ls1intum · krusche · Aug 12, 2024 · Jun 23, 2024 · Jun 26, 2024 · Jun 28, 2024
@@ -1,6 +1,7 @@
 package de.tum.in.www1.artemis.aop.logging;
 
 import java.util.Arrays;
+import java.util.Objects;
 
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.ProceedingJoinPoint;
@@ -13,6 +14,7 @@
 import org.springframework.core.env.Environment;
 import org.springframework.core.env.Profiles;
 
+import de.tum.in.www1.artemis.exception.localvc.LocalVCAuthException;
 import de.tum.in.www1.artemis.service.connectors.vcs.AbstractVersionControlService;
 import tech.jhipster.config.JHipsterConstants;
 
@@ -62,6 +64,17 @@ public void logAfterThrowing(JoinPoint joinPoint, Throwable e) {
             return;
         }
 
+        if (e instanceof LocalVCAuthException) {
+            if (Objects.equals(e.getMessage(), "No authorization header provided")) {
+                // ignore, this is a common case and does not need to be logged
+                return;
+            }
+            else if (e.getMessage() != null && e.getMessage().startsWith("The username has to be")) {
+                // ignore, this is a common case and does not need to be logged
+                return;
+            }
+        }
+
         if (env.acceptsProfiles(Profiles.of(JHipsterConstants.SPRING_PROFILE_DEVELOPMENT))) {
             log.error("Exception in {}.{}() with cause = '{}' and exception = '{}'", joinPoint.getSignature().getDeclaringTypeName(), joinPoint.getSignature().getName(),
                     e.getCause() != null ? e.getCause() : "NULL", e.getMessage(), e);

@@ -229,7 +229,9 @@ public final class Constants {
 
     public static final String INFO_SSH_KEYS_URL_DETAIL = "sshKeysURL";
 
-    public static final String INFO_VERSION_CONTROL_ACCESS_TOKEN_DETAIL = "versionControlAccessToken";
+    public static final String INFO_VERSION_CONTROL_ACCESS_TOKEN_DETAIL = "useVersionControlAccessToken";
+
+    public static final String INFO_SHOW_CLONE_URL_WITHOUT_TOKEN = "showCloneUrlWithoutToken";
 
     public static final String REGISTRATION_ENABLED = "registrationEnabled";
 

@@ -0,0 +1,56 @@
+package de.tum.in.www1.artemis.domain.participation;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
+import jakarta.persistence.UniqueConstraint;
+
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
+
+import de.tum.in.www1.artemis.domain.DomainObject;
+import de.tum.in.www1.artemis.domain.User;
+
+/**
+ * A ParticipationVcsAccessToken.
+ */
+@Entity
+@Table(name = "participation_vcs_access_token", uniqueConstraints = { @UniqueConstraint(columnNames = { "user_id", "participation_id" }) })
+@Cache(usage = CacheConcurrencyStrategy.NONSTRICT_READ_WRITE)
+
+public class ParticipationVCSAccessToken extends DomainObject {
+
+    @ManyToOne
+    private User user;
+
+    @ManyToOne
+    private Participation participation;
+
+    @Column(name = "vcs_access_token", length = 50)
+    private String vcsAccessToken;
+
+    public void setUser(User user) {
+        this.user = user;
+    }
+
+    public User getUser() {
+        return user;
+    }
+
+    public void setParticipation(Participation participation) {
+        this.participation = participation;
+    }
+
+    public Participation getParticipation() {
+        return participation;
+    }
+
+    public String getVcsAccessToken() {
+        return vcsAccessToken;
+    }
+
+    public void setVcsAccessToken(String vcsAccessToken) {
+        this.vcsAccessToken = vcsAccessToken;
+    }
+}
@@ -13,4 +13,9 @@ public LocalVCAuthException() {
     public LocalVCAuthException(Throwable cause) {
         super(cause);
     }
+
+    public LocalVCAuthException(String message) {
+        super(message);
+    }
+
 }
@@ -12,4 +12,8 @@ public LocalVCOperationException() {
     public LocalVCOperationException(Throwable cause) {
         super(cause);
     }
+
+    public LocalVCOperationException(String message) {
+        super(message);
+    }
 }
@@ -0,0 +1,57 @@
+package de.tum.in.www1.artemis.repository;
+
+import static de.tum.in.www1.artemis.config.Constants.PROFILE_CORE;
+
+import java.util.Optional;
+
+import org.springframework.context.annotation.Profile;
+import org.springframework.data.jpa.repository.Modifying;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
+
+import de.tum.in.www1.artemis.domain.participation.ParticipationVCSAccessToken;
+import de.tum.in.www1.artemis.repository.base.ArtemisJpaRepository;
+
+@Profile(PROFILE_CORE)
+@Repository
+public interface ParticipationVCSAccessTokenRepository extends ArtemisJpaRepository<ParticipationVCSAccessToken, Long> {
+
+    /**
+     * Delete all participation vcs access token that belong to the given participation
+     *
+     * @param participationId the id of the participation where the tokens should be deleted
+     */
+    @Transactional // ok because of delete
+    @Modifying
+    void deleteByParticipationId(long participationId);
+
+    /**
+     * Delete all tokens of a user
+     *
+     * @param userId The id of the user
+     */
+    @Transactional // ok because of delete
+    @Modifying
+    void deleteAllByUserId(long userId);
+
+    @Query("""
+            SELECT DISTINCT p
+            FROM ParticipationVCSAccessToken p
+                 LEFT JOIN FETCH p.participation
+                 LEFT JOIN FETCH p.user
+            WHERE p.user.id = :userId AND p.participation.id = :participationId
+            """)
+    Optional<ParticipationVCSAccessToken> findByUserIdAndParticipationId(@Param("userId") long userId, @Param("participationId") long participationId);
+
+    default ParticipationVCSAccessToken findByUserIdAndParticipationIdOrElseThrow(long userId, long participationId) {
+        return getValueElseThrow(findByUserIdAndParticipationId(userId, participationId));
+    }
+
+    default void findByUserIdAndParticipationIdAndThrowIfExists(long userId, long participationId) {
+        findByUserIdAndParticipationId(userId, participationId).ifPresent(token -> {
+            throw new IllegalStateException();
+        });
+    }
+}
@@ -74,6 +74,8 @@ Optional<ProgrammingExerciseStudentParticipation> findByIdWithAllResultsAndRelat
 
     Optional<ProgrammingExerciseStudentParticipation> findByExerciseIdAndStudentLogin(long exerciseId, String username);
 
+    List<ProgrammingExerciseStudentParticipation> findAllByExerciseIdAndStudentLogin(long exerciseId, String username);
+
     default ProgrammingExerciseStudentParticipation findByExerciseIdAndStudentLoginOrThrow(long exerciseId, String username) {
         return getValueElseThrow(findByExerciseIdAndStudentLogin(exerciseId, username));
     }
@@ -113,6 +115,16 @@ Optional<ProgrammingExerciseStudentParticipation> findWithEagerStudentsByExercis
     Optional<ProgrammingExerciseStudentParticipation> findWithSubmissionsAndEagerStudentsByExerciseIdAndTeamShortName(@Param("exerciseId") long exerciseId,
             @Param("teamShortName") String teamShortName);
 
+    @Query("""
+            SELECT DISTINCT participation
+            FROM ProgrammingExerciseStudentParticipation participation
+                LEFT JOIN FETCH participation.team team
+                LEFT JOIN FETCH team.students student
+            WHERE participation.exercise.id = :exerciseId
+                AND student.id = :studentId
+            """)
+    Optional<ProgrammingExerciseStudentParticipation> findTeamParticipationByExerciseIdAndStudentId(@Param("exerciseId") long exerciseId, @Param("studentId") long studentId);
+
     List<ProgrammingExerciseStudentParticipation> findByExerciseId(long exerciseId);
 
     @EntityGraph(type = LOAD, attributePaths = { "submissions", "team.students" })

@@ -101,6 +101,8 @@ public class ParticipationService {
 
     private final ProfileService profileService;
 
+    private final ParticipationVcsAccessTokenService participationVCSAccessTokenService;
+
     private final CompetencyProgressService competencyProgressService;
 
     public ParticipationService(GitService gitService, Optional<ContinuousIntegrationService> continuousIntegrationService, Optional<VersionControlService> versionControlService,
@@ -109,7 +111,8 @@ public ParticipationService(GitService gitService, Optional<ContinuousIntegratio
             SubmissionRepository submissionRepository, TeamRepository teamRepository, UriService uriService, ResultService resultService,
             CoverageReportRepository coverageReportRepository, BuildLogStatisticsEntryRepository buildLogStatisticsEntryRepository,
             ParticipantScoreRepository participantScoreRepository, StudentScoreRepository studentScoreRepository, TeamScoreRepository teamScoreRepository,
-            Optional<SharedQueueManagementService> localCISharedBuildJobQueueService, ProfileService profileService, CompetencyProgressService competencyProgressService) {
+            Optional<SharedQueueManagementService> localCISharedBuildJobQueueService, ProfileService profileService,
+            ParticipationVcsAccessTokenService participationVCSAccessTokenService, CompetencyProgressService competencyProgressService) {
         this.gitService = gitService;
         this.continuousIntegrationService = continuousIntegrationService;
         this.versionControlService = versionControlService;
@@ -129,6 +132,7 @@ public ParticipationService(GitService gitService, Optional<ContinuousIntegratio
         this.teamScoreRepository = teamScoreRepository;
         this.localCISharedBuildJobQueueService = localCISharedBuildJobQueueService;
         this.profileService = profileService;
+        this.participationVCSAccessTokenService = participationVCSAccessTokenService;
         this.competencyProgressService = competencyProgressService;
     }
 
@@ -229,11 +233,18 @@ private StudentParticipation createNewParticipationWithInitializationDate(Exerci
         participation.setInitializationState(InitializationState.UNINITIALIZED);
         participation.setExercise(exercise);
         participation.setParticipant(participant);
+
         // StartedDate is used to link a Participation to a test exam exercise
         if (initializationDate != null) {
             participation.setInitializationDate(initializationDate);
         }
-        return studentParticipationRepository.saveAndFlush(participation);
+        participation = studentParticipationRepository.saveAndFlush(participation);
+
+        if (exercise instanceof ProgrammingExercise && participant instanceof User user && profileService.isLocalVcsActive()) {
+            participationVCSAccessTokenService.createParticipationVCSAccessToken(user, participation);
+        }
+
+        return participation;
     }
 
     /**
@@ -326,6 +337,9 @@ public StudentParticipation startPracticeMode(Exercise exercise, Participant par
             participation.setParticipant(participant);
             participation.setPracticeMode(true);
             participation = studentParticipationRepository.saveAndFlush(participation);
+            if (participant instanceof User user) {
+                participationVCSAccessTokenService.createParticipationVCSAccessToken(user, participation);
+            }
         }
         else {
             // make sure participation and exercise are connected
@@ -810,6 +824,8 @@ public void delete(long participationId, boolean deleteBuildPlan, boolean delete
             }
             // delete local repository cache
             gitService.deleteLocalRepository(repositoryUri);
+
+            participationVCSAccessTokenService.deleteByParticipationId(participationId);
         }
 
         // If local CI is active, remove all queued jobs for participation

@@ -0,0 +1,89 @@
+package de.tum.in.www1.artemis.service;
+
+import static de.tum.in.www1.artemis.config.Constants.PROFILE_CORE;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Service;
+
+import de.tum.in.www1.artemis.domain.User;
+import de.tum.in.www1.artemis.domain.participation.ParticipationVCSAccessToken;
+import de.tum.in.www1.artemis.domain.participation.StudentParticipation;
+import de.tum.in.www1.artemis.repository.ParticipationVCSAccessTokenRepository;
+import de.tum.in.www1.artemis.repository.ProgrammingExerciseStudentParticipationRepository;
+import de.tum.in.www1.artemis.service.connectors.localvc.LocalVCPersonalAccessTokenManagementService;
+
+@Profile(PROFILE_CORE)
+@Service
+public class ParticipationVcsAccessTokenService {
+
+    private static final Logger log = LoggerFactory.getLogger(ParticipationVcsAccessTokenService.class);
+
+    private final ParticipationVCSAccessTokenRepository participationVcsAccessTokenRepository;
+
+    private final ProgrammingExerciseStudentParticipationRepository programmingExerciseStudentParticipationRepository;
+
+    public ParticipationVcsAccessTokenService(ParticipationVCSAccessTokenRepository participationVCSAccessTokenRepository,
+            ProgrammingExerciseStudentParticipationRepository programmingExerciseStudentParticipationRepository) {
+        this.participationVcsAccessTokenRepository = participationVCSAccessTokenRepository;
+        this.programmingExerciseStudentParticipationRepository = programmingExerciseStudentParticipationRepository;
+    }
+
+    /**
+     * Creates a vcs access token for a User,Participation pair and stores it in the database
+     *
+     * @param user          the user which is owner of the token
+     * @param participation the participation which belongs to the token
+     * @return the newly created ParticipationVCSAccessToken
+     */
+    public ParticipationVCSAccessToken createParticipationVCSAccessToken(User user, StudentParticipation participation) {
+        ParticipationVCSAccessToken participationVCSAccessToken = new ParticipationVCSAccessToken();
+        participationVCSAccessToken.setUser(user);
+        participationVCSAccessToken.setParticipation(participation);
+        participationVCSAccessToken.setVcsAccessToken(LocalVCPersonalAccessTokenManagementService.generateSecureVCSAccessToken());
+        return participationVcsAccessTokenRepository.save(participationVCSAccessToken);
+    }
+
+    /**
+     * Retrieves the participationVCSAccessToken for a User,Participation pair if it exists
+     *
+     * @param userId          the user's id which is owner of the token
+     * @param participationId the participation's id which the token belongs to
+     * @return an Optional participationVCSAccessToken,
+     */
+    public ParticipationVCSAccessToken findByUserIdAndParticipationIdOrElseThrow(long userId, long participationId) {
+        return participationVcsAccessTokenRepository.findByUserIdAndParticipationIdOrElseThrow(userId, participationId);
+    }
+
+    /**
+     * Checks if the participationVCSAccessToken for a User,Participation pair exists, and creates a new one if not
+     *
+     * @param user            the user's id which is owner of the token
+     * @param participationId the participation's id which the token belongs to
+     * @return an Optional participationVCSAccessToken,
+     */
+    public ParticipationVCSAccessToken createVcsAccessTokenForUserAndParticipationIdOrElseThrow(User user, long participationId) {
+        participationVcsAccessTokenRepository.findByUserIdAndParticipationIdAndThrowIfExists(user.getId(), participationId);
+        var participation = programmingExerciseStudentParticipationRepository.findByIdElseThrow(participationId);
+        return createParticipationVCSAccessToken(user, participation);
+    }
+
+    /**
+     * Deletes the token connected to a participation
+     *
+     * @param participationId the participation id for which the token should get deleted
+     */
+    public void deleteByParticipationId(long participationId) {
+        participationVcsAccessTokenRepository.deleteByParticipationId(participationId);
+    }
+
+    /**
+     * Deletes all participationVcsAccessTokens of a user
+     *
+     * @param userId The user's id
+     */
+    public void deleteAllByUserId(long userId) {
+        participationVcsAccessTokenRepository.deleteAllByUserId(userId);
+    }
+}
@@ -54,8 +54,8 @@ public class GitLabPersonalAccessTokenManagementService extends VcsTokenManageme
     /**
      * The config parameter for enabling VCS access tokens.
      */
-    @Value("${artemis.version-control.version-control-access-token:#{false}}")
-    private Boolean versionControlAccessToken;
+    @Value("${artemis.version-control.use-version-control-access-token:#{false}}")
+    private boolean useVersionControlAccessToken;
 
     public GitLabPersonalAccessTokenManagementService(UserRepository userRepository, GitLabApi gitlabApi, @Qualifier("gitlabRestTemplate") RestTemplate restTemplate) {
         this.userRepository = userRepository;
@@ -72,7 +72,7 @@ public GitLabPersonalAccessTokenManagementService(UserRepository userRepository,
      */
     @Override
     public void createAccessToken(User user, Duration lifetime) {
-        if (versionControlAccessToken) {
+        if (useVersionControlAccessToken) {
             if (user.getVcsAccessToken() != null) {
                 throw new IllegalArgumentException("User already has an access token");
             }
@@ -115,7 +115,7 @@ private void savePersonalAccessTokenOfUser(ImpersonationToken token, User user)
      */
     @Override
     public void renewAccessToken(User user, Duration newLifetime) {
-        if (versionControlAccessToken) {
+        if (useVersionControlAccessToken) {
             if (user.getVcsAccessToken() == null) {
                 throw new IllegalArgumentException("User has no VCS access token to be renewed");
             }