[JENKINS-76027] Allow Bitbucket build status to be customised

Restrict BitbucketAuthenticatedClient to perform call only to the configured server to avoid security issue calling any endpoint using the configured credentials.
Simplify extensions points interfaces removing those informations now shipped with the authenticated client.

Author: nfalco79

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/api/BitbucketAuthenticatedClient.java

@@ -38,12 +38,62 @@
  */
 public interface BitbucketAuthenticatedClient extends AutoCloseable {
 
+    /**
+     * The owner of the repository where register the webhook.
+     */
+    @NonNull
+    String getRepositoryOwner();
+
+    /**
+     * Name of the repository where register the webhook.
+     */
+    @CheckForNull
+    String getRepositoryName();
+
+    /**
+     * Perform an HTTP POST to the configured endpoint.
+     * <p>
+     * Request will be sent as JSON
+     *
+     * @param path to call, it will prepend with the server URL
+     * @param payload to send
+     * @return the JSON string of the response
+     * @throws IOException in case of connection failures
+     */
     String post(@NonNull String path, @CheckForNull String payload) throws IOException;
 
+    /**
+     * Perform an HTTP PUT to the configured endpoint.
+     * <p>
+     * Request will be sent as JSON
+     *
+     * @param path to call, it will prepend with the server URL
+     * @param payload to send
+     * @return the JSON string of the response
+     * @throws IOException in case of connection failures
+     */
     String put(@NonNull String path, @CheckForNull String payload) throws IOException;
 
+    /**
+     * Perform an HTTP DELETE to the configured endpoint.
+     * <p>
+     * Request will be sent as JSON
+     *
+     * @param path to call, it will prepend with the server URL
+     * @return the JSON string of the response
+     * @throws IOException in case of connection failures
+     */
     String delete(@NonNull String path) throws IOException;
 
+    /**
+     * Perform an HTTP GET to the configured endpoint.
+     * <p>
+     * Request will be sent as JSON
+     *
+     * @param path to call, it will prepend with the server URL
+     * @return the JSON string of the response
+     * @throws IOException in case of connection failures
+     */
     @NonNull
     String get(@NonNull String path) throws IOException;
 

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/api/buildstatus/BitbucketBuildStatusNotifier.java

@@ -41,26 +41,5 @@ public interface BitbucketBuildStatusNotifier extends ExtensionPoint {
      */
     boolean isApplicable(@NonNull EndpointType type);
 
-    /**
-     * The owner of the repository where register the webhook.
-     *
-     * @param repositoryOwner name
-     */
-    void setRepositoryOwner(@NonNull String repositoryOwner);
-
-    /**
-     * Name of the repository where register the webhook.
-     *
-     * @param repositoryName
-     */
-    void setRepositoryName(@NonNull String repositoryName);
-
-    /**
-     * The base URL of endpoint of the Bitbucket host.
-     *
-     * @param serverURL the base of the endpoint to call.
-     */
-    void setServerURL(@NonNull String serverURL);
-
     void sendBuildStatus(@NonNull BitbucketBuildStatus status, @NonNull BitbucketAuthenticatedClient client) throws IOException;
 }

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/api/webhook/BitbucketWebhookManager.java

@@ -25,6 +25,7 @@
 
 import com.cloudbees.jenkins.plugins.bitbucket.api.BitbucketAuthenticatedClient;
 import com.cloudbees.jenkins.plugins.bitbucket.api.BitbucketWebHook;
+import com.cloudbees.jenkins.plugins.bitbucket.api.endpoint.BitbucketEndpoint;
 import edu.umd.cs.findbugs.annotations.NonNull;
 import hudson.ExtensionPoint;
 import java.io.IOException;
@@ -48,27 +49,6 @@
 @Restricted(Beta.class)
 public interface BitbucketWebhookManager extends ExtensionPoint {
 
-    /**
-     * The owner of the repository where register the webhook.
-     *
-     * @param repositoryOwner name
-     */
-    void setRepositoryOwner(@NonNull String repositoryOwner);
-
-    /**
-     * Name of the repository where register the webhook.
-     *
-     * @param repositoryName
-     */
-    void setRepositoryName(@NonNull String repositoryName);
-
-    /**
-     * The base URL of endpoint of the Bitbucket host.
-     *
-     * @param serverURL the base of the endpoint to call.
-     */
-    void setServerURL(@NonNull String serverURL);
-
     /**
      * The callback URL where send event payload.
      * <p>
@@ -78,8 +58,10 @@ public interface BitbucketWebhookManager extends ExtensionPoint {
      * endpoint to process own events.
      *
      * @param callbackURL used to send webhook payload.
+     * @param endpoint this webhook is registered for, it could be used to
+     *        retrieve additional information to compose the callbackURL
      */
-    void setCallbackURL(@NonNull String callbackURL);
+    void setCallbackURL(@NonNull String callbackURL, @NonNull BitbucketEndpoint endpoint);
 
     /**
      * The configuration that returned this implementation class.

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/client/BitbucketCloudApiClient.java

@@ -528,8 +528,6 @@ public List<BitbucketCloudWebhook> getWebHooks() throws IOException {
     @Override
     public void postBuildStatus(@NonNull BitbucketBuildStatus status) throws IOException {
         CloudBuildStatusNotifier notifier = new CloudBuildStatusNotifier();
-        notifier.setRepositoryName(repositoryName);
-        notifier.setRepositoryOwner(owner);
         notifier.sendBuildStatus(status, adapt(BitbucketAuthenticatedClient.class));
     }
 
@@ -679,6 +677,12 @@ protected HttpHost getHost() {
         return API_HOST;
     }
 
+    @NonNull
+    @Override
+    protected String getBaseURL() {
+        return "https://api.bitbucket.org";
+    }
+
     @NonNull
     @Override
     protected CloseableHttpClient getClient() {

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/hooks/WebhookAutoRegisterListener.java

@@ -187,14 +187,11 @@ private BitbucketWebhookManager buildWebhookManager(BitbucketSCMSource source, B
         BitbucketWebhookManager manager = ExtensionList.lookupFirst(webhookConfig.getManager());
         // setup manager with base required information
         manager.apply(webhookConfig);
-        manager.setServerURL(endpoint.getServerURL());
-        manager.setRepositoryOwner(source.getRepoOwner());
-        manager.setRepositoryName(source.getRepository());
 
         String callbackRootURL = getCallbackRootURL(webhookConfig);
         // this is the base callback URL that webhook usually should call to be processed
         String callbackURL = callbackRootURL + BitbucketSCMSourcePushHookReceiver.FULL_PATH;
-        manager.setCallbackURL(callbackURL);
+        manager.setCallbackURL(callbackURL, endpoint);
 
         // setup traits extra informations
         manager.withTrais(source.getTraits());

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/buildstatus/CloudBuildStatusNotifier.java

@@ -37,33 +37,16 @@
 
 @Extension
 public class CloudBuildStatusNotifier implements BitbucketBuildStatusNotifier {
-    private static final String COMMIT_BUILD_STATUS_URL = "https://api.bitbucket.org/2.0/repositories{/owner,repo}/commit/{hash}/statuses/build";
-
-    private String repositoryOwner;
-    private String repositoryName;
-
-    @Override
-    public void setRepositoryOwner(@NonNull String repositoryOwner) {
-        this.repositoryOwner = repositoryOwner;
-    }
-
-    @Override
-    public void setRepositoryName(@NonNull String repositoryName) {
-        this.repositoryName = repositoryName;
-    }
-
-    @Override
-    public void setServerURL(@NonNull String serverURL) {
-    }
+    private static final String COMMIT_BUILD_STATUS_URL = "/2.0/repositories{/owner,repo}/commit/{hash}/statuses/build";
 
     @Override
     public void sendBuildStatus(@NonNull BitbucketBuildStatus status, @NonNull BitbucketAuthenticatedClient client) throws IOException {
         BitbucketBuildStatus newStatus = new BitbucketBuildStatus(status);
         newStatus.setName(abbreviate(newStatus.getName(), 255));
 
         String url = UriTemplate.fromTemplate(COMMIT_BUILD_STATUS_URL)
-                .set("owner", repositoryOwner)
-                .set("repo", repositoryName)
+                .set("owner", client.getRepositoryOwner())
+                .set("repo", client.getRepositoryName())
                 .set("hash", newStatus.getHash())
                 .expand();
         client.post(url, JsonParser.toString(newStatus));

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/buildstatus/ServerBuildStatusNotifier.java

@@ -43,25 +43,6 @@
 public class ServerBuildStatusNotifier implements BitbucketBuildStatusNotifier {
     private static final String API_COMMIT_STATUS_PATH = "/rest/api/1.0/projects/{owner}/repos/{repo}/commits/{hash}/builds";
 
-    private String repositoryOwner;
-    private String repositoryName;
-    private String serverURL;
-
-    @Override
-    public void setRepositoryOwner(@NonNull String repositoryOwner) {
-        this.repositoryOwner = repositoryOwner;
-    }
-
-    @Override
-    public void setRepositoryName(@NonNull String repositoryName) {
-        this.repositoryName = repositoryName;
-    }
-
-    @Override
-    public void setServerURL(@NonNull String serverURL) {
-        this.serverURL = serverURL;
-    }
-
     @Override
     public void sendBuildStatus(@NonNull BitbucketBuildStatus status, @NonNull BitbucketAuthenticatedClient client) throws IOException {
         BitbucketServerBuildStatus newStatus = new BitbucketServerBuildStatus(status);
@@ -72,15 +53,14 @@ public void sendBuildStatus(@NonNull BitbucketBuildStatus status, @NonNull Bitbu
             newStatus.setKey(substring(key, 0, 255 - 33) + '/' + DigestUtils.md5Hex(key));
         }
 
-        String url = UriTemplate.fromTemplate(this.serverURL + API_COMMIT_STATUS_PATH)
-                .set("owner", repositoryOwner)
-                .set("repo", repositoryName)
+        String url = UriTemplate.fromTemplate(API_COMMIT_STATUS_PATH)
+                .set("owner", client.getRepositoryOwner())
+                .set("repo", client.getRepositoryOwner())
                 .set("hash", newStatus.getHash())
                 .expand();
         client.post(url, JsonParser.toString(newStatus));
     }
 
-
     @Override
     public boolean isApplicable(@NonNull EndpointType type) {
         return type == EndpointType.SERVER;

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/client/AbstractBitbucketApi.java

@@ -242,6 +242,9 @@ protected void setClientProxyParams(HttpClientBuilder builder) {
     @NonNull
     protected abstract HttpHost getHost();
 
+    @NonNull
+    protected abstract String getBaseURL();
+
     @NonNull
     protected abstract CloseableHttpClient getClient();
 
@@ -395,8 +398,6 @@ private BitbucketWebhookManager buildManager() {
         BitbucketWebhookConfiguration configuration = endpoint.getWebhook();
         BitbucketWebhookManager manager = ExtensionList.lookupFirst(configuration.getManager());
         manager.apply(configuration);
-        manager.setRepositoryOwner(getOwner());
-        manager.setRepositoryName(getRepositoryName());
         return manager;
     }
 
@@ -406,30 +407,51 @@ public <T> T adapt(Class<T> clazz) {
         if (clazz == BitbucketAuthenticatedClient.class) {
             return (T) new BitbucketAuthenticatedClient() {
 
+                private AbstractBitbucketApi delegate = AbstractBitbucketApi.this;
+
                 @Override
                 public String post(@NonNull String path, @CheckForNull String payload) throws IOException {
-                    return postRequest(path, payload);
+                    return delegate.postRequest(completeURL(path), payload);
                 }
 
                 @Override
                 public String put(@NonNull String path, @CheckForNull String payload) throws IOException {
-                    return putRequest(path, payload);
+                    return delegate.putRequest(completeURL(path), payload);
                 }
 
                 @Override
                 public String delete(@NonNull String path) throws IOException {
-                    return deleteRequest(path);
+                    return delegate.deleteRequest(completeURL(path));
                 }
 
                 @Override
                 public String get(@NonNull String path) throws IOException {
-                    return getRequest(path);
+                    return delegate.getRequest(completeURL(path));
                 }
 
                 @Override
                 public void close() throws IOException {
-                    AbstractBitbucketApi.this.close();
+                    //delegate.close();
+                }
+
+                @Override
+                public String getRepositoryOwner() {
+                    return delegate.getOwner();
                 }
+
+                @Override
+                public String getRepositoryName() {
+                    return delegate.getRepositoryName();
+                }
+
+                private String completeURL(@NonNull String path) {
+                    if (path.startsWith("/")) {
+                        return delegate.getBaseURL() + "/" + path;
+                    } else {
+                        return delegate.getBaseURL() + path;
+                    }
+                }
+
             };
         } else {
             return null;

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/notifier/BitbucketBuildStatusNotifications.java

@@ -235,16 +235,11 @@ private static void sendNotification(@NonNull BitbucketSCMSource source,
         newBuildStatus.setParent(buildStatus.getParent());
         newBuildStatus.setUrl(buildStatus.getUrl());
 
-        String serverURL = source.getServerUrl();
-
         BitbucketBuildStatusNotifier notifier = ExtensionList.lookup(BitbucketBuildStatusNotifier.class)
                 .stream()
                 .filter(n -> n.isApplicable(endpointType))
                 .findFirst()
                 .orElseThrow(() -> new BitbucketException("No notifier found that supportes endpoint of type " + endpointType));
-        notifier.setRepositoryOwner(source.getRepoOwner());
-        notifier.setRepositoryName(source.getRepository());
-        notifier.setServerURL(serverURL);
         notifier.sendBuildStatus(newBuildStatus, client.adapt(BitbucketAuthenticatedClient.class));
     }