Support auth.type = CUSTOM_EXTENSION
This new auth type configures the web UI similar to the way HTTP works, allowing the UI to redirect sign-in requests through the /login/* URL and sign-out requests through /logout. No URL handlers are installed in the application for this type of authentication system. Instead it is assumed additional code has been injected into the same environment via Guice to handle the authentication. This is currently a very advanced usage of Gerrit Code Review's server and is not recommended for most site administrators, so the type is not documented at this time. This change is a first step towards supporting other types of user authentication, with the idea of eventually having a plugin system to permit other third party authenticators. Change-Id: I95fcbfc6f486513f7c7105a1b7005ab78b1f4073 Signed-off-by: Shawn O. Pearce <sop@google.com>
This commit is contained in:
Shawn O. Pearce
@@ -26,6 +26,7 @@ import java.util.Set;
|
|||||||
|
|
||||||
public class GerritConfig implements Cloneable {
|
public class GerritConfig implements Cloneable {
|
||||||
protected String registerUrl;
|
protected String registerUrl;
|
||||||
|
protected String httpPasswordUrl;
|
||||||
protected List<OpenIdProviderPattern> allowedOpenIDs;
|
protected List<OpenIdProviderPattern> allowedOpenIDs;
|
||||||
|
|
||||||
protected GitwebLink gitweb;
|
protected GitwebLink gitweb;
|
||||||
@@ -52,6 +53,14 @@ public class GerritConfig implements Cloneable {
|
|||||||
registerUrl = u;
|
registerUrl = u;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getHttpPasswordUrl() {
|
||||||
|
return httpPasswordUrl;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setHttpPasswordUrl(String url) {
|
||||||
|
httpPasswordUrl = url;
|
||||||
|
}
|
||||||
|
|
||||||
public List<OpenIdProviderPattern> getAllowedOpenIDs() {
|
public List<OpenIdProviderPattern> getAllowedOpenIDs() {
|
||||||
return allowedOpenIDs;
|
return allowedOpenIDs;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -246,6 +246,7 @@ public class Gerrit implements EntryPoint {
|
|||||||
case HTTP:
|
case HTTP:
|
||||||
case HTTP_LDAP:
|
case HTTP_LDAP:
|
||||||
case CLIENT_SSL_CERT_LDAP:
|
case CLIENT_SSL_CERT_LDAP:
|
||||||
|
case CUSTOM_EXTENSION:
|
||||||
if (!token.startsWith("/")) {
|
if (!token.startsWith("/")) {
|
||||||
token = "/" + token;
|
token = "/" + token;
|
||||||
}
|
}
|
||||||
@@ -563,6 +564,7 @@ public class Gerrit implements EntryPoint {
|
|||||||
|
|
||||||
case LDAP:
|
case LDAP:
|
||||||
case LDAP_BIND:
|
case LDAP_BIND:
|
||||||
|
case CUSTOM_EXTENSION:
|
||||||
if (cfg.getRegisterUrl() != null) {
|
if (cfg.getRegisterUrl() != null) {
|
||||||
menuRight.add(anchor(C.menuRegister(), cfg.getRegisterUrl()));
|
menuRight.add(anchor(C.menuRegister(), cfg.getRegisterUrl()));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -56,6 +56,7 @@ public interface AccountConstants extends Constants {
|
|||||||
String buttonChangeUserName();
|
String buttonChangeUserName();
|
||||||
String buttonClearPassword();
|
String buttonClearPassword();
|
||||||
String buttonGeneratePassword();
|
String buttonGeneratePassword();
|
||||||
|
String linkObtainPassword();
|
||||||
String invalidUserName();
|
String invalidUserName();
|
||||||
String invalidUserEmail();
|
String invalidUserEmail();
|
||||||
|
|
||||||
|
|||||||
@@ -37,6 +37,7 @@ buttonSetUserName = Select Username
|
|||||||
buttonChangeUserName = Change Username
|
buttonChangeUserName = Change Username
|
||||||
buttonClearPassword = Clear Password
|
buttonClearPassword = Clear Password
|
||||||
buttonGeneratePassword = Generate Password
|
buttonGeneratePassword = Generate Password
|
||||||
|
linkObtainPassword = Obtain Password
|
||||||
invalidUserName = Username must contain only letters, numbers, _, - or .
|
invalidUserName = Username must contain only letters, numbers, _, - or .
|
||||||
invalidUserEmail = Email format is wrong.
|
invalidUserEmail = Email format is wrong.
|
||||||
sshKeyInvalid = Invalid Key
|
sshKeyInvalid = Invalid Key
|
||||||
|
|||||||
@@ -23,11 +23,12 @@ import com.google.gerrit.reviewdb.AccountExternalId;
|
|||||||
import com.google.gwt.event.dom.client.ClickEvent;
|
import com.google.gwt.event.dom.client.ClickEvent;
|
||||||
import com.google.gwt.event.dom.client.ClickHandler;
|
import com.google.gwt.event.dom.client.ClickHandler;
|
||||||
import com.google.gwt.i18n.client.LocaleInfo;
|
import com.google.gwt.i18n.client.LocaleInfo;
|
||||||
|
import com.google.gwt.user.client.ui.Anchor;
|
||||||
import com.google.gwt.user.client.ui.Button;
|
import com.google.gwt.user.client.ui.Button;
|
||||||
import com.google.gwt.user.client.ui.FlowPanel;
|
import com.google.gwt.user.client.ui.FlowPanel;
|
||||||
import com.google.gwt.user.client.ui.Grid;
|
import com.google.gwt.user.client.ui.Grid;
|
||||||
import com.google.gwt.user.client.ui.Widget;
|
|
||||||
import com.google.gwt.user.client.ui.HTMLTable.CellFormatter;
|
import com.google.gwt.user.client.ui.HTMLTable.CellFormatter;
|
||||||
|
import com.google.gwt.user.client.ui.Widget;
|
||||||
import com.google.gwtexpui.clippy.client.CopyableLabel;
|
import com.google.gwtexpui.clippy.client.CopyableLabel;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@@ -42,6 +43,16 @@ public class MyPasswordScreen extends SettingsScreen {
|
|||||||
protected void onInitUI() {
|
protected void onInitUI() {
|
||||||
super.onInitUI();
|
super.onInitUI();
|
||||||
|
|
||||||
|
String url = Gerrit.getConfig().getHttpPasswordUrl();
|
||||||
|
if (url != null) {
|
||||||
|
Anchor link = new Anchor();
|
||||||
|
link.setText(Util.C.linkObtainPassword());
|
||||||
|
link.setHref(url);
|
||||||
|
link.setTarget("_blank");
|
||||||
|
add(link);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
password = new CopyableLabel("");
|
password = new CopyableLabel("");
|
||||||
password.addStyleName(Gerrit.RESOURCES.css().accountPassword());
|
password.addStyleName(Gerrit.RESOURCES.css().accountPassword());
|
||||||
|
|
||||||
@@ -84,6 +95,11 @@ public class MyPasswordScreen extends SettingsScreen {
|
|||||||
protected void onLoad() {
|
protected void onLoad() {
|
||||||
super.onLoad();
|
super.onLoad();
|
||||||
|
|
||||||
|
if (password == null) {
|
||||||
|
display();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
enableUI(false);
|
enableUI(false);
|
||||||
Util.ACCOUNT_SEC
|
Util.ACCOUNT_SEC
|
||||||
.myExternalIds(new ScreenLoadCallback<List<AccountExternalId>>(this) {
|
.myExternalIds(new ScreenLoadCallback<List<AccountExternalId>>(this) {
|
||||||
|
|||||||
@@ -91,6 +91,11 @@ class GerritConfigProvider implements Provider<GerritConfig> {
|
|||||||
case LDAP_BIND:
|
case LDAP_BIND:
|
||||||
config.setRegisterUrl(cfg.getString("auth", null, "registerurl"));
|
config.setRegisterUrl(cfg.getString("auth", null, "registerurl"));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case CUSTOM_EXTENSION:
|
||||||
|
config.setRegisterUrl(cfg.getString("auth", null, "registerurl"));
|
||||||
|
config.setHttpPasswordUrl(cfg.getString("auth", null, "httpPasswordUrl"));
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
config.setUseContributorAgreements(cfg.getBoolean("auth",
|
config.setUseContributorAgreements(cfg.getBoolean("auth",
|
||||||
"contributoragreements", false));
|
"contributoragreements", false));
|
||||||
|
|||||||
@@ -110,6 +110,8 @@ public class WebModule extends FactoryModule {
|
|||||||
});
|
});
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case CUSTOM_EXTENSION:
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
throw new ProvisionException("Unsupported loginType: " + authConfig.getAuthType());
|
throw new ProvisionException("Unsupported loginType: " + authConfig.getAuthType());
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -73,6 +73,9 @@ public enum AuthType {
|
|||||||
*/
|
*/
|
||||||
LDAP_BIND,
|
LDAP_BIND,
|
||||||
|
|
||||||
|
/** Login is managed by additional, unspecified code. */
|
||||||
|
CUSTOM_EXTENSION,
|
||||||
|
|
||||||
/** Development mode to enable becoming anyone you want. */
|
/** Development mode to enable becoming anyone you want. */
|
||||||
DEVELOPMENT_BECOME_ANY_ACCOUNT;
|
DEVELOPMENT_BECOME_ANY_ACCOUNT;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ import com.google.inject.Inject;
|
|||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
public final class DefaultRealm implements Realm {
|
public class DefaultRealm implements Realm {
|
||||||
private final EmailExpander emailExpander;
|
private final EmailExpander emailExpander;
|
||||||
private final AccountByEmailCache byEmail;
|
private final AccountByEmailCache byEmail;
|
||||||
|
|
||||||
|
|||||||
@@ -140,6 +140,7 @@ public class AuthConfig {
|
|||||||
case LDAP:
|
case LDAP:
|
||||||
case LDAP_BIND:
|
case LDAP_BIND:
|
||||||
case CLIENT_SSL_CERT_LDAP:
|
case CLIENT_SSL_CERT_LDAP:
|
||||||
|
case CUSTOM_EXTENSION:
|
||||||
// Its safe to assume yes for an HTTP authentication type, as the
|
// Its safe to assume yes for an HTTP authentication type, as the
|
||||||
// only way in is through some external system that the admin trusts
|
// only way in is through some external system that the admin trusts
|
||||||
//
|
//
|
||||||
|
|||||||
@@ -127,6 +127,9 @@ public class GerritGlobalModule extends FactoryModule {
|
|||||||
install(new LdapModule());
|
install(new LdapModule());
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case CUSTOM_EXTENSION:
|
||||||
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
bind(Realm.class).to(DefaultRealm.class);
|
bind(Realm.class).to(DefaultRealm.class);
|
||||||
break;
|
break;
|
||||||
|
|||||||
Reference in New Issue
Block a user