opf · shiroginne · May 12, 2026 · May 7, 2026 · May 7, 2026 · May 8, 2026
diff --git a/app/services/remote_identities/create_service.rb b/app/services/remote_identities/create_service.rb
@@ -47,7 +47,7 @@ def initialize(user:, integration:, token:, force_update: false)
 
     def call
       if @model.new_record? || @force_update
-        origin_result = @integration.extract_origin_user_id(@token)
+        origin_result = @integration.extract_origin_user_id(@user)
 
         user_id = origin_result.value_or { return ServiceResult.failure(errors: it) }
 

diff --git a/modules/storages/app/common/storages/adapters/input/strategy.rb b/modules/storages/app/common/storages/adapters/input/strategy.rb
@@ -23,7 +23,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 #
 # See COPYRIGHT and LICENSE files for more details.
 #++

diff --git a/modules/wikis/app/contracts/wikis/adapters/input/auth_strategy_contract.rb b/modules/wikis/app/contracts/wikis/adapters/input/auth_strategy_contract.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
+module Wikis
+  module Adapters
+    module Input
+      class AuthStrategyContract < DryApplicationContract
+        AUTH_METHODS = %i[bearer_token internal].to_set.freeze
+
+        params do
+          required(:key).filled(:symbol, included_in?: AUTH_METHODS)
+          optional(:user).maybe
+          optional(:provider).maybe
+        end
+      end
+    end
+  end
+end
diff --git a/modules/wikis/app/models/wikis/adapters/input/auth_strategy.rb b/modules/wikis/app/models/wikis/adapters/input/auth_strategy.rb
@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
+module Wikis::Adapters::Input
+  AuthStrategy = Data.define(:key, :user, :provider) do
+    private_class_method :new
+
+    def self.build(key:, user: nil, provider: nil, contract: AuthStrategyContract.new)
+      contract.call(key:, user:, provider:).to_monad.fmap { new(**it.to_h) }
+    end
+  end
+end
diff --git a/modules/wikis/app/models/wikis/provider.rb b/modules/wikis/app/models/wikis/provider.rb
@@ -44,6 +44,10 @@ class Provider < ApplicationRecord
     def to_s = self.class.registry_prefix
     def user_connected?(_user) = raise SubclassResponsibilityError
 
+    def auth_strategy_for(user)
+      resolve("authentication.user_bound").call(user)
+    end
+
     class << self
       def registry_prefix = raise SubclassResponsibilityError
     end

diff --git a/modules/wikis/app/models/wikis/xwiki_provider.rb b/modules/wikis/app/models/wikis/xwiki_provider.rb
@@ -54,8 +54,10 @@ def user_connected?(user)
       OAuthClientToken.for_user_and_client(user, oauth_client).exists?
     end
 
-    def extract_origin_user_id(token)
-      resolve("queries.user").call(Wikis::Adapters::Input::UserQuery.new(access_token: token.access_token))
+    def extract_origin_user_id(user)
+      auth_strategy_for(user).bind do |auth_strategy|
+        resolve("queries.user").call(auth_strategy:)
+      end
     end
 
     def authenticate_via_two_way_oauth2?

diff --git a/modules/wikis/app/services/wikis/adapters/authentication.rb b/modules/wikis/app/services/wikis/adapters/authentication.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
+module Wikis
+  module Adapters
+    class Authentication
+      class << self
+        # @param strategy [Input::AuthStrategy]
+        def [](strategy)
+          case strategy.key
+          when :bearer_token
+            AuthenticationStrategies::BearerToken.new(strategy.user, strategy.provider)
+          when :internal
+            AuthenticationStrategies::InternalUser.new(strategy.user)
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/modules/wikis/app/services/wikis/adapters/authentication_strategies/bearer_token.rb b/modules/wikis/app/services/wikis/adapters/authentication_strategies/bearer_token.rb
@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
+module Wikis
+  module Adapters
+    module AuthenticationStrategies
+      class BearerToken
+        include Dry::Monads[:result]
+
+        def initialize(user, provider)
+          @user = user
+          @provider = provider
+        end
+
+        def call(http_options: {}, **)
+          fetch_user_token.bind do |token|
+            yield OpenProject.httpx.bearer_auth(token.access_token).with(http_options)
+          end
+        end
+
+        private
+
+        def fetch_user_token
+          token = OAuthClientToken.for_user_and_client(@user, @provider.oauth_client).first
+          return Success(token) if token
+
+          Failure(Results::Error.new(source: self.class, code: :missing_token))
+        end
+      end
+    end
+  end
+end
diff --git a/...models/wikis/adapters/input/user_query.rb → ...uthentication_strategies/internal_user.rb b/...models/wikis/adapters/input/user_query.rb → ...uthentication_strategies/internal_user.rb
@@ -23,11 +23,23 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 #
 # See COPYRIGHT and LICENSE files for more details.
 #++
 
-module Wikis::Adapters::Input
-  UserQuery = Data.define(:access_token)
+module Wikis
+  module Adapters
+    module AuthenticationStrategies
+      class InternalUser
+        def initialize(user)
+          @user = user
+        end
+
+        def call(**)
+          yield @user
+        end
+      end
+    end
+  end
 end
diff --git a/modules/wikis/app/services/wikis/adapters/base_query.rb b/modules/wikis/app/services/wikis/adapters/base_query.rb
@@ -51,5 +51,11 @@ def success(result)
     def failure(code:)
       Failure(Results::Error.new(source: self.class, code:))
     end
+
+    def page_info(identifier:, auth_strategy:)
+      Input::PageInfo.build(identifier:).bind do |input|
+        provider.resolve("queries.page_info").call(input_data: input, auth_strategy:)
+      end
+    end
   end
 end
diff --git a/modules/wikis/app/services/wikis/adapters/providers/internal/authentication/user_bound.rb b/modules/wikis/app/services/wikis/adapters/providers/internal/authentication/user_bound.rb
@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
+module Wikis
+  module Adapters
+    module Providers
+      module Internal
+        module Authentication
+          class UserBound
+            def initialize(model:)
+              @model = model
+            end
+
+            def call(user)
+              Input::AuthStrategy.build(key: :internal, user:, provider: @model)
+            end
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/modules/wikis/app/services/wikis/adapters/providers/internal/queries/page_info.rb b/modules/wikis/app/services/wikis/adapters/providers/internal/queries/page_info.rb
@@ -34,23 +34,24 @@ module Providers
       module Internal
         module Queries
           class PageInfo < BaseQuery
-            def call(input_data)
-              # TODO: should we accept implicit User.current or do we want to pass in a user explicitly?
-              wiki_page = WikiPage.visible.find_by(id: input_data.identifier)
-              return failure(code: :not_found) if wiki_page.nil?
+            def call(input_data:, auth_strategy:)
+              Authentication[auth_strategy].call do |user|
+                wiki_page = WikiPage.visible(user).find_by(id: input_data.identifier)
+                return failure(code: :not_found) if wiki_page.nil?
 
-              success(
-                Results::PageInfo.new(
-                  identifier: input_data.identifier,
-                  provider:,
-                  title: wiki_page.title,
-                  href: url_for(only_path: true,
-                                controller: "/wiki",
-                                action: "show",
-                                project_id: wiki_page.project.identifier,
-                                id: wiki_page.slug)
+                success(
+                  Results::PageInfo.new(
+                    identifier: input_data.identifier,
+                    provider:,
+                    title: wiki_page.title,
+                    href: url_for(only_path: true,
+                                  controller: "/wiki",
+                                  action: "show",
+                                  project_id: wiki_page.project.identifier,
+                                  id: wiki_page.slug)
+                  )
                 )
-              )
+              end
             end
 
             private

diff --git a/modules/wikis/app/services/wikis/adapters/providers/internal/queries/referencing_pages.rb b/modules/wikis/app/services/wikis/adapters/providers/internal/queries/referencing_pages.rb
@@ -34,21 +34,15 @@ module Providers
       module Internal
         module Queries
           class ReferencingPages < BaseQuery
-            def call(input_data)
+            def call(input_data:, auth_strategy:)
               success(
                 provider.page_links
                         .merge(ReverseInlinePageLink.all)
                         .where(linkable: input_data.linkable)
                         .order(created_at: :desc)
-                        .map { page_info(provider:, identifier: it.identifier) }
+                        .map { page_info(identifier: it.identifier, auth_strategy:) }
               )
             end
-
-            private
-
-            def page_info(provider:, identifier:)
-              Adapters::Input::PageInfo.build(identifier:).bind { provider.resolve("queries.page_info").call(it) }
-            end
           end
         end
       end