Account REST API: fix the key setting in RestApiServlet

The previous code creates a new PropertyKey both in RestApiServlet and
GetExternalIds. These two keys are actually different, which must be the
same to get the right external id.

Add a PropertyKey in CurrentUser to get the external id. It can't be added in
IdentifiedUser as the RestApiServlet will be called by anonymous users, too.

Change-Id: If1f4a31e3fc2c781c99aad786de4e741ee626e06

gerrit-httpd/src/main/java/com/google/gerrit/httpd/restapi/RestApiServlet.java

@@ -1078,9 +1078,8 @@ public class RestApiServlet extends HttpServlet {
     CurrentUser user = globals.currentUser.get();
     if (isRead(req)) {
       user.setAccessPath(AccessPath.REST_API);
-      CurrentUser.PropertyKey<AccountExternalId.Key> k =
+      user.setLastLoginExternalIdKey(
-          CurrentUser.PropertyKey.create();
+          globals.webSession.get().getLastLoginExternalId());
-      user.put(k, globals.webSession.get().getLastLoginExternalId());
     } else if (user instanceof AnonymousUser) {
       throw new AuthException("Authentication required");
     } else if (!globals.webSession.get().isAccessPathOk(AccessPath.REST_API)) {

gerrit-server/src/main/java/com/google/gerrit/server/CurrentUser.java

@@ -16,6 +16,7 @@ package com.google.gerrit.server;
 
 import com.google.gerrit.common.Nullable;
 import com.google.gerrit.reviewdb.client.Account;
+import com.google.gerrit.reviewdb.client.AccountExternalId;
 import com.google.gerrit.server.account.CapabilityControl;
 import com.google.gerrit.server.account.GroupMembership;
 import com.google.inject.servlet.RequestScoped;
@@ -45,6 +46,8 @@ public abstract class CurrentUser {
   private AccessPath accessPath = AccessPath.UNKNOWN;
 
   private CapabilityControl capabilities;
+  private PropertyKey<AccountExternalId.Key> lastLoginExternalIdPropertyKey =
+      PropertyKey.create();
 
   protected CurrentUser(CapabilityControl.Factory capabilityControlFactory) {
     this.capabilityControlFactory = capabilityControlFactory;
@@ -150,4 +153,12 @@ public abstract class CurrentUser {
    */
   public <T> void put(PropertyKey<T> key, @Nullable T value) {
   }
+
+  public void setLastLoginExternalIdKey(AccountExternalId.Key externalIdKey) {
+    put(lastLoginExternalIdPropertyKey, externalIdKey);
+  }
+
+  public AccountExternalId.Key getLastLoginExternalIdKey() {
+    return get(lastLoginExternalIdPropertyKey);
+  }
 }

gerrit-server/src/main/java/com/google/gerrit/server/account/GetExternalIds.java

@@ -72,9 +72,8 @@ public class GetExternalIds implements RestReadView<AccountResource> {
       // establish this web session, and if only if an identity was
       // actually used to establish this web session.
       if (!id.isScheme(SCHEME_USERNAME)) {
-        CurrentUser.PropertyKey<AccountExternalId.Key> k =
+        AccountExternalId.Key last = resource.getUser()
-            CurrentUser.PropertyKey.create();
+            .getLastLoginExternalIdKey();
-        AccountExternalId.Key last = resource.getUser().get(k);
         info.canDelete =
             toBoolean(last != null && !last.get().equals(info.identity));
       }