OAuth extension point: Allow to authenticate without emailv2.13.2

There is a regression in OAuth extension point, that makes the
assumption that all OAuth providers always expose EMail address.
This might not be the case or even a user can decide in her profile
if she would like to expose EMail or not.

Bug: Issue 4797
Change-Id: Ia98ba67aaa7ce44437c8e32b7eb44a38f1e2e9fd

1 files changed, 3 insertions, 5 deletions

diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/oauth/OAuthRealm.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/oauth/OAuthRealm.java
index 0297dd4a66..c07b4c87b0 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/oauth/OAuthRealm.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/oauth/OAuthRealm.java
@@ -66,9 +66,8 @@ public class OAuthRealm extends AbstractRealm {
    *
    * {@link AccountManager} calls this method without password
    * if authenticity of the user has already been established.
-   * In that case the {@link AuthRequest} is supposed to contain
-   * a resolved email address and we can skip the authentication
-   * request to the {@code OAuthLoginService}.
+   * In that case we can skip the authentication request to the
+   * {@code OAuthLoginService}.
    *
    * @param who the authentication request.
    *
@@ -82,8 +81,7 @@ public class OAuthRealm extends AbstractRealm {
    */
   @Override
   public AuthRequest authenticate(AuthRequest who) throws AccountException {
-    if (Strings.isNullOrEmpty(who.getPassword()) &&
-        !Strings.isNullOrEmpty(who.getEmailAddress())) {
+    if (Strings.isNullOrEmpty(who.getPassword())) {
       return who;
     }