com.google.gerrit.server.auth.AuthRequest: Let methods return Optional
This makes it more explicit that callers must handle the case where the returned user name / password is absent. Change-Id: Iee464f62ac41941d6397702766d0834f37602aff Signed-off-by: Edwin Kempin <ekempin@google.com>
This commit is contained in:
Edwin Kempin
@@ -203,7 +203,7 @@ public class AccountState {
|
||||
return userName;
|
||||
}
|
||||
|
||||
public boolean checkPassword(String password, String username) {
|
||||
public boolean checkPassword(@Nullable String password, String username) {
|
||||
if (password == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -14,16 +14,18 @@
|
||||
|
||||
package com.google.gerrit.server.auth;
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.gerrit.common.Nullable;
|
||||
import java.util.Optional;
|
||||
|
||||
/** Defines an abstract request for user authentication to Gerrit. */
|
||||
public abstract class AuthRequest {
|
||||
private final String username;
|
||||
private final String password;
|
||||
private final Optional<String> username;
|
||||
private final Optional<String> password;
|
||||
|
||||
protected AuthRequest(String username, String password) {
|
||||
this.username = username;
|
||||
this.password = password;
|
||||
protected AuthRequest(@Nullable String username, @Nullable String password) {
|
||||
this.username = Optional.ofNullable(Strings.emptyToNull(username));
|
||||
this.password = Optional.ofNullable(Strings.emptyToNull(password));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -31,8 +33,7 @@ public abstract class AuthRequest {
|
||||
*
|
||||
* @return username for authentication or null for anonymous access.
|
||||
*/
|
||||
@Nullable
|
||||
public final String getUsername() {
|
||||
public final Optional<String> getUsername() {
|
||||
return username;
|
||||
}
|
||||
|
||||
@@ -41,8 +42,7 @@ public abstract class AuthRequest {
|
||||
*
|
||||
* @return user's credentials or null
|
||||
*/
|
||||
@Nullable
|
||||
public final String getPassword() {
|
||||
public final Optional<String> getPassword() {
|
||||
return password;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,7 +14,6 @@
|
||||
|
||||
package com.google.gerrit.server.auth;
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.gerrit.server.account.AccountCache;
|
||||
import com.google.gerrit.server.account.AccountState;
|
||||
import com.google.gerrit.server.config.AuthConfig;
|
||||
@@ -43,15 +42,15 @@ public class InternalAuthBackend implements AuthBackend {
|
||||
public AuthUser authenticate(AuthRequest req)
|
||||
throws MissingCredentialsException, InvalidCredentialsException, UnknownUserException,
|
||||
UserNotAllowedException, AuthException {
|
||||
if (Strings.isNullOrEmpty(req.getUsername()) || Strings.isNullOrEmpty(req.getPassword())) {
|
||||
if (!req.getUsername().isPresent() || !req.getPassword().isPresent()) {
|
||||
throw new MissingCredentialsException();
|
||||
}
|
||||
|
||||
String username;
|
||||
if (authConfig.isUserNameToLowerCase()) {
|
||||
username = req.getUsername().toLowerCase(Locale.US);
|
||||
username = req.getUsername().map(u -> u.toLowerCase(Locale.US)).get();
|
||||
} else {
|
||||
username = req.getUsername();
|
||||
username = req.getUsername().get();
|
||||
}
|
||||
|
||||
AccountState who =
|
||||
@@ -64,7 +63,7 @@ public class InternalAuthBackend implements AuthBackend {
|
||||
+ ": account inactive or not provisioned in Gerrit");
|
||||
}
|
||||
|
||||
if (!who.checkPassword(req.getPassword(), username)) {
|
||||
if (!who.checkPassword(req.getPassword().get(), username)) {
|
||||
throw new InvalidCredentialsException();
|
||||
}
|
||||
return new AuthUser(AuthUser.UUID.create(username), username);
|
||||
|
||||
@@ -60,16 +60,18 @@ public class LdapAuthBackend implements AuthBackend {
|
||||
public AuthUser authenticate(AuthRequest req)
|
||||
throws MissingCredentialsException, InvalidCredentialsException, UnknownUserException,
|
||||
UserNotAllowedException, AuthException {
|
||||
if (req.getUsername() == null || req.getPassword() == null) {
|
||||
if (!req.getUsername().isPresent() || !req.getPassword().isPresent()) {
|
||||
throw new MissingCredentialsException();
|
||||
}
|
||||
|
||||
final String username =
|
||||
lowerCaseUsername ? req.getUsername().toLowerCase(Locale.US) : req.getUsername();
|
||||
String username =
|
||||
lowerCaseUsername
|
||||
? req.getUsername().map(u -> u.toLowerCase(Locale.US)).get()
|
||||
: req.getUsername().get();
|
||||
try {
|
||||
final DirContext ctx;
|
||||
if (authConfig.getAuthType() == AuthType.LDAP_BIND) {
|
||||
ctx = helper.authenticate(username, req.getPassword());
|
||||
ctx = helper.authenticate(username, req.getPassword().get());
|
||||
} else {
|
||||
ctx = helper.open();
|
||||
}
|
||||
@@ -81,7 +83,7 @@ public class LdapAuthBackend implements AuthBackend {
|
||||
// We found the user account, but we need to verify
|
||||
// the password matches it before we can continue.
|
||||
//
|
||||
helper.close(helper.authenticate(m.getDN(), req.getPassword()));
|
||||
helper.close(helper.authenticate(m.getDN(), req.getPassword().get()));
|
||||
}
|
||||
return new AuthUser(AuthUser.UUID.create(username), username);
|
||||
} finally {
|
||||
|
||||
Reference in New Issue
Block a user