Example 16 with IdentifiedUser
use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.
the class GerritPublicKeyCheckerTest method checkValidTrustChainAndCorrectExternalIds.
@Test
public void checkValidTrustChainAndCorrectExternalIds() throws Exception {
// A---Bx
// \
// \---C---D
// \
// \---Ex
//
// The server ultimately trusts B and D.
// D and E trust C to be a valid introducer of depth 2.
IdentifiedUser userB = addUser("userB");
TestKey keyA = add(keyA(), user);
TestKey keyB = add(keyB(), userB);
add(keyC(), addUser("userC"));
add(keyD(), addUser("userD"));
add(keyE(), addUser("userE"));
// Checker for A, checking A.
PublicKeyChecker checkerA = checkerFactory.create(user, store);
assertNoProblems(checkerA.check(keyA.getPublicKey()));
// Checker for B, checking B. Trust chain and IDs are correct, so the only
// problem is with the key itself.
PublicKeyChecker checkerB = checkerFactory.create(userB, store);
assertProblems(checkerB.check(keyB.getPublicKey()), Status.BAD, "Key is expired");
}
Also used :
TestKey(com.google.gerrit.gpg.testutil.TestKey)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
Test(org.junit.Test)
Example 17 with IdentifiedUser
use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.
the class CherryPickChange method cherryPick.
public Change.Id cherryPick(BatchUpdate.Factory batchUpdateFactory, @Nullable Change.Id sourceChangeId, @Nullable PatchSet.Id sourcePatchId, @Nullable Branch.NameKey sourceBranch, @Nullable String sourceChangeTopic, Project.NameKey project, ObjectId sourceCommit, CherryPickInput input, String targetRef, RefControl targetRefControl) throws OrmException, IOException, InvalidChangeOperationException, IntegrationException, UpdateException, RestApiException {
if (Strings.isNullOrEmpty(targetRef)) {
throw new InvalidChangeOperationException("Cherry Pick: Destination branch cannot be null or empty");
}
String destinationBranch = RefNames.shortName(targetRef);
IdentifiedUser identifiedUser = user.get();
try (Repository git = gitManager.openRepository(project);
// before patch sets are updated.
ObjectInserter oi = git.newObjectInserter();
ObjectReader reader = oi.newReader();
CodeReviewRevWalk revWalk = CodeReviewCommit.newRevWalk(reader)) {
Ref destRef = git.getRefDatabase().exactRef(targetRef);
if (destRef == null) {
throw new InvalidChangeOperationException(String.format("Branch %s does not exist.", destinationBranch));
}
CodeReviewCommit mergeTip = revWalk.parseCommit(destRef.getObjectId());
CodeReviewCommit commitToCherryPick = revWalk.parseCommit(sourceCommit);
if (input.parent <= 0 || input.parent > commitToCherryPick.getParentCount()) {
throw new InvalidChangeOperationException(String.format("Cherry Pick: Parent %s does not exist. Please specify a parent in" + " range [1, %s].", input.parent, commitToCherryPick.getParentCount()));
}
Timestamp now = TimeUtil.nowTs();
PersonIdent committerIdent = identifiedUser.newCommitterIdent(now, serverTimeZone);
final ObjectId computedChangeId = ChangeIdUtil.computeChangeId(commitToCherryPick.getTree(), mergeTip, commitToCherryPick.getAuthorIdent(), committerIdent, input.message);
String commitMessage = ChangeIdUtil.insertId(input.message, computedChangeId).trim() + '\n';
CodeReviewCommit cherryPickCommit;
try {
ProjectState projectState = targetRefControl.getProjectControl().getProjectState();
cherryPickCommit = mergeUtilFactory.create(projectState).createCherryPickFromCommit(oi, git.getConfig(), mergeTip, commitToCherryPick, committerIdent, commitMessage, revWalk, input.parent - 1, false);
Change.Key changeKey;
final List<String> idList = cherryPickCommit.getFooterLines(FooterConstants.CHANGE_ID);
if (!idList.isEmpty()) {
final String idStr = idList.get(idList.size() - 1).trim();
changeKey = new Change.Key(idStr);
} else {
changeKey = new Change.Key("I" + computedChangeId.name());
}
Branch.NameKey newDest = new Branch.NameKey(project, destRef.getName());
List<ChangeData> destChanges = queryProvider.get().setLimit(2).byBranchKey(newDest, changeKey);
if (destChanges.size() > 1) {
throw new InvalidChangeOperationException("Several changes with key " + changeKey + " reside on the same branch. " + "Cannot create a new patch set.");
}
try (BatchUpdate bu = batchUpdateFactory.create(db.get(), project, identifiedUser, now)) {
bu.setRepository(git, revWalk, oi);
Change.Id result;
if (destChanges.size() == 1) {
// The change key exists on the destination branch. The cherry pick
// will be added as a new patch set.
ChangeControl destCtl = targetRefControl.getProjectControl().controlFor(destChanges.get(0).notes());
result = insertPatchSet(bu, git, destCtl, cherryPickCommit, input);
} else {
// Change key not found on destination branch. We can create a new
// change.
String newTopic = null;
if (!Strings.isNullOrEmpty(sourceChangeTopic)) {
newTopic = sourceChangeTopic + "-" + newDest.getShortName();
}
result = createNewChange(bu, cherryPickCommit, targetRefControl.getRefName(), newTopic, sourceBranch, sourceCommit, input);
if (sourceChangeId != null && sourcePatchId != null) {
bu.addOp(sourceChangeId, new AddMessageToSourceChangeOp(changeMessagesUtil, sourcePatchId, destinationBranch, cherryPickCommit));
}
}
bu.execute();
return result;
}
} catch (MergeIdenticalTreeException | MergeConflictException e) {
throw new IntegrationException("Cherry pick failed: " + e.getMessage());
}
}
}
Also used :
InvalidChangeOperationException(com.google.gerrit.server.project.InvalidChangeOperationException)
Timestamp(java.sql.Timestamp)
BatchUpdate(com.google.gerrit.server.update.BatchUpdate)
MergeConflictException(com.google.gerrit.extensions.restapi.MergeConflictException)
ObjectInserter(org.eclipse.jgit.lib.ObjectInserter)
Branch(com.google.gerrit.reviewdb.client.Branch)
ChangeControl(com.google.gerrit.server.project.ChangeControl)
ObjectReader(org.eclipse.jgit.lib.ObjectReader)
IntegrationException(com.google.gerrit.server.git.IntegrationException)
ObjectId(org.eclipse.jgit.lib.ObjectId)
CodeReviewRevWalk(com.google.gerrit.server.git.CodeReviewCommit.CodeReviewRevWalk)
Change(com.google.gerrit.reviewdb.client.Change)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
CodeReviewCommit(com.google.gerrit.server.git.CodeReviewCommit)
ChangeData(com.google.gerrit.server.query.change.ChangeData)
MergeIdenticalTreeException(com.google.gerrit.server.git.MergeIdenticalTreeException)
Repository(org.eclipse.jgit.lib.Repository)
Ref(org.eclipse.jgit.lib.Ref)
PersonIdent(org.eclipse.jgit.lib.PersonIdent)
GerritPersonIdent(com.google.gerrit.server.GerritPersonIdent)
ProjectState(com.google.gerrit.server.project.ProjectState)
Example 18 with IdentifiedUser
use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.
the class ChangeJson method currentLabels.
private Map<String, Short> currentLabels(PermissionBackend.ForChange perm, ChangeData cd) throws OrmException {
IdentifiedUser user = perm.user().asIdentifiedUser();
ChangeControl ctl = cd.changeControl().forUser(user);
Map<String, Short> result = new HashMap<>();
for (PatchSetApproval psa : approvalsUtil.byPatchSetUser(db.get(), ctl, cd.change().currentPatchSetId(), user.getAccountId())) {
result.put(psa.getLabel(), psa.getValue());
}
return result;
}
Also used :
LinkedHashMap(java.util.LinkedHashMap)
HashMap(java.util.HashMap)
ChangeControl(com.google.gerrit.server.project.ChangeControl)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
PatchSetApproval(com.google.gerrit.reviewdb.client.PatchSetApproval)
Example 19 with IdentifiedUser
use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.
the class CreateChange method applyImpl.
@Override
protected Response<ChangeInfo> applyImpl(BatchUpdate.Factory updateFactory, TopLevelResource parent, ChangeInput input) throws OrmException, IOException, InvalidChangeOperationException, RestApiException, UpdateException, PermissionBackendException {
if (Strings.isNullOrEmpty(input.project)) {
throw new BadRequestException("project must be non-empty");
}
if (Strings.isNullOrEmpty(input.branch)) {
throw new BadRequestException("branch must be non-empty");
}
if (Strings.isNullOrEmpty(input.subject)) {
throw new BadRequestException("commit message must be non-empty");
}
if (input.status != null) {
if (input.status != ChangeStatus.NEW && input.status != ChangeStatus.DRAFT) {
throw new BadRequestException("unsupported change status");
}
if (!allowDrafts && input.status == ChangeStatus.DRAFT) {
throw new MethodNotAllowedException("draft workflow is disabled");
}
}
String refName = RefNames.fullName(input.branch);
ProjectResource rsrc = projectsCollection.parse(input.project);
Capable r = rsrc.getControl().canPushToAtLeastOneRef();
if (r != Capable.OK) {
throw new AuthException(r.getMessage());
}
RefControl refControl = rsrc.getControl().controlForRef(refName);
if (!refControl.canUpload() || !refControl.isVisible()) {
throw new AuthException("cannot upload review");
}
Project.NameKey project = rsrc.getNameKey();
try (Repository git = gitManager.openRepository(project);
ObjectInserter oi = git.newObjectInserter();
ObjectReader reader = oi.newReader();
RevWalk rw = new RevWalk(reader)) {
ObjectId parentCommit;
List<String> groups;
if (input.baseChange != null) {
List<ChangeControl> ctls = changeFinder.find(input.baseChange, rsrc.getControl().getUser());
if (ctls.size() != 1) {
throw new UnprocessableEntityException("Base change not found: " + input.baseChange);
}
ChangeControl ctl = Iterables.getOnlyElement(ctls);
if (!ctl.isVisible(db.get())) {
throw new UnprocessableEntityException("Base change not found: " + input.baseChange);
}
PatchSet ps = psUtil.current(db.get(), ctl.getNotes());
parentCommit = ObjectId.fromString(ps.getRevision().get());
groups = ps.getGroups();
} else {
Ref destRef = git.getRefDatabase().exactRef(refName);
if (destRef != null) {
if (Boolean.TRUE.equals(input.newBranch)) {
throw new ResourceConflictException(String.format("Branch %s already exists.", refName));
}
parentCommit = destRef.getObjectId();
} else {
if (Boolean.TRUE.equals(input.newBranch)) {
parentCommit = null;
} else {
throw new UnprocessableEntityException(String.format("Branch %s does not exist.", refName));
}
}
groups = Collections.emptyList();
}
RevCommit mergeTip = parentCommit == null ? null : rw.parseCommit(parentCommit);
Timestamp now = TimeUtil.nowTs();
IdentifiedUser me = user.get().asIdentifiedUser();
PersonIdent author = me.newCommitterIdent(now, serverTimeZone);
AccountState account = accountCache.get(me.getAccountId());
GeneralPreferencesInfo info = account.getAccount().getGeneralPreferencesInfo();
ObjectId treeId = mergeTip == null ? emptyTreeId(oi) : mergeTip.getTree();
ObjectId id = ChangeIdUtil.computeChangeId(treeId, mergeTip, author, author, input.subject);
String commitMessage = ChangeIdUtil.insertId(input.subject, id);
if (Boolean.TRUE.equals(info.signedOffBy)) {
commitMessage += String.format("%s%s", SIGNED_OFF_BY_TAG, account.getAccount().getNameEmail(anonymousCowardName));
}
RevCommit c;
if (input.merge != null) {
// create a merge commit
if (!(submitType.equals(SubmitType.MERGE_ALWAYS) || submitType.equals(SubmitType.MERGE_IF_NECESSARY))) {
throw new BadRequestException("Submit type: " + submitType + " is not supported");
}
c = newMergeCommit(git, oi, rw, rsrc.getControl(), mergeTip, input.merge, author, commitMessage);
} else {
// create an empty commit
c = newCommit(oi, rw, author, mergeTip, commitMessage);
}
Change.Id changeId = new Change.Id(seq.nextChangeId());
ChangeInserter ins = changeInserterFactory.create(changeId, c, refName);
ins.setMessage(String.format("Uploaded patch set %s.", ins.getPatchSetId().get()));
String topic = input.topic;
if (topic != null) {
topic = Strings.emptyToNull(topic.trim());
}
ins.setTopic(topic);
ins.setDraft(input.status == ChangeStatus.DRAFT);
ins.setPrivate(input.isPrivate != null && input.isPrivate);
ins.setWorkInProgress(input.workInProgress != null && input.workInProgress);
ins.setGroups(groups);
ins.setNotify(input.notify);
ins.setAccountsToNotify(notifyUtil.resolveAccounts(input.notifyDetails));
try (BatchUpdate bu = updateFactory.create(db.get(), project, me, now)) {
bu.setRepository(git, rw, oi);
bu.insertChange(ins);
bu.execute();
}
ChangeJson json = jsonFactory.noOptions();
return Response.created(json.format(ins.getChange()));
} catch (IllegalArgumentException e) {
throw new BadRequestException(e.getMessage());
}
}
Also used :
RefControl(com.google.gerrit.server.project.RefControl)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
Timestamp(java.sql.Timestamp)
BatchUpdate(com.google.gerrit.server.update.BatchUpdate)
Capable(com.google.gerrit.common.data.Capable)
ObjectInserter(org.eclipse.jgit.lib.ObjectInserter)
ChangeControl(com.google.gerrit.server.project.ChangeControl)
ObjectReader(org.eclipse.jgit.lib.ObjectReader)
RevCommit(org.eclipse.jgit.revwalk.RevCommit)
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
MethodNotAllowedException(com.google.gerrit.extensions.restapi.MethodNotAllowedException)
ObjectId(org.eclipse.jgit.lib.ObjectId)
PatchSet(com.google.gerrit.reviewdb.client.PatchSet)
AccountState(com.google.gerrit.server.account.AccountState)
Change(com.google.gerrit.reviewdb.client.Change)
RevWalk(org.eclipse.jgit.revwalk.RevWalk)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
Project(com.google.gerrit.reviewdb.client.Project)
Repository(org.eclipse.jgit.lib.Repository)
Ref(org.eclipse.jgit.lib.Ref)
ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException)
PersonIdent(org.eclipse.jgit.lib.PersonIdent)
GerritPersonIdent(com.google.gerrit.server.GerritPersonIdent)
BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException)
GeneralPreferencesInfo(com.google.gerrit.extensions.client.GeneralPreferencesInfo)
ProjectResource(com.google.gerrit.server.project.ProjectResource)
ObjectId(org.eclipse.jgit.lib.ObjectId)
Example 20 with IdentifiedUser
use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.
the class DatabasePubKeyAuth method authenticate.
@Override
public boolean authenticate(String username, PublicKey suppliedKey, ServerSession session) {
SshSession sd = session.getAttribute(SshSession.KEY);
Preconditions.checkState(sd.getUser() == null);
if (PeerDaemonUser.USER_NAME.equals(username)) {
if (myHostKeys.contains(suppliedKey) || getPeerKeys().contains(suppliedKey)) {
PeerDaemonUser user = peerFactory.create(sd.getRemoteAddress());
return SshUtil.success(username, session, sshScope, sshLog, sd, user);
}
sd.authenticationError(username, "no-matching-key");
return false;
}
if (config.getBoolean("auth", "userNameToLowerCase", false)) {
username = username.toLowerCase(Locale.US);
}
Iterable<SshKeyCacheEntry> keyList = sshKeyCache.get(username);
SshKeyCacheEntry key = find(keyList, suppliedKey);
if (key == null) {
String err;
if (keyList == SshKeyCacheImpl.NO_SUCH_USER) {
err = "user-not-found";
} else if (keyList == SshKeyCacheImpl.NO_KEYS) {
err = "key-list-empty";
} else {
err = "no-matching-key";
}
sd.authenticationError(username, err);
return false;
}
//
for (SshKeyCacheEntry otherKey : keyList) {
if (!key.getAccount().equals(otherKey.getAccount())) {
sd.authenticationError(username, "keys-cross-accounts");
return false;
}
}
IdentifiedUser cu = SshUtil.createUser(sd, userFactory, key.getAccount());
if (!cu.getAccount().isActive()) {
sd.authenticationError(username, "inactive-account");
return false;
}
return SshUtil.success(username, session, sshScope, sshLog, sd, cu);
}
Also used :
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
PeerDaemonUser(com.google.gerrit.server.PeerDaemonUser)
Aggregations
IdentifiedUser (com.google.gerrit.server.IdentifiedUser)48
AuthException (com.google.gerrit.extensions.restapi.AuthException)12
Account (com.google.gerrit.reviewdb.client.Account)10
Change (com.google.gerrit.reviewdb.client.Change)10
CurrentUser (com.google.gerrit.server.CurrentUser)8
ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)7
Project (com.google.gerrit.reviewdb.client.Project)7
ChangeControl (com.google.gerrit.server.project.ChangeControl)7
BadRequestException (com.google.gerrit.extensions.restapi.BadRequestException)6
BatchUpdate (com.google.gerrit.server.update.BatchUpdate)6
ResourceConflictException (com.google.gerrit.extensions.restapi.ResourceConflictException)5
UnprocessableEntityException (com.google.gerrit.extensions.restapi.UnprocessableEntityException)5
AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)5
PatchSet (com.google.gerrit.reviewdb.client.PatchSet)5
OrmException (com.google.gwtorm.server.OrmException)5
Ref (org.eclipse.jgit.lib.Ref)5
Repository (org.eclipse.jgit.lib.Repository)5
Test (org.junit.Test)5
IOException (java.io.IOException)4
ArrayList (java.util.ArrayList)4
