Add an AuthMethod to WebSession

For purpose of skipping/using xsrf validation, we need to know how a user authenticated. This change adds an AuthMethod enum value to WebSession. Change-Id: I26bc8ea2ba80d8c7cac0d124d7e76ca55da62716
2012-06-19 09:58:19 -07:00
parent bbb8e738bb
commit 9aa7d62ec5
8 changed files with 57 additions and 8 deletions
--- a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java
+++ b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java
@@ -26,6 +26,7 @@ import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.UrlEncoded;
 import com.google.gerrit.server.account.AccountException;
 import com.google.gerrit.server.account.AccountManager;
+import com.google.gerrit.server.account.AuthMethod;
 import com.google.gerrit.server.config.AuthConfig;
 import com.google.gerrit.server.config.CanonicalWebUrl;
 import com.google.gerrit.server.config.ConfigUtil;
@@ -416,7 +417,7 @@ class OpenIdServiceImpl implements OpenIdService {
            lastId.setMaxAge(0);
          }
          rsp.addCookie(lastId);
-          webSession.get().login(arsp, remember);
+          webSession.get().login(arsp, AuthMethod.COOKIE, remember);
          if (arsp.isNew() && claimedIdentifier != null) {
            final com.google.gerrit.server.account.AuthRequest linkReq =
                new com.google.gerrit.server.account.AuthRequest(
@@ -430,7 +431,7 @@ class OpenIdServiceImpl implements OpenIdService {

        case LINK_IDENTIY: {
          arsp = accountManager.link(identifiedUser.get().getAccountId(), areq);
-          webSession.get().login(arsp, remember);
+          webSession.get().login(arsp, AuthMethod.COOKIE, remember);
          callback(false, req, rsp);
          break;
        }