ */
+public interface AuthUser {
+    /**
+     * @return Non-human readable unique identifier.
+     */
+    String getAuthId();
+    /**
+     * @return The user's avatar URL. Some services require post-processing to get the actual value for it
+     * (the value returned is a template and you need to remplace variables).
+     */
+    String getAvatarUrl();
+    /**
+     * @return The user's email.
+     */
+    String getEmail();
+    /**
+     * @return The user's full name (first and last names).
+     */
+    String getFullName();
+    /**
+     * @return The login name for the user. Human-readable unique name. AKA username.
+     */
+    String getLoginName();
+    /**
+     * @return The authentication provider unique name, e.g. `github`, `eclipse`, etc.
+     */
+    String getProviderId();
+    /**
+     * @return The authentication provider URL.
+     */
+    String getProviderUrl();
+}
diff --git a/server/src/main/java/org/eclipse/openvsx/security/AuthUserFactory.java b/server/src/main/java/org/eclipse/openvsx/security/AuthUserFactory.java
@@ -0,0 +1,69 @@
+package org.eclipse.openvsx.security;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.eclipse.openvsx.OVSXConfig;
+import org.eclipse.openvsx.OVSXConfig.AuthConfig.AttributeNames;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.stereotype.Component;
+
+@Component
+public class AuthUserFactory {
+
+    protected static final Map<String, AttributeNames> DEFAULTS = new HashMap<>();
+
+    public static class MissingProvider extends Exception {
+        public MissingProvider(String provider) { super("Missing configuration: ovsx.auth.attribute-names." + provider); }
+    }
+
+    static {
+        var github = new AttributeNames();
+        github.setAvatarUrl("avatar_url");
+        github.setEmail("email");
+        github.setFullName("name");
+        github.setLoginName("login");
+        github.setProviderUrl("html_url");
+        DEFAULTS.put("github", github);
+    }
+
+    protected final OVSXConfig config;
+
+    public AuthUserFactory(OVSXConfig config) {
+        this.config = config;
+    }
+
+    /**
+     * @param provider The configured OAuth2 provider from which the user object came from.
+     * @param user The OAuth2 user object to get attributes from.
+     * @return An {@link AuthUser} instance with attributes set according to the current configuration.
+     * @throws MissingProvider if an attribute name mapping is missing for the given provider.
+     */
+    public AuthUser createAuthUser(String provider, OAuth2User user) throws MissingProvider {
+        var attr = getAttributeNames(provider);
+        return new DefaultAuthUser(
+            user.getName(),
+            getAttribute(user, attr.getAvatarUrl()),
+            getAttribute(user, attr.getEmail()),
+            getAttribute(user, attr.getFullName()),
+            getAttribute(user, attr.getLoginName()),
+            provider,
+            getAttribute(user, attr.getProviderUrl())
+        );
+    }
+
+    protected <T> T getAttribute(OAuth2User oauth2User, String attribute) {
+        return attribute == null ? null : oauth2User.getAttribute(attribute);
+    }
+
+    /**
+     * @param provider The provider to get the attribute mappings for.
+     * @return The relevant attribute mappings.
+     */
+    protected AttributeNames getAttributeNames(String provider) throws MissingProvider {
+        var attributeNames = config.getAuth().getAttributeNames().get(provider);
+        if (attributeNames == null) attributeNames = DEFAULTS.get(provider);
+        if (attributeNames == null) throw new MissingProvider(provider);
+        return attributeNames;
+    }
+}