opendev/gerrit
Code Issues Proposed changes

Merge changes I2304bfca,I378cc296,Ie08e50ea,Ia32983e2,Id51a0504

Browse Source 
* changes:
  config-sso.txt: Update sections that talk about external IDs
  Document accounts in NoteDb
  Allow to push updates of account.config file
  Remove support for writing accounts from ReviewDb
  Remove support for reading accounts from ReviewDb
This commit is contained in:
Edwin Kempin 2017-08-29 16:16:01 +00:00 committed by Gerrit Code Review
commit 886fbdcc81
33 changed files with 1081 additions and 359 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Documentation/access-control.txt
View File

@ -220,6 +220,7 @@ shortest possible pattern expansion must be a valid ref name:
thus `^refs/heads/.*/name` will fail because `refs/heads//name`
is not a valid reference, but `^refs/heads/.+/name` will work.
[[sharded-user-id]]
References can have the user name or the sharded account ID of the
current user automatically included, creating dynamic access controls
that change to match the currently logged in user. For example to

411
Documentation/config-accounts.txt Normal file
View File

@ -0,0 +1,411 @@
= Gerrit Code Review - Accounts
== Overview
Starting from 2.15 Gerrit accounts are fully stored in
link:dev-note-db.html[NoteDb].
The account data consists of a sequence number (account ID), account
properties (full name, preferred email, registration date, status,
inactive flag), preferences (general, diff and edit preferences),
project watches, SSH keys, external IDs, starred changes and reviewed
flags.
Most account data is stored in a special link:#all-users[All-Users]
repository, which has one branch per user. Within the user branch there
are Git config files for the link:#account-properties[
account properties], the link:#preferences[account preferences] and the
link:#project-watches[project watches]. In addition there is an
`authorized_keys` file for the link:#ssh-keys[SSH keys] that follows
the standard OpenSSH file format.
The account data in the user branch is versioned and the Git history of
this branch serves as an audit log.
The link:#external-ids[external IDs] are stored as Git Notes inside the
`All-Users` repository in the `refs/meta/external-ids` notes branch.
Storing all external IDs in a notes branch ensures that each external
ID is only used once.
The link:#starred-changes[starred changes] are represented as
independent refs in the `All-Users` repository. They are not stored in
the user branch, since this data doesn't need versioning.
The link:#reviewed-flags[reviewed flags] are not stored in Git, but are
persisted in a database table. This is because there is a high volume
of reviewed flags and storing them in Git would be inefficient.
Since accessing the account data in Git is not fast enough for account
queries, e.g. when suggesting reviewers, Gerrit has a
link:#account-index[secondary index for accounts].
[[all-users]]
== `All-Users` repository
The `All-Users` repository is a special repository that only contains
user-specific information. It contains one branch per user. The user
branch is formatted as `refs/users/CD/ABCD`, where `CD/ABCD` is the
link:access-control.html#sharded-user-id[sharded account ID], e.g. the
user branch for account `1000856` is `refs/users/56/1000856`. The
account IDs in the user refs are sharded so that there is a good
distribution of the Git data in the storage system.
A user branch must exist for each account, as it represents the
account. The files in the user branch are all optional. This means
having a user branch with a tree that is completely empty is also a
valid account definition.
Updates to the user branch are done through the
link:rest-api-accounts.html[Gerrit REST API], but users can also
manually fetch their user branch and push changes back to Gerrit. On
push the user data is evaluated and invalid user data is rejected.
To hide the implementation detail of the sharded account ID in the ref
name Gerrit offers a magic `refs/users/self` ref that is automatically
resolved to the user branch of the calling user. The user can then use
this ref to fetch from and push to the own user branch. E.g. if user
`1000856` pushes to `refs/users/self`, the branch
`refs/users/56/1000856` is updated. In Gerrit `self` is an established
term to refer to the calling user (e.g. in change queries). This is why
the magic ref for the own user branch is called `refs/users/self`.
A user branch should only be readable and writeable by the user to whom
the account belongs. To assign permissions on the user branches the
normal branch permission system is used. In the permission system the
user branches are specified as `refs/users/${shardeduserid}`. The
`${shardeduserid}` variable is resolved to the sharded account ID. This
variable is used to assign default access rights on all user branches
that apply only to the owning user. The following permissions are set
by default when a Gerrit site is newly installed or upgraded to a
version which supports user branches:
.All-Users project.config
----
[access "refs/users/${shardeduserid}"]
exclusiveGroupPermissions = read push submit
read = group Registered Users
push = group Registered Users
label-Code-Review = -2..+2 group Registered Users
submit = group Registered Users
----
The user branch contains several files with account data which are
described link:#account-data-in-user-branch[below].
In addition to the user branches the `All-Users` repository also
contains a branch for the link:#external-ids[external IDs] and special
refs for the link:#starred-changes[starred changes].
Also the next available value of the link:#account-sequence[account
sequence] is stored in the `All-Users` repository.
[[account-index]]
== Account Index
There are several situations in which Gerrit needs to query accounts,
e.g.:
* For sending email notifications to project watchers.
* For reviewer suggestions.
Accessing the account data in Git is not fast enough for account
queries, since it requires accessing all user branches and parsing
all files in each of them. To overcome this Gerrit has a secondary
index for accounts. The account index is either based on
link:config-gerrit.html#index.type[Lucene or Elasticsearch].
Via the link:rest-api-accounts.html#query-account[Query Account] REST
endpoint link:user-search-accounts.html[generic account queries] are
supported.
Accounts are automatically reindexed on any update. The
link:rest-api-accounts.html#index-account[Index Account] REST endpoint
allows to reindex an account manually. In addition the
link:pgm-reindex.html[reindex] program can be used to reindex all
accounts offline.
[[account-data-in-user-branch]]
== Account Data in User Branch
A user branch contains several Git config files with the account data:
* `account.config`:
+
Stores the link:#account-properties[account properties].
* `preferences.config`:
+
Stores the link:#preferences[user preferences] of the account.
* `watch.config`:
+
Stores the link:#project-watches[project watches] of the account.
In addition it contains an
link:https://en.wikibooks.org/wiki/OpenSSH/Client_Configuration_Files#.7E.2F.ssh.2Fauthorized_keys[
authorized_keys] file with the link:#ssh-keys[SSH keys] of the account.
[[account-properties]]
=== Account Properties
The account properties are stored in the user branch in the
`account.config` file:
----
[account]
fullName = John Doe
preferredEmail = john.doe@example.com
status = OOO
active = false
----
For active accounts the `active` parameter can be omitted.
The registration date is not contained in the `account.config` file but
is derived from the timestamp of the first commit on the user branch.
When users update their account properties by pushing to the user
branch, it is verified that the preferred email exists in the external
IDs.
Users are not allowed to flip the active value themselves; only
administrators and users with the
link:access-control.html#capability_modifyAccount[Modify Account]
global capability are allowed to change it.
Since all data in the `account.config` file is optional the
`account.config` file may be absent from some user branches.
[[preferences]]
=== Preferences
The account properties are stored in the user branch in the
`preferences.config` file. There are separate sections for
link:intro-user.html#preferences[general],
link:user-review-ui.html#diff-preferences[diff] and edit preferences:
----
[general]
showSiteHeader = false
[diff]
hideTopMenu = true
[edit]
lineLength = 80
----
The parameter names match the names that are used in the preferences REST API:
* link:rest-api-accounts.html#preferences-info[General Preferences]
* link:rest-api-accounts.html#diff-preferences-info[Diff Preferences]
* link:rest-api-accounts.html#edit-preferences-info[Edit Preferences]
If the value for a preference is the same as the default value for this
preference, it can be omitted in the `preference.config` file.
Defaults for general and diff preferences that apply for all accounts
can be configured in the `refs/users/default` branch in the `All-Users`
repository.
[[project-watches]]
=== Project Watches
Users can configure watches on projects to receive email notifications
for changes of that project.
A watch configuration consists of the project name and an optional
filter query. If a filter query is specified, email notifications will
be sent only for changes of that project that match this query.
In addition, each watch configuration can contain a list of
notification types that determine for which events email notifications
should be sent. E.g. a user can configure that email notifications
should only be sent if a new patch set is uploaded and when the change
gets submitted, but not on other events.
Project watches are stored in a `watch.config` file in the user branch:
----
[project "foo"]
notify = * [ALL_COMMENTS]
notify = branch:master [ALL_COMMENTS, NEW_PATCHSETS]
notify = branch:master owner:self [SUBMITTED_CHANGES]
----
The `watch.config` file has one project section for all project watches
of a project. The project name is used as subsection name and the
filters with the notification types, that decide for which events email
notifications should be sent, are represented as `notify` values in the
subsection. A `notify` value is formatted as
"<filter> [<comma-separated-list-of-notification-types>]". The
supported notification types are described in the
link:user-notify.html#notify.name.type[Email Notifications documentation].
For a change event, a notification will be sent if any `notify` value
of the corresponding project has both a filter that matches the change
and a notification type that matches the event.
In order to send email notifications on change events, Gerrit needs to
find all accounts that watch the corresponding project. To make this
lookup fast the secondary account index is used. The account index
contains a repeated field that stores the projects that are being
watched by an account. After the accounts that watch the project have
been retrieved from the index, the complete watch configuration is
available from the account cache and Gerrit can check if any watch
matches the change and the event.
[[ssh-keys]]
=== SSH Keys
SSH keys are stored in the user branch in an `authorized_keys` file,
which is the
link:https://en.wikibooks.org/wiki/OpenSSH/Client_Configuration_Files#.7E.2F.ssh.2Fauthorized_keys[
standard OpenSSH file format] for storing SSH keys:
----
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCgug5VyMXQGnem2H1KVC4/HcRcD4zzBqSuJBRWVonSSoz3RoAZ7bWXCVVGwchtXwUURD689wFYdiPecOrWOUgeeyRq754YWRhU+W28vf8IZixgjCmiBhaL2gt3wff6pP+NXJpTSA4aeWE5DfNK5tZlxlSxqkKOS8JRSUeNQov5Tw== john.doe@example.com
# DELETED
# INVALID ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDm5yP7FmEoqzQRDyskX+9+N0q9GrvZeh5RG52EUpE4ms/Ujm3ewV1LoGzc/lYKJAIbdcZQNJ9+06EfWZaIRA3oOwAPe1eCnX+aLr8E6Tw2gDMQOGc5e9HfyXpC2pDvzauoZNYqLALOG3y/1xjo7IH8GYRS2B7zO/Mf9DdCcCKSfw== john.doe@example.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCaS7RHEcZ/zjl9hkWkqnm29RNr2OQ/TZ5jk2qBVMH3BgzPsTsEs+7ag9tfD8OCj+vOcwm626mQBZoR2e3niHa/9gnHBHFtOrGfzKbpRjTWtiOZbB9HF+rqMVD+Dawo/oicX/dDg7VAgOFSPothe6RMhbgWf84UcK5aQd5eP5y+tQ== john.doe@example.com
----
When the SSH API is used, Gerrit needs an efficient way to lookup SSH
keys by username. Since the username can be easily resolved to an
account ID (via the account cache), accessing the SSH keys in the user
branch is fast.
To identify SSH keys in the REST API Gerrit uses
link:rest-api-accounts.html#ssh-key-id[sequence numbers per account].
This is why the order of the keys in the `authorized_keys` file is
used to determines the sequence numbers of the keys (the sequence
numbers start at 1).
To keep the sequence numbers intact when a key is deleted, a
'# DELETED' line is inserted at the position where the key was deleted.
Invalid keys are marked with the prefix '# INVALID'.
[[external-ids]]
== External IDs
External IDs are used to link external identities, such as an LDAP
account or an OAUTH identity, to an account in Gerrit.
External IDs are stored as Git Notes in the `All-Users` repository. The
name of the notes branch is `refs/meta/external-ids`.
As note key the SHA1 of the external ID key is used. This ensures that
an external ID is used only once (e.g. an external ID can never be
assigned to multiple accounts at a point in time).
The note content is a Git config file:
----
[externalId "username:jdoe"]
accountId = 1003407
email = jdoe@example.com
password = bcrypt:4:LCbmSBDivK/hhGVQMfkDpA==:XcWn0pKYSVU/UJgOvhidkEtmqCp6oKB7
----
The config file has one `externalId` section. The external ID key which
consists of scheme and ID in the format '<scheme>:<id>' is used as
subsection name.
The `accountId` field is mandatory, the `email` and `password` fields
are optional.
The external IDs are maintained by Gerrit, this means users are not
allowed to manually edit their external IDs. Only users with the
link:access-control.html#capability_accessDatabase[Access Database] can
push updates to the `refs/meta/external-ids` branch. However Gerrit
rejects pushes if:
* any external ID config file cannot be parsed
* if a note key does not match the SHA of the external ID key in the
note content
* external IDs for non-existing accounts are contained
* invalid emails are contained
* any email is not unique (the same email is assigned to multiple
accounts)
* hashed passwords of external IDs with scheme `username` cannot be
decoded
[[starred-changes]]
== Starred Changes
link:dev-stars.html[Starred changes] allow users to mark changes as
favorites and receive email notifications for them.
Each starred change is a tuple of an account ID, a change ID and a
label.
To keep track of a change that is starred by an account, Gerrit creates
a `refs/starred-changes/YY/XXXX/ZZZZZZZ` ref in the `All-Users`
repository, where `YY/XXXX` is the sharded numeric change ID and
`ZZZZZZZ` is the account ID.
A starred-changes ref points to a blob that contains the list of labels
that the account set on the change. The label list is stored as UTF-8
text with one label per line.
Since JGit has explicit optimizations for looking up refs by prefix
when the prefix ends with '/', this ref format is optimized to find
starred changes by change ID. Finding starred changes by change ID is
e.g. needed when a change is updated so that all users that have
the link:dev-stars.html#default-star[default star] on the change can be
notified by email.
Gerrit also needs an efficient way to find all changes that were
starred by an account, e.g. to provide results for the
link:user-search.html#is-starred[is:starred] query operator. With the
ref format as described above the lookup of starred changes by account
ID is expensive, as this requires a scan of the full
`refs/starred-changes/*` namespace. To overcome this the users that
have starred a change are stored in the change index together with the
star labels.
[[reviewed-flags]]
== Reviewed Flags
When reviewing a patch set in the Gerrit UI, the reviewer can mark
files in the patch set as reviewed. These markers are called Reviewed
Flags and are private to the user. A reviewed flag is a tuple of patch
set ID, file and account ID.
Each user can have many thousands of reviewed flags and over time the
number can grow without bounds.
The high amount of reviewed flags makes a storage in Git unsuitable
because each update requires opening the repository and committing a
change, which is a high overhead for flipping a bit. Therefore the
reviewed flags are stored in a database table. By default they are
stored in a local H2 database, but there is an extension point that
allows to plug in alternate implementations for storing the reviewed
flags. To replace the storage for reviewed flags a plugin needs to
implement the link:dev-plugins.html#account-patch-review-store[
AccountPatchReviewStore] interface. E.g. to support a multi-master
setup where reviewed flags should be replicated between the master
nodes one could implement a store for the reviewed flags that is
based on MySQL with replication.
[[account-sequence]]
== Account Sequence
The next available account sequence number is stored as UTF-8 text in a
blob pointed to by the `refs/sequences/accounts` ref in the `All-Users`
repository.
Multiple processes share the same sequence by incrementing the counter
using normal git ref updates. To amortize the cost of these ref
updates, processes increment the counter by a larger number and hand
out numbers from that range in memory until they run out. The size of
the account ID batch that each process retrieves at once is controlled
by the link:config-gerrit.html#notedb.accounts.sequenceBatchSize[
notedb.accounts.sequenceBatchSize] parameter in the `gerrit.config`
file.
GERRIT
------
Part of link:index.html[Gerrit Code Review]
SEARCHBOX
---------

4
Documentation/config-gerrit.txt
View File

@ -3326,8 +3326,8 @@ see the link:note-db.html[documentation].
[[notedb.accounts.sequenceBatchSize]]notedb.accounts.sequenceBatchSize::
+
The current account sequence number is stored as UTF-8 text in a blob
pointed to by the `refs/sequences/accounts` ref in the `All-Users`
The next available account sequence number is stored as UTF-8 text in a
blob pointed to by the `refs/sequences/accounts` ref in the `All-Users`
repository. Multiple processes share the same sequence by incrementing
the counter using normal git ref updates. To amortize the cost of these
ref updates, processes increment the counter by a larger number and

22
Documentation/config-sso.txt
View File

@ -50,8 +50,8 @@ To trust only Yahoo!:
=== Database Schema
User identities obtained from OpenID providers are stored into the
`account_external_ids` table.
User identities obtained from OpenID providers are stored as
link:config-accounts.html#external-ids[external IDs].
=== Multiple Identities
@ -135,11 +135,10 @@ authentication at the proper time:
=== Database Schema
User identities are stored in the `account_external_ids` table.
The user string obtained from the authorization header has the prefix
"gerrit:" and is stored in the `external_id` field. For example,
if a username was "foo" then the external_id field would be populated
with "gerrit:foo".
User identities are stored as
link:config-accounts.html#external-ids[external IDs] with "gerrit" as
scheme. The user string obtained from the authorization header is
stored as ID of the external ID.
== Computer Associates Siteminder
@ -193,11 +192,10 @@ Add the following to `$JETTY_HOME/etc/jetty.xml` under
=== Database Schema
User identities are stored in the `account_external_ids` table.
The user string obtained from Siteminder (e.g. the value in the
"SM_USER" HTTP header) has the prefix "gerrit:" and is stored in the
`external_id` field. For example, if a Siteminder username was "foo"
then the external_id field would be populated with "gerrit:foo".
User identities are stored as
link:config-accounts.html#external-ids[external IDs] with "gerrit" as
scheme. The user string obtained from Siteminder (e.g. the value in the
"SM_USER" HTTP header) is stored as ID in the external ID.
GERRIT
------

1
Documentation/index.txt
View File

@ -67,6 +67,7 @@
. link:config-auto-site-initialization.html[Automatic Site Initialization on Startup]
. link:pgm-index.html[Server Side Administrative Tools]
. link:note-db.html[NoteDb]
. link:config-accounts.html[Accounts]
== Developer
. Getting Started

6
Documentation/note-db.txt
View File

@ -26,9 +26,9 @@ same repository as code changes.
- Storing change metadata is fully implemented in the 2.15 release. Admins may
use an link:#offline-migration[offline] or link:#online-migration[online] tool
to migrate change data from ReviewDb.
- Storing account data is fully implemented in the 2.15 release. Account data is
migrated automatically during the upgrade process by running `gerrit.war
init`.
- Storing link:config-accounts.html[account data] is fully implemented in the
2.15 release. Account data is migrated automatically during the upgrade
process by running `gerrit.war init`.
- Account and change metadata on the servers behind `googlesource.com` is fully
migrated to NoteDb. In other words, if you use
link:https://gerrit-review.googlesource.com/[gerrit-review], you're already

1
gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/AccountCreator.java
View File

@ -116,7 +116,6 @@ public class AccountCreator {
accountsUpdate
.create()
.insert(
db,
id,
a -> {
a.setFullName(fullName);

434
gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/api/accounts/AccountIT.java
View File

@ -45,7 +45,6 @@ import com.google.common.io.BaseEncoding;
import com.google.common.util.concurrent.AtomicLongMap;
import com.google.gerrit.acceptance.AbstractDaemonTest;
import com.google.gerrit.acceptance.AccountCreator;
import com.google.gerrit.acceptance.GerritConfig;
import com.google.gerrit.acceptance.PushOneCommit;
import com.google.gerrit.acceptance.Sandboxed;
import com.google.gerrit.acceptance.TestAccount;
@ -78,6 +77,7 @@ import com.google.gerrit.gpg.Fingerprint;
import com.google.gerrit.gpg.PublicKeyStore;
import com.google.gerrit.gpg.testutil.TestKey;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.RefNames;
import com.google.gerrit.server.Sequences;
import com.google.gerrit.server.account.AccountConfig;
@ -89,7 +89,6 @@ import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.account.externalids.ExternalIds;
import com.google.gerrit.server.account.externalids.ExternalIdsUpdate;
import com.google.gerrit.server.config.AllUsersName;
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.gerrit.server.notedb.rebuild.ChangeRebuilderImpl;
import com.google.gerrit.server.project.RefPattern;
@ -257,32 +256,11 @@ public class AccountIT extends AbstractDaemonTest {
Account.Id nonExistingAccountId = new Account.Id(999999);
AtomicBoolean consumerCalled = new AtomicBoolean();
Account account =
accountsUpdate.create().update(db, nonExistingAccountId, a -> consumerCalled.set(true));
accountsUpdate.create().update(nonExistingAccountId, a -> consumerCalled.set(true));
assertThat(account).isNull();
assertThat(consumerCalled.get()).isFalse();
}
@Test
public void updateAccountThatIsMissingInNoteDb() throws Exception {
String name = "bar";
TestAccount bar = accountCreator.create(name);
assertUserBranch(bar.getId(), name, null);
// delete user branch
try (Repository repo = repoManager.openRepository(allUsers)) {
AccountsUpdate.deleteUserBranch(
repo, allUsers, GitReferenceUpdated.DISABLED, null, serverIdent.get(), bar.getId());
assertThat(repo.exactRef(RefNames.refsUsers(bar.getId()))).isNull();
}
String status = "OOO";
Account account = accountsUpdate.create().update(db, bar.getId(), a -> a.setStatus(status));
assertThat(account).isNotNull();
assertThat(account.getFullName()).isEqualTo(name);
assertThat(account.getStatus()).isEqualTo(status);
assertUserBranch(bar.getId(), name, status);
}
@Test
public void updateAccountWithoutAccountConfigNoteDb() throws Exception {
TestAccount anonymousCoward = accountCreator.create();
@ -290,7 +268,7 @@ public class AccountIT extends AbstractDaemonTest {
String status = "OOO";
Account account =
accountsUpdate.create().update(db, anonymousCoward.getId(), a -> a.setStatus(status));
accountsUpdate.create().update(anonymousCoward.getId(), a -> a.setStatus(status));
assertThat(account).isNotNull();
assertThat(account.getFullName()).isNull();
assertThat(account.getStatus()).isEqualTo(status);
@ -713,7 +691,7 @@ public class AccountIT extends AbstractDaemonTest {
String prefix = "foo.preferred";
String prefEmail = prefix + "@example.com";
TestAccount foo = accountCreator.create(name("foo"));
accountsUpdate.create().update(db, foo.id, a -> a.setPreferredEmail(prefEmail));
accountsUpdate.create().update(foo.id, a -> a.setPreferredEmail(prefEmail));
// verify that the account is still found when using the preferred email to lookup the account
ImmutableSet<Account.Id> accountsByPrefEmail = emails.getAccountFor(prefEmail);
@ -835,14 +813,14 @@ public class AccountIT extends AbstractDaemonTest {
}
@Test
public void pushAccountConfigToUserBranchForReviewIsRejectedOnSubmit() throws Exception {
String userRefName = RefNames.refsUsers(admin.id);
public void pushAccountConfigToUserBranchForReviewAndSubmit() throws Exception {
String userRef = RefNames.refsUsers(admin.id);
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
fetch(allUsersRepo, userRefName + ":userRef");
fetch(allUsersRepo, userRef + ":userRef");
allUsersRepo.reset("userRef");
Config ac = getAccountConfig(allUsersRepo);
ac.setString(AccountConfig.ACCOUNT, null, AccountConfig.KEY_STATUS, "OOO");
ac.setString(AccountConfig.ACCOUNT, null, AccountConfig.KEY_STATUS, "out-of-office");
PushOneCommit.Result r =
pushFactory
@ -853,17 +831,203 @@ public class AccountIT extends AbstractDaemonTest {
"Update account config",
AccountConfig.ACCOUNT_CONFIG,
ac.toText())
.to(MagicBranch.NEW_CHANGE + userRefName);
.to(MagicBranch.NEW_CHANGE + userRef);
r.assertOkStatus();
accountIndexedCounter.assertNoReindex();
assertThat(r.getChange().change().getDest().get()).isEqualTo(userRefName);
assertThat(r.getChange().change().getDest().get()).isEqualTo(userRef);
gApi.changes().id(r.getChangeId()).current().review(ReviewInput.approve());
gApi.changes().id(r.getChangeId()).current().submit();
accountIndexedCounter.assertReindexOf(admin);
AccountInfo info = gApi.accounts().self().get();
assertThat(info.email).isEqualTo(admin.email);
assertThat(info.name).isEqualTo(admin.fullName);
assertThat(info.status).isEqualTo("out-of-office");
}
@Test
public void pushAccountConfigWithPrefEmailThatDoesNotExistAsExtIdToUserBranchForReviewAndSubmit()
throws Exception {
TestAccount foo = accountCreator.create(name("foo"));
String userRef = RefNames.refsUsers(foo.id);
accountIndexedCounter.clear();
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
fetch(allUsersRepo, userRef + ":userRef");
allUsersRepo.reset("userRef");
String email = "some.email@example.com";
Config ac = getAccountConfig(allUsersRepo);
ac.setString(AccountConfig.ACCOUNT, null, AccountConfig.KEY_PREFERRED_EMAIL, email);
PushOneCommit.Result r =
pushFactory
.create(
db,
admin.getIdent(),
allUsersRepo,
"Update account config",
AccountConfig.ACCOUNT_CONFIG,
ac.toText())
.to(MagicBranch.NEW_CHANGE + userRef);
r.assertOkStatus();
accountIndexedCounter.assertNoReindex();
assertThat(r.getChange().change().getDest().get()).isEqualTo(userRef);
setApiUser(foo);
gApi.changes().id(r.getChangeId()).current().review(ReviewInput.approve());
gApi.changes().id(r.getChangeId()).current().submit();
accountIndexedCounter.assertReindexOf(foo);
AccountInfo info = gApi.accounts().self().get();
assertThat(info.email).isEqualTo(email);
assertThat(info.name).isEqualTo(foo.fullName);
}
@Test
public void pushAccountConfigToUserBranchForReviewIsRejectedOnSubmitIfConfigIsInvalid()
throws Exception {
String userRef = RefNames.refsUsers(admin.id);
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
fetch(allUsersRepo, userRef + ":userRef");
allUsersRepo.reset("userRef");
PushOneCommit.Result r =
pushFactory
.create(
db,
admin.getIdent(),
allUsersRepo,
"Update account config",
AccountConfig.ACCOUNT_CONFIG,
"invalid config")
.to(MagicBranch.NEW_CHANGE + userRef);
r.assertOkStatus();
accountIndexedCounter.assertNoReindex();
assertThat(r.getChange().change().getDest().get()).isEqualTo(userRef);
gApi.changes().id(r.getChangeId()).current().review(ReviewInput.approve());
exception.expect(ResourceConflictException.class);
exception.expectMessage(
String.format("update of %s not allowed", AccountConfig.ACCOUNT_CONFIG));
String.format(
"invalid account configuration: commit '%s' has an invalid '%s' file for account '%s':"
+ " Invalid config file %s in commit %s",
r.getCommit().name(),
AccountConfig.ACCOUNT_CONFIG,
admin.id,
AccountConfig.ACCOUNT_CONFIG,
r.getCommit().name()));
gApi.changes().id(r.getChangeId()).current().submit();
}
@Test
public void pushAccountConfigToUserBranchForReviewIsRejectedOnSubmitIfPreferredEmailIsInvalid()
throws Exception {
String userRef = RefNames.refsUsers(admin.id);
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
fetch(allUsersRepo, userRef + ":userRef");
allUsersRepo.reset("userRef");
String noEmail = "no.email";
Config ac = getAccountConfig(allUsersRepo);
ac.setString(AccountConfig.ACCOUNT, null, AccountConfig.KEY_PREFERRED_EMAIL, noEmail);
PushOneCommit.Result r =
pushFactory
.create(
db,
admin.getIdent(),
allUsersRepo,
"Update account config",
AccountConfig.ACCOUNT_CONFIG,
ac.toText())
.to(MagicBranch.NEW_CHANGE + userRef);
r.assertOkStatus();
accountIndexedCounter.assertNoReindex();
assertThat(r.getChange().change().getDest().get()).isEqualTo(userRef);
gApi.changes().id(r.getChangeId()).current().review(ReviewInput.approve());
exception.expect(ResourceConflictException.class);
exception.expectMessage(
String.format(
"invalid account configuration: invalid preferred email '%s' for account '%s'",
noEmail, admin.id));
gApi.changes().id(r.getChangeId()).current().submit();
}
@Test
public void pushAccountConfigToUserBranchForReviewIsRejectedOnSubmitIfOwnAccountIsDeactivated()
throws Exception {
String userRef = RefNames.refsUsers(admin.id);
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
fetch(allUsersRepo, userRef + ":userRef");
allUsersRepo.reset("userRef");
Config ac = getAccountConfig(allUsersRepo);
ac.setBoolean(AccountConfig.ACCOUNT, null, AccountConfig.KEY_ACTIVE, false);
PushOneCommit.Result r =
pushFactory
.create(
db,
admin.getIdent(),
allUsersRepo,
"Update account config",
AccountConfig.ACCOUNT_CONFIG,
ac.toText())
.to(MagicBranch.NEW_CHANGE + userRef);
r.assertOkStatus();
accountIndexedCounter.assertNoReindex();
assertThat(r.getChange().change().getDest().get()).isEqualTo(userRef);
gApi.changes().id(r.getChangeId()).current().review(ReviewInput.approve());
exception.expect(ResourceConflictException.class);
exception.expectMessage("invalid account configuration: cannot deactivate own account");
gApi.changes().id(r.getChangeId()).current().submit();
}
@Test
public void pushAccountConfigToUserBranchForReviewDeactivateOtherAccount() throws Exception {
TestAccount foo = accountCreator.create(name("foo"));
assertThat(gApi.accounts().id(foo.id.get()).getActive()).isTrue();
String userRef = RefNames.refsUsers(foo.id);
accountIndexedCounter.clear();
AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Administrators"));
grant(allUsers, userRef, Permission.PUSH, false, adminGroup.getGroupUUID());
grantLabel("Code-Review", -2, 2, allUsers, userRef, false, adminGroup.getGroupUUID(), false);
grant(allUsers, userRef, Permission.SUBMIT, false, adminGroup.getGroupUUID());
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
fetch(allUsersRepo, userRef + ":userRef");
allUsersRepo.reset("userRef");
Config ac = getAccountConfig(allUsersRepo);
ac.setBoolean(AccountConfig.ACCOUNT, null, AccountConfig.KEY_ACTIVE, false);
PushOneCommit.Result r =
pushFactory
.create(
db,
admin.getIdent(),
allUsersRepo,
"Update account config",
AccountConfig.ACCOUNT_CONFIG,
ac.toText())
.to(MagicBranch.NEW_CHANGE + userRef);
r.assertOkStatus();
accountIndexedCounter.assertNoReindex();
assertThat(r.getChange().change().getDest().get()).isEqualTo(userRef);
gApi.changes().id(r.getChangeId()).current().review(ReviewInput.approve());
gApi.changes().id(r.getChangeId()).current().submit();
accountIndexedCounter.assertReindexOf(foo);
assertThat(gApi.accounts().id(foo.id.get()).getActive()).isFalse();
}
@Test
public void pushWatchConfigToUserBranch() throws Exception {
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
@ -906,13 +1070,70 @@ public class AccountIT extends AbstractDaemonTest {
}
@Test
public void pushAccountConfigToUserBranchIsRejected() throws Exception {
public void pushAccountConfigToUserBranch() throws Exception {
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
fetch(allUsersRepo, RefNames.refsUsers(admin.id) + ":userRef");
allUsersRepo.reset("userRef");
Config ac = getAccountConfig(allUsersRepo);
ac.setString(AccountConfig.ACCOUNT, null, AccountConfig.KEY_STATUS, "OOO");
ac.setString(AccountConfig.ACCOUNT, null, AccountConfig.KEY_STATUS, "out-of-office");
pushFactory
.create(
db,
admin.getIdent(),
allUsersRepo,
"Update account config",
AccountConfig.ACCOUNT_CONFIG,
ac.toText())
.to(RefNames.REFS_USERS_SELF)
.assertOkStatus();
accountIndexedCounter.assertReindexOf(admin);
AccountInfo info = gApi.accounts().self().get();
assertThat(info.email).isEqualTo(admin.email);
assertThat(info.name).isEqualTo(admin.fullName);
assertThat(info.status).isEqualTo("out-of-office");
}
@Test
public void pushAccountConfigToUserBranchIsRejectedIfConfigIsInvalid() throws Exception {
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
fetch(allUsersRepo, RefNames.refsUsers(admin.id) + ":userRef");
allUsersRepo.reset("userRef");
PushOneCommit.Result r =
pushFactory
.create(
db,
admin.getIdent(),
allUsersRepo,
"Update account config",
AccountConfig.ACCOUNT_CONFIG,
"invalid config")
.to(RefNames.REFS_USERS_SELF);
r.assertErrorStatus("invalid account configuration");
r.assertMessage(
String.format(
"commit '%s' has an invalid '%s' file for account '%s':"
+ " Invalid config file %s in commit %s",
r.getCommit().name(),
AccountConfig.ACCOUNT_CONFIG,
admin.id,
AccountConfig.ACCOUNT_CONFIG,
r.getCommit().name()));
accountIndexedCounter.assertNoReindex();
}
@Test
public void pushAccountConfigToUserBranchIsRejectedIfPreferredEmailIsInvalid() throws Exception {
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
fetch(allUsersRepo, RefNames.refsUsers(admin.id) + ":userRef");
allUsersRepo.reset("userRef");
String noEmail = "no.email";
Config ac = getAccountConfig(allUsersRepo);
ac.setString(AccountConfig.ACCOUNT, null, AccountConfig.KEY_PREFERRED_EMAIL, noEmail);
PushOneCommit.Result r =
pushFactory
@ -924,7 +1145,138 @@ public class AccountIT extends AbstractDaemonTest {
AccountConfig.ACCOUNT_CONFIG,
ac.toText())
.to(RefNames.REFS_USERS_SELF);
r.assertErrorStatus("account update not allowed");
r.assertErrorStatus("invalid account configuration");
r.assertMessage(
String.format("invalid preferred email '%s' for account '%s'", noEmail, admin.id));
accountIndexedCounter.assertNoReindex();
}
@Test
public void pushAccountConfigToUserBranchInvalidPreferredEmailButNotChanged() throws Exception {
TestAccount foo = accountCreator.create(name("foo"));
String userRef = RefNames.refsUsers(foo.id);
String noEmail = "no.email";
accountsUpdate.create().update(foo.id, a -> a.setPreferredEmail(noEmail));
accountIndexedCounter.clear();
AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Administrators"));
grant(allUsers, userRef, Permission.PUSH, false, adminGroup.getGroupUUID());
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
fetch(allUsersRepo, userRef + ":userRef");
allUsersRepo.reset("userRef");
String status = "in vacation";
Config ac = getAccountConfig(allUsersRepo);
ac.setString(AccountConfig.ACCOUNT, null, AccountConfig.KEY_STATUS, status);
pushFactory
.create(
db,
admin.getIdent(),
allUsersRepo,
"Update account config",
AccountConfig.ACCOUNT_CONFIG,
ac.toText())
.to(userRef)
.assertOkStatus();
accountIndexedCounter.assertReindexOf(foo);
AccountInfo info = gApi.accounts().id(foo.id.get()).get();
assertThat(info.email).isEqualTo(noEmail);
assertThat(info.name).isEqualTo(foo.fullName);
assertThat(info.status).isEqualTo(status);
}
@Test
public void pushAccountConfigToUserBranchIfPreferredEmailDoesNotExistAsExtId() throws Exception {
TestAccount foo = accountCreator.create(name("foo"));
String userRef = RefNames.refsUsers(foo.id);
accountIndexedCounter.clear();
AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Administrators"));
grant(allUsers, userRef, Permission.PUSH, false, adminGroup.getGroupUUID());
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
fetch(allUsersRepo, userRef + ":userRef");
allUsersRepo.reset("userRef");
String email = "some.email@example.com";
Config ac = getAccountConfig(allUsersRepo);
ac.setString(AccountConfig.ACCOUNT, null, AccountConfig.KEY_PREFERRED_EMAIL, email);
pushFactory
.create(
db,
admin.getIdent(),
allUsersRepo,
"Update account config",
AccountConfig.ACCOUNT_CONFIG,
ac.toText())
.to(userRef)
.assertOkStatus();
accountIndexedCounter.assertReindexOf(foo);
AccountInfo info = gApi.accounts().id(foo.id.get()).get();
assertThat(info.email).isEqualTo(email);
assertThat(info.name).isEqualTo(foo.fullName);
}
@Test
public void pushAccountConfigToUserBranchIsRejectedIfOwnAccountIsDeactivated() throws Exception {
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
fetch(allUsersRepo, RefNames.refsUsers(admin.id) + ":userRef");
allUsersRepo.reset("userRef");
Config ac = getAccountConfig(allUsersRepo);
ac.setBoolean(AccountConfig.ACCOUNT, null, AccountConfig.KEY_ACTIVE, false);
PushOneCommit.Result r =
pushFactory
.create(
db,
admin.getIdent(),
allUsersRepo,
"Update account config",
AccountConfig.ACCOUNT_CONFIG,
ac.toText())
.to(RefNames.REFS_USERS_SELF);
r.assertErrorStatus("invalid account configuration");
r.assertMessage("cannot deactivate own account");
accountIndexedCounter.assertNoReindex();
}
@Test
public void pushAccountConfigToUserBranchDeactivateOtherAccount() throws Exception {
TestAccount foo = accountCreator.create(name("foo"));
assertThat(gApi.accounts().id(foo.id.get()).getActive()).isTrue();
String userRef = RefNames.refsUsers(foo.id);
accountIndexedCounter.clear();
AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Administrators"));
grant(allUsers, userRef, Permission.PUSH, false, adminGroup.getGroupUUID());
TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
fetch(allUsersRepo, userRef + ":userRef");
allUsersRepo.reset("userRef");
Config ac = getAccountConfig(allUsersRepo);
ac.setBoolean(AccountConfig.ACCOUNT, null, AccountConfig.KEY_ACTIVE, false);
pushFactory
.create(
db,
admin.getIdent(),
allUsersRepo,
"Update account config",
AccountConfig.ACCOUNT_CONFIG,
ac.toText())
.to(userRef)
.assertOkStatus();
accountIndexedCounter.assertReindexOf(foo);
assertThat(gApi.accounts().id(foo.id.get()).getActive()).isFalse();
}
@Test
@ -1024,7 +1376,6 @@ public class AccountIT extends AbstractDaemonTest {
@Test
@Sandboxed
@GerritConfig(name = "user.readAccountsFromGit", value = "true")
public void deleteUserBranchWithAccessDatabaseCapability() throws Exception {
allowGlobalCapabilities(REGISTERED_USERS, GlobalCapability.ACCESS_DATABASE);
grant(
@ -1282,25 +1633,24 @@ public class AccountIT extends AbstractDaemonTest {
}
@Test
@GerritConfig(name = "user.readAccountsFromGit", value = "true")
public void checkMetaId() throws Exception {
// metaId is set when account is loaded
assertThat(accounts.get(db, admin.getId()).getMetaId()).isEqualTo(getMetaId(admin.getId()));
assertThat(accounts.get(admin.getId()).getMetaId()).isEqualTo(getMetaId(admin.getId()));
// metaId is set when account is created
AccountsUpdate au = accountsUpdate.create();
Account.Id accountId = new Account.Id(seq.nextAccountId());
Account account = au.insert(db, accountId, a -> {});
Account account = au.insert(accountId, a -> {});
assertThat(account.getMetaId()).isEqualTo(getMetaId(accountId));
// metaId is set when account is updated
Account updatedAccount = au.update(db, accountId, a -> a.setFullName("foo"));
Account updatedAccount = au.update(accountId, a -> a.setFullName("foo"));
assertThat(account.getMetaId()).isNotEqualTo(updatedAccount.getMetaId());
assertThat(updatedAccount.getMetaId()).isEqualTo(getMetaId(accountId));
// metaId is set when account is replaced
Account newAccount = new Account(accountId, TimeUtil.nowTs());
au.replace(db, newAccount);
au.replace(newAccount);
assertThat(updatedAccount.getMetaId()).isNotEqualTo(newAccount.getMetaId());
assertThat(newAccount.getMetaId()).isEqualTo(getMetaId(accountId));
}

2
gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/server/change/ConsistencyCheckerIT.java
View File

@ -126,7 +126,7 @@ public class ConsistencyCheckerIT extends AbstractDaemonTest {
public void missingOwner() throws Exception {
TestAccount owner = accountCreator.create("missing");
ChangeControl ctl = insertChange(owner);
accountsUpdate.create().deleteByKey(db, owner.getId());
accountsUpdate.create().deleteByKey(owner.getId());
assertProblems(ctl, null, problem("Missing change owner: " + owner.getId()));
}

2
gerrit-gpg/src/test/java/com/google/gerrit/gpg/GerritPublicKeyCheckerTest.java
View File

@ -116,7 +116,7 @@ public class GerritPublicKeyCheckerTest {
schemaCreator.create(db);
userId = accountManager.authenticate(AuthRequest.forUser("user")).getAccountId();
// Note: does not match any key in TestKeys.
accountsUpdate.create().update(db, userId, a -> a.setPreferredEmail("user@example.com"));
accountsUpdate.create().update(userId, a -> a.setPreferredEmail("user@example.com"));
user = reloadUser();
requestContext.setContext(

6
gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/become/BecomeAnyAccountLoginServlet.java
View File

@ -239,9 +239,9 @@ class BecomeAnyAccountLoginServlet extends HttpServlet {
} catch (NumberFormatException nfe) {
return null;
}
try (ReviewDb db = schema.open()) {
return auth(accounts.get(db, id));
} catch (OrmException | IOException | ConfigInvalidException e) {
try {
return auth(accounts.get(id));
} catch (IOException | ConfigInvalidException e) {
getServletContext().log("cannot query database", e);
return null;
}

7
gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/AccountsOnInit.java
View File

@ -17,17 +17,14 @@ package com.google.gerrit.pgm.init;
import static com.google.common.base.Preconditions.checkArgument;
import static java.nio.charset.StandardCharsets.UTF_8;
import com.google.common.collect.ImmutableSet;
import com.google.gerrit.pgm.init.api.AllUsersNameOnInitProvider;
import com.google.gerrit.pgm.init.api.InitFlags;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.RefNames;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.GerritPersonIdentProvider;
import com.google.gerrit.server.account.AccountConfig;
import com.google.gerrit.server.account.Accounts;
import com.google.gerrit.server.config.SitePaths;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import java.io.File;
import java.io.IOException;
@ -62,9 +59,7 @@ public class AccountsOnInit {
this.allUsers = allUsers.get();
}
public void insert(ReviewDb db, Account account) throws OrmException, IOException {
db.accounts().insert(ImmutableSet.of(account));
public void insert(Account account) throws IOException {
File path = getPath();
if (path != null) {
try (Repository repo = new FileRepository(path);

2
gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAdminUser.java
View File

@ -119,7 +119,7 @@ public class InitAdminUser implements InitStep {
Account a = new Account(id, TimeUtil.nowTs());
a.setFullName(name);
a.setPreferredEmail(email);
accounts.insert(db, a);
accounts.insert(a);
AccountGroup adminGroup =
groupsOnInit.getExistingGroup(db, new AccountGroup.NameKey("Administrators"));

2
gerrit-server/src/main/java/com/google/gerrit/server/account/AccountCacheImpl.java
View File

@ -208,7 +208,7 @@ public class AccountCacheImpl implements AccountCache {
private Optional<AccountState> load(ReviewDb db, Account.Id who)
throws OrmException, IOException, ConfigInvalidException {
Account account = accounts.get(db, who);
Account account = accounts.get(who);
if (account == null) {
return Optional.empty();
}

125
gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java
View File

@ -144,7 +144,7 @@ public class AccountManager {
}
// return the identity to the caller.
update(db, who, id);
update(who, id);
return new AuthResult(id.accountId(), who.getExternalIdKey(), false);
}
} catch (OrmException | ConfigInvalidException e) {
@ -152,7 +152,7 @@ public class AccountManager {
}
}
private void update(ReviewDb db, AuthRequest who, ExternalId extId)
private void update(AuthRequest who, ExternalId extId)
throws OrmException, IOException, ConfigInvalidException {
IdentifiedUser user = userFactory.create(extId.accountId());
List<Consumer<Account>> accountUpdates = new ArrayList<>();
@ -188,8 +188,7 @@ public class AccountManager {
}
if (!accountUpdates.isEmpty()) {
Account account =
accountsUpdateFactory.create().update(db, user.getAccountId(), accountUpdates);
Account account = accountsUpdateFactory.create().update(user.getAccountId(), accountUpdates);
if (account == null) {
throw new OrmException("Account " + user.getAccountId() + " has been deleted");
}
@ -214,7 +213,6 @@ public class AccountManager {
AccountsUpdate accountsUpdate = accountsUpdateFactory.create();
account =
accountsUpdate.insert(
db,
newId,
a -> {
a.setFullName(who.getDisplayName());
@ -224,7 +222,7 @@ public class AccountManager {
ExternalId existingExtId = externalIds.get(extId.key());
if (existingExtId != null && !existingExtId.accountId().equals(extId.accountId())) {
// external ID is assigned to another account, do not overwrite
accountsUpdate.delete(db, account);
accountsUpdate.delete(account);
throw new AccountException(
"Cannot assign external ID \""
+ extId.key().get()
@ -277,7 +275,7 @@ public class AccountManager {
+ "\" to account "
+ newId
+ "; name already in use.";
handleSettingUserNameFailure(db, account, extId, message, e, false);
handleSettingUserNameFailure(account, extId, message, e, false);
} catch (InvalidUserNameException e) {
String message =
"Cannot assign user name \""
@ -285,10 +283,10 @@ public class AccountManager {
+ "\" to account "
+ newId
+ "; name does not conform.";
handleSettingUserNameFailure(db, account, extId, message, e, false);
handleSettingUserNameFailure(account, extId, message, e, false);
} catch (OrmException e) {
String message = "Cannot assign user name";
handleSettingUserNameFailure(db, account, extId, message, e, true);
handleSettingUserNameFailure(account, extId, message, e, true);
}
}
@ -302,7 +300,6 @@ public class AccountManager {
* deletes the newly created account and throws an {@link AccountUserNameException}. In any case
* the error message is logged.
*
* @param db the database
* @param account the newly created account
* @param extId the newly created external id
* @param errorMessage the error message
@ -313,12 +310,7 @@ public class AccountManager {
* @throws OrmException thrown if cleaning the database failed
*/
private void handleSettingUserNameFailure(
ReviewDb db,
Account account,
ExternalId extId,
String errorMessage,
Exception e,
boolean logException)
Account account, ExternalId extId, String errorMessage, Exception e, boolean logException)
throws AccountUserNameException, OrmException, IOException, ConfigInvalidException {
if (logException) {
log.error(errorMessage, e);
@ -333,7 +325,7 @@ public class AccountManager {
// such an account cannot be used for uploading changes,
// this is why the best we can do here is to fail early and cleanup
// the database
accountsUpdateFactory.create().delete(db, account);
accountsUpdateFactory.create().delete(account);
externalIdsUpdateFactory.create().delete(extId);
throw new AccountUserNameException(errorMessage, e);
}
@ -350,34 +342,31 @@ public class AccountManager {
*/
public AuthResult link(Account.Id to, AuthRequest who)
throws AccountException, OrmException, IOException, ConfigInvalidException {
try (ReviewDb db = schema.open()) {
ExternalId extId = externalIds.get(who.getExternalIdKey());
if (extId != null) {
if (!extId.accountId().equals(to)) {
throw new AccountException("Identity in use by another account");
}
update(db, who, extId);
} else {
externalIdsUpdateFactory
.create()
.insert(ExternalId.createWithEmail(who.getExternalIdKey(), to, who.getEmailAddress()));
if (who.getEmailAddress() != null) {
accountsUpdateFactory
.create()
.update(
db,
to,
a -> {
if (a.getPreferredEmail() == null) {
a.setPreferredEmail(who.getEmailAddress());
}
});
}
ExternalId extId = externalIds.get(who.getExternalIdKey());
if (extId != null) {
if (!extId.accountId().equals(to)) {
throw new AccountException("Identity in use by another account");
}
update(who, extId);
} else {
externalIdsUpdateFactory
.create()
.insert(ExternalId.createWithEmail(who.getExternalIdKey(), to, who.getEmailAddress()));
return new AuthResult(to, who.getExternalIdKey(), false);
if (who.getEmailAddress() != null) {
accountsUpdateFactory
.create()
.update(
to,
a -> {
if (a.getPreferredEmail() == null) {
a.setPreferredEmail(who.getEmailAddress());
}
});
}
}
return new AuthResult(to, who.getExternalIdKey(), false);
}
/**
@ -437,40 +426,36 @@ public class AccountManager {
return;
}
try (ReviewDb db = schema.open()) {
List<ExternalId> extIds = new ArrayList<>(extIdKeys.size());
for (ExternalId.Key extIdKey : extIdKeys) {
ExternalId extId = externalIds.get(extIdKey);
if (extId != null) {
if (!extId.accountId().equals(from)) {
throw new AccountException(
"Identity '" + extIdKey.get() + "' in use by another account");
}
extIds.add(extId);
} else {
throw new AccountException("Identity '" + extIdKey.get() + "' not found");
List<ExternalId> extIds = new ArrayList<>(extIdKeys.size());
for (ExternalId.Key extIdKey : extIdKeys) {
ExternalId extId = externalIds.get(extIdKey);
if (extId != null) {
if (!extId.accountId().equals(from)) {
throw new AccountException("Identity '" + extIdKey.get() + "' in use by another account");
}
extIds.add(extId);
} else {
throw new AccountException("Identity '" + extIdKey.get() + "' not found");
}
}
externalIdsUpdateFactory.create().delete(extIds);
externalIdsUpdateFactory.create().delete(extIds);
if (extIds.stream().anyMatch(e -> e.email() != null)) {
accountsUpdateFactory
.create()
.update(
db,
from,
a -> {
if (a.getPreferredEmail() != null) {
for (ExternalId extId : extIds) {
if (a.getPreferredEmail().equals(extId.email())) {
a.setPreferredEmail(null);
break;
}
if (extIds.stream().anyMatch(e -> e.email() != null)) {
accountsUpdateFactory
.create()
.update(
from,
a -> {
if (a.getPreferredEmail() != null) {
for (ExternalId extId : extIds) {
if (a.getPreferredEmail().equals(extId.email())) {
a.setPreferredEmail(null);
break;
}
}
});
}
}
});
}
}
}

9
gerrit-server/src/main/java/com/google/gerrit/server/account/AccountResolver.java
View File

@ -98,7 +98,7 @@ public class AccountResolver {
Matcher m = Pattern.compile("^.* \\(([1-9][0-9]*)\\)$").matcher(nameOrEmail);
if (m.matches()) {
Account.Id id = Account.Id.parse(m.group(1));
if (exists(db, id)) {
if (accounts.get(id) != null) {
return Collections.singleton(id);
}
return Collections.emptySet();
@ -106,7 +106,7 @@ public class AccountResolver {
if (nameOrEmail.matches("^[1-9][0-9]*$")) {
Account.Id id = Account.Id.parse(nameOrEmail);
if (exists(db, id)) {
if (accounts.get(id) != null) {
return Collections.singleton(id);
}
return Collections.emptySet();
@ -122,11 +122,6 @@ public class AccountResolver {
return findAllByNameOrEmail(db, nameOrEmail);
}
private boolean exists(ReviewDb db, Account.Id id)
throws OrmException, IOException, ConfigInvalidException {
return accounts.get(db, id) != null;
}
/**
* Locate exactly one account matching the name or name/email string.
*

60
gerrit-server/src/main/java/com/google/gerrit/server/account/Accounts.java
View File

@ -20,12 +20,9 @@ import static java.util.stream.Collectors.toSet;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.RefNames;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.config.AllUsersName;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.mail.send.OutgoingEmailValidator;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.IOException;
@ -36,7 +33,6 @@ import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.lib.Config;
import org.eclipse.jgit.lib.Repository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -46,47 +42,35 @@ import org.slf4j.LoggerFactory;
public class Accounts {
private static final Logger log = LoggerFactory.getLogger(Accounts.class);
private final boolean readFromGit;
private final GitRepositoryManager repoManager;
private final AllUsersName allUsersName;
private final OutgoingEmailValidator emailValidator;
@Inject
Accounts(
@GerritServerConfig Config cfg,
GitRepositoryManager repoManager,
AllUsersName allUsersName,
OutgoingEmailValidator emailValidator) {
this.readFromGit = cfg.getBoolean("user", null, "readAccountsFromGit", true);
this.repoManager = repoManager;
this.allUsersName = allUsersName;
this.emailValidator = emailValidator;
}
public Account get(ReviewDb db, Account.Id accountId)
throws OrmException, IOException, ConfigInvalidException {
if (readFromGit) {
try (Repository repo = repoManager.openRepository(allUsersName)) {
return read(repo, accountId);
}
public Account get(Account.Id accountId) throws IOException, ConfigInvalidException {
try (Repository repo = repoManager.openRepository(allUsersName)) {
return read(repo, accountId);
}
return db.accounts().get(accountId);
}
public List<Account> get(ReviewDb db, Collection<Account.Id> accountIds)
throws OrmException, IOException, ConfigInvalidException {
if (readFromGit) {
List<Account> accounts = new ArrayList<>(accountIds.size());
try (Repository repo = repoManager.openRepository(allUsersName)) {
for (Account.Id accountId : accountIds) {
accounts.add(read(repo, accountId));
}
public List<Account> get(Collection<Account.Id> accountIds)
throws IOException, ConfigInvalidException {
List<Account> accounts = new ArrayList<>(accountIds.size());
try (Repository repo = repoManager.openRepository(allUsersName)) {
for (Account.Id accountId : accountIds) {
accounts.add(read(repo, accountId));
}
return accounts;
}
return db.accounts().get(accountIds).toList();
return accounts;
}
/**
@ -94,23 +78,19 @@ public class Accounts {
*
* @return all accounts
*/
public List<Account> all(ReviewDb db) throws OrmException, IOException {
if (readFromGit) {
Set<Account.Id> accountIds = allIds();
List<Account> accounts = new ArrayList<>(accountIds.size());
try (Repository repo = repoManager.openRepository(allUsersName)) {
for (Account.Id accountId : accountIds) {
try {
accounts.add(read(repo, accountId));
} catch (Exception e) {
log.error(String.format("Ignoring invalid account %s", accountId.get()), e);
}
public List<Account> all() throws IOException {
Set<Account.Id> accountIds = allIds();
List<Account> accounts = new ArrayList<>(accountIds.size());
try (Repository repo = repoManager.openRepository(allUsersName)) {
for (Account.Id accountId : accountIds) {
try {
accounts.add(read(repo, accountId));
} catch (Exception e) {
log.error(String.format("Ignoring invalid account %s", accountId.get()), e);
}
}
return accounts;
}
return db.accounts().all().toList();
return accounts;
}
/**

12
gerrit-server/src/main/java/com/google/gerrit/server/account/AccountsConsistencyChecker.java
View File

@ -16,11 +16,8 @@ package com.google.gerrit.server.account;
import com.google.gerrit.extensions.api.config.ConsistencyCheckInfo.ConsistencyProblemInfo;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.account.externalids.ExternalIds;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.ArrayList;
@ -28,22 +25,19 @@ import java.util.List;
@Singleton
public class AccountsConsistencyChecker {
private final Provider<ReviewDb> dbProvider;
private final Accounts accounts;
private final ExternalIds externalIds;
@Inject
AccountsConsistencyChecker(
Provider<ReviewDb> dbProvider, Accounts accounts, ExternalIds externalIds) {
this.dbProvider = dbProvider;
AccountsConsistencyChecker(Accounts accounts, ExternalIds externalIds) {
this.accounts = accounts;
this.externalIds = externalIds;
}
public List<ConsistencyProblemInfo> check() throws OrmException, IOException {
public List<ConsistencyProblemInfo> check() throws IOException {
List<ConsistencyProblemInfo> problems = new ArrayList<>();
for (Account account : accounts.all(dbProvider.get())) {
for (Account account : accounts.all()) {
if (account.getPreferredEmail() != null) {
if (!externalIds
.byAccount(account.getId())

81
gerrit-server/src/main/java/com/google/gerrit/server/account/AccountsUpdate.java
View File

@ -17,12 +17,10 @@ package com.google.gerrit.server.account;
import static com.google.common.base.Preconditions.checkNotNull;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.client.RefNames;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.GerritPersonIdent;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllUsersName;
@ -32,7 +30,6 @@ import com.google.gerrit.server.git.MetaDataUpdate;
import com.google.gerrit.server.index.change.ReindexAfterRefUpdate;
import com.google.gerrit.server.mail.send.OutgoingEmailValidator;
import com.google.gwtorm.server.OrmDuplicateKeyException;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
@ -50,7 +47,7 @@ import org.eclipse.jgit.lib.Repository;
/**
* Updates accounts.
*
* <p>The account updates are written to both ReviewDb and NoteDb.
* <p>The account updates are written to NoteDb.
*
* <p>In NoteDb accounts are represented as user branches in the All-Users repository. Optionally a
* user branch can contain a 'account.config' file that stores account properties, such as full
@ -189,24 +186,19 @@ public class AccountsUpdate {
/**
* Inserts a new account.
*
* @param db ReviewDb
* @param accountId ID of the new account
* @param init consumer to populate the new account
* @return the newly created account
* @throws OrmException if updating the database fails
* @throws OrmDuplicateKeyException if the account already exists
* @throws IOException if updating the user branch fails
* @throws ConfigInvalidException if any of the account fields has an invalid value
*/
public Account insert(ReviewDb db, Account.Id accountId, Consumer<Account> init)
throws OrmException, IOException, ConfigInvalidException {
public Account insert(Account.Id accountId, Consumer<Account> init)
throws OrmDuplicateKeyException, IOException, ConfigInvalidException {
AccountConfig accountConfig = read(accountId);
Account account = accountConfig.getNewAccount();
init.accept(account);
// Create in ReviewDb
db.accounts().insert(ImmutableSet.of(account));
// Create in NoteDb
commitNew(accountConfig);
return account;
@ -217,17 +209,15 @@ public class AccountsUpdate {
*
* <p>Changing the registration date of an account is not supported.
*
* @param db ReviewDb
* @param accountId ID of the account
* @param consumer consumer to update the account, only invoked if the account exists
* @return the updated account, {@code null} if the account doesn't exist
* @throws OrmException if updating the database fails
* @throws IOException if updating the user branch fails
* @throws ConfigInvalidException if any of the account fields has an invalid value
*/
public Account update(ReviewDb db, Account.Id accountId, Consumer<Account> consumer)
throws OrmException, IOException, ConfigInvalidException {
return update(db, accountId, ImmutableList.of(consumer));
public Account update(Account.Id accountId, Consumer<Account> consumer)
throws IOException, ConfigInvalidException {
return update(accountId, ImmutableList.of(consumer));
}
/**
@ -235,44 +225,26 @@ public class AccountsUpdate {
*
* <p>Changing the registration date of an account is not supported.
*
* @param db ReviewDb
* @param accountId ID of the account
* @param consumers consumers to update the account, only invoked if the account exists
* @return the updated account, {@code null} if the account doesn't exist
* @throws OrmException if updating the database fails
* @throws IOException if updating the user branch fails
* @throws ConfigInvalidException if any of the account fields has an invalid value
*/
public Account update(ReviewDb db, Account.Id accountId, List<Consumer<Account>> consumers)
throws OrmException, IOException, ConfigInvalidException {
public Account update(Account.Id accountId, List<Consumer<Account>> consumers)
throws IOException, ConfigInvalidException {
if (consumers.isEmpty()) {
return null;
}
// Update in ReviewDb
Account reviewDbAccount =
db.accounts()
.atomicUpdate(
accountId,
a -> {
consumers.stream().forEach(c -> c.accept(a));
return a;
});
// Update in NoteDb
AccountConfig accountConfig = read(accountId);
Account account = accountConfig.getAccount();
if (account != null) {
consumers.stream().forEach(c -> c.accept(account));
commit(accountConfig);
return account;
} else if (reviewDbAccount != null) {
// user branch doesn't exist yet
accountConfig.setAccount(reviewDbAccount);
commitNew(accountConfig);
}
return reviewDbAccount;
return account;
}
/**
@ -281,25 +253,18 @@ public class AccountsUpdate {
* <p>The existing account with the same account ID is overwritten by the given account. Choosing
* to overwrite an account means that any updates that were done to the account by a racing
* request after the account was read are lost. Updates are also lost if the account was read from
* a stale account index. This is why using {@link #update(ReviewDb,
* com.google.gerrit.reviewdb.client.Account.Id, Consumer)} to do an atomic update is always
* preferred.
* a stale account index. This is why using {@link
* #update(com.google.gerrit.reviewdb.client.Account.Id, Consumer)} to do an atomic update is
* always preferred.
*
* <p>Changing the registration date of an account is not supported.
*
* @param db ReviewDb
* @param account the new account
* @throws OrmException if updating the database fails
* @throws IOException if updating the user branch fails
* @throws ConfigInvalidException if any of the account fields has an invalid value
* @see #update(ReviewDb, com.google.gerrit.reviewdb.client.Account.Id, Consumer)
* @see #update(com.google.gerrit.reviewdb.client.Account.Id, Consumer)
*/
public void replace(ReviewDb db, Account account)
throws OrmException, IOException, ConfigInvalidException {
// Update in ReviewDb
db.accounts().update(ImmutableSet.of(account));
// Update in NoteDb
public void replace(Account account) throws IOException, ConfigInvalidException {
AccountConfig accountConfig = read(account.getId());
accountConfig.setAccount(account);
commit(accountConfig);
@ -308,32 +273,20 @@ public class AccountsUpdate {
/**
* Deletes the account.
*
* @param db ReviewDb
* @param account the account that should be deleted
* @throws OrmException if updating the database fails
* @throws IOException if updating the user branch fails
*/
public void delete(ReviewDb db, Account account) throws OrmException, IOException {
// Delete in ReviewDb
db.accounts().delete(ImmutableSet.of(account));
// Delete in NoteDb
deleteUserBranch(account.getId());
public void delete(Account account) throws IOException {
deleteByKey(account.getId());
}
/**
* Deletes the account.
*
* @param db ReviewDb
* @param accountId the ID of the account that should be deleted
* @throws OrmException if updating the database fails
* @throws IOException if updating the user branch fails
*/
public void deleteByKey(ReviewDb db, Account.Id accountId) throws OrmException, IOException {
// Delete in ReviewDb
db.accounts().deleteKeys(ImmutableSet.of(accountId));
// Delete in NoteDb
public void deleteByKey(Account.Id accountId) throws IOException {
deleteUserBranch(accountId);
}

1
gerrit-server/src/main/java/com/google/gerrit/server/account/CreateAccount.java
View File

@ -174,7 +174,6 @@ public class CreateAccount implements RestModifyView<TopLevelResource, AccountIn
accountsUpdate
.create()
.insert(
db,
id,
a -> {
a.setFullName(input.name);

10
gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java
View File

@ -23,7 +23,6 @@ import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.PutName.Input;
@ -46,7 +45,6 @@ public class PutName implements RestModifyView<AccountResource, Input> {
private final Provider<CurrentUser> self;
private final Realm realm;
private final PermissionBackend permissionBackend;
private final Provider<ReviewDb> dbProvider;
private final AccountsUpdate.Server accountsUpdate;
@Inject
@ -54,12 +52,10 @@ public class PutName implements RestModifyView<AccountResource, Input> {
Provider<CurrentUser> self,
Realm realm,
PermissionBackend permissionBackend,
Provider<ReviewDb> dbProvider,
AccountsUpdate.Server accountsUpdate) {
this.self = self;
this.realm = realm;
this.permissionBackend = permissionBackend;
this.dbProvider = dbProvider;
this.accountsUpdate = accountsUpdate;
}
@ -74,7 +70,7 @@ public class PutName implements RestModifyView<AccountResource, Input> {
}
public Response<String> apply(IdentifiedUser user, Input input)
throws MethodNotAllowedException, ResourceNotFoundException, OrmException, IOException,
throws MethodNotAllowedException, ResourceNotFoundException, IOException,
ConfigInvalidException {
if (input == null) {
input = new Input();
@ -86,9 +82,7 @@ public class PutName implements RestModifyView<AccountResource, Input> {
String newName = input.name;
Account account =
accountsUpdate
.create()
.update(dbProvider.get(), user.getAccountId(), a -> a.setFullName(newName));
accountsUpdate.create().update(user.getAccountId(), a -> a.setFullName(newName));
if (account == null) {
throw new ResourceNotFoundException("account not found");
}

7
gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java
View File

@ -19,7 +19,6 @@ import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.PutPreferred.Input;
@ -39,18 +38,15 @@ public class PutPreferred implements RestModifyView<AccountResource.Email, Input
static class Input {}
private final Provider<CurrentUser> self;
private final Provider<ReviewDb> dbProvider;
private final PermissionBackend permissionBackend;
private final AccountsUpdate.Server accountsUpdate;
@Inject
PutPreferred(
Provider<CurrentUser> self,
Provider<ReviewDb> dbProvider,
PermissionBackend permissionBackend,
AccountsUpdate.Server accountsUpdate) {
this.self = self;
this.dbProvider = dbProvider;
this.permissionBackend = permissionBackend;
this.accountsUpdate = accountsUpdate;
}
@ -66,13 +62,12 @@ public class PutPreferred implements RestModifyView<AccountResource.Email, Input
}
public Response<String> apply(IdentifiedUser user, String email)
throws ResourceNotFoundException, OrmException, IOException, ConfigInvalidException {
throws ResourceNotFoundException, IOException, ConfigInvalidException {
AtomicBoolean alreadyPreferred = new AtomicBoolean(false);
Account account =
accountsUpdate
.create()
.update(
dbProvider.get(),
user.getAccountId(),
a -> {
if (email.equals(a.getPreferredEmail())) {

11
gerrit-server/src/main/java/com/google/gerrit/server/account/PutStatus.java
View File

@ -21,7 +21,6 @@ import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.PutStatus.Input;
@ -48,18 +47,15 @@ public class PutStatus implements RestModifyView<AccountResource, Input> {
}
private final Provider<CurrentUser> self;
private final Provider<ReviewDb> dbProvider;
private final PermissionBackend permissionBackend;
private final AccountsUpdate.Server accountsUpdate;
@Inject
PutStatus(
Provider<CurrentUser> self,
Provider<ReviewDb> dbProvider,
PermissionBackend permissionBackend,
AccountsUpdate.Server accountsUpdate) {
this.self = self;
this.dbProvider = dbProvider;
this.permissionBackend = permissionBackend;
this.accountsUpdate = accountsUpdate;
}
@ -75,7 +71,7 @@ public class PutStatus implements RestModifyView<AccountResource, Input> {
}
public Response<String> apply(IdentifiedUser user, Input input)
throws ResourceNotFoundException, OrmException, IOException, ConfigInvalidException {
throws ResourceNotFoundException, IOException, ConfigInvalidException {
if (input == null) {
input = new Input();
}
@ -84,10 +80,7 @@ public class PutStatus implements RestModifyView<AccountResource, Input> {
Account account =
accountsUpdate
.create()
.update(
dbProvider.get(),
user.getAccountId(),
a -> a.setStatus(Strings.nullToEmpty(newStatus)));
.update(user.getAccountId(), a -> a.setStatus(Strings.nullToEmpty(newStatus)));
if (account == null) {
throw new ResourceNotFoundException("account not found");
}

13
gerrit-server/src/main/java/com/google/gerrit/server/account/SetInactiveFlag.java
View File

@ -19,11 +19,8 @@ import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.concurrent.atomic.AtomicBoolean;
@ -32,23 +29,20 @@ import org.eclipse.jgit.errors.ConfigInvalidException;
@Singleton
public class SetInactiveFlag {
private final Provider<ReviewDb> dbProvider;
private final AccountsUpdate.Server accountsUpdate;
@Inject
SetInactiveFlag(Provider<ReviewDb> dbProvider, AccountsUpdate.Server accountsUpdate) {
this.dbProvider = dbProvider;
SetInactiveFlag(AccountsUpdate.Server accountsUpdate) {
this.accountsUpdate = accountsUpdate;
}
public Response<?> deactivate(IdentifiedUser user)
throws RestApiException, OrmException, IOException, ConfigInvalidException {
throws RestApiException, IOException, ConfigInvalidException {
AtomicBoolean alreadyInactive = new AtomicBoolean(false);
Account account =
accountsUpdate
.create()
.update(
dbProvider.get(),
user.getAccountId(),
a -> {
if (!a.isActive()) {
@ -67,13 +61,12 @@ public class SetInactiveFlag {
}
public Response<String> activate(IdentifiedUser user)
throws ResourceNotFoundException, OrmException, IOException, ConfigInvalidException {
throws ResourceNotFoundException, IOException, ConfigInvalidException {
AtomicBoolean alreadyActive = new AtomicBoolean(false);
Account account =
accountsUpdate
.create()
.update(
dbProvider.get(),
user.getAccountId(),
a -> {
if (a.isActive()) {

4
gerrit-server/src/main/java/com/google/gerrit/server/change/ConsistencyChecker.java
View File

@ -224,10 +224,10 @@ public class ConsistencyChecker {
private void checkOwner() {
try {
if (accounts.get(db.get(), change().getOwner()) == null) {
if (accounts.get(change().getOwner()) == null) {
problem("Missing change owner: " + change().getOwner());
}
} catch (OrmException | IOException | ConfigInvalidException e) {
} catch (IOException | ConfigInvalidException e) {
error("Failed to look up owner", e);
}
}

4
gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java
View File

@ -127,7 +127,7 @@ import com.google.gerrit.server.git.strategy.SubmitStrategy;
import com.google.gerrit.server.git.validators.CommitValidationListener;
import com.google.gerrit.server.git.validators.MergeValidationListener;
import com.google.gerrit.server.git.validators.MergeValidators;
import com.google.gerrit.server.git.validators.MergeValidators.AccountValidator;
import com.google.gerrit.server.git.validators.MergeValidators.AccountMergeValidator;
import com.google.gerrit.server.git.validators.MergeValidators.ProjectConfigValidator;
import com.google.gerrit.server.git.validators.OnSubmitValidationListener;
import com.google.gerrit.server.git.validators.OnSubmitValidators;
@ -393,7 +393,7 @@ public class GerritGlobalModule extends FactoryModule {
bind(AnonymousUser.class);
factory(AbandonOp.Factory.class);
factory(AccountValidator.Factory.class);
factory(AccountMergeValidator.Factory.class);
factory(RefOperationValidators.Factory.class);
factory(OnSubmitValidators.Factory.class);
factory(MergeValidators.Factory.class);

3
gerrit-server/src/main/java/com/google/gerrit/server/git/receive/ReceiveCommits.java
View File

@ -2726,7 +2726,6 @@ class ReceiveCommits {
accountsUpdate
.create()
.update(
db,
user.getAccountId(),
a -> {
if (Strings.isNullOrEmpty(a.getFullName())) {
@ -2736,7 +2735,7 @@ class ReceiveCommits {
if (account != null && Strings.isNullOrEmpty(account.getFullName())) {
user.getAccount().setFullName(account.getFullName());
}
} catch (OrmException | IOException | ConfigInvalidException e) {
} catch (IOException | ConfigInvalidException e) {
logWarn("Cannot default full_name", e);
} finally {
defaultName = false;

91
gerrit-server/src/main/java/com/google/gerrit/server/git/validators/AccountValidator.java Normal file
View File

@ -0,0 +1,91 @@
// Copyright (C) 2017 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.git.validators;
import com.google.common.collect.ImmutableList;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountConfig;
import com.google.gerrit.server.mail.send.OutgoingEmailValidator;
import com.google.inject.Provider;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.lib.ObjectId;
import org.eclipse.jgit.revwalk.RevWalk;
public class AccountValidator {
private final Provider<IdentifiedUser> self;
private final OutgoingEmailValidator emailValidator;
@Inject
public AccountValidator(Provider<IdentifiedUser> self, OutgoingEmailValidator emailValidator) {
this.self = self;
this.emailValidator = emailValidator;
}
public List<String> validate(
Account.Id accountId, RevWalk rw, @Nullable ObjectId oldId, ObjectId newId)
throws IOException {
Account oldAccount = null;
if (oldId != null && !ObjectId.zeroId().equals(oldId)) {
try {
oldAccount = loadAccount(accountId, rw, oldId);
} catch (ConfigInvalidException e) {
// ignore, maybe the new commit is repairing it now
}
}
Account newAccount;
try {
newAccount = loadAccount(accountId, rw, newId);
} catch (ConfigInvalidException e) {
return ImmutableList.of(
String.format(
"commit '%s' has an invalid '%s' file for account '%s': %s",
newId.name(), AccountConfig.ACCOUNT_CONFIG, accountId.get(), e.getMessage()));
}
List<String> messages = new ArrayList<>();
if (accountId.equals(self.get().getAccountId()) && !newAccount.isActive()) {
messages.add("cannot deactivate own account");
}
if (newAccount.getPreferredEmail() != null
&& (oldAccount == null
|| !newAccount.getPreferredEmail().equals(oldAccount.getPreferredEmail()))) {
if (!emailValidator.isValid(newAccount.getPreferredEmail())) {
messages.add(
String.format(
"invalid preferred email '%s' for account '%s'",
newAccount.getPreferredEmail(), accountId.get()));
}
}
return ImmutableList.copyOf(messages);
}
private Account loadAccount(Account.Id accountId, RevWalk rw, ObjectId commit)
throws IOException, ConfigInvalidException {
rw.reset();
AccountConfig accountConfig = new AccountConfig(null, accountId);
accountConfig.load(rw, commit);
return accountConfig.getAccount();
}
}

49
gerrit-server/src/main/java/com/google/gerrit/server/git/validators/CommitValidators.java
View File

@ -32,7 +32,6 @@ import com.google.gerrit.reviewdb.client.Branch;
import com.google.gerrit.reviewdb.client.RefNames;
import com.google.gerrit.server.GerritPersonIdent;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountConfig;
import com.google.gerrit.server.account.WatchConfig;
import com.google.gerrit.server.account.externalids.ExternalIdsConsistencyChecker;
import com.google.gerrit.server.config.AllUsersName;
@ -58,11 +57,9 @@ import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.regex.Pattern;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.lib.Config;
import org.eclipse.jgit.lib.ObjectId;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.notes.NoteMap;
@ -70,7 +67,6 @@ import org.eclipse.jgit.revwalk.FooterKey;
import org.eclipse.jgit.revwalk.FooterLine;
import org.eclipse.jgit.revwalk.RevCommit;
import org.eclipse.jgit.revwalk.RevWalk;
import org.eclipse.jgit.treewalk.TreeWalk;
import org.eclipse.jgit.util.SystemReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -88,6 +84,7 @@ public class CommitValidators {
private final DynamicSet<CommitValidationListener> pluginValidators;
private final AllUsersName allUsers;
private final ExternalIdsConsistencyChecker externalIdsConsistencyChecker;
private final AccountValidator accountValidator;
private final String installCommitMsgHookCommand;
private final ProjectCache projectCache;
@ -99,12 +96,14 @@ public class CommitValidators {
DynamicSet<CommitValidationListener> pluginValidators,
AllUsersName allUsers,
ExternalIdsConsistencyChecker externalIdsConsistencyChecker,
AccountValidator accountValidator,
ProjectCache projectCache) {
this.gerritIdent = gerritIdent;
this.canonicalWebUrl = canonicalWebUrl;
this.pluginValidators = pluginValidators;
this.allUsers = allUsers;
this.externalIdsConsistencyChecker = externalIdsConsistencyChecker;
this.accountValidator = accountValidator;
this.installCommitMsgHookCommand =
cfg != null ? cfg.getString("gerrit", null, "installCommitMsgHookCommand") : null;
this.projectCache = projectCache;
@ -133,7 +132,7 @@ public class CommitValidators {
new BannedCommitsValidator(rejectCommits),
new PluginCommitValidationListener(pluginValidators),
new ExternalIdUpdateListener(allUsers, externalIdsConsistencyChecker),
new AccountValidator(allUsers)));
new AccountCommitValidator(allUsers, accountValidator)));
}
public CommitValidators forGerritCommits(
@ -158,7 +157,7 @@ public class CommitValidators {
new ConfigValidator(branch, user, rw, allUsers),
new PluginCommitValidationListener(pluginValidators),
new ExternalIdUpdateListener(allUsers, externalIdsConsistencyChecker),
new AccountValidator(allUsers)));
new AccountCommitValidator(allUsers, accountValidator)));
}
public CommitValidators forMergedCommits(PermissionBackend.ForRef perm, IdentifiedUser user) {
@ -709,11 +708,13 @@ public class CommitValidators {
}
/** Rejects updates to 'account.config' in user branches. */
public static class AccountValidator implements CommitValidationListener {
public static class AccountCommitValidator implements CommitValidationListener {
private final AllUsersName allUsers;
private final AccountValidator accountValidator;
public AccountValidator(AllUsersName allUsers) {
public AccountCommitValidator(AllUsersName allUsers, AccountValidator accountValidator) {
this.allUsers = allUsers;
this.accountValidator = accountValidator;
}
@Override
@ -725,7 +726,7 @@ public class CommitValidators {
if (receiveEvent.command.getRefName().startsWith(MagicBranch.NEW_CHANGE)) {
// no validation on push for review, will be checked on submit by
// MergeValidators.AccountValidator
// MergeValidators.AccountMergeValidator
return Collections.emptyList();
}
@ -735,15 +736,19 @@ public class CommitValidators {
}
try {
ObjectId newBlobId = getAccountConfigBlobId(receiveEvent.revWalk, receiveEvent.commit);
ObjectId oldId = receiveEvent.command.getOldId();
ObjectId oldBlobId =
!ObjectId.zeroId().equals(oldId)
? getAccountConfigBlobId(receiveEvent.revWalk, oldId)
: null;
if (!Objects.equals(oldBlobId, newBlobId)) {
throw new CommitValidationException("account update not allowed");
List<String> errorMessages =
accountValidator.validate(
accountId,
receiveEvent.revWalk,
receiveEvent.command.getOldId(),
receiveEvent.commit);
if (!errorMessages.isEmpty()) {
throw new CommitValidationException(
"invalid account configuration",
errorMessages
.stream()
.map(m -> new CommitValidationMessage(m, true))
.collect(toList()));
}
} catch (IOException e) {
String m = String.format("Validating update for account %s failed", accountId.get());
@ -752,14 +757,6 @@ public class CommitValidators {
}
return Collections.emptyList();
}
private ObjectId getAccountConfigBlobId(RevWalk rw, ObjectId id) throws IOException {
RevCommit commit = rw.parseCommit(id);
try (TreeWalk tw =
TreeWalk.forPath(rw.getObjectReader(), AccountConfig.ACCOUNT_CONFIG, commit.getTree())) {
return tw != null ? tw.getObjectId(0) : null;
}
}
}
private static CommitValidationMessage invalidEmail(

44
gerrit-server/src/main/java/com/google/gerrit/server/git/validators/MergeValidators.java
View File

@ -14,6 +14,7 @@
package com.google.gerrit.server.git.validators;
import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableList;
import com.google.gerrit.extensions.api.projects.ProjectConfigEntryType;
import com.google.gerrit.extensions.registration.DynamicMap;
@ -47,6 +48,7 @@ import java.io.IOException;
import java.util.List;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.revwalk.RevWalk;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -55,7 +57,7 @@ public class MergeValidators {
private final DynamicSet<MergeValidationListener> mergeValidationListeners;
private final ProjectConfigValidator.Factory projectConfigValidatorFactory;
private final AccountValidator.Factory accountValidatorFactory;
private final AccountMergeValidator.Factory accountValidatorFactory;
public interface Factory {
MergeValidators create();
@ -65,7 +67,7 @@ public class MergeValidators {
MergeValidators(
DynamicSet<MergeValidationListener> mergeValidationListeners,
ProjectConfigValidator.Factory projectConfigValidatorFactory,
AccountValidator.Factory accountValidatorFactory) {
AccountMergeValidator.Factory accountValidatorFactory) {
this.mergeValidationListeners = mergeValidationListeners;
this.projectConfigValidatorFactory = projectConfigValidatorFactory;
this.accountValidatorFactory = accountValidatorFactory;
@ -222,23 +224,26 @@ public class MergeValidators {
}
}
public static class AccountValidator implements MergeValidationListener {
public static class AccountMergeValidator implements MergeValidationListener {
public interface Factory {
AccountValidator create();
AccountMergeValidator create();
}
private final Provider<ReviewDb> dbProvider;
private final AllUsersName allUsersName;
private final ChangeData.Factory changeDataFactory;
private final AccountValidator accountValidator;
@Inject
public AccountValidator(
public AccountMergeValidator(
Provider<ReviewDb> dbProvider,
AllUsersName allUsersName,
ChangeData.Factory changeDataFactory) {
ChangeData.Factory changeDataFactory,
AccountValidator accountValidator) {
this.dbProvider = dbProvider;
this.allUsersName = allUsersName;
this.changeDataFactory = changeDataFactory;
this.accountValidator = accountValidator;
}
@Override
@ -250,30 +255,33 @@ public class MergeValidators {
PatchSet.Id patchSetId,
IdentifiedUser caller)
throws MergeValidationException {
if (!allUsersName.equals(destProject.getProject().getNameKey())
|| Account.Id.fromRef(destBranch.get()) == null) {
Account.Id accountId = Account.Id.fromRef(destBranch.get());
if (!allUsersName.equals(destProject.getProject().getNameKey()) || accountId == null) {
return;
}
if (commit.getParentCount() > 1) {
// for merge commits we cannot ensure that the 'account.config' file is not modified, since
// for merge commits file modifications that come in through the merge don't appear in the
// file list that is returned by ChangeData#currentFilePaths()
throw new MergeValidationException("cannot submit merge commit to user branch");
}
ChangeData cd =
changeDataFactory.create(
dbProvider.get(), destProject.getProject().getNameKey(), patchSetId.getParentKey());
try {
if (cd.currentFilePaths().contains(AccountConfig.ACCOUNT_CONFIG)) {
throw new MergeValidationException(
String.format("update of %s not allowed", AccountConfig.ACCOUNT_CONFIG));
if (!cd.currentFilePaths().contains(AccountConfig.ACCOUNT_CONFIG)) {
return;
}
} catch (OrmException e) {
log.error("Cannot validate account update", e);
throw new MergeValidationException("account validation unavailable");
}
try (RevWalk rw = new RevWalk(repo)) {
List<String> errorMessages = accountValidator.validate(accountId, rw, null, commit);
if (!errorMessages.isEmpty()) {
throw new MergeValidationException(
"invalid account configuration: " + Joiner.on("; ").join(errorMessages));
}
} catch (IOException e) {
log.error("Cannot validate account update", e);
throw new MergeValidationException("account validation unavailable");
}
}
}
}

11
gerrit-server/src/test/java/com/google/gerrit/server/query/account/AbstractQueryAccountsTest.java
View File

@ -18,7 +18,6 @@ import static com.google.common.truth.Truth.assertThat;
import static java.util.stream.Collectors.toList;
import static org.junit.Assert.fail;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.gerrit.extensions.api.GerritApi;
import com.google.gerrit.extensions.api.accounts.Accounts.QueryRequest;
@ -397,14 +396,9 @@ public abstract class AbstractQueryAccountsTest extends GerritServerTests {
public void reindex() throws Exception {
AccountInfo user1 = newAccountWithFullName("tester", "Test Usre");
// update account in ReviewDb without reindex so that account index is stale
String newName = "Test User";
// update account without reindex so that account index is stale
Account.Id accountId = new Account.Id(user1._accountId);
Account account = accounts.get(db, accountId);
account.setFullName(newName);
db.accounts().update(ImmutableSet.of(account));
// update account in NoteDb without reindex so that account index is stale
String newName = "Test User";
try (Repository repo = repoManager.openRepository(allUsers)) {
MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, allUsers, repo);
PersonIdent ident = serverIdent.get();
@ -499,7 +493,6 @@ public abstract class AbstractQueryAccountsTest extends GerritServerTests {
accountsUpdate
.create()
.update(
db,
id,
a -> {
a.setFullName(fullName);

3
gerrit-server/src/test/java/com/google/gerrit/server/query/change/AbstractQueryChangesTest.java
View File

@ -214,7 +214,7 @@ public abstract class AbstractQueryChangesTest extends GerritServerTests {
userId = accountManager.authenticate(AuthRequest.forUser("user")).getAccountId();
String email = "user@example.com";
externalIdsUpdate.create().insert(ExternalId.createEmail(userId, email));
accountsUpdate.create().update(db, userId, a -> a.setPreferredEmail(email));
accountsUpdate.create().update(userId, a -> a.setPreferredEmail(email));
user = userFactory.create(userId);
requestContext.setContext(newRequestContext(userId));
}
@ -2469,7 +2469,6 @@ public abstract class AbstractQueryChangesTest extends GerritServerTests {
accountsUpdate
.create()
.update(
db,
id,
a -> {
a.setFullName(fullName);

1
gerrit-server/src/test/java/com/google/gerrit/server/query/group/AbstractQueryGroupsTest.java
View File

@ -323,7 +323,6 @@ public abstract class AbstractQueryGroupsTest extends GerritServerTests {
accountsUpdate
.create()
.update(
db,
id,
a -> {
a.setFullName(fullName);