fix: trim blank chars in PAT (#469)

Signed-off-by: Valerii Svydenko <vsvydenk@redhat.com>

infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManager.java

@@ -153,7 +153,9 @@ public Optional<PersonalAccessToken> get(Subject cheUser, String scmServerUrl)
           String trimmedUrl = StringUtils.trimEnd(annotations.get(ANNOTATION_SCM_URL), '/');
           if (annotations.get(ANNOTATION_CHE_USERID).equals(cheUser.getUserId())
               && trimmedUrl.equals(StringUtils.trimEnd(scmServerUrl, '/'))) {
-            PersonalAccessToken token =
+            String token =
+                new String(Base64.getDecoder().decode(secret.getData().get("token"))).trim();
+            PersonalAccessToken personalAccessToken =
                 new PersonalAccessToken(
                     trimmedUrl,
                     annotations.get(ANNOTATION_CHE_USERID),
@@ -162,9 +164,9 @@ public Optional<PersonalAccessToken> get(Subject cheUser, String scmServerUrl)
                     annotations.get(ANNOTATION_SCM_USERID),
                     annotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME),
                     annotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID),
-                    new String(Base64.getDecoder().decode(secret.getData().get("token"))));
-            if (scmPersonalAccessTokenFetcher.isValid(token)) {
-              return Optional.of(token);
+                    token);
+            if (scmPersonalAccessTokenFetcher.isValid(personalAccessToken)) {
+              return Optional.of(personalAccessToken);
             } else {
               // Removing token that is no longer valid. If several tokens exist the next one could
               // be valid. If no valid token can be found, the caller should react in the same way

infrastructures/infrastructure-factory/src/test/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManagerTest.java

@@ -38,6 +38,7 @@
 import java.util.Arrays;
 import java.util.Base64;
 import java.util.Collections;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import org.eclipse.che.api.factory.server.scm.GitCredentialManager;
@@ -83,6 +84,39 @@ protected void init() {
     assertNotNull(this.personalAccessTokenManager);
   }
 
+  @Test
+  public void shouldTrimBlankCharsInToken() throws Exception {
+    KubernetesNamespaceMeta meta = new KubernetesNamespaceMetaImpl("test");
+    when(namespaceFactory.list()).thenReturn(Collections.singletonList(meta));
+    KubernetesNamespace kubernetesnamespace = Mockito.mock(KubernetesNamespace.class);
+    KubernetesSecrets secrets = Mockito.mock(KubernetesSecrets.class);
+    when(namespaceFactory.access(eq(null), eq(meta.getName()))).thenReturn(kubernetesnamespace);
+    when(kubernetesnamespace.secrets()).thenReturn(secrets);
+    when(scmPersonalAccessTokenFetcher.isValid(any(PersonalAccessToken.class))).thenReturn(true);
+
+    Map<String, String> data =
+        Map.of("token", Base64.getEncoder().encodeToString(" token_value \n".getBytes(UTF_8)));
+
+    ObjectMeta meta1 =
+        new ObjectMetaBuilder()
+            .withAnnotations(
+                Map.of(ANNOTATION_CHE_USERID, "user", ANNOTATION_SCM_URL, "http://host1"))
+            .build();
+
+    Secret secret = new SecretBuilder().withMetadata(meta1).withData(data).build();
+
+    when(secrets.get(any(LabelSelector.class))).thenReturn(List.of(secret));
+
+    // when
+    PersonalAccessToken token =
+        personalAccessTokenManager
+            .get(new SubjectImpl("user", "user", "t1", false), "http://host1")
+            .get();
+
+    // then
+    assertEquals(token.getToken(), "token_value");
+  }
+
   @Test
   public void testSavingOfPersonalAccessToken() throws Exception {