private void handleAuth(HttpServletRequest req) { String username = req.getRemoteUser(); if (username != null) { if (config.getBoolean("auth", "userNameToLowerCase", false)) { username = username.toLowerCase(Locale.US); } log.debug("User name: " + username); AccountState who = accountCache.getByUsername(username); log.debug("AccountState " + who); if (who == null && username.matches("^([a-zA-Z0-9][a-zA-Z0-9._-]*[a-zA-Z0-9]|[a-zA-Z0-9])$")) { log.debug( "User is not registered with Gerrit. Register now."); // This approach assumes an auth // type of HTTP_LDAP final AuthRequest areq = AuthRequest.forUser(username); try { accountManager.authenticate(areq); who = accountCache.getByUsername(username); if (who == null) { log.warn("Unable to register user \"" + username + "\". Continue as anonymous."); } else { log.debug("User registered."); } } catch (AccountException e) { log.warn("Exception registering user \"" + username + "\". Continue as anonymous.", e); } } if (who != null && who.getAccount().isActive()) { log.debug("Not anonymous user"); WebSession ws = session.get(); ws.setUserAccountId(who.getAccount().getId()); ws.setAccessPathOk(AccessPath.REST_API, true); } else { log.debug("Anonymous user"); } } }
@Override public List<AccountExternalId> call() throws OrmException { final AccountExternalId.Key last = session.getLastLoginExternalId(); final List<AccountExternalId> ids = db.accountExternalIds().byAccount(user.getAccountId()).toList(); for (final AccountExternalId e : ids) { e.setTrusted(authConfig.isIdentityTrustable(Collections.singleton(e))); // The identity can be deleted only if its not the one used to // establish this web session, and if only if an identity was // actually used to establish this web session. // if (e.isScheme(SCHEME_USERNAME)) { e.setCanDelete(false); } else { e.setCanDelete(last != null && !last.equals(e.getKey())); } } return ids; }