Use the email address when looking for existing Google Account records

If Gerrit is aliased under multiple DNS names and/or HTTP ports we may have asked Google Accounts to generate us different OpenID strings for the same user identity. By looking for an existing Google Account key using the email address we can avoid creating a duplicate account for the user if they login to the same database, but through a CNAME alias. Signed-off-by: Shawn O. Pearce <sop@google.com>
2008-12-31 09:16:28 -08:00
parent eb76024bd4
commit 00d7a99e3e
3 changed files with 20 additions and 2 deletions
--- a/appjar/src/main/java/com/google/gerrit/client/reviewdb/AccountExternalIdAccess.java
+++ b/appjar/src/main/java/com/google/gerrit/client/reviewdb/AccountExternalIdAccess.java
@@ -30,4 +30,7 @@ public interface AccountExternalIdAccess extends

  @Query("WHERE key.accountId = ?")
  ResultSet<AccountExternalId> byAccount(Account.Id id) throws OrmException;
+
+  @Query("WHERE emailAddress = ?")
+  ResultSet<AccountExternalId> byEmailAddress(String email) throws OrmException;
 }
--- a/appjar/src/main/java/com/google/gerrit/server/LoginServlet.java
+++ b/appjar/src/main/java/com/google/gerrit/server/LoginServlet.java
@@ -301,7 +301,7 @@ public class LoginServlet extends HttpServlet {
    AccountExternalId acctExt = lookup(extAccess, user.getIdentity());

    if (acctExt == null && email != null && isGoogleAccount(user)) {
-      acctExt = lookup(extAccess, "GoogleAccount/" + email);
+      acctExt = lookupGoogleAccount(extAccess, email);
      if (acctExt != null) {
        // Legacy user from Gerrit 1? Attach the OpenID identity.
        //
@@ -428,6 +428,21 @@ public class LoginServlet extends HttpServlet {
    return user.getIdentity().startsWith(GoogleAccountDiscovery.GOOGLE_ACCOUNT);
  }

+  private static boolean isGoogleAccount(final AccountExternalId user) {
+    return user.getExternalId().startsWith(GoogleAccountDiscovery.GOOGLE_ACCOUNT);
+  }
+
+  private static AccountExternalId lookupGoogleAccount(
+      final AccountExternalIdAccess extAccess, final String email)
+      throws OrmException {
+    for (final AccountExternalId e : extAccess.byEmailAddress(email)) {
+      if (isGoogleAccount(e)) {
+        return e;
+      }
+    }
+    return null;
+  }
+
  private void modeChkSetCookie(final HttpServletRequest req,
      final HttpServletResponse rsp, final boolean isCheck) throws IOException {
    final String exp = req.getParameter(Gerrit.ACCOUNT_COOKIE);