Support auth.type = CUSTOM_EXTENSION

This new auth type configures the web UI similar to the way HTTP
works, allowing the UI to redirect sign-in requests through the
/login/* URL and sign-out requests through /logout.

No URL handlers are installed in the application for this type
of authentication system. Instead it is assumed additional code
has been injected into the same environment via Guice to handle
the authentication. This is currently a very advanced usage of
Gerrit Code Review's server and is not recommended for most
site administrators, so the type is not documented at this time.

This change is a first step towards supporting other types
of user authentication, with the idea of eventually having
a plugin system to permit other third party authenticators.

Change-Id: I95fcbfc6f486513f7c7105a1b7005ab78b1f4073
Signed-off-by: Shawn O. Pearce <sop@google.com>

gerrit-common/src/main/java/com/google/gerrit/common/data/GerritConfig.java

@@ -26,6 +26,7 @@ import java.util.Set;
 
 public class GerritConfig implements Cloneable {
   protected String registerUrl;
+  protected String httpPasswordUrl;
   protected List<OpenIdProviderPattern> allowedOpenIDs;
 
   protected GitwebLink gitweb;
@@ -52,6 +53,14 @@ public class GerritConfig implements Cloneable {
     registerUrl = u;
   }
 
+  public String getHttpPasswordUrl() {
+    return httpPasswordUrl;
+  }
+
+  public void setHttpPasswordUrl(String url) {
+    httpPasswordUrl = url;
+  }
+
   public List<OpenIdProviderPattern> getAllowedOpenIDs() {
     return allowedOpenIDs;
   }

gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java

@@ -246,6 +246,7 @@ public class Gerrit implements EntryPoint {
       case HTTP:
       case HTTP_LDAP:
       case CLIENT_SSL_CERT_LDAP:
+      case CUSTOM_EXTENSION:
         if (!token.startsWith("/")) {
           token = "/" + token;
         }
@@ -563,6 +564,7 @@ public class Gerrit implements EntryPoint {
 
         case LDAP:
         case LDAP_BIND:
+        case CUSTOM_EXTENSION:
           if (cfg.getRegisterUrl() != null) {
             menuRight.add(anchor(C.menuRegister(), cfg.getRegisterUrl()));
           }

gerrit-gwtui/src/main/java/com/google/gerrit/client/account/AccountConstants.java

@@ -56,6 +56,7 @@ public interface AccountConstants extends Constants {
   String buttonChangeUserName();
   String buttonClearPassword();
   String buttonGeneratePassword();
+  String linkObtainPassword();
   String invalidUserName();
   String invalidUserEmail();
 

gerrit-gwtui/src/main/java/com/google/gerrit/client/account/AccountConstants.properties

@@ -37,6 +37,7 @@ buttonSetUserName = Select Username
 buttonChangeUserName = Change Username
 buttonClearPassword = Clear Password
 buttonGeneratePassword = Generate Password
+linkObtainPassword = Obtain Password
 invalidUserName = Username must contain only letters, numbers, _, - or .
 invalidUserEmail = Email format is wrong.
 sshKeyInvalid = Invalid Key

gerrit-gwtui/src/main/java/com/google/gerrit/client/account/MyPasswordScreen.java

@@ -23,11 +23,12 @@ import com.google.gerrit.reviewdb.AccountExternalId;
 import com.google.gwt.event.dom.client.ClickEvent;
 import com.google.gwt.event.dom.client.ClickHandler;
 import com.google.gwt.i18n.client.LocaleInfo;
+import com.google.gwt.user.client.ui.Anchor;
 import com.google.gwt.user.client.ui.Button;
 import com.google.gwt.user.client.ui.FlowPanel;
 import com.google.gwt.user.client.ui.Grid;
-import com.google.gwt.user.client.ui.Widget;
 import com.google.gwt.user.client.ui.HTMLTable.CellFormatter;
+import com.google.gwt.user.client.ui.Widget;
 import com.google.gwtexpui.clippy.client.CopyableLabel;
 
 import java.util.List;
@@ -42,6 +43,16 @@ public class MyPasswordScreen extends SettingsScreen {
   protected void onInitUI() {
     super.onInitUI();
 
+    String url = Gerrit.getConfig().getHttpPasswordUrl();
+    if (url != null) {
+      Anchor link = new Anchor();
+      link.setText(Util.C.linkObtainPassword());
+      link.setHref(url);
+      link.setTarget("_blank");
+      add(link);
+      return;
+    }
+
     password = new CopyableLabel("");
     password.addStyleName(Gerrit.RESOURCES.css().accountPassword());
 
@@ -84,6 +95,11 @@ public class MyPasswordScreen extends SettingsScreen {
   protected void onLoad() {
     super.onLoad();
 
+    if (password == null) {
+      display();
+      return;
+    }
+
     enableUI(false);
     Util.ACCOUNT_SEC
         .myExternalIds(new ScreenLoadCallback<List<AccountExternalId>>(this) {

gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritConfigProvider.java

@@ -91,6 +91,11 @@ class GerritConfigProvider implements Provider<GerritConfig> {
       case LDAP_BIND:
         config.setRegisterUrl(cfg.getString("auth", null, "registerurl"));
         break;
+
+      case CUSTOM_EXTENSION:
+        config.setRegisterUrl(cfg.getString("auth", null, "registerurl"));
+        config.setHttpPasswordUrl(cfg.getString("auth", null, "httpPasswordUrl"));
+        break;
     }
     config.setUseContributorAgreements(cfg.getBoolean("auth",
         "contributoragreements", false));

gerrit-httpd/src/main/java/com/google/gerrit/httpd/WebModule.java

@@ -110,6 +110,8 @@ public class WebModule extends FactoryModule {
         });
         break;
 
+      case CUSTOM_EXTENSION:
+        break;
       default:
         throw new ProvisionException("Unsupported loginType: " + authConfig.getAuthType());
     }

gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/AuthType.java

@@ -73,6 +73,9 @@ public enum AuthType {
    */
   LDAP_BIND,
 
+  /** Login is managed by additional, unspecified code. */
+  CUSTOM_EXTENSION,
+
   /** Development mode to enable becoming anyone you want. */
   DEVELOPMENT_BECOME_ANY_ACCOUNT;
 }

gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java

@@ -21,7 +21,7 @@ import com.google.inject.Inject;
 import java.util.Collections;
 import java.util.Set;
 
-public final class DefaultRealm implements Realm {
+public class DefaultRealm implements Realm {
   private final EmailExpander emailExpander;
   private final AccountByEmailCache byEmail;
 

gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java

@@ -140,6 +140,7 @@ public class AuthConfig {
       case LDAP:
       case LDAP_BIND:
       case CLIENT_SSL_CERT_LDAP:
+      case CUSTOM_EXTENSION:
         // Its safe to assume yes for an HTTP authentication type, as the
         // only way in is through some external system that the admin trusts
         //

gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java

@@ -127,6 +127,9 @@ public class GerritGlobalModule extends FactoryModule {
         install(new LdapModule());
         break;
 
+      case CUSTOM_EXTENSION:
+        break;
+
       default:
         bind(Realm.class).to(DefaultRealm.class);
         break;