use of com.google.gerrit.extensions.auth.oauth.OAuthUserInfo in project gerrit by GerritCodeReview.
the class OAuthRealm method authenticate.
/**
* Authenticates with the {@link OAuthLoginProvider} specified in the authentication request.
*
* <p>{@link AccountManager} calls this method without password if authenticity of the user has
* already been established. In that case we can skip the authentication request to the {@code
* OAuthLoginService}.
*
* @param who the authentication request.
* @return the authentication request with resolved email address and display name in case the
* authenticity of the user could be established; otherwise {@code who} is returned unchanged.
* @throws AccountException if the authentication request with the OAuth2 server failed or no
* {@code OAuthLoginProvider} was available to handle the request.
*/
@Override
public AuthRequest authenticate(AuthRequest who) throws AccountException {
if (Strings.isNullOrEmpty(who.getPassword())) {
return who;
}
if (Strings.isNullOrEmpty(who.getAuthPlugin()) || Strings.isNullOrEmpty(who.getAuthProvider())) {
throw new AccountException("Cannot authenticate");
}
OAuthLoginProvider loginProvider = loginProviders.get(who.getAuthPlugin(), who.getAuthProvider());
if (loginProvider == null) {
throw new AccountException("Cannot authenticate");
}
OAuthUserInfo userInfo;
try {
userInfo = loginProvider.login(who.getUserName(), who.getPassword());
} catch (IOException e) {
throw new AccountException("Cannot authenticate", e);
}
if (userInfo == null) {
throw new AccountException("Cannot authenticate");
}
if (!Strings.isNullOrEmpty(userInfo.getEmailAddress()) && (Strings.isNullOrEmpty(who.getUserName()) || !allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL))) {
who.setEmailAddress(userInfo.getEmailAddress());
}
if (!Strings.isNullOrEmpty(userInfo.getDisplayName()) && (Strings.isNullOrEmpty(who.getDisplayName()) || !allowsEdit(AccountFieldName.FULL_NAME))) {
who.setDisplayName(userInfo.getDisplayName());
}
return who;
}
Aggregations