refactor authentication. Detect garbage token or token with not suffi…

…cient scopes

Squello-Core.package/SPBUserAuth.class/instance/buildButtons..st → Squello-Core.package/SPBAuthenticationForm.class/instance/buildButtons..st

@@ -3,7 +3,7 @@ buildButtons: builder
 
 	^ {builder pluggableButtonSpec new
 			model: self; 
-			label: 'Change';
+			label: 'Submit';
 			action: #actionSaveAndClose;
 			yourself.
 		builder pluggableButtonSpec new

Squello-Core.package/SPBUserAuth.class/methodProperties.json → Squello-Core.package/SPBAuthenticationForm.class/methodProperties.json

@@ -8,7 +8,7 @@
 		"actionToken:" : "lo 7/13/2022 19:25",
 		"actionUsername" : "lo 7/13/2022 19:21",
 		"actionUsername:" : "lo 7/13/2022 19:25",
-		"buildButtons:" : "lo 8/1/2022 14:18",
+		"buildButtons:" : "mcr 8/2/2022 16:48",
 		"buildInputFields:" : "lo 8/1/2022 14:19",
 		"buildInputPanel:" : "lo 8/1/2022 14:19",
 		"buildWith:" : "lo 8/1/2022 10:51",

Squello-Core.package/SPBUserAuth.class/properties.json → Squello-Core.package/SPBAuthenticationForm.class/properties.json

@@ -8,7 +8,7 @@
 	"instvars" : [
 		"token",
 		"username" ],
-	"name" : "SPBUserAuth",
+	"name" : "SPBAuthenticationForm",
 	"pools" : [
 		 ],
 	"super" : "Model",

Squello-Core.package/SPBAuthenticator.class/class/newWith..st

@@ -0,0 +1,7 @@
+instance creation
+newWith: anSPBGithubBoardProvider
+
+	| instance |
+	instance := self new.
+	instance boardProvider: anSPBGithubBoardProvider.
+	^ instance.

Squello-Core.package/SPBAuthenticator.class/instance/authenticate.st

@@ -0,0 +1,11 @@
+authentication
+authenticate
+
+	self checkIfCredentialsMissing
+		ifTrue: [SPBAuthenticationForm open].
+
+	self checkIfCredentialsMissing 
+		ifTrue: [self errorAuthenticationCanceled. Error signal].
+
+	[self checkIfTokenValidFor]
+		on: Error do: [Error signal].

Squello-Core.package/SPBAuthenticator.class/instance/boardProvider..st

@@ -0,0 +1,4 @@
+accessing
+boardProvider: anSPBGithubBoardProvider
+
+	boardProvider := anSPBGithubBoardProvider.

Squello-Core.package/SPBAuthenticator.class/instance/boardProvider.st

@@ -0,0 +1,4 @@
+accessing
+boardProvider
+
+	^ boardProvider.

Squello-Core.package/SPBAuthenticator.class/instance/checkIfCredentialsMissing.st

@@ -0,0 +1,7 @@
+authentication
+checkIfCredentialsMissing
+
+	self username: SPBGithubAPI username.
+	self token: SPBGithubAPI token.
+
+	^ username isNil or: [token isNil].

Squello-Core.package/SPBAuthenticator.class/instance/checkIfTokenValidFor.st

@@ -0,0 +1,16 @@
+authentication
+checkIfTokenValidFor
+
+	| tokenScopes repo |
+	[tokenScopes := self getTokenScopes]
+		on: Error do: [Error signal].
+
+	"test if you can query the repo with this token"
+	repo := self boardProvider getRepo.
+	repo message = 'Not Found' 
+		ifTrue:
+			[(tokenScopes includes: 'repo')
+				ifTrue: [self errorRepoNotFound].
+			(tokenScopes includes: 'public_repo')
+				ifTrue: [self errorInvalidTokenScopes]].
+

Squello-Core.package/SPBAuthenticator.class/instance/errorAuthenticationCanceled.st

@@ -0,0 +1,6 @@
+errors
+errorAuthenticationCanceled
+
+	UserDialogBoxMorph 
+		inform: 'Authentication dialog was dismissed' title: 'Operation canceled'.
+	^ Error signal.

Squello-Core.package/SPBAuthenticator.class/instance/errorGarbageToken.st

@@ -0,0 +1,7 @@
+errors
+errorGarbageToken	
+
+	UserDialogBoxMorph 
+		inform: 'Not a valid token' title: 'Operation canceled'.
+	SPBGithubAPI token: nil.
+	^ Error signal.

Squello-Core.package/SPBAuthenticator.class/instance/errorInvalidTokenScopes.st

@@ -0,0 +1,7 @@
+errors
+errorInvalidTokenScopes
+
+	UserDialogBoxMorph 
+		inform: 'Invalid token or username or repository is private. Token has only public_repo scope' title: 'Operation canceled'.
+	SPBGithubAPI token: nil.
+	^ Error signal.

Squello-Core.package/SPBAuthenticator.class/instance/errorNoScopes.st

@@ -0,0 +1,7 @@
+errors
+errorNoScopes
+
+	UserDialogBoxMorph 
+		inform: 'Make sure the token has repo or public_repo scope' title: 'Operation cancelled'.
+	SPBGithubAPI token: nil.
+	^ Error signal.

Squello-Core.package/SPBAuthenticator.class/instance/errorRepoNotFound.st

@@ -0,0 +1,6 @@
+errors
+errorRepoNotFound
+
+	UserDialogBoxMorph 
+		inform: 'Make sure you have access to the repository' title: 'Repository not found'.
+	^ Error signal.

Squello-Core.package/SPBAuthenticator.class/instance/getRepoFromUrl..st

@@ -0,0 +1,9 @@
+authentication
+getRepoFromUrl: aString
+
+	| pathComponents url |
+	url := aString asUrl.
+	pathComponents := url fullPath splitBy: '/'.
+	self boardProvider user: (pathComponents at: 2).
+	self boardProvider repo: (pathComponents at: 3).
+	^ self boardProvider getRepo.

Squello-Core.package/SPBAuthenticator.class/instance/getTokenScopes.st

@@ -0,0 +1,13 @@
+authentication
+getTokenScopes
+
+	| tokenScopes |
+	tokenScopes := self boardProvider getTokenOAuthScopes.
+	tokenScopes isEmpty
+		ifTrue: [self errorGarbageToken].
+
+	(((tokenScopes includes: 'repo') not) and: [(tokenScopes includes: 'public_repo') not])
+		ifTrue: [self errorNoScopes].
+	^ tokenScopes.
+
+

Squello-Core.package/SPBAuthenticator.class/instance/token..st

@@ -0,0 +1,4 @@
+accessing
+token: aString
+
+	token := aString.

Squello-Core.package/SPBAuthenticator.class/instance/token.st

@@ -0,0 +1,4 @@
+accessing
+token
+
+	^ token.

Squello-Core.package/SPBAuthenticator.class/instance/username..st

@@ -0,0 +1,4 @@
+accessing
+username: aString
+
+	username := aString.

Squello-Core.package/SPBAuthenticator.class/instance/username.st

@@ -0,0 +1,4 @@
+accessing
+username
+
+	^ username.

Squello-Core.package/SPBAuthenticator.class/methodProperties.json

@@ -0,0 +1,20 @@
+{
+	"class" : {
+		"newWith:" : "mcr 8/2/2022 17:38" },
+	"instance" : {
+		"authenticate" : "mcr 8/2/2022 22:48",
+		"boardProvider" : "mcr 8/2/2022 18:26",
+		"boardProvider:" : "mcr 8/2/2022 18:26",
+		"checkIfCredentialsMissing" : "mcr 8/2/2022 18:27",
+		"checkIfTokenValidFor" : "mcr 8/2/2022 22:48",
+		"errorAuthenticationCanceled" : "mcr 8/2/2022 21:49",
+		"errorGarbageToken" : "mcr 8/2/2022 22:08",
+		"errorInvalidTokenScopes" : "mcr 8/2/2022 22:54",
+		"errorNoScopes" : "mcr 8/2/2022 22:31",
+		"errorRepoNotFound" : "mcr 8/2/2022 21:50",
+		"getRepoFromUrl:" : "mcr 8/2/2022 20:47",
+		"getTokenScopes" : "mcr 8/2/2022 22:38",
+		"token" : "mcr 8/2/2022 18:26",
+		"token:" : "mcr 8/2/2022 18:26",
+		"username" : "mcr 8/2/2022 18:27",
+		"username:" : "mcr 8/2/2022 18:27" } }

Squello-Core.package/SquelloCoreServiceProvider.class/properties.json → Squello-Core.package/SPBAuthenticator.class/properties.json

@@ -6,9 +6,11 @@
 		 ],
 	"commentStamp" : "",
 	"instvars" : [
-		 ],
-	"name" : "SquelloCoreServiceProvider",
+		"boardProvider",
+		"token",
+		"username" ],
+	"name" : "SPBAuthenticator",
 	"pools" : [
 		 ],
-	"super" : "ServiceProvider",
+	"super" : "Object",
 	"type" : "normal" }

Squello-Core.package/SPBBoard.class/class/errorParsingUrl.st

@@ -0,0 +1,5 @@
+startup
+errorParsingUrl
+
+	UserDialogBoxMorph 
+		inform: 'Invalid repository Url' title: 'Error parsing Url'.

Squello-Core.package/SPBBoard.class/class/newWith..st

@@ -1,18 +1,18 @@
 startup
 newWith: aString
 
-	| instance username token |
+	| instance authenticator |
 	instance := self new.
-	username := SPBGithubAPI username.
-	token := SPBGithubAPI token.
-
-	(username isNil or: [token isNil]) ifTrue: [SPBUserAuth open].
-	(username isNil or: [token isNil]) ifTrue: [^ UserDialogBoxMorph inform: 'Authentication dialog was dismissed' title: 'Operation canceled'].
-
-	(aString beginsWith: 'https://github.com/') ifFalse: 
-		[^ UserDialogBoxMorph inform: 'Invalid repository url' asString title: 'Operation canceled'].
 
-	instance
-		loadProject: aString;
-		buildAndOpen.
+	[instance parseRepoFromUrl: aString]
+		on: Error do: [self errorParsingUrl. ^ self].
+
+	authenticator := SPBAuthenticator newWith: instance boardProvider.
+	[authenticator authenticate]
+		on: Error do: [^ self].
+
+	[instance loadProject: aString]
+		on: Error do: [^ self].
+
+	instance buildAndOpen.
 	^ instance.

Squello-Core.package/SPBBoard.class/class/open.st

@@ -2,7 +2,7 @@ startup
 open
 
 	| prompt |
-	prompt := FillInTheBlank request: 'Please enter GitHub URL of your project board:' initialAnswer: (self lastProject ifNotNil: [self lastProject] ifNil: ['']) onCancelReturn: ''.
+	prompt := FillInTheBlank request: 'Please enter GitHub URL of your project board or your repository:' initialAnswer: (self lastProject ifNotNil: [self lastProject] ifNil: ['']) onCancelReturn: ''.
 	prompt = '' ifTrue: [^ self].
 	self lastProject: prompt.
 	^self newWith: prompt.

Squello-Core.package/SPBBoard.class/instance/errorInvalidUrl.st

@@ -1,4 +1,6 @@
-toolbuilder
+initialize-release
 errorInvalidUrl
-
-	UserDialogBoxMorph inform: 'Invalid repository url' title: 'Operation canceled'.
+
+	UserDialogBoxMorph 
+		inform: 'Invalid repository Url or project does not exist' title: 'Operation canceled'.
+	^ Error signal.

Squello-Core.package/SPBBoard.class/instance/errorNoProjects.st

@@ -0,0 +1,6 @@
+initialize-release
+errorNoProjects
+
+	UserDialogBoxMorph 
+		inform: 'Repository has no projects' title: 'Operation canceled'.
+	^ Error signal.

Squello-Core.package/SPBBoard.class/instance/loadProject..st

@@ -5,10 +5,11 @@ loadProject: aString
 	(aString includesSubstring: '/projects')
 		ifTrue: [[self boardProvider parseInputBoardUrl: aString]
 						on: Error
-						do: [^ self errorInvalidUrl]]
+						do: [^ self errorInvalidUrl.]]
 		ifFalse: [[projects := (self boardProvider getProjects: aString)]
 						on: Error
 						do: [^ self errorInvalidUrl].
+			projects isEmpty ifTrue: [self errorNoProjects].
 			projectNames := projects 
 				collect: [:project | project at: 'name'].
 			chosenProject := UIManager default 

Squello-Core.package/SPBBoard.class/instance/parseRepoFromUrl..st

@@ -0,0 +1,9 @@
+initialize-release
+parseRepoFromUrl: aString
+
+	| pathComponents url |
+	url := aString asUrl.
+	pathComponents := url fullPath splitBy: '/'.
+	self boardProvider user: (pathComponents at: 2).
+	self boardProvider repo: (pathComponents at: 3).
+	^ self boardProvider getRepo.

Squello-Core.package/SPBBoard.class/methodProperties.json

@@ -1,10 +1,11 @@
 {
 	"class" : {
 		"columnMinimumExtent" : "lo 8/1/2022 13:40",
+		"errorParsingUrl" : "mcr 8/2/2022 22:23",
 		"lastProject" : "tk 7/30/2022 21:54",
 		"lastProject:" : "tk 7/30/2022 21:54",
-		"newWith:" : "NTK 7/30/2022 11:50",
-		"open" : "NTK 6/1/2022 16:41",
+		"newWith:" : "mcr 8/2/2022 22:48",
+		"open" : "mcr 8/2/2022 22:32",
 		"registerInAppsMenu" : "lo 6/4/2022 23:19" },
 	"instance" : {
 		"activeCard" : "mcr 8/1/2022 02:31",
@@ -44,9 +45,11 @@
 		"createColumns" : "lo 8/1/2022 11:11",
 		"createSidebar" : "lo 8/1/2022 11:11",
 		"errorCannotAddColumn:" : "jh 7/31/2022 14:28",
-		"errorInvalidUrl" : "jh 7/31/2022 14:28",
+		"errorInvalidUrl" : "mcr 8/2/2022 22:17",
+		"errorNoProjects" : "mcr 8/2/2022 22:15",
 		"initialize" : "jh 7/29/2022 11:36",
-		"loadProject:" : "lo 8/1/2022 14:22",
+		"loadProject:" : "mcr 8/2/2022 22:15",
+		"parseRepoFromUrl:" : "mcr 8/2/2022 21:15",
 		"removeColumn:" : "lo 8/1/2022 14:09",
 		"rerenderColumns" : "lo 7/31/2022 16:42",
 		"resizeColumnArea" : "lo 8/1/2022 11:12",

Squello-Core.package/SPBGithubAPI.class/instance/getRequestToURL..st

@@ -5,5 +5,5 @@ getRequestToURL: aString
 	request := self createGetRequestTo: aString.
 	response := (WebClient new initializeFromUrl: aString) sendRequest: request.
 	stream := ReadStream on: response content from: 1 to: response content byteSize.
-		
+
 	^ Json readFrom: stream.

Squello-Core.package/SPBGithubAPI.class/instance/getRequestToURLHeaderOnly..st

@@ -0,0 +1,8 @@
+request creation/sending
+getRequestToURLHeaderOnly: aString
+
+	| request response |
+	request := self createGetRequestTo: aString.
+	response := (WebClient new initializeFromUrl: aString) sendRequest: request.
+
+	^ response headers.

Squello-Core.package/SPBGithubAPI.class/instance/getRequestToURLWithoutAuth..st

@@ -0,0 +1,10 @@
+request creation/sending
+getRequestToURLWithoutAuth: aString
+
+	| request response stream |
+	request := self createGetRequestTo: aString.
+	request removeHeader: 'Authorization'.
+	response := (WebClient new initializeFromUrl: aString) sendRequest: request.
+	stream := ReadStream on: response content from: 1 to: response content byteSize.
+
+	^ Json readFrom: stream.

Squello-Core.package/SPBGithubAPI.class/instance/queryScopeHeaderOnly..st

@@ -0,0 +1,9 @@
+api calls get request
+queryScopeHeaderOnly: aString
+
+	| url request response |
+	url := 'https://api.github.com/users/' , aString.
+	request := self createGetRequestTo: url.
+	response := (WebClient new initializeFromUrl: url) sendRequest: request.
+
+	^ response headersAt: 'X-OAuth-Scopes'.

Squello-Core.package/SPBGithubAPI.class/instance/queryUser.repo..st

@@ -0,0 +1,7 @@
+api calls get request
+queryUser: aString repo: anotherString
+
+	| url |
+	url := 'https://api.github.com/repos/', aString, '/', anotherString.
+
+	^ self getRequestToURL: url.