Use the email address when looking for existing Google Account records
If Gerrit is aliased under multiple DNS names and/or HTTP ports we may have asked Google Accounts to generate us different OpenID strings for the same user identity. By looking for an existing Google Account key using the email address we can avoid creating a duplicate account for the user if they login to the same database, but through a CNAME alias. Signed-off-by: Shawn O. Pearce <sop@google.com>
This commit is contained in:
Shawn O. Pearce
@@ -30,4 +30,7 @@ public interface AccountExternalIdAccess extends
|
|||||||
|
|
||||||
@Query("WHERE key.accountId = ?")
|
@Query("WHERE key.accountId = ?")
|
||||||
ResultSet<AccountExternalId> byAccount(Account.Id id) throws OrmException;
|
ResultSet<AccountExternalId> byAccount(Account.Id id) throws OrmException;
|
||||||
|
|
||||||
|
@Query("WHERE emailAddress = ?")
|
||||||
|
ResultSet<AccountExternalId> byEmailAddress(String email) throws OrmException;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -301,7 +301,7 @@ public class LoginServlet extends HttpServlet {
|
|||||||
AccountExternalId acctExt = lookup(extAccess, user.getIdentity());
|
AccountExternalId acctExt = lookup(extAccess, user.getIdentity());
|
||||||
|
|
||||||
if (acctExt == null && email != null && isGoogleAccount(user)) {
|
if (acctExt == null && email != null && isGoogleAccount(user)) {
|
||||||
acctExt = lookup(extAccess, "GoogleAccount/" + email);
|
acctExt = lookupGoogleAccount(extAccess, email);
|
||||||
if (acctExt != null) {
|
if (acctExt != null) {
|
||||||
// Legacy user from Gerrit 1? Attach the OpenID identity.
|
// Legacy user from Gerrit 1? Attach the OpenID identity.
|
||||||
//
|
//
|
||||||
@@ -428,6 +428,21 @@ public class LoginServlet extends HttpServlet {
|
|||||||
return user.getIdentity().startsWith(GoogleAccountDiscovery.GOOGLE_ACCOUNT);
|
return user.getIdentity().startsWith(GoogleAccountDiscovery.GOOGLE_ACCOUNT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static boolean isGoogleAccount(final AccountExternalId user) {
|
||||||
|
return user.getExternalId().startsWith(GoogleAccountDiscovery.GOOGLE_ACCOUNT);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static AccountExternalId lookupGoogleAccount(
|
||||||
|
final AccountExternalIdAccess extAccess, final String email)
|
||||||
|
throws OrmException {
|
||||||
|
for (final AccountExternalId e : extAccess.byEmailAddress(email)) {
|
||||||
|
if (isGoogleAccount(e)) {
|
||||||
|
return e;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
private void modeChkSetCookie(final HttpServletRequest req,
|
private void modeChkSetCookie(final HttpServletRequest req,
|
||||||
final HttpServletResponse rsp, final boolean isCheck) throws IOException {
|
final HttpServletResponse rsp, final boolean isCheck) throws IOException {
|
||||||
final String exp = req.getParameter(Gerrit.ACCOUNT_COOKIE);
|
final String exp = req.getParameter(Gerrit.ACCOUNT_COOKIE);
|
||||||
|
|||||||
@@ -51,7 +51,7 @@ INSERT INTO account_external_ids
|
|||||||
external_id,
|
external_id,
|
||||||
email_address) SELECT
|
email_address) SELECT
|
||||||
l.account_id,
|
l.account_id,
|
||||||
'GoogleAccount/' || a.user_email,
|
'https://www.google.com/accounts/o8/id?',
|
||||||
a.user_email
|
a.user_email
|
||||||
FROM gerrit1.accounts a, accounts l
|
FROM gerrit1.accounts a, accounts l
|
||||||
WHERE l.preferred_email = a.user_email;
|
WHERE l.preferred_email = a.user_email;
|
||||||
|
|||||||
Reference in New Issue
Block a user