Merge "XsrfCookieFilter: handle null XGerritAuth"
This commit is contained in:
commit
53aa25a041
@ -44,6 +44,7 @@ import com.google.gerrit.client.ui.LinkMenuItem;
|
||||
import com.google.gerrit.client.ui.MorphingTabPanel;
|
||||
import com.google.gerrit.client.ui.ProjectLinkMenuItem;
|
||||
import com.google.gerrit.client.ui.Screen;
|
||||
import com.google.gerrit.common.Nullable;
|
||||
import com.google.gerrit.common.PageLinks;
|
||||
import com.google.gerrit.common.data.HostPageData;
|
||||
import com.google.gerrit.common.data.SystemInfoService;
|
||||
@ -287,6 +288,7 @@ public class Gerrit implements EntryPoint {
|
||||
}
|
||||
|
||||
/** @return access token to prove user identity during REST API calls. */
|
||||
@Nullable
|
||||
public static String getXGerritAuth() {
|
||||
return xGerritAuth;
|
||||
}
|
||||
|
@ -18,6 +18,7 @@ import static java.util.concurrent.TimeUnit.HOURS;
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.gerrit.common.data.HostPageData;
|
||||
import com.google.gerrit.common.Nullable;
|
||||
import com.google.gerrit.httpd.WebSessionManager.Key;
|
||||
import com.google.gerrit.httpd.WebSessionManager.Val;
|
||||
import com.google.gerrit.reviewdb.client.Account;
|
||||
@ -109,6 +110,7 @@ public abstract class CacheBasedWebSession implements WebSession {
|
||||
}
|
||||
|
||||
@Override
|
||||
@Nullable
|
||||
public String getXGerritAuth() {
|
||||
return isSignedIn() ? val.getAuth() : null;
|
||||
}
|
||||
|
@ -14,6 +14,7 @@
|
||||
|
||||
package com.google.gerrit.httpd;
|
||||
|
||||
import com.google.gerrit.common.Nullable;
|
||||
import com.google.gerrit.reviewdb.client.Account;
|
||||
import com.google.gerrit.reviewdb.client.AccountExternalId;
|
||||
import com.google.gerrit.server.AccessPath;
|
||||
@ -22,7 +23,7 @@ import com.google.gerrit.server.account.AuthResult;
|
||||
|
||||
public interface WebSession {
|
||||
boolean isSignedIn();
|
||||
String getXGerritAuth();
|
||||
@Nullable String getXGerritAuth();
|
||||
boolean isValidXGerritAuth(String keyIn);
|
||||
AccountExternalId.Key getLastLoginExternalId();
|
||||
CurrentUser getUser();
|
||||
|
@ -14,6 +14,8 @@
|
||||
|
||||
package com.google.gerrit.httpd;
|
||||
|
||||
import static com.google.common.base.Strings.nullToEmpty;
|
||||
|
||||
import com.google.gerrit.common.data.HostPageData;
|
||||
import com.google.gerrit.extensions.registration.DynamicItem;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
@ -61,11 +63,11 @@ public class XsrfCookieFilter implements Filter {
|
||||
|
||||
private void setXsrfTokenCookie(HttpServletRequest req,
|
||||
HttpServletResponse rsp, WebSession session) {
|
||||
String v = session != null ? session.getXGerritAuth() : "";
|
||||
Cookie c = new Cookie(HostPageData.XSRF_COOKIE_NAME, v);
|
||||
String v = session != null ? session.getXGerritAuth() : null;
|
||||
Cookie c = new Cookie(HostPageData.XSRF_COOKIE_NAME, nullToEmpty(v));
|
||||
c.setPath("/");
|
||||
c.setSecure(authConfig.getCookieSecure() && isSecure(req));
|
||||
c.setMaxAge(session != null
|
||||
c.setMaxAge(v != null
|
||||
? -1 // Set the cookie for this browser session.
|
||||
: 0); // Remove the cookie (expire immediately).
|
||||
rsp.addCookie(c);
|
||||
|
Loading…
Reference in New Issue
Block a user