Changeset 12992 in josm

Timestamp:

2017-10-14T00:09:56+02:00 (7 years ago)

Author:

Don-vip

Message:

fix #15435 - do not cache incorrect login credentials when using basic auth

Location:

trunk/src/org/openstreetmap/josm

Files:

• gui/io/CredentialDialog.java (modified) (9 diffs)
• io/OsmApi.java (modified) (3 diffs)
• io/OsmApiException.java (modified) (3 diffs)
• io/OsmConnection.java (modified) (3 diffs)
• io/OsmServerReader.java (modified) (2 diffs)
• io/auth/AbstractCredentialsAgent.java (modified) (3 diffs)
• io/auth/CredentialsAgent.java (modified) (1 diff)
• io/auth/CredentialsManager.java (modified) (2 diffs)
• tools/ExceptionUtil.java (modified) (1 diff)

trunk/src/org/openstreetmap/josm/gui/io/CredentialDialog.java

@@ -23 +23 @@
 import javax.swing.AbstractAction;
 import javax.swing.BorderFactory;
+import javax.swing.JButton;
 import javax.swing.JCheckBox;
 import javax.swing.JDialog;
@@ -30 +31 @@
 
 import org.openstreetmap.josm.Main;
-import org.openstreetmap.josm.gui.SideButton;
 import org.openstreetmap.josm.gui.help.ContextSensitiveHelpAction;
 import org.openstreetmap.josm.gui.help.HelpUtil;
@@ -127 +127 @@
     protected JPanel createButtonPanel() {
         JPanel pnl = new JPanel(new FlowLayout());
-        pnl.add(new SideButton(new OKAction()));
-        pnl.add(new SideButton(new CancelAction()));
-        pnl.add(new SideButton(new ContextSensitiveHelpAction(HelpUtil.ht("/Dialog/Password"))));
+        pnl.add(new JButton(new OKAction()));
+        pnl.add(new JButton(new CancelAction()));
+        pnl.add(new JButton(new ContextSensitiveHelpAction(HelpUtil.ht("/Dialog/Password"))));
         return pnl;
     }
@@ -266 +266 @@
             gc.weighty = 1.0;
             add(new JPanel(), gc);
-
         }
 
@@ -375 +374 @@
         public void focusGained(FocusEvent e) {
             if (e.getSource() instanceof JTextField) {
-                JTextField tf = (JTextField) e.getSource();
-                tf.selectAll();
+                ((JTextField) e.getSource()).selectAll();
             }
         }
@@ -410 +408 @@
                     return;
                 } else {
-                    OKAction okAction = owner.new OKAction();
-                    okAction.actionPerformed(null);
+                    owner.new OKAction().actionPerformed(null);
                 }
             }
@@ -421 +418 @@
             putValue(NAME, tr("Authenticate"));
             putValue(SHORT_DESCRIPTION, tr("Authenticate with the supplied username and password"));
-            putValue(SMALL_ICON, ImageProvider.get("ok"));
-        }
-
-        @Override
-        public void actionPerformed(ActionEvent arg0) {
+            new ImageProvider("ok").getResource().attachImageIcon(this);
+        }
+
+        @Override
+        public void actionPerformed(ActionEvent e) {
             setCanceled(false);
             setVisible(false);
@@ -435 +432 @@
             putValue(NAME, tr("Cancel"));
             putValue(SHORT_DESCRIPTION, tr("Cancel authentication"));
-            putValue(SMALL_ICON, ImageProvider.get("cancel"));
+            new ImageProvider("cancel").getResource().attachImageIcon(this);
         }
 
@@ -444 +441 @@
 
         @Override
-        public void actionPerformed(ActionEvent arg0) {
+        public void actionPerformed(ActionEvent e) {
             cancel();
         }

trunk/src/org/openstreetmap/josm/io/OsmApi.java

@@ -9 +9 @@
 import java.io.StringReader;
 import java.io.StringWriter;
+import java.net.Authenticator.RequestorType;
 import java.net.ConnectException;
 import java.net.HttpURLConnection;
@@ -33 +34 @@
 import org.openstreetmap.josm.gui.progress.ProgressMonitor;
 import org.openstreetmap.josm.io.Capabilities.CapabilitiesParser;
+import org.openstreetmap.josm.io.auth.CredentialsManager;
 import org.openstreetmap.josm.spi.preferences.Config;
 import org.openstreetmap.josm.tools.CheckParameterUtil;
@@ -704 +706 @@
                     else
                         throw new OsmApiException(retCode, errorHeader, errorBody);
+                case HttpURLConnection.HTTP_UNAUTHORIZED:
                 case HttpURLConnection.HTTP_FORBIDDEN:
-                    OsmApiException e = new OsmApiException(retCode, errorHeader, errorBody);
-                    e.setAccessedUrl(activeConnection.getURL().toString());
-                    throw e;
+                    CredentialsManager.getInstance().purgeCredentialsCache(RequestorType.SERVER);
+                    throw new OsmApiException(retCode, errorHeader, errorBody, activeConnection.getURL().toString(),
+                            doAuthenticate ? retrieveBasicAuthorizationLogin(client) : null);
                 default:
                     throw new OsmApiException(retCode, errorHeader, errorBody);

trunk/src/org/openstreetmap/josm/io/OsmApiException.java

@@ -15 +15 @@
     private String errorBody;
     private String accessedUrl;
+    private String login;
 
     /**
@@ -23 +24 @@
      * @param errorBody The error body, as transmitted in the HTTP response body
      * @param accessedUrl The complete URL accessed when this error occured
-     * @since 5584
-     */
-    public OsmApiException(int responseCode, String errorHeader, String errorBody, String accessedUrl) {
+     * @param login the login used to connect to OSM API (can be null)
+     * @since 12992
+     */
+    public OsmApiException(int responseCode, String errorHeader, String errorBody, String accessedUrl, String login) {
         this.responseCode = responseCode;
         this.errorHeader = errorHeader;
         this.errorBody = errorBody;
         this.accessedUrl = accessedUrl;
+        this.login = login;
+    }
+
+    /**
+     * Constructs an {@code OsmApiException} with the specified response code, error header and error body
+     * @param responseCode The HTTP response code replied by the OSM server.
+     * See {@link java.net.HttpURLConnection HttpURLConnection} for predefined HTTP response code values
+     * @param errorHeader The error header, as transmitted in the {@code Error} field of the HTTP response header
+     * @param errorBody The error body, as transmitted in the HTTP response body
+     * @param accessedUrl The complete URL accessed when this error occured
+     * @since 5584
+     */
+    public OsmApiException(int responseCode, String errorHeader, String errorBody, String accessedUrl) {
+        this(responseCode, errorHeader, errorBody, accessedUrl, null);
     }
 
@@ -199 +215 @@
         return accessedUrl;
     }
+
+    /**
+     * Sets the login used to connect to OSM API.
+     * @param login the login used to connect to OSM API
+     * @since 12992
+     */
+    public void setLogin(String login) {
+        this.login = login;
+    }
+
+    /**
+     * Replies the login used to connect to OSM API.
+     * @return the login used to connect to OSM API, or {@code null}
+     * @since 12992
+     */
+    public String getLogin() {
+        return login;
+    }
 }

trunk/src/org/openstreetmap/josm/io/OsmConnection.java

@@ -31 +31 @@
  */
 public class OsmConnection {
+
+    private static final String BASIC_AUTH = "Basic ";
+
     protected boolean cancel;
     protected HttpClient activeConnection;
@@ -75 +78 @@
 
     /**
+     * Retrieves login from basic authentication header, if set.
+     *
+     * @param con the connection
+     * @return login from basic authentication header, or {@code null}
+     * @throws OsmTransferException if something went wrong. Check for nested exceptions
+     * @since 12992
+     */
+    protected String retrieveBasicAuthorizationLogin(HttpClient con) throws OsmTransferException {
+        String auth = con.getRequestHeader("Authorization");
+        if (auth != null && auth.startsWith(BASIC_AUTH)) {
+            try {
+                String[] token = new String(Base64.getDecoder().decode(auth.substring(BASIC_AUTH.length())),
+                        StandardCharsets.UTF_8).split(":");
+                if (token.length == 2) {
+                    return token[0];
+                }
+            } catch (IllegalArgumentException e) {
+                Logging.error(e);
+            }
+        }
+        return null;
+    }
+
+    /**
      * Adds an authentication header for basic authentication
      *
@@ -98 +125 @@
                 String password = response.getPassword() == null ? "" : String.valueOf(response.getPassword());
                 String token = username + ':' + password;
-                con.setHeader("Authorization", "Basic "+Base64.getEncoder().encodeToString(token.getBytes(StandardCharsets.UTF_8)));
+                con.setHeader("Authorization", BASIC_AUTH + Base64.getEncoder().encodeToString(token.getBytes(StandardCharsets.UTF_8)));
             }
         }

trunk/src/org/openstreetmap/josm/io/OsmServerReader.java

@@ -6 +6 @@
 import java.io.IOException;
 import java.io.InputStream;
+import java.net.Authenticator.RequestorType;
 import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
@@ -195 +196 @@
             }
             try {
-                if (response.getResponseCode() == HttpURLConnection.HTTP_UNAUTHORIZED)
+                if (response.getResponseCode() == HttpURLConnection.HTTP_UNAUTHORIZED) {
+                    CredentialsManager.getInstance().purgeCredentialsCache(RequestorType.SERVER);
                     throw new OsmApiException(HttpURLConnection.HTTP_UNAUTHORIZED, null, null);
+                }
 
                 if (response.getResponseCode() == HttpURLConnection.HTTP_PROXY_AUTH)

trunk/src/org/openstreetmap/josm/io/auth/AbstractCredentialsAgent.java

@@ -62 +62 @@
 
         /*
-         * Last request was successful and there was no credentials stored
-         * in file (or only the username is stored).
-         * -> Try to recall credentials that have been entered
-         * manually in this session.
+         * Last request was successful and there was no credentials stored in file (or only the username is stored).
+         * -> Try to recall credentials that have been entered manually in this session.
          */
         if (!noSuccessWithLastResponse && memoryCredentialsCache.containsKey(requestorType) &&
@@ -89 +87 @@
                         response.getPassword()
                 ));
-            /*
-             * User decides not to save credentials to file. Keep it
-             * in memory so we don't have to ask over and over again.
-             */
             } else {
-                PasswordAuthentication pa = new PasswordAuthentication(response.getUsername(), response.getPassword());
-                memoryCredentialsCache.put(requestorType, pa);
+                // User decides not to save credentials to file. Keep it in memory so we don't have to ask over and over again.
+                memoryCredentialsCache.put(requestorType, new PasswordAuthentication(response.getUsername(), response.getPassword()));
             }
-        /*
-         * We got it from file.
-         */
         } else {
+            // We got it from file.
             response.setUsername(username);
             response.setPassword(password.toCharArray());
@@ -106 +98 @@
         }
         return response;
+    }
+
+    @Override
+    public final void purgeCredentialsCache(RequestorType requestorType) {
+        memoryCredentialsCache.remove(requestorType);
     }
 

trunk/src/org/openstreetmap/josm/io/auth/CredentialsAgent.java

@@ -74 +74 @@
 
     /**
+     * Purges the internal credentials cache for the given requestor type.
+     * @param requestorType the type of service.
+     * {@link RequestorType#SERVER} for the OSM API server, {@link RequestorType#PROXY} for a proxy server
+     * @since 12992
+     */
+    void purgeCredentialsCache(RequestorType requestorType);
+
+    /**
      * Provide a Panel that is shown below the API password / username fields
      * in the JOSM Preferences. (E.g. a warning that password is saved unencrypted.)

trunk/src/org/openstreetmap/josm/io/auth/CredentialsManager.java

@@ -43 +43 @@
     private static CredentialsAgentFactory agentFactory;
 
+    /**
+     * Credentials agent factory.
+     */
     @FunctionalInterface
     public interface CredentialsAgentFactory {
+        /**
+         * Returns the credentials agent instance.
+         * @return the credentials agent instance
+         */
         CredentialsAgent getCredentialsAgent();
     }
@@ -148 +155 @@
         return delegate.getPreferencesDecorationPanel();
     }
+
+    @Override
+    public void purgeCredentialsCache(RequestorType requestorType) {
+        delegate.purgeCredentialsCache(requestorType);
+    }
 }

trunk/src/org/openstreetmap/josm/tools/ExceptionUtil.java

@@ -266 +266 @@
                 + "Please check the username and the password in the JOSM preferences."
                 + "</html>",
-                CredentialsManager.getInstance().getUsername()
+                e.getLogin() != null ? e.getLogin() : CredentialsManager.getInstance().getUsername()
         );
     }