Merge branch 'main' into implement_apps

.github/workflows/maven-build.yml

@@ -76,7 +76,7 @@ jobs:
     - name: Maven Install with Code Coverage
       run: mvn -B clean install -D enable-ci -Djapicmp.skip --file pom.xml
     - name: Codecov Report 
-      uses: codecov/codecov-action@v3.1.1
+      uses: codecov/codecov-action@v3.1.3
   test:
     name: test (${{ matrix.os }}, Java ${{ matrix.java }})
     runs-on: ${{ matrix.os }}-latest

pom.xml

@@ -396,7 +396,7 @@
       <plugin>
         <groupId>com.github.siom79.japicmp</groupId>
         <artifactId>japicmp-maven-plugin</artifactId>
-        <version>0.17.1</version>
+        <version>0.17.2</version>
         <configuration>
           <parameter>
             <breakBuildOnBinaryIncompatibleModifications>true</breakBuildOnBinaryIncompatibleModifications>

src/main/java/org/kohsuke/github/authorization/AppInstallationAuthorizationProvider.java

@@ -0,0 +1,80 @@
+package org.kohsuke.github.authorization;
+
+import org.kohsuke.github.BetaApi;
+import org.kohsuke.github.GHApp;
+import org.kohsuke.github.GHAppInstallation;
+import org.kohsuke.github.GHAppInstallationToken;
+import org.kohsuke.github.GitHub;
+
+import java.io.IOException;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Objects;
+
+import javax.annotation.Nonnull;
+
+/**
+ * An AuthorizationProvider that performs automatic token refresh for an organization's AppInstallation.
+ */
+public class AppInstallationAuthorizationProvider extends GitHub.DependentAuthorizationProvider {
+
+    private final AppInstallationProvider appInstallationProvider;
+
+    private String authorization;
+
+    @Nonnull
+    private Instant validUntil = Instant.MIN;
+
+    /**
+     * Provides an AuthorizationProvider that performs automatic token refresh, based on an previously authenticated
+     * github client.
+     *
+     * @param appInstallationProvider
+     *            An AppInstallationProvider that the authorization provider will use to retrieve the App.
+     * @param authorizationProvider
+     *            A authorization provider that returns a JWT token that can be used to refresh the App Installation
+     *            token from GitHub.
+     */
+    @BetaApi
+    public AppInstallationAuthorizationProvider(AppInstallationProvider appInstallationProvider,
+            AuthorizationProvider authorizationProvider) {
+        super(authorizationProvider);
+        this.appInstallationProvider = appInstallationProvider;
+    }
+
+    @Override
+    public String getEncodedAuthorization() throws IOException {
+        synchronized (this) {
+            if (authorization == null || Instant.now().isAfter(this.validUntil)) {
+                String token = refreshToken();
+                authorization = String.format("token %s", token);
+            }
+            return authorization;
+        }
+    }
+
+    private String refreshToken() throws IOException {
+        GitHub gitHub = this.gitHub();
+        GHAppInstallation installationByOrganization = appInstallationProvider.getAppInstallation(gitHub.getApp());
+        GHAppInstallationToken ghAppInstallationToken = installationByOrganization.createToken().create();
+        this.validUntil = ghAppInstallationToken.getExpiresAt().toInstant().minus(Duration.ofMinutes(5));
+        return Objects.requireNonNull(ghAppInstallationToken.getToken());
+    }
+
+    /**
+     * Provides an interface that returns an app to be used by an AppInstallationAuthorizationProvider
+     */
+    @FunctionalInterface
+    public interface AppInstallationProvider {
+        /**
+         * Provides a GHAppInstallation for the given GHApp
+         *
+         * @param app
+         *            The GHApp to use
+         * @return The GHAppInstallation
+         * @throws IOException
+         *             on error
+         */
+        GHAppInstallation getAppInstallation(GHApp app) throws IOException;
+    }
+}

src/main/java/org/kohsuke/github/authorization/OrgAppInstallationAuthorizationProvider.java

@@ -1,28 +1,12 @@
 package org.kohsuke.github.authorization;
 
 import org.kohsuke.github.BetaApi;
-import org.kohsuke.github.GHAppInstallation;
-import org.kohsuke.github.GHAppInstallationToken;
-import org.kohsuke.github.GitHub;
-
-import java.io.IOException;
-import java.time.Duration;
-import java.time.Instant;
-import java.util.Objects;
-
-import javax.annotation.Nonnull;
 
 /**
  * An AuthorizationProvider that performs automatic token refresh for an organization's AppInstallation.
  */
-public class OrgAppInstallationAuthorizationProvider extends GitHub.DependentAuthorizationProvider {
-
-    private final String organizationName;
-
-    private String authorization;
-
-    @Nonnull
-    private Instant validUntil = Instant.MIN;
+@Deprecated
+public class OrgAppInstallationAuthorizationProvider extends AppInstallationAuthorizationProvider {
 
     /**
      * Provides an AuthorizationProvider that performs automatic token refresh, based on an previously authenticated
@@ -33,31 +17,13 @@ public class OrgAppInstallationAuthorizationProvider extends GitHub.DependentAut
      * @param authorizationProvider
      *            A authorization provider that returns a JWT token that can be used to refresh the App Installation
      *            token from GitHub.
+     *
+     * @deprecated Replaced by {@link AppInstallationAuthorizationProvider}
      */
     @BetaApi
+    @Deprecated
     public OrgAppInstallationAuthorizationProvider(String organizationName,
             AuthorizationProvider authorizationProvider) {
-        super(authorizationProvider);
-        this.organizationName = organizationName;
-    }
-
-    @Override
-    public String getEncodedAuthorization() throws IOException {
-        synchronized (this) {
-            if (authorization == null || Instant.now().isAfter(this.validUntil)) {
-                String token = refreshToken();
-                authorization = String.format("token %s", token);
-            }
-            return authorization;
-        }
-    }
-
-    private String refreshToken() throws IOException {
-        GitHub gitHub = this.gitHub();
-        GHAppInstallation installationByOrganization = gitHub.getApp()
-                .getInstallationByOrganization(this.organizationName);
-        GHAppInstallationToken ghAppInstallationToken = installationByOrganization.createToken().create();
-        this.validUntil = ghAppInstallationToken.getExpiresAt().toInstant().minus(Duration.ofMinutes(5));
-        return Objects.requireNonNull(ghAppInstallationToken.getToken());
+        super(app -> app.getInstallationByOrganization(organizationName), authorizationProvider);
     }
 }

src/test/java/org/kohsuke/github/OrgAppInstallationAuthorizationProviderTest.java → src/test/java/org/kohsuke/github/AppInstallationAuthorizationProviderTest.java

@@ -1,24 +1,27 @@
 package org.kohsuke.github;
 
 import org.junit.Test;
+import org.kohsuke.github.authorization.AppInstallationAuthorizationProvider;
 import org.kohsuke.github.authorization.ImmutableAuthorizationProvider;
 import org.kohsuke.github.authorization.OrgAppInstallationAuthorizationProvider;
 
 import java.io.IOException;
 
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.notNullValue;
+import static org.hamcrest.CoreMatchers.startsWith;
 
 // TODO: Auto-generated Javadoc
+
 /**
- * The Class OrgAppInstallationAuthorizationProviderTest.
+ * The Class AppInstallationAuthorizationProviderTest.
  */
-public class OrgAppInstallationAuthorizationProviderTest extends AbstractGHAppInstallationTest {
+public class AppInstallationAuthorizationProviderTest extends AbstractGHAppInstallationTest {
 
     /**
      * Instantiates a new org app installation authorization provider test.
      */
-    public OrgAppInstallationAuthorizationProviderTest() {
+    public AppInstallationAuthorizationProviderTest() {
         useDefaultGitHub = false;
     }
 
@@ -48,7 +51,8 @@ public void invalidJWTTokenRaisesException() throws IOException {
      */
     @Test
     public void validJWTTokenAllowsOauthTokenRequest() throws IOException {
-        OrgAppInstallationAuthorizationProvider provider = new OrgAppInstallationAuthorizationProvider("hub4j-test-org",
+        AppInstallationAuthorizationProvider provider = new AppInstallationAuthorizationProvider(
+                app -> app.getInstallationByOrganization("hub4j-test-org"),
                 ImmutableAuthorizationProvider.fromJwtToken("bogus-valid-token"));
         gitHub = getGitHubBuilder().withAuthorizationProvider(provider)
                 .withEndpoint(mockGitHub.apiServer().baseUrl())
@@ -59,4 +63,27 @@ public void validJWTTokenAllowsOauthTokenRequest() throws IOException {
         assertThat(encodedAuthorization, equalTo("token v1.9a12d913f980a45a16ac9c3a9d34d9b7sa314cb6"));
     }
 
+    /**
+     * Lookup of an app by id works as expected
+     *
+     * @throws IOException
+     *             Signals that an I/O exception has occurred.
+     */
+    @Test
+    public void validJWTTokenWhenLookingUpAppById() throws IOException {
+        AppInstallationAuthorizationProvider provider = new AppInstallationAuthorizationProvider(
+                // https://github.com/organizations/hub4j-test-org/settings/installations/12129901
+                app -> app.getInstallationById(12129901L),
+                jwtProvider1);
+        gitHub = getGitHubBuilder().withAuthorizationProvider(provider)
+                .withEndpoint(mockGitHub.apiServer().baseUrl())
+                .build();
+        String encodedAuthorization = provider.getEncodedAuthorization();
+
+        assertThat(encodedAuthorization, notNullValue());
+        // we could assert on the exact token with wiremock, but it would make the update of the test more complex
+        // do we really care, getting a token should be enough.
+        assertThat(encodedAuthorization, startsWith("token ghs_"));
+    }
+
 }

src/test/java/org/kohsuke/github/GHAuthenticatedAppInstallationTest.java

@@ -1,7 +1,7 @@
 package org.kohsuke.github;
 
 import org.junit.Test;
-import org.kohsuke.github.authorization.OrgAppInstallationAuthorizationProvider;
+import org.kohsuke.github.authorization.AppInstallationAuthorizationProvider;
 
 import java.io.IOException;
 import java.util.List;
@@ -22,7 +22,8 @@ public class GHAuthenticatedAppInstallationTest extends AbstractGHAppInstallatio
      */
     @Override
     protected GitHubBuilder getGitHubBuilder() {
-        OrgAppInstallationAuthorizationProvider provider = new OrgAppInstallationAuthorizationProvider("hub4j-test-org",
+        AppInstallationAuthorizationProvider provider = new AppInstallationAuthorizationProvider(
+                app -> app.getInstallationByOrganization("hub4j-test-org"),
                 jwtProvider1);
         return super.getGitHubBuilder().withAuthorizationProvider(provider);
     }

src/test/resources/org/kohsuke/github/AppInstallationAuthorizationProviderTest/wiremock/validJWTTokenWhenLookingUpAppById/__files/app-1.json

@@ -0,0 +1,37 @@
+{
+  "id": 82994,
+  "slug": "ghapi-test-app-1",
+  "node_id": "MDM6QXBwODI5OTQ=",
+  "owner": {
+    "login": "hub4j-test-org",
+    "id": 7544739,
+    "node_id": "MDEyOk9yZ2FuaXphdGlvbjc1NDQ3Mzk=",
+    "avatar_url": "https://avatars.githubusercontent.com/u/7544739?v=4",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/hub4j-test-org",
+    "html_url": "https://github.com/hub4j-test-org",
+    "followers_url": "https://api.github.com/users/hub4j-test-org/followers",
+    "following_url": "https://api.github.com/users/hub4j-test-org/following{/other_user}",
+    "gists_url": "https://api.github.com/users/hub4j-test-org/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/hub4j-test-org/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/hub4j-test-org/subscriptions",
+    "organizations_url": "https://api.github.com/users/hub4j-test-org/orgs",
+    "repos_url": "https://api.github.com/users/hub4j-test-org/repos",
+    "events_url": "https://api.github.com/users/hub4j-test-org/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/hub4j-test-org/received_events",
+    "type": "Organization",
+    "site_admin": false
+  },
+  "name": "GHApi Test app 1",
+  "description": "",
+  "external_url": "http://localhost",
+  "html_url": "https://github.com/apps/ghapi-test-app-1",
+  "created_at": "2020-09-30T13:40:56Z",
+  "updated_at": "2020-09-30T13:40:56Z",
+  "permissions": {
+    "contents": "read",
+    "metadata": "read"
+  },
+  "events": [],
+  "installations_count": 1
+}

src/test/resources/org/kohsuke/github/AppInstallationAuthorizationProviderTest/wiremock/validJWTTokenWhenLookingUpAppById/__files/app_installations_12129901-2.json

@@ -0,0 +1,40 @@
+{
+  "id": 12129901,
+  "account": {
+    "login": "hub4j-test-org",
+    "id": 7544739,
+    "node_id": "MDEyOk9yZ2FuaXphdGlvbjc1NDQ3Mzk=",
+    "avatar_url": "https://avatars.githubusercontent.com/u/7544739?v=4",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/hub4j-test-org",
+    "html_url": "https://github.com/hub4j-test-org",
+    "followers_url": "https://api.github.com/users/hub4j-test-org/followers",
+    "following_url": "https://api.github.com/users/hub4j-test-org/following{/other_user}",
+    "gists_url": "https://api.github.com/users/hub4j-test-org/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/hub4j-test-org/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/hub4j-test-org/subscriptions",
+    "organizations_url": "https://api.github.com/users/hub4j-test-org/orgs",
+    "repos_url": "https://api.github.com/users/hub4j-test-org/repos",
+    "events_url": "https://api.github.com/users/hub4j-test-org/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/hub4j-test-org/received_events",
+    "type": "Organization",
+    "site_admin": false
+  },
+  "repository_selection": "selected",
+  "access_tokens_url": "https://api.github.com/app/installations/12129901/access_tokens",
+  "repositories_url": "https://api.github.com/installation/repositories",
+  "html_url": "https://github.com/organizations/hub4j-test-org/settings/installations/12129901",
+  "app_id": 82994,
+  "app_slug": "ghapi-test-app-1",
+  "target_id": 7544739,
+  "target_type": "Organization",
+  "permissions": {},
+  "events": [],
+  "created_at": "2020-09-30T13:41:32.000Z",
+  "updated_at": "2023-03-21T14:39:11.000Z",
+  "single_file_name": null,
+  "has_multiple_single_files": false,
+  "single_file_paths": [],
+  "suspended_by": null,
+  "suspended_at": null
+}

src/test/resources/org/kohsuke/github/AppInstallationAuthorizationProviderTest/wiremock/validJWTTokenWhenLookingUpAppById/mappings/app-1.json

@@ -0,0 +1,42 @@
+{
+  "id": "44e77d23-3e8f-4c80-a5fc-98546576386a",
+  "name": "app",
+  "request": {
+    "url": "/app",
+    "method": "GET",
+    "headers": {
+      "Accept": {
+        "equalTo": "application/vnd.github.machine-man-preview+json"
+      }
+    }
+  },
+  "response": {
+    "status": 200,
+    "bodyFileName": "app-1.json",
+    "headers": {
+      "Server": "GitHub.com",
+      "Date": "Fri, 14 Apr 2023 09:15:08 GMT",
+      "Content-Type": "application/json; charset=utf-8",
+      "Cache-Control": "public, max-age=60, s-maxage=60",
+      "Vary": [
+        "Accept",
+        "Accept-Encoding, Accept, X-Requested-With"
+      ],
+      "ETag": "W/\"662c8ea184a852f605e0c94a9789fe43965f939e16e02ff0b3a8cc1043078a62\"",
+      "X-GitHub-Media-Type": "github.v3; param=machine-man-preview; format=json",
+      "x-github-api-version-selected": "2022-11-28",
+      "Access-Control-Expose-Headers": "ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset",
+      "Access-Control-Allow-Origin": "*",
+      "Strict-Transport-Security": "max-age=31536000; includeSubdomains; preload",
+      "X-Frame-Options": "deny",
+      "X-Content-Type-Options": "nosniff",
+      "X-XSS-Protection": "0",
+      "Referrer-Policy": "origin-when-cross-origin, strict-origin-when-cross-origin",
+      "Content-Security-Policy": "default-src 'none'",
+      "X-GitHub-Request-Id": "D5E4:64DB:14B8E4B:2A5B09C:6439199C"
+    }
+  },
+  "uuid": "44e77d23-3e8f-4c80-a5fc-98546576386a",
+  "persistent": true,
+  "insertionIndex": 1
+}