Uploaded image for project: 'Tools (JBoss Tools)'
  1. Tools (JBoss Tools)
  2. JBIDE-22756

Connection: various weirdness in token/password implementations

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • Major
    • 4.30.x
    • 4.4.1.AM2
    • openshift

    Description

      The lifecycle of the token is rather weird and needs a consistent logic:
      When connecting via wizard the token is set in the connection wizard:

      ConnectionWizardPageModel#connect
      ...
try {
	IConnection connection = createConnection(connectionFactory, connectionAuthenticationProvider);
...
      ConnectionWizardPageModel#createConnection
      ...
		if (authProvider != null) {
			authProvider.update(connection); // sets the token
		}
...
      BearTokenAuthenticationProvider#update
      ...
			connection.setAuthScheme(IAuthorizationContext.AUTHSCHEME_OAUTH);
connection.setToken(tokenObservable.getValue());
connection.setRememberToken(rememberTokenObservable.getValue());
...
      Connection#connect
      if(authorize()) {
...
      Connection#authorized
      ...
if (context.isAuthorized()) {
	String username = context.getUser().getName();
	String token = context.getToken();
	updateAuthorized(username, token);
} else {
...

      The token is then fetched from client and set to the connection

      Connection#updateAuthorized
      setToken(token);
...

      and the password is cleared

      Unable to find source-code formatter for language: connectoin#savepasswordortoken. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      		} else if (IAuthorizationContext.AUTHSCHEME_OAUTH.equals(getAuthScheme())){
			boolean success = saveOrClear(SECURE_STORAGE_TOKEN_KEY, this.token, isRememberToken());
			if(success) { 
				//Avoid second secure storage prompt.
				//Token is stored, password should be cleared.
				clearPassword();

      I suspect the aim here is to clear existing password in secure storage if the user is switching password->token based auth (and vice versa)
      The opposite is then not fully congruent. The token is only cleared in secure storage, not in Connection instance var

      Connection#savePasswordOrToken
      		if (IAuthorizationContext.AUTHSCHEME_BASIC.equals(getAuthScheme())) {
			boolean success = saveOrClear(SECURE_STORAGE_PASSWORD_KEY, this.password, isRememberPassword());
			if (success) {
				//Avoid second secure storage prompt.
				// Password is stored, token should be cleared.
				clearToken();
			}
{code:Connection#clearToken}
		// dont clear the token instance var: JBIDE-22594
		setRememberToken(false);
		saveOrClear(SECURE_STORAGE_TOKEN_KEY, null, false);

      I suspect that we should only clear in secure storage, not in the Connection instance as we see in JBIDE-22594 (for the opposite case where we dont clear the token in the Connection instance). But then one has to keep in mind that all auth is token based. Even if you auth via password initially, the auth is then switched to token based once the authorization succeeded and we got a token:

      Connection#updateAuthorized
      		setToken(token);
		if (IAuthorizationContext.AUTHSCHEME_OAUTH.equalsIgnoreCase(getAuthScheme())) {
			setUsername(username);
		}
		// force auth strategy to token if authorized
		TokenAuthorizationStrategy tokenStrategy = new TokenAuthorizationStrategy(token, username);
		client.setAuthorizationStrategy(tokenStrategy);

      Another issue is that the connection and the auth schemeare both stored in different classes. The connection is stored via

      ConnectionPersistency#persist
      preferences.saveConnections(connections.keySet().toArray(new String[] {}));
...

      while the auth scheme is stored in Connection#saveAuthSchemePreference:

      Connection#connect
      saveAuthSchemePreference();

      Attachments

        Issue Links

          is blocked by

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) JBIDE-22647 Update code to support openshift-restclient-java changes including auth context

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBIDE-22594 Deploy Docker Image wizard: password/token for registry is not prefilled even after choosing a connection

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. JBIDE-22738 Deploy docker wizard: Image registry URL becomes null when going between Connection and Deploy pages

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              adietish@redhat.com André Dietisheim
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: