iterate-ch · dkocher · Aug 28, 2023 · Aug 6, 2023 · Aug 6, 2023 · Aug 6, 2023
@@ -19,12 +19,16 @@ jobs:
         with:
           distribution: 'temurin'
           java-version: 17
+      - name: Disable Testcontainers for Windows and MacOS
+        run: echo "args=-P=no-testcontainers" >> "$GITHUB_ENV"
+        shell: bash
+        if: runner.os == 'windows' || runner.os == 'macos'
       - run: choco install bonjour
-        if: runner.os == 'Windows'
+        if: runner.os == 'windows'
       - uses: ilammy/msvc-dev-cmd@v1
-        if: runner.os == 'Windows'
+        if: runner.os == 'windows'
       - uses: microsoft/setup-msbuild@v1.3
-        if: runner.os == 'Windows'
+        if: runner.os == 'windows'
         with:
           msbuild-architecture: x64
       - name: Cache local Maven repository
@@ -35,4 +39,4 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-maven-
       - name: Build with Maven
-        run: mvn --no-transfer-progress verify -DskipITs -DskipSign --batch-mode -Drevision=0
+        run: mvn --no-transfer-progress verify -DskipITs -DskipSign ${{ env.args }} --batch-mode -Drevision=0
@@ -71,15 +71,14 @@ public CloseableHttpClient connect(final Proxy proxy, final HostKeyCallback key,
         authorizationService = new OAuth2RequestInterceptor(configuration.build(), host, prompt)
                 .withRedirectUri(host.getProtocol().getOAuthRedirectUrl());
         configuration.addInterceptorLast(authorizationService);
-        configuration.setServiceUnavailableRetryStrategy(new OAuth2ErrorResponseInterceptor(host, authorizationService, prompt));
+        configuration.setServiceUnavailableRetryStrategy(new OAuth2ErrorResponseInterceptor(host, authorizationService));
         return configuration.build();
     }
 
     @Override
     public void login(final Proxy proxy, final LoginCallback prompt, final CancelCallback cancel) throws BackgroundException {
-        authorizationService.authorize(host, prompt, cancel);
         try {
-            final Credentials credentials = host.getCredentials();
+            final Credentials credentials = authorizationService.validate();
             credentials.setUsername(new UsersApi(new BoxApiClient(client)).getUsersMe(Collections.emptyList()).getLogin());
         }
         catch(ApiException e) {

@@ -19,6 +19,7 @@
 import ch.cyberduck.core.Credentials;
 import ch.cyberduck.core.CredentialsConfigurator;
 import ch.cyberduck.core.Host;
+import ch.cyberduck.core.exception.LoginCanceledException;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
@@ -41,7 +42,7 @@ public Credentials configure(final Host host) {
     }
 
     @Override
-    public CredentialsConfigurator reload() {
+    public CredentialsConfigurator reload() throws LoginCanceledException {
         return this;
     }
 }
@@ -211,6 +211,11 @@ public boolean isOAuthPKCE() {
         return true;
     }
 
+    @Override
+    public String getSTSEndpoint() {
+        return null;
+    }
+
     @Override
     public String getDefaultHostname() {
         // Blank by default
@@ -316,6 +321,10 @@ public boolean validate(final Credentials credentials, final LoginOptions option
                     return StringUtils.isNotBlank(credentials.getPassword());
             }
         }
+        if(options.oauth) {
+            // Always refresh tokens in login
+            return true;
+        }
         if(options.token) {
             return StringUtils.isNotBlank(credentials.getToken());
         }

@@ -38,7 +38,7 @@ public class Credentials implements Comparable<Credentials> {
      * The login password
      */
     private String password = StringUtils.EMPTY;
-    private String token = StringUtils.EMPTY;
+    private TemporaryAccessTokens tokens = TemporaryAccessTokens.EMPTY;
     private OAuthTokens oauth = OAuthTokens.EMPTY;
 
     /**
@@ -72,7 +72,7 @@ public Credentials() {
     public Credentials(final Credentials copy) {
         this.user = copy.user;
         this.password = copy.password;
-        this.token = copy.token;
+        this.tokens = copy.tokens;
         this.oauth = copy.oauth;
         this.identity = copy.identity;
         this.identityPassphrase = copy.identityPassphrase;
@@ -97,7 +97,7 @@ public Credentials(final String user, final String password) {
     public Credentials(final String user, final String password, final String token) {
         this.user = user;
         this.password = password;
-        this.token = token;
+        this.tokens = new TemporaryAccessTokens(token);
     }
 
     /**
@@ -113,8 +113,7 @@ public void setUsername(final String user) {
     }
 
     public Credentials withUsername(final String user) {
-        this.user = user;
-        this.passed = false;
+        this.setUsername((user));
         return this;
     }
 
@@ -136,23 +135,35 @@ public void setPassword(final String password) {
     }
 
     public Credentials withPassword(final String password) {
-        this.password = password;
-        this.passed = false;
+        this.setPassword(password);
         return this;
     }
 
     public String getToken() {
-        return token;
+        return tokens.getSessionToken();
     }
 
     public void setToken(final String token) {
-        this.token = token;
+        this.tokens = new TemporaryAccessTokens(token);
         this.passed = false;
     }
 
     public Credentials withToken(final String token) {
-        this.token = token;
+        this.setToken(token);
+        return this;
+    }
+
+    public TemporaryAccessTokens getTokens() {
+        return tokens;
+    }
+
+    public void setTokens(final TemporaryAccessTokens tokens) {
+        this.tokens = tokens;
         this.passed = false;
+    }
+
+    public Credentials withTokens(final TemporaryAccessTokens tokens) {
+        this.setTokens(tokens);
         return this;
     }
 
@@ -165,7 +176,7 @@ public void setOauth(final OAuthTokens oauth) {
     }
 
     public Credentials withOauth(final OAuthTokens oauth) {
-        this.oauth = oauth;
+        this.setOauth(oauth);
         return this;
     }
 
@@ -186,7 +197,7 @@ public void setSaved(final boolean saved) {
     }
 
     public Credentials withSaved(final boolean saved) {
-        this.saved = saved;
+        this.setSaved(saved);
         return this;
     }
 
@@ -213,7 +224,7 @@ public boolean isPasswordAuthentication() {
     }
 
     public boolean isTokenAuthentication() {
-        return StringUtils.isNotBlank(token);
+        return StringUtils.isNotBlank(tokens.getSessionToken());
     }
 
     public boolean isOAuthAuthentication() {
@@ -300,6 +311,7 @@ public boolean validate(final Protocol protocol, final LoginOptions options) {
     public void reset() {
         this.setPassword(StringUtils.EMPTY);
         this.setToken(StringUtils.EMPTY);
+        this.setTokens(TemporaryAccessTokens.EMPTY);
         this.setOauth(OAuthTokens.EMPTY);
         this.setIdentityPassphrase(StringUtils.EMPTY);
     }
@@ -328,24 +340,25 @@ public boolean equals(final Object o) {
         }
         final Credentials that = (Credentials) o;
         return Objects.equals(user, that.user) &&
-            Objects.equals(password, that.password) &&
-            Objects.equals(token, that.token) &&
-            Objects.equals(identity, that.identity) &&
-            Objects.equals(certificate, that.certificate);
+                Objects.equals(password, that.password) &&
+                Objects.equals(tokens, that.tokens) &&
+                Objects.equals(oauth, that.oauth) &&
+                Objects.equals(identity, that.identity) &&
+                Objects.equals(certificate, that.certificate);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(user, password, token, identity, certificate);
+        return Objects.hash(user, password, tokens, oauth, identity, certificate);
     }
 
     @Override
     public String toString() {
         final StringBuilder sb = new StringBuilder("Credentials{");
         sb.append("user='").append(user).append('\'');
         sb.append(", password='").append(StringUtils.repeat("*", Integer.min(8, StringUtils.length(password)))).append('\'');
+        sb.append(", tokens='").append(tokens).append('\'');
         sb.append(", oauth='").append(oauth).append('\'');
-        sb.append(", token='").append(StringUtils.repeat("*", Integer.min(8, StringUtils.length(token)))).append('\'');
         sb.append(", identity=").append(identity);
         sb.append('}');
         return sb.toString();

@@ -18,6 +18,8 @@
  * dkocher@cyberduck.ch
  */
 
+import ch.cyberduck.core.exception.LoginCanceledException;
+
 public interface CredentialsConfigurator {
 
     /**
@@ -27,7 +29,7 @@ public interface CredentialsConfigurator {
      */
     Credentials configure(Host host);
 
-    CredentialsConfigurator reload();
+    CredentialsConfigurator reload() throws LoginCanceledException;
 
     CredentialsConfigurator DISABLED = new CredentialsConfigurator() {
         @Override

@@ -18,6 +18,8 @@
  * dkocher@cyberduck.ch
  */
 
+import ch.cyberduck.core.exception.LoginCanceledException;
+
 public final class CredentialsConfiguratorFactory {
 
     private CredentialsConfiguratorFactory() {
@@ -29,6 +31,11 @@ private CredentialsConfiguratorFactory() {
      * @return Configurator for default settings
      */
     public static CredentialsConfigurator get(final Protocol protocol) {
-        return protocol.getCredentialsFinder().reload();
+        try {
+            return protocol.getCredentialsFinder().reload();
+        }
+        catch(LoginCanceledException e) {
+            return CredentialsConfigurator.DISABLED;
+        }
     }
 }
@@ -18,8 +18,6 @@
  */
 
 import ch.cyberduck.core.exception.LocalAccessDeniedException;
-import ch.cyberduck.core.preferences.Preferences;
-import ch.cyberduck.core.preferences.PreferencesFactory;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
@@ -30,8 +28,6 @@
 public abstract class DefaultHostPasswordStore implements HostPasswordStore {
     private static final Logger log = LogManager.getLogger(DefaultHostPasswordStore.class);
 
-    private final Preferences preferences = PreferencesFactory.get();
-
     /**
      * Find password for login
      *
@@ -161,7 +157,9 @@ public OAuthTokens findOAuthTokens(final Host bookmark) {
                             String.format("%s OAuth2 Access Token", prefix)),
                     this.getPassword(bookmark.getProtocol().getScheme(), bookmark.getPort(), hostname,
                             String.format("%s OAuth2 Refresh Token", prefix)),
-                    expiry != null ? Long.parseLong(expiry) : -1L));
+                    expiry != null ? Long.parseLong(expiry) : -1L,
+                    this.getPassword(bookmark.getProtocol().getScheme(), bookmark.getPort(), hostname,
+                            String.format("%s OIDC Id Token", prefix))));
         }
         catch(LocalAccessDeniedException e) {
             log.warn(String.format("Failure %s searching in keychain", e));
@@ -232,6 +230,11 @@ public void save(final Host bookmark) throws LocalAccessDeniedException {
                 this.addPassword(this.getOAuthHostname(bookmark), String.format("%s OAuth2 Token Expiry", prefix),
                         String.valueOf(credentials.getOauth().getExpiryInMilliseconds()));
             }
+            if(StringUtils.isNotBlank(credentials.getOauth().getIdToken())) {
+                this.addPassword(bookmark.getProtocol().getScheme(),
+                        bookmark.getPort(), this.getOAuthHostname(bookmark),
+                        String.format("%s OIDC Id Token", prefix), credentials.getOauth().getIdToken());
+            }
         }
     }
 
@@ -272,6 +275,10 @@ public void delete(final Host bookmark) throws LocalAccessDeniedException {
             if(credentials.getOauth().getExpiryInMilliseconds() != null) {
                 this.deletePassword(this.getOAuthHostname(bookmark), String.format("%s OAuth2 Token Expiry", prefix));
             }
+            if(StringUtils.isNotBlank(credentials.getOauth().getIdToken())) {
+                this.deletePassword(protocol.getScheme(), bookmark.getPort(), this.getOAuthHostname(bookmark),
+                        String.format("%s OIDC Id Token", prefix));
+            }
         }
     }
 }
@@ -18,6 +18,8 @@
  * dkocher@cyberduck.ch
  */
 
+import ch.cyberduck.core.exception.LoginCanceledException;
+
 public final class JumpHostConfiguratorFactory {
 
     private JumpHostConfiguratorFactory() {
@@ -29,6 +31,11 @@ private JumpHostConfiguratorFactory() {
      * @return Configurator for default settings
      */
     public static JumphostConfigurator get(final Protocol protocol) {
-        return protocol.getJumpHostFinder().reload();
+        try {
+            return protocol.getJumpHostFinder().reload();
+        }
+        catch(LoginCanceledException e) {
+            return JumphostConfigurator.DISABLED;
+        }
     }
 }
@@ -18,11 +18,13 @@
  * dkocher@cyberduck.ch
  */
 
+import ch.cyberduck.core.exception.LoginCanceledException;
+
 public interface JumphostConfigurator {
 
     Host getJumphost(String alias);
 
-    JumphostConfigurator reload();
+    JumphostConfigurator reload() throws LoginCanceledException;
 
     JumphostConfigurator DISABLED = new JumphostConfigurator() {
         @Override

@@ -160,7 +160,7 @@ public boolean prompt(final Host bookmark, final String message, final LoginCall
         }
         if(options.oauth) {
             prompt.warn(bookmark, LocaleFactory.localizedString("Login failed", "Credentials"), message,
-                    LocaleFactory.localizedString("Continue", "Credentials"),
+                    LocaleFactory.localizedString("Try Again", "Alert"),
                     LocaleFactory.localizedString("Cancel", "Localizable"), null);
             log.warn(String.format("Reset OAuth tokens for %s", bookmark));
             credentials.setOauth(OAuthTokens.EMPTY);