Hybrid OpenID/OAuth: Support switching identities
Change-Id: Iac0e36c2dd6b8e99a3b99c9594e29cca9bac22ca GutHub-Bug: https://github.com/davido/gerrit-oauth-provider/issues/11
This commit is contained in:
David Ostrovsky
@@ -175,8 +175,7 @@ class LoginForm extends HttpServlet {
|
|||||||
oauthSession.logout();
|
oauthSession.logout();
|
||||||
}
|
}
|
||||||
if ((isGerritLogin(req)
|
if ((isGerritLogin(req)
|
||||||
|| oauthSession.isOAuthFinal(req))
|
|| oauthSession.isOAuthFinal(req))) {
|
||||||
&& !oauthSession.isLoggedIn()) {
|
|
||||||
oauthSession.setServiceProvider(oauthProvider);
|
oauthSession.setServiceProvider(oauthProvider);
|
||||||
oauthSession.setLinkMode(link);
|
oauthSession.setLinkMode(link);
|
||||||
oauthSession.login(req, res, oauthProvider);
|
oauthSession.login(req, res, oauthProvider);
|
||||||
|
|||||||
@@ -88,10 +88,6 @@ class OAuthSessionOverOpenID {
|
|||||||
|
|
||||||
boolean login(HttpServletRequest request, HttpServletResponse response,
|
boolean login(HttpServletRequest request, HttpServletResponse response,
|
||||||
OAuthServiceProvider oauth) throws IOException {
|
OAuthServiceProvider oauth) throws IOException {
|
||||||
if (isLoggedIn()) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
log.debug("Login " + this);
|
log.debug("Login " + this);
|
||||||
|
|
||||||
if (isOAuthFinal(request)) {
|
if (isOAuthFinal(request)) {
|
||||||
|
|||||||
@@ -17,7 +17,6 @@ package com.google.gerrit.httpd.auth.openid;
|
|||||||
import com.google.common.collect.Iterables;
|
import com.google.common.collect.Iterables;
|
||||||
import com.google.gerrit.extensions.auth.oauth.OAuthServiceProvider;
|
import com.google.gerrit.extensions.auth.oauth.OAuthServiceProvider;
|
||||||
import com.google.gerrit.extensions.registration.DynamicMap;
|
import com.google.gerrit.extensions.registration.DynamicMap;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
import com.google.inject.Provider;
|
||||||
import com.google.inject.Singleton;
|
import com.google.inject.Singleton;
|
||||||
@@ -34,7 +33,6 @@ import javax.servlet.ServletRequest;
|
|||||||
import javax.servlet.ServletResponse;
|
import javax.servlet.ServletResponse;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import javax.servlet.http.HttpSession;
|
|
||||||
|
|
||||||
|
|
||||||
/** OAuth web filter uses active OAuth session to perform OAuth requests */
|
/** OAuth web filter uses active OAuth session to perform OAuth requests */
|
||||||
@@ -42,16 +40,13 @@ import javax.servlet.http.HttpSession;
|
|||||||
class OAuthWebFilterOverOpenID implements Filter {
|
class OAuthWebFilterOverOpenID implements Filter {
|
||||||
static final String GERRIT_LOGIN = "/login";
|
static final String GERRIT_LOGIN = "/login";
|
||||||
|
|
||||||
private final Provider<CurrentUser> currentUserProvider;
|
|
||||||
private final Provider<OAuthSessionOverOpenID> oauthSessionProvider;
|
private final Provider<OAuthSessionOverOpenID> oauthSessionProvider;
|
||||||
private final DynamicMap<OAuthServiceProvider> oauthServiceProviders;
|
private final DynamicMap<OAuthServiceProvider> oauthServiceProviders;
|
||||||
private OAuthServiceProvider ssoProvider;
|
private OAuthServiceProvider ssoProvider;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
OAuthWebFilterOverOpenID(Provider<CurrentUser> currentUserProvider,
|
OAuthWebFilterOverOpenID(DynamicMap<OAuthServiceProvider> oauthServiceProviders,
|
||||||
DynamicMap<OAuthServiceProvider> oauthServiceProviders,
|
|
||||||
Provider<OAuthSessionOverOpenID> oauthSessionProvider) {
|
Provider<OAuthSessionOverOpenID> oauthSessionProvider) {
|
||||||
this.currentUserProvider = currentUserProvider;
|
|
||||||
this.oauthServiceProviders = oauthServiceProviders;
|
this.oauthServiceProviders = oauthServiceProviders;
|
||||||
this.oauthSessionProvider = oauthSessionProvider;
|
this.oauthSessionProvider = oauthSessionProvider;
|
||||||
}
|
}
|
||||||
@@ -69,26 +64,14 @@ class OAuthWebFilterOverOpenID implements Filter {
|
|||||||
public void doFilter(ServletRequest request, ServletResponse response,
|
public void doFilter(ServletRequest request, ServletResponse response,
|
||||||
FilterChain chain) throws IOException, ServletException {
|
FilterChain chain) throws IOException, ServletException {
|
||||||
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
||||||
HttpSession httpSession = ((HttpServletRequest) request).getSession(false);
|
|
||||||
OAuthSessionOverOpenID oauthSession = oauthSessionProvider.get();
|
|
||||||
if (!oauthSession.isLinkMode()
|
|
||||||
&& currentUserProvider.get().isIdentifiedUser()) {
|
|
||||||
if (httpSession != null) {
|
|
||||||
httpSession.invalidate();
|
|
||||||
}
|
|
||||||
chain.doFilter(request, response);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||||
|
|
||||||
|
OAuthSessionOverOpenID oauthSession = oauthSessionProvider.get();
|
||||||
OAuthServiceProvider service = ssoProvider == null
|
OAuthServiceProvider service = ssoProvider == null
|
||||||
? oauthSession.getServiceProvider()
|
? oauthSession.getServiceProvider()
|
||||||
: ssoProvider;
|
: ssoProvider;
|
||||||
|
|
||||||
if ((isGerritLogin(httpRequest)
|
if (isGerritLogin(httpRequest) || oauthSession.isOAuthFinal(httpRequest)) {
|
||||||
|| oauthSession.isOAuthFinal(httpRequest))
|
|
||||||
&& !oauthSession.isLoggedIn()) {
|
|
||||||
if (service == null) {
|
if (service == null) {
|
||||||
throw new IllegalStateException("service is unknown");
|
throw new IllegalStateException("service is unknown");
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user