Configure editable account fields for OAuth realm
Full name and email address might not be provided by all OAuth login providers. In that case, it should be possible for a user to enter these account fields in the Gerrit UI manually. OAuthRealm now checks the Gerrit configuration for the parameters oauth.allowEditFullName and oauth.allowRegisterNewEmail. If set to true, a user may edit the full name or add additional email addresses in the Contact Information settings, respectively. Otherwise Gerrit relies on the information provided by the OAuth login provider. Change-Id: I250e86ada75e1d0a8e1018903510e2d1b55b8fa9 Signed-off-by: Michael Ochmann <michael.ochmann@sap.com>
This commit is contained in:
Michael Ochmann
@@ -2874,6 +2874,31 @@ Common examples:
|
||||
safe = true
|
||||
----
|
||||
|
||||
[[oauth]]
|
||||
=== Section oauth
|
||||
|
||||
OAuth integration is only enabled if `auth.type` is set to `OAUTH`. See
|
||||
link:#auth.type[above] for a detailed description of the `auth.type` settings
|
||||
and their implications.
|
||||
|
||||
By default, contact information, like the full name and email address,
|
||||
is retrieved from the selected OAuth provider when a user account is created,
|
||||
or when a user requests to reload that information in the settings UI. If
|
||||
that is not supported by the OAuth provider, users can be allowed to edit
|
||||
their contact information manually.
|
||||
|
||||
[[oauth.allowEditFullName]]oauth.allowEditFullName::
|
||||
+
|
||||
If true, the full name can be edited in the contact information.
|
||||
+
|
||||
Default is false.
|
||||
|
||||
[[oauth.allowRegisterNewEmail]]oauth.allowRegisterNewEmail::
|
||||
+
|
||||
If true, additional email addresses can be registered in the contact
|
||||
information.
|
||||
+
|
||||
Default is false.
|
||||
|
||||
[[pack]]
|
||||
=== Section pack
|
||||
|
||||
@@ -25,23 +25,37 @@ import com.google.gerrit.server.account.AbstractRealm;
|
||||
import com.google.gerrit.server.account.AccountException;
|
||||
import com.google.gerrit.server.account.AccountManager;
|
||||
import com.google.gerrit.server.account.AuthRequest;
|
||||
import com.google.gerrit.server.config.GerritServerConfig;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Singleton;
|
||||
|
||||
import org.eclipse.jgit.lib.Config;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
@Singleton
|
||||
public class OAuthRealm extends AbstractRealm {
|
||||
private final DynamicMap<OAuthLoginProvider> loginProviders;
|
||||
private final Set<FieldName> editableAccountFields;
|
||||
|
||||
@Inject
|
||||
OAuthRealm(DynamicMap<OAuthLoginProvider> loginProviders) {
|
||||
OAuthRealm(DynamicMap<OAuthLoginProvider> loginProviders,
|
||||
@GerritServerConfig Config config) {
|
||||
this.loginProviders = loginProviders;
|
||||
this.editableAccountFields = new HashSet<>();
|
||||
if (config.getBoolean("oauth", null, "allowEditFullName", false)) {
|
||||
editableAccountFields.add(FieldName.FULL_NAME);
|
||||
}
|
||||
if (config.getBoolean("oauth", null, "allowRegisterNewEmail", false)) {
|
||||
editableAccountFields.add(FieldName.REGISTER_NEW_EMAIL);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean allowsEdit(FieldName field) {
|
||||
return false;
|
||||
return editableAccountFields.contains(field);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user