Merge pull request #1179 from amvanbaren/automate-claim-namespace

Automate namespace claim process

Author: amvanbaren

server/src/main/java/org/eclipse/openvsx/admin/AdminAPI.java

@@ -88,14 +88,8 @@ public ResponseEntity<String> getReportCsv(
         }
     }
 
-    private void validateToken(String tokenValue) {
-        if(!repositories.isAdminToken(tokenValue)) {
-            throw new ErrorResultException("Invalid access token", HttpStatus.FORBIDDEN);
-        }
-    }
-
     private AdminStatistics getReport(String tokenValue, int year, int month) {
-        validateToken(tokenValue);
+        admins.checkAdminUser(tokenValue);
         return admins.getAdminStatistics(year, month);
     }
 
@@ -295,9 +289,17 @@ public ResponseEntity<ResultJson> changeNamespace(@RequestBody ChangeNamespaceJs
         path = "/admin/namespace/{namespaceName}/members",
         produces = MediaType.APPLICATION_JSON_VALUE
     )
-    public ResponseEntity<NamespaceMembershipListJson> getNamespaceMembers(@PathVariable String namespaceName) {
+    public ResponseEntity<NamespaceMembershipListJson> getNamespaceMembers(
+            @PathVariable String namespaceName,
+            @RequestParam(value = "token", required = false) String tokenValue
+    ) {
         try{
-            admins.checkAdminUser();
+            if(tokenValue == null) {
+                admins.checkAdminUser();
+            } else {
+                admins.checkAdminUser(tokenValue);
+            }
+
             var memberships = repositories.findMemberships(namespaceName);
             var membershipList = new NamespaceMembershipListJson();
             membershipList.setNamespaceMemberships(memberships.stream().map(NamespaceMembership::toJson).toList());
@@ -311,12 +313,15 @@ public ResponseEntity<NamespaceMembershipListJson> getNamespaceMembers(@PathVari
         path = "/admin/namespace/{namespaceName}/change-member",
         produces = MediaType.APPLICATION_JSON_VALUE
     )
-    public ResponseEntity<ResultJson> editNamespaceMember(@PathVariable String namespaceName,
-                                                          @RequestParam("user") String userName,
-                                                          @RequestParam(required = false) String provider,
-                                                          @RequestParam String role) {
+    public ResponseEntity<ResultJson> editNamespaceMember(
+            @PathVariable String namespaceName,
+            @RequestParam("user") String userName,
+            @RequestParam(required = false) String provider,
+            @RequestParam String role,
+            @RequestParam(value = "token", required = false) String tokenValue
+    ) {
         try {
-            var adminUser = admins.checkAdminUser();
+            var adminUser = tokenValue == null ? admins.checkAdminUser() : admins.checkAdminUser(tokenValue);
             var result = admins.editNamespaceMember(namespaceName, userName, provider, role, adminUser);
             return ResponseEntity.ok(result);
         } catch (ErrorResultException exc) {

server/src/main/java/org/eclipse/openvsx/admin/AdminService.java

@@ -34,6 +34,7 @@
 import java.time.ZoneId;
 import java.util.Comparator;
 import java.util.LinkedHashSet;
+import java.util.Optional;
 import java.util.stream.Collectors;
 
 import static org.eclipse.openvsx.entities.FileResource.*;
@@ -388,7 +389,19 @@ public ResultJson revokePublisherContributions(String provider, String loginName
     }
 
     public UserData checkAdminUser() {
-        var user = users.findLoggedInUser();
+        return checkAdminUser(users.findLoggedInUser());
+    }
+
+    public UserData checkAdminUser(String tokenValue) {
+        var user = Optional.of(tokenValue)
+                .map(users::useAccessToken)
+                .map(PersonalAccessToken::getUser)
+                .orElse(null);
+
+        return checkAdminUser(user);
+    }
+
+    private UserData checkAdminUser(UserData user) {
         if (user == null || !UserData.ROLE_ADMIN.equals(user.getRole())) {
             throw new ErrorResultException("Administration role is required.", HttpStatus.FORBIDDEN);
         }

server/src/main/java/org/eclipse/openvsx/admin/ChangeNamespaceJobRequestHandler.java

@@ -70,7 +70,11 @@ public ChangeNamespaceJobRequestHandler(
     @Override
     public void run(ChangeNamespaceJobRequest jobRequest) throws Exception {
         var oldNamespace = jobRequest.getData().oldNamespace();
-        synchronized (LOCKS.computeIfAbsent(oldNamespace, key -> new Object())) {
+        Object lock;
+        synchronized (LOCKS) {
+            lock = LOCKS.computeIfAbsent(oldNamespace, key -> new Object());
+        }
+        synchronized (lock) {
             execute(jobRequest);
         }
     }

server/src/main/java/org/eclipse/openvsx/repositories/PersonalAccessTokenJooqRepository.java

@@ -9,12 +9,10 @@
  * ****************************************************************************** */
 package org.eclipse.openvsx.repositories;
 
-import org.eclipse.openvsx.entities.UserData;
 import org.jooq.DSLContext;
 import org.springframework.stereotype.Component;
 
 import static org.eclipse.openvsx.jooq.Tables.PERSONAL_ACCESS_TOKEN;
-import static org.eclipse.openvsx.jooq.Tables.USER_DATA;
 
 @Component
 public class PersonalAccessTokenJooqRepository {
@@ -31,15 +29,4 @@ public boolean hasToken(String value) {
                         .where(PERSONAL_ACCESS_TOKEN.VALUE.eq(value))
         );
     }
-
-    public boolean isAdminToken(String value) {
-        return dsl.fetchExists(
-                dsl.selectOne()
-                        .from(PERSONAL_ACCESS_TOKEN)
-                        .join(USER_DATA).on(USER_DATA.ID.eq(PERSONAL_ACCESS_TOKEN.USER_DATA))
-                        .where(PERSONAL_ACCESS_TOKEN.VALUE.eq(value))
-                        .and(PERSONAL_ACCESS_TOKEN.ACTIVE.eq(true))
-                        .and(USER_DATA.ROLE.eq(UserData.ROLE_ADMIN))
-        );
-    }
 }

server/src/main/java/org/eclipse/openvsx/repositories/RepositoryService.java

@@ -342,10 +342,6 @@ public PersonalAccessToken findAccessToken(String value) {
         return  tokenRepo.findByValue(value);
     }
 
-    public boolean isAdminToken(String value) {
-        return tokenJooqRepo.isAdminToken(value);
-    }
-
     public PersonalAccessToken findAccessToken(long id) {
         return tokenRepo.findById(id);
     }

server/src/main/java/org/eclipse/openvsx/util/FileUtil.java

@@ -38,7 +38,11 @@ private FileUtil(){}
      * @param writer Writes to file
      */
     public static void writeSync(Path path, Consumer<Path> writer) {
-        synchronized (LOCKS.computeIfAbsent(path, key -> new Object())) {
+        Object lock;
+        synchronized (LOCKS) {
+            lock = LOCKS.computeIfAbsent(path, key -> new Object());
+        }
+        synchronized (lock) {
             if(!Files.exists(path)) {
                 writer.accept(path);
             }

server/src/test/java/org/eclipse/openvsx/admin/AdminAPITest.java

@@ -1021,7 +1021,7 @@ private PersonalAccessToken mockAdminToken() {
         token.setActive(true);
         token.setValue(tokenValue);
         token.setUser(user);
-        Mockito.when(repositories.isAdminToken(tokenValue)).thenReturn(true);
+        Mockito.when(repositories.findAccessToken(tokenValue)).thenReturn(token);
 
         return token;
     }
@@ -1035,7 +1035,7 @@ private PersonalAccessToken mockNonAdminToken() {
         token.setActive(true);
         token.setValue(tokenValue);
         token.setUser(user);
-        Mockito.when(repositories.isAdminToken(tokenValue)).thenReturn(false);
+        Mockito.when(repositories.findAccessToken(tokenValue)).thenReturn(token);
 
         return token;
     }

server/src/test/java/org/eclipse/openvsx/repositories/RepositoryServiceSmokeTest.java

@@ -194,7 +194,6 @@ void testExecuteQueries() {
                 () -> repositories.findExtensionTargetPlatforms(extension),
                 () -> repositories.deactivateKeyPairs(),
                 () -> repositories.findActiveAccessTokens(userData),
-                () -> repositories.isAdminToken("tokenValue"),
                 () -> repositories.findLatestVersions(List.of(1L)),
                 () -> repositories.hasSameVersion(extVersion),
                 () -> repositories.hasActiveReview(extension, userData),