diff options
Diffstat (limited to 'gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java')
-rw-r--r-- | gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java | 109 |
1 files changed, 62 insertions, 47 deletions
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java index 77662a18a3..aa94759f30 100644 --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java @@ -14,21 +14,24 @@ package com.google.gerrit.httpd.rpc.account; +import com.google.gerrit.common.ChangeHooks; import com.google.gerrit.common.data.AccountSecurity; +import com.google.gerrit.common.data.GroupDetail; import com.google.gerrit.common.errors.ContactInformationStoreException; import com.google.gerrit.common.errors.InvalidSshKeyException; import com.google.gerrit.common.errors.NameAlreadyUsedException; import com.google.gerrit.common.errors.NoSuchEntityException; +import com.google.gerrit.common.errors.NoSuchGroupException; import com.google.gerrit.httpd.rpc.BaseServiceImplementation; import com.google.gerrit.httpd.rpc.Handler; -import com.google.gerrit.reviewdb.Account; -import com.google.gerrit.reviewdb.AccountAgreement; -import com.google.gerrit.reviewdb.AccountExternalId; -import com.google.gerrit.reviewdb.AccountGroup; -import com.google.gerrit.reviewdb.AccountSshKey; -import com.google.gerrit.reviewdb.ContactInformation; -import com.google.gerrit.reviewdb.ContributorAgreement; -import com.google.gerrit.reviewdb.ReviewDb; +import com.google.gerrit.reviewdb.client.Account; +import com.google.gerrit.reviewdb.client.AccountAgreement; +import com.google.gerrit.reviewdb.client.AccountExternalId; +import com.google.gerrit.reviewdb.client.AccountSshKey; +import com.google.gerrit.reviewdb.client.AuthType; +import com.google.gerrit.reviewdb.client.ContactInformation; +import com.google.gerrit.reviewdb.client.ContributorAgreement; +import com.google.gerrit.reviewdb.server.ReviewDb; import com.google.gerrit.server.CurrentUser; import com.google.gerrit.server.IdentifiedUser; import com.google.gerrit.server.account.AccountByEmailCache; @@ -43,21 +46,18 @@ import com.google.gerrit.server.account.Realm; import com.google.gerrit.server.config.AuthConfig; import com.google.gerrit.server.contact.ContactStore; import com.google.gerrit.server.mail.EmailException; +import com.google.gerrit.server.mail.EmailTokenVerifier; import com.google.gerrit.server.mail.RegisterNewEmailSender; import com.google.gerrit.server.ssh.SshKeyCache; -import com.google.gwt.user.client.rpc.AsyncCallback; -import com.google.gwtjsonrpc.client.VoidResult; -import com.google.gwtjsonrpc.server.ValidToken; -import com.google.gwtjsonrpc.server.XsrfException; -import com.google.gwtorm.client.OrmException; +import com.google.gwtjsonrpc.common.AsyncCallback; +import com.google.gwtjsonrpc.common.VoidResult; +import com.google.gwtorm.server.OrmException; import com.google.inject.Inject; import com.google.inject.Provider; -import org.eclipse.jgit.util.Base64; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.io.UnsupportedEncodingException; import java.util.Collections; import java.util.List; import java.util.Set; @@ -69,6 +69,7 @@ class AccountSecurityImpl extends BaseServiceImplementation implements private final AuthConfig authConfig; private final Realm realm; private final Provider<IdentifiedUser> user; + private final EmailTokenVerifier emailTokenVerifier; private final RegisterNewEmailSender.Factory registerNewEmailFactory; private final SshKeyCache sshKeyCache; private final AccountByEmailCache byEmailCache; @@ -83,10 +84,13 @@ class AccountSecurityImpl extends BaseServiceImplementation implements private final ExternalIdDetailFactory.Factory externalIdDetailFactory; private final MyGroupsFactory.Factory myGroupsFactory; + private final ChangeHooks hooks; + @Inject AccountSecurityImpl(final Provider<ReviewDb> schema, final Provider<CurrentUser> currentUser, final ContactStore cs, final AuthConfig ac, final Realm r, final Provider<IdentifiedUser> u, + final EmailTokenVerifier etv, final RegisterNewEmailSender.Factory esf, final SshKeyCache skc, final AccountByEmailCache abec, final AccountCache uac, final AccountManager am, @@ -95,12 +99,14 @@ class AccountSecurityImpl extends BaseServiceImplementation implements final ChangeUserName.CurrentUser changeUserNameFactory, final DeleteExternalIds.Factory deleteExternalIdsFactory, final ExternalIdDetailFactory.Factory externalIdDetailFactory, - final MyGroupsFactory.Factory myGroupsFactory) { + final MyGroupsFactory.Factory myGroupsFactory, + final ChangeHooks hooks) { super(schema, currentUser); contactStore = cs; authConfig = ac; realm = r; user = u; + emailTokenVerifier = etv; registerNewEmailFactory = esf; sshKeyCache = skc; byEmailCache = abec; @@ -115,6 +121,7 @@ class AccountSecurityImpl extends BaseServiceImplementation implements this.deleteExternalIdsFactory = deleteExternalIdsFactory; this.externalIdDetailFactory = externalIdDetailFactory; this.myGroupsFactory = myGroupsFactory; + this.hooks = hooks; } public void mySshKeys(final AsyncCallback<List<AccountSshKey>> callback) { @@ -198,8 +205,13 @@ class AccountSecurityImpl extends BaseServiceImplementation implements } @Override - public void myGroups(final AsyncCallback<List<AccountGroup>> callback) { - myGroupsFactory.create().to(callback); + public void myGroups(final AsyncCallback<List<GroupDetail>> callback) { + run(callback, new Action<List<GroupDetail>>() { + public List<GroupDetail> run(final ReviewDb db) throws OrmException, + NoSuchGroupException, Failure { + return myGroupsFactory.create().call(); + } + }); } public void deleteExternalIds(final Set<AccountExternalId.Key> keys, @@ -262,6 +274,8 @@ class AccountSecurityImpl extends BaseServiceImplementation implements .getAccountId(), id)); if (cla.isAutoVerify()) { a.review(AccountAgreement.Status.VERIFIED, null); + + hooks.doClaSignupHook(user.get().getAccount(), cla); } db.accountAgreements().insert(Collections.singleton(a)); return VoidResult.INSTANCE; @@ -270,41 +284,42 @@ class AccountSecurityImpl extends BaseServiceImplementation implements } public void registerEmail(final String address, - final AsyncCallback<VoidResult> cb) { - try { - final RegisterNewEmailSender sender; - sender = registerNewEmailFactory.create(address); - sender.send(); - cb.onSuccess(VoidResult.INSTANCE); - } catch (EmailException e) { - log.error("Cannot send email verification message to " + address, e); - cb.onFailure(e); - } catch (RuntimeException e) { - log.error("Cannot send email verification message to " + address, e); - cb.onFailure(e); + final AsyncCallback<Account> cb) { + if (authConfig.getAuthType() == AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT) { + try { + accountManager.link(user.get().getAccountId(), + AuthRequest.forEmail(address)); + cb.onSuccess(user.get().getAccount()); + } catch (AccountException e) { + cb.onFailure(e); + } + } else { + try { + final RegisterNewEmailSender sender; + sender = registerNewEmailFactory.create(address); + sender.send(); + } catch (EmailException e) { + log.error("Cannot send email verification message to " + address, e); + cb.onFailure(e); + } catch (RuntimeException e) { + log.error("Cannot send email verification message to " + address, e); + cb.onFailure(e); + } } } - public void validateEmail(final String token, + public void validateEmail(final String tokenString, final AsyncCallback<VoidResult> callback) { try { - final ValidToken t = - authConfig.getEmailRegistrationToken().checkToken(token, null); - if (t == null || t.getData() == null || "".equals(t.getData())) { - callback.onFailure(new IllegalStateException("Invalid token")); - return; + EmailTokenVerifier.ParsedToken token = emailTokenVerifier.decode(tokenString); + Account.Id currentUser = user.get().getAccountId(); + if (currentUser.equals(token.getAccountId())) { + accountManager.link(currentUser, token.toAuthRequest()); + callback.onSuccess(VoidResult.INSTANCE); + } else { + throw new EmailTokenVerifier.InvalidTokenException(); } - final String newEmail = new String(Base64.decode(t.getData()), "UTF-8"); - if (!newEmail.contains("@")) { - callback.onFailure(new IllegalStateException("Invalid token")); - return; - } - accountManager.link(user.get().getAccountId(), AuthRequest - .forEmail(newEmail)); - callback.onSuccess(VoidResult.INSTANCE); - } catch (XsrfException e) { - callback.onFailure(e); - } catch (UnsupportedEncodingException e) { + } catch (EmailTokenVerifier.InvalidTokenException e) { callback.onFailure(e); } catch (AccountException e) { callback.onFailure(e); |