Merge branch 'stable-2.12'
* stable-2.12:
Document that ldap.groupBase and ldap.accountBase are repeatable
Put Change-Id after Test: footers in commit messages.
Remove bucklets/local_jar.bucklet soft-link to removed lib/local.defs
Normalize case of {Author,Committer}Predicate
OAuth-Linking: Don't create new account when claimed identity unknown
Update 2.11.5 release notes to mention forked buck
Revert "Update buck to ba9f239f69287a553ca93af76a27484d83693563"
Change-Id: I46c53b5c43ecbdc4d63cb03da25c35737b2c5afd
This commit is contained in:
Edwin Kempin
@@ -2561,6 +2561,9 @@ server to respond until the TCP connection times out.
|
||||
+
|
||||
Root of the tree containing all user accounts. This is typically
|
||||
of the form `ou=people,dc=example,dc=com`.
|
||||
+
|
||||
This setting may be added multiple times to specify more than
|
||||
one root.
|
||||
|
||||
[[ldap.accountScope]]ldap.accountScope::
|
||||
+
|
||||
@@ -2672,6 +2675,9 @@ Active Directory.
|
||||
+
|
||||
Root of the tree containing all group objects. This is typically
|
||||
of the form `ou=groups,dc=example,dc=com`.
|
||||
+
|
||||
This setting may be added multiple times to specify more than
|
||||
one root.
|
||||
|
||||
[[ldap.groupScope]]ldap.groupScope::
|
||||
+
|
||||
|
||||
@@ -9,6 +9,22 @@ https://gerrit-releases.storage.googleapis.com/gerrit-2.11.5.war]
|
||||
There are no schema changes from link:ReleaseNotes-2.11.4.html[2.11.4].
|
||||
|
||||
|
||||
Important Notes
|
||||
---------------
|
||||
|
||||
*WARNING:* This release uses a forked version of buck.
|
||||
|
||||
Buck was forked to cherry-pick an upstream fix for building on Mac OSX
|
||||
El Capitan.
|
||||
|
||||
To build this release from source, the Google repository must be added to
|
||||
the remotes in the buck checkout:
|
||||
|
||||
----
|
||||
$ git remote add google https://gerrit.googlesource.com/buck
|
||||
----
|
||||
|
||||
|
||||
Bug Fixes
|
||||
---------
|
||||
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
../lib/local.defs
|
||||
@@ -125,18 +125,33 @@ class OAuthSessionOverOpenID {
|
||||
try {
|
||||
String claimedIdentifier = user.getClaimedIdentity();
|
||||
Account.Id actualId = accountManager.lookup(user.getExternalId());
|
||||
// Use case 1: claimed identity was provided during handshake phase
|
||||
Account.Id claimedId = null;
|
||||
|
||||
// We try to retrieve claimed identity.
|
||||
// For some reason, for example staging instance
|
||||
// it may deviate from the really old OpenID identity.
|
||||
// What we want to avoid in any event is to create new
|
||||
// account instead of linking to the existing one.
|
||||
// That why we query it here, not to lose linking mode.
|
||||
if (!Strings.isNullOrEmpty(claimedIdentifier)) {
|
||||
log.debug("Claimed identity is set");
|
||||
Account.Id claimedId = accountManager.lookup(claimedIdentifier);
|
||||
if (claimedId != null && actualId != null) {
|
||||
claimedId = accountManager.lookup(claimedIdentifier);
|
||||
if (claimedId == null) {
|
||||
log.debug("Claimed identity is unknown");
|
||||
}
|
||||
}
|
||||
|
||||
// Use case 1: claimed identity was provided during handshake phase
|
||||
// and user account exists for this identity
|
||||
if (claimedId != null) {
|
||||
log.debug("Claimed identity is set and is known");
|
||||
if (actualId != null) {
|
||||
if (claimedId.equals(actualId)) {
|
||||
// Both link to the same account, that's what we expected.
|
||||
log.debug("Both link to the same account. All is fine.");
|
||||
} else {
|
||||
// This is (for now) a fatal error. There are two records
|
||||
// for what might be the same user.
|
||||
//
|
||||
// for what might be the same user. The admin would have to
|
||||
// link the accounts manually.
|
||||
log.error("OAuth accounts disagree over user identity:\n"
|
||||
+ " Claimed ID: " + claimedId + " is " + claimedIdentifier
|
||||
+ "\n" + " Delgate ID: " + actualId + " is "
|
||||
@@ -144,7 +159,7 @@ class OAuthSessionOverOpenID {
|
||||
rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
|
||||
return;
|
||||
}
|
||||
} else if (claimedId != null && actualId == null) {
|
||||
} else {
|
||||
// Claimed account already exists: link to it.
|
||||
log.debug("Claimed account already exists: link to it.");
|
||||
try {
|
||||
|
||||
@@ -23,7 +23,7 @@ import com.google.gwtorm.server.OrmException;
|
||||
|
||||
public class AuthorPredicate extends IndexPredicate<ChangeData> {
|
||||
AuthorPredicate(String value) {
|
||||
super(AUTHOR, FIELD_AUTHOR, value);
|
||||
super(AUTHOR, FIELD_AUTHOR, value.toLowerCase());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -23,7 +23,7 @@ import com.google.gwtorm.server.OrmException;
|
||||
|
||||
public class CommitterPredicate extends IndexPredicate<ChangeData> {
|
||||
CommitterPredicate(String value) {
|
||||
super(COMMITTER, FIELD_COMMITTER, value);
|
||||
super(COMMITTER, FIELD_COMMITTER, value.toLowerCase());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -378,6 +378,10 @@ public abstract class AbstractQueryChangesTest extends GerritServerTests {
|
||||
// By name part
|
||||
assertQuery("author:Author", change1);
|
||||
|
||||
// Case insensitive
|
||||
assertQuery("author:jAuThOr", change1);
|
||||
assertQuery("author:ExAmPlE", change1);
|
||||
|
||||
// By non-existing email address / name / part
|
||||
assertQuery("author:jcommitter@example.com");
|
||||
assertQuery("author:somewhere.com");
|
||||
@@ -401,6 +405,10 @@ public abstract class AbstractQueryChangesTest extends GerritServerTests {
|
||||
// By name part
|
||||
assertQuery("committer:Committer", change1);
|
||||
|
||||
// Case insensitive
|
||||
assertQuery("committer:jCoMmItTeR", change1);
|
||||
assertQuery("committer:ExAmPlE", change1);
|
||||
|
||||
// By non-existing email address / name / part
|
||||
assertQuery("committer:jauthor@example.com");
|
||||
assertQuery("committer:somewhere.com");
|
||||
|
||||
Reference in New Issue
Block a user