git-ecosystem
diff --git a/‎src/shared/Atlassian.Bitbucket.Tests/BitbucketHostProviderTest.cs
Lines changed: 12 additions & 13 deletions b/‎src/shared/Atlassian.Bitbucket.Tests/BitbucketHostProviderTest.cs
Lines changed: 12 additions & 13 deletions
diff --git a/‎src/shared/Atlassian.Bitbucket.Tests/BitbucketRestApiRegistryTest.cs
Lines changed: 22 additions & 0 deletions b/‎src/shared/Atlassian.Bitbucket.Tests/BitbucketRestApiRegistryTest.cs
Lines changed: 22 additions & 0 deletions
diff --git a/‎src/shared/Atlassian.Bitbucket.Tests/DataCenter/BitbucketOAuth2ClientTest.cs
Lines changed: 149 additions & 0 deletions b/‎src/shared/Atlassian.Bitbucket.Tests/DataCenter/BitbucketOAuth2ClientTest.cs
Lines changed: 149 additions & 0 deletions
diff --git a/‎src/shared/Atlassian.Bitbucket.Tests/DataCenter/BitbucketRestApiTest.cs
Lines changed: 118 additions & 0 deletions b/‎src/shared/Atlassian.Bitbucket.Tests/DataCenter/BitbucketRestApiTest.cs
Lines changed: 118 additions & 0 deletions
@@ -1,4 +1,5 @@
 using Atlassian.Bitbucket.Cloud;
+using Atlassian.Bitbucket.DataCenter;
 using GitCredentialManager;
 using GitCredentialManager.Authentication.OAuth;
 using GitCredentialManager.Tests.Objects;
@@ -297,7 +298,6 @@ public async Task BitbucketHostProvider_GetCredentialAsync_PreconfiguredMode_OAu
         }
 
         [Theory]
-        // DC/Server does not currently support OAuth
         [InlineData("https", BITBUCKET_DOT_ORG_HOST, "jsquire", MOCK_ACCESS_TOKEN, MOCK_ACCESS_TOKEN_ALT, MOCK_REFRESH_TOKEN)]
         public async Task BitbucketHostProvider_GetCredentialAsync_AlwaysRefreshCredentials_OAuth_IsRespected(
             string protocol, string host, string username, string storedToken, string newToken, string refreshToken)
@@ -357,6 +357,9 @@ public async Task BitbucketHostProvider_GetCredentialAsync_AlwaysRefreshCredenti
         // DC - supports Basic, OAuth
         [InlineData("https", "example.com", "basic", AuthenticationModes.Basic)]
         [InlineData("https", "example.com", "oauth", AuthenticationModes.OAuth)]
+        [InlineData("https", "example.com", "NOT-A-REAL-VALUE", DataCenterConstants.ServerAuthenticationModes)]
+        [InlineData("https", "example.com", "none", DataCenterConstants.ServerAuthenticationModes)]
+        [InlineData("https", "example.com", null, DataCenterConstants.ServerAuthenticationModes)]
         // Cloud - supports Basic, OAuth
         [InlineData("https", "bitbucket.org", "oauth", AuthenticationModes.OAuth)]
         [InlineData("https", "bitbucket.org", "basic", AuthenticationModes.Basic)]
@@ -496,15 +499,13 @@ private void MockPromptOAuth(InputArguments input)
 
         private void MockRemoteBasicValid(InputArguments input, string password, bool twoFactor = true)
         {
-            var userInfo = new UserInfo
-            {
-                UserName = input.UserName,
-                IsTwoFactorAuthenticationEnabled = twoFactor
-            };
+            var userInfo = new Mock<IUserInfo>(MockBehavior.Strict); 
+            userInfo.Setup(ui => ui.IsTwoFactorAuthenticationEnabled).Returns(twoFactor);
+            userInfo.Setup(ui => ui.UserName).Returns(input.UserName);
 
             // Basic
             bitbucketApi.Setup(x => x.GetUserInformationAsync(input.UserName, password, false))
-                .ReturnsAsync(new RestApiResult<IUserInfo>(System.Net.HttpStatusCode.OK, userInfo));
+                .ReturnsAsync(new RestApiResult<IUserInfo>(System.Net.HttpStatusCode.OK, userInfo.Object));
         }
 
         private void MockRemoteAccessTokenExpired(InputArguments input, string token)
@@ -516,15 +517,13 @@ private void MockRemoteAccessTokenExpired(InputArguments input, string token)
 
         private void MockRemoteAccessTokenValid(InputArguments input, string token, bool twoFactor = true)
         {
-            var userInfo = new UserInfo
-            {
-                UserName = input.UserName,
-                IsTwoFactorAuthenticationEnabled = twoFactor
-            };
+            var userInfo = new Mock<IUserInfo>(MockBehavior.Strict); 
+            userInfo.Setup(ui => ui.IsTwoFactorAuthenticationEnabled).Returns(twoFactor);
+            userInfo.Setup(ui => ui.UserName).Returns(input.UserName);
 
             // OAuth
             bitbucketApi.Setup(x => x.GetUserInformationAsync(null, token, true))
-                .ReturnsAsync(new RestApiResult<IUserInfo>(System.Net.HttpStatusCode.OK, userInfo));
+                .ReturnsAsync(new RestApiResult<IUserInfo>(System.Net.HttpStatusCode.OK, userInfo.Object));
         }
 
         private static void MockRemoteOAuthAccountIsInvalid(Mock<IBitbucketRestApi> bitbucketApi)
 
@@ -32,5 +32,27 @@ public void BitbucketRestApiRegistry_Get_ReturnsCloudApi_ForBitbucketOrg()
             Assert.IsType<Atlassian.Bitbucket.Cloud.BitbucketRestApi>(api);
 
         }
+
+        [Fact]
+        public void BitbucketRestApiRegistry_Get_ReturnsDataCenterApi_ForBitbucketDC()
+        {
+            // Given
+            settings.Setup(s => s.RemoteUri).Returns(new System.Uri("https://example.com"));
+            context.Setup(c => c.Settings).Returns(settings.Object);
+
+            var input = new InputArguments(new Dictionary<string, string>
+            {
+                ["protocol"] = "http",
+                ["host"] = "example.com",
+            });
+
+            // When
+            var registry = new BitbucketRestApiRegistry(context.Object);
+            var api = registry.Get(input);
+
+            // Then
+            Assert.NotNull(api);
+            Assert.IsType<Atlassian.Bitbucket.DataCenter.BitbucketRestApi>(api);
+        }
     }
 }
@@ -0,0 +1,149 @@
+using System;
+using System.Collections.Generic;
+using System.Net;
+using System.Net.Http;
+using System.Threading;
+using System.Threading.Tasks;
+using Atlassian.Bitbucket.DataCenter;
+using GitCredentialManager;
+using GitCredentialManager.Authentication.OAuth;
+using Moq;
+using Xunit;
+
+namespace Atlassian.Bitbucket.Tests.DataCenter
+{
+    public class BitbucketOAuth2ClientTest
+    {
+        private Mock<HttpClient> httpClient = new Mock<HttpClient>(MockBehavior.Strict);
+        private Mock<ISettings> settings = new Mock<ISettings>(MockBehavior.Loose);
+        private Mock<Trace> trace = new Mock<Trace>(MockBehavior.Loose);
+        private Mock<IOAuth2WebBrowser> browser = new Mock<IOAuth2WebBrowser>(MockBehavior.Strict);
+        private Mock<IOAuth2CodeGenerator> codeGenerator = new Mock<IOAuth2CodeGenerator>(MockBehavior.Strict);
+        private CancellationToken ct = new CancellationToken();
+        private Uri rootCallbackUri = new Uri("http://localhost:34106/");
+        private string nonce = "12345";
+        private string pkceCodeVerifier = "abcde";
+        private string pkceCodeChallenge = "xyz987";
+        private string authorization_code = "authorization_token";
+
+        [Fact]
+        public async Task BitbucketOAuth2Client_GetAuthorizationCodeAsync_ReturnsCode()
+        {
+            var remoteUrl = MockRemoteUri("http://example.com");
+            var clientId = MockClientIdOverride("dc-client-id");
+            MockClientSecretOverride("dc-client-seccret");
+
+            Uri finalCallbackUri = MockFinalCallbackUri(rootCallbackUri);
+
+            var client = GetBitbucketOAuth2Client();
+
+            MockGetAuthenticationCodeAsync(remoteUrl, rootCallbackUri, finalCallbackUri, clientId, client.Scopes);
+
+            MockCodeGenerator();
+
+            var result = await client.GetAuthorizationCodeAsync(browser.Object, ct);
+
+            VerifyAuthorizationCodeResult(result, rootCallbackUri);
+        }
+
+        [Fact]
+        public async Task BitbucketOAuth2Client_GetAuthorizationCodeAsync_ReturnsCode_WhileRespectingRedirectUriOverride()
+        {
+            var rootCallbackUrl = MockRootCallbackUriOverride("http://localhost:12345/");
+            var remoteUrl = MockRemoteUri("http://example.com");
+            var clientId = MockClientIdOverride("dc-client-id");
+            MockClientSecretOverride("dc-client-seccret");
+
+            Uri finalCallbackUri = MockFinalCallbackUri(new Uri(rootCallbackUrl));
+
+            var client = GetBitbucketOAuth2Client();
+
+            MockGetAuthenticationCodeAsync(remoteUrl, new Uri(rootCallbackUrl), finalCallbackUri, clientId, client.Scopes);
+
+            MockCodeGenerator();
+
+            var result = await client.GetAuthorizationCodeAsync(browser.Object, ct);
+
+            VerifyAuthorizationCodeResult(result, new Uri(rootCallbackUrl));
+        }
+
+        private void VerifyAuthorizationCodeResult(OAuth2AuthorizationCodeResult result, Uri redirectUri)
+        {
+            Assert.NotNull(result);
+            Assert.Equal(authorization_code, result.Code);
+            Assert.Equal(redirectUri, result.RedirectUri);
+            Assert.Equal(pkceCodeVerifier, result.CodeVerifier);
+        }
+
+        private Bitbucket.DataCenter.BitbucketOAuth2Client GetBitbucketOAuth2Client()
+        {
+            var client = new Bitbucket.DataCenter.BitbucketOAuth2Client(httpClient.Object, settings.Object, trace.Object);
+            client.CodeGenerator = codeGenerator.Object;
+            return client;
+        }
+
+        private void MockCodeGenerator()
+        {
+            codeGenerator.Setup(c => c.CreateNonce()).Returns(nonce);
+            codeGenerator.Setup(c => c.CreatePkceCodeVerifier()).Returns(pkceCodeVerifier);
+            codeGenerator.Setup(c => c.CreatePkceCodeChallenge(OAuth2PkceChallengeMethod.Sha256, pkceCodeVerifier)).Returns(pkceCodeChallenge);
+        }
+
+        private void MockGetAuthenticationCodeAsync(string url, Uri redirectUri, Uri finalCallbackUri, string overrideClientId, IEnumerable<string> scopes)
+        {
+            var authorizationUri = new UriBuilder(url + "/rest/oauth2/latest/authorize")
+            {
+                Query = "?response_type=code"
+             + "&client_id=" + (overrideClientId ?? "clientId")
+             + "&state=12345"
+             + "&code_challenge_method=" + OAuth2Constants.AuthorizationEndpoint.PkceChallengeMethodS256
+             + "&code_challenge=" + WebUtility.UrlEncode(pkceCodeChallenge).ToLower()
+             + "&redirect_uri=" + WebUtility.UrlEncode(redirectUri.AbsoluteUri).ToLower()
+             + "&scope=" + WebUtility.UrlEncode(string.Join(" ", scopes)).ToUpper()
+            }.Uri;
+
+            browser.Setup(b => b.GetAuthenticationCodeAsync(authorizationUri, redirectUri, ct)).Returns(Task.FromResult(finalCallbackUri));
+        }
+
+        private Uri MockFinalCallbackUri(Uri redirectUri)
+        {
+            var finalUri = new Uri(rootCallbackUri, "?state=" + nonce + "&code=" + authorization_code);
+            // This is a simplification but consistent
+            browser.Setup(b => b.UpdateRedirectUri(redirectUri)).Returns(redirectUri);
+            return finalUri;
+        }
+
+        private string MockRemoteUri(string value)
+        {
+            settings.Setup(s => s.RemoteUri).Returns(new Uri(value));
+            return value;
+        }
+
+        private string MockClientIdOverride(string value)
+        {
+            settings.Setup(s => s.TryGetSetting(
+                DataCenterConstants.EnvironmentVariables.OAuthClientId,
+                Constants.GitConfiguration.Credential.SectionName, DataCenterConstants.GitConfiguration.Credential.OAuthClientId,
+                out value)).Returns(true);
+            return value;
+        }
+
+        private string MockClientSecretOverride(string value)
+        {
+            settings.Setup(s => s.TryGetSetting(
+                DataCenterConstants.EnvironmentVariables.OAuthClientSecret,
+                Constants.GitConfiguration.Credential.SectionName, DataCenterConstants.GitConfiguration.Credential.OAuthClientSecret,
+                out value)).Returns(true);
+            return value;
+        }
+
+        private string MockRootCallbackUriOverride(string value)
+        {
+            settings.Setup(s => s.TryGetSetting(
+                DataCenterConstants.EnvironmentVariables.OAuthRedirectUri,
+                Constants.GitConfiguration.Credential.SectionName, DataCenterConstants.GitConfiguration.Credential.OAuthRedirectUri,
+                out value)).Returns(true);
+            return value;
+        }
+    }
+}
@@ -0,0 +1,118 @@
+using System;
+using System.Collections.Generic;
+using System.Net;
+using System.Net.Http;
+using System.Threading.Tasks;
+using Atlassian.Bitbucket.DataCenter;
+using GitCredentialManager.Tests.Objects;
+using Xunit;
+
+namespace Atlassian.Bitbucket.Tests.DataCenter
+{
+    public class BitbucketRestApiTest
+    {
+        [Fact]
+        public async Task BitbucketRestApi_GetUserInformationAsync_ReturnsUserInfo_ForSuccessfulRequest_DoesNothing() 
+        {
+            var twoFactorAuthenticationEnabled = false;
+
+            var context = new TestCommandContext();
+
+            var expectedRequestUri = new Uri("http://example.com/rest/api/1.0/users");
+            var httpHandler = new TestHttpMessageHandler();
+            var httpResponse = new HttpResponseMessage(HttpStatusCode.OK);
+            httpHandler.Setup(HttpMethod.Get, expectedRequestUri, request =>
+            {
+                return httpResponse;
+            });
+            context.HttpClientFactory.MessageHandler = httpHandler;
+            
+            context.Settings.RemoteUri = new Uri("http://example.com");
+
+            var api = new BitbucketRestApi(context);
+            var result = await api.GetUserInformationAsync("never used", "never used", false);
+
+            Assert.NotNull(result);
+            Assert.Equal(DataCenterConstants.OAuthUserName, result.Response.UserName);
+            Assert.Equal(twoFactorAuthenticationEnabled, result.Response.IsTwoFactorAuthenticationEnabled);
+
+            httpHandler.AssertRequest(HttpMethod.Get, expectedRequestUri, 1);
+        }
+    
+        [Theory]
+        [InlineData(HttpStatusCode.Unauthorized, true)] 
+        [InlineData(HttpStatusCode.NotFound, false)] 
+        public async Task BitbucketRestApi_IsOAuthInstalledAsync_ReflectsBitbucketAuthenticationResponse(HttpStatusCode responseCode, bool impliedSupport)
+        {
+            var context = new TestCommandContext();
+            var httpHandler = new TestHttpMessageHandler();
+
+            var expectedRequestUri = new Uri("http://example.com/rest/oauth2/1.0/client");
+
+            var httpResponse = new HttpResponseMessage(responseCode);
+            httpHandler.Setup(HttpMethod.Get, expectedRequestUri, request =>
+            {
+                return httpResponse;
+            });
+
+            context.HttpClientFactory.MessageHandler = httpHandler;
+            context.Settings.RemoteUri = new Uri("http://example.com");
+
+            var api = new BitbucketRestApi(context);
+
+            var isInstalled = await api.IsOAuthInstalledAsync();
+
+            httpHandler.AssertRequest(HttpMethod.Get, expectedRequestUri, 1);
+
+            Assert.Equal(impliedSupport, isInstalled);
+        }
+
+        [Theory]
+        [MemberData(nameof(GetAuthenticationMethodsAsyncData))]
+        public async Task BitbucketRestApi_GetAuthenticationMethodsAsync_ReflectRestApiResponse(string loginOptionResponseJson, List<AuthenticationMethod> impliedSupportedMethods, List<AuthenticationMethod> impliedUnsupportedMethods)
+        {
+            var context = new TestCommandContext();
+            var httpHandler = new TestHttpMessageHandler();
+
+            var expectedRequestUri = new Uri("http://example.com/rest/authconfig/1.0/login-options");
+            
+            var httpResponse = new HttpResponseMessage(HttpStatusCode.OK)
+            {
+                Content = new StringContent(loginOptionResponseJson)
+            };
+
+            httpHandler.Setup(HttpMethod.Get, expectedRequestUri, request =>
+            {
+                return httpResponse;
+            });
+
+            context.HttpClientFactory.MessageHandler = httpHandler;
+            context.Settings.RemoteUri = new Uri("http://example.com");
+
+            var api = new BitbucketRestApi(context);
+
+            var authMethods = await api.GetAuthenticationMethodsAsync();
+
+            httpHandler.AssertRequest(HttpMethod.Get, expectedRequestUri, 1);
+
+            Assert.NotNull(authMethods);
+            Assert.Equal(authMethods.Count, impliedSupportedMethods.Count);
+            Assert.Contains(authMethods, m => impliedSupportedMethods.Contains(m));
+            Assert.DoesNotContain(authMethods, m => impliedUnsupportedMethods.Contains(m));
+        } 
+
+        public static IEnumerable<object[]> GetAuthenticationMethodsAsyncData => 
+        new List<object[]>
+        {
+            new object[] { $"{{ \"results\":[ {{ \"type\":\"LOGIN_FORM\"}}]}}", 
+                            new List<AuthenticationMethod>{AuthenticationMethod.BasicAuth}, 
+                            new List<AuthenticationMethod>{AuthenticationMethod.Sso}},
+            new object[] { $"{{ \"results\":[{{\"type\":\"IDP\"}}]}}", 
+                            new List<AuthenticationMethod>{AuthenticationMethod.Sso}, 
+                            new List<AuthenticationMethod>{AuthenticationMethod.BasicAuth}},
+            new object[] { $"{{ \"results\":[{{\"type\":\"IDP\"}}, {{ \"type\":\"LOGIN_FORM\"}},  {{ \"type\":\"UNDEFINED\"}}]}}", 
+                            new List<AuthenticationMethod>{AuthenticationMethod.Sso, AuthenticationMethod.BasicAuth}, 
+                            new List<AuthenticationMethod>()},
+        };
+    }
+}