use of com.google.gerrit.extensions.auth.oauth.OAuthLoginProvider in project gerrit by GerritCodeReview.
the class OAuthRealm method authenticate.
/**
* Authenticates with the {@link OAuthLoginProvider} specified in the authentication request.
*
* <p>{@link AccountManager} calls this method without password if authenticity of the user has
* already been established. In that case we can skip the authentication request to the {@code
* OAuthLoginService}.
*
* @param who the authentication request.
* @return the authentication request with resolved email address and display name in case the
* authenticity of the user could be established; otherwise {@code who} is returned unchanged.
* @throws AccountException if the authentication request with the OAuth2 server failed or no
* {@code OAuthLoginProvider} was available to handle the request.
*/
@Override
public AuthRequest authenticate(AuthRequest who) throws AccountException {
if (Strings.isNullOrEmpty(who.getPassword())) {
return who;
}
if (Strings.isNullOrEmpty(who.getAuthPlugin()) || Strings.isNullOrEmpty(who.getAuthProvider())) {
throw new AccountException("Cannot authenticate");
}
OAuthLoginProvider loginProvider = loginProviders.get(who.getAuthPlugin(), who.getAuthProvider());
if (loginProvider == null) {
throw new AccountException("Cannot authenticate");
}
OAuthUserInfo userInfo;
try {
userInfo = loginProvider.login(who.getUserName(), who.getPassword());
} catch (IOException e) {
throw new AccountException("Cannot authenticate", e);
}
if (userInfo == null) {
throw new AccountException("Cannot authenticate");
}
if (!Strings.isNullOrEmpty(userInfo.getEmailAddress()) && (Strings.isNullOrEmpty(who.getUserName()) || !allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL))) {
who.setEmailAddress(userInfo.getEmailAddress());
}
if (!Strings.isNullOrEmpty(userInfo.getDisplayName()) && (Strings.isNullOrEmpty(who.getDisplayName()) || !allowsEdit(AccountFieldName.FULL_NAME))) {
who.setDisplayName(userInfo.getDisplayName());
}
return who;
}
use of com.google.gerrit.extensions.auth.oauth.OAuthLoginProvider in project gerrit by GerritCodeReview.
the class OAuthRealm method authenticate.
/**
* Authenticates with the {@link OAuthLoginProvider} specified in the authentication request.
*
* <p>{@link AccountManager} calls this method without password if authenticity of the user has
* already been established. In that case we can skip the authentication request to the {@code
* OAuthLoginService}.
*
* @param who the authentication request.
* @return the authentication request with resolved email address and display name in case the
* authenticity of the user could be established; otherwise {@code who} is returned unchanged.
* @throws AccountException if the authentication request with the OAuth2 server failed or no
* {@code OAuthLoginProvider} was available to handle the request.
*/
@Override
public AuthRequest authenticate(AuthRequest who) throws AccountException {
if (Strings.isNullOrEmpty(who.getPassword())) {
return who;
}
if (Strings.isNullOrEmpty(who.getAuthPlugin()) || Strings.isNullOrEmpty(who.getAuthProvider())) {
throw new AccountException("Cannot authenticate");
}
OAuthLoginProvider loginProvider = loginProviders.get(who.getAuthPlugin(), who.getAuthProvider());
if (loginProvider == null) {
throw new AccountException("Cannot authenticate");
}
OAuthUserInfo userInfo;
try {
userInfo = loginProvider.login(who.getUserName().orElse(null), who.getPassword());
} catch (IOException e) {
throw new AccountException("Cannot authenticate", e);
}
if (userInfo == null) {
throw new AccountException("Cannot authenticate");
}
if (!Strings.isNullOrEmpty(userInfo.getEmailAddress()) && (!who.getUserName().isPresent() || !allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL))) {
who.setEmailAddress(userInfo.getEmailAddress());
}
if (!Strings.isNullOrEmpty(userInfo.getDisplayName()) && (Strings.isNullOrEmpty(who.getDisplayName()) || !allowsEdit(AccountFieldName.FULL_NAME))) {
who.setDisplayName(userInfo.getDisplayName());
}
return who;
}
use of com.google.gerrit.extensions.auth.oauth.OAuthLoginProvider in project gerrit by GerritCodeReview.
the class ProjectOAuthFilter method pickConfiguredProvider.
/**
* Picks the {@code OAuthLoginProvider} configured with <tt>auth.gitOAuthProvider</tt>.
*
* @throws ServletException if the configured provider was not found.
*/
private void pickConfiguredProvider() throws ServletException {
int splitPos = gitOAuthProvider.lastIndexOf(':');
if (splitPos < 1 || splitPos == gitOAuthProvider.length() - 1) {
// no colon at all or leading/trailing colon: malformed providerId
throw new ServletException("OAuth login provider configuration is" + " invalid: Must be of the form pluginName:providerName");
}
defaultAuthPlugin = gitOAuthProvider.substring(0, splitPos);
defaultAuthProvider = gitOAuthProvider.substring(splitPos + 1);
OAuthLoginProvider provider = loginProviders.get(defaultAuthPlugin, defaultAuthProvider);
if (provider == null) {
throw new ServletException("Configured OAuth login provider " + gitOAuthProvider + " wasn't installed");
}
}
use of com.google.gerrit.extensions.auth.oauth.OAuthLoginProvider in project gerrit by GerritCodeReview.
the class ProjectOAuthFilter method pickOnlyProvider.
/**
* Picks the only installed OAuth provider. If there is a multiude of providers available, the
* actual provider must be determined from the authentication request.
*
* @throws ServletException if there is no {@code OAuthLoginProvider} installed at all.
*/
private void pickOnlyProvider() throws ServletException {
try {
Extension<OAuthLoginProvider> loginProvider = Iterables.getOnlyElement(loginProviders);
defaultAuthPlugin = loginProvider.getPluginName();
defaultAuthProvider = loginProvider.getExportName();
} catch (NoSuchElementException e) {
throw new ServletException("No OAuth login provider installed", e);
} catch (IllegalArgumentException e) {
// multiple providers found => do not pick any
}
}
use of com.google.gerrit.extensions.auth.oauth.OAuthLoginProvider in project gerrit by GerritCodeReview.
the class ProjectOAuthFilter method extractAuthInfo.
private AuthInfo extractAuthInfo(Cookie cookie) throws UnsupportedEncodingException {
String username = URLDecoder.decode(cookie.getName().substring(GIT_COOKIE_PREFIX.length()), UTF_8.name());
String value = cookie.getValue();
int splitPos = value.lastIndexOf('@');
if (splitPos < 1 || splitPos == value.length() - 1) {
// the access token rather than being a separator
return new AuthInfo(username, cookie.getValue(), defaultAuthPlugin, defaultAuthProvider);
}
String token = value.substring(0, splitPos);
String providerId = value.substring(splitPos + 1);
splitPos = providerId.lastIndexOf(':');
if (splitPos < 1 || splitPos == providerId.length() - 1) {
// no colon at all or leading/trailing colon: malformed providerId
return null;
}
String pluginName = providerId.substring(0, splitPos);
String exportName = providerId.substring(splitPos + 1);
OAuthLoginProvider provider = loginProviders.get(pluginName, exportName);
if (provider == null) {
return null;
}
return new AuthInfo(username, token, pluginName, exportName);
}
Aggregations