private void handleAuth(HttpServletRequest req) {
String username = req.getRemoteUser();
if (username != null) {
if (config.getBoolean("auth", "userNameToLowerCase", false)) {
username = username.toLowerCase(Locale.US);
}
log.debug("User name: " + username);
AccountState who = accountCache.getByUsername(username);
log.debug("AccountState " + who);
if (who == null
&& username.matches("^([a-zA-Z0-9][a-zA-Z0-9._-]*[a-zA-Z0-9]|[a-zA-Z0-9])$")) {
log.debug(
"User is not registered with Gerrit. Register now."); // This approach assumes an auth
// type of HTTP_LDAP
final AuthRequest areq = AuthRequest.forUser(username);
try {
accountManager.authenticate(areq);
who = accountCache.getByUsername(username);
if (who == null) {
log.warn("Unable to register user \"" + username + "\". Continue as anonymous.");
} else {
log.debug("User registered.");
}
} catch (AccountException e) {
log.warn("Exception registering user \"" + username + "\". Continue as anonymous.", e);
}
}
if (who != null && who.getAccount().isActive()) {
log.debug("Not anonymous user");
WebSession ws = session.get();
ws.setUserAccountId(who.getAccount().getId());
ws.setAccessPathOk(AccessPath.REST_API, true);
} else {
log.debug("Anonymous user");
}
}
}
@Override
public List<AccountExternalId> call() throws OrmException {
final AccountExternalId.Key last = session.getLastLoginExternalId();
final List<AccountExternalId> ids =
db.accountExternalIds().byAccount(user.getAccountId()).toList();
for (final AccountExternalId e : ids) {
e.setTrusted(authConfig.isIdentityTrustable(Collections.singleton(e)));
// The identity can be deleted only if its not the one used to
// establish this web session, and if only if an identity was
// actually used to establish this web session.
//
if (e.isScheme(SCHEME_USERNAME)) {
e.setCanDelete(false);
} else {
e.setCanDelete(last != null && !last.equals(e.getKey()));
}
}
return ids;
}
