Missing URL sanitization for Git URL from User Preferences Personal Access Token Dialog

[eye0fra]

Describe the bug

when a developer inserts a Git token from User Preferences, there is no validation of the Git URL? If the URL is incorrect, such as having a space before the HTTP protocol, it leads to login and dashboard usage issues due to an exception occurring in Devspace (Caused by: java.net.URISyntaxException: Illegal character in scheme name at index 0). Manual intervention on the generated secret is required to resolve the access issue.

Che version

7.82@latest

Steps to reproduce

1. Go to User Preferences.
2. Personal Access Token Tab
3. Add Token
4. Fill in the information and in the URL put a not complaint URL for instance with a space in front
5. After clicking Add the user cannot access the dashboard anymore, and the error shown from the dashboard is misleading.

Ffrom the server pod you can see:

Caused by: java.net.URISyntaxException: Illegal character in scheme name at index 0

Expected behavior

The UI and server should validate the URL information, and prompt the error to the user.

Runtime

OpenShift

Screenshots

Installation method

OperatorHub

Environment

Linux

Eclipse Che Logs

2024-02-22 11:41:53,996[nio-8080-exec-5]  [ERROR] [c.a.c.r.RuntimeExceptionMapper 55]   - Illegal character in scheme name at index 0:  https://bitbucket.org/
java.lang.IllegalArgumentException: Illegal character in scheme name at index 0:  https://bitbucket.org/
	at java.base/java.net.URI.create(URI.java:906)
	at org.eclipse.che.api.factory.server.bitbucket.HttpBitbucketServerApiClient.<init>(HttpBitbucketServerApiClient.java:88)
	at org.eclipse.che.api.factory.server.bitbucket.BitbucketServerPersonalAccessTokenFetcher.isValid(BitbucketServerPersonalAccessTokenFetcher.java:150)
	at org.eclipse.che.api.factory.server.scm.ScmPersonalAccessTokenFetcher.getScmUsername(ScmPersonalAccessTokenFetcher.java:86)
	at org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesPersonalAccessTokenManager.doGetPersonalAccessToken(KubernetesPersonalAccessTokenManager.java:193)
	at org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesPersonalAccessTokenManager.get(KubernetesPersonalAccessTokenManager.java:147)
	at org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesPersonalAccessTokenManager.store(KubernetesPersonalAccessTokenManager.java:301)
	at jdk.internal.reflect.GeneratedMethodAccessor216.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at com.google.inject.internal.DelegatingInvocationHandler.invoke(DelegatingInvocationHandler.java:50)
	at jdk.proxy4/jdk.proxy4.$Proxy104.store(Unknown Source)
	at org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.CredentialsSecretConfigurator.lambda$configure$1(CredentialsSecretConfigurator.java:76)
	at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
	at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
	at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
	at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
	at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)
	at org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.CredentialsSecretConfigurator.configure(CredentialsSecretConfigurator.java:73)
	at org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory.configureNamespace(KubernetesNamespaceFactory.java:544)
	at org.eclipse.che.workspace.infrastructure.openshift.project.OpenShiftProjectFactory.getOrCreate(OpenShiftProjectFactory.java:128)
	at org.eclipse.che.workspace.infrastructure.openshift.project.OpenShiftProjectFactory.getOrCreate(OpenShiftProjectFactory.java:59)
	at org.eclipse.che.workspace.infrastructure.kubernetes.provision.NamespaceProvisioner.provision(NamespaceProvisioner.java:42)
	at org.eclipse.che.workspace.infrastructure.kubernetes.api.server.KubernetesNamespaceService.provision(KubernetesNamespaceService.java:95)
	at jdk.internal.reflect.GeneratedMethodAccessor215.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at org.everrest.core.impl.method.DefaultMethodInvoker.invokeMethod(DefaultMethodInvoker.java:174)
	at org.everrest.core.impl.method.DefaultMethodInvoker.invokeMethod(DefaultMethodInvoker.java:61)
	at org.everrest.core.impl.RequestDispatcher.doInvokeResource(RequestDispatcher.java:329)
	at org.everrest.core.impl.RequestDispatcher.invokeSubResourceMethod(RequestDispatcher.java:319)
	at org.everrest.core.impl.RequestDispatcher.dispatch(RequestDispatcher.java:257)
	at org.everrest.core.impl.RequestDispatcher.dispatch(RequestDispatcher.java:131)
	at org.everrest.core.impl.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:61)
	at org.everrest.core.impl.EverrestProcessor.process(EverrestProcessor.java:130)
	at org.everrest.core.servlet.EverrestServlet.service(EverrestServlet.java:62)
	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:631)
	at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:290)
	at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:280)
	at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:184)
	at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:89)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85)
	at org.eclipse.che.core.metrics.ApiResponseMetricFilter.doFilter(ApiResponseMetricFilter.java:46)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.eclipse.che.multiuser.api.authentication.commons.filter.MultiUserEnvironmentInitializationFilter.doFilter(MultiUserEnvironmentInitializationFilter.java:161)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.eclipse.che.commons.logback.filter.RequestIdLoggerFilter.doFilter(RequestIdLoggerFilter.java:50)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:121)
	at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:133)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:166)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
	at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:738)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:676)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:400)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:894)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: java.net.URISyntaxException: Illegal character in scheme name at index 0:  https://bitbucket.org/
	at java.base/java.net.URI$Parser.fail(URI.java:2976)
	at java.base/java.net.URI$Parser.checkChars(URI.java:3147)
	at java.base/java.net.URI$Parser.checkChar(URI.java:3157)
	at java.base/java.net.URI$Parser.parse(URI.java:3172)
	at java.base/java.net.URI.<init>(URI.java:623)
	at java.base/java.net.URI.create(URI.java:904)
	... 73 common frames omitted

Additional context

No response

[ibuziuk]

@eye0fra thanks for reporting
@olexii4 @akurinnoy @vinokurig folks, we need to prioritize it for the next sprint (validation should be added on both UI and che-server)