summaryrefslogtreecommitdiffstats
path: root/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
diff options
context:
space:
mode:
Diffstat (limited to 'gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java')
-rw-r--r--gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java54
1 files changed, 24 insertions, 30 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
index 0174ff1b00..deb859a3cb 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
@@ -14,7 +14,7 @@
package com.google.gerrit.server.account;
-import static com.google.gerrit.server.account.ExternalId.SCHEME_USERNAME;
+import static com.google.gerrit.server.account.externalids.ExternalId.SCHEME_USERNAME;
import com.google.common.base.Strings;
import com.google.gerrit.extensions.restapi.AuthException;
@@ -22,10 +22,15 @@ import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestModifyView;
-import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.PutHttpPassword.Input;
+import com.google.gerrit.server.account.externalids.ExternalId;
+import com.google.gerrit.server.account.externalids.ExternalIds;
+import com.google.gerrit.server.account.externalids.ExternalIdsUpdate;
+import com.google.gerrit.server.permissions.GlobalPermission;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -53,23 +58,30 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> {
}
private final Provider<CurrentUser> self;
- private final Provider<ReviewDb> dbProvider;
+ private final PermissionBackend permissionBackend;
+ private final ExternalIds externalIds;
private final ExternalIdsUpdate.User externalIdsUpdate;
@Inject
PutHttpPassword(
Provider<CurrentUser> self,
- Provider<ReviewDb> dbProvider,
+ PermissionBackend permissionBackend,
+ ExternalIds externalIds,
ExternalIdsUpdate.User externalIdsUpdate) {
this.self = self;
- this.dbProvider = dbProvider;
+ this.permissionBackend = permissionBackend;
+ this.externalIds = externalIds;
this.externalIdsUpdate = externalIdsUpdate;
}
@Override
public Response<String> apply(AccountResource rsrc, Input input)
throws AuthException, ResourceNotFoundException, ResourceConflictException, OrmException,
- IOException, ConfigInvalidException {
+ IOException, ConfigInvalidException, PermissionBackendException {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
+ permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+ }
+
if (input == null) {
input = new Input();
}
@@ -77,49 +89,31 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> {
String newPassword;
if (input.generate) {
- if (!self.get().hasSameAccountId(rsrc.getUser())
- && !self.get().getCapabilities().canAdministrateServer()) {
- throw new AuthException("not allowed to generate HTTP password");
- }
newPassword = generate();
-
} else if (input.httpPassword == null) {
- if (!self.get().hasSameAccountId(rsrc.getUser())
- && !self.get().getCapabilities().canAdministrateServer()) {
- throw new AuthException("not allowed to clear HTTP password");
- }
newPassword = null;
} else {
- if (!self.get().getCapabilities().canAdministrateServer()) {
- throw new AuthException(
- "not allowed to set HTTP password directly, "
- + "requires the Administrate Server permission");
- }
+ // Only administrators can explicitly set the password.
+ permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
newPassword = input.httpPassword;
}
return apply(rsrc.getUser(), newPassword);
}
public Response<String> apply(IdentifiedUser user, String newPassword)
- throws ResourceNotFoundException, ResourceConflictException, OrmException, IOException {
+ throws ResourceNotFoundException, ResourceConflictException, OrmException, IOException,
+ ConfigInvalidException {
if (user.getUserName() == null) {
throw new ResourceConflictException("username must be set");
}
- ExternalId extId =
- ExternalId.from(
- dbProvider
- .get()
- .accountExternalIds()
- .get(
- ExternalId.Key.create(SCHEME_USERNAME, user.getUserName())
- .asAccountExternalIdKey()));
+ ExternalId extId = externalIds.get(ExternalId.Key.create(SCHEME_USERNAME, user.getUserName()));
if (extId == null) {
throw new ResourceNotFoundException();
}
ExternalId newExtId =
ExternalId.createWithPassword(extId.key(), extId.accountId(), extId.email(), newPassword);
- externalIdsUpdate.create().upsert(dbProvider.get(), newExtId);
+ externalIdsUpdate.create().upsert(newExtId);
return Strings.isNullOrEmpty(newPassword) ? Response.<String>none() : Response.ok(newPassword);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 11:44:56 +0000