Search in sources :

Example 1 with NoSuchUserException

use of com.google.gerrit.server.auth.NoSuchUserException in project gerrit by GerritCodeReview.

the class ProjectBasicAuthFilter method verify.

private boolean verify(HttpServletRequest req, Response rsp) throws IOException {
    final String hdr = req.getHeader(AUTHORIZATION);
    if (hdr == null || !hdr.startsWith(LIT_BASIC)) {
        // session cookie instead of basic authentication.
        return true;
    }
    final byte[] decoded = Base64.decodeBase64(hdr.substring(LIT_BASIC.length()));
    String usernamePassword = new String(decoded, encoding(req));
    int splitPos = usernamePassword.indexOf(':');
    if (splitPos < 1) {
        rsp.sendError(SC_UNAUTHORIZED);
        return false;
    }
    String username = usernamePassword.substring(0, splitPos);
    String password = usernamePassword.substring(splitPos + 1);
    if (Strings.isNullOrEmpty(password)) {
        rsp.sendError(SC_UNAUTHORIZED);
        return false;
    }
    if (authConfig.isUserNameToLowerCase()) {
        username = username.toLowerCase(Locale.US);
    }
    final AccountState who = accountCache.getByUsername(username);
    if (who == null || !who.getAccount().isActive()) {
        log.warn("Authentication failed for " + username + ": account inactive or not provisioned in Gerrit");
        rsp.sendError(SC_UNAUTHORIZED);
        return false;
    }
    GitBasicAuthPolicy gitBasicAuthPolicy = authConfig.getGitBasicAuthPolicy();
    if (gitBasicAuthPolicy == GitBasicAuthPolicy.HTTP || gitBasicAuthPolicy == GitBasicAuthPolicy.HTTP_LDAP) {
        if (who.checkPassword(password, username)) {
            return succeedAuthentication(who);
        }
    }
    if (gitBasicAuthPolicy == GitBasicAuthPolicy.HTTP) {
        return failAuthentication(rsp, username);
    }
    AuthRequest whoAuth = AuthRequest.forUser(username);
    whoAuth.setPassword(password);
    try {
        AuthResult whoAuthResult = accountManager.authenticate(whoAuth);
        setUserIdentified(whoAuthResult.getAccountId());
        return true;
    } catch (NoSuchUserException e) {
        if (who.checkPassword(password, who.getUserName())) {
            return succeedAuthentication(who);
        }
        log.warn("Authentication failed for " + username, e);
        rsp.sendError(SC_UNAUTHORIZED);
        return false;
    } catch (AuthenticationFailedException e) {
        log.warn("Authentication failed for " + username + ": " + e.getMessage());
        rsp.sendError(SC_UNAUTHORIZED);
        return false;
    } catch (AccountException e) {
        log.warn("Authentication failed for " + username, e);
        rsp.sendError(SC_UNAUTHORIZED);
        return false;
    }
}
Also used : AuthRequest(com.google.gerrit.server.account.AuthRequest) AccountException(com.google.gerrit.server.account.AccountException) AuthenticationFailedException(com.google.gerrit.server.account.AuthenticationFailedException) NoSuchUserException(com.google.gerrit.server.auth.NoSuchUserException) GitBasicAuthPolicy(com.google.gerrit.extensions.client.GitBasicAuthPolicy) AuthResult(com.google.gerrit.server.account.AuthResult) AccountState(com.google.gerrit.server.account.AccountState)

Example 2 with NoSuchUserException

use of com.google.gerrit.server.auth.NoSuchUserException in project gerrit by GerritCodeReview.

the class Helper method findAccount.

LdapQuery.Result findAccount(Helper.LdapSchema schema, DirContext ctx, String username, boolean fetchMemberOf) throws NamingException, AccountException {
    final HashMap<String, String> params = new HashMap<>();
    params.put(LdapRealm.USERNAME, username);
    List<LdapQuery> accountQueryList;
    if (fetchMemberOf && schema.type.accountMemberField() != null) {
        accountQueryList = schema.accountWithMemberOfQueryList;
    } else {
        accountQueryList = schema.accountQueryList;
    }
    for (LdapQuery accountQuery : accountQueryList) {
        List<LdapQuery.Result> res = accountQuery.query(ctx, params);
        if (res.size() == 1) {
            return res.get(0);
        } else if (res.size() > 1) {
            throw new AccountException("Duplicate users: " + username);
        }
    }
    throw new NoSuchUserException(username);
}
Also used : AccountException(com.google.gerrit.server.account.AccountException) HashMap(java.util.HashMap) NoSuchUserException(com.google.gerrit.server.auth.NoSuchUserException) ParameterizedString(com.google.gerrit.common.data.ParameterizedString)

Aggregations

AccountException (com.google.gerrit.server.account.AccountException)2 NoSuchUserException (com.google.gerrit.server.auth.NoSuchUserException)2 ParameterizedString (com.google.gerrit.common.data.ParameterizedString)1 GitBasicAuthPolicy (com.google.gerrit.extensions.client.GitBasicAuthPolicy)1 AccountState (com.google.gerrit.server.account.AccountState)1 AuthRequest (com.google.gerrit.server.account.AuthRequest)1 AuthResult (com.google.gerrit.server.account.AuthResult)1 AuthenticationFailedException (com.google.gerrit.server.account.AuthenticationFailedException)1 HashMap (java.util.HashMap)1