Ignore:
Timestamp:
2023-02-08T18:31:58+01:00 (22 months ago)
Author:
taylor.smock
Message:

Fix #20768: Add OAuth 2.0 support

This also fixes #21607: authentication buttons are unavailable when credentials
are set.

Location:
trunk/src/org/openstreetmap/josm/spi/preferences
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/org/openstreetmap/josm/spi/preferences/AbstractPreferences.java

    r18209 r18650  
    22package org.openstreetmap.josm.spi.preferences;
    33
     4import java.util.Arrays;
     5import java.util.Collection;
     6import java.util.Collections;
     7import java.util.HashSet;
    48import java.util.LinkedList;
    59import java.util.List;
    610import java.util.Map;
    711import java.util.Map.Entry;
     12import java.util.Set;
    813import java.util.TreeMap;
    914import java.util.stream.Collectors;
    1015
     16import org.openstreetmap.josm.io.DefaultProxySelector;
     17import org.openstreetmap.josm.io.auth.CredentialsAgent;
     18import org.openstreetmap.josm.io.auth.CredentialsManager;
    1119import org.openstreetmap.josm.tools.Logging;
    1220import org.openstreetmap.josm.tools.Utils;
     
    1725 */
    1826public abstract class AbstractPreferences implements IPreferences {
     27    /** The preference key for sensitive keys */
     28    private static final String KEY_SENSITIVE_KEYS = "sensitive.keys";
     29
     30    /** A set of sensitive keys that should not be seen/distributed outside of specific callers (like a {@link CredentialsAgent}) */
     31    private static final Set<String> SENSITIVE_KEYS = new HashSet<>();
    1932
    2033    @Override
     
    176189                .collect(Collectors.toCollection(LinkedList::new));
    177190    }
     191
     192    @Override
     193    public void addSensitive(CredentialsAgent caller, String key) {
     194        if (SENSITIVE_KEYS.isEmpty()) {
     195            populateSensitiveKeys();
     196        }
     197        if (CredentialsManager.getInstance().getCredentialsAgentClass().equals(caller.getClass())) {
     198            SENSITIVE_KEYS.add(key);
     199            putList("sensitive.keys", SENSITIVE_KEYS.stream().sorted().collect(Collectors.toList()));
     200        }
     201    }
     202
     203    @Override
     204    public Collection<String> getSensitive() {
     205        if (SENSITIVE_KEYS.isEmpty()) {
     206            populateSensitiveKeys();
     207        }
     208        return Collections.unmodifiableSet(SENSITIVE_KEYS);
     209    }
     210
     211    @Override
     212    public void removeSensitive(String key) {
     213        if (KEY_SENSITIVE_KEYS.equals(key)) {
     214            throw new IllegalArgumentException(KEY_SENSITIVE_KEYS + " cannot be removed from the sensitive key list.");
     215        }
     216        // Reset the key first -- avoid race conditions where a sensitive value might be visible if we start restricting access in the future.
     217        put(key, null);
     218        SENSITIVE_KEYS.remove(key);
     219        putList(KEY_SENSITIVE_KEYS, SENSITIVE_KEYS.stream().sorted().collect(Collectors.toList()));
     220    }
     221
     222    /**
     223     * Populate the sensitive key set from preferences
     224     */
     225    private void populateSensitiveKeys() {
     226        SENSITIVE_KEYS.addAll(getList(KEY_SENSITIVE_KEYS, Arrays.asList("sensitive.keys", "osm-server.username", "osm-server.password",
     227                DefaultProxySelector.PROXY_USER, DefaultProxySelector.PROXY_PASS,
     228                "oauth.access-token.key", "oauth.access-token.secret")));
     229    }
    178230}
  • trunk/src/org/openstreetmap/josm/spi/preferences/IPreferences.java

    r12987 r18650  
    22package org.openstreetmap.josm.spi.preferences;
    33
     4import java.util.Collection;
    45import java.util.Collections;
    56import java.util.List;
    67import java.util.Map;
    78import java.util.Set;
     9
     10import org.openstreetmap.josm.io.auth.CredentialsAgent;
    811
    912/**
     
    240243     */
    241244    Set<String> getKeySet();
     245
     246    /**
     247     * Add sensitive keys
     248     * @param caller The calling agent
     249     * @param key The key that may contain sensitive information
     250     * @since 18650
     251     */
     252    void addSensitive(CredentialsAgent caller, String key);
     253
     254    /**
     255     * Get sensitive keys
     256     * @return The sensitive keys
     257     * @since 18650
     258     */
     259    Collection<String> getSensitive();
     260
     261    /**
     262     * Remove sensitive keys. This removes the key from the sensitive list <i>and</i>
     263     * removes the stored preference value.
     264     * @param key The key to remove
     265     * @since 18650
     266     */
     267    void removeSensitive(String key);
    242268}
Note: See TracChangeset for help on using the changeset viewer.