summaryrefslogtreecommitdiffstats
path: root/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java
diff options
context:
space:
mode:
Diffstat (limited to 'gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java')
-rw-r--r--gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java69
1 files changed, 45 insertions, 24 deletions
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java
index 9676cd37fc..6a19be7455 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java
@@ -19,15 +19,17 @@ import static java.util.concurrent.TimeUnit.HOURS;
import com.google.common.base.Strings;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.common.data.HostPageData;
+import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.httpd.WebSessionManager.Key;
import com.google.gerrit.httpd.WebSessionManager.Val;
+import com.google.gerrit.httpd.restapi.ParameterParser;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.server.AccessPath;
import com.google.gerrit.server.AnonymousUser;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AuthResult;
-import com.google.gerrit.server.account.ExternalId;
+import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.config.AuthConfig;
import com.google.inject.Provider;
import com.google.inject.servlet.RequestScoped;
@@ -56,12 +58,12 @@ public abstract class CacheBasedWebSession implements WebSession {
private CurrentUser user;
protected CacheBasedWebSession(
- final HttpServletRequest request,
- final HttpServletResponse response,
- final WebSessionManager manager,
- final AuthConfig authConfig,
- final Provider<AnonymousUser> anonymousProvider,
- final IdentifiedUser.RequestFactory identified) {
+ HttpServletRequest request,
+ HttpServletResponse response,
+ WebSessionManager manager,
+ AuthConfig authConfig,
+ Provider<AnonymousUser> anonymousProvider,
+ IdentifiedUser.RequestFactory identified) {
this.request = request;
this.response = response;
this.manager = manager;
@@ -70,31 +72,50 @@ public abstract class CacheBasedWebSession implements WebSession {
this.identified = identified;
if (request.getRequestURI() == null || !GitSmartHttpTools.isGitClient(request)) {
- String cookie = readCookie();
+ String cookie = readCookie(request);
if (cookie != null) {
- key = new Key(cookie);
- val = manager.get(key);
- if (val != null && val.needsCookieRefresh()) {
- // Cookie is more than half old. Send the cookie again to the
- // client with an updated expiration date.
- val = manager.createVal(key, val);
+ authFromCookie(cookie);
+ } else {
+ String token;
+ try {
+ token = ParameterParser.getQueryParams(request).accessToken();
+ } catch (BadRequestException e) {
+ token = null;
}
-
- String token = request.getHeader(HostPageData.XSRF_HEADER_NAME);
- if (val != null && token != null && token.equals(val.getAuth())) {
- okPaths.add(AccessPath.REST_API);
+ if (token != null) {
+ authFromQueryParameter(token);
}
}
+ if (val != null && val.needsCookieRefresh()) {
+ // Session is more than half old; update cache entry with new expiration date.
+ val = manager.createVal(key, val);
+ }
+ }
+ }
+
+ private void authFromCookie(String cookie) {
+ key = new Key(cookie);
+ val = manager.get(key);
+ String token = request.getHeader(HostPageData.XSRF_HEADER_NAME);
+ if (val != null && token != null && token.equals(val.getAuth())) {
+ okPaths.add(AccessPath.REST_API);
+ }
+ }
+
+ private void authFromQueryParameter(String accessToken) {
+ key = new Key(accessToken);
+ val = manager.get(key);
+ if (val != null) {
+ okPaths.add(AccessPath.REST_API);
}
}
- private String readCookie() {
- final Cookie[] all = request.getCookies();
+ private static String readCookie(HttpServletRequest request) {
+ Cookie[] all = request.getCookies();
if (all != null) {
- for (final Cookie c : all) {
+ for (Cookie c : all) {
if (ACCOUNT_COOKIE.equals(c.getName())) {
- final String v = c.getValue();
- return v != null && !"".equals(v) ? v : null;
+ return Strings.emptyToNull(c.getValue());
}
}
}
@@ -229,7 +250,7 @@ public abstract class CacheBasedWebSession implements WebSession {
response.addCookie(outCookie);
}
- private static boolean isSecure(final HttpServletRequest req) {
+ private static boolean isSecure(HttpServletRequest req) {
return req.isSecure() || "https".equals(req.getScheme());
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 20:44:33 +0000