Merge branch 'stable-2.12'
* stable-2.12: Document that ldap.groupBase and ldap.accountBase are repeatable Put Change-Id after Test: footers in commit messages. Remove bucklets/local_jar.bucklet soft-link to removed lib/local.defs Normalize case of {Author,Committer}Predicate OAuth-Linking: Don't create new account when claimed identity unknown Update 2.11.5 release notes to mention forked buck Revert "Update buck to ba9f239f69287a553ca93af76a27484d83693563" Change-Id: I46c53b5c43ecbdc4d63cb03da25c35737b2c5afd
This commit is contained in:
commit
31ff7a89f6
@ -2561,6 +2561,9 @@ server to respond until the TCP connection times out.
|
|||||||
+
|
+
|
||||||
Root of the tree containing all user accounts. This is typically
|
Root of the tree containing all user accounts. This is typically
|
||||||
of the form `ou=people,dc=example,dc=com`.
|
of the form `ou=people,dc=example,dc=com`.
|
||||||
|
+
|
||||||
|
This setting may be added multiple times to specify more than
|
||||||
|
one root.
|
||||||
|
|
||||||
[[ldap.accountScope]]ldap.accountScope::
|
[[ldap.accountScope]]ldap.accountScope::
|
||||||
+
|
+
|
||||||
@ -2672,6 +2675,9 @@ Active Directory.
|
|||||||
+
|
+
|
||||||
Root of the tree containing all group objects. This is typically
|
Root of the tree containing all group objects. This is typically
|
||||||
of the form `ou=groups,dc=example,dc=com`.
|
of the form `ou=groups,dc=example,dc=com`.
|
||||||
|
+
|
||||||
|
This setting may be added multiple times to specify more than
|
||||||
|
one root.
|
||||||
|
|
||||||
[[ldap.groupScope]]ldap.groupScope::
|
[[ldap.groupScope]]ldap.groupScope::
|
||||||
+
|
+
|
||||||
|
@ -9,6 +9,22 @@ https://gerrit-releases.storage.googleapis.com/gerrit-2.11.5.war]
|
|||||||
There are no schema changes from link:ReleaseNotes-2.11.4.html[2.11.4].
|
There are no schema changes from link:ReleaseNotes-2.11.4.html[2.11.4].
|
||||||
|
|
||||||
|
|
||||||
|
Important Notes
|
||||||
|
---------------
|
||||||
|
|
||||||
|
*WARNING:* This release uses a forked version of buck.
|
||||||
|
|
||||||
|
Buck was forked to cherry-pick an upstream fix for building on Mac OSX
|
||||||
|
El Capitan.
|
||||||
|
|
||||||
|
To build this release from source, the Google repository must be added to
|
||||||
|
the remotes in the buck checkout:
|
||||||
|
|
||||||
|
----
|
||||||
|
$ git remote add google https://gerrit.googlesource.com/buck
|
||||||
|
----
|
||||||
|
|
||||||
|
|
||||||
Bug Fixes
|
Bug Fixes
|
||||||
---------
|
---------
|
||||||
|
|
||||||
|
@ -1 +0,0 @@
|
|||||||
../lib/local.defs
|
|
@ -125,18 +125,33 @@ class OAuthSessionOverOpenID {
|
|||||||
try {
|
try {
|
||||||
String claimedIdentifier = user.getClaimedIdentity();
|
String claimedIdentifier = user.getClaimedIdentity();
|
||||||
Account.Id actualId = accountManager.lookup(user.getExternalId());
|
Account.Id actualId = accountManager.lookup(user.getExternalId());
|
||||||
// Use case 1: claimed identity was provided during handshake phase
|
Account.Id claimedId = null;
|
||||||
|
|
||||||
|
// We try to retrieve claimed identity.
|
||||||
|
// For some reason, for example staging instance
|
||||||
|
// it may deviate from the really old OpenID identity.
|
||||||
|
// What we want to avoid in any event is to create new
|
||||||
|
// account instead of linking to the existing one.
|
||||||
|
// That why we query it here, not to lose linking mode.
|
||||||
if (!Strings.isNullOrEmpty(claimedIdentifier)) {
|
if (!Strings.isNullOrEmpty(claimedIdentifier)) {
|
||||||
log.debug("Claimed identity is set");
|
claimedId = accountManager.lookup(claimedIdentifier);
|
||||||
Account.Id claimedId = accountManager.lookup(claimedIdentifier);
|
if (claimedId == null) {
|
||||||
if (claimedId != null && actualId != null) {
|
log.debug("Claimed identity is unknown");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Use case 1: claimed identity was provided during handshake phase
|
||||||
|
// and user account exists for this identity
|
||||||
|
if (claimedId != null) {
|
||||||
|
log.debug("Claimed identity is set and is known");
|
||||||
|
if (actualId != null) {
|
||||||
if (claimedId.equals(actualId)) {
|
if (claimedId.equals(actualId)) {
|
||||||
// Both link to the same account, that's what we expected.
|
// Both link to the same account, that's what we expected.
|
||||||
log.debug("Both link to the same account. All is fine.");
|
log.debug("Both link to the same account. All is fine.");
|
||||||
} else {
|
} else {
|
||||||
// This is (for now) a fatal error. There are two records
|
// This is (for now) a fatal error. There are two records
|
||||||
// for what might be the same user.
|
// for what might be the same user. The admin would have to
|
||||||
//
|
// link the accounts manually.
|
||||||
log.error("OAuth accounts disagree over user identity:\n"
|
log.error("OAuth accounts disagree over user identity:\n"
|
||||||
+ " Claimed ID: " + claimedId + " is " + claimedIdentifier
|
+ " Claimed ID: " + claimedId + " is " + claimedIdentifier
|
||||||
+ "\n" + " Delgate ID: " + actualId + " is "
|
+ "\n" + " Delgate ID: " + actualId + " is "
|
||||||
@ -144,7 +159,7 @@ class OAuthSessionOverOpenID {
|
|||||||
rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
|
rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
} else if (claimedId != null && actualId == null) {
|
} else {
|
||||||
// Claimed account already exists: link to it.
|
// Claimed account already exists: link to it.
|
||||||
log.debug("Claimed account already exists: link to it.");
|
log.debug("Claimed account already exists: link to it.");
|
||||||
try {
|
try {
|
||||||
|
@ -23,7 +23,7 @@ import com.google.gwtorm.server.OrmException;
|
|||||||
|
|
||||||
public class AuthorPredicate extends IndexPredicate<ChangeData> {
|
public class AuthorPredicate extends IndexPredicate<ChangeData> {
|
||||||
AuthorPredicate(String value) {
|
AuthorPredicate(String value) {
|
||||||
super(AUTHOR, FIELD_AUTHOR, value);
|
super(AUTHOR, FIELD_AUTHOR, value.toLowerCase());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -23,7 +23,7 @@ import com.google.gwtorm.server.OrmException;
|
|||||||
|
|
||||||
public class CommitterPredicate extends IndexPredicate<ChangeData> {
|
public class CommitterPredicate extends IndexPredicate<ChangeData> {
|
||||||
CommitterPredicate(String value) {
|
CommitterPredicate(String value) {
|
||||||
super(COMMITTER, FIELD_COMMITTER, value);
|
super(COMMITTER, FIELD_COMMITTER, value.toLowerCase());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -378,6 +378,10 @@ public abstract class AbstractQueryChangesTest extends GerritServerTests {
|
|||||||
// By name part
|
// By name part
|
||||||
assertQuery("author:Author", change1);
|
assertQuery("author:Author", change1);
|
||||||
|
|
||||||
|
// Case insensitive
|
||||||
|
assertQuery("author:jAuThOr", change1);
|
||||||
|
assertQuery("author:ExAmPlE", change1);
|
||||||
|
|
||||||
// By non-existing email address / name / part
|
// By non-existing email address / name / part
|
||||||
assertQuery("author:jcommitter@example.com");
|
assertQuery("author:jcommitter@example.com");
|
||||||
assertQuery("author:somewhere.com");
|
assertQuery("author:somewhere.com");
|
||||||
@ -401,6 +405,10 @@ public abstract class AbstractQueryChangesTest extends GerritServerTests {
|
|||||||
// By name part
|
// By name part
|
||||||
assertQuery("committer:Committer", change1);
|
assertQuery("committer:Committer", change1);
|
||||||
|
|
||||||
|
// Case insensitive
|
||||||
|
assertQuery("committer:jCoMmItTeR", change1);
|
||||||
|
assertQuery("committer:ExAmPlE", change1);
|
||||||
|
|
||||||
// By non-existing email address / name / part
|
// By non-existing email address / name / part
|
||||||
assertQuery("committer:jauthor@example.com");
|
assertQuery("committer:jauthor@example.com");
|
||||||
assertQuery("committer:somewhere.com");
|
assertQuery("committer:somewhere.com");
|
||||||
|
Loading…
Reference in New Issue
Block a user