Ticket #23707: 23707.patch

File 23707.patch, 5.2 KB (added by taylor.smock, 16 months ago)

Disable basic auth for osm.org, remove username/password from preferences on startup, don't allow users to use basic auth with osm.org api

  • src/org/openstreetmap/josm/gui/preferences/server/AuthenticationPreferencesPanel.java 

    Subject: [PATCH] 23707
---
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
diff --git a/src/org/openstreetmap/josm/gui/preferences/server/AuthenticationPreferencesPanel.java b/src/org/openstreetmap/josm/gui/preferences/server/AuthenticationPreferencesPanel.java
    a b  
    1717import javax.swing.JPanel;
    1818import javax.swing.JRadioButton;
    1919
    20 import org.openstreetmap.josm.actions.ExpertToggleAction;
    2120import org.openstreetmap.josm.data.UserIdentityManager;
    2221import org.openstreetmap.josm.data.oauth.OAuthAccessTokenHolder;
    2322import org.openstreetmap.josm.data.oauth.OAuthVersion;
     
    4746    /** the panel for the OAuth 2.0 authentication parameters */
    4847    private OAuthAuthenticationPreferencesPanel pnlOAuth20Preferences;
    4948
    50     /** Used to determine which API we are using for disabling/enabling Basic Auth/OAuth 1.0a */
    51     private String apiUrl = OsmApi.getOsmApi().getServerUrl();
    52     /** ExpertToggleAction uses weak references; we don't want this listener to be garbage collected */
    53     private final ExpertToggleAction.ExpertModeChangeListener expertModeChangeListener = isExpert -> {
    54         final String authMethod = OsmApi.getAuthMethod();
    55         final boolean defaultApi = JosmUrls.getInstance().getDefaultOsmApiUrl().equals(apiUrl);
    56         rbBasicAuthentication.setEnabled(rbBasicAuthentication.isSelected() || "basic".equals(authMethod) || isExpert || !defaultApi);
    57     };
    58 
    5949    /**
    6050     * Constructs a new {@code AuthenticationPreferencesPanel}.
    6151     */
     
    10898        pnlBasicAuthPreferences = new BasicAuthenticationPreferencesPanel();
    10999        pnlOAuth20Preferences = new OAuthAuthenticationPreferencesPanel(OAuthVersion.OAuth20);
    110100
    111         ExpertToggleAction.addExpertModeChangeListener(expertModeChangeListener, true);
    112 
    113101        pnlAuthenticationParameters.add(pnlOAuth20Preferences, BorderLayout.CENTER);
     102        this.updateAcceptableAuthenticationMethods(OsmApi.getOsmApi().getServerUrl());
    114103    }
    115104
    116105    /**
     
    166155                UserIdentityManager.getInstance().setAnonymous();
    167156            }
    168157        }
    169         ExpertToggleAction.removeExpertModeChangeListener(this.expertModeChangeListener);
    170158    }
    171159
    172160    /**
     
    195183            pnlOAuth20Preferences.propertyChange(evt);
    196184        }
    197185        if (OsmApiUrlInputPanel.API_URL_PROP.equals(evt.getPropertyName())) {
    198             this.apiUrl = (String) evt.getNewValue();
    199             this.expertModeChangeListener.expertChanged(ExpertToggleAction.isExpert());
     186            this.updateAcceptableAuthenticationMethods((String) evt.getNewValue());
    200187        }
    201188    }
     189
     190    /**
     191     * Update the acceptable authentications methods
     192     * @param apiUrl The API url to check
     193     */
     194    private void updateAcceptableAuthenticationMethods(String apiUrl) {
     195        final String authMethod = OsmApi.getAuthMethod();
     196        final boolean defaultApi = JosmUrls.getInstance().getDefaultOsmApiUrl().equals(apiUrl);
     197        rbBasicAuthentication.setEnabled(rbBasicAuthentication.isSelected() || "basic".equals(authMethod) || !defaultApi);
     198    }
     199
    202200}

  • src/org/openstreetmap/josm/data/Preferences.java 

    IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
diff --git a/src/org/openstreetmap/josm/data/Preferences.java b/src/org/openstreetmap/josm/data/Preferences.java
    a b  
    3737
    3838import org.openstreetmap.josm.data.preferences.ColorInfo;
    3939import org.openstreetmap.josm.data.preferences.JosmBaseDirectories;
     40import org.openstreetmap.josm.data.preferences.JosmUrls;
    4041import org.openstreetmap.josm.data.preferences.NamedColorProperty;
    4142import org.openstreetmap.josm.data.preferences.PreferencesReader;
    4243import org.openstreetmap.josm.data.preferences.PreferencesWriter;
    4344import org.openstreetmap.josm.gui.MainApplication;
    4445import org.openstreetmap.josm.io.NetworkManager;
     46import org.openstreetmap.josm.io.OsmApi;
    4547import org.openstreetmap.josm.spi.preferences.AbstractPreferences;
    4648import org.openstreetmap.josm.spi.preferences.Config;
    4749import org.openstreetmap.josm.spi.preferences.DefaultPreferenceChangeEvent;
     
    910912            }
    911913            modifiedDefault = false;
    912914        }
     915        // As of June 1st, 2024, the OSM.org instance no longer allows basic authentication.
     916        if (JosmUrls.getInstance().getDefaultOsmApiUrl().equals(OsmApi.getOsmApi().getServerUrl()) && "basic".equals(OsmApi.getAuthMethod())) {
     917            put("osm-server.auth-method", null);
     918            put("osm-server.username", null);
     919            put("osm-server.password", null);
     920        }
    913921    }
    914922
    915923    /**