opendev/gerrit
Code Issues Proposed changes

Format all Java files with google-java-format

Browse Source 
Having a standard tool for formatting saves reviewers' valuable time.
google-java-format is Google's standard formatter and is somewhat
inspired by gofmt[1]. This commit formats everything using
google-java-format version 1.2.

The downside of this one-off formatting is breaking blame. This can be
somewhat hacked around with a tool like git-hyper-blame[2], but it's
definitely not optimal until/unless this kind of feature makes its way
to git core.

Not in this change:
* Tool support, e.g. Eclipse. The command must be run manually [3].
* Documentation of best practice, e.g. new 100-column default.

[1] https://talks.golang.org/2015/gofmt-en.slide#3
[2] https://commondatastorage.googleapis.com/chrome-infra-docs/flat/depot_tools/docs/html/git-hyper-blame.html
[3] git ls-files | grep java$ | xargs google-java-format -i

Change-Id: Id5f3c6de95ce0b68b41f0a478b5c99a93675aaa3
Signed-off-by: David Pursehouse <dpursehouse@collab.net>
This commit is contained in:
Dave Borowitz
2016-11-13 09:56:32 -08:00
committed by David Pursehouse
parent 6723b6d0fa
commit 292fa154c1
2443 changed files with 54816 additions and 57825 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/DiscoveryResult.java
View File

@@ -32,8 +32,7 @@ final class DiscoveryResult {
String providerUrl;
Map<String, String> providerArgs;
DiscoveryResult() {
}
DiscoveryResult() {}
DiscoveryResult(String redirect, Map<String, String> args) {
status = Status.VALID;

112
gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/LoginForm.java
View File

@@ -37,32 +37,30 @@ import com.google.gerrit.server.config.GerritServerConfig;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jgit.lib.Config;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import java.io.IOException;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/** Handles OpenID based login flow. */
@SuppressWarnings("serial")
@Singleton
class LoginForm extends HttpServlet {
private static final Logger log = LoggerFactory.getLogger(LoginForm.class);
private static final ImmutableMap<String, String> ALL_PROVIDERS = ImmutableMap.of(
"launchpad", OpenIdUrls.URL_LAUNCHPAD,
"yahoo", OpenIdUrls.URL_YAHOO);
private static final ImmutableMap<String, String> ALL_PROVIDERS =
ImmutableMap.of(
"launchpad", OpenIdUrls.URL_LAUNCHPAD,
"yahoo", OpenIdUrls.URL_YAHOO);
private final ImmutableSet<String> suggestProviders;
private final Provider<String> urlProvider;
@@ -87,9 +85,7 @@ class LoginForm extends HttpServlet {
this.urlProvider = urlProvider;
this.impl = impl;
this.header = header;
this.maxRedirectUrlLength = config.getInt(
"openid", "maxRedirectUrlLength",
10);
this.maxRedirectUrlLength = config.getInt("openid", "maxRedirectUrlLength", 10);
this.oauthSessionProvider = oauthSessionProvider;
this.currentUserProvider = currentUserProvider;
this.oauthServiceProviders = oauthServiceProviders;
@@ -114,8 +110,7 @@ class LoginForm extends HttpServlet {
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse res)
throws IOException {
protected void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException {
if (ssoUrl != null) {
String token = LoginUrlToken.getToken(req);
SignInMode mode;
@@ -138,8 +133,7 @@ class LoginForm extends HttpServlet {
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse res)
throws IOException {
protected void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException {
boolean link = req.getParameter("link") != null;
String id = Strings.nullToEmpty(req.getParameter("id")).trim();
if (id.isEmpty()) {
@@ -175,12 +169,10 @@ class LoginForm extends HttpServlet {
} else {
log.debug("OAuth provider \"{}\"", id);
OAuthSessionOverOpenID oauthSession = oauthSessionProvider.get();
if (!currentUserProvider.get().isIdentifiedUser()
&& oauthSession.isLoggedIn()) {
if (!currentUserProvider.get().isIdentifiedUser() && oauthSession.isLoggedIn()) {
oauthSession.logout();
}
if ((isGerritLogin(req)
|| oauthSession.isOAuthFinal(req))) {
if ((isGerritLogin(req) || oauthSession.isOAuthFinal(req))) {
oauthSession.setServiceProvider(oauthProvider);
oauthSession.setLinkMode(link);
oauthSession.login(req, res, oauthProvider);
@@ -188,8 +180,14 @@ class LoginForm extends HttpServlet {
}
}
private void discover(HttpServletRequest req, HttpServletResponse res,
boolean link, String id, boolean remember, String token, SignInMode mode)
private void discover(
HttpServletRequest req,
HttpServletResponse res,
boolean link,
String id,
boolean remember,
String token,
SignInMode mode)
throws IOException {
if (ssoUrl != null) {
remember = false;
@@ -202,8 +200,7 @@ class LoginForm extends HttpServlet {
break;
case NO_PROVIDER:
sendForm(req, res, link,
"Provider is not supported, or was incorrectly entered.");
sendForm(req, res, link, "Provider is not supported, or was incorrectly entered.");
break;
case ERROR:
@@ -212,8 +209,7 @@ class LoginForm extends HttpServlet {
}
}
private void redirect(DiscoveryResult r, HttpServletResponse res)
throws IOException {
private void redirect(DiscoveryResult r, HttpServletResponse res) throws IOException {
StringBuilder url = new StringBuilder();
url.append(r.providerUrl);
if (r.providerArgs != null && !r.providerArgs.isEmpty()) {
@@ -225,9 +221,7 @@ class LoginForm extends HttpServlet {
} else {
url.append('&');
}
url.append(Url.encode(arg.getKey()))
.append('=')
.append(Url.encode(arg.getValue()));
url.append(Url.encode(arg.getKey())).append('=').append(Url.encode(arg.getValue()));
}
}
if (url.length() <= maxRedirectUrlLength) {
@@ -250,11 +244,11 @@ class LoginForm extends HttpServlet {
sendHtml(res, doc);
}
private void sendForm(HttpServletRequest req, HttpServletResponse res,
boolean link, @Nullable String errorMessage) throws IOException {
private void sendForm(
HttpServletRequest req, HttpServletResponse res, boolean link, @Nullable String errorMessage)
throws IOException {
String self = req.getRequestURI();
String cancel = MoreObjects.firstNonNull(
urlProvider != null ? urlProvider.get() : "/", "/");
String cancel = MoreObjects.firstNonNull(urlProvider != null ? urlProvider.get() : "/", "/");
cancel += LoginUrlToken.getToken(req);
Document doc = header.parse(LoginForm.class, "LoginForm.html");
@@ -305,20 +299,16 @@ class LoginForm extends HttpServlet {
Element providers = HtmlDomUtil.find(doc, "providers");
Set<String> plugins = oauthServiceProviders.plugins();
for (String pluginName : plugins) {
Map<String, Provider<OAuthServiceProvider>> m =
oauthServiceProviders.byPlugin(pluginName);
for (Map.Entry<String, Provider<OAuthServiceProvider>> e
: m.entrySet()) {
addProvider(providers, link, pluginName, e.getKey(),
e.getValue().get().getName());
}
Map<String, Provider<OAuthServiceProvider>> m = oauthServiceProviders.byPlugin(pluginName);
for (Map.Entry<String, Provider<OAuthServiceProvider>> e : m.entrySet()) {
addProvider(providers, link, pluginName, e.getKey(), e.getValue().get().getName());
}
}
sendHtml(res, doc);
}
private void sendHtml(HttpServletResponse res, Document doc)
throws IOException {
private void sendHtml(HttpServletResponse res, Document doc) throws IOException {
byte[] bin = HtmlDomUtil.toUTF8(doc);
res.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
res.setContentType("text/html");
@@ -329,20 +319,18 @@ class LoginForm extends HttpServlet {
}
}
private static void addProvider(Element form, boolean link,
String pluginName, String id, String serviceName) {
private static void addProvider(
Element form, boolean link, String pluginName, String id, String serviceName) {
Element div = form.getOwnerDocument().createElement("div");
div.setAttribute("id", id);
Element hyperlink = form.getOwnerDocument().createElement("a");
StringBuilder u = new StringBuilder(String.format("?id=%s_%s",
pluginName, id));
StringBuilder u = new StringBuilder(String.format("?id=%s_%s", pluginName, id));
if (link) {
u.append("&link");
}
hyperlink.setAttribute("href", u.toString());
hyperlink.setTextContent(serviceName +
" (" + pluginName + " plugin)");
hyperlink.setTextContent(serviceName + " (" + pluginName + " plugin)");
div.appendChild(hyperlink);
form.appendChild(div);
}
@@ -353,15 +341,12 @@ class LoginForm extends HttpServlet {
}
Set<String> plugins = oauthServiceProviders.plugins();
for (String pluginName : plugins) {
Map<String, Provider<OAuthServiceProvider>> m =
oauthServiceProviders.byPlugin(pluginName);
for (Map.Entry<String, Provider<OAuthServiceProvider>> e
: m.entrySet()) {
if (providerId.equals(
String.format("%s_%s", pluginName, e.getKey()))) {
return e.getValue().get();
}
Map<String, Provider<OAuthServiceProvider>> m = oauthServiceProviders.byPlugin(pluginName);
for (Map.Entry<String, Provider<OAuthServiceProvider>> e : m.entrySet()) {
if (providerId.equals(String.format("%s_%s", pluginName, e.getKey()))) {
return e.getValue().get();
}
}
}
return null;
}
@@ -379,7 +364,6 @@ class LoginForm extends HttpServlet {
}
private static boolean isGerritLogin(HttpServletRequest request) {
return request.getRequestURI().indexOf(
OAuthSessionOverOpenID.GERRIT_LOGIN) >= 0;
return request.getRequestURI().indexOf(OAuthSessionOverOpenID.GERRIT_LOGIN) >= 0;
}
}

8
gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthOverOpenIDLogoutServlet.java
View File

@@ -24,9 +24,7 @@ import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -37,7 +35,8 @@ class OAuthOverOpenIDLogoutServlet extends HttpLogoutServlet {
private final Provider<OAuthSessionOverOpenID> oauthSession;
@Inject
OAuthOverOpenIDLogoutServlet(AuthConfig authConfig,
OAuthOverOpenIDLogoutServlet(
AuthConfig authConfig,
DynamicItem<WebSession> webSession,
@CanonicalWebUrl @Nullable Provider<String> urlProvider,
AuditService audit,
@@ -47,8 +46,7 @@ class OAuthOverOpenIDLogoutServlet extends HttpLogoutServlet {
}
@Override
protected void doLogout(HttpServletRequest req, HttpServletResponse rsp)
throws IOException {
protected void doLogout(HttpServletRequest req, HttpServletResponse rsp) throws IOException {
super.doLogout(req, rsp);
if (req.getSession(false) != null) {
oauthSession.get().logout();

65
gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthSessionOverOpenID.java
View File

@@ -35,26 +35,22 @@ import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.servlet.SessionScoped;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Optional;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** OAuth protocol implementation */
@SessionScoped
class OAuthSessionOverOpenID {
static final String GERRIT_LOGIN = "/login";
private static final Logger log = LoggerFactory.getLogger(
OAuthSessionOverOpenID.class);
private static final Logger log = LoggerFactory.getLogger(OAuthSessionOverOpenID.class);
private static final SecureRandom randomState = newRandomGenerator();
private final String state;
private final DynamicItem<WebSession> webSession;
@@ -68,7 +64,8 @@ class OAuthSessionOverOpenID {
private boolean linkMode;
@Inject
OAuthSessionOverOpenID(DynamicItem<WebSession> webSession,
OAuthSessionOverOpenID(
DynamicItem<WebSession> webSession,
Provider<IdentifiedUser> identifiedUser,
AccountManager accountManager,
CanonicalWebUrl urlProvider) {
@@ -87,8 +84,9 @@ class OAuthSessionOverOpenID {
return Strings.emptyToNull(request.getParameter("code")) != null;
}
boolean login(HttpServletRequest request, HttpServletResponse response,
OAuthServiceProvider oauth) throws IOException {
boolean login(
HttpServletRequest request, HttpServletResponse response, OAuthServiceProvider oauth)
throws IOException {
log.debug("Login " + this);
if (isOAuthFinal(request)) {
@@ -111,20 +109,18 @@ class OAuthSessionOverOpenID {
}
log.debug("Login-PHASE1 " + this);
redirectToken = LoginUrlToken.getToken(request);
response.sendRedirect(oauth.getAuthorizationUrl() +
"&state=" + state);
response.sendRedirect(oauth.getAuthorizationUrl() + "&state=" + state);
return false;
}
private void authenticateAndRedirect(HttpServletRequest req,
HttpServletResponse rsp) throws IOException {
private void authenticateAndRedirect(HttpServletRequest req, HttpServletResponse rsp)
throws IOException {
com.google.gerrit.server.account.AuthRequest areq =
new com.google.gerrit.server.account.AuthRequest(user.getExternalId());
AuthResult arsp = null;
try {
String claimedIdentifier = user.getClaimedIdentity();
Optional<Account.Id> actualId =
accountManager.lookup(user.getExternalId());
Optional<Account.Id> actualId = accountManager.lookup(user.getExternalId());
Optional<Account.Id> claimedId = Optional.empty();
// We try to retrieve claimed identity.
@@ -152,10 +148,17 @@ class OAuthSessionOverOpenID {
// This is (for now) a fatal error. There are two records
// for what might be the same user. The admin would have to
// link the accounts manually.
log.error("OAuth accounts disagree over user identity:\n"
+ " Claimed ID: " + claimedId.get() + " is " + claimedIdentifier
+ "\n" + " Delgate ID: " + actualId.get() + " is "
+ user.getExternalId());
log.error(
"OAuth accounts disagree over user identity:\n"
+ " Claimed ID: "
+ claimedId.get()
+ " is "
+ claimedIdentifier
+ "\n"
+ " Delgate ID: "
+ actualId.get()
+ " is "
+ user.getExternalId());
rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
@@ -165,9 +168,14 @@ class OAuthSessionOverOpenID {
try {
accountManager.link(claimedId.get(), areq);
} catch (OrmException e) {
log.error("Cannot link: " + user.getExternalId()
+ " to user identity:\n"
+ " Claimed ID: " + claimedId.get() + " is " + claimedIdentifier);
log.error(
"Cannot link: "
+ user.getExternalId()
+ " to user identity:\n"
+ " Claimed ID: "
+ claimedId.get()
+ " is "
+ claimedIdentifier);
rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
@@ -176,12 +184,10 @@ class OAuthSessionOverOpenID {
// Use case 2: link mode activated from the UI
Account.Id accountId = identifiedUser.get().getAccountId();
try {
log.debug("Linking \"{}\" to \"{}\"", user.getExternalId(),
accountId);
log.debug("Linking \"{}\" to \"{}\"", user.getExternalId(), accountId);
accountManager.link(accountId, areq);
} catch (OrmException e) {
log.error("Cannot link: " + user.getExternalId()
+ " to user identity: " + accountId);
log.error("Cannot link: " + user.getExternalId() + " to user identity: " + accountId);
rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
} finally {
@@ -224,8 +230,7 @@ class OAuthSessionOverOpenID {
try {
return SecureRandom.getInstance("SHA1PRNG");
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException(
"No SecureRandom available for GitHub authentication", e);
throw new IllegalArgumentException("No SecureRandom available for GitHub authentication", e);
}
}

28
gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthWebFilterOverOpenID.java
View File

@@ -20,11 +20,9 @@ import com.google.gerrit.extensions.registration.DynamicMap;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.SortedMap;
import java.util.SortedSet;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -34,7 +32,6 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/** OAuth web filter uses active OAuth session to perform OAuth requests */
@Singleton
class OAuthWebFilterOverOpenID implements Filter {
@@ -45,7 +42,8 @@ class OAuthWebFilterOverOpenID implements Filter {
private OAuthServiceProvider ssoProvider;
@Inject
OAuthWebFilterOverOpenID(DynamicMap<OAuthServiceProvider> oauthServiceProviders,
OAuthWebFilterOverOpenID(
DynamicMap<OAuthServiceProvider> oauthServiceProviders,
Provider<OAuthSessionOverOpenID> oauthSessionProvider) {
this.oauthServiceProviders = oauthServiceProviders;
this.oauthSessionProvider = oauthSessionProvider;
@@ -57,26 +55,24 @@ class OAuthWebFilterOverOpenID implements Filter {
}
@Override
public void destroy() {
}
public void destroy() {}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
OAuthSessionOverOpenID oauthSession = oauthSessionProvider.get();
OAuthServiceProvider service = ssoProvider == null
? oauthSession.getServiceProvider()
: ssoProvider;
OAuthServiceProvider service =
ssoProvider == null ? oauthSession.getServiceProvider() : ssoProvider;
if (isGerritLogin(httpRequest) || oauthSession.isOAuthFinal(httpRequest)) {
if (service == null) {
throw new IllegalStateException("service is unknown");
}
oauthSession.setServiceProvider(service);
oauthSession.login(httpRequest, httpResponse, service);
if (service == null) {
throw new IllegalStateException("service is unknown");
}
oauthSession.setServiceProvider(service);
oauthSession.login(httpRequest, httpResponse, service);
} else {
chain.doFilter(httpRequest, response);
}

2
gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdLoginServlet.java
View File

@@ -17,9 +17,7 @@ package com.google.gerrit.httpd.auth.openid;
import com.google.gwtexpui.server.CacheHeaders;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.IOException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

136
gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java
View File

@@ -34,7 +34,14 @@ import com.google.gwtorm.client.KeyUtil;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.net.URL;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jgit.lib.Config;
import org.openid4java.consumer.ConsumerException;
import org.openid4java.consumer.ConsumerManager;
@@ -59,20 +66,9 @@ import org.openid4java.util.HttpClientFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.net.URL;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Singleton
class OpenIdServiceImpl {
private static final Logger log =
LoggerFactory.getLogger(OpenIdServiceImpl.class);
private static final Logger log = LoggerFactory.getLogger(OpenIdServiceImpl.class);
static final String RETURN_URL = "OpenID";
@@ -85,12 +81,9 @@ class OpenIdServiceImpl {
private static final String OPENID_MODE = "openid.mode";
private static final String OMODE_CANCEL = "cancel";
private static final String SCHEMA_EMAIL =
"http://schema.openid.net/contact/email";
private static final String SCHEMA_FIRSTNAME =
"http://schema.openid.net/namePerson/first";
private static final String SCHEMA_LASTNAME =
"http://schema.openid.net/namePerson/last";
private static final String SCHEMA_EMAIL = "http://schema.openid.net/contact/email";
private static final String SCHEMA_FIRSTNAME = "http://schema.openid.net/namePerson/first";
private static final String SCHEMA_LASTNAME = "http://schema.openid.net/namePerson/last";
private final DynamicItem<WebSession> webSession;
private final Provider<IdentifiedUser> identifiedUser;
@@ -104,16 +97,17 @@ class OpenIdServiceImpl {
private final int papeMaxAuthAge;
@Inject
OpenIdServiceImpl(final DynamicItem<WebSession> cf,
OpenIdServiceImpl(
final DynamicItem<WebSession> cf,
final Provider<IdentifiedUser> iu,
CanonicalWebUrl up,
@GerritServerConfig final Config config, final AuthConfig ac,
@GerritServerConfig final Config config,
final AuthConfig ac,
final AccountManager am,
ProxyProperties proxyProperties) {
if (proxyProperties.getProxyUrl() != null) {
final org.openid4java.util.ProxyProperties proxy =
new org.openid4java.util.ProxyProperties();
final org.openid4java.util.ProxyProperties proxy = new org.openid4java.util.ProxyProperties();
URL url = proxyProperties.getProxyUrl();
proxy.setProxyHostName(url.getHost());
proxy.setProxyPort(url.getPort());
@@ -129,13 +123,24 @@ class OpenIdServiceImpl {
manager = new ConsumerManager();
allowedOpenIDs = ac.getAllowedOpenIDs();
openIdDomains = ac.getOpenIdDomains();
papeMaxAuthAge = (int) ConfigUtil.getTimeUnit(config, //
"auth", null, "maxOpenIdSessionAge", -1, TimeUnit.SECONDS);
papeMaxAuthAge =
(int)
ConfigUtil.getTimeUnit(
config, //
"auth",
null,
"maxOpenIdSessionAge",
-1,
TimeUnit.SECONDS);
}
@SuppressWarnings("unchecked")
DiscoveryResult discover(HttpServletRequest req, String openidIdentifier,
final SignInMode mode, final boolean remember, final String returnToken) {
DiscoveryResult discover(
HttpServletRequest req,
String openidIdentifier,
final SignInMode mode,
final boolean remember,
final String returnToken) {
final State state;
state = init(req, openidIdentifier, mode, remember, returnToken);
if (state == null) {
@@ -174,9 +179,7 @@ class OpenIdServiceImpl {
return new DiscoveryResult(DiscoveryResult.Status.ERROR);
}
return new DiscoveryResult(
aReq.getDestinationUrl(false),
aReq.getParameterMap());
return new DiscoveryResult(aReq.getDestinationUrl(false), aReq.getParameterMap());
}
private boolean requestRegistration(final AuthRequest aReq) {
@@ -200,8 +203,7 @@ class OpenIdServiceImpl {
}
/** Called by {@link OpenIdLoginServlet} doGet, doPost */
void doAuth(final HttpServletRequest req, final HttpServletResponse rsp)
throws Exception {
void doAuth(final HttpServletRequest req, final HttpServletResponse rsp) throws Exception {
if (OMODE_CANCEL.equals(req.getParameter(OPENID_MODE))) {
cancel(req, rsp);
return;
@@ -244,15 +246,17 @@ class OpenIdServiceImpl {
}
final VerificationResult result =
manager.verify(state.retTo.toString(), new ParameterList(req
.getParameterMap()), state.discovered);
manager.verify(
state.retTo.toString(), new ParameterList(req.getParameterMap()), state.discovered);
if (result.getVerifiedId() == null /* authentication failure */) {
if ("Nonce verification failed.".equals(result.getStatusMsg())) {
// We might be suffering from clock skew on this system.
//
log.error("OpenID failure: " + result.getStatusMsg()
+ " Likely caused by clock skew on this server,"
+ " install/configure NTP.");
log.error(
"OpenID failure: "
+ result.getStatusMsg()
+ " Likely caused by clock skew on this server,"
+ " install/configure NTP.");
cancelWithError(req, rsp, result.getStatusMsg());
} else if (result.getStatusMsg() != null) {
@@ -296,8 +300,7 @@ class OpenIdServiceImpl {
}
if (authRsp.hasExtension(SRegMessage.OPENID_NS_SREG)) {
final MessageExtension ext =
authRsp.getExtension(SRegMessage.OPENID_NS_SREG);
final MessageExtension ext = authRsp.getExtension(SRegMessage.OPENID_NS_SREG);
if (ext instanceof SRegResponse) {
sregRsp = (SRegResponse) ext;
}
@@ -366,8 +369,7 @@ class OpenIdServiceImpl {
// link between the two, so set one up if not present.
//
Optional<Account.Id> claimedId = accountManager.lookup(claimedIdentifier);
Optional<Account.Id> actualId =
accountManager.lookup(areq.getExternalId());
Optional<Account.Id> actualId = accountManager.lookup(areq.getExternalId());
if (claimedId.isPresent() && actualId.isPresent()) {
if (claimedId.get().equals(actualId.get())) {
@@ -376,10 +378,17 @@ class OpenIdServiceImpl {
// This is (for now) a fatal error. There are two records
// for what might be the same user.
//
log.error("OpenID accounts disagree over user identity:\n"
+ " Claimed ID: " + claimedId.get() + " is " + claimedIdentifier
+ "\n" + " Delgate ID: " + actualId.get() + " is "
+ areq.getExternalId());
log.error(
"OpenID accounts disagree over user identity:\n"
+ " Claimed ID: "
+ claimedId.get()
+ " is "
+ claimedIdentifier
+ "\n"
+ " Delgate ID: "
+ actualId.get()
+ " is "
+ areq.getExternalId());
cancelWithError(req, rsp, "Contact site administrator");
return;
}
@@ -425,8 +434,7 @@ class OpenIdServiceImpl {
webSession.get().login(arsp, remember);
if (arsp.isNew() && claimedIdentifier != null) {
final com.google.gerrit.server.account.AuthRequest linkReq =
new com.google.gerrit.server.account.AuthRequest(
claimedIdentifier);
new com.google.gerrit.server.account.AuthRequest(claimedIdentifier);
linkReq.setDisplayName(areq.getDisplayName());
linkReq.setEmailAddress(areq.getEmailAddress());
accountManager.link(arsp.getAccountId(), linkReq);
@@ -434,12 +442,13 @@ class OpenIdServiceImpl {
callback(arsp.isNew(), req, rsp);
break;
case LINK_IDENTIY: {
arsp = accountManager.link(identifiedUser.get().getAccountId(), areq);
webSession.get().login(arsp, remember);
callback(false, req, rsp);
break;
}
case LINK_IDENTIY:
{
arsp = accountManager.link(identifiedUser.get().getAccountId(), areq);
webSession.get().login(arsp, remember);
callback(false, req, rsp);
break;
}
}
} catch (AccountException e) {
log.error("OpenID authentication failure", e);
@@ -466,8 +475,9 @@ class OpenIdServiceImpl {
}
}
private void callback(final boolean isNew, final HttpServletRequest req,
final HttpServletResponse rsp) throws IOException {
private void callback(
final boolean isNew, final HttpServletRequest req, final HttpServletResponse rsp)
throws IOException {
String token = req.getParameter(P_TOKEN);
if (token == null || token.isEmpty() || token.startsWith("/SignInFailure,")) {
token = PageLinks.MINE;
@@ -482,16 +492,16 @@ class OpenIdServiceImpl {
rsp.sendRedirect(rdr.toString());
}
private void cancel(final HttpServletRequest req,
final HttpServletResponse rsp) throws IOException {
private void cancel(final HttpServletRequest req, final HttpServletResponse rsp)
throws IOException {
if (isSignIn(signInMode(req))) {
webSession.get().logout();
}
callback(false, req, rsp);
}
private void cancelWithError(final HttpServletRequest req,
final HttpServletResponse rsp, final String errorDetail)
private void cancelWithError(
final HttpServletRequest req, final HttpServletResponse rsp, final String errorDetail)
throws IOException {
final SignInMode mode = signInMode(req);
if (isSignIn(mode)) {
@@ -508,8 +518,12 @@ class OpenIdServiceImpl {
rsp.sendRedirect(rdr.toString());
}
private State init(HttpServletRequest req, final String openidIdentifier,
final SignInMode mode, final boolean remember, final String returnToken) {
private State init(
HttpServletRequest req,
final String openidIdentifier,
final SignInMode mode,
final boolean remember,
final String returnToken) {
final List<?> list;
try {
list = manager.discover(openidIdentifier);

4
gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/SignInMode.java
View File

@@ -15,5 +15,7 @@
package com.google.gerrit.httpd.auth.openid;
enum SignInMode {
SIGN_IN, LINK_IDENTIY, REGISTER
SIGN_IN,
LINK_IDENTIY,
REGISTER
}

12
gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/XrdsFilter.java
View File

@@ -4,9 +4,7 @@ import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -25,18 +23,16 @@ class XrdsFilter implements Filter {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse rsp = (HttpServletResponse) response;
rsp.setHeader("X-XRDS-Location", url.get() + XrdsServlet.LOCATION);
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig config) {
}
public void init(FilterConfig config) {}
@Override
public void destroy() {
}
public void destroy() {}
}

11
gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/XrdsServlet.java
View File

@@ -20,9 +20,7 @@ import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
@@ -41,11 +39,9 @@ class XrdsServlet extends HttpServlet {
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse rsp)
throws IOException {
protected void doGet(HttpServletRequest req, HttpServletResponse rsp) throws IOException {
final StringBuilder r = new StringBuilder();
r.append("<?xml version=\"1.0\" encoding=\"")
.append(UTF_8.name()).append("\"?>");
r.append("<?xml version=\"1.0\" encoding=\"").append(UTF_8.name()).append("\"?>");
r.append("<xrds:XRDS");
r.append(" xmlns:xrds=\"xri://$xrds\"");
r.append(" xmlns:openid=\"http://openid.net/xmlns/1.0\"");
@@ -53,8 +49,7 @@ class XrdsServlet extends HttpServlet {
r.append("<XRD>");
r.append("<Service priority=\"1\">");
r.append("<Type>http://specs.openid.net/auth/2.0/return_to</Type>");
r.append("<URI>").append(url.get()).append(OpenIdServiceImpl.RETURN_URL)
.append("</URI>");
r.append("<URI>").append(url.get()).append(OpenIdServiceImpl.RETURN_URL).append("</URI>");
r.append("</Service>");
r.append("</XRD>");
r.append("</xrds:XRDS>");