Exclude local gerrit accounts from scheduled deactivation task
Currently, local-only gerrit accounts can be included in the deactivation sweep. This is not always desirable (as in the case of functional accounts not backed by an auth backend). This change excludes such accounts not backed by an auth backend. Change-Id: I68eb1d0a6b986ff47d39dcfb95b8e020adf13043
This commit is contained in:
parent
d9face255d
commit
52f38546af
|
@ -115,7 +115,9 @@ public class AccountDeactivator implements Runnable {
|
|||
private boolean processAccount(AccountState account) {
|
||||
log.debug("processing account " + account.getUserName());
|
||||
try {
|
||||
if (account.getUserName() != null && !realm.isActive(account.getUserName())) {
|
||||
if (account.getUserName() != null
|
||||
&& realm.accountBelongsToRealm(account.getExternalIds())
|
||||
&& !realm.isActive(account.getUserName())) {
|
||||
sif.deactivate(account.getAccount().getId());
|
||||
log.info("deactivated account " + account.getUserName());
|
||||
return true;
|
||||
|
|
|
@ -17,7 +17,9 @@ package com.google.gerrit.server.account;
|
|||
import com.google.gerrit.extensions.client.AccountFieldName;
|
||||
import com.google.gerrit.reviewdb.client.Account;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.externalids.ExternalId;
|
||||
import java.io.IOException;
|
||||
import java.util.Collection;
|
||||
import java.util.Set;
|
||||
import javax.naming.NamingException;
|
||||
import javax.security.auth.login.LoginException;
|
||||
|
@ -58,4 +60,10 @@ public interface Realm {
|
|||
throws LoginException, NamingException, AccountException {
|
||||
return true;
|
||||
}
|
||||
|
||||
/** @return true if the account is backed by the realm, false otherwise. */
|
||||
default boolean accountBelongsToRealm(
|
||||
@SuppressWarnings("unused") Collection<ExternalId> externalIds) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -40,6 +40,7 @@ import com.google.inject.Inject;
|
|||
import com.google.inject.Singleton;
|
||||
import com.google.inject.name.Named;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
|
@ -337,6 +338,16 @@ class LdapRealm extends AbstractRealm {
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean accountBelongsToRealm(Collection<ExternalId> externalIds) {
|
||||
for (ExternalId id : externalIds) {
|
||||
if (id.toString().contains(SCHEME_GERRIT)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
static class UserLoader extends CacheLoader<String, Optional<Account.Id>> {
|
||||
private final ExternalIds externalIds;
|
||||
|
||||
|
|
|
@ -14,6 +14,8 @@
|
|||
|
||||
package com.google.gerrit.server.auth.oauth;
|
||||
|
||||
import static com.google.gerrit.server.account.externalids.ExternalId.SCHEME_EXTERNAL;
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.gerrit.extensions.auth.oauth.OAuthLoginProvider;
|
||||
import com.google.gerrit.extensions.auth.oauth.OAuthUserInfo;
|
||||
|
@ -24,10 +26,12 @@ import com.google.gerrit.server.account.AbstractRealm;
|
|||
import com.google.gerrit.server.account.AccountException;
|
||||
import com.google.gerrit.server.account.AccountManager;
|
||||
import com.google.gerrit.server.account.AuthRequest;
|
||||
import com.google.gerrit.server.account.externalids.ExternalId;
|
||||
import com.google.gerrit.server.config.GerritServerConfig;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Singleton;
|
||||
import java.io.IOException;
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import org.eclipse.jgit.lib.Config;
|
||||
|
@ -115,4 +119,14 @@ public class OAuthRealm extends AbstractRealm {
|
|||
public Account.Id lookup(String accountName) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean accountBelongsToRealm(Collection<ExternalId> externalIds) {
|
||||
for (ExternalId id : externalIds) {
|
||||
if (id.toString().contains(SCHEME_EXTERNAL)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue