Use sshd ServerSession attribute to store the Account.Id

This way we have an unambiguous reference within commands to the
account the user authenticated with, even if the email address was
ambiguous during the authentication process.

Signed-off-by: Shawn O. Pearce <sop@google.com>

appjar/src/main/java/com/google/gerrit/client/reviewdb/AccountSshKey.java

@@ -78,6 +78,10 @@ public final class AccountSshKey {
     valid = true; // We can assume it is fine.
   }
 
+  public Account.Id getAccount() {
+    return id.accountId;
+  }
+
   public AccountSshKey.Id getKey() {
     return id;
   }

appjar/src/main/java/com/google/gerrit/server/ssh/AbstractCommand.java

@@ -14,6 +14,7 @@
 
 package com.google.gerrit.server.ssh;
 
+import com.google.gerrit.client.reviewdb.Account;
 import com.google.gerrit.client.reviewdb.ReviewDb;
 import com.google.gerrit.git.RepositoryCache;
 import com.google.gerrit.server.GerritServer;
@@ -87,6 +88,10 @@ abstract class AbstractCommand implements Command, SessionAware {
     }
   }
 
+  protected Account.Id getAccountId() {
+    return session.getAttribute(SshUtil.CURRENT_ACCOUNT);
+  }
+
   protected String getName() {
     return name;
   }
@@ -129,7 +134,8 @@ abstract class AbstractCommand implements Command, SessionAware {
   }
 
   public void start() {
-    new Thread("Execute " + getName() + " [" + session.getUsername() + "]") {
+    final String who = session.getUsername() + "," + getAccountId();
+    new Thread("Execute " + getName() + " [" + who + "]") {
       @Override
       public void run() {
         runImp();

appjar/src/main/java/com/google/gerrit/server/ssh/AbstractGitCommand.java

@@ -23,7 +23,6 @@ import com.google.gwtorm.client.OrmException;
 import org.spearce.jgit.lib.Repository;
 
 import java.io.IOException;
-import java.util.List;
 
 abstract class AbstractGitCommand extends AbstractCommand {
   protected Repository repo;
@@ -57,15 +56,7 @@ abstract class AbstractGitCommand extends AbstractCommand {
     db = openReviewDb();
     try {
       try {
-        final List<Account> matches =
-            db.accounts().byPreferredEmail(session.getUsername()).toList();
-        if (matches.isEmpty()) {
-          throw new Failure(1, "fatal: you do not exist");
-        }
-        if (matches.size() > 1) {
-          throw new Failure(1, "fatal: there is more than one of you");
-        }
-        userAccount = matches.get(0);
+        userAccount = db.accounts().get(getAccountId());
       } catch (OrmException e) {
         throw new Failure(1, "fatal: cannot query user database");
       }

appjar/src/main/java/com/google/gerrit/server/ssh/DatabasePubKeyAuth.java

@@ -20,6 +20,7 @@ import com.google.gwtorm.client.OrmException;
 import com.google.gwtorm.client.SchemaFactory;
 
 import org.apache.sshd.server.PublickeyAuthenticator;
+import org.apache.sshd.server.session.ServerSession;
 
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
@@ -42,12 +43,14 @@ class DatabasePubKeyAuth implements PublickeyAuthenticator {
     schema = rdf;
   }
 
-  public boolean hasKey(final String username, final PublicKey inkey) {
+  public boolean hasKey(final String username, final PublicKey inkey,
+      final ServerSession session) {
     final List<AccountSshKey> keyList = SshUtil.keysFor(schema, username);
     for (final AccountSshKey k : keyList) {
       try {
         if (SshUtil.parse(k).equals(inkey)) {
           updateLastUsed(k);
+          session.setAttribute(SshUtil.CURRENT_ACCOUNT, k.getAccount());
           return true;
         }
       } catch (NoSuchAlgorithmException e) {

appjar/src/main/java/com/google/gerrit/server/ssh/SshUtil.java

@@ -22,6 +22,7 @@ import com.google.gwtorm.client.SchemaFactory;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.sshd.common.KeyPairProvider;
+import org.apache.sshd.common.session.AttributeKey;
 import org.apache.sshd.common.util.Buffer;
 import org.spearce.jgit.lib.Constants;
 
@@ -42,6 +43,10 @@ import java.util.Map.Entry;
 
 /** Utilities to support SSH operations. */
 public class SshUtil {
+  /** Server session attribute holding the {@link Account.Id}. */
+  static final AttributeKey<Account.Id> CURRENT_ACCOUNT =
+      new AttributeKey<Account.Id>();
+
   /**
    * Parse a public key into its Java type.
    *