Mirror
/
go-neb
mirror of https://github.com/matrix-org/go-neb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
85 Commits
120 Branches
3 Tags
12 MiB
Tree: 4fdc0c3912
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4fdc0c3912'
${ noResults }
go-neb/src/github.com/matrix-org/go-neb/realms/jira/jira.go

260 lines
6.8 KiB
Raw Normal View History

Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Parse messy JIRA URLs into a canonicalised format
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Parse out the public key
8 years ago
Formalise the response JSON to /configureAuthRealm for JIRA
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Parse out the public key
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Parse messy JIRA URLs into a canonicalised format
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Parse out the public key
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Parse out the public key
8 years ago
Parse messy JIRA URLs into a canonicalised format
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Parse messy JIRA URLs into a canonicalised format
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Parse messy JIRA URLs into a canonicalised format
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Formalise the response JSON to /configureAuthRealm for JIRA
8 years ago
Parse out the public key
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Parse out the public key
8 years ago
Add JIRA session and requests for OAuth. Redirect not handled yet.
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
Parse out the public key
8 years ago
Allow the creation of [un]authenticated JIRA clients
8 years ago
Parse messy JIRA URLs into a canonicalised format
8 years ago
Add JiraRealm type. Add Register() function to AuthRealms Verify that PrivateKeyPEM is indeed a PEM formatted block in Register()
8 years ago
  1. package realms
  3. import (
  4. "crypto/rsa"
  5. "crypto/x509"
  6. "encoding/json"
  7. "encoding/pem"
  8. "errors"
  9. log "github.com/Sirupsen/logrus"
  10. "github.com/andygrunwald/go-jira"
  11. "github.com/dghubble/oauth1"
  12. "github.com/matrix-org/go-neb/database"
  13. "github.com/matrix-org/go-neb/realms/jira/urls"
  14. "github.com/matrix-org/go-neb/types"
  15. "golang.org/x/net/context"
  16. "net/http"
  17. )
  19. type jiraRealm struct {
  20. id string
  21. privateKey *rsa.PrivateKey
  22. JIRAEndpoint string
  23. Server string // clobbered based on /serverInfo request
  24. Version string // clobbered based on /serverInfo request
  25. ConsumerName string
  26. ConsumerKey string
  27. ConsumerSecret string
  28. PublicKeyPEM string // clobbered based on PrivateKeyPEM
  29. PrivateKeyPEM string
  30. }
  32. type JIRASession struct {
  33. id string // request token
  34. userID string
  35. realmID string
  36. Secret string // request secret
  37. }
  39. func (s *JIRASession) UserID() string {
  40. return s.userID
  41. }
  43. func (s *JIRASession) RealmID() string {
  44. return s.realmID
  45. }
  47. func (s *JIRASession) ID() string {
  48. return s.id
  49. }
  51. func (r *jiraRealm) ID() string {
  52. return r.id
  53. }
  55. func (r *jiraRealm) Type() string {
  56. return "jira"
  57. }
  59. func (r *jiraRealm) Register() error {
  60. if r.ConsumerName == "" || r.ConsumerKey == "" || r.ConsumerSecret == "" || r.PrivateKeyPEM == "" {
  61. return errors.New("ConsumerName, ConsumerKey, ConsumerSecret, PrivateKeyPEM must be specified.")
  62. }
  63. if r.JIRAEndpoint == "" {
  64. return errors.New("JIRAEndpoint must be specified")
  65. }
  67. // Make sure the private key PEM is actually a private key.
  68. err := r.parsePrivateKey()
  69. if err != nil {
  70. return err
  71. }
  73. // Parse the messy input URL into a canonicalised form.
  74. ju, err := urls.ParseJIRAURL(r.JIRAEndpoint)
  75. if err != nil {
  76. return err
  77. }
  78. r.JIRAEndpoint = ju.Base
  80. // Check to see if JIRA endpoint is valid by pinging an endpoint
  81. cli, err := r.jiraClient(ju, "", true)
  82. if err != nil {
  83. return err
  84. }
  85. info, err := jiraServerInfo(cli)
  86. if err != nil {
  87. return err
  88. }
  89. log.WithFields(log.Fields{
  90. "jira_url": ju.Base,
  91. "title": info.ServerTitle,
  92. "version": info.Version,
  93. }).Print("Found JIRA endpoint")
  94. r.Server = info.ServerTitle
  95. r.Version = info.Version
  97. return nil
  98. }
  100. func (r *jiraRealm) RequestAuthSession(userID string, req json.RawMessage) interface{} {
  101. logger := log.WithField("jira_url", r.JIRAEndpoint)
  102. // Parse the private key as we may not have called Register()
  103. err := r.parsePrivateKey()
  104. if err != nil {
  105. logger.WithError(err).Print("Failed to parse private key")
  106. return nil
  107. }
  108. ju, err := urls.ParseJIRAURL(r.JIRAEndpoint)
  109. if err != nil {
  110. log.WithError(err).Print("Failed to parse JIRA endpoint")
  111. return nil
  112. }
  113. authConfig := r.oauth1Config(ju)
  114. reqToken, reqSec, err := authConfig.RequestToken()
  115. if err != nil {
  116. logger.WithError(err).Print("Failed to request auth token")
  117. return nil
  118. }
  119. logger.WithField("req_token", reqToken).Print("Received request token")
  120. authURL, err := authConfig.AuthorizationURL(reqToken)
  121. if err != nil {
  122. logger.WithError(err).Print("Failed to create authorization URL")
  123. return nil
  124. }
  126. _, err = database.GetServiceDB().StoreAuthSession(&JIRASession{
  127. id: reqToken,
  128. userID: userID,
  129. realmID: r.id,
  130. Secret: reqSec,
  131. })
  132. if err != nil {
  133. log.WithError(err).Print("Failed to store new auth session")
  134. return nil
  135. }
  137. return &struct {
  138. URL string
  139. }{authURL.String()}
  140. }
  142. func (r *jiraRealm) OnReceiveRedirect(w http.ResponseWriter, req *http.Request) {
  144. }
  146. func (r *jiraRealm) AuthSession(id, userID, realmID string) types.AuthSession {
  147. return nil
  148. }
  150. // jiraClient returns an authenticated jira.Client for the given userID. Returns an unauthenticated
  151. // client if allowUnauth is true and no authenticated session is found, else returns an error.
  152. func (r *jiraRealm) jiraClient(u urls.JIRAURL, userID string, allowUnauth bool) (*jira.Client, error) {
  153. // TODO: Check if user has an auth session. Requires access token+secret
  154. hasAuthSession := false
  156. if hasAuthSession {
  157. // make an authenticated client
  158. var cli *jira.Client
  160. auth := r.oauth1Config(u)
  162. httpClient := auth.Client(context.TODO(), oauth1.NewToken("access_tokenTODO", "access_secretTODO"))
  163. cli, err := jira.NewClient(httpClient, u.Base)
  164. return cli, err
  165. } else if allowUnauth {
  166. // make an unauthenticated client
  167. cli, err := jira.NewClient(nil, u.Base)
  168. return cli, err
  169. } else {
  170. return nil, errors.New("No authenticated session found for " + userID)
  171. }
  172. }
  174. func (r *jiraRealm) parsePrivateKey() error {
  175. pk, err := loadPrivateKey(r.PrivateKeyPEM)
  176. if err != nil {
  177. return err
  178. }
  179. pub, err := publicKeyAsPEM(pk)
  180. if err != nil {
  181. return err
  182. }
  183. r.PublicKeyPEM = pub
  184. r.privateKey = pk
  185. return nil
  186. }
  188. func (r *jiraRealm) oauth1Config(u urls.JIRAURL) *oauth1.Config {
  189. return &oauth1.Config{
  190. ConsumerKey: r.ConsumerKey,
  191. ConsumerSecret: r.ConsumerSecret,
  192. // TODO: path from goneb.go - we should factor it out like we did with Services
  193. CallbackURL: u.Base + "realms/redirect/" + r.id,
  194. // TODO: In JIRA Cloud, the Authorization URL is only the Instance BASE_URL:
  195. // https://BASE_URL.atlassian.net.
  196. // It also does not require the + "/plugins/servlet/oauth/authorize"
  197. // We should probably check the provided JIRA base URL to see if it is a cloud one
  198. // then adjust accordingly.
  199. Endpoint: oauth1.Endpoint{
  200. RequestTokenURL: u.Base + "plugins/servlet/oauth/request-token",
  201. AuthorizeURL: u.Base + "plugins/servlet/oauth/authorize",
  202. AccessTokenURL: u.Base + "plugins/servlet/oauth/access-token",
  203. },
  204. Signer: &oauth1.RSASigner{
  205. PrivateKey: r.privateKey,
  206. },
  207. }
  208. }
  210. func loadPrivateKey(privKeyPEM string) (*rsa.PrivateKey, error) {
  211. // Decode PEM to grab the private key type
  212. block, _ := pem.Decode([]byte(privKeyPEM))
  213. if block == nil {
  214. return nil, errors.New("No PEM formatted block found")
  215. }
  217. priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
  218. if err != nil {
  219. return nil, err
  220. }
  221. return priv, nil
  222. }
  224. func publicKeyAsPEM(pkey *rsa.PrivateKey) (string, error) {
  225. // https://github.com/golang-samples/cipher/blob/master/crypto/rsa_keypair.go
  226. der, err := x509.MarshalPKIXPublicKey(&pkey.PublicKey)
  227. if err != nil {
  228. return "", err
  229. }
  230. block := pem.Block{
  231. Type: "PUBLIC KEY",
  232. Headers: nil,
  233. Bytes: der,
  234. }
  235. return string(pem.EncodeToMemory(&block)), nil
  236. }
  238. // jiraServiceInfo is the HTTP response to JIRA_ENDPOINT/rest/api/2/serverInfo
  239. type jiraServiceInfo struct {
  240. ServerTitle string `json:"serverTitle"`
  241. Version string `json:"version"`
  242. VersionNumbers []int `json:"versionNumbers"`
  243. BaseURL string `json:"baseUrl"`
  244. }
  246. func jiraServerInfo(cli *jira.Client) (*jiraServiceInfo, error) {
  247. var jsi jiraServiceInfo
  248. req, _ := cli.NewRequest("GET", "rest/api/2/serverInfo", nil)
  249. _, err := cli.Do(req, &jsi)
  250. if err != nil {
  251. return nil, err
  252. }
  253. return &jsi, nil
  254. }
  256. func init() {
  257. types.RegisterAuthRealm(func(realmID string) types.AuthRealm {
  258. return &jiraRealm{id: realmID}
  259. })
  260. }