Ensure to retrieve and display up-to-date publisher agreement status (#1445)

* use the appropriate api call to get up-to-date information about publisher agreements

* fallback to public profile if no token is available, small refactorings and fixes, adjust and add more unit tests

* use buildApiUrl method

* only issue a warning without stacktrace in case refreshing the token failed due to a 400 response

Author: netomi

server/src/main/java/org/eclipse/openvsx/UserAPI.java

@@ -121,7 +121,7 @@ public UserJson getUserData() {
         json.setRole(user.getRole());
         json.setTokensUrl(createApiUrl(serverUrl, "user", "tokens"));
         json.setCreateTokenUrl(createApiUrl(serverUrl, "user", "token", "create"));
-        eclipse.enrichUserJson(json, user);
+        eclipse.enrichUserJsonWithPublisherAgreement(json, user);
         return json;
     }
 

server/src/main/java/org/eclipse/openvsx/eclipse/EclipseProfile.java

@@ -19,6 +19,7 @@
 
 import java.io.IOException;
 import java.util.List;
+import java.util.Optional;
 
 public class EclipseProfile {
 
@@ -129,6 +130,14 @@ public void setPublisherAgreements(PublisherAgreements publisherAgreements) {
         this.publisherAgreements = publisherAgreements;
     }
 
+    public Optional<PublisherAgreement> getOpenVsxPublisherAgreement() {
+        if (publisherAgreements != null &&  publisherAgreements.getOpenVsx() != null) {
+            return Optional.of(publisherAgreements.getOpenVsx());
+        } else {
+            return Optional.empty();
+        }
+    }
+
     public static class PublisherAgreements {
 
         @JsonProperty("open-vsx")
@@ -152,7 +161,7 @@ public PublisherAgreements deserialize(JsonParser p, DeserializationContext ctxt
                     var list = p.getCodec().readValue(p, TYPE_LIST_AGREEMENT);
                     var result = new PublisherAgreements();
                     if (!list.isEmpty())
-                        result.openVsx = list.get(0);
+                        result.openVsx = list.getFirst();
                     return result;
                 }
                 return p.getCodec().readValue(p, PublisherAgreements.class);

server/src/main/java/org/eclipse/openvsx/eclipse/EclipseService.java

@@ -29,6 +29,7 @@
 import org.springframework.transaction.support.TransactionTemplate;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
+import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestTemplate;
 
@@ -146,6 +147,9 @@ private Pair<OAuth2AccessToken, OAuth2RefreshToken> refreshEclipseToken(AuthToke
             var newToken = new OAuth2AccessToken(TokenType.BEARER, newTokenValue, issuedAt, expiresAt);
             var newRefreshToken = new OAuth2RefreshToken(newRefreshTokenValue, issuedAt);
             return Pair.of(newToken, newRefreshToken);
+        } catch (HttpClientErrorException.BadRequest exc) {
+            // keycloak sends a 400 status response if the refresh call failed
+            logger.warn("Eclipse token could not be refreshed: {}", exc.getMessage());
         } catch (RestClientException exc) {
             logger.error("Post request failed with URL: {}", tokenUri, exc);
         } catch (JsonProcessingException exc) {

server/src/main/java/org/eclipse/openvsx/eclipse/TokenService.java

@@ -147,6 +147,9 @@ public static class PublisherAgreement {
         /* 'none' | 'signed' | 'outdated' */
         private String status;
 
+        @Schema(hidden = true)
+        private String version;
+
         private String timestamp;
 
         public String getStatus() {
@@ -157,6 +160,14 @@ public void setStatus(String status) {
             this.status = status;
         }
 
+        public String getVersion() {
+            return version;
+        }
+
+        public void setVersion(String version) {
+            this.version = version;
+        }
+
         public String getTimestamp() {
             return timestamp;
         }
@@ -170,12 +181,14 @@ public boolean equals(Object o) {
             if (this == o) return true;
             if (o == null || getClass() != o.getClass()) return false;
             PublisherAgreement that = (PublisherAgreement) o;
-            return Objects.equals(status, that.status) && Objects.equals(timestamp, that.timestamp);
+            return Objects.equals(status, that.status) &&
+                    Objects.equals(version, that.version) &&
+                    Objects.equals(timestamp, that.timestamp);
         }
 
         @Override
         public int hashCode() {
-            return Objects.hash(status, timestamp);
+            return Objects.hash(status, version, timestamp);
         }
     }
 

server/src/main/java/org/eclipse/openvsx/json/UserJson.java

@@ -1,9 +1,12 @@
 package org.eclipse.openvsx.util;
 
 import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
+import java.util.List;
+
 public class HttpHeadersUtil {
     private HttpHeadersUtil() {
     }
@@ -20,9 +23,14 @@ public static HttpHeaders getForwardedHeaders() {
                 headers.add(header, request.getHeader(header));
             }
 
-        } catch (IllegalStateException e) {
-        }
+        } catch (IllegalStateException _) {}
         headers.remove(HttpHeaders.HOST);
         return headers;
     }
+
+    public static HttpHeaders getAcceptJsonHeaders() {
+        var headers = new HttpHeaders();
+        headers.setAccept(List.of(MediaType.APPLICATION_JSON));
+        return headers;
+    }
 }

server/src/main/java/org/eclipse/openvsx/util/HttpHeadersUtil.java

@@ -62,6 +62,9 @@
 })
 class EclipseServiceTest {
 
+    private static final String PUBLIC_PROFILE_URL = "https://test.openvsx.eclipse.org/account/profile/{personId}";
+    private static final String PUBLISHER_AGREEMENT_URL = "https://test.openvsx.eclipse.org/openvsx/publisher_agreement/{personId}";
+
     @MockitoBean
     RepositoryService repositories;
 
@@ -83,9 +86,15 @@ void setup() {
 
     @Test
     void testGetPublicProfile() throws Exception {
-        var urlTemplate = "https://test.openvsx.eclipse.org/account/profile/{personId}";
-        Mockito.when(restTemplate.exchange(eq(urlTemplate), eq(HttpMethod.GET), any(HttpEntity.class), eq(String.class), eq(Map.of("personId", "test"))))
-                .thenReturn(mockProfileResponse());
+        Mockito.when(
+            restTemplate.exchange(
+                eq(PUBLIC_PROFILE_URL),
+                eq(HttpMethod.GET),
+                any(HttpEntity.class),
+                eq(String.class),
+                eq(Map.of("personId", "test"))
+            )
+        ).thenReturn(mockProfileResponse());
 
         var profile = eclipse.getPublicProfile("test");
 
@@ -118,9 +127,15 @@ void testGetPublisherAgreement() throws Exception {
         var user = mockUser();
         user.setEclipsePersonId("test");
 
-        var urlTemplate = "https://test.openvsx.eclipse.org/openvsx/publisher_agreement/{personId}";
-        Mockito.when(restTemplate.exchange(eq(urlTemplate), eq(HttpMethod.GET), any(HttpEntity.class), eq(String.class), eq(Map.of("personId", "test"))))
-                .thenReturn(mockAgreementResponse());
+        Mockito.when(
+            restTemplate.exchange(
+                eq(PUBLISHER_AGREEMENT_URL),
+                eq(HttpMethod.GET),
+                any(HttpEntity.class),
+                eq(String.class),
+                eq(Map.of("personId", "test"))
+            )
+        ).thenReturn(mockAgreementResponse());
 
         var agreement = eclipse.getPublisherAgreement(user);
         assertThat(agreement).isNotNull();
@@ -131,13 +146,42 @@ void testGetPublisherAgreement() throws Exception {
     }
 
     @Test
-    void testCheckPublisherAgreementOutdated() throws Exception {
+    void testCheckPublisherOutdatedAgreement() throws Exception {
         var user = mockUser();
         user.setEclipsePersonId("test");
 
-        var urlTemplate = "https://test.openvsx.eclipse.org/account/profile/{personId}";
-        Mockito.when(restTemplate.exchange(eq(urlTemplate), eq(HttpMethod.GET), any(HttpEntity.class), eq(String.class), eq(Map.of("personId", "test"))))
-                .thenReturn(mockOutdatedProfileResponse());
+        Mockito.when(
+            restTemplate.exchange(
+                    eq(PUBLISHER_AGREEMENT_URL),
+                    eq(HttpMethod.GET),
+                    any(HttpEntity.class),
+                    eq(String.class),
+                    eq(Map.of("personId", "test"))
+            )
+        ).thenReturn(mockOutdatedAgreementResponse());
+
+        try {
+            eclipse.checkPublisherAgreement(user);
+            fail("Expected an ErrorResultException");
+        } catch(ErrorResultException exc) {
+            assertThat(exc.getMessage()).isEqualTo("Your Publisher Agreement with the Eclipse Foundation is outdated (version 0.1). The current version is 1.1.");
+        }
+    }
+
+    @Test
+    void testCheckPublisherOutdatedAgreementNoToken() throws Exception {
+        var user = mockUserNoToken();
+        user.setEclipsePersonId("test");
+
+        Mockito.when(
+                restTemplate.exchange(
+                        eq(PUBLIC_PROFILE_URL),
+                        eq(HttpMethod.GET),
+                        any(HttpEntity.class),
+                        eq(String.class),
+                        eq(Map.of("personId", "test"))
+                )
+        ).thenReturn(mockOutdatedProfileResponse());
 
         try {
             eclipse.checkPublisherAgreement(user);
@@ -152,21 +196,33 @@ void testCheckPublisherAgreementAllowed() throws Exception {
         var user = mockUser();
         user.setEclipsePersonId("test");
 
-        var urlTemplate = "https://test.openvsx.eclipse.org/account/profile/{personId}";
-        Mockito.when(restTemplate.exchange(eq(urlTemplate), eq(HttpMethod.GET), any(HttpEntity.class), eq(String.class), eq(Map.of("personId", "test"))))
-                .thenReturn(mockAllowedProfileResponse());
+        Mockito.when(
+            restTemplate.exchange(
+                    eq(PUBLISHER_AGREEMENT_URL),
+                    eq(HttpMethod.GET),
+                    any(HttpEntity.class),
+                    eq(String.class),
+                    eq(Map.of("personId", "test"))
+            )
+        ).thenReturn(mockAgreementResponse());
 
         eclipse.checkPublisherAgreement(user);
     }
 
     @Test
-    void testCheckPublisherAgreement() throws Exception {
-        var user = mockUser();
+    void testCheckPublisherAgreementAllowedNoToken() throws Exception {
+        var user = mockUserNoToken();
         user.setEclipsePersonId("test");
 
-        var urlTemplate = "https://test.openvsx.eclipse.org/account/profile/{personId}";
-        Mockito.when(restTemplate.exchange(eq(urlTemplate), eq(HttpMethod.GET), any(HttpEntity.class), eq(String.class), eq(Map.of("personId", "test"))))
-                .thenReturn(mockProfileResponse());
+        Mockito.when(
+                restTemplate.exchange(
+                        eq(PUBLIC_PROFILE_URL),
+                        eq(HttpMethod.GET),
+                        any(HttpEntity.class),
+                        eq(String.class),
+                        eq(Map.of("personId", "test"))
+                )
+        ).thenReturn(mockAllowedProfileResponse());
 
         eclipse.checkPublisherAgreement(user);
     }
@@ -284,6 +340,15 @@ private UserData mockUser() {
         return user;
     }
 
+    private UserData mockUserNoToken() {
+        var user = new UserData();
+        user.setLoginName("test");
+        user.setProvider("github");
+        Mockito.when(tokens.getActiveEclipseToken(user))
+            .thenReturn(null);
+        return user;
+    }
+
     private ResponseEntity<String> mockProfileResponse() throws IOException {
         try (var stream = getClass().getResourceAsStream("profile-response.json")) {
             var json = CharStreams.toString(new InputStreamReader(stream));
@@ -311,7 +376,14 @@ private ResponseEntity<String> mockAgreementResponse() throws IOException {
             return new ResponseEntity<>(json, HttpStatus.OK);
         }
     }
-    
+
+    private ResponseEntity<String> mockOutdatedAgreementResponse() throws IOException {
+        try (var stream = getClass().getResourceAsStream("publisher-agreement-outdated-response.json")) {
+            var json = CharStreams.toString(new InputStreamReader(stream));
+            return new ResponseEntity<>(json, HttpStatus.OK);
+        }
+    }
+
     @TestConfiguration
     static class TestConfig {
         @Bean

server/src/test/java/org/eclipse/openvsx/eclipse/EclipseServiceTest.java

@@ -0,0 +1,12 @@
+{
+    "PersonID": "test",
+    "DocumentID": "abcd",
+    "Version": "0.1",
+    "EffectiveDate": "2020-10-09 05:10:32",
+    "ReceivedDate": "2020-10-09",
+    "ExpirationDate": null,
+    "ScannedDocumentBLOB": null,
+    "ScannedDocumentMime": "application/json",
+    "ScannedDocumentBytes": "117",
+    "ScannedDocumentFileName": "openvsx-publisher-agreement.json"
+}

server/src/test/resources/org/eclipse/openvsx/eclipse/publisher-agreement-outdated-response.json

@@ -8,15 +8,5 @@
     "ScannedDocumentBLOB": null,
     "ScannedDocumentMime": "application/json",
     "ScannedDocumentBytes": "117",
-    "ScannedDocumentFileName": "openvsx-publisher-agreement.json",
-    "SysDocument": {
-        "DocumentID": "abcd",
-        "Version": "1.1",
-        "DocumentBLOB": null,
-        "IsActive": "1",
-        "Description": "Publisher Agreement - open-vsx.org",
-        "Comments": "Generated by api.eclipse.org/openvsx/publisher_agreement",
-        "Type": "IN",
-        "ContentType": ""
-    }
+    "ScannedDocumentFileName": "openvsx-publisher-agreement.json"
 }