diff options
Diffstat (limited to 'java/com/google/gerrit/pgm/init/InitAuth.java')
-rw-r--r-- | java/com/google/gerrit/pgm/init/InitAuth.java | 159 |
1 files changed, 159 insertions, 0 deletions
diff --git a/java/com/google/gerrit/pgm/init/InitAuth.java b/java/com/google/gerrit/pgm/init/InitAuth.java new file mode 100644 index 0000000000..a52d8ba096 --- /dev/null +++ b/java/com/google/gerrit/pgm/init/InitAuth.java @@ -0,0 +1,159 @@ +// Copyright (C) 2009 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.google.gerrit.pgm.init; + +import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.HTTP; +import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.HTTP_LDAP; +import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.LDAP; +import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.OAUTH; +import static com.google.gerrit.pgm.init.api.InitUtil.dnOf; + +import com.google.gerrit.extensions.client.AuthType; +import com.google.gerrit.extensions.client.GitBasicAuthPolicy; +import com.google.gerrit.pgm.init.api.ConsoleUI; +import com.google.gerrit.pgm.init.api.InitFlags; +import com.google.gerrit.pgm.init.api.InitStep; +import com.google.gerrit.pgm.init.api.Section; +import com.google.gwtjsonrpc.server.SignedToken; +import com.google.inject.Inject; +import com.google.inject.Singleton; +import java.util.EnumSet; + +/** Initialize the {@code auth} configuration section. */ +@Singleton +class InitAuth implements InitStep { + private static final String RECEIVE = "receive"; + private static final String ENABLE_SIGNED_PUSH = "enableSignedPush"; + + private final ConsoleUI ui; + private final Section auth; + private final Section ldap; + private final Section receive; + private final InitFlags flags; + + @Inject + InitAuth(InitFlags flags, ConsoleUI ui, Section.Factory sections) { + this.flags = flags; + this.ui = ui; + this.auth = sections.get("auth", null); + this.ldap = sections.get("ldap", null); + this.receive = sections.get(RECEIVE, null); + } + + @Override + public void run() { + ui.header("User Authentication"); + + initAuthType(); + if (auth.getSecure("registerEmailPrivateKey") == null) { + auth.setSecure("registerEmailPrivateKey", SignedToken.generateRandomKey()); + } + + initSignedPush(); + } + + private void initAuthType() { + AuthType authType = + auth.select( + "Authentication method", + "type", + flags.dev ? AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT : AuthType.OPENID); + switch (authType) { + case HTTP: + case HTTP_LDAP: + { + String hdr = auth.get("httpHeader"); + if (ui.yesno(hdr != null, "Get username from custom HTTP header")) { + auth.string("Username HTTP header", "httpHeader", "SM_USER"); + } else if (hdr != null) { + auth.unset("httpHeader"); + } + auth.string("SSO logout URL", "logoutUrl", null); + break; + } + + case LDAP: + { + auth.select( + "Git/HTTP authentication", + "gitBasicAuthPolicy", + HTTP, + EnumSet.of(HTTP, HTTP_LDAP, LDAP)); + break; + } + case OAUTH: + { + GitBasicAuthPolicy gitBasicAuth = + auth.select( + "Git/HTTP authentication", "gitBasicAuthPolicy", HTTP, EnumSet.of(HTTP, OAUTH)); + + if (gitBasicAuth == OAUTH) { + ui.message( + "*WARNING* Please make sure that your chosen OAuth provider\n" + + "supports Git token authentication.\n"); + } + break; + } + case CLIENT_SSL_CERT_LDAP: + case CUSTOM_EXTENSION: + case DEVELOPMENT_BECOME_ANY_ACCOUNT: + case LDAP_BIND: + case OPENID: + case OPENID_SSO: + break; + } + + switch (authType) { + case LDAP: + case LDAP_BIND: + case HTTP_LDAP: + { + String server = ldap.string("LDAP server", "server", "ldap://localhost"); + if (server != null // + && !server.startsWith("ldap://") // + && !server.startsWith("ldaps://")) { + if (ui.yesno(false, "Use SSL")) { + server = "ldaps://" + server; + } else { + server = "ldap://" + server; + } + ldap.set("server", server); + } + + ldap.string("LDAP username", "username", null); + ldap.password("username", "password"); + + String aBase = ldap.string("Account BaseDN", "accountBase", dnOf(server)); + ldap.string("Group BaseDN", "groupBase", aBase); + break; + } + + case CLIENT_SSL_CERT_LDAP: + case CUSTOM_EXTENSION: + case DEVELOPMENT_BECOME_ANY_ACCOUNT: + case HTTP: + case OAUTH: + case OPENID: + case OPENID_SSO: + break; + } + } + + private void initSignedPush() { + boolean def = flags.cfg.getBoolean(RECEIVE, ENABLE_SIGNED_PUSH, false); + boolean enable = ui.yesno(def, "Enable signed push support"); + receive.set("enableSignedPush", Boolean.toString(enable)); + } +} |