Bump scribejava-apis from 4.2.0 to 8.3.1 (#225)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tim Jacomb <[email protected]>

.run/azure-ad [hpi_run].run.xml

@@ -12,7 +12,7 @@
           <option name="mavenProperties">
             <map>
               <entry key="java.awt.headless" value="true" />
-              <entry key="jenkins.version" value="2.326" />
+              <entry key="jenkins.version" value="2.347" />
               <entry key="port" value="6322" />
               <entry key="skip.npm" value="true" />
             </map>
@@ -44,6 +44,16 @@
         </MavenRunnerParameters>
       </option>
     </MavenSettings>
+    <extension name="net.ashald.envfile">
+      <option name="IS_ENABLED" value="false" />
+      <option name="IS_SUBST" value="false" />
+      <option name="IS_PATH_MACRO_SUPPORTED" value="false" />
+      <option name="IS_IGNORE_MISSING_FILES" value="false" />
+      <option name="IS_ENABLE_EXPERIMENTAL_INTEGRATIONS" value="false" />
+      <ENTRIES>
+        <ENTRY IS_ENABLED="true" PARSER="runconfig" />
+      </ENTRIES>
+    </extension>
     <method v="2" />
   </configuration>
 </component>

pom.xml

@@ -157,7 +157,18 @@
         <dependency>
             <groupId>com.github.scribejava</groupId>
             <artifactId>scribejava-apis</artifactId>
-            <version>4.2.0</version>
+            <version>8.3.1</version>
+            <exclusions>
+                <!-- loaded via jackson2-api plugin -->
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.datatype</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.bitbucket.b_c</groupId>

src/main/java/com/microsoft/jenkins/azuread/AzureEnvironment.java

@@ -20,8 +20,6 @@ static String getAuthorityHost(String azureEnvironmentName) {
         switch (azureEnvironmentName) {
             case AZURE_CHINA:
                 return AzureAuthorityHosts.AZURE_CHINA;
-            case AZURE_GERMANY:
-                return AzureAuthorityHosts.AZURE_GERMANY;
             case AZURE_US_GOVERNMENT_L4:
             case AZURE_US_GOVERNMENT_L5:
                 return AzureAuthorityHosts.AZURE_GOVERNMENT;
@@ -35,8 +33,6 @@ static String getGraphResource(String azureEnv) {
         switch (azureEnv) {
             case AZURE_CHINA:
                 return "https://microsoftgraph.chinacloudapi.cn/";
-            case AZURE_GERMANY:
-                return "https://graph.microsoft.de/";
             case AZURE_US_GOVERNMENT_L4:
                 return "https://graph.microsoft.us/";
             case AZURE_US_GOVERNMENT_L5:

src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java

@@ -24,8 +24,7 @@
 import com.microsoft.graph.options.QueryOption;
 import com.microsoft.graph.requests.GraphServiceClient;
 import com.microsoft.graph.requests.GroupCollectionPage;
-import com.microsoft.jenkins.azuread.scribe.AzureApi;
-import com.microsoft.jenkins.azuread.scribe.AzureOAuthService;
+import com.microsoft.jenkins.azuread.scribe.AzureAdApi;
 import com.microsoft.jenkins.azuread.utils.UUIDValidator;
 import com.thoughtworks.xstream.converters.Converter;
 import com.thoughtworks.xstream.converters.MarshallingContext;
@@ -98,7 +97,6 @@
 import static com.microsoft.jenkins.azuread.AzureEnvironment.AZURE_US_GOVERNMENT_L4;
 import static com.microsoft.jenkins.azuread.AzureEnvironment.AZURE_US_GOVERNMENT_L5;
 import static com.microsoft.jenkins.azuread.AzureEnvironment.getAuthorityHost;
-import static com.microsoft.jenkins.azuread.AzureEnvironment.getGraphResource;
 import static com.microsoft.jenkins.azuread.AzureEnvironment.getServiceRoot;
 import static java.util.Collections.emptyList;
 import static java.util.Collections.singletonList;
@@ -121,6 +119,7 @@ public class AzureSecurityRealm extends SecurityRealm {
     private static final int NOT_FOUND = 404;
     private static final int BAD_REQUEST = 400;
     public static final String CONVERTER_DISABLE_GRAPH_INTEGRATION = "disableGraphIntegration";
+    public static final String CONVERTER_SINGLE_LOGOUT = "singleLogout";
     public static final String CONVERTER_ENVIRONMENT_NAME = "environmentName";
 
     private Cache<String, AzureAdUser> caches;
@@ -311,15 +310,13 @@ public JwtConsumer getJwtConsumer() {
         return jwtConsumer.get();
     }
 
-    AzureOAuthService getOAuthService() {
-        return (AzureOAuthService) new ServiceBuilder(clientId.getPlainText())
+    OAuth20Service getOAuthService() {
+        return new ServiceBuilder(clientId.getPlainText())
                 .apiSecret(clientSecret.getPlainText())
                 .responseType("id_token")
-                .scope("openid profile email")
+                .defaultScope("openid profile email")
                 .callback(getRootUrl() + CALLBACK_URL)
-                .build(AzureApi.instance(getGraphResource(getAzureEnvironmentName()),
-                        this.getTenant(),
-                        getAuthorityHost(getAzureEnvironmentName())));
+                .build(AzureAdApi.custom(getTenant(), getAuthorityHost(getAzureEnvironmentName())));
     }
 
     GraphServiceClient<Request> getAzureClient() {
@@ -469,7 +466,7 @@ protected String getPostLogOutUrl2(StaplerRequest req, Authentication auth) {
         // Ensure single sign-out
 
         if (singleLogout) {
-            return getOAuthService().getLogoutUrl();
+            return ((AzureAdApi) getOAuthService().getApi()).getLogoutUrl();
         }
         return req.getContextPath() + "/" + AzureAdLogoutAction.POST_LOGOUT_URL;
     }
@@ -658,6 +655,10 @@ public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingC
             writer.startNode(CONVERTER_DISABLE_GRAPH_INTEGRATION);
             writer.setValue(String.valueOf(realm.isDisableGraphIntegration()));
             writer.endNode();
+
+            writer.startNode(CONVERTER_SINGLE_LOGOUT);
+            writer.setValue(String.valueOf(realm.isSingleLogout()));
+            writer.endNode();
         }
 
         @Override
@@ -689,6 +690,9 @@ public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext co
                     case CONVERTER_DISABLE_GRAPH_INTEGRATION:
                         realm.setDisableGraphIntegration(Boolean.parseBoolean(value));
                         break;
+                    case CONVERTER_SINGLE_LOGOUT:
+                        realm.setSingleLogout(Boolean.parseBoolean(value));
+                        break;
                     default:
                         break;
                 }

src/main/java/com/microsoft/jenkins/azuread/scribe/AzureAdApi.java

@@ -0,0 +1,34 @@
+package com.microsoft.jenkins.azuread.scribe;
+
+import com.github.scribejava.apis.MicrosoftAzureActiveDirectory20Api;
+
+public class AzureAdApi extends MicrosoftAzureActiveDirectory20Api {
+
+    private final String tenant;
+    private String authorityHost;
+    private static final String OAUTH_2 = "/oauth2";
+
+    AzureAdApi(String tenant, String authorityHost) {
+        super(tenant);
+        this.authorityHost = authorityHost;
+        this.tenant = tenant;
+    }
+
+    public static AzureAdApi custom(String tenant, String authorityHost) {
+        return new AzureAdApi(tenant, authorityHost);
+    }
+
+    @Override
+    public String getAccessTokenEndpoint() {
+        return authorityHost + tenant + OAUTH_2 + getEndpointVersionPath() + "/token";
+    }
+
+    @Override
+    protected String getAuthorizationBaseUrl() {
+        return authorityHost + tenant + OAUTH_2 + getEndpointVersionPath() + "/authorize";
+    }
+
+    public String getLogoutUrl() {
+        return authorityHost + tenant + OAUTH_2 + "/logout";
+    }
+}

tsconfig.json

@@ -10,5 +10,6 @@
     "allowJs": true,
     "resolveJsonModule": true,
     "moduleResolution": "node",
-  }
+  },
+  "include": ["src/main/frontend/index.ts"],
 }