diff --git a/java/com/google/gerrit/server/account/AccountState.java b/java/com/google/gerrit/server/account/AccountState.java index e34e5fe801..34f4eb14ce 100644 --- a/java/com/google/gerrit/server/account/AccountState.java +++ b/java/com/google/gerrit/server/account/AccountState.java @@ -203,7 +203,7 @@ public class AccountState { return userName; } - public boolean checkPassword(String password, String username) { + public boolean checkPassword(@Nullable String password, String username) { if (password == null) { return false; } diff --git a/java/com/google/gerrit/server/auth/AuthRequest.java b/java/com/google/gerrit/server/auth/AuthRequest.java index 71c5d26aff..c6222f8cb7 100644 --- a/java/com/google/gerrit/server/auth/AuthRequest.java +++ b/java/com/google/gerrit/server/auth/AuthRequest.java @@ -14,16 +14,18 @@ package com.google.gerrit.server.auth; +import com.google.common.base.Strings; import com.google.gerrit.common.Nullable; +import java.util.Optional; /** Defines an abstract request for user authentication to Gerrit. */ public abstract class AuthRequest { - private final String username; - private final String password; + private final Optional username; + private final Optional password; - protected AuthRequest(String username, String password) { - this.username = username; - this.password = password; + protected AuthRequest(@Nullable String username, @Nullable String password) { + this.username = Optional.ofNullable(Strings.emptyToNull(username)); + this.password = Optional.ofNullable(Strings.emptyToNull(password)); } /** @@ -31,8 +33,7 @@ public abstract class AuthRequest { * * @return username for authentication or null for anonymous access. */ - @Nullable - public final String getUsername() { + public final Optional getUsername() { return username; } @@ -41,8 +42,7 @@ public abstract class AuthRequest { * * @return user's credentials or null */ - @Nullable - public final String getPassword() { + public final Optional getPassword() { return password; } } diff --git a/java/com/google/gerrit/server/auth/InternalAuthBackend.java b/java/com/google/gerrit/server/auth/InternalAuthBackend.java index 7ac06d829c..1792d8b450 100644 --- a/java/com/google/gerrit/server/auth/InternalAuthBackend.java +++ b/java/com/google/gerrit/server/auth/InternalAuthBackend.java @@ -14,7 +14,6 @@ package com.google.gerrit.server.auth; -import com.google.common.base.Strings; import com.google.gerrit.server.account.AccountCache; import com.google.gerrit.server.account.AccountState; import com.google.gerrit.server.config.AuthConfig; @@ -43,15 +42,15 @@ public class InternalAuthBackend implements AuthBackend { public AuthUser authenticate(AuthRequest req) throws MissingCredentialsException, InvalidCredentialsException, UnknownUserException, UserNotAllowedException, AuthException { - if (Strings.isNullOrEmpty(req.getUsername()) || Strings.isNullOrEmpty(req.getPassword())) { + if (!req.getUsername().isPresent() || !req.getPassword().isPresent()) { throw new MissingCredentialsException(); } String username; if (authConfig.isUserNameToLowerCase()) { - username = req.getUsername().toLowerCase(Locale.US); + username = req.getUsername().map(u -> u.toLowerCase(Locale.US)).get(); } else { - username = req.getUsername(); + username = req.getUsername().get(); } AccountState who = @@ -64,7 +63,7 @@ public class InternalAuthBackend implements AuthBackend { + ": account inactive or not provisioned in Gerrit"); } - if (!who.checkPassword(req.getPassword(), username)) { + if (!who.checkPassword(req.getPassword().get(), username)) { throw new InvalidCredentialsException(); } return new AuthUser(AuthUser.UUID.create(username), username); diff --git a/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java b/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java index d6f582e27d..7f7152dd8a 100644 --- a/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java +++ b/java/com/google/gerrit/server/auth/ldap/LdapAuthBackend.java @@ -60,16 +60,18 @@ public class LdapAuthBackend implements AuthBackend { public AuthUser authenticate(AuthRequest req) throws MissingCredentialsException, InvalidCredentialsException, UnknownUserException, UserNotAllowedException, AuthException { - if (req.getUsername() == null || req.getPassword() == null) { + if (!req.getUsername().isPresent() || !req.getPassword().isPresent()) { throw new MissingCredentialsException(); } - final String username = - lowerCaseUsername ? req.getUsername().toLowerCase(Locale.US) : req.getUsername(); + String username = + lowerCaseUsername + ? req.getUsername().map(u -> u.toLowerCase(Locale.US)).get() + : req.getUsername().get(); try { final DirContext ctx; if (authConfig.getAuthType() == AuthType.LDAP_BIND) { - ctx = helper.authenticate(username, req.getPassword()); + ctx = helper.authenticate(username, req.getPassword().get()); } else { ctx = helper.open(); } @@ -81,7 +83,7 @@ public class LdapAuthBackend implements AuthBackend { // We found the user account, but we need to verify // the password matches it before we can continue. // - helper.close(helper.authenticate(m.getDN(), req.getPassword())); + helper.close(helper.authenticate(m.getDN(), req.getPassword().get())); } return new AuthUser(AuthUser.UUID.create(username), username); } finally {