mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
Merge pull request #20498 from overleaf/ls-remove-pw-grant-logic
remove password grant logic GitOrigin-RevId: ba42deea5824e6f91affceaa19c4d523ec73ce4c
This commit is contained in:
parent
7002d1e4bf
commit
180718678c
1 changed files with 3 additions and 45 deletions
|
@ -121,30 +121,9 @@ public class Oauth2Filter implements Filter {
|
|||
}
|
||||
cred.setAccessToken(password);
|
||||
} else if (this.isUserPasswordEnabled) {
|
||||
String accessToken = null;
|
||||
try {
|
||||
accessToken = doPasswordGrantFlow(username, password, getClientIp(request));
|
||||
} catch (TokenResponseException e) {
|
||||
int statusCode = e.getStatusCode();
|
||||
if (statusCode == 429) {
|
||||
handleRateLimit(projectId, username, request, response);
|
||||
} else if (statusCode == 400 || statusCode == 401) {
|
||||
handleNeedAuthorization(projectId, username, request, response);
|
||||
} else if (statusCode == 410) {
|
||||
// 410 is returned from `web` though endpoint "/oauth/token" is not deprecated.
|
||||
// Ideally, we should return 400 with proper error info in the response body.
|
||||
// However, on the git-bridge side, `google-oauth-client` is used to request
|
||||
// tokens, and there is no easy way to get response body as everything is
|
||||
// encapsulated by the library.
|
||||
// Hence we use http error code 410 to indicate password auth is deprecated for
|
||||
// a user.
|
||||
// password auth has been deprecated for git-bridge
|
||||
handlePasswordAuthenticationDeprecation(projectId, request, response);
|
||||
} else {
|
||||
handleUnknownOauthServerError(projectId, statusCode, request, response);
|
||||
}
|
||||
return;
|
||||
}
|
||||
cred.setAccessToken(accessToken);
|
||||
} else {
|
||||
handleNeedAuthorization(projectId, username, request, response);
|
||||
return;
|
||||
|
@ -342,25 +321,4 @@ public class Oauth2Filter implements Filter {
|
|||
String password = split[1];
|
||||
return new BasicAuthCredentials(username, password);
|
||||
}
|
||||
|
||||
/*
|
||||
* Perform a password grant flow with the OAuth server and return an access
|
||||
* token.
|
||||
*
|
||||
* The access token is null if the password grant flow was unsuccessful.
|
||||
*/
|
||||
private String doPasswordGrantFlow(String username, String password, String clientIp)
|
||||
throws IOException {
|
||||
return new PasswordTokenRequest(
|
||||
Instance.httpTransport,
|
||||
Instance.jsonFactory,
|
||||
new GenericUrl(oauth2.getOauth2Server() + "/oauth/token?client_ip=" + clientIp),
|
||||
username,
|
||||
password)
|
||||
.setClientAuthentication(
|
||||
new ClientParametersAuthentication(
|
||||
oauth2.getOauth2ClientID(), oauth2.getOauth2ClientSecret()))
|
||||
.execute()
|
||||
.getAccessToken();
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue