Hande Eclipse API expired token

Author: amvanbaren

server/src/main/java/org/eclipse/openvsx/ExtensionService.java

@@ -30,10 +30,8 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.file.Files;
-import java.nio.file.StandardCopyOption;
 import java.time.LocalDateTime;
 import java.util.LinkedHashSet;
-import java.util.concurrent.atomic.AtomicLong;
 
 @Component
 public class ExtensionService {

server/src/main/java/org/eclipse/openvsx/eclipse/EclipseService.java

@@ -150,9 +150,30 @@ public void enrichUserJson(UserJson json, UserData user) {
             return;
         }
 
-        // Report user as logged in only if there is a usabe token:
+        var usableToken = true;
+        ErrorResultException exception = null;
+        try {
+            // Add information on the publisher agreement
+            var agreement = getPublisherAgreement(user);
+            if (agreement == null || !agreement.isActive || agreement.version == null)
+                json.publisherAgreement.status = "none";
+            else if (publisherAgreementVersion.equals(agreement.version))
+                json.publisherAgreement.status = "signed";
+            else
+                json.publisherAgreement.status = "outdated";
+            if (agreement != null && agreement.timestamp != null)
+                json.publisherAgreement.timestamp = TimeUtil.toUTCString(agreement.timestamp);
+        } catch (ErrorResultException e) {
+            if(e.getStatus() == HttpStatus.FORBIDDEN) {
+                usableToken = false;
+            } else {
+                exception = e;
+            }
+        }
+
+        // Report user as logged in only if there is a usable token:
         // we need the token to access the Eclipse REST API
-        if (tokens.isUsable(user.getEclipseToken())) {
+        if(usableToken) {
             var eclipseLogin = new UserJson();
             eclipseLogin.provider = "eclipse";
             eclipseLogin.loginName = personId;
@@ -162,16 +183,10 @@ public void enrichUserJson(UserJson json, UserData user) {
                 json.additionalLogins.add(eclipseLogin);
         }
 
-        // Add information on the publisher agreement
-        var agreement = getPublisherAgreement(user);
-        if (agreement == null || !agreement.isActive || agreement.version == null)
-            json.publisherAgreement.status = "none";
-        else if (publisherAgreementVersion.equals(agreement.version))
-            json.publisherAgreement.status = "signed";
-        else
-            json.publisherAgreement.status = "outdated";
-        if (agreement != null && agreement.timestamp != null)
-            json.publisherAgreement.timestamp = TimeUtil.toUTCString(agreement.timestamp);
+        // Throw exception at end of method, so that JSON data is fully enriched
+        if(exception != null) {
+            throw exception;
+        }
     }
 
     /**
@@ -240,8 +255,9 @@ public PublisherAgreement getPublisherAgreement(UserData user) {
             var json = restTemplate.exchange(urlTemplate, HttpMethod.GET, request, String.class, uriVariables);
             return parseAgreementResponse(json);
         } catch (RestClientException exc) {
+            HttpStatusCode status = HttpStatus.INTERNAL_SERVER_ERROR;
             if (exc instanceof HttpStatusCodeException) {
-                var status = ((HttpStatusCodeException) exc).getStatusCode();
+                status = ((HttpStatusCodeException) exc).getStatusCode();
                 // The endpoint yields 404 if the specified user has not signed a publisher agreement
                 if (status == HttpStatus.NOT_FOUND)
                     return null;
@@ -250,7 +266,7 @@ public PublisherAgreement getPublisherAgreement(UserData user) {
             var url = UriComponentsBuilder.fromUriString(urlTemplate).build(uriVariables);
             logger.error("Get request failed with URL: " + url, exc);
             throw new ErrorResultException("Request for retrieving publisher agreement failed: " + exc.getMessage(),
-                    HttpStatus.INTERNAL_SERVER_ERROR);
+                    status);
         }
     }
 

server/src/main/java/org/eclipse/openvsx/eclipse/PublisherComplianceChecker.java

@@ -89,7 +89,7 @@ private boolean isCompliant(UserData user) {
         var json = new UserJson();
         try {
             eclipseService.enrichUserJson(json, user);
-            return !json.publisherAgreement.status.equals("none");
+            return json.publisherAgreement.status == null || !json.publisherAgreement.status.equals("none");
         } catch(ErrorResultException e) {
             // no way to determine whether the user has a publisher agreement
             return true;

server/src/main/java/org/eclipse/openvsx/security/TokenService.java

@@ -80,7 +80,6 @@ public AuthToken updateTokens(long userId, String registrationId, OAuth2AccessTo
                 token.scopes = accessToken.getScopes();
                 token.issuedAt = accessToken.getIssuedAt();
                 token.expiresAt = accessToken.getExpiresAt();
-                
                 if (refreshToken != null) {
                     token.refreshToken = refreshToken.getTokenValue();
                     token.refreshExpiresAt = refreshToken.getExpiresAt();
@@ -145,16 +144,6 @@ public AuthToken getActiveToken(UserData userData, String registrationId) {
         return null;
     }
 
-    public boolean isUsable(AuthToken token) {
-        if (token == null)
-            return false;
-        if (token.accessToken != null && !isExpired(token.expiresAt))
-            return true;
-        if (token.refreshToken != null && !isExpired(token.refreshExpiresAt))
-            return true;
-        return false;
-    }
-
     private boolean isExpired(Instant instant) {
         return instant != null && Instant.now().isAfter(instant);
     }

server/src/main/java/org/eclipse/openvsx/util/ErrorResultException.java

@@ -11,6 +11,7 @@
 
 import org.eclipse.openvsx.json.ResultJson;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.HttpStatusCode;
 import org.springframework.http.ResponseEntity;
 
 /**
@@ -26,7 +27,7 @@ public class ErrorResultException extends RuntimeException {
 
     private static final long serialVersionUID = 147466147310091931L;
 
-    private final HttpStatus status;
+    private final HttpStatusCode status;
 
     public ErrorResultException(String message) {
         super(message);
@@ -38,12 +39,12 @@ public ErrorResultException(String message, Throwable cause) {
         this.status = null;
     }
 
-    public ErrorResultException(String message, HttpStatus status) {
+    public ErrorResultException(String message, HttpStatusCode status) {
         super(message);
         this.status = status;
     }
 
-    public HttpStatus getStatus() {
+    public HttpStatusCode getStatus() {
         return status;
     }