Example 26 with IdentifiedUser
use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.
the class Submit method onBehalfOf.
private IdentifiedUser onBehalfOf(RevisionResource rsrc, SubmitInput in) throws AuthException, UnprocessableEntityException, OrmException, PermissionBackendException {
PermissionBackend.ForChange perm = rsrc.permissions().database(dbProvider);
perm.check(ChangePermission.SUBMIT);
perm.check(ChangePermission.SUBMIT_AS);
CurrentUser caller = rsrc.getUser();
IdentifiedUser submitter = accounts.parseOnBehalfOf(caller, in.onBehalfOf);
try {
perm.user(submitter).check(ChangePermission.READ);
} catch (AuthException e) {
throw new UnprocessableEntityException(String.format("on_behalf_of account %s cannot see change", submitter.getAccountId()));
}
return submitter;
}
Also used :
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
CurrentUser(com.google.gerrit.server.CurrentUser)
PermissionBackend(com.google.gerrit.server.permissions.PermissionBackend)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
Example 27 with IdentifiedUser
use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.
the class ConsistencyCheckerIT method onlyPatchSetObjectMissingWithFix.
@Test
public void onlyPatchSetObjectMissingWithFix() throws Exception {
Change c = TestChanges.newChange(project, admin.getId(), sequences.nextChangeId());
PatchSet.Id psId = c.currentPatchSetId();
String rev = "deadbeefdeadbeefdeadbeefdeadbeefdeadbeef";
PatchSet ps = newPatchSet(psId, rev, adminId);
if (notesMigration.changePrimaryStorage() == PrimaryStorage.REVIEW_DB) {
db.changes().insert(singleton(c));
db.patchSets().insert(singleton(ps));
}
addNoteDbCommit(c.getId(), "Create change\n" + "\n" + "Patch-set: 1\n" + "Branch: " + c.getDest().get() + "\n" + "Change-id: " + c.getKey().get() + "\n" + "Subject: Bogus subject\n" + "Commit: " + rev + "\n" + "Groups: " + rev + "\n");
indexer.index(db, c.getProject(), c.getId());
IdentifiedUser user = userFactory.create(admin.getId());
ChangeControl ctl = changeControlFactory.controlFor(db, c.getProject(), c.getId(), user);
FixInput fix = new FixInput();
fix.deletePatchSetIfCommitMissing = true;
assertProblems(ctl, fix, problem("Ref missing: " + ps.getId().toRefName()), problem("Object missing: patch set 1: " + rev, FIX_FAILED, "Cannot delete patch set; no patch sets would remain"));
ctl = reload(ctl);
assertThat(ctl.getChange().currentPatchSetId().get()).isEqualTo(1);
assertThat(psUtil.current(db, ctl.getNotes())).isNotNull();
}
Also used :
ChangeControl(com.google.gerrit.server.project.ChangeControl)
TestChanges.newPatchSet(com.google.gerrit.testutil.TestChanges.newPatchSet)
PatchSet(com.google.gerrit.reviewdb.client.PatchSet)
Change(com.google.gerrit.reviewdb.client.Change)
FixInput(com.google.gerrit.extensions.api.changes.FixInput)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)
Test(org.junit.Test)
Example 28 with IdentifiedUser
use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.
the class GerritPublicKeyCheckerTest method checkWithValidKeyButWrongExpectedUserInChecker.
@Test
public void checkWithValidKeyButWrongExpectedUserInChecker() throws Exception {
// A---Bx
// \
// \---C---D
// \
// \---Ex
//
// The server ultimately trusts B and D.
// D and E trust C to be a valid introducer of depth 2.
IdentifiedUser userB = addUser("userB");
TestKey keyA = add(keyA(), user);
TestKey keyB = add(keyB(), userB);
add(keyC(), addUser("userC"));
add(keyD(), addUser("userD"));
add(keyE(), addUser("userE"));
// Checker for A, checking B.
PublicKeyChecker checkerA = checkerFactory.create(user, store);
assertProblems(checkerA.check(keyB.getPublicKey()), Status.BAD, "Key is expired", "Key must contain a valid certification for one of the following" + " identities:\n" + " gerrit:user\n" + " mailto:testa@example.com\n" + " testa@example.com\n" + " username:user");
// Checker for B, checking A.
PublicKeyChecker checkerB = checkerFactory.create(userB, store);
assertProblems(checkerB.check(keyA.getPublicKey()), Status.BAD, "Key must contain a valid certification for one of the following" + " identities:\n" + " gerrit:userB\n" + " mailto:testb@example.com\n" + " testb@example.com\n" + " username:userB");
}
Also used :
TestKey(com.google.gerrit.gpg.testutil.TestKey)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
Test(org.junit.Test)
Example 29 with IdentifiedUser
use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.
the class GerritPublicKeyChecker method checkIdsForArbitraryUser.
private CheckResult checkIdsForArbitraryUser(PGPPublicKey key) throws PGPException, OrmException {
List<AccountState> accountStates = accountQueryProvider.get().byExternalId(toExtIdKey(key));
if (accountStates.isEmpty()) {
return CheckResult.bad("Key is not associated with any users");
}
if (accountStates.size() > 1) {
return CheckResult.bad("Key is associated with multiple users");
}
IdentifiedUser user = userFactory.create(accountStates.get(0));
Set<String> allowedUserIds = getAllowedUserIds(user);
if (allowedUserIds.isEmpty()) {
return CheckResult.bad("No identities found for user");
}
if (hasAllowedUserId(key, allowedUserIds)) {
return CheckResult.trusted();
}
return CheckResult.bad("Key does not contain any valid certifications for user's identities");
}
Also used :
AccountState(com.google.gerrit.server.account.AccountState)
PublicKeyStore.keyIdToString(com.google.gerrit.gpg.PublicKeyStore.keyIdToString)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
Example 30 with IdentifiedUser
use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.
the class GitwebServlet method makeEnv.
private String[] makeEnv(HttpServletRequest req, Project.NameKey nameKey) {
final EnvList env = new EnvList(_env);
final int contentLength = Math.max(0, req.getContentLength());
// These ones are from "The WWW Common Gateway Interface Version 1.1"
//
env.set("AUTH_TYPE", req.getAuthType());
env.set("CONTENT_LENGTH", Integer.toString(contentLength));
env.set("CONTENT_TYPE", req.getContentType());
env.set("GATEWAY_INTERFACE", "CGI/1.1");
env.set("PATH_INFO", req.getPathInfo());
env.set("PATH_TRANSLATED", null);
env.set("QUERY_STRING", req.getQueryString());
env.set("REMOTE_ADDR", req.getRemoteAddr());
env.set("REMOTE_HOST", req.getRemoteHost());
env.set("HTTPS", req.isSecure() ? "ON" : "OFF");
// The identity information reported about the connection by a
// RFC 1413 [11] request to the remote agent, if
// available. Servers MAY choose not to support this feature, or
// not to request the data for efficiency reasons.
// "REMOTE_IDENT" => "NYI"
//
env.set("REQUEST_METHOD", req.getMethod());
env.set("SCRIPT_NAME", req.getContextPath() + req.getServletPath());
env.set("SCRIPT_FILENAME", gitwebCgi.toAbsolutePath().toString());
env.set("SERVER_NAME", req.getServerName());
env.set("SERVER_PORT", Integer.toString(req.getServerPort()));
env.set("SERVER_PROTOCOL", req.getProtocol());
env.set("SERVER_SOFTWARE", getServletContext().getServerInfo());
final Enumeration<String> hdrs = enumerateHeaderNames(req);
while (hdrs.hasMoreElements()) {
final String name = hdrs.nextElement();
final String value = req.getHeader(name);
env.set("HTTP_" + name.toUpperCase().replace('-', '_'), value);
}
env.set("GERRIT_CONTEXT_PATH", req.getContextPath() + "/");
env.set("GERRIT_PROJECT_NAME", nameKey.get());
env.set("GITWEB_PROJECTROOT", repoManager.getBasePath(nameKey).toAbsolutePath().toString());
if (permissionBackend.user(anonymousUserProvider).project(nameKey).testOrFalse(ProjectPermission.READ)) {
env.set("GERRIT_ANONYMOUS_READ", "1");
}
String remoteUser = null;
if (userProvider.get().isIdentifiedUser()) {
IdentifiedUser u = userProvider.get().asIdentifiedUser();
String user = u.getUserName();
env.set("GERRIT_USER_NAME", user);
if (user != null && !user.isEmpty()) {
remoteUser = user;
} else {
remoteUser = "account-" + u.getAccountId();
}
}
env.set("REMOTE_USER", remoteUser);
//
if (gitwebUrl != null) {
int schemePort = -1;
if (gitwebUrl.getScheme() != null) {
if (gitwebUrl.getScheme().equals("http")) {
env.set("HTTPS", "OFF");
schemePort = 80;
} else {
env.set("HTTPS", "ON");
schemePort = 443;
}
}
if (gitwebUrl.getHost() != null) {
env.set("SERVER_NAME", gitwebUrl.getHost());
env.set("HTTP_HOST", gitwebUrl.getHost());
}
if (gitwebUrl.getPort() != -1) {
env.set("SERVER_PORT", Integer.toString(gitwebUrl.getPort()));
} else if (schemePort != -1) {
env.set("SERVER_PORT", Integer.toString(schemePort));
}
if (gitwebUrl.getPath() != null) {
env.set("SCRIPT_NAME", gitwebUrl.getPath().isEmpty() ? "/" : gitwebUrl.getPath());
}
}
return env.getEnvArray();
}
Also used :
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
Aggregations
IdentifiedUser (com.google.gerrit.server.IdentifiedUser)48
AuthException (com.google.gerrit.extensions.restapi.AuthException)12
Account (com.google.gerrit.reviewdb.client.Account)10
Change (com.google.gerrit.reviewdb.client.Change)10
CurrentUser (com.google.gerrit.server.CurrentUser)8
ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)7
Project (com.google.gerrit.reviewdb.client.Project)7
ChangeControl (com.google.gerrit.server.project.ChangeControl)7
BadRequestException (com.google.gerrit.extensions.restapi.BadRequestException)6
BatchUpdate (com.google.gerrit.server.update.BatchUpdate)6
ResourceConflictException (com.google.gerrit.extensions.restapi.ResourceConflictException)5
UnprocessableEntityException (com.google.gerrit.extensions.restapi.UnprocessableEntityException)5
AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)5
PatchSet (com.google.gerrit.reviewdb.client.PatchSet)5
OrmException (com.google.gwtorm.server.OrmException)5
Ref (org.eclipse.jgit.lib.Ref)5
Repository (org.eclipse.jgit.lib.Repository)5
Test (org.junit.Test)5
IOException (java.io.IOException)4
ArrayList (java.util.ArrayList)4
