summaryrefslogtreecommitdiffstats
path: root/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java
diff options
context:
space:
mode:
Diffstat (limited to 'gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java')
-rw-r--r--gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java109
1 files changed, 62 insertions, 47 deletions
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java
index 77662a18a3..aa94759f30 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java
@@ -14,21 +14,24 @@
package com.google.gerrit.httpd.rpc.account;
+import com.google.gerrit.common.ChangeHooks;
import com.google.gerrit.common.data.AccountSecurity;
+import com.google.gerrit.common.data.GroupDetail;
import com.google.gerrit.common.errors.ContactInformationStoreException;
import com.google.gerrit.common.errors.InvalidSshKeyException;
import com.google.gerrit.common.errors.NameAlreadyUsedException;
import com.google.gerrit.common.errors.NoSuchEntityException;
+import com.google.gerrit.common.errors.NoSuchGroupException;
import com.google.gerrit.httpd.rpc.BaseServiceImplementation;
import com.google.gerrit.httpd.rpc.Handler;
-import com.google.gerrit.reviewdb.Account;
-import com.google.gerrit.reviewdb.AccountAgreement;
-import com.google.gerrit.reviewdb.AccountExternalId;
-import com.google.gerrit.reviewdb.AccountGroup;
-import com.google.gerrit.reviewdb.AccountSshKey;
-import com.google.gerrit.reviewdb.ContactInformation;
-import com.google.gerrit.reviewdb.ContributorAgreement;
-import com.google.gerrit.reviewdb.ReviewDb;
+import com.google.gerrit.reviewdb.client.Account;
+import com.google.gerrit.reviewdb.client.AccountAgreement;
+import com.google.gerrit.reviewdb.client.AccountExternalId;
+import com.google.gerrit.reviewdb.client.AccountSshKey;
+import com.google.gerrit.reviewdb.client.AuthType;
+import com.google.gerrit.reviewdb.client.ContactInformation;
+import com.google.gerrit.reviewdb.client.ContributorAgreement;
+import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountByEmailCache;
@@ -43,21 +46,18 @@ import com.google.gerrit.server.account.Realm;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.contact.ContactStore;
import com.google.gerrit.server.mail.EmailException;
+import com.google.gerrit.server.mail.EmailTokenVerifier;
import com.google.gerrit.server.mail.RegisterNewEmailSender;
import com.google.gerrit.server.ssh.SshKeyCache;
-import com.google.gwt.user.client.rpc.AsyncCallback;
-import com.google.gwtjsonrpc.client.VoidResult;
-import com.google.gwtjsonrpc.server.ValidToken;
-import com.google.gwtjsonrpc.server.XsrfException;
-import com.google.gwtorm.client.OrmException;
+import com.google.gwtjsonrpc.common.AsyncCallback;
+import com.google.gwtjsonrpc.common.VoidResult;
+import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
-import org.eclipse.jgit.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.UnsupportedEncodingException;
import java.util.Collections;
import java.util.List;
import java.util.Set;
@@ -69,6 +69,7 @@ class AccountSecurityImpl extends BaseServiceImplementation implements
private final AuthConfig authConfig;
private final Realm realm;
private final Provider<IdentifiedUser> user;
+ private final EmailTokenVerifier emailTokenVerifier;
private final RegisterNewEmailSender.Factory registerNewEmailFactory;
private final SshKeyCache sshKeyCache;
private final AccountByEmailCache byEmailCache;
@@ -83,10 +84,13 @@ class AccountSecurityImpl extends BaseServiceImplementation implements
private final ExternalIdDetailFactory.Factory externalIdDetailFactory;
private final MyGroupsFactory.Factory myGroupsFactory;
+ private final ChangeHooks hooks;
+
@Inject
AccountSecurityImpl(final Provider<ReviewDb> schema,
final Provider<CurrentUser> currentUser, final ContactStore cs,
final AuthConfig ac, final Realm r, final Provider<IdentifiedUser> u,
+ final EmailTokenVerifier etv,
final RegisterNewEmailSender.Factory esf, final SshKeyCache skc,
final AccountByEmailCache abec, final AccountCache uac,
final AccountManager am,
@@ -95,12 +99,14 @@ class AccountSecurityImpl extends BaseServiceImplementation implements
final ChangeUserName.CurrentUser changeUserNameFactory,
final DeleteExternalIds.Factory deleteExternalIdsFactory,
final ExternalIdDetailFactory.Factory externalIdDetailFactory,
- final MyGroupsFactory.Factory myGroupsFactory) {
+ final MyGroupsFactory.Factory myGroupsFactory,
+ final ChangeHooks hooks) {
super(schema, currentUser);
contactStore = cs;
authConfig = ac;
realm = r;
user = u;
+ emailTokenVerifier = etv;
registerNewEmailFactory = esf;
sshKeyCache = skc;
byEmailCache = abec;
@@ -115,6 +121,7 @@ class AccountSecurityImpl extends BaseServiceImplementation implements
this.deleteExternalIdsFactory = deleteExternalIdsFactory;
this.externalIdDetailFactory = externalIdDetailFactory;
this.myGroupsFactory = myGroupsFactory;
+ this.hooks = hooks;
}
public void mySshKeys(final AsyncCallback<List<AccountSshKey>> callback) {
@@ -198,8 +205,13 @@ class AccountSecurityImpl extends BaseServiceImplementation implements
}
@Override
- public void myGroups(final AsyncCallback<List<AccountGroup>> callback) {
- myGroupsFactory.create().to(callback);
+ public void myGroups(final AsyncCallback<List<GroupDetail>> callback) {
+ run(callback, new Action<List<GroupDetail>>() {
+ public List<GroupDetail> run(final ReviewDb db) throws OrmException,
+ NoSuchGroupException, Failure {
+ return myGroupsFactory.create().call();
+ }
+ });
}
public void deleteExternalIds(final Set<AccountExternalId.Key> keys,
@@ -262,6 +274,8 @@ class AccountSecurityImpl extends BaseServiceImplementation implements
.getAccountId(), id));
if (cla.isAutoVerify()) {
a.review(AccountAgreement.Status.VERIFIED, null);
+
+ hooks.doClaSignupHook(user.get().getAccount(), cla);
}
db.accountAgreements().insert(Collections.singleton(a));
return VoidResult.INSTANCE;
@@ -270,41 +284,42 @@ class AccountSecurityImpl extends BaseServiceImplementation implements
}
public void registerEmail(final String address,
- final AsyncCallback<VoidResult> cb) {
- try {
- final RegisterNewEmailSender sender;
- sender = registerNewEmailFactory.create(address);
- sender.send();
- cb.onSuccess(VoidResult.INSTANCE);
- } catch (EmailException e) {
- log.error("Cannot send email verification message to " + address, e);
- cb.onFailure(e);
- } catch (RuntimeException e) {
- log.error("Cannot send email verification message to " + address, e);
- cb.onFailure(e);
+ final AsyncCallback<Account> cb) {
+ if (authConfig.getAuthType() == AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT) {
+ try {
+ accountManager.link(user.get().getAccountId(),
+ AuthRequest.forEmail(address));
+ cb.onSuccess(user.get().getAccount());
+ } catch (AccountException e) {
+ cb.onFailure(e);
+ }
+ } else {
+ try {
+ final RegisterNewEmailSender sender;
+ sender = registerNewEmailFactory.create(address);
+ sender.send();
+ } catch (EmailException e) {
+ log.error("Cannot send email verification message to " + address, e);
+ cb.onFailure(e);
+ } catch (RuntimeException e) {
+ log.error("Cannot send email verification message to " + address, e);
+ cb.onFailure(e);
+ }
}
}
- public void validateEmail(final String token,
+ public void validateEmail(final String tokenString,
final AsyncCallback<VoidResult> callback) {
try {
- final ValidToken t =
- authConfig.getEmailRegistrationToken().checkToken(token, null);
- if (t == null || t.getData() == null || "".equals(t.getData())) {
- callback.onFailure(new IllegalStateException("Invalid token"));
- return;
+ EmailTokenVerifier.ParsedToken token = emailTokenVerifier.decode(tokenString);
+ Account.Id currentUser = user.get().getAccountId();
+ if (currentUser.equals(token.getAccountId())) {
+ accountManager.link(currentUser, token.toAuthRequest());
+ callback.onSuccess(VoidResult.INSTANCE);
+ } else {
+ throw new EmailTokenVerifier.InvalidTokenException();
}
- final String newEmail = new String(Base64.decode(t.getData()), "UTF-8");
- if (!newEmail.contains("@")) {
- callback.onFailure(new IllegalStateException("Invalid token"));
- return;
- }
- accountManager.link(user.get().getAccountId(), AuthRequest
- .forEmail(newEmail));
- callback.onSuccess(VoidResult.INSTANCE);
- } catch (XsrfException e) {
- callback.onFailure(e);
- } catch (UnsupportedEncodingException e) {
+ } catch (EmailTokenVerifier.InvalidTokenException e) {
callback.onFailure(e);
} catch (AccountException e) {
callback.onFailure(e);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 02:34:40 +0000