Exemplo n.º 1
0
 private boolean authenticateWithIdentityClaimedDuringHandshake(
     AuthRequest req, HttpServletResponse rsp, String claimedIdentifier)
     throws AccountException, IOException {
   Account.Id claimedId = accountManager.lookup(claimedIdentifier);
   Account.Id actualId = accountManager.lookup(user.getExternalId());
   if (claimedId != null && actualId != null) {
     if (claimedId.equals(actualId)) {
       // Both link to the same account, that's what we expected.
       log.debug("OAuth2: claimed identity equals current id");
     } else {
       // This is (for now) a fatal error. There are two records
       // for what might be the same user.
       //
       log.error(
           "OAuth accounts disagree over user identity:\n"
               + "  Claimed ID: "
               + claimedId
               + " is "
               + claimedIdentifier
               + "\n"
               + "  Delgate ID: "
               + actualId
               + " is "
               + user.getExternalId());
       rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
       return false;
     }
   } else if (claimedId != null && actualId == null) {
     // Claimed account already exists: link to it.
     //
     log.info("OAuth2: linking claimed identity to {}", claimedId.toString());
     try {
       accountManager.link(claimedId, req);
     } catch (OrmException e) {
       log.error(
           "Cannot link: "
               + user.getExternalId()
               + " to user identity:\n"
               + "  Claimed ID: "
               + claimedId
               + " is "
               + claimedIdentifier);
       rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
       return false;
     }
   }
   return true;
 }
Exemplo n.º 2
0
  @Test
  public void byCommentBy() throws Exception {
    TestRepository<Repo> repo = createProject("repo");
    Change change1 = newChange(repo, null, null, null, null).insert();
    Change change2 = newChange(repo, null, null, null, null).insert();

    int user2 =
        accountManager.authenticate(AuthRequest.forUser("anotheruser")).getAccountId().get();

    ReviewInput input = new ReviewInput();
    input.message = "toplevel";
    ReviewInput.CommentInput comment = new ReviewInput.CommentInput();
    comment.line = 1;
    comment.message = "inline";
    input.comments =
        ImmutableMap.<String, List<ReviewInput.CommentInput>>of(
            Patch.COMMIT_MSG, ImmutableList.<ReviewInput.CommentInput>of(comment));
    gApi.changes().id(change1.getId().get()).current().review(input);

    input = new ReviewInput();
    input.message = "toplevel";
    gApi.changes().id(change2.getId().get()).current().review(input);

    assertQuery("commentby:" + userId.get(), change2, change1);
    assertQuery("commentby:" + user2);
  }
Exemplo n.º 3
0
  private void authenticateAndRedirect(HttpServletRequest req, HttpServletResponse rsp)
      throws IOException {
    AuthRequest areq = new AuthRequest(user.getExternalId());
    AuthResult arsp;
    try {
      String claimedIdentifier = user.getClaimedIdentity();
      if (!Strings.isNullOrEmpty(claimedIdentifier)) {
        if (!authenticateWithIdentityClaimedDuringHandshake(areq, rsp, claimedIdentifier)) {
          return;
        }
      } else if (linkMode) {
        if (!authenticateWithLinkedIdentity(areq, rsp)) {
          return;
        }
      }
      areq.setUserName(user.getUserName());
      areq.setEmailAddress(user.getEmailAddress());
      areq.setDisplayName(user.getDisplayName());
      arsp = accountManager.authenticate(areq);
    } catch (AccountException e) {
      log.error("Unable to authenticate user \"" + user + "\"", e);
      rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
      return;
    }

    webSession.get().login(arsp, true);
    String suffix = redirectToken.substring(OAuthWebFilter.GERRIT_LOGIN.length() + 1);
    StringBuilder rdr = new StringBuilder(urlProvider.get(req));
    rdr.append(Url.decode(suffix));
    rsp.sendRedirect(rdr.toString());
  }
 private AuthResult create() {
   String fakeId = AccountExternalId.SCHEME_UUID + UUID.randomUUID();
   try {
     return accountManager.authenticate(new AuthRequest(fakeId));
   } catch (AccountException e) {
     getServletContext().log("cannot create new account", e);
     return null;
   }
 }
Exemplo n.º 5
0
  @Test
  public void byOwnerIn() throws Exception {
    TestRepository<Repo> repo = createProject("repo");
    Change change1 = newChange(repo, null, null, userId.get(), null).insert();
    int user2 =
        accountManager.authenticate(AuthRequest.forUser("anotheruser")).getAccountId().get();
    Change change2 = newChange(repo, null, null, user2, null).insert();

    assertQuery("ownerin:Administrators", change1);
    assertQuery("ownerin:\"Registered Users\"", change2, change1);
  }
Exemplo n.º 6
0
  @Test
  public void filterOutAllResults() throws Exception {
    TestRepository<Repo> repo = createProject("repo");
    int user2 =
        accountManager.authenticate(AuthRequest.forUser("anotheruser")).getAccountId().get();
    for (int i = 0; i < 5; i++) {
      newChange(repo, null, null, user2, null).insert();
    }

    assertQuery("status:new ownerin:Administrators");
    assertQuery("status:new ownerin:Administrators limit:2");
  }
Exemplo n.º 7
0
  @Before
  public void setUpInjector() throws Exception {
    lifecycle = new LifecycleManager();
    Injector injector = createInjector();
    lifecycle.add(injector);
    injector.injectMembers(this);
    lifecycle.start();

    db = schemaFactory.open();
    schemaCreator.create(db);
    userId = accountManager.authenticate(AuthRequest.forUser("user")).getAccountId();
    Account userAccount = db.accounts().get(userId);
    userAccount.setPreferredEmail("*****@*****.**");
    db.accounts().update(ImmutableList.of(userAccount));
    user = userFactory.create(Providers.of(db), userId);
    requestContext.setContext(newRequestContext(userAccount.getId()));
  }
Exemplo n.º 8
0
  @Test
  public void explicitVisibleTo() throws Exception {
    TestRepository<Repo> repo = createProject("repo");
    Change change1 = newChange(repo, null, null, userId.get(), null).insert();
    ChangeInserter ins2 = newChange(repo, null, null, userId.get(), null);
    Change change2 = ins2.getChange();
    change2.setStatus(Change.Status.DRAFT);
    ins2.insert();

    String q = "project:repo";
    assertQuery(q, change2, change1);

    // Second user cannot see first user's drafts.
    Account.Id user2 =
        accountManager.authenticate(AuthRequest.forUser("anotheruser")).getAccountId();
    assertQuery(q + " visibleto:" + user2.get(), change1);
  }
Exemplo n.º 9
0
 private boolean authenticateWithLinkedIdentity(AuthRequest areq, HttpServletResponse rsp)
     throws AccountException, IOException {
   try {
     accountManager.link(identifiedUser.get().getAccountId(), areq);
   } catch (OrmException e) {
     log.error(
         "Cannot link: "
             + user.getExternalId()
             + " to user identity: "
             + identifiedUser.get().getAccountId());
     rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
     return false;
   } finally {
     linkMode = false;
   }
   return true;
 }
Exemplo n.º 10
0
  @Test
  public void byLabel() throws Exception {
    accountManager.authenticate(AuthRequest.forUser("anotheruser"));
    TestRepository<Repo> repo = createProject("repo");
    ChangeInserter ins = newChange(repo, null, null, null, null);
    Change change = ins.insert();

    gApi.changes()
        .id(change.getId().get())
        .current()
        .review(new ReviewInput().label("Code-Review", 1));

    assertQuery("label:Code-Review=-2");
    assertQuery("label:Code-Review-2");
    assertQuery("label:Code-Review=-1");
    assertQuery("label:Code-Review-1");
    assertQuery("label:Code-Review=0");
    assertQuery("label:Code-Review=+1", change);
    assertQuery("label:Code-Review=1", change);
    assertQuery("label:Code-Review+1", change);
    assertQuery("label:Code-Review=+2");
    assertQuery("label:Code-Review=2");
    assertQuery("label:Code-Review+2");

    assertQuery("label:Code-Review>=0", change);
    assertQuery("label:Code-Review>0", change);
    assertQuery("label:Code-Review>=1", change);
    assertQuery("label:Code-Review>1");
    assertQuery("label:Code-Review>=2");

    assertQuery("label: Code-Review<=2", change);
    assertQuery("label: Code-Review<2", change);
    assertQuery("label: Code-Review<=1", change);
    assertQuery("label:Code-Review<1");
    assertQuery("label:Code-Review<=0");

    assertQuery("label:Code-Review=+1,anotheruser");
    assertQuery("label:Code-Review=+1,user", change);
    assertQuery("label:Code-Review=+1,user=user", change);
    assertQuery("label:Code-Review=+1,Administrators", change);
    assertQuery("label:Code-Review=+1,group=Administrators", change);
  }
Exemplo n.º 11
0
  @Test
  public void reviewedBy() throws Exception {
    clockStepMs = MILLISECONDS.convert(2, MINUTES);
    TestRepository<Repo> repo = createProject("repo");
    Change change1 = newChange(repo, null, null, null, null).insert();
    Change change2 = newChange(repo, null, null, null, null).insert();
    Change change3 = newChange(repo, null, null, null, null).insert();

    gApi.changes().id(change1.getId().get()).current().review(new ReviewInput().message("comment"));

    Account.Id user2 =
        accountManager.authenticate(AuthRequest.forUser("anotheruser")).getAccountId();
    requestContext.setContext(newRequestContext(user2));

    gApi.changes().id(change2.getId().get()).current().review(new ReviewInput().message("comment"));

    PatchSet.Id ps3_1 = change3.currentPatchSetId();
    change3 = newPatchSet(repo, change3);
    assertThat(change3.currentPatchSetId()).isNotEqualTo(ps3_1);
    // Response to previous patch set still counts as reviewing.
    gApi.changes()
        .id(change3.getId().get())
        .revision(ps3_1.get())
        .review(new ReviewInput().message("comment"));

    List<ChangeInfo> actual;
    actual = assertQuery(newQuery("is:reviewed").withOption(REVIEWED), change3, change2);
    assertThat(actual.get(0).reviewed).isTrue();
    assertThat(actual.get(1).reviewed).isTrue();

    actual = assertQuery(newQuery("-is:reviewed").withOption(REVIEWED), change1);
    assertThat(actual.get(0).reviewed).isNull();

    actual = assertQuery("reviewedby:" + userId.get());

    actual =
        assertQuery(newQuery("reviewedby:" + user2.get()).withOption(REVIEWED), change3, change2);
    assertThat(actual.get(0).reviewed).isTrue();
    assertThat(actual.get(1).reviewed).isTrue();
  }
Exemplo n.º 12
0
 private void handleAuth(HttpServletRequest req) {
   String username = req.getRemoteUser();
   if (username != null) {
     if (config.getBoolean("auth", "userNameToLowerCase", false)) {
       username = username.toLowerCase(Locale.US);
     }
     log.debug("User name: " + username);
     AccountState who = accountCache.getByUsername(username);
     log.debug("AccountState " + who);
     if (who == null
         && username.matches("^([a-zA-Z0-9][a-zA-Z0-9._-]*[a-zA-Z0-9]|[a-zA-Z0-9])$")) {
       log.debug(
           "User is not registered with Gerrit. Register now."); // This approach assumes an auth
                                                                 // type of HTTP_LDAP
       final AuthRequest areq = AuthRequest.forUser(username);
       try {
         accountManager.authenticate(areq);
         who = accountCache.getByUsername(username);
         if (who == null) {
           log.warn("Unable to register user \"" + username + "\". Continue as anonymous.");
         } else {
           log.debug("User registered.");
         }
       } catch (AccountException e) {
         log.warn("Exception registering user \"" + username + "\". Continue as anonymous.", e);
       }
     }
     if (who != null && who.getAccount().isActive()) {
       log.debug("Not anonymous user");
       WebSession ws = session.get();
       ws.setUserAccountId(who.getAccount().getId());
       ws.setAccessPathOk(AccessPath.REST_API, true);
     } else {
       log.debug("Anonymous user");
     }
   }
 }