Examples with OAuthLoginProvider com.google.gerrit.extensions.auth.oauth.OAuthLoginProvider used on opensource projects

Example 1 with OAuthLoginProvider

use of com.google.gerrit.extensions.auth.oauth.OAuthLoginProvider in project gerrit by GerritCodeReview.

the class OAuthRealm method authenticate.

/**
   * Authenticates with the {@link OAuthLoginProvider} specified in the authentication request.
   *
   * <p>{@link AccountManager} calls this method without password if authenticity of the user has
   * already been established. In that case we can skip the authentication request to the {@code
   * OAuthLoginService}.
   *
   * @param who the authentication request.
   * @return the authentication request with resolved email address and display name in case the
   *     authenticity of the user could be established; otherwise {@code who} is returned unchanged.
   * @throws AccountException if the authentication request with the OAuth2 server failed or no
   *     {@code OAuthLoginProvider} was available to handle the request.
   */
@Override
public AuthRequest authenticate(AuthRequest who) throws AccountException {
    if (Strings.isNullOrEmpty(who.getPassword())) {
        return who;
    }
    if (Strings.isNullOrEmpty(who.getAuthPlugin()) || Strings.isNullOrEmpty(who.getAuthProvider())) {
        throw new AccountException("Cannot authenticate");
    }
    OAuthLoginProvider loginProvider = loginProviders.get(who.getAuthPlugin(), who.getAuthProvider());
    if (loginProvider == null) {
        throw new AccountException("Cannot authenticate");
    }
    OAuthUserInfo userInfo;
    try {
        userInfo = loginProvider.login(who.getUserName(), who.getPassword());
    } catch (IOException e) {
        throw new AccountException("Cannot authenticate", e);
    }
    if (userInfo == null) {
        throw new AccountException("Cannot authenticate");
    }
    if (!Strings.isNullOrEmpty(userInfo.getEmailAddress()) && (Strings.isNullOrEmpty(who.getUserName()) || !allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL))) {
        who.setEmailAddress(userInfo.getEmailAddress());
    }
    if (!Strings.isNullOrEmpty(userInfo.getDisplayName()) && (Strings.isNullOrEmpty(who.getDisplayName()) || !allowsEdit(AccountFieldName.FULL_NAME))) {
        who.setDisplayName(userInfo.getDisplayName());
    }
    return who;
}

Example 2 with OAuthLoginProvider

use of com.google.gerrit.extensions.auth.oauth.OAuthLoginProvider in project gerrit by GerritCodeReview.

the class OAuthRealm method authenticate.

/**
 * Authenticates with the {@link OAuthLoginProvider} specified in the authentication request.
 *
 * <p>{@link AccountManager} calls this method without password if authenticity of the user has
 * already been established. In that case we can skip the authentication request to the {@code
 * OAuthLoginService}.
 *
 * @param who the authentication request.
 * @return the authentication request with resolved email address and display name in case the
 *     authenticity of the user could be established; otherwise {@code who} is returned unchanged.
 * @throws AccountException if the authentication request with the OAuth2 server failed or no
 *     {@code OAuthLoginProvider} was available to handle the request.
 */
@Override
public AuthRequest authenticate(AuthRequest who) throws AccountException {
    if (Strings.isNullOrEmpty(who.getPassword())) {
        return who;
    }
    if (Strings.isNullOrEmpty(who.getAuthPlugin()) || Strings.isNullOrEmpty(who.getAuthProvider())) {
        throw new AccountException("Cannot authenticate");
    }
    OAuthLoginProvider loginProvider = loginProviders.get(who.getAuthPlugin(), who.getAuthProvider());
    if (loginProvider == null) {
        throw new AccountException("Cannot authenticate");
    }
    OAuthUserInfo userInfo;
    try {
        userInfo = loginProvider.login(who.getUserName().orElse(null), who.getPassword());
    } catch (IOException e) {
        throw new AccountException("Cannot authenticate", e);
    }
    if (userInfo == null) {
        throw new AccountException("Cannot authenticate");
    }
    if (!Strings.isNullOrEmpty(userInfo.getEmailAddress()) && (!who.getUserName().isPresent() || !allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL))) {
        who.setEmailAddress(userInfo.getEmailAddress());
    }
    if (!Strings.isNullOrEmpty(userInfo.getDisplayName()) && (Strings.isNullOrEmpty(who.getDisplayName()) || !allowsEdit(AccountFieldName.FULL_NAME))) {
        who.setDisplayName(userInfo.getDisplayName());
    }
    return who;
}

Example 3 with OAuthLoginProvider

use of com.google.gerrit.extensions.auth.oauth.OAuthLoginProvider in project gerrit by GerritCodeReview.

the class ProjectOAuthFilter method pickConfiguredProvider.

/**
 * Picks the {@code OAuthLoginProvider} configured with <tt>auth.gitOAuthProvider</tt>.
 *
 * @throws ServletException if the configured provider was not found.
 */
private void pickConfiguredProvider() throws ServletException {
    int splitPos = gitOAuthProvider.lastIndexOf(':');
    if (splitPos < 1 || splitPos == gitOAuthProvider.length() - 1) {
        // no colon at all or leading/trailing colon: malformed providerId
        throw new ServletException("OAuth login provider configuration is" + " invalid: Must be of the form pluginName:providerName");
    }
    defaultAuthPlugin = gitOAuthProvider.substring(0, splitPos);
    defaultAuthProvider = gitOAuthProvider.substring(splitPos + 1);
    OAuthLoginProvider provider = loginProviders.get(defaultAuthPlugin, defaultAuthProvider);
    if (provider == null) {
        throw new ServletException("Configured OAuth login provider " + gitOAuthProvider + " wasn't installed");
    }
}

Example 4 with OAuthLoginProvider

use of com.google.gerrit.extensions.auth.oauth.OAuthLoginProvider in project gerrit by GerritCodeReview.

the class ProjectOAuthFilter method pickOnlyProvider.

/**
 * Picks the only installed OAuth provider. If there is a multiude of providers available, the
 * actual provider must be determined from the authentication request.
 *
 * @throws ServletException if there is no {@code OAuthLoginProvider} installed at all.
 */
private void pickOnlyProvider() throws ServletException {
    try {
        Extension<OAuthLoginProvider> loginProvider = Iterables.getOnlyElement(loginProviders);
        defaultAuthPlugin = loginProvider.getPluginName();
        defaultAuthProvider = loginProvider.getExportName();
    } catch (NoSuchElementException e) {
        throw new ServletException("No OAuth login provider installed", e);
    } catch (IllegalArgumentException e) {
    // multiple providers found => do not pick any
    }
}

Example 5 with OAuthLoginProvider

use of com.google.gerrit.extensions.auth.oauth.OAuthLoginProvider in project gerrit by GerritCodeReview.

the class ProjectOAuthFilter method extractAuthInfo.

private AuthInfo extractAuthInfo(Cookie cookie) throws UnsupportedEncodingException {
    String username = URLDecoder.decode(cookie.getName().substring(GIT_COOKIE_PREFIX.length()), UTF_8.name());
    String value = cookie.getValue();
    int splitPos = value.lastIndexOf('@');
    if (splitPos < 1 || splitPos == value.length() - 1) {
        // the access token rather than being a separator
        return new AuthInfo(username, cookie.getValue(), defaultAuthPlugin, defaultAuthProvider);
    }
    String token = value.substring(0, splitPos);
    String providerId = value.substring(splitPos + 1);
    splitPos = providerId.lastIndexOf(':');
    if (splitPos < 1 || splitPos == providerId.length() - 1) {
        // no colon at all or leading/trailing colon: malformed providerId
        return null;
    }
    String pluginName = providerId.substring(0, splitPos);
    String exportName = providerId.substring(splitPos + 1);
    OAuthLoginProvider provider = loginProviders.get(pluginName, exportName);
    if (provider == null) {
        return null;
    }
    return new AuthInfo(username, token, pluginName, exportName);
}