Examples with AccountState com.google.gerrit.server.account.AccountState used on opensource projects
Example 6 with AccountState
use of com.google.gerrit.server.account.AccountState in project gerrit by GerritCodeReview.
the class ContainerAuthFilter method verify.
private boolean verify(HttpServletRequest req, HttpServletResponse rsp) throws IOException {
String username = RemoteUserUtil.getRemoteUser(req, loginHttpHeader);
if (username == null) {
rsp.sendError(SC_FORBIDDEN);
return false;
}
if (config.getBoolean("auth", "userNameToLowerCase", false)) {
username = username.toLowerCase(Locale.US);
}
final AccountState who = accountCache.getByUsername(username);
if (who == null || !who.getAccount().isActive()) {
rsp.sendError(SC_UNAUTHORIZED);
return false;
}
WebSession ws = session.get();
ws.setUserAccountId(who.getAccount().getId());
ws.setAccessPathOk(AccessPath.GIT, true);
ws.setAccessPathOk(AccessPath.REST_API, true);
return true;
}
Also used :
AccountState(com.google.gerrit.server.account.AccountState)
Example 7 with AccountState
use of com.google.gerrit.server.account.AccountState in project gerrit by GerritCodeReview.
the class ProjectOAuthFilter method verify.
private boolean verify(HttpServletRequest req, Response rsp) throws IOException {
AuthInfo authInfo = null;
// first check if there is a BASIC authentication header
String hdr = req.getHeader(AUTHORIZATION);
if (hdr != null && hdr.startsWith(BASIC)) {
authInfo = extractAuthInfo(hdr, encoding(req));
if (authInfo == null) {
rsp.sendError(SC_UNAUTHORIZED);
return false;
}
} else {
// if there is no BASIC authentication header, check if there is
// a cookie starting with the prefix "git-"
Cookie cookie = findGitCookie(req);
if (cookie != null) {
authInfo = extractAuthInfo(cookie);
if (authInfo == null) {
rsp.sendError(SC_UNAUTHORIZED);
return false;
}
} else {
// an anonymous connection, or there might be a session cookie
return true;
}
}
// if there is authentication information but no secret => 401
if (Strings.isNullOrEmpty(authInfo.tokenOrSecret)) {
rsp.sendError(SC_UNAUTHORIZED);
return false;
}
AccountState who = accountCache.getByUsername(authInfo.username);
if (who == null || !who.getAccount().isActive()) {
log.warn("Authentication failed for " + authInfo.username + ": account inactive or not provisioned in Gerrit");
rsp.sendError(SC_UNAUTHORIZED);
return false;
}
AuthRequest authRequest = AuthRequest.forExternalUser(authInfo.username);
authRequest.setEmailAddress(who.getAccount().getPreferredEmail());
authRequest.setDisplayName(who.getAccount().getFullName());
authRequest.setPassword(authInfo.tokenOrSecret);
authRequest.setAuthPlugin(authInfo.pluginName);
authRequest.setAuthProvider(authInfo.exportName);
try {
AuthResult authResult = accountManager.authenticate(authRequest);
WebSession ws = session.get();
ws.setUserAccountId(authResult.getAccountId());
ws.setAccessPathOk(AccessPath.GIT, true);
ws.setAccessPathOk(AccessPath.REST_API, true);
return true;
} catch (AccountException e) {
log.warn("Authentication failed for " + authInfo.username, e);
rsp.sendError(SC_UNAUTHORIZED);
return false;
}
}
Also used :
Cookie(javax.servlet.http.Cookie)
AuthRequest(com.google.gerrit.server.account.AuthRequest)
AccountException(com.google.gerrit.server.account.AccountException)
AuthResult(com.google.gerrit.server.account.AuthResult)
AccountState(com.google.gerrit.server.account.AccountState)
Example 8 with AccountState
use of com.google.gerrit.server.account.AccountState in project gerrit by GerritCodeReview.
the class GerritPublicKeyChecker method checkIdsForArbitraryUser.
private CheckResult checkIdsForArbitraryUser(PGPPublicKey key) throws PGPException, OrmException {
List<AccountState> accountStates = accountQueryProvider.get().byExternalId(toExtIdKey(key));
if (accountStates.isEmpty()) {
return CheckResult.bad("Key is not associated with any users");
}
if (accountStates.size() > 1) {
return CheckResult.bad("Key is associated with multiple users");
}
IdentifiedUser user = userFactory.create(accountStates.get(0));
Set<String> allowedUserIds = getAllowedUserIds(user);
if (allowedUserIds.isEmpty()) {
return CheckResult.bad("No identities found for user");
}
if (hasAllowedUserId(key, allowedUserIds)) {
return CheckResult.trusted();
}
return CheckResult.bad("Key does not contain any valid certifications for user's identities");
}
Also used :
AccountState(com.google.gerrit.server.account.AccountState)
PublicKeyStore.keyIdToString(com.google.gerrit.gpg.PublicKeyStore.keyIdToString)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
Example 9 with AccountState
use of com.google.gerrit.server.account.AccountState in project gerrit by GerritCodeReview.
the class InternalAuthBackend method authenticate.
// TODO(gerritcodereview-team): This function has no coverage.
@Override
public AuthUser authenticate(AuthRequest req) throws MissingCredentialsException, InvalidCredentialsException, UnknownUserException, UserNotAllowedException, AuthException {
if (Strings.isNullOrEmpty(req.getUsername()) || Strings.isNullOrEmpty(req.getPassword())) {
throw new MissingCredentialsException();
}
String username;
if (authConfig.isUserNameToLowerCase()) {
username = req.getUsername().toLowerCase(Locale.US);
} else {
username = req.getUsername();
}
final AccountState who = accountCache.getByUsername(username);
if (who == null) {
throw new UnknownUserException();
} else if (!who.getAccount().isActive()) {
throw new UserNotAllowedException("Authentication failed for " + username + ": account inactive or not provisioned in Gerrit");
}
if (!who.checkPassword(req.getPassword(), username)) {
throw new InvalidCredentialsException();
}
return new AuthUser(AuthUser.UUID.create(username), username);
}
Also used :
AccountState(com.google.gerrit.server.account.AccountState)
Example 10 with AccountState
use of com.google.gerrit.server.account.AccountState in project gerrit by GerritCodeReview.
the class FromAddressGeneratorProviderTest method user.
private Account.Id user(final String name, final String email) {
final AccountState s = makeUser(name, email);
expect(accountCache.get(eq(s.getAccount().getId()))).andReturn(s);
return s.getAccount().getId();
}
Also used :
AccountState(com.google.gerrit.server.account.AccountState)
Aggregations
AccountState (com.google.gerrit.server.account.AccountState)15
Account (com.google.gerrit.reviewdb.client.Account)4
AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)2
IdentifiedUser (com.google.gerrit.server.IdentifiedUser)2
AccountException (com.google.gerrit.server.account.AccountException)2
AuthRequest (com.google.gerrit.server.account.AuthRequest)2
AuthResult (com.google.gerrit.server.account.AuthResult)2
Capable (com.google.gerrit.common.data.Capable)1
AccountMapping (com.google.gerrit.elasticsearch.ElasticAccountIndex.AccountMapping)1
ChangeMapping (com.google.gerrit.elasticsearch.ElasticChangeIndex.ChangeMapping)1
GroupMapping (com.google.gerrit.elasticsearch.ElasticGroupIndex.GroupMapping)1
AuthType (com.google.gerrit.extensions.client.AuthType)1
GeneralPreferencesInfo (com.google.gerrit.extensions.client.GeneralPreferencesInfo)1
GitBasicAuthPolicy (com.google.gerrit.extensions.client.GitBasicAuthPolicy)1
AuthException (com.google.gerrit.extensions.restapi.AuthException)1
BadRequestException (com.google.gerrit.extensions.restapi.BadRequestException)1
MethodNotAllowedException (com.google.gerrit.extensions.restapi.MethodNotAllowedException)1
ResourceConflictException (com.google.gerrit.extensions.restapi.ResourceConflictException)1
UnprocessableEntityException (com.google.gerrit.extensions.restapi.UnprocessableEntityException)1
PublicKeyStore.keyIdToString (com.google.gerrit.gpg.PublicKeyStore.keyIdToString)1
