Merge pull request #20498 from overleaf/ls-remove-pw-grant-logic

remove password grant logic GitOrigin-RevId: ba42deea5824e6f91affceaa19c4d523ec73ce4c
2024-10-17 21:05:04 -04:00 · 2024-09-24 10:50:38 +01:00 · 2024-09-24 10:50:38 +01:00 · 180718678c
commit 180718678c
parent 7002d1e4bf
1 changed files with 3 additions and 45 deletions
--- a/services/git-bridge/src/main/java/uk/ac/ic/wlgitbridge/server/Oauth2Filter.java
+++ b/services/git-bridge/src/main/java/uk/ac/ic/wlgitbridge/server/Oauth2Filter.java
@ -121,30 +121,9 @@ public class Oauth2Filter implements Filter {
      }
      cred.setAccessToken(password);
    } else if (this.isUserPasswordEnabled) {
-      String accessToken = null;
-      try {
-        accessToken = doPasswordGrantFlow(username, password, getClientIp(request));
-      } catch (TokenResponseException e) {
-        int statusCode = e.getStatusCode();
-        if (statusCode == 429) {
-          handleRateLimit(projectId, username, request, response);
-        } else if (statusCode == 400 || statusCode == 401) {
-          handleNeedAuthorization(projectId, username, request, response);
-        } else if (statusCode == 410) {
-          // 410 is returned from `web` though endpoint "/oauth/token" is not deprecated.
-          // Ideally, we should return 400 with proper error info in the response body.
-          // However, on the git-bridge side, `google-oauth-client` is used to request
-          // tokens, and there is no easy way to get response body as everything is
-          // encapsulated by the library.
-          // Hence we use http error code 410 to indicate password auth is deprecated for
-          // a user.
-          handlePasswordAuthenticationDeprecation(projectId, request, response);
-        } else {
-          handleUnknownOauthServerError(projectId, statusCode, request, response);
-        }
-        return;
-      }
-      cred.setAccessToken(accessToken);
+      // password auth has been deprecated for git-bridge
+      handlePasswordAuthenticationDeprecation(projectId, request, response);
+      return;
    } else {
      handleNeedAuthorization(projectId, username, request, response);
      return;
@ -342,25 +321,4 @@ public class Oauth2Filter implements Filter {
    String password = split[1];
    return new BasicAuthCredentials(username, password);
  }
-
-  /*
-   * Perform a password grant flow with the OAuth server and return an access
-   * token.
-   *
-   * The access token is null if the password grant flow was unsuccessful.
-   */
-  private String doPasswordGrantFlow(String username, String password, String clientIp)
-      throws IOException {
-    return new PasswordTokenRequest(
-            Instance.httpTransport,
-            Instance.jsonFactory,
-            new GenericUrl(oauth2.getOauth2Server() + "/oauth/token?client_ip=" + clientIp),
-            username,
-            password)
-        .setClientAuthentication(
-            new ClientParametersAuthentication(
-                oauth2.getOauth2ClientID(), oauth2.getOauth2ClientSecret()))
-        .execute()
-        .getAccessToken();
-  }
 }