opendev/gerrit
Code Issues Proposed changes

Allow Realm to participate when linking an account identity

Browse Source 
When linking a new user identity to an exisiting account, permit the
Realm to observe the new incoming identity and the current account,
and to alter the request. This enables a Realm to observe when a
user verifies a new email address link.

Change-Id: I152d3e4a6713a5d6c757839c857eaf2752b32675
This commit is contained in:
Shawn O. Pearce
2012-01-17 09:53:54 -08:00
parent 30e74bbc8d
commit d3a1bbbf38
4 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java
View File

@@ -382,11 +382,13 @@ public class AccountManager {
* @throws AccountException the identity belongs to a different account, or it * @throws AccountException the identity belongs to a different account, or it
* cannot be linked at this time. * cannot be linked at this time.
*/ */
public AuthResult link(final Account.Id to, final AuthRequest who) public AuthResult link(final Account.Id to, AuthRequest who)
throws AccountException { throws AccountException {
try { try {
final ReviewDb db = schema.open(); final ReviewDb db = schema.open();
try { try {
who = realm.link(db, to, who);
final AccountExternalId.Key key = id(who); final AccountExternalId.Key key = id(who);
AccountExternalId extId = db.accountExternalIds().get(key); AccountExternalId extId = db.accountExternalIds().get(key);
if (extId != null) { if (extId != null) {

6
gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java
View File

@@ -16,6 +16,7 @@ package com.google.gerrit.server.account;
import com.google.gerrit.reviewdb.Account; import com.google.gerrit.reviewdb.Account;
import com.google.gerrit.reviewdb.AccountGroup; import com.google.gerrit.reviewdb.AccountGroup;
import com.google.gerrit.reviewdb.ReviewDb;
import com.google.inject.Inject; import com.google.inject.Inject;
import java.util.Collections; import java.util.Collections;
@@ -46,6 +47,11 @@ public class DefaultRealm implements Realm {
return who; return who;
} }
@Override
public AuthRequest link(ReviewDb db, Account.Id to, AuthRequest who) {
return who;
}
@Override @Override
public void onCreateAccount(final AuthRequest who, final Account account) { public void onCreateAccount(final AuthRequest who, final Account account) {
} }

4
gerrit-server/src/main/java/com/google/gerrit/server/account/Realm.java
View File

@@ -16,6 +16,7 @@ package com.google.gerrit.server.account;
import com.google.gerrit.reviewdb.Account; import com.google.gerrit.reviewdb.Account;
import com.google.gerrit.reviewdb.AccountGroup; import com.google.gerrit.reviewdb.AccountGroup;
import com.google.gerrit.reviewdb.ReviewDb;
import java.util.Set; import java.util.Set;
@@ -25,6 +26,9 @@ public interface Realm {
public AuthRequest authenticate(AuthRequest who) throws AccountException; public AuthRequest authenticate(AuthRequest who) throws AccountException;
public AuthRequest link(ReviewDb db, Account.Id to, AuthRequest who)
throws AccountException;
public void onCreateAccount(AuthRequest who, Account account); public void onCreateAccount(AuthRequest who, Account account);
public Set<AccountGroup.UUID> groups(AccountState who); public Set<AccountGroup.UUID> groups(AccountState who);

5
gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
View File

@@ -243,6 +243,11 @@ class LdapRealm implements Realm {
} }
} }
@Override
public AuthRequest link(ReviewDb db, Account.Id to, AuthRequest who) {
return who;
}
@Override @Override
public void onCreateAccount(final AuthRequest who, final Account account) { public void onCreateAccount(final AuthRequest who, final Account account) {
usernameCache.put(who.getLocalUser(), account.getId()); usernameCache.put(who.getLocalUser(), account.getId());