Merge "Add new config option to disallow registration of new emails"

2015-06-24 11:39:32 +00:00
parent 61ce7c13ab e42d6ad70e
commit 483cf0f808
4 changed files with 38 additions and 10 deletions
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -2972,6 +2972,16 @@ and all other properties of section sendemail are ignored.
 +
 By default, true, allowing notifications to be sent.

+[[sendemail.allowRegisterNewEmail]]sendemail.allowRegisterNewEmail::
+
+Whether users are allowed to register new email addresses.
+
+In addition for the HTTP authentication type
+link:#auth.httpemailheader[auth.httpemailheader] must *not* be set to
+enable registration of new email addresses.
+
+By default, true.
+
 [[sendemail.connectTimeout]]sendemail.connectTimeout::
 +
 The connection timeout of opening a socket connected to a
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java
@@ -19,6 +19,7 @@ import com.google.gerrit.reviewdb.client.Account;
 import com.google.gerrit.reviewdb.client.AuthType;
 import com.google.gerrit.reviewdb.server.ReviewDb;
 import com.google.gerrit.server.config.AuthConfig;
+import com.google.gerrit.server.mail.EmailSettings;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;

@@ -27,13 +28,17 @@ import java.util.Set;
@Singleton
 public class DefaultRealm extends AbstractRealm {
  private final EmailExpander emailExpander;
+  private final EmailSettings emailSettings;
  private final AccountByEmailCache byEmail;
  private final AuthConfig authConfig;

  @Inject
-  DefaultRealm(final EmailExpander emailExpander,
-      final AccountByEmailCache byEmail, final AuthConfig authConfig) {
+  DefaultRealm(EmailExpander emailExpander,
+      EmailSettings emailSettings,
+      AccountByEmailCache byEmail,
+      AuthConfig authConfig) {
    this.emailExpander = emailExpander;
+    this.emailSettings = emailSettings;
    this.byEmail = byEmail;
    this.authConfig = authConfig;
  }
@@ -47,14 +52,20 @@ public class DefaultRealm extends AbstractRealm {
        case FULL_NAME:
          return Strings.emptyToNull(authConfig.getHttpDisplaynameHeader()) == null;
        case REGISTER_NEW_EMAIL:
-          return Strings.emptyToNull(authConfig.getHttpEmailHeader()) == null;
+          return emailSettings.allowRegisterNewEmail
+              && Strings.emptyToNull(authConfig.getHttpEmailHeader()) == null;
        default:
          return true;
      }
    } else {
+      switch (field) {
+        case REGISTER_NEW_EMAIL:
+          return emailSettings.allowRegisterNewEmail;
+        default:
          return true;
      }
    }
+  }

  @Override
  public AuthRequest authenticate(final AuthRequest who) {
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
@@ -33,6 +33,7 @@ import com.google.gerrit.server.account.EmailExpander;
 import com.google.gerrit.server.auth.AuthenticationUnavailableException;
 import com.google.gerrit.server.config.AuthConfig;
 import com.google.gerrit.server.config.GerritServerConfig;
+import com.google.gerrit.server.mail.EmailSettings;
 import com.google.gwtorm.server.SchemaFactory;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
@@ -75,9 +76,10 @@ public class LdapRealm extends AbstractRealm {

  @Inject
  LdapRealm(
-      final Helper helper,
-      final AuthConfig authConfig,
-      final EmailExpander emailExpander,
+      Helper helper,
+      AuthConfig authConfig,
+      EmailExpander emailExpander,
+      EmailSettings emailSettings,
      @Named(LdapModule.GROUP_CACHE) final LoadingCache<String, Set<AccountGroup.UUID>> membershipCache,
      @Named(LdapModule.USERNAME_CACHE) final LoadingCache<String, Optional<Account.Id>> usernameCache,
      @GerritServerConfig final Config config) {
@@ -96,6 +98,9 @@ public class LdapRealm extends AbstractRealm {
    if (optdef(config, "accountSshUserName", "DEFAULT") != null) {
      readOnlyAccountFields.add(Account.FieldName.USER_NAME);
    }
+    if (!emailSettings.allowRegisterNewEmail) {
+      readOnlyAccountFields.add(Account.FieldName.REGISTER_NEW_EMAIL);
+    }

    fetchMemberOfEagerly = optional(config, "fetchMemberOfEagerly", true);
  }
--- a/gerrit-server/src/main/java/com/google/gerrit/server/mail/EmailSettings.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/mail/EmailSettings.java
@@ -21,12 +21,14 @@ import com.google.inject.Singleton;
 import org.eclipse.jgit.lib.Config;

@Singleton
-class EmailSettings {
-  final boolean includeDiff;
-  final int maximumDiffSize;
+public class EmailSettings {
+  public final boolean allowRegisterNewEmail;
+  public final boolean includeDiff;
+  public final int maximumDiffSize;

  @Inject
  EmailSettings(@GerritServerConfig Config cfg) {
+    allowRegisterNewEmail = cfg.getBoolean("sendemail", "allowRegisterNewEmail", true);
    includeDiff = cfg.getBoolean("sendemail", "includeDiff", false);
    maximumDiffSize = cfg.getInt("sendemail", "maximumDiffSize", 256 << 10);
  }