opendev/gerrit
Code Issues Proposed changes

CreateChange: Do not fail with 500 ISE if called by anonymous user

Browse Source 
Signed-off-by: Edwin Kempin <ekempin@google.com>
Change-Id: I0eb38cad91f22f148d8884c7e1ccf2d9e7e8ace8
This commit is contained in:
Edwin Kempin
2019-09-18 10:15:58 +02:00
parent 17f7dfe7e3
commit 75b159ec25
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/com/google/gerrit/server/restapi/change/CreateChange.java
View File

@@ -160,6 +160,9 @@ public class CreateChange
BatchUpdate.Factory updateFactory, TopLevelResource parent, ChangeInput input) BatchUpdate.Factory updateFactory, TopLevelResource parent, ChangeInput input)
throws IOException, InvalidChangeOperationException, RestApiException, UpdateException, throws IOException, InvalidChangeOperationException, RestApiException, UpdateException,
PermissionBackendException, ConfigInvalidException { PermissionBackendException, ConfigInvalidException {
if (!user.get().isIdentifiedUser()) {
throw new AuthException("Authentication required");
}
IdentifiedUser me = user.get().asIdentifiedUser(); IdentifiedUser me = user.get().asIdentifiedUser();
checkAndSanitizeChangeInput(input, me); checkAndSanitizeChangeInput(input, me);

8
javatests/com/google/gerrit/acceptance/rest/change/CreateChangeIT.java
View File

@@ -40,6 +40,7 @@ import com.google.gerrit.extensions.client.GeneralPreferencesInfo;
import com.google.gerrit.extensions.common.ChangeInfo; import com.google.gerrit.extensions.common.ChangeInfo;
import com.google.gerrit.extensions.common.ChangeInput; import com.google.gerrit.extensions.common.ChangeInput;
import com.google.gerrit.extensions.common.MergeInput; import com.google.gerrit.extensions.common.MergeInput;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.BadRequestException; import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.ResourceConflictException; import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException; import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
@@ -124,6 +125,13 @@ public class CreateChangeIT extends AbstractDaemonTest {
assertCreateFails(ci, BadRequestException.class, "commit message must be non-empty"); assertCreateFails(ci, BadRequestException.class, "commit message must be non-empty");
} }
@Test
public void createNewChange_RequiresAuthentication() throws Exception {
requestScopeOperations.setApiUserAnonymous();
assertCreateFails(
newChangeInput(ChangeStatus.NEW), AuthException.class, "Authentication required");
}
@Test @Test
public void createNewChange() throws Exception { public void createNewChange() throws Exception {
ChangeInfo info = assertCreateSucceeds(newChangeInput(ChangeStatus.NEW)); ChangeInfo info = assertCreateSucceeds(newChangeInput(ChangeStatus.NEW));