Mirror
/
go-neb
mirror of https://github.com/matrix-org/go-neb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
573 Commits
120 Branches
3 Tags
12 MiB
Tree: 1e297c50ad
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1e297c50ad'
${ noResults }
go-neb/realms/jira/jira.go

475 lines
14 KiB
Raw Normal View History

Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Parse messy JIRA URLs into a canonicalised format
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Re-format project as a Go module (#310) * Define project as a Go module and update dependency versions Signed-off-by: Nikos Filippakis <me@nfil.dev> * Update docs, configs and dockerfile to use latest Go version Signed-off-by: Nikos Filippakis <me@nfil.dev> * Add postgres database driver Signed-off-by: Nikos Filippakis <me@nfil.dev>
4 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Add endpoint for GETing AuthSession information for a user/realm tuple Add a new `AuthSession` function `Authenticated()` which returns `true` if the user has completed the auth process. This allows the caller to distinguish between: - Never done any auth (404s) - In the process of doing auth (`Authenticated == false`) - Finished doing auth (`Authenticated == true`)
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add endpoint for GETing AuthSession information for a user/realm tuple Add a new `AuthSession` function `Authenticated()` which returns `true` if the user has completed the auth process. This allows the caller to distinguish between: - Never done any auth (404s) - In the process of doing auth (`Authenticated == false`) - Finished doing auth (`Authenticated == true`)
8 years ago
List possible GH repos on /getSession Add an Info() method to pull out info about an auth session.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
List possible GH repos on /getSession Add an Info() method to pull out info about an auth session.
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Add an Init() function to AuthRealms
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add an Init() function to AuthRealms
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Make golint happy
6 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Parse messy JIRA URLs into a canonicalised format
8 years ago
Add JIRARealm.HasWebhook and set it on webhook creation
8 years ago
Parse messy JIRA URLs into a canonicalised format
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Parse messy JIRA URLs into a canonicalised format
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Formalise the response JSON to /configureAuthRealm for JIRA
8 years ago
Parse out the public key
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Add redirect URL for JIRA auth
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add redirect URL for JIRA auth
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add redirect URL for JIRA auth
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Add redirect URL for JIRA auth
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Kill dangling brackets
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
More inlining
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Review comments
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Implement processing of !jira create commands This involves looking up JIRA realms and then auth sessions for the user. Does not handle starter links yet.
8 years ago
More inlining
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Parse out the public key
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Parse out the public key
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Inline some err/if checks
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Parse messy JIRA URLs into a canonicalised format
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Finish implementing auth in JIRA. Access tokens are now stored. Added redirectURL to the factory function for AuthRealms.
8 years ago
Add realm documentation - Add godoc for realms - Remove realm info from README
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
  1. // Package jira implements OAuth1.0a support for arbitrary JIRA installations.
  2. package jira
  4. import (
  5. "crypto/rsa"
  6. "crypto/x509"
  7. "database/sql"
  8. "encoding/json"
  9. "encoding/pem"
  10. "errors"
  11. "fmt"
  12. "net/http"
  13. "strings"
  15. jira "github.com/andygrunwald/go-jira"
  16. "github.com/dghubble/oauth1"
  17. "github.com/matrix-org/go-neb/database"
  18. "github.com/matrix-org/go-neb/realms/jira/urls"
  19. "github.com/matrix-org/go-neb/types"
  20. log "github.com/sirupsen/logrus"
  21. "golang.org/x/net/context"
  22. )
  24. // RealmType of the JIRA realm
  25. const RealmType = "jira"
  27. // Realm is an AuthRealm which can process JIRA installations.
  28. //
  29. // Example request:
  30. // {
  31. // "JIRAEndpoint": "matrix.org/jira/",
  32. // "ConsumerName": "goneb",
  33. // "ConsumerKey": "goneb",
  34. // "ConsumerSecret": "random_long_string",
  35. // "PrivateKeyPEM": "-----BEGIN RSA PRIVATE KEY-----\r\nMIIEowIBAAKCAQEA39UhbOvQHEkBP9fGnhU+eSObTAwX9req2l1NiuNaPU9rE7tf6Bk\r\n-----END RSA PRIVATE KEY-----"
  36. // }
  37. type Realm struct {
  38. id string
  39. redirectURL string
  40. privateKey *rsa.PrivateKey
  42. // The HTTPS URL of the JIRA installation to authenticate with.
  43. JIRAEndpoint string
  44. // The desired "Consumer Name" field of the "Application Links" admin page on JIRA.
  45. // Generally this is the name of the service. Users will need to enter this string
  46. // into their JIRA admin web form.
  47. ConsumerName string
  48. // The desired "Consumer Key" field of the "Application Links" admin page on JIRA.
  49. // Generally this is the name of the service. Users will need to enter this string
  50. // into their JIRA admin web form.
  51. ConsumerKey string
  52. // The desired "Consumer Secret" field of the "Application Links" admin page on JIRA.
  53. // This should be a random long string. Users will need to enter this string into
  54. // their JIRA admin web form.
  55. ConsumerSecret string
  56. // A string which contains the private key for performing OAuth 1.0 requests.
  57. // This MUST be in PEM format. It must NOT have a password. Go-NEB will convert this
  58. // into a public key in PEM format and return this to users. Users will need to enter
  59. // the *public* key into their JIRA admin web form.
  60. //
  61. // To generate a private key PEM: (JIRA does not support bit lengths >2048):
  62. // $ openssl genrsa -out privkey.pem 2048
  63. // $ cat privkey.pem
  64. PrivateKeyPEM string
  65. // Optional. If supplied, !jira commands will return this link whenever someone is
  66. // prompted to login to JIRA.
  67. StarterLink string
  69. // The server name of the JIRA installation from /serverInfo.
  70. // This is an informational field populated by Go-NEB post-creation.
  71. Server string
  72. // The JIRA version string from /serverInfo.
  73. // This is an informational field populated by Go-NEB post-creation.
  74. Version string
  75. // The public key for the given private key. This is populated by Go-NEB.
  76. PublicKeyPEM string
  78. // Internal field. True if this realm has already registered a webhook with the JIRA installation.
  79. HasWebhook bool
  80. }
  82. // Session represents a single authentication session between a user and a JIRA endpoint.
  83. // The endpoint is dictated by the realm ID.
  84. type Session struct {
  85. id string // request token
  86. userID string
  87. realmID string
  89. // Configuration fields
  91. // The secret obtained when requesting an authentication session with JIRA.
  92. RequestSecret string
  93. // A JIRA access token for a Matrix user ID.
  94. AccessToken string
  95. // A JIRA access secret for a Matrix user ID.
  96. AccessSecret string
  97. // Optional. The URL to redirect the client to after authentication.
  98. ClientsRedirectURL string
  99. }
  101. // AuthRequest is a request for authenticating with JIRA
  102. type AuthRequest struct {
  103. // Optional. The URL to redirect to after authentication.
  104. RedirectURL string
  105. }
  107. // AuthResponse is a response to an AuthRequest.
  108. type AuthResponse struct {
  109. // The URL to visit to perform OAuth on this JIRA installation.
  110. URL string
  111. }
  113. // Authenticated returns true if the user has completed the auth process
  114. func (s *Session) Authenticated() bool {
  115. return s.AccessToken != "" && s.AccessSecret != ""
  116. }
  118. // Info returns nothing
  119. func (s *Session) Info() interface{} {
  120. return nil
  121. }
  123. // UserID returns the ID of the user performing the authentication.
  124. func (s *Session) UserID() string {
  125. return s.userID
  126. }
  128. // RealmID returns the JIRA realm ID which created this session.
  129. func (s *Session) RealmID() string {
  130. return s.realmID
  131. }
  133. // ID returns the OAuth1 request_token which is used when looking up sessions in the redirect
  134. // handler.
  135. func (s *Session) ID() string {
  136. return s.id
  137. }
  139. // ID returns the ID of this JIRA realm.
  140. func (r *Realm) ID() string {
  141. return r.id
  142. }
  144. // Type returns the type of realm this is.
  145. func (r *Realm) Type() string {
  146. return RealmType
  147. }
  149. // Init initialises the private key for this JIRA realm.
  150. func (r *Realm) Init() error {
  151. if err := r.parsePrivateKey(); err != nil {
  152. log.WithError(err).Print("Failed to parse private key")
  153. return err
  154. }
  155. // Parse the messy input URL into a canonicalised form.
  156. ju, err := urls.ParseJIRAURL(r.JIRAEndpoint)
  157. if err != nil {
  158. log.WithError(err).Print("Failed to parse JIRA endpoint")
  159. return err
  160. }
  161. r.JIRAEndpoint = ju.Base
  162. return nil
  163. }
  165. // Register is called when this realm is being created from an external entity
  166. func (r *Realm) Register() error {
  167. if r.ConsumerName == "" || r.ConsumerKey == "" || r.ConsumerSecret == "" || r.PrivateKeyPEM == "" {
  168. return errors.New("ConsumerName, ConsumerKey, ConsumerSecret, PrivateKeyPEM must be specified")
  169. }
  170. if r.JIRAEndpoint == "" {
  171. return errors.New("JIRAEndpoint must be specified")
  172. }
  173. r.HasWebhook = false // never let the user set this; only NEB can.
  175. // Check to see if JIRA endpoint is valid by pinging an endpoint
  176. cli, err := r.JIRAClient("", true)
  177. if err != nil {
  178. return err
  179. }
  180. info, err := jiraServerInfo(cli)
  181. if err != nil {
  182. return err
  183. }
  184. log.WithFields(log.Fields{
  185. "jira_url": r.JIRAEndpoint,
  186. "title": info.ServerTitle,
  187. "version": info.Version,
  188. }).Print("Found JIRA endpoint")
  189. r.Server = info.ServerTitle
  190. r.Version = info.Version
  192. return nil
  193. }
  195. // RequestAuthSession is called by a user wishing to auth with this JIRA realm.
  196. // The request body is of type "jira.AuthRequest". Returns a "jira.AuthResponse".
  197. //
  198. // Request example:
  199. // {
  200. // "RedirectURL": "https://somewhere.somehow"
  201. // }
  202. // Response example:
  203. // {
  204. // "URL": "https://jira.somewhere.com/plugins/servlet/oauth/authorize?oauth_token=7yeuierbgweguiegrTbOT"
  205. // }
  206. func (r *Realm) RequestAuthSession(userID string, req json.RawMessage) interface{} {
  207. logger := log.WithField("jira_url", r.JIRAEndpoint)
  209. // check if they supplied a redirect URL
  210. var reqBody AuthRequest
  211. if err := json.Unmarshal(req, &reqBody); err != nil {
  212. log.WithError(err).Print("Failed to decode request body")
  213. return nil
  214. }
  216. authConfig := r.oauth1Config(r.JIRAEndpoint)
  217. reqToken, reqSec, err := authConfig.RequestToken()
  218. if err != nil {
  219. logger.WithError(err).Print("Failed to request auth token")
  220. return nil
  221. }
  222. logger.WithField("req_token", reqToken).Print("Received request token")
  223. authURL, err := authConfig.AuthorizationURL(reqToken)
  224. if err != nil {
  225. logger.WithError(err).Print("Failed to create authorization URL")
  226. return nil
  227. }
  229. _, err = database.GetServiceDB().StoreAuthSession(&Session{
  230. id: reqToken,
  231. userID: userID,
  232. realmID: r.id,
  233. RequestSecret: reqSec,
  234. ClientsRedirectURL: reqBody.RedirectURL,
  235. })
  236. if err != nil {
  237. log.WithError(err).Print("Failed to store new auth session")
  238. return nil
  239. }
  241. return &AuthResponse{authURL.String()}
  242. }
  244. // OnReceiveRedirect is called when JIRA installations redirect back to NEB
  245. func (r *Realm) OnReceiveRedirect(w http.ResponseWriter, req *http.Request) {
  246. logger := log.WithField("jira_url", r.JIRAEndpoint)
  248. requestToken, verifier, err := oauth1.ParseAuthorizationCallback(req)
  249. if err != nil {
  250. failWith(logger, w, 400, "Failed to parse authorization callback", err)
  251. return
  252. }
  253. logger = logger.WithField("req_token", requestToken)
  254. logger.Print("Received authorization callback")
  256. session, err := database.GetServiceDB().LoadAuthSessionByID(r.id, requestToken)
  257. if err != nil {
  258. failWith(logger, w, 400, "Unrecognised request token", err)
  259. return
  260. }
  261. jiraSession, ok := session.(*Session)
  262. if !ok {
  263. failWith(logger, w, 500, "Unexpected session type found.", nil)
  264. return
  265. }
  266. logger = logger.WithField("user_id", jiraSession.UserID())
  267. logger.Print("Retrieved auth session for user")
  269. oauthConfig := r.oauth1Config(r.JIRAEndpoint)
  270. accessToken, accessSecret, err := oauthConfig.AccessToken(requestToken, jiraSession.RequestSecret, verifier)
  271. if err != nil {
  272. failWith(logger, w, 502, "Failed exchange for access token.", err)
  273. return
  274. }
  275. logger.Print("Exchanged for access token")
  277. jiraSession.AccessToken = accessToken
  278. jiraSession.AccessSecret = accessSecret
  280. _, err = database.GetServiceDB().StoreAuthSession(jiraSession)
  281. if err != nil {
  282. failWith(logger, w, 500, "Failed to persist JIRA session", err)
  283. return
  284. }
  285. if jiraSession.ClientsRedirectURL != "" {
  286. w.WriteHeader(302)
  287. w.Header().Set("Location", jiraSession.ClientsRedirectURL)
  288. // technically don't need a body but *shrug*
  289. w.Write([]byte(jiraSession.ClientsRedirectURL))
  290. } else {
  291. w.WriteHeader(200)
  292. w.Write([]byte(
  293. fmt.Sprintf("You have successfully linked your JIRA account on %s to %s",
  294. r.JIRAEndpoint, jiraSession.UserID(),
  295. ),
  296. ))
  297. }
  298. }
  300. // AuthSession returns a JIRASession with the given parameters
  301. func (r *Realm) AuthSession(id, userID, realmID string) types.AuthSession {
  302. return &Session{
  303. id: id,
  304. userID: userID,
  305. realmID: realmID,
  306. }
  307. }
  309. // ProjectKeyExists returns true if the given project key exists on this JIRA realm.
  310. // An authenticated client for userID will be used if one exists, else an
  311. // unauthenticated client will be used, which may not be able to see the complete list
  312. // of projects.
  313. func (r *Realm) ProjectKeyExists(userID, projectKey string) (bool, error) {
  314. cli, err := r.JIRAClient(userID, true)
  315. if err != nil {
  316. return false, err
  317. }
  318. var projects []jira.Project
  319. req, err := cli.NewRequest("GET", "rest/api/2/project", nil)
  320. if err != nil {
  321. return false, err
  322. }
  323. res, err := cli.Do(req, &projects)
  324. if err != nil {
  325. return false, err
  326. }
  327. if res == nil {
  328. return false, errors.New("No response returned")
  329. }
  330. if res.StatusCode < 200 || res.StatusCode >= 300 {
  331. return false, fmt.Errorf(
  332. "%srest/api/2/project returned code %d",
  333. r.JIRAEndpoint, res.StatusCode,
  334. )
  335. }
  337. for _, p := range projects {
  338. if strings.EqualFold(p.Key, projectKey) {
  339. return true, nil
  340. }
  341. }
  342. return false, nil
  343. }
  345. // JIRAClient returns an authenticated jira.Client for the given userID. Returns an unauthenticated
  346. // client if allowUnauth is true and no authenticated session is found, else returns an error.
  347. func (r *Realm) JIRAClient(userID string, allowUnauth bool) (*jira.Client, error) {
  348. // Check if user has an auth session.
  349. session, err := database.GetServiceDB().LoadAuthSessionByUser(r.id, userID)
  350. if err != nil {
  351. if err == sql.ErrNoRows {
  352. if allowUnauth {
  353. // make an unauthenticated client
  354. return jira.NewClient(nil, r.JIRAEndpoint)
  355. }
  356. }
  357. return nil, err
  358. }
  360. jsession, ok := session.(*Session)
  361. if !ok {
  362. return nil, errors.New("Failed to cast user session to a Session")
  363. }
  364. // Make sure they finished the auth process
  365. if jsession.AccessSecret == "" || jsession.AccessToken == "" {
  366. if allowUnauth {
  367. // make an unauthenticated client
  368. return jira.NewClient(nil, r.JIRAEndpoint)
  369. }
  370. return nil, errors.New("No authenticated session found for " + userID)
  371. }
  372. // make an authenticated client
  373. auth := r.oauth1Config(r.JIRAEndpoint)
  374. httpClient := auth.Client(
  375. context.TODO(),
  376. oauth1.NewToken(jsession.AccessToken, jsession.AccessSecret),
  377. )
  378. return jira.NewClient(httpClient, r.JIRAEndpoint)
  379. }
  381. func (r *Realm) parsePrivateKey() error {
  382. if r.privateKey != nil {
  383. return nil
  384. }
  385. pk, err := loadPrivateKey(r.PrivateKeyPEM)
  386. if err != nil {
  387. return err
  388. }
  389. pub, err := publicKeyAsPEM(pk)
  390. if err != nil {
  391. return err
  392. }
  393. r.PublicKeyPEM = pub
  394. r.privateKey = pk
  395. return nil
  396. }
  398. func (r *Realm) oauth1Config(jiraBaseURL string) *oauth1.Config {
  399. return &oauth1.Config{
  400. ConsumerKey: r.ConsumerKey,
  401. ConsumerSecret: r.ConsumerSecret,
  402. CallbackURL: r.redirectURL,
  403. // TODO: In JIRA Cloud, the Authorization URL is only the Instance BASE_URL:
  404. // https://BASE_URL.atlassian.net.
  405. // It also does not require the + "/plugins/servlet/oauth/authorize"
  406. // We should probably check the provided JIRA base URL to see if it is a cloud one
  407. // then adjust accordingly.
  408. Endpoint: oauth1.Endpoint{
  409. RequestTokenURL: jiraBaseURL + "plugins/servlet/oauth/request-token",
  410. AuthorizeURL: jiraBaseURL + "plugins/servlet/oauth/authorize",
  411. AccessTokenURL: jiraBaseURL + "plugins/servlet/oauth/access-token",
  412. },
  413. Signer: &oauth1.RSASigner{
  414. PrivateKey: r.privateKey,
  415. },
  416. }
  417. }
  419. func loadPrivateKey(privKeyPEM string) (*rsa.PrivateKey, error) {
  420. // Decode PEM to grab the private key type
  421. block, _ := pem.Decode([]byte(privKeyPEM))
  422. if block == nil {
  423. return nil, errors.New("No PEM formatted block found")
  424. }
  426. priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
  427. if err != nil {
  428. return nil, err
  429. }
  430. return priv, nil
  431. }
  433. func publicKeyAsPEM(pkey *rsa.PrivateKey) (string, error) {
  434. // https://github.com/golang-samples/cipher/blob/master/crypto/rsa_keypair.go
  435. der, err := x509.MarshalPKIXPublicKey(&pkey.PublicKey)
  436. if err != nil {
  437. return "", err
  438. }
  439. block := pem.Block{
  440. Type: "PUBLIC KEY",
  441. Headers: nil,
  442. Bytes: der,
  443. }
  444. return string(pem.EncodeToMemory(&block)), nil
  445. }
  447. // jiraServiceInfo is the HTTP response to JIRA_ENDPOINT/rest/api/2/serverInfo
  448. type jiraServiceInfo struct {
  449. ServerTitle string `json:"serverTitle"`
  450. Version string `json:"version"`
  451. VersionNumbers []int `json:"versionNumbers"`
  452. BaseURL string `json:"baseUrl"`
  453. }
  455. func jiraServerInfo(cli *jira.Client) (*jiraServiceInfo, error) {
  456. var jsi jiraServiceInfo
  457. req, _ := cli.NewRequest("GET", "rest/api/2/serverInfo", nil)
  458. if _, err := cli.Do(req, &jsi); err != nil {
  459. return nil, err
  460. }
  461. return &jsi, nil
  462. }
  464. // TODO: Github has this as well, maybe factor it out?
  465. func failWith(logger *log.Entry, w http.ResponseWriter, code int, msg string, err error) {
  466. logger.WithError(err).Print(msg)
  467. w.WriteHeader(code)
  468. w.Write([]byte(msg))
  469. }
  471. func init() {
  472. types.RegisterAuthRealm(func(realmID, redirectURL string) types.AuthRealm {
  473. return &Realm{id: realmID, redirectURL: redirectURL}
  474. })
  475. }