Merge branch 'stable-2.12'
* stable-2.12:
Document that ldap.groupBase and ldap.accountBase are repeatable
Put Change-Id after Test: footers in commit messages.
Remove bucklets/local_jar.bucklet soft-link to removed lib/local.defs
Normalize case of {Author,Committer}Predicate
OAuth-Linking: Don't create new account when claimed identity unknown
Update 2.11.5 release notes to mention forked buck
Revert "Update buck to ba9f239f69287a553ca93af76a27484d83693563"
Change-Id: I46c53b5c43ecbdc4d63cb03da25c35737b2c5afd
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt
index 99c158f..df9ec26 100644
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -2561,6 +2561,9 @@
+
Root of the tree containing all user accounts. This is typically
of the form `ou=people,dc=example,dc=com`.
++
+This setting may be added multiple times to specify more than
+one root.
[[ldap.accountScope]]ldap.accountScope::
+
@@ -2672,6 +2675,9 @@
+
Root of the tree containing all group objects. This is typically
of the form `ou=groups,dc=example,dc=com`.
++
+This setting may be added multiple times to specify more than
+one root.
[[ldap.groupScope]]ldap.groupScope::
+
diff --git a/ReleaseNotes/ReleaseNotes-2.11.5.txt b/ReleaseNotes/ReleaseNotes-2.11.5.txt
index 03427bb..d7758cb 100644
--- a/ReleaseNotes/ReleaseNotes-2.11.5.txt
+++ b/ReleaseNotes/ReleaseNotes-2.11.5.txt
@@ -9,6 +9,22 @@
There are no schema changes from link:ReleaseNotes-2.11.4.html[2.11.4].
+Important Notes
+---------------
+
+*WARNING:* This release uses a forked version of buck.
+
+Buck was forked to cherry-pick an upstream fix for building on Mac OSX
+El Capitan.
+
+To build this release from source, the Google repository must be added to
+the remotes in the buck checkout:
+
+----
+ $ git remote add google https://gerrit.googlesource.com/buck
+----
+
+
Bug Fixes
---------
diff --git a/bucklets/local_jar.bucklet b/bucklets/local_jar.bucklet
deleted file mode 120000
index 8904824..0000000
--- a/bucklets/local_jar.bucklet
+++ /dev/null
@@ -1 +0,0 @@
-../lib/local.defs
\ No newline at end of file
diff --git a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthSessionOverOpenID.java b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthSessionOverOpenID.java
index 8d5d4b9..33c6e34 100644
--- a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthSessionOverOpenID.java
+++ b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthSessionOverOpenID.java
@@ -125,18 +125,33 @@
try {
String claimedIdentifier = user.getClaimedIdentity();
Account.Id actualId = accountManager.lookup(user.getExternalId());
- // Use case 1: claimed identity was provided during handshake phase
+ Account.Id claimedId = null;
+
+ // We try to retrieve claimed identity.
+ // For some reason, for example staging instance
+ // it may deviate from the really old OpenID identity.
+ // What we want to avoid in any event is to create new
+ // account instead of linking to the existing one.
+ // That why we query it here, not to lose linking mode.
if (!Strings.isNullOrEmpty(claimedIdentifier)) {
- log.debug("Claimed identity is set");
- Account.Id claimedId = accountManager.lookup(claimedIdentifier);
- if (claimedId != null && actualId != null) {
+ claimedId = accountManager.lookup(claimedIdentifier);
+ if (claimedId == null) {
+ log.debug("Claimed identity is unknown");
+ }
+ }
+
+ // Use case 1: claimed identity was provided during handshake phase
+ // and user account exists for this identity
+ if (claimedId != null) {
+ log.debug("Claimed identity is set and is known");
+ if (actualId != null) {
if (claimedId.equals(actualId)) {
// Both link to the same account, that's what we expected.
log.debug("Both link to the same account. All is fine.");
} else {
// This is (for now) a fatal error. There are two records
- // for what might be the same user.
- //
+ // for what might be the same user. The admin would have to
+ // link the accounts manually.
log.error("OAuth accounts disagree over user identity:\n"
+ " Claimed ID: " + claimedId + " is " + claimedIdentifier
+ "\n" + " Delgate ID: " + actualId + " is "
@@ -144,7 +159,7 @@
rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
- } else if (claimedId != null && actualId == null) {
+ } else {
// Claimed account already exists: link to it.
log.debug("Claimed account already exists: link to it.");
try {
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/query/change/AuthorPredicate.java b/gerrit-server/src/main/java/com/google/gerrit/server/query/change/AuthorPredicate.java
index 193a061..6264f3a 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/query/change/AuthorPredicate.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/query/change/AuthorPredicate.java
@@ -23,7 +23,7 @@
public class AuthorPredicate extends IndexPredicate<ChangeData> {
AuthorPredicate(String value) {
- super(AUTHOR, FIELD_AUTHOR, value);
+ super(AUTHOR, FIELD_AUTHOR, value.toLowerCase());
}
@Override
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/query/change/CommitterPredicate.java b/gerrit-server/src/main/java/com/google/gerrit/server/query/change/CommitterPredicate.java
index e5d9529..3cb7f8e 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/query/change/CommitterPredicate.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/query/change/CommitterPredicate.java
@@ -23,7 +23,7 @@
public class CommitterPredicate extends IndexPredicate<ChangeData> {
CommitterPredicate(String value) {
- super(COMMITTER, FIELD_COMMITTER, value);
+ super(COMMITTER, FIELD_COMMITTER, value.toLowerCase());
}
@Override
diff --git a/gerrit-server/src/test/java/com/google/gerrit/server/query/change/AbstractQueryChangesTest.java b/gerrit-server/src/test/java/com/google/gerrit/server/query/change/AbstractQueryChangesTest.java
index 06bfafc..6b91a12 100644
--- a/gerrit-server/src/test/java/com/google/gerrit/server/query/change/AbstractQueryChangesTest.java
+++ b/gerrit-server/src/test/java/com/google/gerrit/server/query/change/AbstractQueryChangesTest.java
@@ -378,6 +378,10 @@
// By name part
assertQuery("author:Author", change1);
+ // Case insensitive
+ assertQuery("author:jAuThOr", change1);
+ assertQuery("author:ExAmPlE", change1);
+
// By non-existing email address / name / part
assertQuery("author:jcommitter@example.com");
assertQuery("author:somewhere.com");
@@ -401,6 +405,10 @@
// By name part
assertQuery("committer:Committer", change1);
+ // Case insensitive
+ assertQuery("committer:jCoMmItTeR", change1);
+ assertQuery("committer:ExAmPlE", change1);
+
// By non-existing email address / name / part
assertQuery("committer:jauthor@example.com");
assertQuery("committer:somewhere.com");
