GerritPublicKeyChecker: Resolve external ID via account index
GerritPublicKeyChecker needs to find the account for a given public PGP key. Lookup the coresponding external ID via the account index instead of loading it from the database. This is a preparation for moving the external IDs into git. Change-Id: Ia456c5bdb89da294b51a86087b92ad14165eae8a Signed-off-by: Edwin Kempin <ekempin@google.com>
This commit is contained in:
Edwin Kempin
@@ -28,8 +28,11 @@ import com.google.gerrit.common.PageLinks;
|
||||
import com.google.gerrit.reviewdb.client.AccountExternalId;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.AccountState;
|
||||
import com.google.gerrit.server.config.CanonicalWebUrl;
|
||||
import com.google.gerrit.server.config.GerritServerConfig;
|
||||
import com.google.gerrit.server.index.account.AccountIndexCollection;
|
||||
import com.google.gerrit.server.query.account.InternalAccountQuery;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -47,6 +50,7 @@ import org.slf4j.LoggerFactory;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
@@ -63,6 +67,8 @@ public class GerritPublicKeyChecker extends PublicKeyChecker {
|
||||
@Singleton
|
||||
public static class Factory {
|
||||
private final Provider<ReviewDb> db;
|
||||
private final AccountIndexCollection accountIndexes;
|
||||
private final Provider<InternalAccountQuery> accountQueryProvider;
|
||||
private final String webUrl;
|
||||
private final IdentifiedUser.GenericFactory userFactory;
|
||||
private final int maxTrustDepth;
|
||||
@@ -71,9 +77,13 @@ public class GerritPublicKeyChecker extends PublicKeyChecker {
|
||||
@Inject
|
||||
Factory(@GerritServerConfig Config cfg,
|
||||
Provider<ReviewDb> db,
|
||||
AccountIndexCollection accountIndexes,
|
||||
Provider<InternalAccountQuery> accountQueryProvider,
|
||||
IdentifiedUser.GenericFactory userFactory,
|
||||
@CanonicalWebUrl String webUrl) {
|
||||
this.db = db;
|
||||
this.accountIndexes = accountIndexes;
|
||||
this.accountQueryProvider = accountQueryProvider;
|
||||
this.webUrl = webUrl;
|
||||
this.userFactory = userFactory;
|
||||
this.maxTrustDepth = cfg.getInt("receive", null, "maxTrustDepth", 0);
|
||||
@@ -107,6 +117,8 @@ public class GerritPublicKeyChecker extends PublicKeyChecker {
|
||||
}
|
||||
|
||||
private final Provider<ReviewDb> db;
|
||||
private final AccountIndexCollection accountIndexes;
|
||||
private final Provider<InternalAccountQuery> accountQueryProvider;
|
||||
private final String webUrl;
|
||||
private final IdentifiedUser.GenericFactory userFactory;
|
||||
|
||||
@@ -114,6 +126,8 @@ public class GerritPublicKeyChecker extends PublicKeyChecker {
|
||||
|
||||
private GerritPublicKeyChecker(Factory factory) {
|
||||
this.db = factory.db;
|
||||
this.accountIndexes = factory.accountIndexes;
|
||||
this.accountQueryProvider = factory.accountQueryProvider;
|
||||
this.webUrl = factory.webUrl;
|
||||
this.userFactory = factory.userFactory;
|
||||
if (factory.trusted != null) {
|
||||
@@ -163,12 +177,26 @@ public class GerritPublicKeyChecker extends PublicKeyChecker {
|
||||
|
||||
private CheckResult checkIdsForArbitraryUser(PGPPublicKey key)
|
||||
throws PGPException, OrmException {
|
||||
AccountExternalId extId = db.get().accountExternalIds().get(
|
||||
toExtIdKey(key));
|
||||
if (extId == null) {
|
||||
return CheckResult.bad("Key is not associated with any users");
|
||||
IdentifiedUser user;
|
||||
if (accountIndexes.getSearchIndex() != null) {
|
||||
List<AccountState> accountStates =
|
||||
accountQueryProvider.get().byExternalId(toExtIdKey(key).get());
|
||||
if (accountStates.isEmpty()) {
|
||||
return CheckResult.bad("Key is not associated with any users");
|
||||
}
|
||||
if (accountStates.size() > 1) {
|
||||
return CheckResult.bad("Key is associated with multiple users");
|
||||
}
|
||||
user = userFactory.create(accountStates.get(0));
|
||||
} else {
|
||||
AccountExternalId extId = db.get().accountExternalIds().get(
|
||||
toExtIdKey(key));
|
||||
if (extId == null) {
|
||||
return CheckResult.bad("Key is not associated with any users");
|
||||
}
|
||||
user = userFactory.create(extId.getAccountId());
|
||||
}
|
||||
IdentifiedUser user = userFactory.create(extId.getAccountId());
|
||||
|
||||
Set<String> allowedUserIds = getAllowedUserIds(user);
|
||||
if (allowedUserIds.isEmpty()) {
|
||||
return CheckResult.bad("No identities found for user");
|
||||
|
||||
@@ -43,6 +43,10 @@ public class AccountPredicates {
|
||||
AccountQueryBuilder.FIELD_NAME, name.toLowerCase());
|
||||
}
|
||||
|
||||
static Predicate<AccountState> externalId(String externalId) {
|
||||
return new AccountPredicate(AccountField.EXTERNAL_ID, externalId);
|
||||
}
|
||||
|
||||
public static Predicate<AccountState> isActive() {
|
||||
return new AccountPredicate(AccountField.ACTIVE, "1");
|
||||
}
|
||||
|
||||
@@ -18,8 +18,10 @@ import com.google.gerrit.server.account.AccountState;
|
||||
import com.google.gerrit.server.index.IndexConfig;
|
||||
import com.google.gerrit.server.index.account.AccountIndexCollection;
|
||||
import com.google.gerrit.server.query.InternalQuery;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
public class InternalAccountQuery extends InternalQuery<AccountState> {
|
||||
@@ -53,4 +55,9 @@ public class InternalAccountQuery extends InternalQuery<AccountState> {
|
||||
super.noFields();
|
||||
return this;
|
||||
}
|
||||
|
||||
public List<AccountState> byExternalId(String externalId)
|
||||
throws OrmException {
|
||||
return query(AccountPredicates.externalId(externalId));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user