diff options
Diffstat (limited to 'gerrit-server/src/main/java/com/google/gerrit/server/mail/SignedTokenEmailTokenVerifier.java')
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/mail/SignedTokenEmailTokenVerifier.java | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/mail/SignedTokenEmailTokenVerifier.java b/gerrit-server/src/main/java/com/google/gerrit/server/mail/SignedTokenEmailTokenVerifier.java new file mode 100644 index 0000000000..4d6eb8ec21 --- /dev/null +++ b/gerrit-server/src/main/java/com/google/gerrit/server/mail/SignedTokenEmailTokenVerifier.java @@ -0,0 +1,93 @@ +// Copyright (C) 2012 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.google.gerrit.server.mail; + +import com.google.gerrit.reviewdb.client.Account; +import com.google.gerrit.server.config.AuthConfig; +import com.google.gwtjsonrpc.server.SignedToken; +import com.google.gwtjsonrpc.server.ValidToken; +import com.google.gwtjsonrpc.server.XsrfException; +import com.google.inject.AbstractModule; +import com.google.inject.Inject; + +import org.eclipse.jgit.util.Base64; + +import java.io.UnsupportedEncodingException; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +/** Verifies the token sent by {@link RegisterNewEmailSender}. */ +public class SignedTokenEmailTokenVerifier implements EmailTokenVerifier { + private final SignedToken emailRegistrationToken; + + public static class Module extends AbstractModule { + @Override + protected void configure() { + bind(EmailTokenVerifier.class).to(SignedTokenEmailTokenVerifier.class); + } + } + + @Inject + SignedTokenEmailTokenVerifier(AuthConfig config) { + emailRegistrationToken = config.getEmailRegistrationToken(); + } + + public String encode(Account.Id accountId, String emailAddress) { + try { + String payload = String.format("%s:%s", accountId, emailAddress); + byte[] utf8 = payload.getBytes("UTF-8"); + String base64 = Base64.encodeBytes(utf8); + return emailRegistrationToken.newToken(base64); + } catch (XsrfException e) { + throw new IllegalArgumentException(e); + } catch (UnsupportedEncodingException e) { + throw new IllegalArgumentException(e); + } + } + + public ParsedToken decode(String tokenString) throws InvalidTokenException { + ValidToken token; + try { + token = emailRegistrationToken.checkToken(tokenString, null); + } catch (XsrfException err) { + throw new InvalidTokenException(err); + } + if (token == null || token.getData() == null || token.getData().isEmpty()) { + throw new InvalidTokenException(); + } + + String payload; + try { + payload = new String(Base64.decode(token.getData()), "UTF-8"); + } catch (UnsupportedEncodingException err) { + throw new InvalidTokenException(err); + } + + Matcher matcher = Pattern.compile("^([0-9]+):(.+@.+)$").matcher(payload); + if (!matcher.matches()) { + throw new InvalidTokenException(); + } + + Account.Id id; + try { + id = Account.Id.parse(matcher.group(1)); + } catch (IllegalArgumentException err) { + throw new InvalidTokenException(err); + } + + String newEmail = matcher.group(2); + return new ParsedToken(id, newEmail); + } +} |