fixup! Omit scm-username annotation from the PAT secret

wsmaster/che-core-api-factory-github/src/main/java/org/eclipse/che/api/factory/server/github/GithubPersonalAccessTokenFetcher.java

@@ -203,8 +203,19 @@ public Optional<Boolean> isValid(PersonalAccessToken personalAccessToken) {
     }
 
     try {
-      String[] scopes = githubApiClient.getTokenScopes(personalAccessToken.getToken()).second;
-      return Optional.of(containsScopes(scopes, DEFAULT_TOKEN_SCOPES));
+      if (personalAccessToken.getScmTokenName() != null
+          && personalAccessToken.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
+        String[] scopes = githubApiClient.getTokenScopes(personalAccessToken.getToken()).second;
+        return Optional.of(containsScopes(scopes, DEFAULT_TOKEN_SCOPES));
+      } else {
+        // No REST API for PAT-s in Github found yet. Just try to do some action.
+        GithubUser user = githubApiClient.getUser(personalAccessToken.getToken());
+        if (personalAccessToken.getScmUserName().equals(user.getLogin())) {
+          return Optional.of(Boolean.TRUE);
+        } else {
+          return Optional.of(Boolean.FALSE);
+        }
+      }
     } catch (ScmItemNotFoundException | ScmCommunicationException | ScmBadRequestException e) {
       return Optional.of(Boolean.FALSE);
     }
@@ -217,11 +228,18 @@ public Optional<Pair<Boolean, String>> isValid(PersonalAccessTokenParams params)
       return Optional.empty();
     }
     try {
-      Pair<String, String[]> pair = githubApiClient.getTokenScopes(params.getToken());
-      return Optional.of(
-          Pair.of(
-              containsScopes(pair.second, DEFAULT_TOKEN_SCOPES) ? Boolean.TRUE : Boolean.FALSE,
-              pair.first));
+      if (params.getScmTokenName() != null && params.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
+        Pair<String, String[]> pair = githubApiClient.getTokenScopes(params.getToken());
+        return Optional.of(
+            Pair.of(
+                containsScopes(pair.second, DEFAULT_TOKEN_SCOPES) ? Boolean.TRUE : Boolean.FALSE,
+                pair.first));
+      } else {
+        // TODO: add PAT scope validation
+        // No REST API for PAT-s in Github found yet. Just try to do some action.
+        GithubUser user = githubApiClient.getUser(params.getToken());
+        return Optional.of(Pair.of(Boolean.TRUE, user.getLogin()));
+      }
     } catch (ScmItemNotFoundException | ScmCommunicationException | ScmBadRequestException e) {
       return Optional.empty();
     }

wsmaster/che-core-api-factory-gitlab/src/main/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcher.java

@@ -193,18 +193,20 @@ public Optional<Pair<Boolean, String>> isValid(PersonalAccessTokenParams params)
     }
     try {
       GitlabUser user = gitlabApiClient.getUser(params.getToken());
-      String[] scopes;
       if (params.getScmTokenName() != null && params.getScmTokenName().startsWith(OAUTH_2_PREFIX)) {
-        scopes = gitlabApiClient.getOAuthTokenInfo(params.getToken()).getScope();
-      } else {
-        scopes = gitlabApiClient.getPersonalAccessTokenInfo(params.getToken()).getScopes();
+        // validation OAuth token by special API call
+        GitlabOauthTokenInfo info = gitlabApiClient.getOAuthTokenInfo(params.getToken());
+        return Optional.of(
+            Pair.of(
+                Sets.newHashSet(info.getScope()).containsAll(DEFAULT_TOKEN_SCOPES)
+                    ? Boolean.TRUE
+                    : Boolean.FALSE,
+                user.getUsername()));
       }
-      return Optional.of(
-          Pair.of(
-              Sets.newHashSet(scopes).containsAll(DEFAULT_TOKEN_SCOPES)
-                  ? Boolean.TRUE
-                  : Boolean.FALSE,
-              user.getUsername()));
+      // validating personal access token from secret. Since PAT API is accessible only in
+      // latest GitLab version, we just perform check by accessing something from API.
+      // TODO: add PAT scope validation
+      return Optional.of(Pair.of(Boolean.TRUE, user.getUsername()));
     } catch (ScmItemNotFoundException | ScmCommunicationException | ScmBadRequestException e) {
       return Optional.empty();
     }