feat: implement bitbucket-server external auth defaults

Emyrk · Emyrk · commit f7a5742a5493 · 2023-11-03T14:56:20.000-05:00
Bitbucket cloud != Bitbucket server
Add reasonable defaults for server
diff --git a/coderd/externalauth/externalauth.go b/coderd/externalauth/externalauth.go
@@ -9,6 +9,7 @@ import (
 	"net/http"
 	"net/url"
 	"regexp"
+	"strings"
 	"time"
 
 	"golang.org/x/oauth2"
@@ -409,7 +410,7 @@ func ConvertConfig(entries []codersdk.ExternalAuthConfig, accessURL *url.URL) ([
 		// Applies defaults to the config entry.
 		// This allows users to very simply state that they type is "GitHub",
 		// apply their client secret and ID, and have the UI appear nicely.
-		applyDefaultsToConfig(&entry)
+		configDefaults(&entry)
 
 		valid := httpapi.NameValid(entry.ID)
 		if valid != nil {
@@ -490,8 +491,22 @@ func ConvertConfig(entries []codersdk.ExternalAuthConfig, accessURL *url.URL) ([
 }
 
 // applyDefaultsToConfig applies defaults to the config entry.
-func applyDefaultsToConfig(config *codersdk.ExternalAuthConfig) {
-	defaults := defaults[codersdk.EnhancedExternalAuthProvider(config.Type)]
+func configDefaults(config *codersdk.ExternalAuthConfig) {
+	// If static defaults exist, apply them.
+	if defaults, ok := staticDefaults[codersdk.EnhancedExternalAuthProvider(config.Type)]; ok {
+		applyDefaultsToConfig(config, defaults)
+		return
+	}
+
+	// Dynamic defaults
+	switch codersdk.EnhancedExternalAuthProvider(config.Type) {
+	case codersdk.EnhancedExternalAuthProviderBitBucketServer:
+		applyDefaultsToConfig(config, bitbucketServerDefaults(config))
+		return
+	}
+}
+
+func applyDefaultsToConfig(config *codersdk.ExternalAuthConfig, defaults codersdk.ExternalAuthConfig) {
 	if config.AuthURL == "" {
 		config.AuthURL = defaults.AuthURL
 	}
@@ -539,7 +554,43 @@ func applyDefaultsToConfig(config *codersdk.ExternalAuthConfig) {
 	}
 }
 
-var defaults = map[codersdk.EnhancedExternalAuthProvider]codersdk.ExternalAuthConfig{
+func bitbucketServerDefaults(config *codersdk.ExternalAuthConfig) codersdk.ExternalAuthConfig {
+	defaults := codersdk.ExternalAuthConfig{
+		DisplayName: "Bitbucket Server",
+		Scopes:      []string{"PUBLIC_REPOS", "REPO_READ", "REPO_WRITE"},
+		DisplayIcon: "/icon/bitbucket.svg",
+	}
+	// Bitbucket servers will have some base url, e.g. https://bitbucket.coder.com.
+	// We will grab this from the Auth URL. This choice is a bit arbitrary,
+	// but we need to require at least 1 field to be populated.
+	if config.AuthURL == "" {
+		// No auth url, means we cannot guess the urls.
+		return defaults
+	}
+
+	auth, err := url.Parse(config.AuthURL)
+	if err != nil {
+		// We need a valid URL to continue with.
+		return defaults
+	}
+
+	// Populate Regex, ValidateURL, and TokenURL.
+	// Default regex should be anything using the same host as the auth url.
+	defaults.Regex = fmt.Sprintf(`^(https?://)?%s(/.*)?$`, strings.ReplaceAll(auth.Host, ".", `\.`))
+
+	tokenURL := auth.ResolveReference(&url.URL{Path: "/rest/oauth2/latest/token"})
+	defaults.TokenURL = tokenURL.String()
+
+	// validate needs to return a 200 when logged in and a 401 when unauthenticated.
+	// This endpoint returns the count of the number of PR's in the authenticated
+	// user's inbox. Which will work perfectly for our use case.
+	validate := auth.ResolveReference(&url.URL{Path: "/rest/api/latest/inbox/pull-requests/count"})
+	defaults.ValidateURL = validate.String()
+
+	return defaults
+}
+
+var staticDefaults = map[codersdk.EnhancedExternalAuthProvider]codersdk.ExternalAuthConfig{
 	codersdk.EnhancedExternalAuthProviderAzureDevops: {
 		AuthURL:     "https://app.vssps.visualstudio.com/oauth2/authorize",
 		TokenURL:    "https://app.vssps.visualstudio.com/oauth2/token",
diff --git a/coderd/externalauth/externalauth_internal_test.go b/coderd/externalauth/externalauth_internal_test.go
@@ -0,0 +1,58 @@
+package externalauth
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/v2/codersdk"
+)
+
+func Test_bitbucketServerConfigDefaults(t *testing.T) {
+	bbType := string(codersdk.EnhancedExternalAuthProviderBitBucketServer)
+	tests := []struct {
+		name     string
+		config   *codersdk.ExternalAuthConfig
+		expected codersdk.ExternalAuthConfig
+	}{
+		{
+			// Very few fields are statically defined for Bitbucket Server.
+			name: "EmpyBitbucketServer",
+			config: &codersdk.ExternalAuthConfig{
+				Type: bbType,
+			},
+			expected: codersdk.ExternalAuthConfig{
+				Type:        bbType,
+				ID:          bbType,
+				DisplayName: "Bitbucket Server",
+				Scopes:      []string{"PUBLIC_REPOS", "REPO_READ", "REPO_WRITE"},
+				DisplayIcon: "/icon/bitbucket.svg",
+			},
+		},
+		{
+			// Only the AuthURL is required for defaults to work.
+			name: "AuthURL",
+			config: &codersdk.ExternalAuthConfig{
+				Type:    bbType,
+				AuthURL: "https://bitbucket.example.com/login/oauth/authorize",
+			},
+			expected: codersdk.ExternalAuthConfig{
+				Type:        bbType,
+				ID:          bbType,
+				AuthURL:     "https://bitbucket.example.com/login/oauth/authorize",
+				TokenURL:    "https://bitbucket.example.com/rest/oauth2/latest/token",
+				ValidateURL: "https://bitbucket.example.com/rest/api/latest/inbox/pull-requests/count",
+				Scopes:      []string{"PUBLIC_REPOS", "REPO_READ", "REPO_WRITE"},
+				Regex:       `^(https?://)?bitbucket\.example\.com(/.*)?$`,
+				DisplayName: "Bitbucket Server",
+				DisplayIcon: "/icon/bitbucket.svg",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			configDefaults(tt.config)
+			require.Equal(t, tt.expected, *tt.config)
+		})
+	}
+}
diff --git a/coderd/workspaceagents.go b/coderd/workspaceagents.go
@@ -2452,7 +2452,7 @@ func createExternalAuthResponse(typ, token string, extra pqtype.NullRawMessage)
 			Username: "oauth2",
 			Password: token,
 		}
-	case string(codersdk.EnhancedExternalAuthProviderBitBucket):
+	case string(codersdk.EnhancedExternalAuthProviderBitBucket), string(codersdk.EnhancedExternalAuthProviderBitBucketServer):
 		// https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/#Cloning-a-repository-with-an-access-token
 		resp = agentsdk.ExternalAuthResponse{
 			Username: "x-token-auth",
diff --git a/codersdk/externalauth.go b/codersdk/externalauth.go
@@ -22,6 +22,7 @@ func (e EnhancedExternalAuthProvider) Git() bool {
 	case EnhancedExternalAuthProviderGitHub,
 		EnhancedExternalAuthProviderGitLab,
 		EnhancedExternalAuthProviderBitBucket,
+		EnhancedExternalAuthProviderBitBucketServer,
 		EnhancedExternalAuthProviderAzureDevops:
 		return true
 	default:
@@ -33,8 +34,11 @@ const (
 	EnhancedExternalAuthProviderAzureDevops EnhancedExternalAuthProvider = "azure-devops"
 	EnhancedExternalAuthProviderGitHub      EnhancedExternalAuthProvider = "github"
 	EnhancedExternalAuthProviderGitLab      EnhancedExternalAuthProvider = "gitlab"
-	EnhancedExternalAuthProviderBitBucket   EnhancedExternalAuthProvider = "bitbucket"
-	EnhancedExternalAuthProviderSlack       EnhancedExternalAuthProvider = "slack"
+	// EnhancedExternalAuthProviderBitBucket is the Bitbucket Cloud provider.
+	// Not to be confused with the self-hosted 'EnhancedExternalAuthProviderBitBucketServer'
+	EnhancedExternalAuthProviderBitBucket       EnhancedExternalAuthProvider = "bitbucket"
+	EnhancedExternalAuthProviderBitBucketServer EnhancedExternalAuthProvider = "bitbucket-server"
+	EnhancedExternalAuthProviderSlack           EnhancedExternalAuthProvider = "slack"
 )
 
 type ExternalAuth struct {
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts

Original file line number	Diff line number	Diff line change
`@@ -2452,7 +2452,7 @@ func createExternalAuthResponse(typ, token string, extra pqtype.NullRawMessage)`
`2452`	`2452`	`Username: "oauth2",`
`2453`	`2453`	`Password: token,`
`2454`	`2454`	`}`
`2455`		`- case string(codersdk.EnhancedExternalAuthProviderBitBucket):`
	`2455`	`+ case string(codersdk.EnhancedExternalAuthProviderBitBucket), string(codersdk.EnhancedExternalAuthProviderBitBucketServer):`
`2456`	`2456`	`// https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/#Cloning-a-repository-with-an-access-token`
`2457`	`2457`	`resp = agentsdk.ExternalAuthResponse{`
`2458`	`2458`	`Username: "x-token-auth",`