aboutsummaryrefslogtreecommitdiffstats
path: root/bridge/jira/config.go
blob: 22ce1dcaddefe4615b9ae7e0457b80a114510f2a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
package jira

import (
	"context"
	"fmt"

	"github.com/git-bug/git-bug/bridge/core"
	"github.com/git-bug/git-bug/bridge/core/auth"
	"github.com/git-bug/git-bug/cache"
	"github.com/git-bug/git-bug/commands/input"
	"github.com/git-bug/git-bug/repository"
)

const moreConfigText = `
NOTE: There are a few optional configuration values that you can additionally
set in your git configuration to influence the behavior of the bridge. Please
see the notes at:
https://github.com/git-bug/git-bug/blob/master/doc/jira_bridge.md
`

const credTypeText = `
JIRA has recently altered it's authentication strategies. Servers deployed
prior to October 1st 2019 must use "SESSION" authentication, whereby the REST
client logs in with an actual username and password, is assigned a session, and
passes the session cookie with each request. JIRA Cloud and servers deployed
after October 1st 2019 must use "TOKEN" authentication. You must create a user
API token and the client will provide this along with your username with each
request.`

func (*Jira) ValidParams() map[string]interface{} {
	return map[string]interface{}{
		"BaseURL":    nil,
		"Login":      nil,
		"CredPrefix": nil,
		"Project":    nil,
		"TokenRaw":   nil,
	}
}

// Configure sets up the bridge configuration
func (j *Jira) Configure(repo *cache.RepoCache, params core.BridgeParams, interactive bool) (core.Configuration, error) {
	var err error

	baseURL := params.BaseURL
	if baseURL == "" {
		if !interactive {
			return nil, fmt.Errorf("Non-interactive-mode is active. Please specify the JIRA server URL via the --base-url option.")
		}
		// terminal prompt
		baseURL, err = input.Prompt("JIRA server URL", "URL", input.Required, input.IsURL)
		if err != nil {
			return nil, err
		}
	}

	project := params.Project
	if project == "" {
		if !interactive {
			return nil, fmt.Errorf("Non-interactive-mode is active. Please specify the JIRA project key via the --project option.")
		}
		project, err = input.Prompt("JIRA project key", "project", input.Required)
		if err != nil {
			return nil, err
		}
	}

	var login string
	var credType string
	var cred auth.Credential

	switch {
	case params.CredPrefix != "":
		cred, err = auth.LoadWithPrefix(repo, params.CredPrefix)
		if err != nil {
			return nil, err
		}
		l, ok := cred.GetMetadata(auth.MetaKeyLogin)
		if !ok {
			return nil, fmt.Errorf("credential doesn't have a login")
		}
		login = l
	default:
		if params.Login == "" {
			if !interactive {
				return nil, fmt.Errorf("Non-interactive-mode is active. Please specify the login name via the --login option.")
			}
			login, err = input.Prompt("JIRA login", "login", input.Required)
			if err != nil {
				return nil, err
			}
		} else {
			login = params.Login
		}
		// TODO: validate username

		if params.TokenRaw == "" {
			if !interactive {
				return nil, fmt.Errorf("Non-interactive-mode is active. Please specify the access token via the --token option.")
			}
			fmt.Println(credTypeText)
			credTypeInput, err := input.PromptChoice("Authentication mechanism", []string{"SESSION", "TOKEN"})
			if err != nil {
				return nil, err
			}
			credType = []string{"SESSION", "TOKEN"}[credTypeInput]
			cred, err = promptCredOptions(repo, login, baseURL)
			if err != nil {
				return nil, err
			}
		} else {
			credType = "TOKEN"
		}
	}

	conf := make(core.Configuration)
	conf[core.ConfigKeyTarget] = target
	conf[confKeyBaseUrl] = baseURL
	conf[confKeyProject] = project
	conf[confKeyCredentialType] = credType
	conf[confKeyDefaultLogin] = login

	err = j.ValidateConfig(conf)
	if err != nil {
		return nil, err
	}

	fmt.Printf("Attempting to login with credentials...\n")
	client, err := buildClient(context.TODO(), baseURL, credType, cred)
	if err != nil {
		return nil, err
	}

	// verify access to the project with credentials
	fmt.Printf("Checking project ...\n")
	_, err = client.GetProject(project)
	if err != nil {
		return nil, fmt.Errorf(
			"Project %s doesn't exist on %s, or authentication credentials for (%s)"+
				" are invalid",
			project, baseURL, login)
	}

	// don't forget to store the now known valid token
	if !auth.IdExist(repo, cred.ID()) {
		err = auth.Store(repo, cred)
		if err != nil {
			return nil, err
		}
	}

	err = core.FinishConfig(repo, metaKeyJiraLogin, login)
	if err != nil {
		return nil, err
	}

	fmt.Print(moreConfigText)
	return conf, nil
}

// ValidateConfig returns true if all required keys are present
func (*Jira) ValidateConfig(conf core.Configuration) error {
	if v, ok := conf[core.ConfigKeyTarget]; !ok {
		return fmt.Errorf("missing %s key", core.ConfigKeyTarget)
	} else if v != target {
		return fmt.Errorf("unexpected target name: %v", v)
	}
	if _, ok := conf[confKeyBaseUrl]; !ok {
		return fmt.Errorf("missing %s key", confKeyBaseUrl)
	}
	if _, ok := conf[confKeyProject]; !ok {
		return fmt.Errorf("missing %s key", confKeyProject)
	}
	if _, ok := conf[confKeyCredentialType]; !ok {
		return fmt.Errorf("missing %s key", confKeyCredentialType)
	}
	if _, ok := conf[confKeyDefaultLogin]; !ok {
		return fmt.Errorf("missing %s key", confKeyDefaultLogin)
	}

	return nil
}

func promptCredOptions(repo repository.RepoKeyring, login, baseUrl string) (auth.Credential, error) {
	creds, err := auth.List(repo,
		auth.WithTarget(target),
		auth.WithKind(auth.KindToken),
		auth.WithMeta(auth.MetaKeyLogin, login),
		auth.WithMeta(auth.MetaKeyBaseURL, baseUrl),
	)
	if err != nil {
		return nil, err
	}

	cred, index, err := input.PromptCredential(target, "password", creds, []string{
		"enter my password",
		"ask my password each time",
	})
	switch {
	case err != nil:
		return nil, err
	case cred != nil:
		return cred, nil
	case index == 0:
		password, err := input.PromptPassword("Password", "password", input.Required)
		if err != nil {
			return nil, err
		}
		lp := auth.NewLoginPassword(target, login, password)
		lp.SetMetadata(auth.MetaKeyLogin, login)
		lp.SetMetadata(auth.MetaKeyBaseURL, baseUrl)
		return lp, nil
	case index == 1:
		l := auth.NewLogin(target, login)
		l.SetMetadata(auth.MetaKeyLogin, login)
		l.SetMetadata(auth.MetaKeyBaseURL, baseUrl)
		return l, nil
	default:
		panic("missed case")
	}
}