From 3916ac946036ac61a9217dd8f3216be5d338c5fa Mon Sep 17 00:00:00 2001 From: devysf Date: Tue, 12 Sep 2023 00:53:15 +0300 Subject: [PATCH 1/2] Fixed the contract of requests made to github/gitlab access token endpoints Fix #415 --- .../jhipster/online/web/rest/GitResource.java | 50 ++++++++++++------- 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/src/main/java/io/github/jhipster/online/web/rest/GitResource.java b/src/main/java/io/github/jhipster/online/web/rest/GitResource.java index 4c1206f6..d4f27607 100644 --- a/src/main/java/io/github/jhipster/online/web/rest/GitResource.java +++ b/src/main/java/io/github/jhipster/online/web/rest/GitResource.java @@ -36,6 +36,8 @@ import java.net.http.HttpRequest; import java.net.http.HttpResponse; import java.util.Collection; +import java.util.HashMap; +import java.util.Map; import java.util.Optional; import java.util.concurrent.CompletableFuture; import java.util.concurrent.TimeUnit; @@ -114,45 +116,44 @@ public RedirectView callback(@PathVariable String gitProvider, String code) { try { String url; GitProvider gitProviderEnum; - GitAccessTokenRequest request = new GitAccessTokenRequest(); + Map params = new HashMap<>(); switch (gitProvider.toLowerCase()) { case GITHUB: url = applicationProperties.getGithub().getHost() + "/login/oauth/access_token"; gitProviderEnum = GitProvider.GITHUB; - request.setClientId(applicationProperties.getGithub().getClientId()); - request.setClientSecret(applicationProperties.getGithub().getClientSecret()); - request.setCode(code); + params.put("client_id", applicationProperties.getGithub().getClientId()); + params.put("client_secret", applicationProperties.getGithub().getClientSecret()); + params.put("code", code); break; case GITLAB: url = applicationProperties.getGitlab().getHost() + "/oauth/token"; gitProviderEnum = GitProvider.GITLAB; - request.setClientId(applicationProperties.getGitlab().getClientId()); - request.setClientSecret(applicationProperties.getGitlab().getClientSecret()); - request.setGrantType("authorization_code"); - request.setRedirectUri(applicationProperties.getGitlab().getRedirectUri()); - request.setCode(code); + params.put("client_id", applicationProperties.getGitlab().getClientId()); + params.put("client_secret", applicationProperties.getGitlab().getClientSecret()); + params.put("code", code); + params.put("grant_type", "authorization_code"); + params.put("redirect_uri", applicationProperties.getGitlab().getRedirectUri()); break; default: return new ResponseEntity<>(UNKNOWN_GIT_PROVIDER + gitProvider, HttpStatus.INTERNAL_SERVER_ERROR); } ObjectMapper objectMapper = new ObjectMapper(); - String requestBody = objectMapper.writeValueAsString(request); HttpClient client = HttpClient.newHttpClient(); HttpRequest httpRequest = HttpRequest .newBuilder() .uri(URI.create(url)) - .header("Content-Type", MediaType.APPLICATION_JSON_VALUE) + .header("Content-Type", "application/x-www-form-urlencoded") .header("Accept", MediaType.APPLICATION_JSON_VALUE) .header("User-Agent", "Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0") - .POST(HttpRequest.BodyPublishers.ofString(requestBody)) + .POST(HttpRequest.BodyPublishers.ofString(buildQueryString(params))) .build(); CompletableFuture> response = client.sendAsync(httpRequest, HttpResponse.BodyHandlers.ofString()); String jsonResponse = response.thenApply(HttpResponse::body).get(5, TimeUnit.SECONDS); GitAccessTokenResponse accessTokenResponse = objectMapper.readValue(jsonResponse, GitAccessTokenResponse.class); - this.userService.saveToken(accessTokenResponse.getAccessToken(), gitProviderEnum); + this.userService.saveToken(accessTokenResponse.getAccess_token(), gitProviderEnum); } catch (InterruptedException e) { log.warn("Interrupted!", e); // Restore interrupted state... @@ -164,6 +165,19 @@ public RedirectView callback(@PathVariable String gitProvider, String code) { return new ResponseEntity<>(HttpStatus.CREATED); } + private static String buildQueryString(Map params) { + StringBuilder queryString = new StringBuilder(); + for (Map.Entry entry : params.entrySet()) { + if (queryString.length() > 0) { + queryString.append("&"); + } + queryString.append(entry.getKey()); + queryString.append("="); + queryString.append(entry.getValue()); + } + return queryString.toString(); + } + public static class GitAccessTokenRequest { private String clientId; @@ -243,14 +257,14 @@ public String toString() { @JsonIgnoreProperties(ignoreUnknown = true) public static class GitAccessTokenResponse { - private String accessToken; + private String access_token; - public String getAccessToken() { - return accessToken; + public String getAccess_token() { + return access_token; } - public void setAccessToken(String accessToken) { - this.accessToken = accessToken; + public void setAccess_token(String access_token) { + this.access_token = access_token; } } From b16067dcbfa5b4a628a69a530f307726c1399b26 Mon Sep 17 00:00:00 2001 From: devysf Date: Fri, 15 Sep 2023 15:14:16 +0300 Subject: [PATCH 2/2] static variable in the MediaType class use instead of a plain string for the content-type header --- .../java/io/github/jhipster/online/web/rest/GitResource.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/io/github/jhipster/online/web/rest/GitResource.java b/src/main/java/io/github/jhipster/online/web/rest/GitResource.java index d4f27607..4f0b2f4d 100644 --- a/src/main/java/io/github/jhipster/online/web/rest/GitResource.java +++ b/src/main/java/io/github/jhipster/online/web/rest/GitResource.java @@ -143,7 +143,7 @@ public RedirectView callback(@PathVariable String gitProvider, String code) { HttpRequest httpRequest = HttpRequest .newBuilder() .uri(URI.create(url)) - .header("Content-Type", "application/x-www-form-urlencoded") + .header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED_VALUE) .header("Accept", MediaType.APPLICATION_JSON_VALUE) .header("User-Agent", "Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0") .POST(HttpRequest.BodyPublishers.ofString(buildQueryString(params)))