source: josm/trunk/src/org/openstreetmap/josm/gui/preferences/server/AuthenticationPreferencesPanel.java

Last change on this file was 19095, checked in by taylor.smock, 14 months ago

Fix #23707: Remove basic auth for openstreetmap.org

This does the following:

  • On startup, if the current API is set to the default OSM API url, osm-server.{auth-method|username|password} are set to null, clearing them

from the saved preferences.xml file.

  • In preferences, if the OSM API is set to the default OSM API url, the basic auth radio button is disabled (if it is not currently selected or the current auth method). This is done since some users contribute to both OSM and some other project, which may still support basic authentication.
  • Property svn:eol-style set to native
File size: 8.3 KB
Line 
1// License: GPL. For details, see LICENSE file.
2package org.openstreetmap.josm.gui.preferences.server;
3
4import static org.openstreetmap.josm.tools.I18n.tr;
5
6import java.awt.BorderLayout;
7import java.awt.FlowLayout;
8import java.awt.GridBagConstraints;
9import java.awt.GridBagLayout;
10import java.awt.Insets;
11import java.awt.event.ItemEvent;
12import java.awt.event.ItemListener;
13import java.beans.PropertyChangeEvent;
14import java.beans.PropertyChangeListener;
15
16import javax.swing.ButtonGroup;
17import javax.swing.JPanel;
18import javax.swing.JRadioButton;
19
20import org.openstreetmap.josm.data.UserIdentityManager;
21import org.openstreetmap.josm.data.oauth.OAuthAccessTokenHolder;
22import org.openstreetmap.josm.data.oauth.OAuthVersion;
23import org.openstreetmap.josm.data.preferences.JosmUrls;
24import org.openstreetmap.josm.gui.help.HelpUtil;
25import org.openstreetmap.josm.gui.widgets.VerticallyScrollablePanel;
26import org.openstreetmap.josm.io.OsmApi;
27import org.openstreetmap.josm.io.auth.CredentialsManager;
28import org.openstreetmap.josm.spi.preferences.Config;
29import org.openstreetmap.josm.tools.GBC;
30import org.openstreetmap.josm.tools.Logging;
31
32/**
33 * This is the preference panel for the authentication method and the authentication parameters.
34 * @since 2745
35 */
36public class AuthenticationPreferencesPanel extends VerticallyScrollablePanel implements PropertyChangeListener {
37
38 /** indicates whether we use basic authentication */
39 private final JRadioButton rbBasicAuthentication = new JRadioButton();
40 /** indicates whether we use OAuth 2.0 as authentication scheme */
41 private final JRadioButton rbOAuth20 = new JRadioButton();
42 /** the panel which contains the authentication parameters for the respective authentication scheme */
43 private final JPanel pnlAuthenticationParameters = new JPanel(new BorderLayout());
44 /** the panel for the basic authentication parameters */
45 private BasicAuthenticationPreferencesPanel pnlBasicAuthPreferences;
46 /** the panel for the OAuth 2.0 authentication parameters */
47 private OAuthAuthenticationPreferencesPanel pnlOAuth20Preferences;
48
49 /**
50 * Constructs a new {@code AuthenticationPreferencesPanel}.
51 */
52 public AuthenticationPreferencesPanel() {
53 build();
54 initFromPreferences();
55 HelpUtil.setHelpContext(this, HelpUtil.ht("/Preferences/Connection#AuthenticationSettings"));
56 }
57
58 /**
59 * builds the UI
60 */
61 protected final void build() {
62 setLayout(new GridBagLayout());
63
64 AuthenticationMethodChangeListener authChangeListener = new AuthenticationMethodChangeListener();
65
66 JPanel buttonPanel = new JPanel(new FlowLayout(FlowLayout.LEADING));
67 // -- radio button for basic authentication
68 buttonPanel.add(rbBasicAuthentication);
69 rbBasicAuthentication.setText(tr("Use Basic Authentication"));
70 rbBasicAuthentication.setToolTipText(tr("Select to use HTTP basic authentication with your OSM username and password"));
71 rbBasicAuthentication.addItemListener(authChangeListener);
72 //-- radio button for OAuth 2.0
73 buttonPanel.add(rbOAuth20);
74 rbOAuth20.setSelected(true); // This must before adding the listener; otherwise, saveToPreferences is called prior to initFromPreferences
75 rbOAuth20.setText(tr("Use OAuth {0}", "2.0"));
76 rbOAuth20.setToolTipText(tr("Select to use OAuth {0} as authentication mechanism", "2.0"));
77 rbOAuth20.addItemListener(authChangeListener);
78
79 add(buttonPanel, GBC.eol());
80 //-- radio button for OAuth
81 ButtonGroup bg = new ButtonGroup();
82 bg.add(rbBasicAuthentication);
83 bg.add(rbOAuth20);
84
85 //-- add the panel which will hold the authentication parameters
86 GridBagConstraints gc = new GridBagConstraints();
87 gc.anchor = GridBagConstraints.NORTHWEST;
88 gc.insets = new Insets(0, 0, 0, 3);
89 gc.gridx = 0;
90 gc.gridy = 1;
91 gc.gridwidth = 2;
92 gc.fill = GridBagConstraints.BOTH;
93 gc.weightx = 1.0;
94 gc.weighty = 1.0;
95 add(pnlAuthenticationParameters, gc);
96
97 //-- the two panels for authentication parameters
98 pnlBasicAuthPreferences = new BasicAuthenticationPreferencesPanel();
99 pnlOAuth20Preferences = new OAuthAuthenticationPreferencesPanel(OAuthVersion.OAuth20);
100
101 pnlAuthenticationParameters.add(pnlOAuth20Preferences, BorderLayout.CENTER);
102 this.updateAcceptableAuthenticationMethods(OsmApi.getOsmApi().getServerUrl());
103 }
104
105 /**
106 * Initializes the panel from preferences
107 */
108 public final void initFromPreferences() {
109 final String authMethod = OsmApi.getAuthMethod();
110 if ("basic".equals(authMethod)) {
111 rbBasicAuthentication.setSelected(true);
112 } else if ("oauth20".equals(authMethod)) {
113 rbOAuth20.setSelected(true);
114 } else {
115 Logging.warn(
116 tr("Unsupported value in preference ''{0}'', got ''{1}''. Using authentication method ''OAuth 2.0 Authentication''.",
117 "osm-server.auth-method", authMethod));
118 rbOAuth20.setSelected(true);
119 }
120 pnlBasicAuthPreferences.initFromPreferences();
121 pnlOAuth20Preferences.initFromPreferences();
122 }
123
124 /**
125 * Saves the current values to the preferences
126 */
127 public final void saveToPreferences() {
128 // save the authentication method
129 String authMethod;
130 if (rbBasicAuthentication.isSelected()) {
131 authMethod = "basic";
132 } else if (rbOAuth20.isSelected()) {
133 authMethod = "oauth20";
134 } else {
135 throw new IllegalStateException("One of OAuth 2.0, OAuth 1.0a, or Basic authentication must be checked");
136 }
137 final boolean initUser = Config.getPref().put("osm-server.auth-method", authMethod);
138 if ("basic".equals(authMethod)) {
139 // save username and password and clear the OAuth token
140 pnlBasicAuthPreferences.saveToPreferences();
141 OAuthAccessTokenHolder.getInstance().clear();
142 OAuthAccessTokenHolder.getInstance().save(CredentialsManager.getInstance());
143 } else if ("oauth20".equals(authMethod)) {
144 // oauth20
145 // clear the password in the preferences
146 pnlBasicAuthPreferences.clearPassword();
147 pnlOAuth20Preferences.saveToPreferences();
148 }
149 if (initUser) {
150 if ("basic".equals(authMethod)) {
151 UserIdentityManager.getInstance().initFromPreferences();
152 } else if (OsmApi.isUsingOAuthAndOAuthSetUp(OsmApi.getOsmApi())) {
153 UserIdentityManager.getInstance().initFromOAuth();
154 } else {
155 UserIdentityManager.getInstance().setAnonymous();
156 }
157 }
158 }
159
160 /**
161 * Listens to changes in the authentication method
162 */
163 class AuthenticationMethodChangeListener implements ItemListener {
164 @Override
165 public void itemStateChanged(ItemEvent e) {
166 pnlAuthenticationParameters.removeAll();
167 if (rbBasicAuthentication.isSelected()) {
168 pnlAuthenticationParameters.add(pnlBasicAuthPreferences, BorderLayout.CENTER);
169 pnlBasicAuthPreferences.revalidate();
170 } else if (rbOAuth20.isSelected()) {
171 pnlAuthenticationParameters.add(pnlOAuth20Preferences, BorderLayout.CENTER);
172 pnlOAuth20Preferences.saveToPreferences();
173 pnlOAuth20Preferences.initFromPreferences();
174 pnlOAuth20Preferences.revalidate();
175 }
176 repaint();
177 }
178 }
179
180 @Override
181 public void propertyChange(PropertyChangeEvent evt) {
182 if (pnlOAuth20Preferences != null) {
183 pnlOAuth20Preferences.propertyChange(evt);
184 }
185 if (OsmApiUrlInputPanel.API_URL_PROP.equals(evt.getPropertyName())) {
186 this.updateAcceptableAuthenticationMethods((String) evt.getNewValue());
187 }
188 }
189
190 /**
191 * Update the acceptable authentications methods
192 * @param apiUrl The API url to check
193 */
194 private void updateAcceptableAuthenticationMethods(String apiUrl) {
195 final String authMethod = OsmApi.getAuthMethod();
196 final boolean defaultApi = JosmUrls.getInstance().getDefaultOsmApiUrl().equals(apiUrl);
197 rbBasicAuthentication.setEnabled(rbBasicAuthentication.isSelected() || "basic".equals(authMethod) || !defaultApi);
198 }
199
200}
Note: See TracBrowser for help on using the repository browser.