private static Map<String, String> getParameters(HttpServletRequest req) {
final Map<String, String> params = new HashMap<>();
for (final String pair : req.getQueryString().split("[&;]")) {
final int eq = pair.indexOf('=');
if (0 < eq) {
String name = pair.substring(0, eq);
String value = pair.substring(eq + 1);
name = Url.decode(name);
value = Url.decode(value);
params.put(name, value);
}
}
return params;
}
private void authenticateAndRedirect(HttpServletRequest req, HttpServletResponse rsp)
throws IOException {
AuthRequest areq = new AuthRequest(user.getExternalId());
AuthResult arsp;
try {
String claimedIdentifier = user.getClaimedIdentity();
if (!Strings.isNullOrEmpty(claimedIdentifier)) {
if (!authenticateWithIdentityClaimedDuringHandshake(areq, rsp, claimedIdentifier)) {
return;
}
} else if (linkMode) {
if (!authenticateWithLinkedIdentity(areq, rsp)) {
return;
}
}
areq.setUserName(user.getUserName());
areq.setEmailAddress(user.getEmailAddress());
areq.setDisplayName(user.getDisplayName());
arsp = accountManager.authenticate(areq);
} catch (AccountException e) {
log.error("Unable to authenticate user \"" + user + "\"", e);
rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
webSession.get().login(arsp, true);
String suffix = redirectToken.substring(OAuthWebFilter.GERRIT_LOGIN.length() + 1);
StringBuilder rdr = new StringBuilder(urlProvider.get(req));
rdr.append(Url.decode(suffix));
rsp.sendRedirect(rdr.toString());
}
private GroupInfo init(GroupDescription.Basic group) {
GroupInfo info = new GroupInfo();
info.id = Url.encode(group.getGroupUUID().get());
info.name = Strings.emptyToNull(group.getName());
info.url = Strings.emptyToNull(group.getUrl());
info.options = new GroupOptionsInfo(group);
AccountGroup g = GroupDescriptions.toAccountGroup(group);
if (g != null) {
info.description = Strings.emptyToNull(g.getDescription());
info.groupId = g.getId().get();
if (g.getOwnerGroupUUID() != null) {
info.ownerId = Url.encode(g.getOwnerGroupUUID().get());
GroupDescription.Basic o = groupBackend.get(g.getOwnerGroupUUID());
if (o != null) {
info.owner = o.getName();
}
}
}
return info;
}
private static String getLoginRedirectUrl(HttpServletRequest req) {
String contextPath = req.getContextPath();
String loginUrl = contextPath + "/login/";
String token = req.getRequestURI();
if (!contextPath.isEmpty()) {
token = token.substring(contextPath.length());
}
String queryString = req.getQueryString();
if (queryString != null && !queryString.isEmpty()) {
token = token.concat("?" + queryString);
}
return (loginUrl + Url.encode(token));
}
@Override
public boolean updateChange(ChangeContext ctx) throws ResourceNotFoundException, OrmException {
PatchSet ps = psUtil.get(ctx.getDb(), ctx.getNotes(), psId);
if (ps == null) {
throw new ResourceNotFoundException("patch set not found: " + psId);
}
comment =
new Comment(
new Comment.Key(ChangeUtil.messageUUID(ctx.getDb()), in.path, ps.getPatchSetId()),
ctx.getAccountId(),
ctx.getWhen(),
in.side(),
in.message.trim(),
serverId);
comment.parentUuid = Url.decode(in.inReplyTo);
comment.setLineNbrAndRange(in.line, in.range);
comment.tag = in.tag;
setCommentRevId(comment, patchListCache, ctx.getChange(), ps);
commentsUtil.putComments(
ctx.getDb(), ctx.getUpdate(psId), Status.DRAFT, Collections.singleton(comment));
ctx.bumpLastUpdatedOn(false);
return true;
}
@Override
protected void service(final HttpServletRequest req, final HttpServletResponse rsp)
throws IOException {
if (req.getQueryString() == null || req.getQueryString().isEmpty()) {
// No query string? They want the project list, which we don't
// currently support. Return to Gerrit's own web UI.
//
rsp.sendRedirect(req.getContextPath() + "/");
return;
}
final Map<String, String> params = getParameters(req);
String a = params.get("a");
if (a != null) {
if (deniedActions.contains(a)) {
rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
if (a.equals(PROJECT_LIST_ACTION)) {
rsp.sendRedirect(
req.getContextPath()
+ "/#"
+ PageLinks.ADMIN_PROJECTS
+ "?filter="
+ Url.encode(params.get("pf") + "/"));
return;
}
}
String name = params.get("p");
if (name == null) {
rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
if (name.endsWith(".git")) {
name = name.substring(0, name.length() - 4);
}
final Project.NameKey nameKey = new Project.NameKey(name);
final ProjectControl project;
try {
project = projectControl.validateFor(nameKey);
if (!project.allRefsAreVisible() && !project.isOwner()) {
// Pretend the project doesn't exist
throw new NoSuchProjectException(nameKey);
}
} catch (NoSuchProjectException e) {
if (userProvider.get().isIdentifiedUser()) {
rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
} else {
// Allow anonymous users a chance to login.
// Avoid leaking information by not distinguishing between
// project not existing and no access rights.
rsp.sendRedirect(getLoginRedirectUrl(req));
}
return;
}
try (Repository repo = repoManager.openRepository(nameKey)) {
CacheHeaders.setNotCacheable(rsp);
exec(req, rsp, project);
} catch (RepositoryNotFoundException e) {
getServletContext().log("Cannot open repository", e);
rsp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
private String getBaseRequestUrl() {
String filePathEncoded = Url.encode(FILE_PATH);
return "/changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/revisions/1/files/"
+ filePathEncoded;
}
