Attempt to fix duplicate clientProvider apply

cryostatio · Dec 17, 2021 · 82fba94 · 82fba94
1 parent 620c9b7
commit 82fba94
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 2 deletions.
diff --git a/src/main/java/io/cryostat/net/OpenShiftAuthManager.java b/src/main/java/io/cryostat/net/OpenShiftAuthManager.java
@@ -73,6 +73,7 @@
 import io.fabric8.kubernetes.client.Config;
 import io.fabric8.kubernetes.client.KubernetesClientException;
 import io.fabric8.openshift.api.model.OAuthAccessToken;
+import io.fabric8.openshift.client.DefaultOpenShiftClient;
 import io.fabric8.openshift.client.OpenShiftClient;
 import io.vertx.core.json.JsonObject;
 import io.vertx.ext.web.client.WebClient;
@@ -314,8 +315,16 @@ public Future<Boolean> validateWebSocketSubProtocol(
     private Future<Boolean> deleteToken(String token) {
         try (OpenShiftClient client = clientProvider.apply(getServiceAccountToken())) {
             String serviceAccountAsOAuthClient = this.getServiceAccountName();
-            Future<TokenReviewStatus> fStatus = performTokenReview(token);
-            TokenReviewStatus status = fStatus.get();
+
+            // FIXME reuse performTokenReview instead of copying it here
+            TokenReview review =
+                    new TokenReviewBuilder().withNewSpec().withToken(token).endSpec().build();
+            review = client.tokenReviews().create(review);
+            TokenReviewStatus status = review.getStatus();
+            if (StringUtils.isNotBlank(status.getError())) {
+                return CompletableFuture.failedFuture(
+                        new AuthorizationErrorException(status.getError()));
+            }
             String uid = status.getUser().getUid();
 
             List<OAuthAccessToken> userOauthAccessTokens =

diff --git a/src/test/java/io/cryostat/net/OpenShiftAuthManagerTest.java b/src/test/java/io/cryostat/net/OpenShiftAuthManagerTest.java
@@ -49,6 +49,7 @@
 import java.util.Set;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
 import java.util.concurrent.TimeUnit;
 import java.util.function.Function;
 
@@ -64,6 +65,7 @@
 import com.google.gson.Gson;
 import io.fabric8.kubernetes.api.model.authentication.TokenReview;
 import io.fabric8.kubernetes.api.model.authentication.TokenReviewBuilder;
+import io.fabric8.kubernetes.api.model.authentication.TokenReviewStatus;
 import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReview;
 import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReviewBuilder;
 import io.fabric8.kubernetes.client.Config;
@@ -76,7 +78,9 @@
 import io.fabric8.openshift.client.server.mock.OpenShiftMockServerExtension;
 import io.vertx.core.AsyncResult;
 import io.vertx.core.Handler;
+import io.vertx.core.MultiMap;
 import io.vertx.core.buffer.Buffer;
+import io.vertx.core.http.HttpHeaders;
 import io.vertx.core.json.JsonObject;
 import io.vertx.ext.web.client.HttpRequest;
 import io.vertx.ext.web.client.HttpResponse;
@@ -153,6 +157,8 @@ void setup() {
         client = Mockito.spy(client);
         tokenProvider = new TokenProvider(client);
         mgr = new OpenShiftAuthManager(env, logger, fs, tokenProvider, webClient);
+        MultiMap headers = MultiMap.caseInsensitiveMultiMap();
+        headers.set(HttpHeaders.AUTHORIZATION, "abcd1234==");
     }
 
     @Test
@@ -452,10 +458,27 @@ void shouldReturnLogoutRedirectUrl() throws Exception {
         List<OAuthAccessToken> tokens = new ArrayList<OAuthAccessToken>();
         tokens.add(token);
 
+        TokenReview tokenReview =
+                new TokenReviewBuilder()
+                        .withNewStatus()
+                        .withAuthenticated(true)
+                        .withNewUser()
+                        .withUsername("fooUser")
+                        .withUid("uid")
+                        .endUser()
+                        .endStatus()
+                        .build();
+        server.expect()
+                .post()
+                .withPath(TOKEN_REVIEW_API_PATH)
+                .andReturn(HttpURLConnection.HTTP_CREATED, tokenReview)
+                .once();
+
         Mockito.when(client.oAuthAccessTokens()).thenReturn(nonNamespaceOperation);
         Mockito.when(nonNamespaceOperation.list()).thenReturn(oAuthAccessTokenList);
         Mockito.when(oAuthAccessTokenList.getItems()).thenReturn(tokens);
         Mockito.when(token.getClientName()).thenReturn(SERVICE_ACCOUNT);
+        Mockito.when(token.getUserUID()).thenReturn("uid");
         Mockito.when(nonNamespaceOperation.delete(tokens)).thenReturn(true);
 
         HttpRequest<Buffer> req = Mockito.mock(HttpRequest.class);
@@ -502,10 +525,27 @@ void shouldThrowWhenTokenDeletionFailsOnLogout(Boolean deletionFailure) throws E
         List<OAuthAccessToken> tokens = new ArrayList<OAuthAccessToken>();
         tokens.add(token);
 
+        TokenReview tokenReview =
+                new TokenReviewBuilder()
+                        .withNewStatus()
+                        .withAuthenticated(true)
+                        .withNewUser()
+                        .withUsername("fooUser")
+                        .withUid("uid")
+                        .endUser()
+                        .endStatus()
+                        .build();
+        server.expect()
+                .post()
+                .withPath(TOKEN_REVIEW_API_PATH)
+                .andReturn(HttpURLConnection.HTTP_CREATED, tokenReview)
+                .once();
+
         Mockito.when(client.oAuthAccessTokens()).thenReturn(nonNamespaceOperation);
         Mockito.when(nonNamespaceOperation.list()).thenReturn(oAuthAccessTokenList);
         Mockito.when(oAuthAccessTokenList.getItems()).thenReturn(tokens);
         Mockito.when(token.getClientName()).thenReturn(SERVICE_ACCOUNT);
+        Mockito.when(token.getUserUID()).thenReturn("uid");
         Mockito.when(nonNamespaceOperation.delete(tokens)).thenReturn(deletionFailure);
 
         ExecutionException ee =