// Copyright (C) 2009 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package com.google.gerrit.server; import com.google.common.collect.ImmutableSet; import com.google.gerrit.common.data.AccountInfo; import com.google.gerrit.reviewdb.client.Account; import com.google.gerrit.reviewdb.client.AccountDiffPreference; import com.google.gerrit.reviewdb.client.AccountGroup; import com.google.gerrit.reviewdb.client.AccountProjectWatch; import com.google.gerrit.reviewdb.client.Change; import com.google.gerrit.reviewdb.client.StarredChange; import com.google.gerrit.reviewdb.server.ReviewDb; import com.google.gerrit.server.account.AccountCache; import com.google.gerrit.server.account.AccountState; import com.google.gerrit.server.account.CapabilityControl; import com.google.gerrit.server.account.GroupBackend; import com.google.gerrit.server.account.GroupMembership; import com.google.gerrit.server.account.ListGroupMembership; import com.google.gerrit.server.account.Realm; import com.google.gerrit.server.config.AnonymousCowardName; import com.google.gerrit.server.config.AuthConfig; import com.google.gerrit.server.config.CanonicalWebUrl; import com.google.gwtorm.server.OrmException; import com.google.inject.Inject; import com.google.inject.OutOfScopeException; import com.google.inject.Provider; import com.google.inject.Singleton; import com.google.inject.util.Providers; import org.eclipse.jgit.lib.PersonIdent; import org.eclipse.jgit.util.SystemReader; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.MalformedURLException; import java.net.SocketAddress; import java.net.URL; import java.util.Collection; import java.util.Collections; import java.util.Date; import java.util.HashSet; import java.util.List; import java.util.Set; import java.util.TimeZone; import javax.annotation.Nullable; /** An authenticated user. */ public class IdentifiedUser extends CurrentUser { /** Create an IdentifiedUser, ignoring any per-request state. */ @Singleton public static class GenericFactory { private final CapabilityControl.Factory capabilityControlFactory; private final AuthConfig authConfig; private final String anonymousCowardName; private final Provider canonicalUrl; private final Realm realm; private final AccountCache accountCache; private final GroupBackend groupBackend; @Inject GenericFactory( CapabilityControl.Factory capabilityControlFactory, final AuthConfig authConfig, final @AnonymousCowardName String anonymousCowardName, final @CanonicalWebUrl Provider canonicalUrl, final Realm realm, final AccountCache accountCache, final GroupBackend groupBackend) { this.capabilityControlFactory = capabilityControlFactory; this.authConfig = authConfig; this.anonymousCowardName = anonymousCowardName; this.canonicalUrl = canonicalUrl; this.realm = realm; this.accountCache = accountCache; this.groupBackend = groupBackend; } public IdentifiedUser create(final Account.Id id) { return create((SocketAddress) null, id); } public IdentifiedUser create(Provider db, Account.Id id) { return new IdentifiedUser(capabilityControlFactory, authConfig, anonymousCowardName, canonicalUrl, realm, accountCache, groupBackend, null, db, id); } public IdentifiedUser create(SocketAddress remotePeer, Account.Id id) { return new IdentifiedUser(capabilityControlFactory, authConfig, anonymousCowardName, canonicalUrl, realm, accountCache, groupBackend, Providers.of(remotePeer), null, id); } } /** * Create an IdentifiedUser, relying on current request state. *

* Can only be used from within a module that has defined request scoped * {@code @RemotePeer SocketAddress} and {@code ReviewDb} providers. */ @Singleton public static class RequestFactory { private final CapabilityControl.Factory capabilityControlFactory; private final AuthConfig authConfig; private final String anonymousCowardName; private final Provider canonicalUrl; private final Realm realm; private final AccountCache accountCache; private final GroupBackend groupBackend; private final Provider remotePeerProvider; private final Provider dbProvider; @Inject RequestFactory( CapabilityControl.Factory capabilityControlFactory, final AuthConfig authConfig, final @AnonymousCowardName String anonymousCowardName, final @CanonicalWebUrl Provider canonicalUrl, final Realm realm, final AccountCache accountCache, final GroupBackend groupBackend, final @RemotePeer Provider remotePeerProvider, final Provider dbProvider) { this.capabilityControlFactory = capabilityControlFactory; this.authConfig = authConfig; this.anonymousCowardName = anonymousCowardName; this.canonicalUrl = canonicalUrl; this.realm = realm; this.accountCache = accountCache; this.groupBackend = groupBackend; this.remotePeerProvider = remotePeerProvider; this.dbProvider = dbProvider; } public IdentifiedUser create(Account.Id id) { return new IdentifiedUser(capabilityControlFactory, authConfig, anonymousCowardName, canonicalUrl, realm, accountCache, groupBackend, remotePeerProvider, dbProvider, id); } } private static final Logger log = LoggerFactory.getLogger(IdentifiedUser.class); private static final GroupMembership registeredGroups = new ListGroupMembership(ImmutableSet.of( AccountGroup.ANONYMOUS_USERS, AccountGroup.REGISTERED_USERS)); private final Provider canonicalUrl; private final AccountCache accountCache; private final AuthConfig authConfig; private final GroupBackend groupBackend; private final String anonymousCowardName; @Nullable private final Provider remotePeerProvider; @Nullable private final Provider dbProvider; private final Account.Id accountId; private AccountState state; private Set emailAddresses; private GroupMembership effectiveGroups; private Set starredChanges; private Collection notificationFilters; private IdentifiedUser( CapabilityControl.Factory capabilityControlFactory, final AuthConfig authConfig, final String anonymousCowardName, final Provider canonicalUrl, final Realm realm, final AccountCache accountCache, final GroupBackend groupBackend, @Nullable final Provider remotePeerProvider, @Nullable final Provider dbProvider, final Account.Id id) { super(capabilityControlFactory); this.canonicalUrl = canonicalUrl; this.accountCache = accountCache; this.groupBackend = groupBackend; this.authConfig = authConfig; this.anonymousCowardName = anonymousCowardName; this.remotePeerProvider = remotePeerProvider; this.dbProvider = dbProvider; this.accountId = id; } // TODO(cranger): maybe get the state through the accountCache instead. public AccountState state() { if (state == null) { state = accountCache.get(getAccountId()); } return state; } /** The account identity for the user. */ public Account.Id getAccountId() { return accountId; } /** @return the user's user name; null if one has not been selected/assigned. */ @Override public String getUserName() { return state().getUserName(); } public Account getAccount() { return state().getAccount(); } public AccountDiffPreference getAccountDiffPreference() { AccountDiffPreference diffPref; try { diffPref = dbProvider.get().accountDiffPreferences().get(getAccountId()); if (diffPref == null) { diffPref = AccountDiffPreference.createDefault(getAccountId()); } } catch (OrmException e) { log.warn("Cannot query account diff preferences", e); diffPref = AccountDiffPreference.createDefault(getAccountId()); } return diffPref; } public Set getEmailAddresses() { if (emailAddresses == null) { emailAddresses = state().getEmailAddresses(); } return emailAddresses; } public String getName() { return new AccountInfo(getAccount()).getName(anonymousCowardName); } public String getNameEmail() { return new AccountInfo(getAccount()).getNameEmail(anonymousCowardName); } @Override public GroupMembership getEffectiveGroups() { if (effectiveGroups == null) { if (authConfig.isIdentityTrustable(state().getExternalIds())) { effectiveGroups = groupBackend.membershipsOf(this); } else { effectiveGroups = registeredGroups; } } return effectiveGroups; } @Override public Set getStarredChanges() { if (starredChanges == null) { if (dbProvider == null) { throw new OutOfScopeException("Not in request scoped user"); } final Set h = new HashSet(); try { for (final StarredChange sc : dbProvider.get().starredChanges() .byAccount(getAccountId())) { h.add(sc.getChangeId()); } } catch (OrmException e) { log.warn("Cannot query starred by user changes", e); } starredChanges = Collections.unmodifiableSet(h); } return starredChanges; } @Override public Collection getNotificationFilters() { if (notificationFilters == null) { if (dbProvider == null) { throw new OutOfScopeException("Not in request scoped user"); } List r; try { r = dbProvider.get().accountProjectWatches() // .byAccount(getAccountId()).toList(); } catch (OrmException e) { log.warn("Cannot query notification filters of a user", e); r = Collections.emptyList(); } notificationFilters = Collections.unmodifiableList(r); } return notificationFilters; } public PersonIdent newRefLogIdent() { return newRefLogIdent(new Date(), TimeZone.getDefault()); } public PersonIdent newRefLogIdent(final Date when, final TimeZone tz) { final Account ua = getAccount(); String name = ua.getFullName(); if (name == null || name.isEmpty()) { name = ua.getPreferredEmail(); } if (name == null || name.isEmpty()) { name = anonymousCowardName; } String user = getUserName(); if (user == null) { user = ""; } user = user + "|" + "account-" + ua.getId().toString(); String host = null; if (remotePeerProvider != null) { final SocketAddress remotePeer = remotePeerProvider.get(); if (remotePeer instanceof InetSocketAddress) { final InetSocketAddress sa = (InetSocketAddress) remotePeer; final InetAddress in = sa.getAddress(); host = in != null ? in.getCanonicalHostName() : sa.getHostName(); } } if (host == null || host.isEmpty()) { host = "unknown"; } return new PersonIdent(name, user + "@" + host, when, tz); } public PersonIdent newCommitterIdent(final Date when, final TimeZone tz) { final Account ua = getAccount(); String name = ua.getFullName(); String email = ua.getPreferredEmail(); if (email == null || email.isEmpty()) { // No preferred email is configured. Use a generic identity so we // don't leak an address the user may have given us, but doesn't // necessarily want to publish through Git records. // String user = getUserName(); if (user == null || user.isEmpty()) { user = "account-" + ua.getId().toString(); } String host; if (canonicalUrl.get() != null) { try { host = new URL(canonicalUrl.get()).getHost(); } catch (MalformedURLException e) { host = SystemReader.getInstance().getHostname(); } } else { host = SystemReader.getInstance().getHostname(); } email = user + "@" + host; } if (name == null || name.isEmpty()) { final int at = email.indexOf('@'); if (0 < at) { name = email.substring(0, at); } else { name = anonymousCowardName; } } return new PersonIdent(name, email, when, tz); } @Override public String toString() { return "IdentifiedUser[account " + getAccountId() + "]"; } }