use of com.google.gerrit.server.auth.NoSuchUserException in project gerrit by GerritCodeReview.
the class ProjectBasicAuthFilter method verify.
private boolean verify(HttpServletRequest req, Response rsp) throws IOException {
final String hdr = req.getHeader(AUTHORIZATION);
if (hdr == null || !hdr.startsWith(LIT_BASIC)) {
// session cookie instead of basic authentication.
return true;
}
final byte[] decoded = Base64.decodeBase64(hdr.substring(LIT_BASIC.length()));
String usernamePassword = new String(decoded, encoding(req));
int splitPos = usernamePassword.indexOf(':');
if (splitPos < 1) {
rsp.sendError(SC_UNAUTHORIZED);
return false;
}
String username = usernamePassword.substring(0, splitPos);
String password = usernamePassword.substring(splitPos + 1);
if (Strings.isNullOrEmpty(password)) {
rsp.sendError(SC_UNAUTHORIZED);
return false;
}
if (authConfig.isUserNameToLowerCase()) {
username = username.toLowerCase(Locale.US);
}
final AccountState who = accountCache.getByUsername(username);
if (who == null || !who.getAccount().isActive()) {
log.warn("Authentication failed for " + username + ": account inactive or not provisioned in Gerrit");
rsp.sendError(SC_UNAUTHORIZED);
return false;
}
GitBasicAuthPolicy gitBasicAuthPolicy = authConfig.getGitBasicAuthPolicy();
if (gitBasicAuthPolicy == GitBasicAuthPolicy.HTTP || gitBasicAuthPolicy == GitBasicAuthPolicy.HTTP_LDAP) {
if (who.checkPassword(password, username)) {
return succeedAuthentication(who);
}
}
if (gitBasicAuthPolicy == GitBasicAuthPolicy.HTTP) {
return failAuthentication(rsp, username);
}
AuthRequest whoAuth = AuthRequest.forUser(username);
whoAuth.setPassword(password);
try {
AuthResult whoAuthResult = accountManager.authenticate(whoAuth);
setUserIdentified(whoAuthResult.getAccountId());
return true;
} catch (NoSuchUserException e) {
if (who.checkPassword(password, who.getUserName())) {
return succeedAuthentication(who);
}
log.warn("Authentication failed for " + username, e);
rsp.sendError(SC_UNAUTHORIZED);
return false;
} catch (AuthenticationFailedException e) {
log.warn("Authentication failed for " + username + ": " + e.getMessage());
rsp.sendError(SC_UNAUTHORIZED);
return false;
} catch (AccountException e) {
log.warn("Authentication failed for " + username, e);
rsp.sendError(SC_UNAUTHORIZED);
return false;
}
}
use of com.google.gerrit.server.auth.NoSuchUserException in project gerrit by GerritCodeReview.
the class Helper method findAccount.
LdapQuery.Result findAccount(Helper.LdapSchema schema, DirContext ctx, String username, boolean fetchMemberOf) throws NamingException, AccountException {
final HashMap<String, String> params = new HashMap<>();
params.put(LdapRealm.USERNAME, username);
List<LdapQuery> accountQueryList;
if (fetchMemberOf && schema.type.accountMemberField() != null) {
accountQueryList = schema.accountWithMemberOfQueryList;
} else {
accountQueryList = schema.accountQueryList;
}
for (LdapQuery accountQuery : accountQueryList) {
List<LdapQuery.Result> res = accountQuery.query(ctx, params);
if (res.size() == 1) {
return res.get(0);
} else if (res.size() > 1) {
throw new AccountException("Duplicate users: " + username);
}
}
throw new NoSuchUserException(username);
}
Aggregations