OAuth extension point: Allow to authenticate without email
There is a regression in OAuth extension point, that makes the
assumption that all OAuth providers always expose EMail address.
This might not be the case or even a user can decide in her profile
if she would like to expose EMail or not.
Bug: Issue 4797
Change-Id: Ia98ba67aaa7ce44437c8e32b7eb44a38f1e2e9fd
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/oauth/OAuthRealm.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/oauth/OAuthRealm.java
index 0297dd4..c07b4c8 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/oauth/OAuthRealm.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/oauth/OAuthRealm.java
@@ -66,9 +66,8 @@
*
* {@link AccountManager} calls this method without password
* if authenticity of the user has already been established.
- * In that case the {@link AuthRequest} is supposed to contain
- * a resolved email address and we can skip the authentication
- * request to the {@code OAuthLoginService}.
+ * In that case we can skip the authentication request to the
+ * {@code OAuthLoginService}.
*
* @param who the authentication request.
*
@@ -82,8 +81,7 @@
*/
@Override
public AuthRequest authenticate(AuthRequest who) throws AccountException {
- if (Strings.isNullOrEmpty(who.getPassword()) &&
- !Strings.isNullOrEmpty(who.getEmailAddress())) {
+ if (Strings.isNullOrEmpty(who.getPassword())) {
return who;
}
