fix(TPS-5340): mscrm oauth2 backport to 7.3.1 (#7925)

* fix(TPS-5340): mscrm oauth2 backport to 7.3.1

* fix(TPS-5340):  CLIENT_CREDENTIAL as PASSWORD.

* Revert "fix(TPS-5340):  CLIENT_CREDENTIAL as PASSWORD."

This reverts commit 9f0b633e44.

Co-authored-by: jzhao-talend <jzhao@talend.com>

main/plugins/org.talend.designer.components.libs/libs_src/talend-mscrm/pom.xml

@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.talend.components</groupId>
     <artifactId>talend-mscrm</artifactId>
-    <version>3.10.1-20220721</version>
+    <version>3.10.2-20220831</version>
     <packaging>jar</packaging>
     <description>A forked Talend-MSCRM library, developed to use in Studio 7.3.1 only. It's main intention is to contain CVE fixes.</description>
 

main/plugins/org.talend.designer.components.libs/libs_src/talend-mscrm/src/main/java/org/talend/ms/crm/odata/ClientConfigurationFactory.java

@@ -60,12 +60,13 @@ public class ClientConfigurationFactory {
     }
 
     public final static ClientConfiguration buildOAuthPremiseClientConfiguration(String userName, String password, String authoryEndpoint,
-                                                                                 String serviceAPI, String clientId, String redirectUrl, String forcedResource) {
+                                                                                 String serviceAPI, String clientId, String clientSecret, String redirectUrl, String forcedResource) {
         ClientConfiguration clientConfiguration = new ClientConfiguration(AuthStrategyEnum.OAUTH_PREMISE);
         clientConfiguration.setUserName(userName);
         clientConfiguration.setPassword(password);
         clientConfiguration.setAuthoryEndpoint(authoryEndpoint);
         clientConfiguration.setClientId(clientId);
+        clientConfiguration.setClientSecret(clientSecret);
         clientConfiguration.setRedirectURL(redirectUrl);
         clientConfiguration.setServiceAPI(serviceAPI);
         clientConfiguration.setForceResource(forcedResource);

main/plugins/org.talend.designer.components.libs/libs_src/talend-mscrm/src/main/java/org/talend/ms/crm/odata/authentication/OAuthPremiseStrategyImpl.java

@@ -146,6 +146,10 @@ public class OAuthPremiseStrategyImpl implements IAuthStrategy {
         body.put("redirect_uri", conf.getRedirectURL());
         body.put("client_id", conf.getClientId());
 
+        if(conf.getClientSecret() != null && !"".equals(conf.getClientSecret().trim())){
+            body.put("client_secret", conf.getClientSecret());
+        }
+
         RequestHttpContext queryContext = new RequestHttpContext("POST",
                 computeTokenUrl(conf.getAuthoryEndpoint()),
                 Collections.emptyMap(),

main/plugins/org.talend.designer.components.libs/libs_src/talend-mscrm/src/main/java/org/talend/ms/crm/odata/authentication/httpclienthelper/HttpClient.java

@@ -59,11 +59,8 @@ public final class HttpClient {
             redirect = true;
         }
 
-
-        //final HttpHeaders headers = resp.headers();
         final Optional<String> location = response.getFirstValueHeader("location");
 
-
         if (!redirect || !location.isPresent() || nbR <= 0) {
             return response;
         }

main/plugins/org.talend.designer.components.libs/libs_src/talend-mscrm/src/main/java/org/talend/ms/crm/odata/authentication/httpclienthelper/HttpResponse.java

@@ -15,7 +15,7 @@ public final class HttpResponse {
     private Map<String, List<String>> headers;
     private String body;
 
-    private Optional<String> code = null;//Optional.empty();
+    private Optional<String> code = null;
 
     public static HttpResponse fromHttpUrlConnection(HttpURLConnection conn) throws IOException {
         final int status = conn.getResponseCode();
@@ -107,11 +107,13 @@ public final class HttpResponse {
         if (!optLocation.isPresent()) {
             return Optional.empty();
         }
-        final String[] split = optLocation.get().split("&|\\?");
-        final Optional<String> optCode = Arrays.stream(split).filter(e -> e.startsWith("code=")).findFirst();
+        final String optLocationValue = optLocation.get();
+        final String[] split = optLocationValue.split("&|\\?");
 
+        final Optional<String> optCode = Arrays.stream(split).filter(e -> e.startsWith("code=")).findFirst();
         if (optCode.isPresent()) {
-            String code = optCode.get().substring(5);
+            final String optCodeValue = optCode.get();
+            String code = optCodeValue.substring(5);
             return Optional.ofNullable(code);
         }
 

main/plugins/org.talend.designer.components.localprovider/components/tMicrosoftCrmInput/tMicrosoftCrmInput_begin_odata.javajet

@@ -95,7 +95,7 @@ if ((metadatas != null) && (metadatas.size() > 0)) {
 				else{
 			%>
 			    org.talend.ms.crm.odata.ClientConfiguration clientConfig_<%=cid%> = org.talend.ms.crm.odata.ClientConfigurationFactory
-                        .buildOAuthPremiseClientConfiguration(<%=userName%>, decryptedPassword_<%=cid%>, <%=authority%>, <%=serviceURL%>,<%=applicationId%>, <%=redirectUrl%>, <%=oauth_resource%>);
+                        .buildOAuthPremiseClientConfiguration(<%=userName%>, decryptedPassword_<%=cid%>, <%=authority%>, <%=serviceURL%>,<%=applicationId%>, <%=clientSecret%>, <%=redirectUrl%>, <%=oauth_resource%>);
 			<%
 				}
 			    } else {

main/plugins/org.talend.designer.components.localprovider/components/tMicrosoftCrmInput/tMicrosoftCrmInput_java.xml

@@ -137,7 +137,7 @@
             <DEFAULT>"51f81489-12ee-4a9e-aaae-a2591f45987d"</DEFAULT>
         </PARAMETER>
 
-        <PARAMETER NAME="CLIENT_SECRET" FIELD="TEXT" NUM_ROW="30" REQUIRED="true" SHOW_IF="(AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2016_ODATA' OR API_VERSION=='API_2018_ODATA') AND (ONLINE_REGISTERED_APP != 'NATIVE')">
+        <PARAMETER NAME="CLIENT_SECRET" FIELD="TEXT" NUM_ROW="30" REQUIRED="false" SHOW_IF="((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2016_ODATA' OR API_VERSION=='API_2018_ODATA') AND (ONLINE_REGISTERED_APP != 'NATIVE')) OR (AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH')">
             <DEFAULT>""</DEFAULT>
         </PARAMETER>
 
@@ -27558,7 +27558,7 @@
                 <IMPORT NAME="jcifs" MODULE="jcifs-1.3.0.jar" MVN="mvn:org.talend.libraries/jcifs-1.3.0/6.0.0"  REQUIRED_IF="((AUTH_TYPE == 'ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2011')) OR (API_VERSION=='API_2007')" />
                 <!-- 2011 -->
                 <!-- crm client -->
-                <IMPORT NAME="talend-mscrm" MODULE="talend-mscrm-3.10.1-20220721.jar" MVN="mvn:org.talend.components/talend-mscrm/3.10.1-20220721" REQUIRED_IF="(((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011' OR API_VERSION =='API_2016_ODATA' OR API_VERSION =='API_2018_ODATA')) OR ((AUTH_TYPE=='ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2016' OR MS_CRM_VERSION == 'CRM_2018')))" />
+                <IMPORT NAME="talend-mscrm" MODULE="talend-mscrm-3.10.2-20220831.jar" MVN="mvn:org.talend.components/talend-mscrm/3.10.2-20220831" REQUIRED_IF="(((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011' OR API_VERSION =='API_2016_ODATA' OR API_VERSION =='API_2018_ODATA')) OR ((AUTH_TYPE=='ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2016' OR MS_CRM_VERSION == 'CRM_2018')))" />
                 <!-- axis2 1.7.4 -->
                 <IMPORT NAME="activation-1.1" MODULE="activation-1.1.jar" MVN="mvn:org.talend.libraries/activation-1.1/6.0.0"  UrlPath="platform:/plugin/org.talend.libraries.apache.axis2/lib/activation-1.1.jar" REQUIRED_IF="(AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011')" />
                 <IMPORT NAME="axiom-api-1.2.20" MODULE="axiom-api-1.2.20.jar" MVN="mvn:org.talend.libraries/axiom-api-1.2.20/6.0.0"  REQUIRED_IF="(AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011')" />

main/plugins/org.talend.designer.components.localprovider/components/tMicrosoftCrmOutput/tMicrosoftCrmOutput_begin_odata.javajet

@@ -80,7 +80,7 @@
        else {
     %>
     org.talend.ms.crm.odata.ClientConfiguration clientConfig_<%=cid%> = org.talend.ms.crm.odata.ClientConfigurationFactory
-            .buildOAuthPremiseClientConfiguration(<%=userName%>, decryptedPassword_<%=cid%>, <%=authority%>, <%=serviceURL%>,<%=applicationId%>, <%=redirectUrl%>, <%=oauth_resource%>);
+            .buildOAuthPremiseClientConfiguration(<%=userName%>, decryptedPassword_<%=cid%>, <%=authority%>, <%=serviceURL%>,<%=applicationId%>, <%=clientSecret%>, <%=redirectUrl%>, <%=oauth_resource%>);
     <%
        }
     } else {

main/plugins/org.talend.designer.components.localprovider/components/tMicrosoftCrmOutput/tMicrosoftCrmOutput_java.xml

@@ -137,7 +137,7 @@
             <DEFAULT>"51f81489-12ee-4a9e-aaae-a2591f45987d"</DEFAULT>
         </PARAMETER>
 
-        <PARAMETER NAME="CLIENT_SECRET" FIELD="TEXT" NUM_ROW="40" REQUIRED="true" SHOW_IF="(AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2016_ODATA' OR API_VERSION=='API_2018_ODATA') AND (ONLINE_REGISTERED_APP != 'NATIVE')">
+        <PARAMETER NAME="CLIENT_SECRET" FIELD="TEXT" NUM_ROW="40" REQUIRED="false" SHOW_IF="((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2016_ODATA' OR API_VERSION=='API_2018_ODATA') AND (ONLINE_REGISTERED_APP != 'NATIVE')) OR (AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH')">
             <DEFAULT>""</DEFAULT>
         </PARAMETER>
 
@@ -38317,7 +38317,7 @@
             <IMPORT NAME="jcifs" MODULE="jcifs-1.3.0.jar" MVN="mvn:org.talend.libraries/jcifs-1.3.0/6.0.0"  REQUIRED_IF="((AUTH_TYPE == 'ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2011')) OR (API_VERSION=='API_2007')" />
             <!-- 2011 -->
             <!-- crm client -->
-            <IMPORT NAME="talend-mscrm" MODULE="talend-mscrm-3.10.1-20220721.jar" MVN="mvn:org.talend.components/talend-mscrm/3.10.1-20220721" REQUIRED_IF="((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011' OR API_VERSION =='API_2016_ODATA' OR API_VERSION =='API_2018_ODATA')) OR ((AUTH_TYPE == 'ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2016' OR MS_CRM_VERSION == 'CRM_2018'))" />
+            <IMPORT NAME="talend-mscrm" MODULE="talend-mscrm-3.10.2-20220831.jar" MVN="mvn:org.talend.components/talend-mscrm/3.10.2-20220831" REQUIRED_IF="((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011' OR API_VERSION =='API_2016_ODATA' OR API_VERSION =='API_2018_ODATA')) OR ((AUTH_TYPE == 'ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2016' OR MS_CRM_VERSION == 'CRM_2018'))" />
             <!-- axis2 1.7.4 -->
             <IMPORT NAME="activation-1.1" MODULE="activation-1.1.jar" MVN="mvn:org.talend.libraries/activation-1.1/6.0.0"  UrlPath="platform:/plugin/org.talend.libraries.apache.axis2/lib/activation-1.1.jar" REQUIRED_IF="(AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011')" />
             <IMPORT NAME="axiom-api-1.2.20" MODULE="axiom-api-1.2.20.jar" MVN="mvn:org.talend.libraries/axiom-api-1.2.20/6.0.0"  REQUIRED_IF="(AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011')" />

main/plugins/org.talend.repository/plugin.xml

@@ -3728,6 +3728,14 @@
               name="TSendMailOAuthMigrationTask"
               version="7.3.1">
         </projecttask>
+        <projecttask
+              beforeLogon="true"
+              breaks="7.3.1"
+              class="org.talend.repository.model.migration.EncryptPasswordForNexusProxyPasswordMigrationTask"
+              id="org.talend.repository.model.migration.EncryptPasswordForNexusProxyPasswordMigrationTask"
+              name="Encrypt passwords for nexus proxy password in project setting preference"
+              version="7.3.1">
+        </projecttask>
    </extension>
 
    <extension

main/plugins/org.talend.repository/src/main/java/org/talend/repository/model/migration/EncryptPasswordForNexusProxyPasswordMigrationTask.java

@@ -0,0 +1,112 @@
+// ============================================================================
+//
+// Copyright (C) 2006-2021 Talend Inc. - www.talend.com
+//
+// This source code is available under agreement available at
+// %InstallDIR%\features\org.talend.rcp.branding.%PRODUCTNAME%\%PRODUCTNAME%license.txt
+//
+// You should have received a copy of the agreement
+// along with this program; if not, write to Talend SA
+// 9 rue Pages 92150 Suresnes, France
+//
+// ============================================================================
+package org.talend.repository.model.migration;
+
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.talend.commons.exception.ExceptionHandler;
+import org.talend.commons.exception.PersistenceException;
+import org.talend.commons.utils.PasswordEncryptUtil;
+import org.talend.core.CorePlugin;
+import org.talend.core.model.general.Project;
+import org.talend.core.model.properties.ImplicitContextSettings;
+import org.talend.core.model.properties.Item;
+import org.talend.core.model.properties.StatAndLogsSettings;
+import org.talend.core.nexus.TalendLibsServerManager;
+import org.talend.core.runtime.projectsetting.ProjectPreferenceManager;
+import org.talend.cwm.helper.ConnectionHelper;
+import org.talend.designer.core.model.utils.emf.talendfile.ElementParameterType;
+import org.talend.designer.core.model.utils.emf.talendfile.ParametersType;
+import org.talend.designer.core.model.utils.emf.talendfile.impl.ElementParameterTypeImpl;
+import org.talend.migration.AbstractMigrationTask;
+import org.talend.migration.IProjectMigrationTask;
+import org.talend.repository.model.IProxyRepositoryFactory;
+import org.talend.utils.security.StudioEncryption;
+
+/**
+ * DOC hzhao class global comment. Detailled comment
+ */
+public class EncryptPasswordForNexusProxyPasswordMigrationTask extends AbstractMigrationTask implements IProjectMigrationTask {
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.talend.migration.IMigrationTask#getOrder()
+     */
+    @Override
+    public Date getOrder() {
+        GregorianCalendar gc = new GregorianCalendar(2014, 5, 27, 12, 0, 0);
+        return gc.getTime();
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.talend.migration.IProjectMigrationTask#isApplicableOnItems()
+     */
+    @Override
+    public boolean isApplicableOnItems() {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.talend.migration.IProjectMigrationTask#execute(org.talend.core.model.general.Project)
+     */
+    @Override
+    public ExecutionResult execute(Project project) {
+        
+        ProjectPreferenceManager prefManager = new ProjectPreferenceManager("org.talend.proxy.nexus", true);
+        String password = prefManager.getValue(TalendLibsServerManager.NEXUS_PROXY_PASSWORD);
+        if(StringUtils.isEmpty(password) || StudioEncryption.hasEncryptionSymbol(password)) {
+            return ExecutionResult.NOTHING_TO_DO; 
+        }
+        try {
+            String encryptedPassword = StudioEncryption.getStudioEncryption(StudioEncryption.EncryptionKeyName.SYSTEM).encrypt(password);
+            prefManager.setValue(TalendLibsServerManager.NEXUS_PROXY_PASSWORD, encryptedPassword);
+            prefManager.save();
+        }catch(Exception e) {
+            ExceptionHandler.process(e);
+            return ExecutionResult.FAILURE;
+        }
+        return ExecutionResult.SUCCESS_NO_ALERT;
+        
+    }
+
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.talend.migration.IProjectMigrationTask#execute(org.talend.core.model.general.Project, boolean)
+     */
+    @Override
+    public ExecutionResult execute(Project project, boolean doSave) {
+        return execute(project);
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.talend.migration.IProjectMigrationTask#execute(org.talend.core.model.general.Project,
+     * org.talend.core.model.properties.Item)
+     */
+    @Override
+    public ExecutionResult execute(Project project, Item item) {
+        return ExecutionResult.NOTHING_TO_DO;
+    }
+}

main/plugins/org.talend.repository/src/main/java/org/talend/repository/preference/ArtifactProxySettingForm.java

@@ -28,6 +28,7 @@ import org.talend.core.repository.model.ProxyRepositoryFactory;
 import org.talend.core.runtime.projectsetting.ProjectPreferenceManager;
 import org.talend.repository.RepositoryPlugin;
 import org.talend.repository.i18n.Messages;
+import org.talend.utils.security.StudioEncryption;
 import org.talend.utils.sugars.TypedReturnCode;
 
 public class ArtifactProxySettingForm extends AbstractArtifactProxySettingForm {
@@ -307,7 +308,7 @@ public class ArtifactProxySettingForm extends AbstractArtifactProxySettingForm {
             prefManager.setValue(TalendLibsServerManager.ENABLE_PROXY_SETTING, enableFlag);
             prefManager.setValue(TalendLibsServerManager.NEXUS_PROXY_URL, proxyUrl);
             prefManager.setValue(TalendLibsServerManager.NEXUS_PROXY_USERNAME, username);
-            prefManager.setValue(TalendLibsServerManager.NEXUS_PROXY_PASSWORD, password);
+            prefManager.setValue(TalendLibsServerManager.NEXUS_PROXY_PASSWORD, StudioEncryption.getStudioEncryption(StudioEncryption.EncryptionKeyName.SYSTEM).encrypt(password));
             prefManager.setValue(TalendLibsServerManager.NEXUS_PROXY_REPOSITORY_ID, repositoryId);
             prefManager.setValue(TalendLibsServerManager.NEXUS_PROXY_TYPE, type);
             prefManager.save();
@@ -323,7 +324,7 @@ public class ArtifactProxySettingForm extends AbstractArtifactProxySettingForm {
         enableProxySettingBtn.setSelection(enableProxy);
         urlText.setText(prefManager.getValue(TalendLibsServerManager.NEXUS_PROXY_URL));
         usernameText.setText(prefManager.getValue(TalendLibsServerManager.NEXUS_PROXY_USERNAME));
-        talendLibPasswordText.setText(prefManager.getValue(TalendLibsServerManager.NEXUS_PROXY_PASSWORD));
+        talendLibPasswordText.setText(StudioEncryption.getStudioEncryption(StudioEncryption.EncryptionKeyName.SYSTEM).decrypt(prefManager.getValue(TalendLibsServerManager.NEXUS_PROXY_PASSWORD)));
         repositoryIdText.setText(prefManager.getValue(TalendLibsServerManager.NEXUS_PROXY_REPOSITORY_ID));
         artifactType.setText(prefManager.getValue(TalendLibsServerManager.NEXUS_PROXY_TYPE));
     }
@@ -338,7 +339,7 @@ public class ArtifactProxySettingForm extends AbstractArtifactProxySettingForm {
         prefManager.setValue(TalendLibsServerManager.ENABLE_PROXY_SETTING, enableFlag);
         prefManager.setValue(TalendLibsServerManager.NEXUS_PROXY_URL, url);
         prefManager.setValue(TalendLibsServerManager.NEXUS_PROXY_USERNAME, username);
-        prefManager.setValue(TalendLibsServerManager.NEXUS_PROXY_PASSWORD, password);
+        prefManager.setValue(TalendLibsServerManager.NEXUS_PROXY_PASSWORD, StringUtils.isEmpty(password)? password : StudioEncryption.getStudioEncryption(StudioEncryption.EncryptionKeyName.SYSTEM).encrypt(password));
         prefManager.setValue(TalendLibsServerManager.NEXUS_PROXY_REPOSITORY_ID, repositoryId);
         prefManager.setValue(TalendLibsServerManager.NEXUS_PROXY_TYPE, type);
         prefManager.save();