opendev/gerrit
Code Issues Proposed changes

AuthConfig: Disallow invalid combination of auth.type and auth.gitBasicAuthPolicy

Browse Source 
Add checks and throw an invalid state exception when an invalid
combination of auth.gitBasicAuthPolicy and auth.type is detected.

- When auth.gitBasicAuthPolicy is HTTP_LDAP, the auth.type should be
  either LDAP or LDAP_BIND.

- When auth.gitBasicAuthPolicy is OAUTH, auth.type should be OAUTH.

Also add missing reference to LDAP_BIND in the documentation.

Bug: Issue 7086
Change-Id: I4917a45a8ea21af7afa870900caa29224fd0606e
This commit is contained in:
David Pursehouse
2017-08-25 19:12:54 +09:00
parent e2920037bc
commit f7a1c2a99a
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java
View File

@@ -96,6 +96,16 @@ public class AuthConfig {
userNameToLowerCase = cfg.getBoolean("auth", "userNameToLowerCase", false);
allowRegisterNewEmail = cfg.getBoolean("auth", "allowRegisterNewEmail", true);
if (gitBasicAuthPolicy == GitBasicAuthPolicy.HTTP_LDAP
&& authType != AuthType.LDAP
&& authType != AuthType.LDAP_BIND) {
throw new IllegalStateException(
"use auth.gitBasicAuthPolicy HTTP_LDAP only with auth.type LDAP or LDAP_BIND");
} else if (gitBasicAuthPolicy == GitBasicAuthPolicy.OAUTH && authType != AuthType.OAUTH) {
throw new IllegalStateException(
"use auth.gitBasicAuthPolicy OAUTH only with auth.type OAUTH");
}
String key = cfg.getString("auth", null, "registerEmailPrivateKey");
if (key != null && !key.isEmpty()) {
int age =