Using PAT instead of password authentication for GitHub API

README.md

@@ -16,15 +16,16 @@ docker build . -t cae-project-management-service
 Then you can run the image like this:
 
 ```bash
-docker run -e MYSQL_USER=myuser -e MYSQL_PASSWORD=mypasswd -e GITHUB_USER=github_username -e GITHUB_PASSWORD=github_password -e GITHUB_ORGANIZATION=organization_name -e GITHUB_OAUTH_CLIENTID=client_id -e GITHUB_OAUTH_CLIENTSECRET=client_secret -p 8080:8080 -p 9011:9011 cae-project-management-service
+docker run -e MYSQL_USER=myuser -e MYSQL_PASSWORD=mypasswd -e GITHUB_PERSONAL_ACCESS_TOKEN=personal_access_token -e GITHUB_ORGANIZATION=organization_name -e GITHUB_OAUTH_CLIENTID=client_id -e GITHUB_OAUTH_CLIENTSECRET=client_secret -p 8080:8080 -p 9011:9011 cae-project-management-service
 ```
 
 Replace *myuser* and *mypasswd* with the username and password of a MySQL user with access to a database named *commedit*.
 By default the database host is *mysql* and the port is *3306*.
 You can use --link option to connect the project management service with the MySQL docker container.
 Note, when using MYSQL_HOST env variable, it seems to be needed to also give the MYSQL_PORT even if it should be the standard one.
-By using the environment variables GITHUB_USER, GITHUB_PASSWORD and GITHUB_ORGANIZATION you can select which GitHub organization gets used for storing the GitHub projects that correspond to CAE projects.
-Note, that the user must be able to create projects inside the given organization.
+By using the environment variables GITHUB_PERSONAL_ACCESS_TOKEN and GITHUB_ORGANIZATION you can select which GitHub organization gets used for storing the GitHub projects that correspond to CAE projects.
+Note, that the user (that the personal access token from GitHub belongs to) must be able to create projects inside the given organization.
+You can generate a new personal access token in GitHub under "Settings" -> "Developer settings" -> "Personal access tokens".
 
 For connecting the users CAE account with the GitHub account, an OAuth GitHub app is required. You can read more on how to create a GitHub OAuth app [here](https://docs.github.com/en/developers/apps/creating-an-oauth-app).
 Once you've created your OAuth app, you will receive a client id and a client secret. Replace the placeholders *client_id* and *client_secret* in the docker run command with these.

docker-entrypoint.sh

@@ -22,10 +22,8 @@ export MYSQL_DATABASE='commedit'
     echo "Mandatory variable MYSQL_USER is not set. Add -e MYSQL_USER=myuser to your arguments." && exit 1
 [[ -z "${MYSQL_PASSWORD}" ]] && \
     echo "Mandatory variable MYSQL_PASSWORD is not set. Add -e MYSQL_PASSWORD=mypasswd to your arguments." && exit 1
-[[ -z "${GITHUB_USER}" ]] && \
-    echo "Mandatory variable GITHUB_USER is not set. Add -e GITHUB_USER=username to your arguments." && exit 1
-[[ -z "${GITHUB_PASSWORD}" ]] && \
-    echo "Mandatory variable GITHUB_PASSWORD is not set. Add -e GITHUB_PASSWORD=password to your arguments." && exit 1
+[[ -z "${GITHUB_PERSONAL_ACCESS_TOKEN}" ]] && \
+    echo "Mandatory variable GITHUB_PERSONAL_ACCESS_TOKEN is not set. Add -e GITHUB_PERSONAL_ACCESS_TOKEN=personal_access_token to your arguments." && exit 1
 [[ -z "${GITHUB_ORGANIZATION}" ]] && \
     echo "Mandatory variable GITHUB_ORGANIZATION is not set. Add -e GITHUB_ORGANIZATION=organization_name to your arguments." && exit 1
 [[ -z "${GITHUB_OAUTH_CLIENTID}" ]] && \
@@ -58,8 +56,7 @@ set_in_service_config jdbcUrl "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT}/"
 set_in_service_config jdbcSchema ${MYSQL_DATABASE}
 set_in_service_config jdbcLogin ${MYSQL_USER}
 set_in_service_config jdbcPass ${MYSQL_PASSWORD}
-set_in_service_config gitHubUser ${GITHUB_USER}
-set_in_service_config gitHubPassword ${GITHUB_PASSWORD}
+set_in_service_config gitHubPersonalAccessToken ${GITHUB_PERSONAL_ACCESS_TOKEN}
 set_in_service_config gitHubOrganization ${GITHUB_ORGANIZATION}
 set_in_service_config debugDisableCategoryCreation ${DISABLE_CATEGORY_CREATION}
 set_in_service_config gitHubOAuthClientId ${GITHUB_OAUTH_CLIENTID}

etc/i5.las2peer.services.projectManagementService.ProjectManagementService.properties

@@ -3,8 +3,7 @@ jdbcUrl=jdbc:mysql://localhost:3306/
 jdbcSchema=commedit
 jdbcLogin=root
 jdbcPass=
-gitHubUser=
-gitHubPassword=
+gitHubPersonalAccessToken=
 gitHubOrganization=
 reqBazBackendUrl=https://requirements-bazaar.org/bazaar
 reqBazProjectId=

src/main/i5/las2peer/services/projectManagementService/ProjectManagementService.java

@@ -40,8 +40,7 @@ public class ProjectManagementService extends RESTService {
 	/*
 	 * GitHub user login data.
 	 */
-	private String gitHubUser;
-	private String gitHubPassword;
+	private String gitHubPersonalAccessToken;
 	private String gitHubOrganization;
 
 	/*
@@ -67,8 +66,7 @@ public ProjectManagementService() {
 
 		// setup GitHubHelper
 		GitHubHelper gitHubHelper = GitHubHelper.getInstance();
-		gitHubHelper.setGitHubUser(this.gitHubUser);
-		gitHubHelper.setGitHubPassword(this.gitHubPassword);
+		gitHubHelper.setGitHubPersonalAccessToken(this.gitHubPersonalAccessToken);
 		gitHubHelper.setGitHubOrganization(this.gitHubOrganization);
 		gitHubHelper.setOAuthClientId(this.gitHubOAuthClientId);
 		gitHubHelper.setOAuthClientSecret(this.gitHubOAuthClientSecret);

src/main/i5/las2peer/services/projectManagementService/github/GitHubHelper.java

@@ -46,12 +46,8 @@ public static GitHubHelper getInstance() {
 		return GitHubHelper.instance;
 	}
 
-	public void setGitHubUser(String gitHubUser) {
-		this.gitHubUser = gitHubUser;
-	}
-
-	public void setGitHubPassword(String gitHubPassword) {
-		this.gitHubPassword = gitHubPassword;
+	public void setGitHubPersonalAccessToken(String gitHubPersonalAccessToken) {
+		this.gitHubPersonalAccessToken = gitHubPersonalAccessToken;
 	}
 
 	public void setGitHubOrganization(String gitHubOrganization) {
@@ -70,8 +66,7 @@ public void setOAuthClientSecret(String oAuthClientSecret) {
 	 * GitHub configuration.
 	 * This can be updated in the properties file of the service.
 	 */
-	private String gitHubUser = null;
-	private String gitHubPassword = null;
+	private String gitHubPersonalAccessToken = null;
 	private String gitHubOrganization = null;
 
 	private String oAuthClientId = null;
@@ -84,8 +79,8 @@ public void setOAuthClientSecret(String oAuthClientSecret) {
 	 * @throws GitHubException If something with the requests to the GitHub API went wrong.
 	 */
 	public GitHubProject createPublicGitHubProject(String projectName) throws GitHubException {
-		if(gitHubUser == null || gitHubPassword == null || gitHubOrganization == null) {
-			throw new GitHubException("One of the variables user, password or organization are not set.");
+		if(gitHubPersonalAccessToken == null || gitHubOrganization == null) {
+			throw new GitHubException("One of the variables personal access token or organization are not set.");
 		}
 
 		GitHubProject gitHubProject = createGitHubProject(projectName);
@@ -495,10 +490,10 @@ private String getGitHubProjectBody(String projectName) {
 
 	/**
 	 * Getter for encoded auth string.
-	 * @return Encoded auth string containing GitHub user and password.
+	 * @return Encoded auth string containing GitHub personal access token.
 	 */
 	private String getAuthStringEnc() {
-		String authString = this.gitHubUser + ":" + this.gitHubPassword;
+		String authString = this.gitHubPersonalAccessToken;
 
 		byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
 		return new String(authEncBytes);