opendev/gerrit
Code Issues Proposed changes

Update HTTP password from SSH commands.

Browse Source 
Non-interactive users created from the ssh command line normally can
not logon using the Gerrit web UI. So to create/update a HTTP
password, for REST API usage, one needs to manually update the correct
database table. This change adds support for creating and updating
HTTP passwords from the command line.

Change-Id: Ic8ad8360f3e0c87dfd71ff408b43be60270986c5
This commit is contained in:
Peter Jönsson
2012-09-04 22:09:29 +02:00
committed by Edwin Kempin
parent e935f4c87f
commit 99c3703954
4 changed files with 37 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Documentation/cmd-create-account.txt
View File

@@ -13,6 +13,7 @@ SYNOPSIS
[--full-name <FULLNAME>] [--full-name <FULLNAME>]
[--email <EMAIL>] [--email <EMAIL>]
[--ssh-key - | <KEY>] [--ssh-key - | <KEY>]
[--http-password <PASSWORD>]
<USERNAME> <USERNAME>
DESCRIPTION DESCRIPTION
@@ -59,6 +60,9 @@ This most likely requires double quoting the value, for example
--email:: --email::
Preferred email address for the user account. Preferred email address for the user account.
--http-password::
HTTP password for the user account.
EXAMPLES EXAMPLES
-------- --------
Create a new user account called `watcher`: Create a new user account called `watcher`:

10
Documentation/cmd-set-account.txt
View File

@@ -11,13 +11,14 @@ SYNOPSIS
set-account [--full-name <FULLNAME>] [--active|--inactive] \ set-account [--full-name <FULLNAME>] [--active|--inactive] \
[--add-email <EMAIL>] [--delete-email <EMAIL> | ALL] \ [--add-email <EMAIL>] [--delete-email <EMAIL> | ALL] \
[--add-ssh-key - | <KEY>] \ [--add-ssh-key - | <KEY>] \
[--delete-ssh-key - | <KEY> | ALL] <USER> [--delete-ssh-key - | <KEY> | ALL] \
[--http-password <PASSWORD>] <USER>
DESCRIPTION DESCRIPTION
----------- -----------
Modifies a given user's settings. This command can be useful to Modifies a given user's settings. This command can be useful to
deactivate an account or add/delete ssh keys without going through deactivate an account, set HTTP password, add/delete ssh keys without
the UI. going through the UI.
It also allows managing email addresses, which bypasses the It also allows managing email addresses, which bypasses the
verification step we force within the UI. verification step we force within the UI.
@@ -79,6 +80,9 @@ This most likely requires double quoting the value, for example
May be supplied more than once to delete multiple SSH May be supplied more than once to delete multiple SSH
keys in a single command execution. keys in a single command execution.
--http-password::
Set the HTTP password for the user account.
EXAMPLES EXAMPLES
-------- --------
Add an email and SSH key to `watcher`'s account: Add an email and SSH key to `watcher`'s account:

7
gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/CreateAccountCommand.java
View File

@@ -60,6 +60,9 @@ final class CreateAccountCommand extends SshCommand {
@Option(name = "--ssh-key", metaVar = "-|KEY", usage = "public key for SSH authentication") @Option(name = "--ssh-key", metaVar = "-|KEY", usage = "public key for SSH authentication")
private String sshKey; private String sshKey;
@Option(name = "--http-password", metaVar = "PASSWORD", usage = "password for HTTP authentication")
private String httpPassword;
@Argument(index = 0, required = true, metaVar = "USERNAME", usage = "name of the user account") @Argument(index = 0, required = true, metaVar = "USERNAME", usage = "name of the user account")
private String username; private String username;
@@ -93,6 +96,10 @@ final class CreateAccountCommand extends SshCommand {
new AccountExternalId(id, new AccountExternalId.Key( new AccountExternalId(id, new AccountExternalId.Key(
AccountExternalId.SCHEME_USERNAME, username)); AccountExternalId.SCHEME_USERNAME, username));
if (httpPassword != null) {
extUser.setPassword(httpPassword);
}
if (db.accountExternalIds().get(extUser.getKey()) != null) { if (db.accountExternalIds().get(extUser.getKey()) != null) {
throw die("username '" + username + "' already exists"); throw die("username '" + username + "' already exists");
} }

19
gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/SetAccountCommand.java
View File

@@ -72,6 +72,9 @@ final class SetAccountCommand extends BaseCommand {
@Option(name = "--delete-ssh-key", multiValued = true, metaVar = "-|KEY", usage = "public keys to delete from the account") @Option(name = "--delete-ssh-key", multiValued = true, metaVar = "-|KEY", usage = "public keys to delete from the account")
private List<String> deleteSshKeys = new ArrayList<String>(); private List<String> deleteSshKeys = new ArrayList<String>();
@Option(name = "--http-password", metaVar = "PASSWORD", usage = "password for HTTP authentication for the account")
private String httpPassword;
@Inject @Inject
private IdentifiedUser currentUser; private IdentifiedUser currentUser;
@@ -147,6 +150,10 @@ final class SetAccountCommand extends BaseCommand {
} }
} }
if (httpPassword != null) {
setHttpPassword(id, httpPassword);
}
if (active) { if (active) {
accountUpdated = true; accountUpdated = true;
account.setActive(true); account.setActive(true);
@@ -234,6 +241,18 @@ final class SetAccountCommand extends BaseCommand {
} }
} }
private void setHttpPassword(Account.Id id, final String httpPassword)
throws UnloggedFailure, OrmException {
ResultSet<AccountExternalId> ids = db.accountExternalIds().byAccount(id);
for (AccountExternalId extId: ids) {
if (extId.isScheme(AccountExternalId.SCHEME_USERNAME)) {
extId.setPassword(httpPassword);
db.accountExternalIds().update(Collections.singleton(extId));
byIdCache.evict(id);
}
}
}
private void unlink(Account.Id id, final String mailAddress) private void unlink(Account.Id id, final String mailAddress)
throws UnloggedFailure { throws UnloggedFailure {
try { try {