private void authenticateAndRedirect(HttpServletRequest req, HttpServletResponse rsp)
throws IOException {
AuthRequest areq = new AuthRequest(user.getExternalId());
AuthResult arsp;
try {
String claimedIdentifier = user.getClaimedIdentity();
if (!Strings.isNullOrEmpty(claimedIdentifier)) {
if (!authenticateWithIdentityClaimedDuringHandshake(areq, rsp, claimedIdentifier)) {
return;
}
} else if (linkMode) {
if (!authenticateWithLinkedIdentity(areq, rsp)) {
return;
}
}
areq.setUserName(user.getUserName());
areq.setEmailAddress(user.getEmailAddress());
areq.setDisplayName(user.getDisplayName());
arsp = accountManager.authenticate(areq);
} catch (AccountException e) {
log.error("Unable to authenticate user \"" + user + "\"", e);
rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
webSession.get().login(arsp, true);
String suffix = redirectToken.substring(OAuthWebFilter.GERRIT_LOGIN.length() + 1);
StringBuilder rdr = new StringBuilder(urlProvider.get(req));
rdr.append(Url.decode(suffix));
rsp.sendRedirect(rdr.toString());
}
@Test
public void byCommentBy() throws Exception {
TestRepository<Repo> repo = createProject("repo");
Change change1 = newChange(repo, null, null, null, null).insert();
Change change2 = newChange(repo, null, null, null, null).insert();
int user2 =
accountManager.authenticate(AuthRequest.forUser("anotheruser")).getAccountId().get();
ReviewInput input = new ReviewInput();
input.message = "toplevel";
ReviewInput.CommentInput comment = new ReviewInput.CommentInput();
comment.line = 1;
comment.message = "inline";
input.comments =
ImmutableMap.<String, List<ReviewInput.CommentInput>>of(
Patch.COMMIT_MSG, ImmutableList.<ReviewInput.CommentInput>of(comment));
gApi.changes().id(change1.getId().get()).current().review(input);
input = new ReviewInput();
input.message = "toplevel";
gApi.changes().id(change2.getId().get()).current().review(input);
assertQuery("commentby:" + userId.get(), change2, change1);
assertQuery("commentby:" + user2);
}
@Test
public void byOwnerIn() throws Exception {
TestRepository<Repo> repo = createProject("repo");
Change change1 = newChange(repo, null, null, userId.get(), null).insert();
int user2 =
accountManager.authenticate(AuthRequest.forUser("anotheruser")).getAccountId().get();
Change change2 = newChange(repo, null, null, user2, null).insert();
assertQuery("ownerin:Administrators", change1);
assertQuery("ownerin:\"Registered Users\"", change2, change1);
}
@Test
public void filterOutAllResults() throws Exception {
TestRepository<Repo> repo = createProject("repo");
int user2 =
accountManager.authenticate(AuthRequest.forUser("anotheruser")).getAccountId().get();
for (int i = 0; i < 5; i++) {
newChange(repo, null, null, user2, null).insert();
}
assertQuery("status:new ownerin:Administrators");
assertQuery("status:new ownerin:Administrators limit:2");
}
@Before
public void setUpInjector() throws Exception {
lifecycle = new LifecycleManager();
Injector injector = createInjector();
lifecycle.add(injector);
injector.injectMembers(this);
lifecycle.start();
db = schemaFactory.open();
schemaCreator.create(db);
userId = accountManager.authenticate(AuthRequest.forUser("user")).getAccountId();
Account userAccount = db.accounts().get(userId);
userAccount.setPreferredEmail("*****@*****.**");
db.accounts().update(ImmutableList.of(userAccount));
user = userFactory.create(Providers.of(db), userId);
requestContext.setContext(newRequestContext(userAccount.getId()));
}
@Test
public void explicitVisibleTo() throws Exception {
TestRepository<Repo> repo = createProject("repo");
Change change1 = newChange(repo, null, null, userId.get(), null).insert();
ChangeInserter ins2 = newChange(repo, null, null, userId.get(), null);
Change change2 = ins2.getChange();
change2.setStatus(Change.Status.DRAFT);
ins2.insert();
String q = "project:repo";
assertQuery(q, change2, change1);
// Second user cannot see first user's drafts.
Account.Id user2 =
accountManager.authenticate(AuthRequest.forUser("anotheruser")).getAccountId();
assertQuery(q + " visibleto:" + user2.get(), change1);
}
@Test
public void byLabel() throws Exception {
accountManager.authenticate(AuthRequest.forUser("anotheruser"));
TestRepository<Repo> repo = createProject("repo");
ChangeInserter ins = newChange(repo, null, null, null, null);
Change change = ins.insert();
gApi.changes()
.id(change.getId().get())
.current()
.review(new ReviewInput().label("Code-Review", 1));
assertQuery("label:Code-Review=-2");
assertQuery("label:Code-Review-2");
assertQuery("label:Code-Review=-1");
assertQuery("label:Code-Review-1");
assertQuery("label:Code-Review=0");
assertQuery("label:Code-Review=+1", change);
assertQuery("label:Code-Review=1", change);
assertQuery("label:Code-Review+1", change);
assertQuery("label:Code-Review=+2");
assertQuery("label:Code-Review=2");
assertQuery("label:Code-Review+2");
assertQuery("label:Code-Review>=0", change);
assertQuery("label:Code-Review>0", change);
assertQuery("label:Code-Review>=1", change);
assertQuery("label:Code-Review>1");
assertQuery("label:Code-Review>=2");
assertQuery("label: Code-Review<=2", change);
assertQuery("label: Code-Review<2", change);
assertQuery("label: Code-Review<=1", change);
assertQuery("label:Code-Review<1");
assertQuery("label:Code-Review<=0");
assertQuery("label:Code-Review=+1,anotheruser");
assertQuery("label:Code-Review=+1,user", change);
assertQuery("label:Code-Review=+1,user=user", change);
assertQuery("label:Code-Review=+1,Administrators", change);
assertQuery("label:Code-Review=+1,group=Administrators", change);
}
@Test
public void reviewedBy() throws Exception {
clockStepMs = MILLISECONDS.convert(2, MINUTES);
TestRepository<Repo> repo = createProject("repo");
Change change1 = newChange(repo, null, null, null, null).insert();
Change change2 = newChange(repo, null, null, null, null).insert();
Change change3 = newChange(repo, null, null, null, null).insert();
gApi.changes().id(change1.getId().get()).current().review(new ReviewInput().message("comment"));
Account.Id user2 =
accountManager.authenticate(AuthRequest.forUser("anotheruser")).getAccountId();
requestContext.setContext(newRequestContext(user2));
gApi.changes().id(change2.getId().get()).current().review(new ReviewInput().message("comment"));
PatchSet.Id ps3_1 = change3.currentPatchSetId();
change3 = newPatchSet(repo, change3);
assertThat(change3.currentPatchSetId()).isNotEqualTo(ps3_1);
// Response to previous patch set still counts as reviewing.
gApi.changes()
.id(change3.getId().get())
.revision(ps3_1.get())
.review(new ReviewInput().message("comment"));
List<ChangeInfo> actual;
actual = assertQuery(newQuery("is:reviewed").withOption(REVIEWED), change3, change2);
assertThat(actual.get(0).reviewed).isTrue();
assertThat(actual.get(1).reviewed).isTrue();
actual = assertQuery(newQuery("-is:reviewed").withOption(REVIEWED), change1);
assertThat(actual.get(0).reviewed).isNull();
actual = assertQuery("reviewedby:" + userId.get());
actual =
assertQuery(newQuery("reviewedby:" + user2.get()).withOption(REVIEWED), change3, change2);
assertThat(actual.get(0).reviewed).isTrue();
assertThat(actual.get(1).reviewed).isTrue();
}
private void handleAuth(HttpServletRequest req) {
String username = req.getRemoteUser();
if (username != null) {
if (config.getBoolean("auth", "userNameToLowerCase", false)) {
username = username.toLowerCase(Locale.US);
}
log.debug("User name: " + username);
AccountState who = accountCache.getByUsername(username);
log.debug("AccountState " + who);
if (who == null
&& username.matches("^([a-zA-Z0-9][a-zA-Z0-9._-]*[a-zA-Z0-9]|[a-zA-Z0-9])$")) {
log.debug(
"User is not registered with Gerrit. Register now."); // This approach assumes an auth
// type of HTTP_LDAP
final AuthRequest areq = AuthRequest.forUser(username);
try {
accountManager.authenticate(areq);
who = accountCache.getByUsername(username);
if (who == null) {
log.warn("Unable to register user \"" + username + "\". Continue as anonymous.");
} else {
log.debug("User registered.");
}
} catch (AccountException e) {
log.warn("Exception registering user \"" + username + "\". Continue as anonymous.", e);
}
}
if (who != null && who.getAccount().isActive()) {
log.debug("Not anonymous user");
WebSession ws = session.get();
ws.setUserAccountId(who.getAccount().getId());
ws.setAccessPathOk(AccessPath.REST_API, true);
} else {
log.debug("Anonymous user");
}
}
}