Merge pull request #17591 from iterate-ch/feature/GH-17590

Set username from standard claim.

Author: dkocher

core/src/main/java/ch/cyberduck/core/DefaultHostPasswordStore.java

@@ -24,6 +24,8 @@
 import org.apache.logging.log4j.Logger;
 
 import java.net.URI;
+import java.util.HashSet;
+import java.util.Set;
 
 public abstract class DefaultHostPasswordStore implements HostPasswordStore {
     private static final Logger log = LogManager.getLogger(DefaultHostPasswordStore.class);
@@ -132,8 +134,7 @@ public String findPrivateKeyPassphrase(final Host bookmark) {
     @Override
     public OAuthTokens findOAuthTokens(final Host bookmark) {
         log.info("Fetching OAuth tokens from keychain for {}", bookmark);
-        final String[] descriptors = getOAuthPrefix(bookmark);
-        for(String prefix : descriptors) {
+        for(String prefix : getOAuthPrefix(bookmark)) {
             log.debug("Search with prefix {}", prefix);
             final String hostname = getOAuthHostname(bookmark);
             log.debug("Search with hostname {}", hostname);
@@ -185,17 +186,27 @@ protected static int getOAuthPort(final Host bookmark) {
         return getOAuthScheme(bookmark).getPort();
     }
 
-    protected static String[] getOAuthPrefix(final Host bookmark) {
+    protected static Set<String> getOAuthPrefix(final Host bookmark) {
+        final Set<String> prefix = new HashSet<>();
         if(StringUtils.isNotBlank(bookmark.getCredentials().getUsername())) {
-            return new String[]{
-                    String.format("%s (%s)", bookmark.getProtocol().getOAuthClientId(), bookmark.getCredentials().getUsername()),
-                    String.format("%s (%s)", bookmark.getProtocol().getDescription(), bookmark.getCredentials().getUsername())
-            };
+            if(StringUtils.isNotBlank(bookmark.getProtocol().getOAuthClientId())) {
+                prefix.add(String.format("%s (%s)", bookmark.getProtocol().getOAuthClientId(), bookmark.getCredentials().getUsername()));
+            }
+            if(StringUtils.isNotBlank(bookmark.getProperty(Profile.OAUTH_CLIENT_ID_KEY))) {
+                prefix.add(String.format("%s (%s)", bookmark.getProperty(Profile.OAUTH_CLIENT_ID_KEY), bookmark.getCredentials().getUsername()));
+            }
+            prefix.add(String.format("%s (%s)", bookmark.getProtocol().getDescription(), bookmark.getCredentials().getUsername()));
+        }
+        else {
+            if(StringUtils.isNotBlank(bookmark.getProtocol().getOAuthClientId())) {
+                prefix.add(bookmark.getProtocol().getOAuthClientId());
+            }
+            if(StringUtils.isNotBlank(bookmark.getProperty(Profile.OAUTH_CLIENT_ID_KEY))) {
+                prefix.add(bookmark.getProperty(Profile.OAUTH_CLIENT_ID_KEY));
+            }
+            prefix.add(bookmark.getProtocol().getDescription());
         }
-        return new String[]{
-                bookmark.getProtocol().getOAuthClientId(),
-                bookmark.getProtocol().getDescription()
-        };
+        return prefix;
     }
 
     @Override
@@ -227,8 +238,7 @@ public void save(final Host bookmark) throws LocalAccessDeniedException {
                     credentials.getToken());
         }
         if(credentials.isOAuthAuthentication()) {
-            final String[] descriptors = getOAuthPrefix(bookmark);
-            for(String prefix : descriptors) {
+            for(String prefix : getOAuthPrefix(bookmark)) {
                 if(StringUtils.isNotBlank(credentials.getOauth().getAccessToken())) {
                     this.addPassword(getOAuthScheme(bookmark),
                             getOAuthPort(bookmark), getOAuthHostname(bookmark),
@@ -273,8 +283,7 @@ public void delete(final Host bookmark) throws LocalAccessDeniedException {
                             protocol.getTokenPlaceholder() : String.format("%s (%s)", protocol.getTokenPlaceholder(), credentials.getUsername()));
         }
         if(protocol.isOAuthConfigurable()) {
-            final String[] descriptors = getOAuthPrefix(bookmark);
-            for(String prefix : descriptors) {
+            for(String prefix : getOAuthPrefix(bookmark)) {
                 if(StringUtils.isNotBlank(credentials.getOauth().getAccessToken())) {
                     this.deletePassword(getOAuthScheme(bookmark), getOAuthPort(bookmark), getOAuthHostname(bookmark),
                             String.format("%s OAuth2 Access Token", prefix));

core/src/test/java/ch/cyberduck/core/DefaultHostPasswordStoreTest.java

@@ -38,7 +38,7 @@ public String getOAuthClientSecret() {
             public String getOAuthRedirectUrl() {
                 return "x-cyberduck-action:oauth";
             }
-        }));
+        })).toArray(new String[0]);
         assertEquals("clientid", prefix[0]);
         assertEquals("Test", prefix[1]);
     }
@@ -60,7 +60,7 @@ public String getOAuthClientSecret() {
             public String getOAuthRedirectUrl() {
                 return "x-cyberduck-action:oauth";
             }
-        }).withCredentials(new Credentials("user")));
+        }).withCredentials(new Credentials("user"))).toArray(new String[0]);
         assertEquals("clientid (user)", prefix[0]);
         assertEquals("Test (user)", prefix[1]);
     }

oauth/pom.xml

@@ -50,5 +50,9 @@
             <groupId>com.google.http-client</groupId>
             <artifactId>google-http-client-gson</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+        </dependency>
     </dependencies>
 </project>

oauth/src/main/java/ch/cyberduck/core/oauth/BrowserOAuth2AuthorizationCodeProvider.java

@@ -42,16 +42,10 @@ protected void open(final String authorizationCodeRequestUrl) throws LoginCancel
     @Override
     public String prompt(final Host bookmark, final LoginCallback prompt, final String authorizationCodeUrl, final String redirectUri, final String state) throws BackgroundException {
         log.debug("Evaluate redirect URI {}", redirectUri);
-        if(StringUtils.endsWith(URIEncoder.decode(redirectUri), ":oauth")) {
-            return new CustomSchemeHandlerOAuth2AuthorizationCodeProvider().prompt(
-                    bookmark, prompt, authorizationCodeUrl, redirectUri, state);
-        }
-        if(StringUtils.contains(redirectUri, "://oauth")) {
-            return new CustomSchemeHandlerOAuth2AuthorizationCodeProvider().prompt(
-                    bookmark, prompt, authorizationCodeUrl, redirectUri, state);
+        if(StringUtils.endsWith(URIEncoder.decode(redirectUri), ":oauth") || StringUtils.contains(redirectUri, "://oauth")) {
+            return new CustomSchemeHandlerOAuth2AuthorizationCodeProvider().prompt(bookmark, prompt, authorizationCodeUrl, redirectUri, state);
         }
         log.debug("Prompt for authentication code for state {}", state);
-        return new PromptOAuth2AuthorizationCodeProvider().prompt(
-                bookmark, prompt, authorizationCodeUrl, redirectUri, state);
+        return new PromptOAuth2AuthorizationCodeProvider().prompt(bookmark, prompt, authorizationCodeUrl, redirectUri, state);
     }
 }

oauth/src/main/java/ch/cyberduck/core/oauth/OAuth2AuthorizationCodeProvider.java

@@ -31,5 +31,5 @@ public interface OAuth2AuthorizationCodeProvider {
      * @param state                       Custom state
      * @return Authentication code
      */
-    String prompt(Host bookmark, final LoginCallback prompt, String authorizationCodeRequestUrl, String redirectUri, final String state) throws BackgroundException;
+    String prompt(Host bookmark, LoginCallback prompt, String authorizationCodeRequestUrl, String redirectUri, String state) throws BackgroundException;
 }

oauth/src/main/java/ch/cyberduck/core/oauth/OAuth2AuthorizationService.java

@@ -35,6 +35,9 @@
 import java.util.List;
 import java.util.Map;
 
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.exceptions.JWTDecodeException;
+import com.auth0.jwt.interfaces.DecodedJWT;
 import com.google.api.client.auth.oauth2.AuthorizationCodeFlow;
 import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
 import com.google.api.client.auth.oauth2.BearerToken;
@@ -157,6 +160,27 @@ public OAuthTokens validate(final OAuthTokens saved) throws BackgroundException
     public OAuthTokens save(final OAuthTokens tokens) throws LocalAccessDeniedException {
         log.debug("Save new tokens {} for {}", tokens, host);
         credentials.setOauth(tokens).setSaved(new LoginOptions().save);
+        switch(flowType) {
+            case PasswordGrant:
+                // Skip modifying username used for password grant
+                break;
+            default:
+                try {
+                    final DecodedJWT jwt = JWT.decode(tokens.getIdToken());
+                    // Standard claims
+                    for(String claim : new String[]{"preferred_username", "email", "name", "nickname", "sub"}) {
+                        final String value = jwt.getClaim(claim).asString();
+                        if(StringUtils.isNotBlank(value)) {
+                            credentials.setUsername(value);
+                            break;
+                        }
+                    }
+                }
+                catch(JWTDecodeException e) {
+                    log.warn("Failure {} decoding JWT {}", e, tokens.getIdToken());
+                }
+                break;
+        }
         if(credentials.isSaved()) {
             store.save(host);
         }

owncloud/pom.xml

@@ -53,10 +53,6 @@
             <groupId>com.fasterxml.jackson.dataformat</groupId>
             <artifactId>jackson-dataformat-xml</artifactId>
         </dependency>
-        <dependency>
-            <groupId>com.auth0</groupId>
-            <artifactId>java-jwt</artifactId>
-        </dependency>
         <dependency>
             <groupId>ch.cyberduck</groupId>
             <artifactId>test</artifactId>

owncloud/src/main/java/ch/cyberduck/core/owncloud/OwncloudSession.java

@@ -15,22 +15,18 @@
  * GNU General Public License for more details.
  */
 
-import ch.cyberduck.core.Credentials;
 import ch.cyberduck.core.DefaultIOExceptionMappingService;
 import ch.cyberduck.core.Host;
 import ch.cyberduck.core.HostKeyCallback;
 import ch.cyberduck.core.ListService;
 import ch.cyberduck.core.LoginCallback;
-import ch.cyberduck.core.OAuthTokens;
 import ch.cyberduck.core.UrlProvider;
 import ch.cyberduck.core.dav.DAVClient;
-import ch.cyberduck.core.dav.DAVDirectoryFeature;
 import ch.cyberduck.core.dav.DAVSession;
 import ch.cyberduck.core.dav.DAVTouchFeature;
 import ch.cyberduck.core.exception.BackgroundException;
 import ch.cyberduck.core.features.AttributesFinder;
 import ch.cyberduck.core.features.Delete;
-import ch.cyberduck.core.features.Directory;
 import ch.cyberduck.core.features.Home;
 import ch.cyberduck.core.features.Lock;
 import ch.cyberduck.core.features.Read;
@@ -62,16 +58,12 @@
 import ch.cyberduck.core.tus.TusWriteFeature;
 
 import org.apache.commons.lang3.ArrayUtils;
-import org.apache.commons.lang3.StringUtils;
 import org.apache.http.client.HttpResponseException;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
 import java.io.IOException;
 
-import com.auth0.jwt.JWT;
-import com.auth0.jwt.exceptions.JWTDecodeException;
-
 import static ch.cyberduck.core.tus.TusCapabilities.TUS_VERSION;
 
 public class OwncloudSession extends DAVSession {
@@ -104,19 +96,6 @@ protected DAVClient connect(final ProxyFinder proxy, final HostKeyCallback key,
     @Override
     public void login(final LoginCallback prompt, final CancelCallback cancel) throws BackgroundException {
         super.login(prompt, cancel);
-        if(host.getProtocol().isOAuthConfigurable()) {
-            final Credentials credentials = host.getCredentials();
-            final OAuthTokens oauth = credentials.getOauth();
-            try {
-                final String username = JWT.decode(oauth.getIdToken()).getClaim("preferred_username").asString();
-                if(StringUtils.isNotBlank(username)) {
-                    credentials.setUsername(username);
-                }
-            }
-            catch(JWTDecodeException e) {
-                log.warn("Failure {} decoding JWT {}", e, oauth.getIdToken());
-            }
-        }
         try {
             client.execute(new OcsCapabilitiesRequest(host), new OcsCapabilitiesResponseHandler(ocs));
         }