opendev/gerrit
Code Issues Proposed changes

Allow HTTP password when using LDAP and basic authentication

Browse Source 
So far, it was not possible to use HTTP password to validate git over
HTTP and REST API requests if LDAP was used along with HTTP basic
authentication. There is a use case, though, where users do not want to
use their LDAP password for the aforementioned requests as in, for
example, automation scripts.

Introduce a new configuration parameter, `gitBasicAuthPolicy`, to allow
LDAP users to authenticate using either the HTTP or the LDAP passwords
when doing git over HTTP and REST API requests. When this new parameter
is set to LDAP, the password in the request is checked against the LDAP
password only. When set to HTTP, the password is validated against the
randomly generated HTTP password. Finally, when set to HTTP_LDAP, the
password in the request is checked first against the HTTP password and,
if it does not match, it is checked against the LDAP password.

If the new parameter is not specified or if is set to LDAP, the current
behavior is preserved, i.e., only LDAP password is allowed when using
basic authentication.

Change-Id: I8846cd89dfdb98ab2fc36ba754d8302cf40527e9
This commit is contained in:
Hector Oswaldo Caballero
2016-09-15 18:24:42 -04:00
committed by Hugo Arès
parent ff7679320a
commit 2a9ad1fdca
9 changed files with 120 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
gerrit-extension-api/src/main/java/com/google/gerrit/extensions/client/GitBasicAuthPolicy.java Normal file
View File

@@ -0,0 +1,21 @@
// Copyright (C) 2016 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.extensions.client;
public enum GitBasicAuthPolicy {
HTTP,
LDAP,
HTTP_LDAP
}

2
gerrit-extension-api/src/main/java/com/google/gerrit/extensions/common/AuthInfo.java
View File

@@ -16,6 +16,7 @@ package com.google.gerrit.extensions.common;
import com.google.gerrit.extensions.client.AccountFieldName;
import com.google.gerrit.extensions.client.AuthType;
import com.google.gerrit.extensions.client.GitBasicAuthPolicy;
import java.util.List;
@@ -32,4 +33,5 @@ public class AuthInfo {
public String editFullNameUrl;
public String httpPasswordUrl;
public Boolean isGitBasicAuth;
public GitBasicAuthPolicy gitBasicAuthPolicy;
}