Clear OAuth tokens for forked datasources (#3609)

* Clear OAuth tokens for forked datasources * Fix datasource duplicate finder in light of oAuth tokens * Fix potential NPE
2021-03-18 21:08:56 +05:30 · 2021-03-18 21:08:56 +05:30 · bb1d0059d3
commit bb1d0059d3
parent 55c17a66aa
3 changed files with 35 additions and 3 deletions
--- a/app/server/appsmith-interfaces/src/main/java/com/appsmith/external/models/AuthenticationResponse.java
+++ b/app/server/appsmith-interfaces/src/main/java/com/appsmith/external/models/AuthenticationResponse.java
@ -1,13 +1,16 @@
 package com.appsmith.external.models;

-import com.fasterxml.jackson.annotation.JsonIgnore;
+import lombok.AllArgsConstructor;
 import lombok.Getter;
+import lombok.NoArgsConstructor;
 import lombok.Setter;

 import java.time.Instant;

@Getter
@Setter
+@NoArgsConstructor
+@AllArgsConstructor
 public class AuthenticationResponse {
    String token;

--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ExamplesOrganizationCloner.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ExamplesOrganizationCloner.java
@ -1,5 +1,6 @@
 package com.appsmith.server.solutions;

+import com.appsmith.external.models.AuthenticationDTO;
 import com.appsmith.external.models.BaseDomain;
 import com.appsmith.server.constants.FieldName;
 import com.appsmith.server.domains.Application;
@ -361,7 +362,23 @@ public class ExamplesOrganizationCloner {
                    final Datasource templateDatasource = tuple.getT1();
                    final List<Datasource> existingDatasources = tuple.getT2();

+                    final AuthenticationDTO authentication = templateDatasource.getDatasourceConfiguration() == null
+                            ? null : templateDatasource.getDatasourceConfiguration().getAuthentication();
+                    if (authentication != null) {
+                        authentication.setIsAuthorized(null);
+                        authentication.setAuthenticationResponse(null);
+                    }
+
                    return Flux.fromIterable(existingDatasources)
+                            .map(ds -> {
+                                final AuthenticationDTO auth = ds.getDatasourceConfiguration() == null
+                                        ? null : ds.getDatasourceConfiguration().getAuthentication();
+                                if (auth != null) {
+                                    auth.setIsAuthorized(null);
+                                    auth.setAuthenticationResponse(null);
+                                }
+                                return ds;
+                            })
                            .filter(templateDatasource::softEquals)
                            .next()  // Get the first matching datasource, we don't need more than one here.
                            .switchIfEmpty(Mono.defer(() -> {
@ -369,8 +386,8 @@ public class ExamplesOrganizationCloner {
                                makePristine(templateDatasource);

                                templateDatasource.setOrganizationId(toOrganizationId);
-                                if (templateDatasource.getDatasourceConfiguration() != null) {
-                                    datasourceContextService.decryptSensitiveFields(templateDatasource.getDatasourceConfiguration().getAuthentication());
+                                if (authentication != null) {
+                                    datasourceContextService.decryptSensitiveFields(authentication);
                                }

                                return createSuffixedDatasource(templateDatasource);
--- a/app/server/appsmith-server/src/test/java/com/appsmith/server/solutions/ExamplesOrganizationClonerTests.java
+++ b/app/server/appsmith-server/src/test/java/com/appsmith/server/solutions/ExamplesOrganizationClonerTests.java
@ -1,6 +1,7 @@
 package com.appsmith.server.solutions;

 import com.appsmith.external.models.ActionConfiguration;
+import com.appsmith.external.models.AuthenticationResponse;
 import com.appsmith.external.models.Connection;
 import com.appsmith.external.models.DBAuth;
 import com.appsmith.external.models.DatasourceConfiguration;
@ -59,6 +60,7 @@ import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 import reactor.test.StepVerifier;

+import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
@ -762,6 +764,8 @@ public class ExamplesOrganizationClonerTests {
                            new Property("custom auth param 1", "custom auth param value 1"),
                            new Property("custom auth param 2", "custom auth param value 2")
                    ));
+                    auth.setIsAuthorized(true);
+                    auth.setAuthenticationResponse(new AuthenticationResponse("token", "refreshToken", Instant.now(), Instant.now(), null));
                    dc.setAuthentication(auth);

                    final Datasource ds2 = new Datasource();
@ -898,6 +902,14 @@ public class ExamplesOrganizationClonerTests {
                            "datasource 2"
                    );

+                    final Datasource ds1 = data.datasources.stream().filter(ds -> ds.getName().equals("datasource 1")).findFirst().get();
+                    assertThat(ds1.getDatasourceConfiguration().getAuthentication().getIsAuthorized()).isNull();
+                    assertThat(ds1.getDatasourceConfiguration().getAuthentication().getAuthenticationResponse()).isNull();
+
+                    final Datasource ds2 = data.datasources.stream().filter(ds -> ds.getName().equals("datasource 2")).findFirst().get();
+                    assertThat(ds2.getDatasourceConfiguration().getAuthentication().getIsAuthorized()).isNull();
+                    assertThat(ds2.getDatasourceConfiguration().getAuthentication().getAuthenticationResponse()).isNull();
+
                    assertThat(getUnpublishedActionName(data.actions)).containsExactlyInAnyOrder(
                            "action1",
                            "action2",