Issue 573 Refactor Bitbucket implementation to allow for the support of Bitbucket DC's OAuth2 implementation

The BitbucketAuthentication and BitbucketHostProvider remain the single points of entry to processing authentication for all Bitbucket hosts.

Bitbucket DC and Bitbucket Cloud do not share common REST APIs or common OAuth2 implementations. The interface IBitbucketRestApi and abstract class BitbucketOAuth2Client effectively hide the differences in implementation from BitbucketAuthentication and BitbucketHostProvider

The interface IBitbucketRestApi and abstract class BitbucketOAuth2Client provide clear extension points to implement OAuth2 support for Bitbucket DC

Author: mminns

src/shared/Atlassian.Bitbucket.Tests/Atlassian.Bitbucket.Tests.csproj

@@ -13,7 +13,7 @@
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.1.0" />
-    <PackageReference Include="ReportGenerator" Version="4.8.13" />
+    <PackageReference Include="ReportGenerator" Version="5.1.9" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.3.1" />
     <DotNetCliToolReference Include="dotnet-xunit" Version="2.3.1" />
   </ItemGroup>

src/shared/Atlassian.Bitbucket.Tests/BitbucketHelperTest.cs

@@ -0,0 +1,60 @@
+using System;
+using Xunit;
+
+namespace Atlassian.Bitbucket.Tests
+{
+    public class BitbucketHelperTest
+    {
+        [Theory]
+        [InlineData(null, false)]
+        [InlineData("", false)]
+        [InlineData("    ", false)]
+        [InlineData("bitbucket.org", true)]
+        [InlineData("BITBUCKET.ORG", true)]
+        [InlineData("BiTbUcKeT.OrG", true)]
+        [InlineData("bitbucket.example.com", false)]
+        [InlineData("bitbucket.example.org", false)]
+        [InlineData("bitbucket.org.com", false)]
+        [InlineData("bitbucket.org.org", false)]
+        public void BitbucketHelper_IsBitbucketOrg_StringHost(string str, bool expected)
+        {
+            bool actual = BitbucketHelper.IsBitbucketOrg(str);
+            Assert.Equal(expected, actual);
+        }
+
+        [Theory]
+        [InlineData("http://bitbucket.org", true)]
+        [InlineData("https://bitbucket.org", true)]
+        [InlineData("http://bitbucket.org/path", true)]
+        [InlineData("https://bitbucket.org/path", true)]
+        [InlineData("http://BITBUCKET.ORG", true)]
+        [InlineData("https://BITBUCKET.ORG", true)]
+        [InlineData("http://BITBUCKET.ORG/PATH", true)]
+        [InlineData("https://BITBUCKET.ORG/PATH", true)]
+        [InlineData("http://BiTbUcKeT.OrG", true)]
+        [InlineData("https://BiTbUcKeT.OrG", true)]
+        [InlineData("http://BiTbUcKeT.OrG/pAtH", true)]
+        [InlineData("https://BiTbUcKeT.OrG/pAtH", true)]
+        [InlineData("http://bitbucket.example.com", false)]
+        [InlineData("https://bitbucket.example.com", false)]
+        [InlineData("http://bitbucket.example.com/path", false)]
+        [InlineData("https://bitbucket.example.com/path", false)]
+        [InlineData("http://bitbucket.example.org", false)]
+        [InlineData("https://bitbucket.example.org", false)]
+        [InlineData("http://bitbucket.example.org/path", false)]
+        [InlineData("https://bitbucket.example.org/path", false)]
+        [InlineData("http://bitbucket.org.com", false)]
+        [InlineData("https://bitbucket.org.com", false)]
+        [InlineData("http://bitbucket.org.com/path", false)]
+        [InlineData("https://bitbucket.org.com/path", false)]
+        [InlineData("http://bitbucket.org.org", false)]
+        [InlineData("https://bitbucket.org.org", false)]
+        [InlineData("http://bitbucket.org.org/path", false)]
+        [InlineData("https://bitbucket.org.org/path", false)]
+        public void BitbucketHelper_IsBitbucketOrg_Uri(string str, bool expected)
+        {
+            bool actual = BitbucketHelper.IsBitbucketOrg(new Uri(str));
+            Assert.Equal(expected, actual);
+        }
+    }
+}

src/shared/Atlassian.Bitbucket.Tests/BitbucketHostProviderTest.cs

@@ -0,0 +1,36 @@
+using System.Collections.Generic;
+using GitCredentialManager;
+using Moq;
+using Xunit;
+
+namespace Atlassian.Bitbucket.Tests
+{
+    public class BitbucketRestApiRegistryTest
+    {
+        private Mock<ICommandContext> context = new Mock<ICommandContext>(MockBehavior.Strict);
+        private Mock<ISettings> settings = new Mock<ISettings>(MockBehavior.Strict);
+
+        [Fact]
+        public void BitbucketRestApiRegistry_Get_ReturnsCloudApi_ForBitbucketOrg()
+        {
+            // Given
+            settings.Setup(s => s.RemoteUri).Returns(new System.Uri("https://bitbucket.org"));
+            context.Setup(c => c.Settings).Returns(settings.Object);
+
+            var input = new InputArguments(new Dictionary<string, string>
+            {
+                ["protocol"] = "https",
+                ["host"] = "bitbucket.org",
+            });
+
+            // When
+            var registry = new BitbucketRestApiRegistry(context.Object);
+            var api = registry.Get(input);
+        
+            // Then
+            Assert.NotNull(api);
+            Assert.IsType<Atlassian.Bitbucket.Cloud.BitbucketRestApi>(api);
+
+        }
+    }
+}

src/shared/Atlassian.Bitbucket.Tests/BitbucketRestApiRegistryTest.cs

@@ -0,0 +1,19 @@
+using Newtonsoft.Json;
+using Xunit;
+
+namespace Atlassian.Bitbucket.Tests
+{
+    public class BitbucketTokenEndpointResponseJsonTest
+    {
+        [Fact]
+        public void BitbucketTokenEndpointResponseJson_Deserialize_Scopes_Not_Scope()
+        {
+            var scopesString = "a,b,c";
+            var json = "{access_token: '', token_type: '', scopes:'" + scopesString + "', scope: 'x,y,z'}";
+
+            var result = JsonConvert.DeserializeObject<BitbucketTokenEndpointResponseJson>(json);
+
+            Assert.Equal(scopesString, result.Scope);
+        }
+    }
+}

src/shared/Atlassian.Bitbucket.Tests/BitbucketTokenEndpointResponseJsonTest.cs

@@ -4,17 +4,19 @@
 using System.Net.Http;
 using System.Threading;
 using System.Threading.Tasks;
+using Atlassian.Bitbucket.Cloud;
 using GitCredentialManager;
 using GitCredentialManager.Authentication.OAuth;
 using Moq;
 using Xunit;
 
-namespace Atlassian.Bitbucket.Tests
+namespace Atlassian.Bitbucket.Tests.Cloud
 {
     public class BitbucketOAuth2ClientTest
     {
         private Mock<HttpClient> httpClient = new Mock<HttpClient>(MockBehavior.Strict);
         private Mock<ISettings> settings = new Mock<ISettings>(MockBehavior.Loose);
+        private Mock<Trace> trace = new Mock<Trace>(MockBehavior.Loose);
         private Mock<IOAuth2WebBrowser> browser = new Mock<IOAuth2WebBrowser>(MockBehavior.Strict);
         private Mock<IOAuth2CodeGenerator> codeGenerator = new Mock<IOAuth2CodeGenerator>(MockBehavior.Strict);
         private IEnumerable<string> scopes = new List<string>();
@@ -32,13 +34,13 @@ public async Task BitbucketOAuth2Client_GetAuthorizationCodeAsync_ReturnsCode()
 
             Uri finalCallbackUri = MockFinalCallbackUri();
 
-            MockGetAuthenticationCodeAsync(finalCallbackUri, null);
+            Bitbucket.Cloud.BitbucketOAuth2Client client = GetBitbucketOAuth2Client();
 
-            MockCodeGenerator();
+            MockGetAuthenticationCodeAsync(finalCallbackUri, null, client.Scopes);
 
-            BitbucketOAuth2Client client = GetBitbucketOAuth2Client();
+            MockCodeGenerator();
 
-            var result = await client.GetAuthorizationCodeAsync(scopes, browser.Object, ct);
+            var result = await client.GetAuthorizationCodeAsync(browser.Object, ct);
 
             VerifyAuthorizationCodeResult(result);
         }
@@ -52,36 +54,42 @@ public async Task BitbucketOAuth2Client_GetAuthorizationCodeAsync_RespectsClient
 
             Uri finalCallbackUri = MockFinalCallbackUri();
 
-            MockGetAuthenticationCodeAsync(finalCallbackUri, clientId);
+            Bitbucket.Cloud.BitbucketOAuth2Client client = GetBitbucketOAuth2Client();
+            
+            MockGetAuthenticationCodeAsync(finalCallbackUri, clientId, client.Scopes);
 
             MockCodeGenerator();
 
-            BitbucketOAuth2Client client = GetBitbucketOAuth2Client();
-
-            var result = await client.GetAuthorizationCodeAsync(scopes, browser.Object, ct);
+            var result = await client.GetAuthorizationCodeAsync(browser.Object, ct);
 
             VerifyAuthorizationCodeResult(result);
         }
 
         [Fact]
         public async Task BitbucketOAuth2Client_GetDeviceCodeAsync()
         {
-            var client = new BitbucketOAuth2Client(httpClient.Object, settings.Object);
+            var client = new Bitbucket.Cloud.BitbucketOAuth2Client(httpClient.Object, settings.Object, trace.Object);
             await Assert.ThrowsAsync<InvalidOperationException>(async () => await client.GetDeviceCodeAsync(scopes, ct));
         }
 
-        private void VerifyOAuth2TokenResult(OAuth2TokenResult result)
+        [Theory]
+        [InlineData("https", "example.com", "john", "https://example.com/refresh_token")]
+        [InlineData("http", "example.com", "john", "http://example.com/refresh_token")]
+        [InlineData("https", "example.com", "dave", "https://example.com/refresh_token")]
+        [InlineData("https", "example.com/", "john", "https://example.com/refresh_token")]
+        public void BitbucketOAuth2Client_GetRefreshTokenServiceName(string protocol, string host, string username, string expectedResult)
         {
-            Assert.NotNull(result);
-            IEnumerable<char> access_token = null;
-            Assert.Equal(access_token, result.AccessToken);
-            IEnumerable<char> refresh_token = null;
-            Assert.Equal(refresh_token, result.RefreshToken);
-            IEnumerable<char> tokenType = null;
-            Assert.Equal(tokenType, result.TokenType);
-            Assert.Null(result.Scopes);
+            var client = new Bitbucket.Cloud.BitbucketOAuth2Client(httpClient.Object, settings.Object, trace.Object);
+            var input = new InputArguments(new Dictionary<string, string>
+            {
+                ["protocol"] = protocol,
+                ["host"] = host,
+                ["username"] = username
+            });
+            Assert.Equal(expectedResult, client.GetRefreshTokenServiceName(input));
         }
 
+
         private void VerifyAuthorizationCodeResult(OAuth2AuthorizationCodeResult result)
         {
             Assert.NotNull(result);
@@ -90,9 +98,9 @@ private void VerifyAuthorizationCodeResult(OAuth2AuthorizationCodeResult result)
             Assert.Equal(pkceCodeVerifier, result.CodeVerifier);
         }
 
-        private BitbucketOAuth2Client GetBitbucketOAuth2Client()
+        private Bitbucket.Cloud.BitbucketOAuth2Client GetBitbucketOAuth2Client()
         {
-            var client = new BitbucketOAuth2Client(httpClient.Object, settings.Object);
+            var client = new Bitbucket.Cloud.BitbucketOAuth2Client(httpClient.Object, settings.Object, trace.Object);
             client.CodeGenerator = codeGenerator.Object;
             return client;
         }
@@ -104,16 +112,17 @@ private void MockCodeGenerator()
             codeGenerator.Setup(c => c.CreatePkceCodeChallenge(OAuth2PkceChallengeMethod.Sha256, pkceCodeVerifier)).Returns(pkceCodeChallenge);
         }
 
-        private void MockGetAuthenticationCodeAsync(Uri finalCallbackUri, string overrideClientId)
+        private void MockGetAuthenticationCodeAsync(Uri finalCallbackUri, string overrideClientId, IEnumerable<string> scopes)
         {
-            var authorizationUri = new UriBuilder(BitbucketConstants.OAuth2AuthorizationEndpoint)
+            var authorizationUri = new UriBuilder(CloudConstants.OAuth2AuthorizationEndpoint)
             {
                 Query = "?response_type=code"
-             + "&client_id=" + (overrideClientId ?? BitbucketConstants.OAuth2ClientId)
+             + "&client_id=" + (overrideClientId ?? CloudConstants.OAuth2ClientId)
              + "&state=12345"
              + "&code_challenge_method=" + OAuth2Constants.AuthorizationEndpoint.PkceChallengeMethodS256
              + "&code_challenge=" + WebUtility.UrlEncode(pkceCodeChallenge).ToLower()
              + "&redirect_uri=" + WebUtility.UrlEncode(rootCallbackUri.AbsoluteUri).ToLower()
+             + "&scope=" + WebUtility.UrlEncode(string.Join(" ", scopes)).ToLower()
             }.Uri;
 
             browser.Setup(b => b.GetAuthenticationCodeAsync(authorizationUri, rootCallbackUri, ct)).Returns(Task.FromResult(finalCallbackUri));
@@ -133,8 +142,8 @@ private string MockeClientIdOverride(bool set)
         private string MockClientIdOverride(bool set, string value)
         {
             settings.Setup(s => s.TryGetSetting(
-                BitbucketConstants.EnvironmentVariables.DevOAuthClientId,
-                Constants.GitConfiguration.Credential.SectionName, BitbucketConstants.GitConfiguration.Credential.DevOAuthClientId,
+                CloudConstants.EnvironmentVariables.OAuthClientId,
+                Constants.GitConfiguration.Credential.SectionName, CloudConstants.GitConfiguration.Credential.OAuthClientId,
                 out value)).Returns(set);
             return value;
         }

src/shared/Atlassian.Bitbucket.Tests/BitbucketOauth2ClientTest.cs renamed to src/shared/Atlassian.Bitbucket.Tests/Cloud/BitbucketOAuth2ClientTest.cs

@@ -2,11 +2,12 @@
 using System.Net;
 using System.Net.Http;
 using System.Threading.Tasks;
+using Atlassian.Bitbucket.Cloud;
 using GitCredentialManager.Tests;
 using GitCredentialManager.Tests.Objects;
 using Xunit;
 
-namespace Atlassian.Bitbucket.Tests
+namespace Atlassian.Bitbucket.Tests.Cloud
 {
     public class BitbucketRestApiTest
     {
@@ -51,9 +52,9 @@ public async Task BitbucketRestApi_GetUserInformationAsync_ReturnsUserInfo_ForSu
 
             Assert.NotNull(result);
             Assert.Equal(username, result.Response.UserName);
-            Assert.Equal(accountId, result.Response.AccountId);
-            Assert.Equal(uuid, result.Response.Uuid);
             Assert.Equal(twoFactorAuthenticationEnabled, result.Response.IsTwoFactorAuthenticationEnabled);
+            Assert.Equal(accountId, ((UserInfo)result.Response).AccountId);
+            Assert.Equal(uuid, ((UserInfo)result.Response).Uuid);
 
             httpHandler.AssertRequest(HttpMethod.Get, expectedRequestUri, 1);
         }

src/shared/Atlassian.Bitbucket.Tests/BitbucketRestApiTest.cs renamed to src/shared/Atlassian.Bitbucket.Tests/Cloud/BitbucketRestApiTest.cs

@@ -0,0 +1,27 @@
+using System.Threading.Tasks;
+using Atlassian.Bitbucket.Cloud;
+using Xunit;
+
+namespace Atlassian.Bitbucket.Tests.Cloud
+{
+    public class UserInfoTest
+    {
+        [Fact]
+        public void UserInfo_Set()
+        {
+            var uuid = System.Guid.NewGuid();
+            var userInfo = new UserInfo()
+            {
+                AccountId = "abc",
+                IsTwoFactorAuthenticationEnabled = false,
+                UserName = "123",
+                Uuid = uuid
+            };
+
+            Assert.Equal("abc", userInfo.AccountId);
+            Assert.False(userInfo.IsTwoFactorAuthenticationEnabled);
+            Assert.Equal("123", userInfo.UserName);
+            Assert.Equal(uuid, userInfo.Uuid);
+        }
+    }
+}

src/shared/Atlassian.Bitbucket.Tests/Cloud/UserInfoTest.cs

@@ -0,0 +1,66 @@
+using System;
+using System.Collections.Generic;
+using System.Net.Http;
+using Atlassian.Bitbucket.Cloud;
+using GitCredentialManager;
+using Moq;
+using Xunit;
+
+namespace Atlassian.Bitbucket.Tests
+{
+    public class OAuth2ClientRegistryTest
+    {
+        private Mock<ICommandContext> context = new Mock<ICommandContext>(MockBehavior.Loose);
+        private Mock<ISettings> settings = new Mock<ISettings>(MockBehavior.Strict);
+        private Mock<IHttpClientFactory> httpClientFactory = new Mock<IHttpClientFactory>(MockBehavior.Strict);
+        private Mock<ITrace> trace = new Mock<ITrace>(MockBehavior.Strict);
+
+        [Fact]
+        public void BitbucketRestApiRegistry_Get_ReturnsCloudOAuth2Client()
+        {
+            var host = "bitbucket.org";
+
+            // Given
+            settings.Setup(s => s.RemoteUri).Returns(new System.Uri("https://" + host));
+            context.Setup(c => c.Settings).Returns(settings.Object);
+            MockSettingOverride(CloudConstants.EnvironmentVariables.OAuthClientId, CloudConstants.GitConfiguration.Credential.OAuthClientId, "never used", false);
+            MockSettingOverride(CloudConstants.EnvironmentVariables.OAuthClientSecret, CloudConstants.GitConfiguration.Credential.OAuthClientSecret, "never used", false);
+            MockSettingOverride(CloudConstants.EnvironmentVariables.OAuthRedirectUri, CloudConstants.GitConfiguration.Credential.OAuthRedirectUri,  "never used", false);
+            MockHttpClientFactory();
+            var input = MockInputArguments(host);
+
+            // When
+            var registry = new OAuth2ClientRegistry(context.Object);
+            var api = registry.Get(input);
+
+            // Then
+            Assert.NotNull(api);
+            Assert.IsType<Atlassian.Bitbucket.Cloud.BitbucketOAuth2Client>(api);
+
+        }
+
+        private static InputArguments MockInputArguments(string host)
+        {
+            return new InputArguments(new Dictionary<string, string>
+            {
+                ["protocol"] = "https",
+                ["host"] = host,
+            });
+        }
+
+        private void MockHttpClientFactory()
+        {
+            context.Setup(c => c.HttpClientFactory).Returns(httpClientFactory.Object);
+            httpClientFactory.Setup(f => f.CreateClient()).Returns(new HttpClient());
+        }
+
+        private string MockSettingOverride(string envKey, string configKey, string settingValue, bool isOverridden)
+        {
+            settings.Setup(s => s.TryGetSetting(
+                envKey,
+                Constants.GitConfiguration.Credential.SectionName, configKey,
+                out settingValue)).Returns(isOverridden);
+            return settingValue;
+        }
+    }
+}