Rework the Bitbucket Server getUser request (#790) (#792)

Since Bitbucket Server version 8.19.14, the /plugins/servlet/applinks/whoami request does not return username, if PAT is used. Change the getUser() request to /rest/api/1.0/application-properties instead and extract the username from the response headers.

Author: vinokurig

assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2012-2024 Red Hat, Inc.
+# Copyright (c) 2012-2025 Red Hat, Inc.
 # This program and the accompanying materials are made
 # available under the terms of the Eclipse Public License 2.0
 # which is available at https://www.eclipse.org/legal/epl-2.0/

wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/HttpBitbucketServerApiClient.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2024 Red Hat, Inc.
+ * Copyright (c) 2012-2025 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -48,6 +48,7 @@
 import org.eclipse.che.api.core.NotFoundException;
 import org.eclipse.che.api.core.ServerException;
 import org.eclipse.che.api.core.UnauthorizedException;
+import org.eclipse.che.api.factory.server.bitbucket.server.BitbucketApplicationProperties;
 import org.eclipse.che.api.factory.server.bitbucket.server.BitbucketPersonalAccessToken;
 import org.eclipse.che.api.factory.server.bitbucket.server.BitbucketServerApiClient;
 import org.eclipse.che.api.factory.server.bitbucket.server.BitbucketUser;
@@ -77,6 +78,8 @@ public class HttpBitbucketServerApiClient implements BitbucketServerApiClient {
 
   private static final Logger LOG = LoggerFactory.getLogger(HttpBitbucketServerApiClient.class);
   private static final Duration DEFAULT_HTTP_TIMEOUT = ofSeconds(10);
+  private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
+  public static final String USERNAME_HEADER = "x-ausername";
   private final URI serverUri;
   private final OAuthAuthenticator authenticator;
   private final OAuthAPI oAuthAPI;
@@ -166,10 +169,10 @@ public void deletePersonalAccessTokens(String tokenId)
       executeRequest(
           httpClient,
           request,
-          inputStream -> {
+          response -> {
             try {
               String result =
-                  CharStreams.toString(new InputStreamReader(inputStream, Charsets.UTF_8));
+                  CharStreams.toString(new InputStreamReader(response.body(), Charsets.UTF_8));
               return OM.readValue(result, String.class);
             } catch (IOException e) {
               throw new UncheckedIOException(e);
@@ -210,10 +213,10 @@ public BitbucketPersonalAccessToken createPersonalAccessTokens(
       return executeRequest(
           httpClient,
           request,
-          inputStream -> {
+          response -> {
             try {
               String result =
-                  CharStreams.toString(new InputStreamReader(inputStream, Charsets.UTF_8));
+                  CharStreams.toString(new InputStreamReader(response.body(), Charsets.UTF_8));
               return OM.readValue(result, BitbucketPersonalAccessToken.class);
             } catch (IOException e) {
               throw new UncheckedIOException(e);
@@ -262,10 +265,10 @@ public BitbucketPersonalAccessToken getPersonalAccessToken(String tokenId, Strin
       return executeRequest(
           httpClient,
           request,
-          inputStream -> {
+          response -> {
             try {
               String result =
-                  CharStreams.toString(new InputStreamReader(inputStream, Charsets.UTF_8));
+                  CharStreams.toString(new InputStreamReader(response.body(), Charsets.UTF_8));
               return OM.readValue(result, BitbucketPersonalAccessToken.class);
             } catch (IOException e) {
               throw new UncheckedIOException(e);
@@ -283,13 +286,10 @@ private String getUserSlug(Optional<String> token)
 
   private BitbucketUser getUser(Optional<String> token)
       throws ScmCommunicationException, ScmUnauthorizedException, ScmItemNotFoundException {
-    URI uri;
-    try {
-      uri = serverUri.resolve("./plugins/servlet/applinks/whoami");
-    } catch (IllegalArgumentException e) {
-      // if the slug contains invalid characters (space for example) then the URI will be invalid
-      throw new ScmCommunicationException(e.getMessage(), e);
-    }
+    // We use the application-properties request to obtain the authenticated username from the
+    // response headers. The request does not fail if no authentication is passed, see:
+    // https://developer.atlassian.com/server/bitbucket/rest/v906/api-group-system-maintenance/#api-api-latest-application-properties-get
+    URI uri = serverUri.resolve("/rest/api/1.0/application-properties");
 
     HttpRequest request =
         HttpRequest.newBuilder(uri)
@@ -301,29 +301,15 @@ private BitbucketUser getUser(Optional<String> token)
             .timeout(DEFAULT_HTTP_TIMEOUT)
             .build();
 
-    String username;
+    HttpResponse<InputStream> response;
     try {
       LOG.trace("executeRequest={}", request);
-      username =
-          executeRequest(
-              httpClient,
-              request,
-              inputStream -> {
-                try {
-                  return CharStreams.toString(new InputStreamReader(inputStream, Charsets.UTF_8));
-                } catch (IOException e) {
-                  throw new UncheckedIOException(e);
-                }
-              });
+      response = executeRequest(httpClient, request, r -> r);
     } catch (ScmBadRequestException e) {
       throw new ScmCommunicationException(e.getMessage(), e);
     }
 
-    // Only authenticated users can do the request below, so we must ensure that the username is not
-    // empty
-    if (isNullOrEmpty(username)) {
-      throw buildScmUnauthorizedException();
-    }
+    String username = getUsername(response);
 
     try {
       List<BitbucketUser> users =
@@ -340,6 +326,26 @@ private BitbucketUser getUser(Optional<String> token)
     }
   }
 
+  private String getUsername(HttpResponse<InputStream> response)
+      throws ScmCommunicationException, ScmUnauthorizedException {
+    try {
+      // Try to get the username from the response header.
+      if (response.headers().firstValue(USERNAME_HEADER).isPresent()) {
+        return response.headers().firstValue(USERNAME_HEADER).get();
+      } else {
+        String result =
+            CharStreams.toString(new InputStreamReader(response.body(), Charsets.UTF_8));
+        // Convert the response data to the Bitbucket Server info object.
+        OBJECT_MAPPER.readValue(result, BitbucketApplicationProperties.class);
+        // Throw the unauthorized exception if the response contains the Bitbucket info.
+        throw buildScmUnauthorizedException();
+      }
+    } catch (IOException e) {
+      // The response does not contain the Bitbucket Server info
+      throw new ScmCommunicationException("Bad request");
+    }
+  }
+
   private <T> List<T> doGetItems(Optional<String> token, Class<T> tClass, String api, String filter)
       throws ScmUnauthorizedException, ScmCommunicationException, ScmBadRequestException,
           ScmItemNotFoundException {
@@ -377,10 +383,10 @@ private <T> Page<T> doGetPage(
     return executeRequest(
         httpClient,
         request,
-        inputStream -> {
+        response -> {
           try {
             String result =
-                CharStreams.toString(new InputStreamReader(inputStream, Charsets.UTF_8));
+                CharStreams.toString(new InputStreamReader(response.body(), Charsets.UTF_8));
             return OM.readValue(result, typeReference);
           } catch (IOException e) {
             throw new UncheckedIOException(e);
@@ -389,15 +395,17 @@ private <T> Page<T> doGetPage(
   }
 
   private <T> T executeRequest(
-      HttpClient httpClient, HttpRequest request, Function<InputStream, T> bodyConverter)
+      HttpClient httpClient,
+      HttpRequest request,
+      Function<HttpResponse<InputStream>, T> bodyConverter)
       throws ScmBadRequestException, ScmItemNotFoundException, ScmCommunicationException,
           ScmUnauthorizedException {
     try {
       HttpResponse<InputStream> response =
           httpClient.send(request, HttpResponse.BodyHandlers.ofInputStream());
       LOG.trace("executeRequest={} response {}", request, response.statusCode());
       if (response.statusCode() == 200) {
-        return bodyConverter.apply(response.body());
+        return bodyConverter.apply(response);
       } else if (response.statusCode() == 204) {
         return null;
       } else {

wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/server/BitbucketApplicationProperties.java

@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2012-2025 Red Hat, Inc.
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ *   Red Hat, Inc. - initial API and implementation
+ */
+package org.eclipse.che.api.factory.server.bitbucket.server;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import java.util.Objects;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class BitbucketApplicationProperties {
+
+  private String version;
+  private String buildNumber;
+  private String buildDate;
+  private String displayName;
+
+  public BitbucketApplicationProperties() {}
+
+  public BitbucketApplicationProperties(
+      String version, String buildNumber, String buildDate, String displayName) {
+    this.version = version;
+    this.buildNumber = buildNumber;
+    this.buildDate = buildDate;
+    this.displayName = displayName;
+  }
+
+  public String getVersion() {
+    return version;
+  }
+
+  public String getBuildNumber() {
+    return buildNumber;
+  }
+
+  public String getBuildDate() {
+    return buildDate;
+  }
+
+  public String getDisplayName() {
+    return displayName;
+  }
+
+  @Override
+  public String toString() {
+    return "BitbucketApplicationProperties{"
+        + "version='"
+        + version
+        + '\''
+        + ", buildNumber="
+        + buildNumber
+        + ", buildDate="
+        + buildDate
+        + ", displayName='"
+        + displayName
+        + '\''
+        + '}';
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    BitbucketApplicationProperties that = (BitbucketApplicationProperties) o;
+    return buildNumber == that.buildNumber
+        && buildDate == that.buildDate
+        && Objects.equals(version, that.version)
+        && Objects.equals(displayName, that.displayName);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(version, buildNumber, buildDate, displayName);
+  }
+}

wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerURLParserTest.java

@@ -117,8 +117,10 @@ public void shouldValidateUrlByApiRequest() {
             null, devfileFilenamesProvider, oAuthAPI, mock(PersonalAccessTokenManager.class));
     String url = wireMockServer.url("/users/user/repos/repo");
     stubFor(
-        get(urlEqualTo("/plugins/servlet/applinks/whoami"))
-            .willReturn(aResponse().withStatus(200)));
+        get(urlEqualTo("/rest/api/1.0/application-properties"))
+            .willReturn(
+                aResponse()
+                    .withBodyFile("bitbucket/rest/api.1.0.application-properties/response.json")));
 
     // when
     boolean result = bitbucketURLParser.isValid(url);
@@ -135,8 +137,46 @@ public void shouldValidateUrlByApiRequestButFailOnPatternCheck() {
             null, devfileFilenamesProvider, oAuthAPI, mock(PersonalAccessTokenManager.class));
     String url = wireMockServer.url("/user/repo");
     stubFor(
-        get(urlEqualTo("/plugins/servlet/applinks/whoami"))
-            .willReturn(aResponse().withStatus(200)));
+        get(urlEqualTo("/rest/api/1.0/application-properties"))
+            .willReturn(
+                aResponse()
+                    .withBodyFile("bitbucket/rest/api.1.0.application-properties/response.json")));
+
+    // when
+    boolean result = bitbucketURLParser.isValid(url);
+
+    // then
+    assertFalse(result);
+  }
+
+  @Test
+  public void shouldNotValidateUrlByApiRequestWithBadRequest() {
+    // given
+    bitbucketURLParser =
+        new BitbucketServerURLParser(
+            null, devfileFilenamesProvider, oAuthAPI, mock(PersonalAccessTokenManager.class));
+    String url = wireMockServer.url("/users/user/repos/repo");
+    stubFor(
+        get(urlEqualTo("/rest/api/1.0/application-properties"))
+            .willReturn(aResponse().withStatus(400)));
+
+    // when
+    boolean result = bitbucketURLParser.isValid(url);
+
+    // then
+    assertFalse(result);
+  }
+
+  @Test
+  public void shouldNotValidateUrlByApiRequestWithEmptyData() {
+    // given
+    bitbucketURLParser =
+        new BitbucketServerURLParser(
+            null, devfileFilenamesProvider, oAuthAPI, mock(PersonalAccessTokenManager.class));
+    String url = wireMockServer.url("/users/user/repos/repo");
+    stubFor(
+        get(urlEqualTo("/rest/api/1.0/application-properties"))
+            .willReturn(aResponse().withBody("")));
 
     // when
     boolean result = bitbucketURLParser.isValid(url);
@@ -146,12 +186,15 @@ public void shouldValidateUrlByApiRequestButFailOnPatternCheck() {
   }
 
   @Test
-  public void shouldNotValidateUrlByApiRequest() {
+  public void shouldNotValidateUrlByApiRequestWithEmptyHeader() {
     // given
+    bitbucketURLParser =
+        new BitbucketServerURLParser(
+            null, devfileFilenamesProvider, oAuthAPI, mock(PersonalAccessTokenManager.class));
     String url = wireMockServer.url("/users/user/repos/repo");
     stubFor(
-        get(urlEqualTo("/plugins/servlet/applinks/whoami"))
-            .willReturn(aResponse().withStatus(500)));
+        get(urlEqualTo("/rest/api/1.0/application-properties"))
+            .willReturn(aResponse().withStatus(200)));
 
     // when
     boolean result = bitbucketURLParser.isValid(url);

wsmaster/che-core-api-factory-bitbucket-server/src/test/java/org/eclipse/che/api/factory/server/bitbucket/HttpBitbucketServerApiClientTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2024 Red Hat, Inc.
+ * Copyright (c) 2012-2025 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -102,8 +102,8 @@ public String computeAuthorizationHeader(
             oAuthAPI,
             apiEndpoint);
     stubFor(
-        get(urlEqualTo("/plugins/servlet/applinks/whoami"))
-            .willReturn(aResponse().withBody("ksmster")));
+        get(urlEqualTo("/rest/api/1.0/application-properties"))
+            .willReturn(aResponse().withHeader("x-ausername", "ksmster")));
   }
 
   @AfterMethod
@@ -354,7 +354,20 @@ public void shouldBeAbleToThrowScmUnauthorizedExceptionOnGetUser()
       throws ScmCommunicationException, ScmUnauthorizedException, ScmItemNotFoundException {
     // given
     stubFor(
-        get(urlEqualTo("/plugins/servlet/applinks/whoami")).willReturn(aResponse().withBody("")));
+        get(urlEqualTo("/rest/api/1.0/application-properties"))
+            .willReturn(
+                aResponse()
+                    .withBodyFile("bitbucket/rest/api.1.0.application-properties/response.json")));
+
+    // when
+    bitbucketServer.getUser();
+  }
+
+  @Test(expectedExceptions = ScmCommunicationException.class)
+  public void shouldBeAbleToThrowScmCommunicationExceptionOnGetUser()
+      throws ScmCommunicationException, ScmUnauthorizedException, ScmItemNotFoundException {
+    // given
+    stubFor(get(urlEqualTo("/rest/api/1.0/application-properties")).willReturn(aResponse()));
 
     // when
     bitbucketServer.getUser();

wsmaster/che-core-api-factory-bitbucket-server/src/test/resources/__files/bitbucket/rest/api.1.0.application-properties/response.json

@@ -0,0 +1,6 @@
+{
+  "version": "8.7.0",
+  "buildNumber": 8007000,
+  "buildDate": 1672975062662,
+  "displayName": "Bitbucket"
+}