mattermost · mickmister · Nov 6, 2023 · Oct 26, 2023 · Oct 27, 2023 · Oct 31, 2023
@@ -817,7 +817,7 @@ func executeInstanceInstallCloudOAuth(p *Plugin, c *plugin.Context, header *mode
 		return p.help(header)
 	}
 
-	jiraURL, instance, err := p.installCloudOAuthInstance(args[0], "", "")
+	jiraURL, instance, err := p.installCloudOAuthInstance(args[0])
 	if err != nil {
 		return p.responsef(header, err.Error())
 	}

@@ -14,6 +14,7 @@ import (
 	"golang.org/x/oauth2"
 
 	"github.com/mattermost/mattermost-plugin-jira/server/utils"
+	"github.com/mattermost/mattermost-plugin-jira/server/utils/kvstore"
 	"github.com/mattermost/mattermost-plugin-jira/server/utils/types"
 )
 
@@ -29,6 +30,7 @@ type cloudOAuthInstance struct {
 	JiraBaseURL      string
 	CodeVerifier     string
 	CodeChallenge    string
+	JWTInstance      *cloudInstance
 }
 
 type CloudOAuthConfigure struct {
@@ -56,7 +58,7 @@ const (
 	PKCEByteArrayLength = 32
 )
 
-func (p *Plugin) installCloudOAuthInstance(rawURL, clientID, clientSecret string) (string, *cloudOAuthInstance, error) {
+func (p *Plugin) installCloudOAuthInstance(rawURL string) (string, *cloudOAuthInstance, error) {
 	jiraURL, err := utils.CheckJiraURL(p.GetSiteURL(), rawURL, false)
 	if err != nil {
 		return "", nil, err
@@ -70,21 +72,51 @@ func (p *Plugin) installCloudOAuthInstance(rawURL, clientID, clientSecret string
 		return "", nil, err
 	}
 
-	instance := &cloudOAuthInstance{
-		InstanceCommon:   newInstanceCommon(p, CloudOAuthInstanceType, types.ID(jiraURL)),
-		MattermostKey:    p.GetPluginKey(),
-		JiraClientID:     clientID,
-		JiraClientSecret: clientSecret,
 instance.JiraClientID = clientID 
 instance.JiraClientSecret = clientSecret 
 if err = p.instanceStore.StoreInstance(instance); err != nil { 
 instance.JiraClientID = clientID 
 instance.JiraClientSecret = clientSecret 
 if err = p.instanceStore.StoreInstance(instance); err != nil { 
-		JiraBaseURL:      rawURL,
-		CodeVerifier:     params.CodeVerifier,
-		CodeChallenge:    params.CodeChallenge,
+	newInstance := &cloudOAuthInstance{
+		InstanceCommon: newInstanceCommon(p, CloudOAuthInstanceType, types.ID(jiraURL)),
+		MattermostKey:  p.GetPluginKey(),
+		JiraBaseURL:    rawURL,
+		CodeVerifier:   params.CodeVerifier,
+		CodeChallenge:  params.CodeChallenge,
 	}
 
-	if err = p.InstallInstance(instance); err != nil {
-		return "", nil, err
+	existingInstance, err := p.instanceStore.LoadInstance(types.ID(jiraURL))
+	if err != nil && !errors.Is(err, kvstore.ErrNotFound) {
+		return "", nil, errors.Wrapf(err, "failed to load existing jira instance. ID: %s", jiraURL)
 	}
 
-	return jiraURL, instance, err
+	// Handle backwards compatibility with existing JWT instance
+	if existingInstance != nil {
+		if existingInstance.Common().Type == CloudOAuthInstanceType {
+			oauthInstance, ok := existingInstance.(*cloudOAuthInstance)
+			if !ok {
+				return "", nil, errors.Wrapf(err, "failed to assert existing cloud-oauth instance as cloudOAuthInstance. ID: %s", jiraURL)
+			}
+
+			newInstance.JWTInstance = oauthInstance.JWTInstance
+			if newInstance.JWTInstance != nil {
+				p.API.LogDebug("Installing cloud-oauth over existing cloud-oauth instance. Carrying over existing saved JWT instance.")
+			} else {
+				p.API.LogDebug("Installing cloud-oauth over existing cloud-oauth instance. There exists no previous JWT instance to carry over.")
+			}
+		} else if existingInstance.Common().Type == CloudInstanceType {
+			jwtInstance, ok := existingInstance.(*cloudInstance)
+			if !ok {
+				return "", nil, errors.Wrapf(err, "failed to assert existing cloud instance as cloudInstance. ID: %s", jiraURL)
+			}
+
+			newInstance.JWTInstance = jwtInstance
+			p.API.LogDebug("Installing cloud-oauth over existing cloud JWT instance. Carrying over existing saved JWT instance.")
+		}
+	} else {
+		p.API.LogDebug("Installing new cloud-oauth instance. There exists no previous JWT instance to carry over.")
+	}
+
+	if err = p.InstallInstance(newInstance); err != nil {
+		return "", nil, errors.Wrapf(err, "failed to install cloud-oauth instance. ID: %s", jiraURL)
+	}
+
+	return jiraURL, newInstance, nil
 }
 
 func (ci *cloudOAuthInstance) GetClient(connection *Connection) (Client, error) {
@@ -98,6 +130,13 @@ func (ci *cloudOAuthInstance) GetClient(connection *Connection) (Client, error)
 func (ci *cloudOAuthInstance) getClientForConnection(connection *Connection) (*jira.Client, *http.Client, error) {
 	oauth2Conf := ci.GetOAuthConfig()
 	ctx := context.Background()
+
+	// Checking if this user's connection is for a JWT instance
+	if ci.JWTInstance != nil && connection.OAuth2Token == nil {
+		ci.Plugin.API.LogDebug("Returning a JWT token client since the stored JWT instance is not nil and the user's oauth token is nil")
+		return ci.JWTInstance.getClientForConnection(connection)
+	}
+
 	tokenSource := oauth2Conf.TokenSource(ctx, connection.OAuth2Token)
 	client := oauth2.NewClient(ctx, tokenSource)
 

@@ -141,21 +141,24 @@ func (p *instancesArray) Resize(n int) {
 	*p = make(instancesArray, n)
 }
 
-func (p *Plugin) InstallInstance(instance Instance) error {
+func (p *Plugin) InstallInstance(newInstance Instance) error {
 	var updated *Instances
 	err := UpdateInstances(p.instanceStore,
 		func(instances *Instances) error {
-			if !p.enterpriseChecker.HasEnterpriseFeatures() {
-				if instances != nil && len(instances.IDs()) > 0 && !instances.checkIfExists(instance.GetID()) {
-					return errors.Errorf(licenseErrorString)
-				}
+			if instances == nil {
+				return errors.New("received nil 'instances' in UpdateInstances callback")
+			}
+
+			if !p.enterpriseChecker.HasEnterpriseFeatures() && len(instances.IDs()) > 0 && !instances.checkIfExists(newInstance.GetID()) {
+				return errors.New(licenseErrorString)
 			}
 
-			err := p.instanceStore.StoreInstance(instance)
+			err := p.instanceStore.StoreInstance(newInstance)
 			if err != nil {
-				return err
+				return errors.Wrap(err, "failed to store new instance")
 			}
-			instances.Set(instance.Common())
+
+			instances.Set(newInstance.Common())
 			updated = instances
 			return nil
 		})

@@ -157,8 +157,8 @@ func (store store) StoreConnection(instanceID, mattermostUserID types.ID, connec
 		return err
 	}
 
-	store.plugin.debugf("Stored: connection, keys:\n\t%s (%s): %+v\n\t%s (%s): %s",
-		keyWithInstanceID(instanceID, mattermostUserID), mattermostUserID, connection,
+	store.plugin.debugf("Stored: connection, keys:\n\t%s (%s): %s\n\t%s (%s): %s",
+		keyWithInstanceID(instanceID, mattermostUserID), mattermostUserID, connection.DisplayName,
 		keyWithInstanceID(instanceID, connection.JiraAccountID()), connection.JiraAccountID(), mattermostUserID)
 
 	return nil

@@ -590,7 +590,7 @@ func (p *Plugin) initCreateCloudOAuthInstance(f *flow.Flow, submission map[strin
 		jiraURL = fmt.Sprintf("https://%s.atlassian.net", jiraURL)
 	}
 
-	jiraURL, instance, err := p.installCloudOAuthInstance(jiraURL, "", "")
+	jiraURL, instance, err := p.installCloudOAuthInstance(jiraURL)
 	if err != nil {
 		return "", nil, nil, err
 	}
@@ -633,9 +633,20 @@ func (p *Plugin) submitCreateCloudOAuthInstance(f *flow.Flow, submission map[str
 		return "", nil, nil, errors.New("no Jira OAuth Client Secret is present in the request")
 	}
 
-	jiraURL, instance, err := p.installCloudOAuthInstance(jiraURL, clientID, clientSecret)
+	existingInstance, err := p.instanceStore.LoadInstance(types.ID(jiraURL))
 	if err != nil {
-		return "", nil, nil, err
+		return "", nil, nil, errors.Wrap(err, "failed to load existing cloud-oauth instance")
+	}
+
+	instance, ok := existingInstance.(*cloudOAuthInstance)
+	if !ok {
+		return "", nil, nil, errors.Errorf("existing instance is not a cloud-oauth instance. ID: %s", jiraURL)
 func (p *Plugin) initCreateCloudOAuthInstance(f *flow.Flow, submission map[string]interface{}) (flow.Name, flow.State, map[string]string, error) { 
 func (p *Plugin) initCreateCloudOAuthInstance(f *flow.Flow, submission map[string]interface{}) (flow.Name, flow.State, map[string]string, error) { 
+	}
+
+	instance.JiraClientID = clientID
+	instance.JiraClientSecret = clientSecret
+	if err = p.instanceStore.StoreInstance(instance); err != nil {
+		return "", nil, nil, errors.Wrap(err, "failed to store cloud-oauth instance")
 	}
 
 	return stepInstalledJiraApp, flow.State{

@@ -52,10 +52,23 @@ func (jwh *JiraWebhook) expandIssue(p *Plugin, instanceID types.ID) error {
 			}
 
 			jwh.Issue = *issue
-		} else if _, ok := instance.(*cloudOAuthInstance); ok {
+		} else if instance, ok := instance.(*cloudOAuthInstance); ok {
 			mmUserID, err := p.userStore.LoadMattermostUserID(instanceID, jwh.Comment.Author.AccountID)
 			if err != nil {
-				return errors.Wrap(err, "Cannot create subscription posts for this comment as the Jira comment author is not connected to Mattermost.")
+				// User is not connected, so we try to fall back to JWT bot
+				if instance.JWTInstance == nil {
+					return errors.Wrap(err, "Cannot create subscription posts for this comment as the Jira comment author is not connected to Mattermost.")
+				}
+
+				// Fetch issue details with bot JWT bot
+				var issue *jira.Issue
+				issue, err = p.getIssueDataForCloudWebhook(instance.JWTInstance, jwh.Issue.ID)
+				if err != nil {
+					return errors.Wrap(err, "failed to getIssueDataForCloudWebhook using bot account")
+				}
+
+				jwh.Issue = *issue
+				return nil
 			}
 
 			conn, err := p.userStore.LoadConnection(instance.GetID(), mmUserID)