diff options
Diffstat (limited to 'gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java')
-rw-r--r-- | gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java | 109 |
1 files changed, 61 insertions, 48 deletions
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java index ca3d287105..96792f0886 100644 --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java @@ -25,7 +25,6 @@ import com.google.gerrit.server.AccessPath; import com.google.gerrit.server.AnonymousUser; import com.google.gerrit.server.CurrentUser; import com.google.gerrit.server.IdentifiedUser; -import com.google.gerrit.server.account.AuthMethod; import com.google.gerrit.server.account.AuthResult; import com.google.gerrit.server.cache.CacheModule; import com.google.gerrit.server.config.AuthConfig; @@ -36,6 +35,8 @@ import com.google.inject.servlet.RequestScoped; import org.eclipse.jgit.http.server.GitSmartHttpTools; +import java.util.EnumSet; + import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -67,12 +68,12 @@ public final class CacheBasedWebSession implements WebSession { private final AuthConfig authConfig; private final Provider<AnonymousUser> anonymousProvider; private final IdentifiedUser.RequestFactory identified; - private AccessPath accessPath; + private final EnumSet<AccessPath> okPaths = EnumSet.of(AccessPath.UNKNOWN); private Cookie outCookie; - private AuthMethod authMethod; private Key key; private Val val; + private CurrentUser user; @Inject CacheBasedWebSession(final HttpServletRequest request, @@ -87,31 +88,22 @@ public final class CacheBasedWebSession implements WebSession { this.anonymousProvider = anonymousProvider; this.identified = identified; - if (GitSmartHttpTools.isGitClient(request)) { - accessPath = AccessPath.GIT; - } else { - accessPath = AccessPath.WEB_UI; - } + if (!GitSmartHttpTools.isGitClient(request)) { + String cookie = readCookie(); + if (cookie != null) { + key = new Key(cookie); + val = manager.get(key); + if (val != null && val.needsCookieRefresh()) { + // Cookie is more than half old. Send the cookie again to the + // client with an updated expiration date. + val = manager.createVal(key, val); + } - final String cookie = readCookie(); - if (cookie != null) { - key = new Key(cookie); - val = manager.get(key); - } else { - key = null; - val = null; - } - authMethod = isSignedIn() ? AuthMethod.COOKIE : AuthMethod.NONE; - - if (isSignedIn() && val.needsCookieRefresh()) { - // Cookie is more than half old. Send the cookie again to the - // client with an updated expiration date. We don't dare to - // change the key token here because there may be other RPCs - // queued up in the browser whose xsrfKey would not get updated - // with the new token, causing them to fail. - // - val = manager.createVal(key, val); - saveCookie(); + String token = request.getHeader("X-Gerrit-Auth"); + if (val != null && token != null && token.equals(val.getAuth())) { + okPaths.add(AccessPath.REST_API); + } + } } } @@ -128,33 +120,54 @@ public final class CacheBasedWebSession implements WebSession { return null; } + @Override public boolean isSignedIn() { return val != null; } - public String getToken() { - return isSignedIn() ? val.getXsrfToken() : null; + @Override + public String getXGerritAuth() { + return isSignedIn() ? val.getAuth() : null; } - public boolean isTokenValid(final String inputToken) { - return isSignedIn() // - && val.getXsrfToken() != null // - && val.getXsrfToken().equals(inputToken); + @Override + public boolean isValidXGerritAuth(String keyIn) { + return keyIn.equals(getXGerritAuth()); } + @Override + public boolean isAccessPathOk(AccessPath path) { + return okPaths.contains(path); + } + + @Override + public void setAccessPathOk(AccessPath path, boolean ok) { + if (ok) { + okPaths.add(path); + } else { + okPaths.remove(path); + } + } + + @Override public AccountExternalId.Key getLastLoginExternalId() { return val != null ? val.getExternalId() : null; } + @Override public CurrentUser getCurrentUser() { - if (isSignedIn()) { - return identified.create(accessPath, val.getAccountId()); + if (user == null) { + if (isSignedIn()) { + user = identified.create(val.getAccountId()); + } else { + user = anonymousProvider.get(); + } } - return anonymousProvider.get(); + return user; } - public void login(final AuthResult res, final AuthMethod meth, - final boolean rememberMe) { + @Override + public void login(final AuthResult res, final boolean rememberMe) { final Account.Id id = res.getAccountId(); final AccountExternalId.Key identity = res.getExternalId(); @@ -163,19 +176,18 @@ public final class CacheBasedWebSession implements WebSession { } key = manager.createKey(id); - val = manager.createVal(key, id, rememberMe, identity, null); + val = manager.createVal(key, id, rememberMe, identity, null, null); saveCookie(); - - authMethod = meth; } /** Set the user account for this current request only. */ - public void setUserAccountId(Account.Id id, AuthMethod method) { + @Override + public void setUserAccountId(Account.Id id) { key = new Key("id:" + id); - val = new Val(id, 0, false, null, "", 0); - authMethod = method; + val = new Val(id, 0, false, null, 0, null, null); } + @Override public void logout() { if (val != null) { manager.destroy(key); @@ -185,6 +197,11 @@ public final class CacheBasedWebSession implements WebSession { } } + @Override + public String getSessionId() { + return val != null ? val.getSessionId() : null; + } + private void saveCookie() { final String token; final int ageSeconds; @@ -220,8 +237,4 @@ public final class CacheBasedWebSession implements WebSession { private static boolean isSecure(final HttpServletRequest req) { return req.isSecure() || "https".equals(req.getScheme()); } - - public AuthMethod getAuthMethod() { - return authMethod; - } } |