private Set<PatchSet.Id> parsePatchSetId(final String patchIdentity) throws UnloggedFailure, OrmException { // By commit? // if (patchIdentity.matches("^([0-9a-fA-F]{4," + RevId.LEN + "})$")) { final RevId id = new RevId(patchIdentity); final ResultSet<PatchSet> patches; if (id.isComplete()) { patches = db.patchSets().byRevision(id); } else { patches = db.patchSets().byRevisionRange(id, id.max()); } final Set<PatchSet.Id> matches = new HashSet<PatchSet.Id>(); for (final PatchSet ps : patches) { final Change change = db.changes().get(ps.getId().getParentKey()); if (inProject(change)) { matches.add(ps.getId()); } } switch (matches.size()) { case 1: return matches; case 0: throw error("\"" + patchIdentity + "\" no such patch set"); default: throw error("\"" + patchIdentity + "\" matches multiple patch sets"); } } // By older style change,patchset? // if (patchIdentity.matches("^[1-9][0-9]*,[1-9][0-9]*$")) { final PatchSet.Id patchSetId; try { patchSetId = PatchSet.Id.parse(patchIdentity); } catch (IllegalArgumentException e) { throw error("\"" + patchIdentity + "\" is not a valid patch set"); } if (db.patchSets().get(patchSetId) == null) { throw error("\"" + patchIdentity + "\" no such patch set"); } if (projectControl != null) { final Change change = db.changes().get(patchSetId.getParentKey()); if (!inProject(change)) { throw error( "change " + change.getId() + " not in project " + projectControl.getProject().getName()); } } return Collections.singleton(patchSetId); } throw error("\"" + patchIdentity + "\" is not a valid patch set"); }
private AuthResult byPreferredEmail(final HttpServletResponse rsp, final String email) { try { final ReviewDb db = schema.open(); try { List<Account> matches = db.accounts().byPreferredEmail(email).toList(); return matches.size() == 1 ? auth(matches.get(0)) : null; } finally { db.close(); } } catch (OrmException e) { getServletContext().log("cannot query database", e); return null; } }
private AuthResult byUserName(final HttpServletResponse rsp, final String userName) { try { final ReviewDb db = schema.open(); try { AccountExternalId.Key key = new AccountExternalId.Key(SCHEME_USERNAME, userName); return auth(db.accountExternalIds().get(key)); } finally { db.close(); } } catch (OrmException e) { getServletContext().log("cannot query database", e); return null; } }
private AuthResult byAccountId(final HttpServletResponse rsp, final String idStr) { final Account.Id id; try { id = Account.Id.parse(idStr); } catch (NumberFormatException nfe) { return null; } try { final ReviewDb db = schema.open(); try { return auth(db.accounts().get(id)); } finally { db.close(); } } catch (OrmException e) { getServletContext().log("cannot query database", e); return null; } }
@Override public List<AccountExternalId> call() throws OrmException { final AccountExternalId.Key last = session.getLastLoginExternalId(); final List<AccountExternalId> ids = db.accountExternalIds().byAccount(user.getAccountId()).toList(); for (final AccountExternalId e : ids) { e.setTrusted(authConfig.isIdentityTrustable(Collections.singleton(e))); // The identity can be deleted only if its not the one used to // establish this web session, and if only if an identity was // actually used to establish this web session. // if (e.isScheme(SCHEME_USERNAME)) { e.setCanDelete(false); } else { e.setCanDelete(last != null && !last.equals(e.getKey())); } } return ids; }
@Override protected void doGet(final HttpServletRequest req, final HttpServletResponse rsp) throws IOException { String keyStr = req.getPathInfo(); // We shouldn't have to do this extra decode pass, but somehow we // are now receiving our "^1" suffix as "%5E1", which confuses us // downstream. Other times we get our embedded "," as "%2C", which // is equally bad. And yet when these happen a "%2F" is left as-is, // rather than escaped as "%252F", which makes me feel really really // uncomfortable with a blind decode right here. // keyStr = URLDecoder.decode(keyStr, "UTF-8"); if (!keyStr.startsWith("/")) { rsp.sendError(HttpServletResponse.SC_NOT_FOUND); return; } keyStr = keyStr.substring(1); final Patch.Key patchKey; final int side; { final int c = keyStr.lastIndexOf('^'); if (c == 0) { rsp.sendError(HttpServletResponse.SC_NOT_FOUND); return; } if (c < 0) { side = 0; } else { try { side = Integer.parseInt(keyStr.substring(c + 1)); keyStr = keyStr.substring(0, c); } catch (NumberFormatException e) { rsp.sendError(HttpServletResponse.SC_NOT_FOUND); return; } } try { patchKey = Patch.Key.parse(keyStr); } catch (NumberFormatException e) { rsp.sendError(HttpServletResponse.SC_NOT_FOUND); return; } } final Change.Id changeId = patchKey.getParentKey().getParentKey(); final Project project; final PatchSet patchSet; try { final ReviewDb db = requestDb.get(); final ChangeControl control = changeControl.validateFor(changeId); project = control.getProject(); patchSet = db.patchSets().get(patchKey.getParentKey()); if (patchSet == null) { rsp.sendError(HttpServletResponse.SC_NOT_FOUND); return; } } catch (NoSuchChangeException e) { rsp.sendError(HttpServletResponse.SC_NOT_FOUND); return; } catch (OrmException e) { getServletContext().log("Cannot query database", e); rsp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } final Repository repo; try { repo = repoManager.openRepository(project.getNameKey()); } catch (RepositoryNotFoundException e) { getServletContext().log("Cannot open repository", e); rsp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } final ObjectLoader blobLoader; final RevCommit fromCommit; final String suffix; final String path = patchKey.getFileName(); try { final ObjectReader reader = repo.newObjectReader(); try { final RevWalk rw = new RevWalk(reader); final RevCommit c; final TreeWalk tw; c = rw.parseCommit(ObjectId.fromString(patchSet.getRevision().get())); if (side == 0) { fromCommit = c; suffix = "new"; } else if (1 <= side && side - 1 < c.getParentCount()) { fromCommit = rw.parseCommit(c.getParent(side - 1)); if (c.getParentCount() == 1) { suffix = "old"; } else { suffix = "old" + side; } } else { rsp.sendError(HttpServletResponse.SC_NOT_FOUND); return; } tw = TreeWalk.forPath(reader, path, fromCommit.getTree()); if (tw == null) { rsp.sendError(HttpServletResponse.SC_NOT_FOUND); return; } if (tw.getFileMode(0).getObjectType() == Constants.OBJ_BLOB) { blobLoader = reader.open(tw.getObjectId(0), Constants.OBJ_BLOB); } else { rsp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } } finally { reader.release(); } } catch (IOException e) { getServletContext().log("Cannot read repository", e); rsp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } catch (RuntimeException e) { getServletContext().log("Cannot read repository", e); rsp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } finally { repo.close(); } final byte[] raw = blobLoader.isLarge() ? null : blobLoader.getCachedBytes(); final long when = fromCommit.getCommitTime() * 1000L; rsp.setDateHeader("Last-Modified", when); rsp.setDateHeader("Expires", 0L); rsp.setHeader("Pragma", "no-cache"); rsp.setHeader("Cache-Control", "no-cache, must-revalidate"); OutputStream out; ZipOutputStream zo; final MimeType contentType = registry.getMimeType(path, raw); if (!registry.isSafeInline(contentType)) { // The content may not be safe to transmit inline, as a browser might // interpret it as HTML or JavaScript hosted by this site. Such code // might then run in the site's security domain, and may be able to use // the user's cookies to perform unauthorized actions. // // Usually, wrapping the content into a ZIP file forces the browser to // save the content to the local system instead. // rsp.setContentType(ZIP.toString()); rsp.setHeader( "Content-Disposition", "attachment; filename=\"" + safeFileName(path, suffix) + ".zip" + "\""); zo = new ZipOutputStream(rsp.getOutputStream()); final ZipEntry e = new ZipEntry(safeFileName(path, rand(req, suffix))); e.setComment(fromCommit.name() + ":" + path); e.setSize(blobLoader.getSize()); e.setTime(when); zo.putNextEntry(e); out = zo; } else { rsp.setContentType(contentType.toString()); rsp.setHeader("Content-Length", "" + blobLoader.getSize()); out = rsp.getOutputStream(); zo = null; } if (raw != null) { out.write(raw); } else { blobLoader.copyTo(out); } if (zo != null) { zo.closeEntry(); } out.close(); }