opendev/gerrit
Code Issues Proposed changes

Expose all auth config params that are needed by client over REST

Browse Source 
The Gerrit Client needs to know about some authentication
configuration parameters of the server in order to render the UI and
enable/disable certain functionality. Some of them are already
provided via the /config/server/info REST endpoint. Add the other auth
parameters to this REST endpoint and adapt the Gerrit Client to
retrieve these parameters via REST. Remove these parameters from the
config that is embedded in the host page data as they are no longer
read from this data structure.

Change-Id: Ia7dc5ea8654b6e63eb577dc3d9ada07ce8d90113
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
This commit is contained in:
Edwin Kempin
2015-05-08 10:59:01 +02:00
committed by David Pursehouse
parent f94d06bc25
commit 5a8c9e9649
12 changed files with 165 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
Documentation/rest-api-config.txt
View File

@@ -919,6 +919,38 @@ agreements] are required.
|`editable_account_fields` ||
List of account fields that are editable. Possible values are
`FULL_NAME`, `USER_NAME` and `REGISTER_NEW_EMAIL`.
|`login_url` |optional|
The link:config-gerrit.html#auth.loginUrl[login URL]. Only set if
link:config-gerrit.html#auth.type[authentication type] is `HTTP` or
`HTTP_LDAP`.
|`login_text` |optional|
The link:config-gerrit.html#auth.loginText[login text]. Only set if
link:config-gerrit.html#auth.type[authentication type] is `HTTP` or
`HTTP_LDAP`.
|`switch_account_url` |optional|
The link:config-gerrit.html#auth.switchAccountUrl[URL to switch
accounts].
|`register_url` |optional|
The link:config-gerrit.html#auth.registerUrl[register URL]. Only set if
link:config-gerrit.html#auth.type[authentication type] is `LDAP`,
`LDAP_BIND` or `CUSTOM_EXTENSION`.
|`register_text` |optional|
The link:config-gerrit.html#auth.registerText[register text]. Only set
if link:config-gerrit.html#auth.type[authentication type] is `LDAP`,
`LDAP_BIND` or `CUSTOM_EXTENSION`.
|`edit_full_name_url` |optional|
The link:config-gerrit.html#auth.editFullNameUrl[URL to edit the full
name]. Only set if link:config-gerrit.html#auth.type[authentication
type] is `LDAP`, `LDAP_BIND` or `CUSTOM_EXTENSION`.
|`http_password_url` |optional|
The link:config-gerrit.html#auth.httpPasswordUrl[URL to obtain an HTTP
password]. Only set if link:config-gerrit.html#auth.type[authentication
type] is `CUSTOM_EXTENSION`.
|`is_git_basic_auth` |optional, not set if `false`|
Whether link:config-gerrit.html#auth.gitBasicAuth[basic authentication
is used for Git over HTTP/HTTPS]. Only set if
link:config-gerrit.html#auth.type[authentication type] is is `LDAP` or
`LDAP_BIND`.
|==========================================
[[cache-info]]

96
gerrit-common/src/main/java/com/google/gerrit/common/data/GerritConfig.java
View File

@@ -14,30 +14,15 @@
package com.google.gerrit.common.data;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.Account.FieldName;
import com.google.gerrit.reviewdb.client.AuthType;
import java.util.List;
import java.util.Set;
public class GerritConfig implements Cloneable {
protected String registerUrl;
protected String registerText;
protected String loginUrl;
protected String loginText;
protected String switchAccountUrl;
protected String httpPasswordUrl;
protected String reportBugUrl;
protected String reportBugText;
protected boolean httpPasswordSettingsEnabled = true;
protected GitwebConfig gitweb;
protected AuthType authType;
protected String gitDaemonUrl;
protected String sshdAddress;
protected String editFullNameUrl;
protected Set<Account.FieldName> editableAccountFields;
protected boolean documentationAvailable;
protected String anonymousCowardName;
protected int suggestFrom;
@@ -48,46 +33,6 @@ public class GerritConfig implements Cloneable {
protected String replyTitle;
protected boolean allowDraftChanges;
public String getLoginUrl() {
return loginUrl;
}
public void setLoginUrl(final String u) {
loginUrl = u;
}
public String getLoginText() {
return loginText;
}
public void setLoginText(String signinText) {
this.loginText = signinText;
}
public String getRegisterUrl() {
return registerUrl;
}
public void setRegisterUrl(final String u) {
registerUrl = u;
}
public String getSwitchAccountUrl() {
return switchAccountUrl;
}
public void setSwitchAccountUrl(String u) {
switchAccountUrl = u;
}
public String getRegisterText() {
return registerText;
}
public void setRegisterText(final String t) {
registerText = t;
}
public String getReportBugUrl() {
return reportBugUrl;
}
@@ -104,34 +49,6 @@ public class GerritConfig implements Cloneable {
reportBugText = t;
}
public boolean isHttpPasswordSettingsEnabled() {
return httpPasswordSettingsEnabled;
}
public void setHttpPasswordSettingsEnabled(boolean httpPasswordSettingsEnabled) {
this.httpPasswordSettingsEnabled = httpPasswordSettingsEnabled;
}
public String getEditFullNameUrl() {
return editFullNameUrl;
}
public void setEditFullNameUrl(String u) {
editFullNameUrl = u;
}
public String getHttpPasswordUrl() {
return httpPasswordUrl;
}
public void setHttpPasswordUrl(String url) {
httpPasswordUrl = url;
}
public void setAuthType(final AuthType t) {
authType = t;
}
public GitwebConfig getGitwebLink() {
return gitweb;
}
@@ -159,10 +76,6 @@ public class GerritConfig implements Cloneable {
sshdAddress = addr;
}
public void setEditableAccountFields(final Set<Account.FieldName> af) {
editableAccountFields = af;
}
public boolean isDocumentationAvailable() {
return documentationAvailable;
}
@@ -187,15 +100,6 @@ public class GerritConfig implements Cloneable {
this.suggestFrom = suggestFrom;
}
public boolean siteHasUsernames() {
if (authType == AuthType.CUSTOM_EXTENSION
&& getHttpPasswordUrl() != null
&& !editableAccountFields.contains(FieldName.USER_NAME)) {
return false;
}
return true;
}
public int getChangeUpdateDelay() {
return changeUpdateDelay;
}

25
gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
View File

@@ -27,6 +27,7 @@ import com.google.gerrit.client.api.ApiGlue;
import com.google.gerrit.client.api.PluginLoader;
import com.google.gerrit.client.changes.ChangeConstants;
import com.google.gerrit.client.changes.ChangeListScreen;
import com.google.gerrit.client.config.AuthInfo;
import com.google.gerrit.client.config.ConfigServerApi;
import com.google.gerrit.client.config.ServerInfo;
import com.google.gerrit.client.extensions.TopMenu;
@@ -623,8 +624,8 @@ public class Gerrit implements EntryPoint {
menuBars = new HashMap<>();
final boolean signedIn = isSignedIn();
final GerritConfig cfg = getConfig();
boolean signedIn = isSignedIn();
AuthInfo authInfo = info().auth();
LinkMenuBar m;
m = new LinkMenuBar();
@@ -718,9 +719,9 @@ public class Gerrit implements EntryPoint {
}
if (signedIn) {
whoAmI(!info().auth().isClientSslCertLdap());
whoAmI(!authInfo.isClientSslCertLdap());
} else {
switch (info().auth().authType()) {
switch (authInfo.authType()) {
case CLIENT_SSL_CERT_LDAP:
break;
@@ -763,18 +764,22 @@ public class Gerrit implements EntryPoint {
case HTTP:
case HTTP_LDAP:
if (cfg.getLoginUrl() != null) {
final String signinText = cfg.getLoginText() == null ? C.menuSignIn() : cfg.getLoginText();
menuRight.add(anchor(signinText, cfg.getLoginUrl()));
if (authInfo.loginUrl() != null) {
String signinText = authInfo.loginText() == null
? C.menuSignIn()
: authInfo.loginText();
menuRight.add(anchor(signinText, authInfo.loginUrl()));
}
break;
case LDAP:
case LDAP_BIND:
case CUSTOM_EXTENSION:
if (cfg.getRegisterUrl() != null) {
final String registerText = cfg.getRegisterText() == null ? C.menuRegister() : cfg.getRegisterText();
menuRight.add(anchor(registerText, cfg.getRegisterUrl()));
if (authInfo.registerUrl() != null) {
String registerText = authInfo.registerText() == null
? C.menuRegister()
: authInfo.registerText();
menuRight.add(anchor(registerText, authInfo.registerUrl()));
}
menuRight.addItem(C.menuSignIn(), new Command() {
@Override

4
gerrit-gwtui/src/main/java/com/google/gerrit/client/UserPopupPanel.java
View File

@@ -50,8 +50,8 @@ public class UserPopupPanel extends PluginSafePopupPanel {
userEmail.setText(account.email());
}
if (showSettingsLink) {
if (Gerrit.getConfig().getSwitchAccountUrl() != null) {
switchAccount.setHref(Gerrit.getConfig().getSwitchAccountUrl());
if (Gerrit.info().auth().switchAccountUrl() != null) {
switchAccount.setHref(Gerrit.info().auth().switchAccountUrl());
} else if (Gerrit.info().auth().isDev()
|| Gerrit.info().auth().isOpenId()) {
switchAccount.setHref(Gerrit.selfRedirect("/login/"));

6
gerrit-gwtui/src/main/java/com/google/gerrit/client/account/ContactPanelShort.java
View File

@@ -101,7 +101,7 @@ class ContactPanelShort extends Composite {
int row = 0;
if (!Gerrit.info().auth().canEdit(FieldName.USER_NAME)
&& Gerrit.getConfig().siteHasUsernames()) {
&& Gerrit.info().auth().siteHasUsernames()) {
infoPlainText.resizeRows(infoPlainText.getRowCount() + 1);
row(infoPlainText, row++, Util.C.userName(), new UsernameField());
}
@@ -109,12 +109,12 @@ class ContactPanelShort extends Composite {
if (!canEditFullName()) {
FlowPanel nameLine = new FlowPanel();
nameLine.add(nameTxt);
if (Gerrit.getConfig().getEditFullNameUrl() != null) {
if (Gerrit.info().auth().editFullNameUrl() != null) {
Button edit = new Button(Util.C.linkEditFullName());
edit.addClickHandler(new ClickHandler() {
@Override
public void onClick(ClickEvent event) {
Window.open(Gerrit.getConfig().getEditFullNameUrl(), "_blank", null);
Window.open(Gerrit.info().auth().editFullNameUrl(), "_blank", null);
}
});
nameLine.add(edit);

2
gerrit-gwtui/src/main/java/com/google/gerrit/client/account/MyPasswordScreen.java
View File

@@ -40,7 +40,7 @@ public class MyPasswordScreen extends SettingsScreen {
protected void onInitUI() {
super.onInitUI();
String url = Gerrit.getConfig().getHttpPasswordUrl();
String url = Gerrit.info().auth().httpPasswordUrl();
if (url != null) {
Anchor link = new Anchor();
link.setText(Util.C.linkObtainPassword());

6
gerrit-gwtui/src/main/java/com/google/gerrit/client/account/MyProfileScreen.java
View File

@@ -61,13 +61,13 @@ public class MyProfileScreen extends SettingsScreen {
fieldIdx = 1;
}
info = new Grid((Gerrit.getConfig().siteHasUsernames() ? 1 : 0) + 4, 2);
info = new Grid((Gerrit.info().auth().siteHasUsernames() ? 1 : 0) + 4, 2);
info.setStyleName(Gerrit.RESOURCES.css().infoBlock());
info.addStyleName(Gerrit.RESOURCES.css().accountInfoBlock());
h.add(info);
int row = 0;
if (Gerrit.getConfig().siteHasUsernames()) {
if (Gerrit.info().auth().siteHasUsernames()) {
infoRow(row++, Util.C.userName());
}
infoRow(row++, Util.C.fullName());
@@ -110,7 +110,7 @@ public class MyProfileScreen extends SettingsScreen {
});
int row = 0;
if (Gerrit.getConfig().siteHasUsernames()) {
if (Gerrit.info().auth().siteHasUsernames()) {
info.setWidget(row++, fieldIdx, new UsernameField());
}
info.setText(row++, fieldIdx, account.getFullName());

2
gerrit-gwtui/src/main/java/com/google/gerrit/client/account/SettingsScreen.java
View File

@@ -29,7 +29,7 @@ public abstract class SettingsScreen extends MenuScreen {
if (Gerrit.getConfig().getSshdAddress() != null) {
link(Util.C.tabSshKeys(), PageLinks.SETTINGS_SSHKEYS);
}
if (Gerrit.getConfig().isHttpPasswordSettingsEnabled()) {
if (Gerrit.info().auth().isHttpPasswordSettingsEnabled()) {
link(Util.C.tabHttpAccess(), PageLinks.SETTINGS_HTTP_PASSWORD);
}
link(Util.C.tabWebIdentities(), PageLinks.SETTINGS_WEBIDENT);

32
gerrit-gwtui/src/main/java/com/google/gerrit/client/config/AuthInfo.java
View File

@@ -17,6 +17,7 @@ package com.google.gerrit.client.config;
import com.google.gerrit.client.rpc.Natives;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AuthType;
import com.google.gerrit.reviewdb.client.Account.FieldName;
import com.google.gwt.core.client.JavaScriptObject;
import com.google.gwt.core.client.JsArrayString;
@@ -28,6 +29,9 @@ public class AuthInfo extends JavaScriptObject {
return AuthType.valueOf(authTypeRaw());
}
public final boolean isLdap() {
return authType() == AuthType.LDAP || authType() == AuthType.LDAP_BIND;
}
public final boolean isOpenId() {
return authType() == AuthType.OPENID;
}
@@ -44,6 +48,10 @@ public class AuthInfo extends JavaScriptObject {
return authType() == AuthType.CLIENT_SSL_CERT_LDAP;
}
public final boolean isCustomExtension() {
return authType() == AuthType.CUSTOM_EXTENSION;
}
public final boolean canEdit(Account.FieldName f) {
return editableAccountFields().contains(f);
}
@@ -56,8 +64,32 @@ public class AuthInfo extends JavaScriptObject {
return fields;
}
public final boolean siteHasUsernames() {
if (isCustomExtension()
&& httpPasswordUrl() != null
&& !canEdit(FieldName.USER_NAME)) {
return false;
}
return true;
}
public final boolean isHttpPasswordSettingsEnabled() {
if (isLdap() && isGitBasicAuth()) {
return false;
}
return true;
}
public final native boolean useContributorAgreements()
/*-{ return this.use_contributor_agreements || false; }-*/;
public final native String loginUrl() /*-{ return this.login_url; }-*/;
public final native String loginText() /*-{ return this.login_text; }-*/;
public final native String switchAccountUrl() /*-{ return this.switch_account_url; }-*/;
public final native String registerUrl() /*-{ return this.register_url; }-*/;
public final native String registerText() /*-{ return this.register_text; }-*/;
public final native String editFullNameUrl() /*-{ return this.edit_full_name_url; }-*/;
public final native String httpPasswordUrl() /*-{ return this.http_password_url; }-*/;
public final native boolean isGitBasicAuth() /*-{ return this.is_git_basic_auth || false; }-*/;
private final native String authTypeRaw() /*-{ return this.auth_type; }-*/;
private final native JsArrayString _editableAccountFields()
/*-{ return this.editable_account_fields; }-*/;

42
gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritConfigProvider.java
View File

@@ -21,11 +21,9 @@ import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.gerrit.common.data.GerritConfig;
import com.google.gerrit.common.data.GitwebConfig;
import com.google.gerrit.server.account.Realm;
import com.google.gerrit.server.change.ArchiveFormat;
import com.google.gerrit.server.change.GetArchive;
import com.google.gerrit.server.config.AnonymousCowardName;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.config.ConfigUtil;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.ssh.SshInfo;
@@ -41,9 +39,7 @@ import java.util.concurrent.TimeUnit;
import javax.servlet.ServletContext;
class GerritConfigProvider implements Provider<GerritConfig> {
private final Realm realm;
private final Config cfg;
private final AuthConfig authConfig;
private final GetArchive.AllowedFormats archiveFormats;
private final GitWebConfig gitWebConfig;
private final SshInfo sshInfo;
@@ -52,17 +48,14 @@ class GerritConfigProvider implements Provider<GerritConfig> {
private final String anonymousCowardName;
@Inject
GerritConfigProvider(Realm r,
GerritConfigProvider(
@GerritServerConfig Config gsc,
AuthConfig ac,
GitWebConfig gwc,
SshInfo si,
ServletContext sc,
GetArchive.AllowedFormats af,
@AnonymousCowardName String acn) {
realm = r;
cfg = gsc;
authConfig = ac;
archiveFormats = af;
gitWebConfig = gwc;
sshInfo = si;
@@ -72,38 +65,7 @@ class GerritConfigProvider implements Provider<GerritConfig> {
private GerritConfig create() throws MalformedURLException {
final GerritConfig config = new GerritConfig();
switch (authConfig.getAuthType()) {
case LDAP:
case LDAP_BIND:
config.setRegisterUrl(cfg.getString("auth", null, "registerurl"));
config.setRegisterText(cfg.getString("auth", null, "registertext"));
config.setEditFullNameUrl(cfg.getString("auth", null, "editFullNameUrl"));
config.setHttpPasswordSettingsEnabled(!authConfig.isGitBasicAuth());
break;
case CUSTOM_EXTENSION:
config.setRegisterUrl(cfg.getString("auth", null, "registerurl"));
config.setRegisterText(cfg.getString("auth", null, "registertext"));
config.setEditFullNameUrl(cfg.getString("auth", null, "editFullNameUrl"));
config.setHttpPasswordUrl(cfg.getString("auth", null, "httpPasswordUrl"));
break;
case HTTP:
case HTTP_LDAP:
config.setLoginUrl(cfg.getString("auth", null, "loginurl"));
config.setLoginText(cfg.getString("auth", null, "logintext"));
break;
case CLIENT_SSL_CERT_LDAP:
case DEVELOPMENT_BECOME_ANY_ACCOUNT:
case OAUTH:
case OPENID:
case OPENID_SSO:
break;
}
config.setSwitchAccountUrl(cfg.getString("auth", null, "switchAccountUrl"));
config.setGitDaemonUrl(cfg.getString("gerrit", null, "canonicalgiturl"));
config.setAuthType(authConfig.getAuthType());
config.setDocumentationAvailable(servletContext
.getResource("/Documentation/index.html") != null);
config.setAnonymousCowardName(anonymousCowardName);
@@ -133,8 +95,6 @@ class GerritConfigProvider implements Provider<GerritConfig> {
config.setReportBugUrl(cfg.getString("gerrit", null, "reportBugUrl"));
config.setReportBugText(cfg.getString("gerrit", null, "reportBugText"));
config.setEditableAccountFields(realm.getEditableFields());
if (gitWebConfig.getUrl() != null) {
config.setGitwebLink(new GitwebConfig(gitWebConfig.getUrl(), gitWebConfig
.getGitWebType()));

36
gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java
View File

@@ -40,13 +40,19 @@ public class AuthConfig {
private final String httpEmailHeader;
private final String httpExternalIdHeader;
private final String registerPageUrl;
private final String registerUrl;
private final String registerText;
private final boolean trustContainerAuth;
private final boolean enableRunAs;
private final boolean userNameToLowerCase;
private final boolean gitBasicAuth;
private final boolean useContributorAgreements;
private final String loginUrl;
private final String loginText;
private final String logoutUrl;
private final String switchAccountUrl;
private final String editFullNameUrl;
private final String httpPasswordUrl;
private final String openIdSsoUrl;
private final List<String> openIdDomains;
private final List<OpenIdProviderPattern> trustedOpenIDs;
@@ -65,8 +71,14 @@ public class AuthConfig {
httpEmailHeader = cfg.getString("auth", null, "httpemailheader");
httpExternalIdHeader = cfg.getString("auth", null, "httpexternalidheader");
loginUrl = cfg.getString("auth", null, "loginurl");
loginText = cfg.getString("auth", null, "logintext");
logoutUrl = cfg.getString("auth", null, "logouturl");
switchAccountUrl = cfg.getString("auth", null, "switchAccountUrl");
editFullNameUrl = cfg.getString("auth", null, "editFullNameUrl");
httpPasswordUrl = cfg.getString("auth", null, "httpPasswordUrl");
registerPageUrl = cfg.getString("auth", null, "registerPageUrl");
registerUrl = cfg.getString("auth", null, "registerUrl");
registerText = cfg.getString("auth", null, "registerText");
openIdSsoUrl = cfg.getString("auth", null, "openidssourl");
openIdDomains = Arrays.asList(cfg.getStringList("auth", null, "openIdDomain"));
trustedOpenIDs = toPatterns(cfg, "trustedOpenID");
@@ -144,10 +156,26 @@ public class AuthConfig {
return loginUrl;
}
public String getLoginText() {
return loginText;
}
public String getLogoutURL() {
return logoutUrl;
}
public String getSwitchAccountUrl() {
return switchAccountUrl;
}
public String getEditFullNameUrl() {
return editFullNameUrl;
}
public String getHttpPasswordUrl() {
return httpPasswordUrl;
}
public String getOpenIdSsoUrl() {
return openIdSsoUrl;
}
@@ -271,6 +299,14 @@ public class AuthConfig {
return registerPageUrl;
}
public String getRegisterUrl() {
return registerUrl;
}
public String getRegisterText() {
return registerText;
}
public boolean isLdapAuthType() {
return authType == AuthType.LDAP ||
authType == AuthType.LDAP_BIND;

39
gerrit-server/src/main/java/com/google/gerrit/server/config/GetServerInfo.java
View File

@@ -102,11 +102,50 @@ public class GetServerInfo implements RestReadView<ConfigResource> {
public AuthType authType;
public Boolean useContributorAgreements;
public List<Account.FieldName> editableAccountFields;
public String loginUrl;
public String loginText;
public String switchAccountUrl;
public String registerUrl;
public String registerText;
public String editFullNameUrl;
public String httpPasswordUrl;
public Boolean isGitBasicAuth;
public AuthInfo(AuthConfig cfg, Realm realm) {
authType = cfg.getAuthType();
useContributorAgreements = toBoolean(cfg.isUseContributorAgreements());
editableAccountFields = new ArrayList<>(realm.getEditableFields());
switchAccountUrl = cfg.getSwitchAccountUrl();
switch (authType) {
case LDAP:
case LDAP_BIND:
registerUrl = cfg.getRegisterUrl();
registerText = cfg.getRegisterText();
editFullNameUrl = cfg.getEditFullNameUrl();
isGitBasicAuth = toBoolean(cfg.isGitBasicAuth());
break;
case CUSTOM_EXTENSION:
registerUrl = cfg.getRegisterUrl();
registerText = cfg.getRegisterText();
editFullNameUrl = cfg.getEditFullNameUrl();
httpPasswordUrl = cfg.getHttpPasswordUrl();
break;
case HTTP:
case HTTP_LDAP:
loginUrl = cfg.getLoginUrl();
loginText = cfg.getLoginText();
break;
case CLIENT_SSL_CERT_LDAP:
case DEVELOPMENT_BECOME_ANY_ACCOUNT:
case OAUTH:
case OPENID:
case OPENID_SSO:
break;
}
}
}