Since the introduction of basic auth with Change-Id: Ibe589ab2b0,
the mechanism of keeping a session (it was a digest before)
across calls has not been preserved and the basic-auth implementation
resulted in multiple authentications with the configured realm.
Triggering a full authentication handshake could be an
issue when using potentially expensive authentication backends
like LDAP.
Allow to create a Gerrit session from the GerritAccount
cookie set on the Git client, so that only the first HTTP call
will actually authenticate and create a session whilst all
the others would just reuse the existing cookie.
The Git client needs to have HTTP cookies enabled by setting
the http.cookieFile in Git config pointing to a local
file. For keeping HTTP cookies across Git/HTTP commands, the
extra http.saveCookie Git config variable needs to be set to
true.
Previously all Git/HTTP requests were ignored for parsing
the GerritAccount cookie whilst now they are excluded only when
the account token is passed as URL parameter. This problem was
there since the very beginning of the introduction of Git/HTTP
basic auth.
NOTE: Gerrit does not generate HTTP cookies when using
password-based authentication against the external-ids rather
than using the realm: that is expected because it would not
be correct to allocate a cookie when a real authentication
against the realm has not been performed, therefore the
cookie-based authentication for Git/HTTP would not be
available.
Bug: Issue 14508
Change-Id: I2a56197ee0dad479f0973192157e5970d9deac25
1a9187102f