| // Copyright (C) 2014 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| package com.google.gerrit.acceptance.api.accounts; |
| |
| import static com.google.common.collect.ImmutableList.toImmutableList; |
| import static com.google.common.collect.ImmutableSet.toImmutableSet; |
| import static com.google.common.truth.Truth.assertThat; |
| import static com.google.common.truth.Truth.assertWithMessage; |
| import static com.google.common.truth.Truth8.assertThat; |
| import static com.google.gerrit.acceptance.GitUtil.deleteRef; |
| import static com.google.gerrit.acceptance.GitUtil.fetch; |
| import static com.google.gerrit.acceptance.testsuite.project.TestProjectUpdate.allow; |
| import static com.google.gerrit.acceptance.testsuite.project.TestProjectUpdate.allowCapability; |
| import static com.google.gerrit.acceptance.testsuite.project.TestProjectUpdate.block; |
| import static com.google.gerrit.acceptance.testsuite.project.TestProjectUpdate.deny; |
| import static com.google.gerrit.acceptance.testsuite.project.TestProjectUpdate.permissionKey; |
| import static com.google.gerrit.gpg.PublicKeyStore.REFS_GPG_KEYS; |
| import static com.google.gerrit.gpg.PublicKeyStore.keyToString; |
| import static com.google.gerrit.gpg.testing.TestKeys.allValidKeys; |
| import static com.google.gerrit.gpg.testing.TestKeys.validKeyWithExpiration; |
| import static com.google.gerrit.gpg.testing.TestKeys.validKeyWithSecondUserId; |
| import static com.google.gerrit.gpg.testing.TestKeys.validKeyWithoutExpiration; |
| import static com.google.gerrit.server.StarredChangesUtil.DEFAULT_LABEL; |
| import static com.google.gerrit.server.account.AccountProperties.ACCOUNT; |
| import static com.google.gerrit.server.account.AccountProperties.ACCOUNT_CONFIG; |
| import static com.google.gerrit.server.account.externalids.ExternalId.SCHEME_GPGKEY; |
| import static com.google.gerrit.server.account.externalids.ExternalId.SCHEME_MAILTO; |
| import static com.google.gerrit.server.account.externalids.ExternalId.SCHEME_USERNAME; |
| import static com.google.gerrit.server.group.SystemGroupBackend.ANONYMOUS_USERS; |
| import static com.google.gerrit.server.group.SystemGroupBackend.REGISTERED_USERS; |
| import static com.google.gerrit.server.project.ProjectCache.illegalState; |
| import static com.google.gerrit.testing.GerritJUnit.assertThrows; |
| import static com.google.gerrit.testing.TestActionRefUpdateContext.testRefAction; |
| import static com.google.gerrit.truth.ConfigSubject.assertThat; |
| import static java.nio.charset.StandardCharsets.UTF_8; |
| import static java.util.Objects.requireNonNull; |
| import static java.util.concurrent.TimeUnit.SECONDS; |
| import static java.util.stream.Collectors.toList; |
| import static java.util.stream.Collectors.toSet; |
| import static org.eclipse.jgit.lib.Constants.OBJ_BLOB; |
| import static org.mockito.Mockito.mock; |
| import static org.mockito.Mockito.verify; |
| import static org.mockito.Mockito.verifyNoInteractions; |
| import static org.mockito.Mockito.verifyNoMoreInteractions; |
| |
| import com.github.rholder.retry.StopStrategies; |
| import com.google.common.collect.FluentIterable; |
| import com.google.common.collect.ImmutableList; |
| import com.google.common.collect.ImmutableSet; |
| import com.google.common.collect.ImmutableSetMultimap; |
| import com.google.common.collect.Iterables; |
| import com.google.common.io.BaseEncoding; |
| import com.google.common.truth.Correspondence; |
| import com.google.common.util.concurrent.AtomicLongMap; |
| import com.google.common.util.concurrent.Runnables; |
| import com.google.gerrit.acceptance.AbstractDaemonTest; |
| import com.google.gerrit.acceptance.AccountIndexedCounter; |
| import com.google.gerrit.acceptance.ExtensionRegistry; |
| import com.google.gerrit.acceptance.ExtensionRegistry.Registration; |
| import com.google.gerrit.acceptance.PushOneCommit; |
| import com.google.gerrit.acceptance.Sandboxed; |
| import com.google.gerrit.acceptance.TestAccount; |
| import com.google.gerrit.acceptance.UseClockStep; |
| import com.google.gerrit.acceptance.UseSsh; |
| import com.google.gerrit.acceptance.config.GerritConfig; |
| import com.google.gerrit.acceptance.testsuite.account.AccountOperations; |
| import com.google.gerrit.acceptance.testsuite.account.TestSshKeys; |
| import com.google.gerrit.acceptance.testsuite.group.GroupOperations; |
| import com.google.gerrit.acceptance.testsuite.project.ProjectOperations; |
| import com.google.gerrit.acceptance.testsuite.project.TestProjectUpdate; |
| import com.google.gerrit.acceptance.testsuite.request.RequestScopeOperations; |
| import com.google.gerrit.acceptance.testsuite.request.SshSessionFactory; |
| import com.google.gerrit.common.Nullable; |
| import com.google.gerrit.common.data.GlobalCapability; |
| import com.google.gerrit.entities.AccessSection; |
| import com.google.gerrit.entities.Account; |
| import com.google.gerrit.entities.AccountGroup; |
| import com.google.gerrit.entities.Address; |
| import com.google.gerrit.entities.BranchNameKey; |
| import com.google.gerrit.entities.Change; |
| import com.google.gerrit.entities.GroupReference; |
| import com.google.gerrit.entities.Permission; |
| import com.google.gerrit.entities.PermissionRule.Action; |
| import com.google.gerrit.entities.Project; |
| import com.google.gerrit.entities.RefNames; |
| import com.google.gerrit.exceptions.StorageException; |
| import com.google.gerrit.extensions.api.accounts.AccountApi; |
| import com.google.gerrit.extensions.api.accounts.AccountInput; |
| import com.google.gerrit.extensions.api.accounts.DeleteDraftCommentsInput; |
| import com.google.gerrit.extensions.api.accounts.DeletedDraftCommentInfo; |
| import com.google.gerrit.extensions.api.accounts.EmailInput; |
| import com.google.gerrit.extensions.api.changes.DraftInput; |
| import com.google.gerrit.extensions.api.changes.ReviewInput; |
| import com.google.gerrit.extensions.api.changes.ReviewerInput; |
| import com.google.gerrit.extensions.api.config.ConsistencyCheckInfo; |
| import com.google.gerrit.extensions.api.config.ConsistencyCheckInfo.ConsistencyProblemInfo; |
| import com.google.gerrit.extensions.api.config.ConsistencyCheckInput; |
| import com.google.gerrit.extensions.api.config.ConsistencyCheckInput.CheckAccountsInput; |
| import com.google.gerrit.extensions.client.ProjectWatchInfo; |
| import com.google.gerrit.extensions.common.AccountDetailInfo; |
| import com.google.gerrit.extensions.common.AccountInfo; |
| import com.google.gerrit.extensions.common.ChangeInfo; |
| import com.google.gerrit.extensions.common.CommentInfo; |
| import com.google.gerrit.extensions.common.EmailInfo; |
| import com.google.gerrit.extensions.common.GpgKeyInfo; |
| import com.google.gerrit.extensions.common.GroupInfo; |
| import com.google.gerrit.extensions.common.SshKeyInfo; |
| import com.google.gerrit.extensions.events.AccountActivationListener; |
| import com.google.gerrit.extensions.events.GitReferenceUpdatedListener; |
| import com.google.gerrit.extensions.restapi.AuthException; |
| import com.google.gerrit.extensions.restapi.BadRequestException; |
| import com.google.gerrit.extensions.restapi.ResourceConflictException; |
| import com.google.gerrit.extensions.restapi.ResourceNotFoundException; |
| import com.google.gerrit.extensions.restapi.RestApiException; |
| import com.google.gerrit.extensions.restapi.UnprocessableEntityException; |
| import com.google.gerrit.git.LockFailureException; |
| import com.google.gerrit.gpg.Fingerprint; |
| import com.google.gerrit.gpg.PublicKeyStore; |
| import com.google.gerrit.gpg.testing.TestKey; |
| import com.google.gerrit.httpd.CacheBasedWebSession; |
| import com.google.gerrit.server.ExceptionHook; |
| import com.google.gerrit.server.ServerInitiated; |
| import com.google.gerrit.server.account.AccountControl; |
| import com.google.gerrit.server.account.AccountProperties; |
| import com.google.gerrit.server.account.AccountState; |
| import com.google.gerrit.server.account.AccountsUpdate; |
| import com.google.gerrit.server.account.Emails; |
| import com.google.gerrit.server.account.GroupMembership; |
| import com.google.gerrit.server.account.VersionedAuthorizedKeys; |
| import com.google.gerrit.server.account.externalids.DuplicateExternalIdKeyException; |
| import com.google.gerrit.server.account.externalids.ExternalId; |
| import com.google.gerrit.server.account.externalids.ExternalIdFactory; |
| import com.google.gerrit.server.account.externalids.ExternalIdKeyFactory; |
| import com.google.gerrit.server.account.externalids.ExternalIdNotes; |
| import com.google.gerrit.server.account.externalids.ExternalIds; |
| import com.google.gerrit.server.config.AuthConfig; |
| import com.google.gerrit.server.extensions.events.GitReferenceUpdated; |
| import com.google.gerrit.server.git.meta.MetaDataUpdate; |
| import com.google.gerrit.server.group.testing.TestGroupBackend; |
| import com.google.gerrit.server.index.account.AccountIndexer; |
| import com.google.gerrit.server.index.account.StalenessChecker; |
| import com.google.gerrit.server.notedb.Sequences; |
| import com.google.gerrit.server.plugincontext.PluginSetContext; |
| import com.google.gerrit.server.project.RefPattern; |
| import com.google.gerrit.server.query.account.InternalAccountQuery; |
| import com.google.gerrit.server.update.RetryHelper; |
| import com.google.gerrit.server.util.time.TimeUtil; |
| import com.google.gerrit.server.validators.AccountActivationValidationListener; |
| import com.google.gerrit.server.validators.ValidationException; |
| import com.google.gerrit.testing.ConfigSuite; |
| import com.google.gerrit.testing.FakeEmailSender.Message; |
| import com.google.gerrit.truth.NullAwareCorrespondence; |
| import com.google.inject.Inject; |
| import com.google.inject.Provider; |
| import java.io.ByteArrayOutputStream; |
| import java.io.IOException; |
| import java.security.KeyPair; |
| import java.util.ArrayList; |
| import java.util.Arrays; |
| import java.util.HashMap; |
| import java.util.HashSet; |
| import java.util.Iterator; |
| import java.util.List; |
| import java.util.Locale; |
| import java.util.Map; |
| import java.util.Optional; |
| import java.util.Set; |
| import java.util.concurrent.atomic.AtomicBoolean; |
| import java.util.concurrent.atomic.AtomicInteger; |
| import java.util.stream.Collectors; |
| import java.util.stream.StreamSupport; |
| import javax.servlet.http.HttpServletResponse; |
| import org.apache.http.HttpResponse; |
| import org.apache.http.client.ClientProtocolException; |
| import org.apache.http.client.methods.HttpGet; |
| import org.apache.http.impl.client.BasicCookieStore; |
| import org.apache.http.impl.client.CloseableHttpClient; |
| import org.apache.http.impl.client.HttpClientBuilder; |
| import org.bouncycastle.bcpg.ArmoredOutputStream; |
| import org.bouncycastle.openpgp.PGPPublicKey; |
| import org.bouncycastle.openpgp.PGPPublicKeyRing; |
| import org.eclipse.jgit.api.Git; |
| import org.eclipse.jgit.api.errors.TransportException; |
| import org.eclipse.jgit.errors.ConfigInvalidException; |
| import org.eclipse.jgit.internal.storage.dfs.InMemoryRepository; |
| import org.eclipse.jgit.junit.TestRepository; |
| import org.eclipse.jgit.lib.CommitBuilder; |
| import org.eclipse.jgit.lib.Config; |
| import org.eclipse.jgit.lib.ObjectId; |
| import org.eclipse.jgit.lib.ObjectInserter; |
| import org.eclipse.jgit.lib.ObjectReader; |
| import org.eclipse.jgit.lib.PersonIdent; |
| import org.eclipse.jgit.lib.Ref; |
| import org.eclipse.jgit.lib.RefUpdate; |
| import org.eclipse.jgit.lib.Repository; |
| import org.eclipse.jgit.revwalk.RevCommit; |
| import org.eclipse.jgit.revwalk.RevWalk; |
| import org.eclipse.jgit.transport.PushCertificateIdent; |
| import org.eclipse.jgit.transport.PushResult; |
| import org.eclipse.jgit.transport.RemoteRefUpdate; |
| import org.eclipse.jgit.treewalk.TreeWalk; |
| import org.junit.After; |
| import org.junit.Before; |
| import org.junit.Test; |
| |
| public class AccountIT extends AbstractDaemonTest { |
| @ConfigSuite.Default |
| public static Config enableSignedPushConfig() { |
| Config cfg = new Config(); |
| cfg.setBoolean("receive", null, "enableSignedPush", true); |
| |
| // Disable the staleness checker so that tests that verify the number of expected index events |
| // are stable. |
| cfg.setBoolean("index", null, "autoReindexIfStale", false); |
| |
| return cfg; |
| } |
| |
| @Inject private @ServerInitiated Provider<AccountsUpdate> accountsUpdateProvider; |
| @Inject private AccountIndexer accountIndexer; |
| @Inject private ExternalIdNotes.Factory extIdNotesFactory; |
| @Inject private ExternalIds externalIds; |
| @Inject private GitReferenceUpdated gitReferenceUpdated; |
| @Inject private ProjectOperations projectOperations; |
| @Inject private Provider<InternalAccountQuery> accountQueryProvider; |
| @Inject private Provider<MetaDataUpdate.InternalFactory> metaDataUpdateInternalFactory; |
| @Inject private Provider<PublicKeyStore> publicKeyStoreProvider; |
| @Inject private RequestScopeOperations requestScopeOperations; |
| @Inject private RetryHelper.Metrics retryMetrics; |
| @Inject private Sequences seq; |
| @Inject private StalenessChecker stalenessChecker; |
| @Inject private VersionedAuthorizedKeys.Accessor authorizedKeys; |
| @Inject private ExtensionRegistry extensionRegistry; |
| @Inject private PluginSetContext<ExceptionHook> exceptionHooks; |
| @Inject private ExternalIdKeyFactory externalIdKeyFactory; |
| @Inject private ExternalIdFactory externalIdFactory; |
| @Inject private AuthConfig authConfig; |
| @Inject private AccountControl.Factory accountControlFactory; |
| |
| @Inject protected Emails emails; |
| |
| @Inject private AccountOperations accountOperations; |
| |
| @Inject protected GroupOperations groupOperations; |
| |
| private BasicCookieStore httpCookieStore; |
| private CloseableHttpClient httpclient; |
| |
| @After |
| public void clearPublicKeyStore() throws Exception { |
| try (Repository repo = repoManager.openRepository(allUsers)) { |
| Ref ref = repo.exactRef(REFS_GPG_KEYS); |
| if (ref != null) { |
| RefUpdate ru = repo.updateRef(REFS_GPG_KEYS); |
| ru.setForceUpdate(true); |
| testRefAction(() -> assertThat(ru.delete()).isEqualTo(RefUpdate.Result.FORCED)); |
| } |
| } |
| } |
| |
| @After |
| public void deleteGpgKeys() throws Exception { |
| String ref = REFS_GPG_KEYS; |
| try (Repository repo = repoManager.openRepository(allUsers)) { |
| if (repo.getRefDatabase().exactRef(ref) != null) { |
| RefUpdate ru = repo.updateRef(ref); |
| ru.setForceUpdate(true); |
| assertWithMessage("Failed to delete " + ref) |
| .that(ru.delete()) |
| .isEqualTo(RefUpdate.Result.FORCED); |
| } |
| } |
| } |
| |
| @Before |
| public void createHttpClient() { |
| httpCookieStore = new BasicCookieStore(); |
| httpclient = |
| HttpClientBuilder.create() |
| .disableRedirectHandling() |
| .setDefaultCookieStore(httpCookieStore) |
| .build(); |
| } |
| |
| protected void assertLabelPermission( |
| Project.NameKey project, |
| GroupReference groupReference, |
| String ref, |
| boolean exclusive, |
| String labelName, |
| int min, |
| int max) { |
| Optional<AccessSection> accessSection = |
| projectCache |
| .get(project) |
| .orElseThrow(illegalState(project)) |
| .getConfig() |
| .getAccessSection(ref); |
| assertThat(accessSection).isPresent(); |
| |
| String permissionName = Permission.LABEL + labelName; |
| Permission permission = accessSection.get().getPermission(permissionName); |
| assertPermission(permission, permissionName, exclusive, labelName); |
| assertPermissionRule( |
| permission.getRule(groupReference), groupReference, Action.ALLOW, false, min, max); |
| } |
| |
| @Test |
| public void createByAccountCreator() throws Exception { |
| RefUpdateCounter refUpdateCounter = new RefUpdateCounter(); |
| try (Registration registration = extensionRegistry.newRegistration().add(refUpdateCounter)) { |
| Account.Id accountId = createByAccountCreator(1); |
| refUpdateCounter.assertRefUpdateFor( |
| RefUpdateCounter.projectRef(allUsers, RefNames.refsUsers(accountId)), |
| RefUpdateCounter.projectRef(allUsers, RefNames.REFS_EXTERNAL_IDS), |
| RefUpdateCounter.projectRef(allUsers, RefNames.REFS_SEQUENCES + Sequences.NAME_ACCOUNTS)); |
| } |
| } |
| |
| @Test |
| public void createWithInvalidEmailAddress() throws Exception { |
| AccountInput input = new AccountInput(); |
| input.username = name("test"); |
| input.email = "invalid email address"; |
| |
| // Invalid email address should cause the creation to fail |
| BadRequestException thrown = |
| assertThrows(BadRequestException.class, () -> gApi.accounts().create(input)); |
| assertThat(thrown).hasMessageThat().isEqualTo("invalid email address"); |
| |
| // The account should not have been created |
| assertThrows(ResourceNotFoundException.class, () -> gApi.accounts().id(input.username).get()); |
| } |
| |
| private Account.Id createByAccountCreator(int expectedAccountReindexCalls) throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| String name = "foo"; |
| TestAccount foo = accountCreator.create(name); |
| AccountInfo info = gApi.accounts().id(foo.id().get()).get(); |
| assertThat(info.username).isEqualTo(name); |
| assertThat(info.name).isEqualTo(name); |
| accountIndexedCounter.assertReindexOf(foo, expectedAccountReindexCalls); |
| assertUserBranch(foo.id(), name, null); |
| return foo.id(); |
| } |
| } |
| |
| @Test |
| public void createAnonymousCowardByAccountCreator() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| TestAccount anonymousCoward = accountCreator.create(); |
| accountIndexedCounter.assertReindexOf(anonymousCoward); |
| assertUserBranchWithoutAccountConfig(anonymousCoward.id()); |
| } |
| } |
| |
| @Test |
| public void create() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| AccountInput input = new AccountInput(); |
| input.username = "foo"; |
| input.name = "Foo"; |
| input.email = "foo@example.com"; |
| AccountInfo accountInfo = gApi.accounts().create(input).get(); |
| assertThat(accountInfo._accountId).isNotNull(); |
| assertThat(accountInfo.username).isEqualTo(input.username); |
| assertThat(accountInfo.name).isEqualTo(input.name); |
| assertThat(accountInfo.email).isEqualTo(input.email); |
| assertThat(accountInfo.status).isNull(); |
| assertThat(accountInfo.tags).isNull(); |
| |
| Account.Id accountId = Account.id(accountInfo._accountId); |
| accountIndexedCounter.assertReindexOf(accountId, 1); |
| assertThat(externalIds.byAccount(accountId)) |
| .containsExactly( |
| externalIdFactory.createUsername(input.username, accountId, null), |
| externalIdFactory.createEmail(accountId, input.email)); |
| } |
| } |
| |
| @Test |
| public void createAccountUsernameAlreadyTaken() throws Exception { |
| AccountInput input = new AccountInput(); |
| input.username = admin.username(); |
| |
| ResourceConflictException thrown = |
| assertThrows(ResourceConflictException.class, () -> gApi.accounts().create(input)); |
| assertThat(thrown) |
| .hasMessageThat() |
| .contains("username '" + admin.username() + "' already exists"); |
| } |
| |
| @Test |
| public void createAccountEmailAlreadyTaken() throws Exception { |
| AccountInput input = new AccountInput(); |
| input.username = "foo"; |
| input.email = admin.email(); |
| |
| UnprocessableEntityException thrown = |
| assertThrows(UnprocessableEntityException.class, () -> gApi.accounts().create(input)); |
| assertThat(thrown).hasMessageThat().contains("email '" + admin.email() + "' already exists"); |
| } |
| |
| @Test |
| public void commitMessageOnAccountUpdates() throws Exception { |
| AccountsUpdate au = accountsUpdateProvider.get(); |
| Account.Id accountId = Account.id(seq.nextAccountId()); |
| au.insert("Create Test Account", accountId, u -> {}); |
| assertLastCommitMessageOfUserBranch(accountId, "Create Test Account"); |
| |
| au.update("Set Status", accountId, u -> u.setStatus("Foo")); |
| assertLastCommitMessageOfUserBranch(accountId, "Set Status"); |
| } |
| |
| private void assertLastCommitMessageOfUserBranch(Account.Id accountId, String expectedMessage) |
| throws Exception { |
| try (Repository repo = repoManager.openRepository(allUsers); |
| RevWalk rw = new RevWalk(repo)) { |
| Ref exactRef = repo.exactRef(RefNames.refsUsers(accountId)); |
| assertThat(rw.parseCommit(exactRef.getObjectId()).getShortMessage()) |
| .isEqualTo(expectedMessage); |
| } |
| } |
| |
| @Test |
| @UseClockStep |
| public void createAtomically() throws Exception { |
| Account.Id accountId = Account.id(seq.nextAccountId()); |
| String fullName = "Foo"; |
| ExternalId extId = externalIdFactory.createEmail(accountId, "foo@example.com"); |
| AccountState accountState = |
| accountsUpdateProvider |
| .get() |
| .insert( |
| "Create Account Atomically", |
| accountId, |
| u -> u.setFullName(fullName).addExternalId(extId)); |
| assertThat(accountState.account().fullName()).isEqualTo(fullName); |
| |
| AccountInfo info = gApi.accounts().id(accountId.get()).get(); |
| assertThat(info.name).isEqualTo(fullName); |
| |
| List<EmailInfo> emails = gApi.accounts().id(accountId.get()).getEmails(); |
| assertThat(emails.stream().map(e -> e.email).collect(toSet())).containsExactly(extId.email()); |
| |
| RevCommit commitUserBranch = |
| projectOperations.project(allUsers).getHead(RefNames.refsUsers(accountId)); |
| RevCommit commitRefsMetaExternalIds = |
| projectOperations.project(allUsers).getHead(RefNames.REFS_EXTERNAL_IDS); |
| assertThat(commitUserBranch.getCommitTime()) |
| .isEqualTo(commitRefsMetaExternalIds.getCommitTime()); |
| } |
| |
| @Test |
| public void updateNonExistingAccount() throws Exception { |
| Account.Id nonExistingAccountId = Account.id(999999); |
| AtomicBoolean consumerCalled = new AtomicBoolean(); |
| Optional<AccountState> accountState = |
| accountsUpdateProvider |
| .get() |
| .update( |
| "Update Non-Existing Account", nonExistingAccountId, a -> consumerCalled.set(true)); |
| assertThat(accountState).isEmpty(); |
| assertThat(consumerCalled.get()).isFalse(); |
| } |
| |
| @Test |
| public void updateAccountWithoutAccountConfigNoteDb() throws Exception { |
| TestAccount anonymousCoward = accountCreator.create(); |
| assertUserBranchWithoutAccountConfig(anonymousCoward.id()); |
| |
| String status = "OOO"; |
| Optional<AccountState> accountState = |
| accountsUpdateProvider |
| .get() |
| .update("Set status", anonymousCoward.id(), u -> u.setStatus(status)); |
| assertThat(accountState).isPresent(); |
| Account account = accountState.get().account(); |
| assertThat(account.fullName()).isNull(); |
| assertThat(account.status()).isEqualTo(status); |
| assertUserBranch(anonymousCoward.id(), null, status); |
| } |
| |
| private void assertUserBranchWithoutAccountConfig(Account.Id accountId) throws Exception { |
| assertUserBranch(accountId, null, null); |
| } |
| |
| private void assertUserBranch( |
| Account.Id accountId, @Nullable String name, @Nullable String status) throws Exception { |
| try (Repository repo = repoManager.openRepository(allUsers); |
| RevWalk rw = new RevWalk(repo); |
| ObjectReader or = repo.newObjectReader()) { |
| Ref ref = repo.exactRef(RefNames.refsUsers(accountId)); |
| assertThat(ref).isNotNull(); |
| RevCommit c = rw.parseCommit(ref.getObjectId()); |
| long timestampDiffMs = |
| Math.abs(c.getCommitTime() * 1000L - getAccount(accountId).registeredOn().toEpochMilli()); |
| assertThat(timestampDiffMs).isAtMost(SECONDS.toMillis(1)); |
| |
| // Check the 'account.config' file. |
| try (TreeWalk tw = TreeWalk.forPath(or, ACCOUNT_CONFIG, c.getTree())) { |
| if (name != null || status != null) { |
| assertThat(tw).isNotNull(); |
| Config cfg = new Config(); |
| cfg.fromText(new String(or.open(tw.getObjectId(0), OBJ_BLOB).getBytes(), UTF_8)); |
| assertThat(cfg) |
| .stringValue(ACCOUNT, null, AccountProperties.KEY_FULL_NAME) |
| .isEqualTo(name); |
| assertThat(cfg) |
| .stringValue(ACCOUNT, null, AccountProperties.KEY_STATUS) |
| .isEqualTo(status); |
| } else { |
| // No account properties were set, hence an 'account.config' file was not created. |
| assertThat(tw).isNull(); |
| } |
| } |
| } |
| } |
| |
| @Test |
| public void get() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| AccountInfo info = gApi.accounts().id("admin").get(); |
| assertThat(info.name).isEqualTo("Administrator"); |
| assertThat(info.email).isEqualTo("admin@example.com"); |
| assertThat(info.username).isEqualTo("admin"); |
| accountIndexedCounter.assertNoReindex(); |
| } |
| } |
| |
| @Test |
| public void getByIntId() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| AccountInfo info = gApi.accounts().id("admin").get(); |
| AccountInfo infoByIntId = gApi.accounts().id(info._accountId).get(); |
| assertThat(info.name).isEqualTo(infoByIntId.name); |
| accountIndexedCounter.assertNoReindex(); |
| } |
| } |
| |
| @Test |
| public void self() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| AccountInfo info = gApi.accounts().self().get(); |
| assertUser(info, admin); |
| |
| info = gApi.accounts().id("self").get(); |
| assertUser(info, admin); |
| accountIndexedCounter.assertNoReindex(); |
| } |
| } |
| |
| @Test |
| public void active() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| int id = gApi.accounts().id("user").get()._accountId; |
| assertThat(gApi.accounts().id("user").getActive()).isTrue(); |
| gApi.accounts().id("user").setActive(false); |
| accountIndexedCounter.assertReindexOf(user); |
| |
| // Inactive users may only be resolved by ID. |
| ResourceNotFoundException thrown = |
| assertThrows(ResourceNotFoundException.class, () -> gApi.accounts().id("user")); |
| assertThat(thrown) |
| .hasMessageThat() |
| .isEqualTo( |
| "Account 'user' only matches inactive accounts. To use an inactive account, retry" |
| + " with one of the following exact account IDs:\n" |
| + id |
| + ": User1 <user1@example.com>"); |
| assertThat(gApi.accounts().id(id).getActive()).isFalse(); |
| |
| gApi.accounts().id(id).setActive(true); |
| assertThat(gApi.accounts().id("user").getActive()).isTrue(); |
| accountIndexedCounter.assertReindexOf(user); |
| } |
| } |
| |
| @Test |
| public void shouldAllowQueryByEmailForInactiveUser() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| Account.Id activatableAccountId = |
| accountOperations.newAccount().inactive().preferredEmail("foo@activatable.com").create(); |
| accountIndexedCounter.assertReindexOf(activatableAccountId, 1); |
| } |
| |
| gApi.changes().query("owner:foo@activatable.com").get(); |
| } |
| |
| @Test |
| public void shouldAllowQueryByUserNameForInactiveUser() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| Account.Id activatableAccountId = |
| accountOperations.newAccount().inactive().username("foo").create(); |
| accountIndexedCounter.assertReindexOf(activatableAccountId, 1); |
| } |
| |
| gApi.changes().query("owner:foo").get(); |
| } |
| |
| @Test |
| @GerritConfig(name = "auth.type", value = "DEVELOPMENT_BECOME_ANY_ACCOUNT") |
| public void activeUserGetSessionCookieOnLogin() throws Exception { |
| Integer accountId = accountIdApi().get()._accountId; |
| assertThat(accountIdApi().getActive()).isTrue(); |
| |
| webLogin(accountId); |
| assertThat(getCookiesNames()).contains(CacheBasedWebSession.ACCOUNT_COOKIE); |
| } |
| |
| @Test |
| @GerritConfig(name = "auth.type", value = "DEVELOPMENT_BECOME_ANY_ACCOUNT") |
| public void inactiveUserDoesNotGetCookieOnLogin() throws Exception { |
| Integer accountId = accountIdApi().get()._accountId; |
| accountIdApi().setActive(false); |
| assertThat(accountIdApi().getActive()).isFalse(); |
| |
| webLogin(accountId); |
| assertThat(getCookiesNames()).isEmpty(); |
| } |
| |
| @Test |
| @GerritConfig(name = "auth.type", value = "DEVELOPMENT_BECOME_ANY_ACCOUNT") |
| public void userDeactivatedAfterLoginDoesNotGetCookie() throws Exception { |
| Integer accountId = accountIdApi().get()._accountId; |
| assertThat(accountIdApi().getActive()).isTrue(); |
| |
| webLogin(accountId); |
| assertThat(getCookiesNames()).contains(CacheBasedWebSession.ACCOUNT_COOKIE); |
| httpGetAndAssertStatus("accounts/self/detail", HttpServletResponse.SC_OK); |
| |
| accountIdApi().setActive(false); |
| assertThat(accountIdApi().getActive()).isFalse(); |
| |
| httpGetAndAssertStatus("accounts/self/detail", HttpServletResponse.SC_FORBIDDEN); |
| } |
| |
| @Test |
| public void validateAccountActivation() throws Exception { |
| Account.Id activatableAccountId = |
| accountOperations.newAccount().inactive().preferredEmail("foo@activatable.com").create(); |
| Account.Id deactivatableAccountId = |
| accountOperations.newAccount().preferredEmail("foo@deactivatable.com").create(); |
| |
| AccountActivationValidationListener validationListener = |
| new AccountActivationValidationListener() { |
| @Override |
| public void validateActivation(AccountState account) throws ValidationException { |
| String preferredEmail = account.account().preferredEmail(); |
| if (preferredEmail == null || !preferredEmail.endsWith("@activatable.com")) { |
| throw new ValidationException("not allowed to active account"); |
| } |
| } |
| |
| @Override |
| public void validateDeactivation(AccountState account) throws ValidationException { |
| String preferredEmail = account.account().preferredEmail(); |
| if (preferredEmail == null || !preferredEmail.endsWith("@deactivatable.com")) { |
| throw new ValidationException("not allowed to deactive account"); |
| } |
| } |
| }; |
| |
| AccountActivationListener listener = mock(AccountActivationListener.class); |
| |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(validationListener).add(listener)) { |
| /* Test account that can be activated, but not deactivated */ |
| // Deactivate account that is already inactive |
| ResourceConflictException thrown = |
| assertThrows( |
| ResourceConflictException.class, |
| () -> gApi.accounts().id(activatableAccountId.get()).setActive(false)); |
| assertThat(thrown).hasMessageThat().isEqualTo("account not active"); |
| assertThat(accountOperations.account(activatableAccountId).get().active()).isFalse(); |
| verifyNoInteractions(listener); |
| |
| // Activate account that can be activated |
| gApi.accounts().id(activatableAccountId.get()).setActive(true); |
| assertThat(accountOperations.account(activatableAccountId).get().active()).isTrue(); |
| verify(listener).onAccountActivated(activatableAccountId.get()); |
| verifyNoMoreInteractions(listener); |
| |
| // Activate account that is already active |
| gApi.accounts().id(activatableAccountId.get()).setActive(true); |
| assertThat(accountOperations.account(activatableAccountId).get().active()).isTrue(); |
| verifyNoMoreInteractions(listener); |
| |
| // Try deactivating account that cannot be deactivated |
| thrown = |
| assertThrows( |
| ResourceConflictException.class, |
| () -> gApi.accounts().id(activatableAccountId.get()).setActive(false)); |
| assertThat(thrown).hasMessageThat().isEqualTo("not allowed to deactive account"); |
| assertThat(accountOperations.account(activatableAccountId).get().active()).isTrue(); |
| verifyNoMoreInteractions(listener); |
| |
| /* Test account that can be deactivated, but not activated */ |
| // Activate account that is already inactive |
| gApi.accounts().id(deactivatableAccountId.get()).setActive(true); |
| assertThat(accountOperations.account(deactivatableAccountId).get().active()).isTrue(); |
| verifyNoMoreInteractions(listener); |
| |
| // Deactivate account that can be deactivated |
| gApi.accounts().id(deactivatableAccountId.get()).setActive(false); |
| assertThat(accountOperations.account(deactivatableAccountId).get().active()).isFalse(); |
| verify(listener).onAccountDeactivated(deactivatableAccountId.get()); |
| verifyNoMoreInteractions(listener); |
| |
| // Deactivate account that is already inactive |
| thrown = |
| assertThrows( |
| ResourceConflictException.class, |
| () -> gApi.accounts().id(deactivatableAccountId.get()).setActive(false)); |
| assertThat(thrown).hasMessageThat().isEqualTo("account not active"); |
| assertThat(accountOperations.account(deactivatableAccountId).get().active()).isFalse(); |
| verifyNoMoreInteractions(listener); |
| |
| // Try activating account that cannot be activated |
| thrown = |
| assertThrows( |
| ResourceConflictException.class, |
| () -> gApi.accounts().id(deactivatableAccountId.get()).setActive(true)); |
| assertThat(thrown).hasMessageThat().isEqualTo("not allowed to active account"); |
| assertThat(accountOperations.account(deactivatableAccountId).get().active()).isFalse(); |
| verifyNoMoreInteractions(listener); |
| } |
| } |
| |
| @Test |
| public void deactivateSelf() throws Exception { |
| ResourceConflictException thrown = |
| assertThrows( |
| ResourceConflictException.class, () -> gApi.accounts().self().setActive(false)); |
| assertThat(thrown).hasMessageThat().contains("cannot deactivate own account"); |
| } |
| |
| @Test |
| public void deactivateNotActive() throws Exception { |
| int id = gApi.accounts().id("user").get()._accountId; |
| assertThat(gApi.accounts().id("user").getActive()).isTrue(); |
| gApi.accounts().id("user").setActive(false); |
| assertThat(gApi.accounts().id(id).getActive()).isFalse(); |
| ResourceConflictException thrown = |
| assertThrows( |
| ResourceConflictException.class, () -> gApi.accounts().id(id).setActive(false)); |
| assertThat(thrown).hasMessageThat().isEqualTo("account not active"); |
| gApi.accounts().id(id).setActive(true); |
| } |
| |
| @Test |
| public void starUnstarChange() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| RefUpdateCounter refUpdateCounter = new RefUpdateCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter).add(refUpdateCounter)) { |
| PushOneCommit.Result r = createChange(); |
| String triplet = project.get() + "~master~" + r.getChangeId(); |
| refUpdateCounter.clear(); |
| |
| gApi.accounts().self().starChange(triplet); |
| ChangeInfo change = info(triplet); |
| assertThat(change.starred).isTrue(); |
| assertThat(change.stars).contains(DEFAULT_LABEL); |
| refUpdateCounter.assertRefUpdateFor( |
| RefUpdateCounter.projectRef( |
| allUsers, RefNames.refsStarredChanges(Change.id(change._number), admin.id()))); |
| |
| gApi.accounts().self().unstarChange(triplet); |
| change = info(triplet); |
| assertThat(change.starred).isNull(); |
| assertThat(change.stars).isNull(); |
| refUpdateCounter.assertRefUpdateFor( |
| RefUpdateCounter.projectRef( |
| allUsers, RefNames.refsStarredChanges(Change.id(change._number), admin.id()))); |
| |
| accountIndexedCounter.assertNoReindex(); |
| } |
| } |
| |
| @Test |
| public void addExistingReviewersUsingPostReview() throws Exception { |
| PushOneCommit.Result r = createChange(); |
| |
| // First reviewer added to the change |
| ReviewInput input = new ReviewInput(); |
| input.reviewers = new ArrayList<>(1); |
| ReviewerInput reviewerInput = new ReviewerInput(); |
| reviewerInput.reviewer = user.email(); |
| input.reviewers.add(reviewerInput); |
| gApi.changes().id(r.getChangeId()).current().review(input); |
| List<Message> messages = sender.getMessages(); |
| assertThat(messages).hasSize(1); |
| Message message = messages.get(0); |
| assertThat(message.rcpt()).containsExactly(user.getNameEmail()); |
| assertMailReplyTo(message, admin.email()); |
| |
| sender.clear(); |
| |
| // Second reviewer and existing reviewer added to the change |
| ReviewInput input2 = new ReviewInput(); |
| input2.reviewers = new ArrayList<>(2); |
| ReviewerInput reviewerInput2 = new ReviewerInput(); |
| reviewerInput2.reviewer = user.email(); |
| input2.reviewers.add(reviewerInput2); |
| ReviewerInput reviewerInput3 = new ReviewerInput(); |
| |
| TestAccount user2 = accountCreator.user2(); |
| reviewerInput3.reviewer = user2.email(); |
| input2.reviewers.add(reviewerInput3); |
| |
| gApi.changes().id(r.getChangeId()).current().review(input2); |
| List<Message> messages2 = sender.getMessages(); |
| assertThat(messages2).hasSize(1); |
| Message message2 = messages2.get(0); |
| assertThat(message2.rcpt()).containsExactly(user.getNameEmail(), user2.getNameEmail()); |
| assertMailReplyTo(message, admin.email()); |
| |
| sender.clear(); |
| |
| // Existing reviewers re-added to the change: no notifications |
| ReviewInput input3 = new ReviewInput(); |
| input3.reviewers = new ArrayList<>(2); |
| ReviewerInput reviewerInput4 = new ReviewerInput(); |
| reviewerInput4.reviewer = user.email(); |
| input3.reviewers.add(reviewerInput4); |
| ReviewerInput reviewerInput5 = new ReviewerInput(); |
| |
| reviewerInput5.reviewer = user2.email(); |
| input3.reviewers.add(reviewerInput5); |
| |
| gApi.changes().id(r.getChangeId()).current().review(input3); |
| List<Message> messages3 = sender.getMessages(); |
| assertThat(messages3).isEmpty(); |
| } |
| |
| @Test |
| public void addExistingReviewersUsingAddReviewer() throws Exception { |
| PushOneCommit.Result r = createChange(); |
| |
| // First reviewer added to the change |
| ReviewerInput reviewerInput = new ReviewerInput(); |
| reviewerInput.reviewer = user.email(); |
| gApi.changes().id(r.getChangeId()).addReviewer(reviewerInput); |
| List<Message> messages = sender.getMessages(); |
| assertThat(messages).hasSize(1); |
| Message message = messages.get(0); |
| assertThat(message.rcpt()).containsExactly(user.getNameEmail()); |
| assertMailReplyTo(message, admin.email()); |
| |
| sender.clear(); |
| |
| // Second reviewer added to the change |
| TestAccount user2 = accountCreator.user2(); |
| ReviewerInput reviewerInput2 = new ReviewerInput(); |
| reviewerInput2.reviewer = user2.email(); |
| gApi.changes().id(r.getChangeId()).addReviewer(reviewerInput2); |
| List<Message> messages2 = sender.getMessages(); |
| assertThat(messages2).hasSize(1); |
| Message message2 = messages2.get(0); |
| assertThat(message2.rcpt()).containsExactly(user.getNameEmail(), user2.getNameEmail()); |
| assertMailReplyTo(message2, admin.email()); |
| |
| sender.clear(); |
| |
| // Exiting reviewer re-added to the change: no notifications |
| ReviewerInput reviewerInput3 = new ReviewerInput(); |
| reviewerInput3.reviewer = user2.email(); |
| gApi.changes().id(r.getChangeId()).addReviewer(reviewerInput3); |
| List<Message> messages3 = sender.getMessages(); |
| assertThat(messages3).isEmpty(); |
| } |
| |
| @Test |
| public void suggestAccounts() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| String adminUsername = "admin"; |
| List<AccountInfo> result = gApi.accounts().suggestAccounts().withQuery(adminUsername).get(); |
| assertThat(result).hasSize(1); |
| assertThat(result.get(0).username).isEqualTo(adminUsername); |
| |
| List<AccountInfo> resultShortcutApi = gApi.accounts().suggestAccounts(adminUsername).get(); |
| assertThat(resultShortcutApi).hasSize(result.size()); |
| |
| List<AccountInfo> emptyResult = gApi.accounts().suggestAccounts("unknown").get(); |
| assertThat(emptyResult).isEmpty(); |
| accountIndexedCounter.assertNoReindex(); |
| } |
| } |
| |
| @Test |
| public void getOwnDetail() throws Exception { |
| String email = "preferred@example.com"; |
| String name = "Foo"; |
| String username = name("foo"); |
| TestAccount foo = accountCreator.create(username, email, name, null); |
| String secondaryEmail = "secondary@example.com"; |
| EmailInput input = newEmailInput(secondaryEmail); |
| gApi.accounts().id(foo.id().get()).addEmail(input); |
| |
| String status = "OOO"; |
| gApi.accounts().id(foo.id().get()).setStatus(status); |
| |
| requestScopeOperations.setApiUser(foo.id()); |
| AccountDetailInfo detail = gApi.accounts().id(foo.id().get()).detail(); |
| assertThat(detail._accountId).isEqualTo(foo.id().get()); |
| assertThat(detail.name).isEqualTo(name); |
| assertThat(detail.username).isEqualTo(username); |
| assertThat(detail.email).isEqualTo(email); |
| assertThat(detail.secondaryEmails).containsExactly(secondaryEmail); |
| assertThat(detail.status).isEqualTo(status); |
| assertThat(detail.registeredOn.getTime()) |
| .isEqualTo(getAccount(foo.id()).registeredOn().toEpochMilli()); |
| assertThat(detail.inactive).isNull(); |
| assertThat(detail._moreAccounts).isNull(); |
| } |
| |
| @Test |
| public void detailOfOtherAccountDoesntIncludeSecondaryEmailsWithoutModifyAccount() |
| throws Exception { |
| String email = "preferred@example.com"; |
| TestAccount foo = accountCreator.create(name("foo"), email, "Foo", null); |
| String secondaryEmail = "secondary@example.com"; |
| EmailInput input = newEmailInput(secondaryEmail); |
| gApi.accounts().id(foo.id().get()).addEmail(input); |
| |
| requestScopeOperations.setApiUser(user.id()); |
| AccountDetailInfo detail = gApi.accounts().id(foo.id().get()).detail(); |
| assertThat(detail.secondaryEmails).isNull(); |
| } |
| |
| @Test |
| public void detailOfOtherAccountIncludeSecondaryEmailsWithModifyAccount() throws Exception { |
| String email = "preferred@example.com"; |
| TestAccount foo = accountCreator.create(name("foo"), email, "Foo", null); |
| String secondaryEmail = "secondary@example.com"; |
| EmailInput input = newEmailInput(secondaryEmail); |
| gApi.accounts().id(foo.id().get()).addEmail(input); |
| |
| AccountDetailInfo detail = gApi.accounts().id(foo.id().get()).detail(); |
| assertThat(detail.secondaryEmails).containsExactly(secondaryEmail); |
| } |
| |
| @Test |
| public void getOwnEmails() throws Exception { |
| String email = "preferred@example.com"; |
| TestAccount foo = accountCreator.create(name("foo"), email, "Foo", null); |
| |
| requestScopeOperations.setApiUser(foo.id()); |
| assertThat(getEmails()).containsExactly(email); |
| |
| requestScopeOperations.setApiUser(admin.id()); |
| String secondaryEmail = "secondary@example.com"; |
| EmailInput input = newEmailInput(secondaryEmail); |
| gApi.accounts().id(foo.id().get()).addEmail(input); |
| |
| requestScopeOperations.setApiUser(foo.id()); |
| assertThat(getEmails()).containsExactly(email, secondaryEmail); |
| } |
| |
| @Test |
| public void cannotGetEmailsOfOtherAccountWithoutViewSecondaryEmailsAndWithoutModifyAccount() |
| throws Exception { |
| String email = "preferred2@example.com"; |
| TestAccount foo = accountCreator.create(name("foo"), email, "Foo", null); |
| |
| requestScopeOperations.setApiUser(user.id()); |
| AuthException thrown = |
| assertThrows(AuthException.class, () -> gApi.accounts().id(foo.id().get()).getEmails()); |
| assertThat(thrown).hasMessageThat().contains("view secondary emails not permitted"); |
| } |
| |
| @Test |
| public void getEmailsOfOtherAccount() throws Exception { |
| String email = "preferred3@example.com"; |
| String secondaryEmail = "secondary3@example.com"; |
| TestAccount foo = accountCreator.create(name("foo"), email, "Foo", null); |
| EmailInput input = newEmailInput(secondaryEmail); |
| gApi.accounts().id(foo.id().get()).addEmail(input); |
| |
| assertThat( |
| gApi.accounts().id(foo.id().get()).getEmails().stream() |
| .map(e -> e.email) |
| .collect(toSet())) |
| .containsExactly(email, secondaryEmail); |
| } |
| |
| @Test |
| public void addEmail() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| List<String> emails = ImmutableList.of("new.email@example.com", "new.email@example.systems"); |
| Set<String> currentEmails = getEmails(); |
| for (String email : emails) { |
| assertThat(currentEmails).doesNotContain(email); |
| EmailInput input = newEmailInput(email); |
| gApi.accounts().self().addEmail(input); |
| accountIndexedCounter.assertReindexOf(admin); |
| } |
| |
| requestScopeOperations.resetCurrentApiUser(); |
| assertThat(getEmails()).containsAtLeastElementsIn(emails); |
| } |
| } |
| |
| @Test |
| public void addInvalidEmail() throws Exception { |
| List<String> emails = |
| ImmutableList.of( |
| // Missing domain part |
| "new.email", |
| |
| // Missing domain part |
| "new.email@", |
| |
| // Missing user part |
| "@example.com", |
| |
| // Non-supported TLD (see tlds-alpha-by-domain.txt) |
| "new.email@example.africa"); |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| for (String email : emails) { |
| EmailInput input = newEmailInput(email); |
| BadRequestException thrown = |
| assertThrows(BadRequestException.class, () -> gApi.accounts().self().addEmail(input)); |
| assertWithMessage(email).that(thrown).hasMessageThat().isEqualTo("invalid email address"); |
| } |
| accountIndexedCounter.assertNoReindex(); |
| } |
| } |
| |
| @Test |
| public void cannotAddNonConfirmedEmailWithoutModifyAccountPermission() throws Exception { |
| TestAccount account = accountCreator.create(name("user")); |
| EmailInput input = newEmailInput("test@example.com"); |
| requestScopeOperations.setApiUser(user.id()); |
| assertThrows(AuthException.class, () -> gApi.accounts().id(account.username()).addEmail(input)); |
| } |
| |
| @Test |
| public void cannotAddEmailAddressUsedByAnotherAccount() throws Exception { |
| String email = "new.email@example.com"; |
| EmailInput input = newEmailInput(email); |
| gApi.accounts().self().addEmail(input); |
| ResourceConflictException thrown = |
| assertThrows( |
| ResourceConflictException.class, |
| () -> gApi.accounts().id(user.username()).addEmail(input)); |
| assertThat(thrown) |
| .hasMessageThat() |
| .contains("Identity 'mailto:" + email + "' in use by another account"); |
| } |
| |
| @Test |
| @GerritConfig( |
| name = "auth.registerEmailPrivateKey", |
| value = "HsOc6l_2lhS9G7sE_RsnS7Z6GJjdRDX14co=") |
| public void addEmailSendsConfirmationEmail() throws Exception { |
| String email = "new.email@example.com"; |
| EmailInput input = newEmailInput(email, false); |
| gApi.accounts().self().addEmail(input); |
| |
| assertThat(sender.getMessages()).hasSize(1); |
| Message m = sender.getMessages().get(0); |
| assertThat(m.rcpt()).containsExactly(Address.create(email)); |
| } |
| |
| @Test |
| @GerritConfig( |
| name = "auth.registerEmailPrivateKey", |
| value = "HsOc6l_2lhS9G7sE-RsnS7Z6GJjdRDX14co=") |
| public void addEmailToBeConfirmedToOwnAccount() throws Exception { |
| TestAccount user = accountCreator.create(); |
| requestScopeOperations.setApiUser(user.id()); |
| |
| String email = "self@example.com"; |
| EmailInput input = newEmailInput(email, false); |
| gApi.accounts().self().addEmail(input); |
| } |
| |
| @Test |
| public void cannotAddEmailToBeConfirmedToOtherAccountWithoutModifyAccountPermission() |
| throws Exception { |
| TestAccount user = accountCreator.create(); |
| requestScopeOperations.setApiUser(user.id()); |
| |
| AuthException thrown = |
| assertThrows( |
| AuthException.class, |
| () -> |
| gApi.accounts() |
| .id(admin.id().get()) |
| .addEmail(newEmailInput("foo@example.com", false))); |
| assertThat(thrown).hasMessageThat().contains("modify account not permitted"); |
| } |
| |
| @Test |
| @GerritConfig( |
| name = "auth.registerEmailPrivateKey", |
| value = "HsOc6l_2lhS9G7sE-RsnS7Z6GJjdRDX14co=") |
| public void addEmailToBeConfirmedToOtherAccount() throws Exception { |
| TestAccount user = accountCreator.create(); |
| String email = "me@example.com"; |
| gApi.accounts().id(user.id().get()).addEmail(newEmailInput(email, false)); |
| } |
| |
| @Test |
| public void addEmailAndSetPreferred() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| String email = "foo.bar@example.com"; |
| EmailInput input = new EmailInput(); |
| input.email = email; |
| input.noConfirmation = true; |
| input.preferred = true; |
| gApi.accounts().self().addEmail(input); |
| |
| // Account is reindexed twice; once on adding the new email, |
| // and then again on setting the email preferred. |
| accountIndexedCounter.assertReindexOf(admin, 2); |
| |
| String preferred = gApi.accounts().self().get().email; |
| assertThat(preferred).isEqualTo(email); |
| } |
| } |
| |
| @Test |
| public void deleteEmail() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| String email = "foo.bar@example.com"; |
| EmailInput input = newEmailInput(email); |
| gApi.accounts().self().addEmail(input); |
| |
| requestScopeOperations.resetCurrentApiUser(); |
| assertThat(getEmails()).contains(email); |
| |
| accountIndexedCounter.clear(); |
| gApi.accounts().self().deleteEmail(input.email); |
| accountIndexedCounter.assertReindexOf(admin); |
| |
| requestScopeOperations.resetCurrentApiUser(); |
| assertThat(getEmails()).doesNotContain(email); |
| } |
| } |
| |
| @Test |
| public void deletePreferredEmail() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| String previous = gApi.accounts().self().get().email; |
| String email = "foo.bar.baz@example.com"; |
| EmailInput input = new EmailInput(); |
| input.email = email; |
| input.noConfirmation = true; |
| input.preferred = true; |
| gApi.accounts().self().addEmail(input); |
| |
| // Account is reindexed twice; once on adding the new email, |
| // and then again on setting the email preferred. |
| accountIndexedCounter.assertReindexOf(admin, 2); |
| |
| // The new preferred email is set |
| assertThat(gApi.accounts().self().get().email).isEqualTo(email); |
| |
| accountIndexedCounter.clear(); |
| gApi.accounts().self().deleteEmail(input.email); |
| accountIndexedCounter.assertReindexOf(admin); |
| |
| requestScopeOperations.resetCurrentApiUser(); |
| assertThat(getEmails()).containsExactly(previous); |
| assertThat(gApi.accounts().self().get().email).isNull(); |
| } |
| } |
| |
| @Test |
| @Sandboxed |
| public void deleteAllEmails() throws Exception { |
| EmailInput input = new EmailInput(); |
| input.email = "foo.bar@example.com"; |
| input.noConfirmation = true; |
| gApi.accounts().self().addEmail(input); |
| |
| requestScopeOperations.resetCurrentApiUser(); |
| Set<String> allEmails = getEmails(); |
| assertThat(allEmails).hasSize(2); |
| |
| for (String email : allEmails) { |
| gApi.accounts().self().deleteEmail(email); |
| } |
| |
| requestScopeOperations.resetCurrentApiUser(); |
| assertThat(getEmails()).isEmpty(); |
| assertThat(gApi.accounts().self().get().email).isNull(); |
| } |
| |
| @Test |
| public void deleteEmailFromCustomExternalIdSchemes() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| String email = "foo.bar@example.com"; |
| String extId1 = "foo:bar"; |
| String extId2 = "foo:baz"; |
| accountsUpdateProvider |
| .get() |
| .update( |
| "Add External IDs", |
| admin.id(), |
| u -> |
| u.addExternalId( |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse(extId1), admin.id(), email)) |
| .addExternalId( |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse(extId2), admin.id(), email))); |
| accountIndexedCounter.assertReindexOf(admin); |
| assertThat( |
| gApi.accounts().self().getExternalIds().stream() |
| .map(e -> e.identity) |
| .collect(toSet())) |
| .containsAtLeast(extId1, extId2); |
| |
| requestScopeOperations.resetCurrentApiUser(); |
| assertThat(getEmails()).contains(email); |
| |
| gApi.accounts().self().deleteEmail(email); |
| accountIndexedCounter.assertReindexOf(admin); |
| |
| requestScopeOperations.resetCurrentApiUser(); |
| assertThat(getEmails()).doesNotContain(email); |
| assertThat( |
| gApi.accounts().self().getExternalIds().stream() |
| .map(e -> e.identity) |
| .collect(toSet())) |
| .containsNoneOf(extId1, extId2); |
| } |
| } |
| |
| @Test |
| @GerritConfig(name = "auth.type", value = "LDAP") |
| public void deleteEmailShouldNotRemoveLdapExternalIdScheme() throws Exception { |
| String ldapEmail = "foo@company.com"; |
| String ldapExternalId = ExternalId.SCHEME_GERRIT + ":foo"; |
| accountsUpdateProvider |
| .get() |
| .update( |
| "Add External IDs", |
| admin.id(), |
| u -> |
| u.addExternalId( |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse(ldapExternalId), admin.id(), ldapEmail))); |
| assertThat( |
| gApi.accounts().self().getExternalIds().stream().map(e -> e.identity).collect(toSet())) |
| .contains(ldapExternalId); |
| |
| requestScopeOperations.resetCurrentApiUser(); |
| assertThat(getEmails()).contains(ldapEmail); |
| |
| ResourceConflictException exception = |
| assertThrows( |
| ResourceConflictException.class, () -> gApi.accounts().self().deleteEmail(ldapEmail)); |
| assertThat(exception).hasMessageThat().contains(ldapEmail); |
| |
| requestScopeOperations.resetCurrentApiUser(); |
| assertThat(getEmails()).contains(ldapEmail); |
| assertThat( |
| gApi.accounts().self().getExternalIds().stream().map(e -> e.identity).collect(toSet())) |
| .contains(ldapExternalId); |
| } |
| |
| @Test |
| @GerritConfig(name = "auth.type", value = "LDAP") |
| public void deleteEmailShouldRemoveNonLdapExternalIdScheme() throws Exception { |
| String ldapEmail = "foo@company.com"; |
| String ldapExternalId = ExternalId.SCHEME_GERRIT + ":foo"; |
| String nonLdapEMail = "foo@example.com"; |
| String nonLdapExternalId = ExternalId.SCHEME_MAILTO + ":foo@example.com"; |
| accountsUpdateProvider |
| .get() |
| .update( |
| "Add External IDs", |
| admin.id(), |
| u -> |
| u.addExternalId( |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse(nonLdapExternalId), |
| admin.id(), |
| nonLdapEMail)) |
| .addExternalId( |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse(ldapExternalId), admin.id(), ldapEmail))); |
| assertThat( |
| gApi.accounts().self().getExternalIds().stream().map(e -> e.identity).collect(toSet())) |
| .containsAtLeast(ldapExternalId, nonLdapExternalId); |
| |
| requestScopeOperations.resetCurrentApiUser(); |
| assertThat(getEmails()).containsAtLeast(ldapEmail, nonLdapEMail); |
| |
| gApi.accounts().self().deleteEmail(nonLdapEMail); |
| |
| requestScopeOperations.resetCurrentApiUser(); |
| assertThat(getEmails()).doesNotContain(nonLdapEMail); |
| assertThat( |
| gApi.accounts().self().getExternalIds().stream().map(e -> e.identity).collect(toSet())) |
| .contains(ldapExternalId); |
| } |
| |
| @Test |
| public void deleteEmailOfOtherUser() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| String email = "foo.bar@example.com"; |
| EmailInput input = new EmailInput(); |
| input.email = email; |
| input.noConfirmation = true; |
| gApi.accounts().id(user.id().get()).addEmail(input); |
| accountIndexedCounter.assertReindexOf(user); |
| |
| requestScopeOperations.setApiUser(user.id()); |
| assertThat(getEmails()).contains(email); |
| |
| // admin can delete email of user |
| requestScopeOperations.setApiUser(admin.id()); |
| gApi.accounts().id(user.id().get()).deleteEmail(email); |
| accountIndexedCounter.assertReindexOf(user); |
| |
| requestScopeOperations.setApiUser(user.id()); |
| assertThat(getEmails()).doesNotContain(email); |
| |
| // user cannot delete email of admin |
| AuthException thrown = |
| assertThrows( |
| AuthException.class, |
| () -> gApi.accounts().id(admin.id().get()).deleteEmail(admin.email())); |
| assertThat(thrown).hasMessageThat().contains("modify account not permitted"); |
| } |
| } |
| |
| @Test |
| public void lookUpByEmail() throws Exception { |
| // exact match with scheme "mailto:" |
| assertEmail(emails.getAccountFor(admin.email()), admin); |
| |
| // exact match with other scheme |
| String email = "foo.bar@example.com"; |
| accountsUpdateProvider |
| .get() |
| .update( |
| "Add Email", |
| admin.id(), |
| u -> |
| u.addExternalId( |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse("foo:bar"), admin.id(), email))); |
| assertEmail(emails.getAccountFor(email), admin); |
| |
| // wrong case doesn't match |
| assertThat(emails.getAccountFor(admin.email().toUpperCase(Locale.US))).isEmpty(); |
| |
| // prefix doesn't match |
| assertThat(emails.getAccountFor(admin.email().substring(0, admin.email().indexOf('@')))) |
| .isEmpty(); |
| |
| // non-existing doesn't match |
| assertThat(emails.getAccountFor("non-existing@example.com")).isEmpty(); |
| |
| // lookup several accounts by email at once |
| ImmutableSetMultimap<String, Account.Id> byEmails = |
| emails.getAccountsFor(admin.email(), user.email()); |
| assertEmail(byEmails.get(admin.email()), admin); |
| assertEmail(byEmails.get(user.email()), user); |
| } |
| |
| @Test |
| public void lookUpByPreferredEmail() throws Exception { |
| // create an inconsistent account that has a preferred email without external ID |
| String prefix = "foo.preferred"; |
| String prefEmail = prefix + "@example.com"; |
| TestAccount foo = accountCreator.create(name("foo")); |
| accountsUpdateProvider |
| .get() |
| .update("Set Preferred Email", foo.id(), u -> u.setPreferredEmail(prefEmail)); |
| |
| // verify that the account is still found when using the preferred email to lookup the account |
| ImmutableSet<Account.Id> accountsByPrefEmail = emails.getAccountFor(prefEmail); |
| assertThat(accountsByPrefEmail).hasSize(1); |
| assertThat(Iterables.getOnlyElement(accountsByPrefEmail)).isEqualTo(foo.id()); |
| |
| // look up by email prefix doesn't find the account |
| accountsByPrefEmail = emails.getAccountFor(prefix); |
| assertThat(accountsByPrefEmail).isEmpty(); |
| |
| // look up by other case doesn't find the account |
| accountsByPrefEmail = emails.getAccountFor(prefEmail.toUpperCase(Locale.US)); |
| assertThat(accountsByPrefEmail).isEmpty(); |
| } |
| |
| @Test |
| public void putStatus() throws Exception { |
| List<String> statuses = ImmutableList.of("OOO", "Busy"); |
| AccountInfo info; |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| for (String status : statuses) { |
| gApi.accounts().self().setStatus(status); |
| info = gApi.accounts().self().get(); |
| assertUser(info, admin, status); |
| accountIndexedCounter.assertReindexOf(admin); |
| } |
| |
| gApi.accounts().self().setStatus(null); |
| info = gApi.accounts().self().get(); |
| assertUser(info, admin); |
| accountIndexedCounter.assertReindexOf(admin); |
| } |
| } |
| |
| @Test |
| public void setName() throws Exception { |
| gApi.accounts().self().setName("Admin McAdminface"); |
| assertThat(gApi.accounts().self().get().name).isEqualTo("Admin McAdminface"); |
| } |
| |
| @Test |
| public void adminCanSetNameOfOtherUser() throws Exception { |
| gApi.accounts().id(user.username()).setName("User McUserface"); |
| assertThat(gApi.accounts().id(user.username()).get().name).isEqualTo("User McUserface"); |
| } |
| |
| @Test |
| public void userCannotSetNameOfOtherUser() throws Exception { |
| requestScopeOperations.setApiUser(user.id()); |
| assertThrows( |
| AuthException.class, |
| () -> gApi.accounts().id(admin.username()).setName("Admin McAdminface")); |
| } |
| |
| @Test |
| @Sandboxed |
| public void userCanSetNameOfOtherUserWithModifyAccountPermission() throws Exception { |
| projectOperations |
| .allProjectsForUpdate() |
| .add(allowCapability(GlobalCapability.MODIFY_ACCOUNT).group(REGISTERED_USERS)) |
| .update(); |
| gApi.accounts().id(admin.username()).setName("Admin McAdminface"); |
| assertThat(gApi.accounts().id(admin.username()).get().name).isEqualTo("Admin McAdminface"); |
| } |
| |
| @Test |
| public void fetchUserBranch() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| requestScopeOperations.setApiUser(user.id()); |
| |
| TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers, user); |
| String userRefName = RefNames.refsUsers(user.id()); |
| |
| // remove default READ permissions |
| try (ProjectConfigUpdate u = updateProject(allUsers)) { |
| u.getConfig() |
| .upsertAccessSection( |
| RefNames.REFS_USERS + "${" + RefPattern.USERID_SHARDED + "}", |
| as -> { |
| as.remove(Permission.builder(Permission.READ)); |
| }); |
| u.save(); |
| } |
| |
| // deny READ permission that is inherited from All-Projects |
| projectOperations |
| .project(allUsers) |
| .forUpdate() |
| .add(deny(Permission.READ).ref(RefNames.REFS + "*").group(ANONYMOUS_USERS)) |
| .update(); |
| |
| // fetching user branch without READ permission fails |
| assertThrows(TransportException.class, () -> fetch(allUsersRepo, userRefName + ":userRef")); |
| |
| // allow each user to read its own user branch |
| projectOperations |
| .project(allUsers) |
| .forUpdate() |
| .add( |
| allow(Permission.READ) |
| .ref(RefNames.REFS_USERS + "${" + RefPattern.USERID_SHARDED + "}") |
| .group(REGISTERED_USERS)) |
| .update(); |
| |
| // fetch user branch using refs/users/YY/XXXXXXX |
| fetch(allUsersRepo, userRefName + ":userRef"); |
| Ref userRef = allUsersRepo.getRepository().exactRef("userRef"); |
| assertThat(userRef).isNotNull(); |
| |
| // fetch user branch using refs/users/self |
| fetch(allUsersRepo, RefNames.REFS_USERS_SELF + ":userSelfRef"); |
| Ref userSelfRef = allUsersRepo.getRepository().getRefDatabase().exactRef("userSelfRef"); |
| assertThat(userSelfRef).isNotNull(); |
| assertThat(userSelfRef.getObjectId()).isEqualTo(userRef.getObjectId()); |
| |
| accountIndexedCounter.assertNoReindex(); |
| |
| // fetching user branch of another user fails |
| String otherUserRefName = RefNames.refsUsers(admin.id()); |
| TransportException thrown = |
| assertThrows( |
| TransportException.class, |
| () -> fetch(allUsersRepo, otherUserRefName + ":otherUserRef")); |
| assertThat(thrown) |
| .hasMessageThat() |
| .contains("Remote does not have " + otherUserRefName + " available for fetch."); |
| } |
| } |
| |
| @Test |
| public void refsUsersSelfIsAdvertised() throws Exception { |
| TestRepository<?> testRepository = cloneProject(allUsers, user); |
| try (Git git = testRepository.git()) { |
| List<String> advertisedRefs = |
| git.lsRemote().call().stream().map(Ref::getName).collect(toList()); |
| assertThat(advertisedRefs).contains(RefNames.REFS_USERS_SELF); |
| } |
| } |
| |
| @Test |
| public void createDefaultUserBranch() throws Exception { |
| try (Repository repo = repoManager.openRepository(allUsers)) { |
| assertThat(repo.exactRef(RefNames.REFS_USERS_DEFAULT)).isNull(); |
| } |
| |
| projectOperations |
| .project(allUsers) |
| .forUpdate() |
| .add(allow(Permission.CREATE).ref(RefNames.REFS_USERS_DEFAULT).group(adminGroupUuid())) |
| .add(allow(Permission.PUSH).ref(RefNames.REFS_USERS_DEFAULT).group(adminGroupUuid())) |
| .update(); |
| |
| TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers); |
| pushFactory |
| .create(admin.newIdent(), allUsersRepo) |
| .to(RefNames.REFS_USERS_DEFAULT) |
| .assertOkStatus(); |
| |
| try (Repository repo = repoManager.openRepository(allUsers)) { |
| assertThat(repo.exactRef(RefNames.REFS_USERS_DEFAULT)).isNotNull(); |
| } |
| } |
| |
| @Test |
| public void cannotDeleteUserBranch() throws Exception { |
| projectOperations |
| .project(allUsers) |
| .forUpdate() |
| .add( |
| allow(Permission.DELETE) |
| .ref(RefNames.REFS_USERS + "${" + RefPattern.USERID_SHARDED + "}") |
| .group(REGISTERED_USERS) |
| .force(true)) |
| .update(); |
| |
| TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers); |
| String userRef = RefNames.refsUsers(admin.id()); |
| PushResult r = deleteRef(allUsersRepo, userRef); |
| RemoteRefUpdate refUpdate = r.getRemoteUpdate(userRef); |
| assertThat(refUpdate.getStatus()).isEqualTo(RemoteRefUpdate.Status.REJECTED_OTHER_REASON); |
| assertThat(refUpdate.getMessage()).contains("Not allowed to delete user branch."); |
| |
| try (Repository repo = repoManager.openRepository(allUsers)) { |
| assertThat(repo.exactRef(userRef)).isNotNull(); |
| } |
| } |
| |
| @Test |
| public void deleteUserBranchWithAccessDatabaseCapability() throws Exception { |
| projectOperations |
| .allProjectsForUpdate() |
| .add(allowCapability(GlobalCapability.ACCESS_DATABASE).group(REGISTERED_USERS)) |
| .update(); |
| projectOperations |
| .project(allUsers) |
| .forUpdate() |
| .add( |
| allow(Permission.DELETE) |
| .ref(RefNames.REFS_USERS + "${" + RefPattern.USERID_SHARDED + "}") |
| .group(REGISTERED_USERS) |
| .force(true)) |
| .update(); |
| |
| TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers); |
| String userRef = RefNames.refsUsers(admin.id()); |
| PushResult r = deleteRef(allUsersRepo, userRef); |
| RemoteRefUpdate refUpdate = r.getRemoteUpdate(userRef); |
| assertThat(refUpdate.getStatus()).isEqualTo(RemoteRefUpdate.Status.OK); |
| |
| try (Repository repo = repoManager.openRepository(allUsers)) { |
| assertThat(repo.exactRef(userRef)).isNull(); |
| } |
| |
| assertThat(accountCache.get(admin.id())).isEmpty(); |
| assertThat(accountQueryProvider.get().byDefault(admin.id().toString(), true)).isEmpty(); |
| } |
| |
| @Test |
| public void addGpgKey() throws Exception { |
| TestKey key = validKeyWithoutExpiration(); |
| String id = key.getKeyIdString(); |
| addExternalIdEmail(admin, "test1@example.com"); |
| |
| sender.clear(); |
| assertKeyMapContains(key, addGpgKey(key.getPublicKeyArmored())); |
| assertKeys(key); |
| assertThat(sender.getMessages()).hasSize(1); |
| assertThat(sender.getMessages().get(0).body()).contains("new GPG keys have been added"); |
| |
| requestScopeOperations.setApiUser(user.id()); |
| ResourceNotFoundException thrown = |
| assertThrows( |
| ResourceNotFoundException.class, () -> gApi.accounts().self().gpgKey(id).get()); |
| assertThat(thrown).hasMessageThat().contains(id); |
| } |
| |
| @Test |
| public void adminCannotAddGpgKeyToOtherAccount() throws Exception { |
| TestKey key = validKeyWithoutExpiration(); |
| addExternalIdEmail(user, "test1@example.com"); |
| |
| sender.clear(); |
| requestScopeOperations.setApiUser(admin.id()); |
| assertThrows(ResourceNotFoundException.class, () -> addGpgKey(user, key.getPublicKeyArmored())); |
| } |
| |
| @Test |
| public void reAddExistingGpgKey() throws Exception { |
| addExternalIdEmail(admin, "test5@example.com"); |
| TestKey key = validKeyWithSecondUserId(); |
| String id = key.getKeyIdString(); |
| PGPPublicKey pk = key.getPublicKey(); |
| |
| sender.clear(); |
| GpgKeyInfo info = addGpgKey(armor(pk)).get(id); |
| assertThat(info.userIds).hasSize(2); |
| assertIteratorSize(2, getOnlyKeyFromStore(key).getUserIDs()); |
| assertThat(sender.getMessages()).hasSize(1); |
| assertThat(sender.getMessages().get(0).body()).contains("new GPG keys have been added"); |
| |
| pk = PGPPublicKey.removeCertification(pk, "foo:myId"); |
| sender.clear(); |
| info = addGpgKeyNoReindex(armor(pk)).get(id); |
| assertThat(info.userIds).hasSize(1); |
| assertIteratorSize(1, getOnlyKeyFromStore(key).getUserIDs()); |
| // TODO: Issue 10769: Adding an already existing key should not result in a notification email |
| assertThat(sender.getMessages()).hasSize(1); |
| assertThat(sender.getMessages().get(0).body()).contains("new GPG keys have been added"); |
| } |
| |
| @Test |
| public void addOtherUsersGpgKey_Conflict() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| // Both users have a matching external ID for this key. |
| addExternalIdEmail(admin, "test5@example.com"); |
| accountIndexedCounter.clear(); |
| accountsUpdateProvider |
| .get() |
| .update( |
| "Add External ID", |
| user.id(), |
| u -> u.addExternalId(externalIdFactory.create("foo", "myId", user.id()))); |
| accountIndexedCounter.assertReindexOf(user); |
| |
| TestKey key = validKeyWithSecondUserId(); |
| addGpgKey(key.getPublicKeyArmored()); |
| requestScopeOperations.setApiUser(user.id()); |
| |
| ResourceConflictException thrown = |
| assertThrows( |
| ResourceConflictException.class, () -> addGpgKey(user, key.getPublicKeyArmored())); |
| assertThat(thrown) |
| .hasMessageThat() |
| .contains("GPG key already associated with another account"); |
| } |
| } |
| |
| @Test |
| public void listGpgKeys() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| List<TestKey> keys = allValidKeys(); |
| List<String> toAdd = new ArrayList<>(keys.size()); |
| for (TestKey key : keys) { |
| addExternalIdEmail( |
| admin, PushCertificateIdent.parse(key.getFirstUserId()).getEmailAddress()); |
| toAdd.add(key.getPublicKeyArmored()); |
| } |
| accountIndexedCounter.clear(); |
| gApi.accounts().self().putGpgKeys(toAdd, ImmutableList.of()); |
| assertKeys(keys); |
| accountIndexedCounter.assertReindexOf(admin); |
| } |
| } |
| |
| @Test |
| public void deleteGpgKey() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| TestKey key = validKeyWithoutExpiration(); |
| String id = key.getKeyIdString(); |
| addExternalIdEmail(admin, "test1@example.com"); |
| addGpgKey(key.getPublicKeyArmored()); |
| assertKeys(key); |
| accountIndexedCounter.clear(); |
| |
| sender.clear(); |
| gApi.accounts().self().gpgKey(id).delete(); |
| accountIndexedCounter.assertReindexOf(admin); |
| assertKeys(); |
| assertThat(sender.getMessages()).hasSize(1); |
| assertThat(sender.getMessages().get(0).body()).contains("GPG keys have been deleted"); |
| |
| ResourceNotFoundException thrown = |
| assertThrows( |
| ResourceNotFoundException.class, () -> gApi.accounts().self().gpgKey(id).get()); |
| assertThat(thrown).hasMessageThat().contains(id); |
| } |
| } |
| |
| @Test |
| public void addAndRemoveGpgKeys() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| for (TestKey key : allValidKeys()) { |
| addExternalIdEmail( |
| admin, PushCertificateIdent.parse(key.getFirstUserId()).getEmailAddress()); |
| } |
| accountIndexedCounter.clear(); |
| TestKey key1 = validKeyWithoutExpiration(); |
| TestKey key2 = validKeyWithExpiration(); |
| TestKey key5 = validKeyWithSecondUserId(); |
| |
| Map<String, GpgKeyInfo> infos = |
| gApi.accounts() |
| .self() |
| .putGpgKeys( |
| ImmutableList.of(key1.getPublicKeyArmored(), key2.getPublicKeyArmored()), |
| ImmutableList.of(key5.getKeyIdString())); |
| assertThat(infos.keySet()).containsExactly(key1.getKeyIdString(), key2.getKeyIdString()); |
| assertKeys(key1, key2); |
| accountIndexedCounter.assertReindexOf(admin); |
| |
| infos = |
| gApi.accounts() |
| .self() |
| .putGpgKeys( |
| ImmutableList.of(key5.getPublicKeyArmored()), |
| ImmutableList.of(key1.getKeyIdString())); |
| assertThat(infos.keySet()).containsExactly(key1.getKeyIdString(), key5.getKeyIdString()); |
| assertKeyMapContains(key5, infos); |
| assertThat(infos.get(key1.getKeyIdString()).key).isNull(); |
| assertKeys(key2, key5); |
| accountIndexedCounter.assertReindexOf(admin); |
| |
| BadRequestException thrown = |
| assertThrows( |
| BadRequestException.class, |
| () -> |
| gApi.accounts() |
| .self() |
| .putGpgKeys( |
| ImmutableList.of(key2.getPublicKeyArmored()), |
| ImmutableList.of(key2.getKeyIdString()))); |
| assertThat(thrown) |
| .hasMessageThat() |
| .contains("Cannot both add and delete key: " + keyToString(key2.getPublicKey())); |
| } |
| } |
| |
| @Test |
| public void addMalformedGpgKey() throws Exception { |
| String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\ntest\n-----END PGP PUBLIC KEY BLOCK-----"; |
| BadRequestException thrown = assertThrows(BadRequestException.class, () -> addGpgKey(key)); |
| assertThat(thrown).hasMessageThat().contains("Failed to parse GPG keys"); |
| } |
| |
| @Test |
| @UseSsh |
| public void sshKeys() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| // The test account should initially have exactly one ssh key |
| List<SshKeyInfo> info = gApi.accounts().self().listSshKeys(); |
| assertThat(info).hasSize(1); |
| assertSequenceNumbers(info); |
| SshKeyInfo key = info.get(0); |
| KeyPair keyPair = sshKeys.getKeyPair(admin); |
| String initial = TestSshKeys.publicKey(keyPair, admin.email()); |
| assertThat(key.sshPublicKey).isEqualTo(initial); |
| accountIndexedCounter.assertNoReindex(); |
| |
| // Add a new key |
| sender.clear(); |
| String newKey = TestSshKeys.publicKey(SshSessionFactory.genSshKey(), admin.email()); |
| gApi.accounts().self().addSshKey(newKey); |
| info = gApi.accounts().self().listSshKeys(); |
| assertThat(info).hasSize(2); |
| assertSequenceNumbers(info); |
| accountIndexedCounter.assertReindexOf(admin); |
| assertThat(sender.getMessages()).hasSize(1); |
| assertThat(sender.getMessages().get(0).body()).contains("new SSH keys have been added"); |
| |
| // Add an existing key (the request succeeds, but the key isn't added again) |
| sender.clear(); |
| gApi.accounts().self().addSshKey(initial); |
| info = gApi.accounts().self().listSshKeys(); |
| assertThat(info).hasSize(2); |
| assertSequenceNumbers(info); |
| accountIndexedCounter.assertNoReindex(); |
| // TODO: Issue 10769: Adding an already existing key should not result in a notification email |
| assertThat(sender.getMessages()).hasSize(1); |
| assertThat(sender.getMessages().get(0).body()).contains("new SSH keys have been added"); |
| |
| // Add another new key |
| sender.clear(); |
| String newKey2 = TestSshKeys.publicKey(SshSessionFactory.genSshKey(), admin.email()); |
| gApi.accounts().self().addSshKey(newKey2); |
| info = gApi.accounts().self().listSshKeys(); |
| assertThat(info).hasSize(3); |
| assertSequenceNumbers(info); |
| accountIndexedCounter.assertReindexOf(admin); |
| assertThat(sender.getMessages()).hasSize(1); |
| assertThat(sender.getMessages().get(0).body()).contains("new SSH keys have been added"); |
| |
| // Delete second key |
| sender.clear(); |
| gApi.accounts().self().deleteSshKey(2); |
| info = gApi.accounts().self().listSshKeys(); |
| assertThat(info).hasSize(2); |
| assertThat(info.get(0).seq).isEqualTo(1); |
| assertThat(info.get(1).seq).isEqualTo(3); |
| accountIndexedCounter.assertReindexOf(admin); |
| |
| assertThat(sender.getMessages()).hasSize(1); |
| assertThat(sender.getMessages().get(0).body()).contains("SSH keys have been deleted"); |
| |
| // Mark first key as invalid |
| assertThat(info.get(0).valid).isTrue(); |
| testRefAction(() -> authorizedKeys.markKeyInvalid(admin.id(), 1)); |
| info = gApi.accounts().self().listSshKeys(); |
| assertThat(info).hasSize(2); |
| assertThat(info.get(0).seq).isEqualTo(1); |
| assertThat(info.get(0).valid).isFalse(); |
| assertThat(info.get(1).seq).isEqualTo(3); |
| accountIndexedCounter.assertReindexOf(admin); |
| } |
| } |
| |
| @Test |
| @UseSsh |
| public void adminCanAddOrRemoveSshKeyOnOtherAccount() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| // The test account should initially have exactly one ssh key |
| List<SshKeyInfo> info = gApi.accounts().self().listSshKeys(); |
| assertThat(info).hasSize(1); |
| assertSequenceNumbers(info); |
| SshKeyInfo key = info.get(0); |
| KeyPair keyPair = sshKeys.getKeyPair(admin); |
| String initial = TestSshKeys.publicKey(keyPair, admin.email()); |
| assertThat(key.sshPublicKey).isEqualTo(initial); |
| accountIndexedCounter.assertNoReindex(); |
| |
| // Add a new key |
| sender.clear(); |
| String newKey = TestSshKeys.publicKey(SshSessionFactory.genSshKey(), user.email()); |
| gApi.accounts().id(user.username()).addSshKey(newKey); |
| info = gApi.accounts().id(user.username()).listSshKeys(); |
| assertThat(info).hasSize(2); |
| assertSequenceNumbers(info); |
| accountIndexedCounter.assertReindexOf(user); |
| |
| assertThat(sender.getMessages()).hasSize(1); |
| Message message = sender.getMessages().get(0); |
| assertThat(message.rcpt()).containsExactly(user.getNameEmail()); |
| assertThat(message.body()).contains("new SSH keys have been added"); |
| |
| // Delete key |
| sender.clear(); |
| gApi.accounts().id(user.username()).deleteSshKey(1); |
| info = gApi.accounts().id(user.username()).listSshKeys(); |
| assertThat(info).hasSize(1); |
| accountIndexedCounter.assertReindexOf(user); |
| |
| assertThat(sender.getMessages()).hasSize(1); |
| message = sender.getMessages().get(0); |
| assertThat(message.rcpt()).containsExactly(user.getNameEmail()); |
| assertThat(message.body()).contains("SSH keys have been deleted"); |
| } |
| } |
| |
| @Test |
| @UseSsh |
| public void userCannotAddSshKeyToOtherAccount() throws Exception { |
| String newKey = TestSshKeys.publicKey(SshSessionFactory.genSshKey(), admin.email()); |
| requestScopeOperations.setApiUser(user.id()); |
| assertThrows(AuthException.class, () -> gApi.accounts().id(admin.username()).addSshKey(newKey)); |
| } |
| |
| @Test |
| @UseSsh |
| public void userCannotDeleteSshKeyOfOtherAccount() throws Exception { |
| requestScopeOperations.setApiUser(user.id()); |
| assertThrows( |
| ResourceNotFoundException.class, |
| () -> gApi.accounts().id(admin.username()).deleteSshKey(0)); |
| } |
| |
| // reindex is tested by {@link AbstractQueryAccountsTest#reindex} |
| @Test |
| public void reindexPermissions() throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| // admin can reindex any account |
| requestScopeOperations.setApiUser(admin.id()); |
| gApi.accounts().id(user.username()).index(); |
| accountIndexedCounter.assertReindexOf(user); |
| |
| // user can reindex own account |
| requestScopeOperations.setApiUser(user.id()); |
| gApi.accounts().self().index(); |
| accountIndexedCounter.assertReindexOf(user); |
| |
| // user cannot reindex any account |
| AuthException thrown = |
| assertThrows(AuthException.class, () -> gApi.accounts().id(admin.username()).index()); |
| assertThat(thrown).hasMessageThat().contains("modify account not permitted"); |
| } |
| } |
| |
| @Test |
| public void checkConsistency() throws Exception { |
| projectOperations |
| .allProjectsForUpdate() |
| .add(allowCapability(GlobalCapability.ACCESS_DATABASE).group(REGISTERED_USERS)) |
| .update(); |
| requestScopeOperations.resetCurrentApiUser(); |
| |
| // Create an account with a preferred email. |
| String username = name("foo"); |
| String email = username + "@example.com"; |
| TestAccount account = accountCreator.create(username, email, "Foo Bar", null); |
| |
| ConsistencyCheckInput input = new ConsistencyCheckInput(); |
| input.checkAccounts = new CheckAccountsInput(); |
| ConsistencyCheckInfo checkInfo = gApi.config().server().checkConsistency(input); |
| assertThat(checkInfo.checkAccountsResult.problems).isEmpty(); |
| |
| Set<ConsistencyProblemInfo> expectedProblems = new HashSet<>(); |
| |
| // Delete the external ID for the preferred email. This makes the account inconsistent since it |
| // now doesn't have an external ID for its preferred email. |
| accountsUpdateProvider |
| .get() |
| .update( |
| "Delete External ID", |
| account.id(), |
| u -> u.deleteExternalId(externalIdFactory.createEmail(account.id(), email))); |
| expectedProblems.add( |
| new ConsistencyProblemInfo( |
| ConsistencyProblemInfo.Status.ERROR, |
| "Account '" |
| + account.id().get() |
| + "' has no external ID for its preferred email '" |
| + email |
| + "'")); |
| |
| checkInfo = gApi.config().server().checkConsistency(input); |
| assertThat(checkInfo.checkAccountsResult.problems).hasSize(expectedProblems.size()); |
| assertThat(checkInfo.checkAccountsResult.problems).containsExactlyElementsIn(expectedProblems); |
| } |
| |
| @Test |
| public void internalQueryFindActiveAndInactiveAccounts() throws Exception { |
| String name = name("foo"); |
| assertThat(accountQueryProvider.get().byDefault(name, true)).isEmpty(); |
| |
| TestAccount foo1 = accountCreator.create(name + "-1"); |
| assertThat(gApi.accounts().id(foo1.username()).getActive()).isTrue(); |
| |
| TestAccount foo2 = accountCreator.create(name + "-2"); |
| gApi.accounts().id(foo2.username()).setActive(false); |
| assertThat(gApi.accounts().id(foo2.id().get()).getActive()).isFalse(); |
| |
| assertThat(accountQueryProvider.get().byDefault(name, true)).hasSize(2); |
| } |
| |
| @Test |
| public void checkMetaId() throws Exception { |
| // metaId is set when account is loaded |
| assertThat(accounts.get(admin.id()).get().account().metaId()).isEqualTo(getMetaId(admin.id())); |
| |
| // metaId is set when account is created |
| AccountsUpdate au = accountsUpdateProvider.get(); |
| Account.Id accountId = Account.id(seq.nextAccountId()); |
| AccountState accountState = au.insert("Create Test Account", accountId, u -> {}); |
| assertThat(accountState.account().metaId()).isEqualTo(getMetaId(accountId)); |
| |
| // metaId is set when account is updated |
| Optional<AccountState> updatedAccountState = |
| au.update("Set Full Name", accountId, u -> u.setFullName("foo")); |
| assertThat(updatedAccountState).isPresent(); |
| Account updatedAccount = updatedAccountState.get().account(); |
| assertThat(accountState.account().metaId()).isNotEqualTo(updatedAccount.metaId()); |
| assertThat(updatedAccount.metaId()).isEqualTo(getMetaId(accountId)); |
| } |
| |
| private EmailInput newEmailInput(String email, boolean noConfirmation) { |
| EmailInput input = new EmailInput(); |
| input.email = email; |
| input.noConfirmation = noConfirmation; |
| return input; |
| } |
| |
| private EmailInput newEmailInput(String email) { |
| return newEmailInput(email, true); |
| } |
| |
| @Nullable |
| private String getMetaId(Account.Id accountId) throws IOException { |
| try (Repository repo = repoManager.openRepository(allUsers); |
| RevWalk rw = new RevWalk(repo); |
| ObjectReader or = repo.newObjectReader()) { |
| Ref ref = repo.exactRef(RefNames.refsUsers(accountId)); |
| return ref != null ? ref.getObjectId().name() : null; |
| } |
| } |
| |
| @Test |
| public void allGroupsForAnAdminAccountCanBeRetrieved() throws Exception { |
| List<GroupInfo> groups = gApi.accounts().id(admin.username()).getGroups(); |
| assertThat(groups) |
| .comparingElementsUsing(getGroupToNameCorrespondence()) |
| .containsExactly("Anonymous Users", "Registered Users", "Administrators"); |
| } |
| |
| @Test |
| public void createUserWithValidUsername() throws Exception { |
| ImmutableList<String> names = |
| ImmutableList.of( |
| "user@domain", |
| "user-name", |
| "user_name", |
| "1234", |
| "user1234", |
| "1234@domain", |
| "user!+alias{*}#$%&’^=~|@domain"); |
| for (String name : names) { |
| gApi.accounts().create(name); |
| } |
| } |
| |
| @Test |
| public void createUserWithInvalidUsername() throws Exception { |
| ImmutableList<String> invalidNames = |
| ImmutableList.of( |
| "@", "@foo", "-", "-foo", "_", "_foo", "!", "+", "{", "}", "*", "%", "#", "$", "&", "’", |
| "^", "=", "~"); |
| for (String name : invalidNames) { |
| BadRequestException thrown = |
| assertThrows(BadRequestException.class, () -> gApi.accounts().create(name)); |
| assertThat(thrown).hasMessageThat().isEqualTo(String.format("Invalid username '%s'", name)); |
| } |
| } |
| |
| @Test |
| public void allGroupsForAUserAccountCanBeRetrieved() throws Exception { |
| String username = name("user1"); |
| accountOperations.newAccount().username(username).create(); |
| AccountGroup.UUID groupID = groupOperations.newGroup().name("group").create(); |
| String group = groupOperations.group(groupID).get().name(); |
| |
| gApi.groups().id(group).addMembers(username); |
| |
| List<GroupInfo> allGroups = gApi.accounts().id(username).getGroups(); |
| assertThat(allGroups) |
| .comparingElementsUsing(getGroupToNameCorrespondence()) |
| .containsExactly("Anonymous Users", "Registered Users", group); |
| } |
| |
| @Test |
| public void defaultPermissionsOnUserBranches() throws Exception { |
| String userRef = RefNames.REFS_USERS + "${" + RefPattern.USERID_SHARDED + "}"; |
| assertPermissions( |
| allUsers, |
| groupRef(REGISTERED_USERS), |
| userRef, |
| true, |
| Permission.READ, |
| Permission.PUSH, |
| Permission.SUBMIT); |
| |
| assertLabelPermission( |
| allUsers, groupRef(REGISTERED_USERS), userRef, true, "Code-Review", -2, 2); |
| |
| assertPermissions( |
| allUsers, |
| adminGroupRef(), |
| RefNames.REFS_USERS_DEFAULT, |
| true, |
| Permission.READ, |
| Permission.PUSH, |
| Permission.CREATE); |
| } |
| |
| @Test |
| public void retryOnLockFailure() throws Exception { |
| String status = "happy"; |
| String fullName = "Foo"; |
| AtomicBoolean doneBgUpdate = new AtomicBoolean(false); |
| PersonIdent ident = serverIdent.get(); |
| AccountsUpdate update = |
| new AccountsUpdate( |
| repoManager, |
| gitReferenceUpdated, |
| Optional.empty(), |
| allUsers, |
| externalIds, |
| metaDataUpdateInternalFactory, |
| new RetryHelper( |
| cfg, |
| retryMetrics, |
| null, |
| null, |
| null, |
| exceptionHooks, |
| r -> r.withBlockStrategy(noSleepBlockStrategy)), |
| extIdNotesFactory, |
| ident, |
| ident, |
| () -> { |
| if (!doneBgUpdate.getAndSet(true)) { |
| try { |
| accountsUpdateProvider |
| .get() |
| .update("Set Status", admin.id(), u -> u.setStatus(status)); |
| } catch (IOException | ConfigInvalidException | StorageException e) { |
| // Ignore, the successful update of the account is asserted later |
| } |
| } |
| }, |
| Runnables.doNothing()); |
| assertThat(doneBgUpdate.get()).isFalse(); |
| AccountInfo accountInfo = gApi.accounts().id(admin.id().get()).get(); |
| assertThat(accountInfo.status).isNull(); |
| assertThat(accountInfo.name).isNotEqualTo(fullName); |
| |
| Optional<AccountState> updatedAccountState = |
| update.update("Set Full Name", admin.id(), u -> u.setFullName(fullName)); |
| assertThat(doneBgUpdate.get()).isTrue(); |
| |
| assertThat(updatedAccountState).isPresent(); |
| Account updatedAccount = updatedAccountState.get().account(); |
| assertThat(updatedAccount.status()).isEqualTo(status); |
| assertThat(updatedAccount.fullName()).isEqualTo(fullName); |
| |
| accountInfo = gApi.accounts().id(admin.id().get()).get(); |
| assertThat(accountInfo.status).isEqualTo(status); |
| assertThat(accountInfo.name).isEqualTo(fullName); |
| } |
| |
| @Test |
| public void failAfterRetryerGivesUp() throws Exception { |
| List<String> status = ImmutableList.of("foo", "bar", "baz"); |
| String fullName = "Foo"; |
| AtomicInteger bgCounter = new AtomicInteger(0); |
| PersonIdent ident = serverIdent.get(); |
| AccountsUpdate update = |
| new AccountsUpdate( |
| repoManager, |
| gitReferenceUpdated, |
| Optional.empty(), |
| allUsers, |
| externalIds, |
| metaDataUpdateInternalFactory, |
| new RetryHelper( |
| cfg, |
| retryMetrics, |
| null, |
| null, |
| null, |
| exceptionHooks, |
| r -> |
| r.withStopStrategy(StopStrategies.stopAfterAttempt(status.size())) |
| .withBlockStrategy(noSleepBlockStrategy)), |
| extIdNotesFactory, |
| ident, |
| ident, |
| () -> { |
| try { |
| accountsUpdateProvider |
| .get() |
| .update( |
| "Set Status", |
| admin.id(), |
| u -> u.setStatus(status.get(bgCounter.getAndAdd(1)))); |
| } catch (IOException | ConfigInvalidException | StorageException e) { |
| // Ignore, the expected exception is asserted later |
| } |
| }, |
| Runnables.doNothing()); |
| assertThat(bgCounter.get()).isEqualTo(0); |
| AccountInfo accountInfo = gApi.accounts().id(admin.id().get()).get(); |
| assertThat(accountInfo.status).isNull(); |
| assertThat(accountInfo.name).isNotEqualTo(fullName); |
| |
| assertThrows( |
| LockFailureException.class, |
| () -> update.update("Set Full Name", admin.id(), u -> u.setFullName(fullName))); |
| assertThat(bgCounter.get()).isEqualTo(status.size()); |
| |
| Account updatedAccount = accounts.get(admin.id()).get().account(); |
| assertThat(updatedAccount.status()).isEqualTo(Iterables.getLast(status)); |
| assertThat(updatedAccount.fullName()).isEqualTo(admin.fullName()); |
| |
| accountInfo = gApi.accounts().id(admin.id().get()).get(); |
| assertThat(accountInfo.status).isEqualTo(Iterables.getLast(status)); |
| assertThat(accountInfo.name).isEqualTo(admin.fullName()); |
| } |
| |
| @Test |
| public void atomicReadMofifyWrite() throws Exception { |
| gApi.accounts().id(admin.id().get()).setStatus("A-1"); |
| |
| AtomicInteger bgCounterA1 = new AtomicInteger(0); |
| AtomicInteger bgCounterA2 = new AtomicInteger(0); |
| PersonIdent ident = serverIdent.get(); |
| AccountsUpdate update = |
| new AccountsUpdate( |
| repoManager, |
| gitReferenceUpdated, |
| Optional.empty(), |
| allUsers, |
| externalIds, |
| metaDataUpdateInternalFactory, |
| new RetryHelper( |
| cfg, |
| retryMetrics, |
| null, |
| null, |
| null, |
| exceptionHooks, |
| r -> r.withBlockStrategy(noSleepBlockStrategy)), |
| extIdNotesFactory, |
| ident, |
| ident, |
| Runnables.doNothing(), |
| () -> { |
| try { |
| accountsUpdateProvider |
| .get() |
| .update("Set Status", admin.id(), u -> u.setStatus("A-2")); |
| } catch (IOException | ConfigInvalidException | StorageException e) { |
| // Ignore, the expected exception is asserted later |
| } |
| }); |
| assertThat(bgCounterA1.get()).isEqualTo(0); |
| assertThat(bgCounterA2.get()).isEqualTo(0); |
| assertThat(gApi.accounts().id(admin.id().get()).get().status).isEqualTo("A-1"); |
| |
| Optional<AccountState> updatedAccountState = |
| update.update( |
| "Set Status", |
| admin.id(), |
| (a, u) -> { |
| if ("A-1".equals(a.account().status())) { |
| bgCounterA1.getAndIncrement(); |
| u.setStatus("B-1"); |
| } |
| |
| if ("A-2".equals(a.account().status())) { |
| bgCounterA2.getAndIncrement(); |
| u.setStatus("B-2"); |
| } |
| }); |
| |
| assertThat(bgCounterA1.get()).isEqualTo(1); |
| assertThat(bgCounterA2.get()).isEqualTo(1); |
| |
| assertThat(updatedAccountState).isPresent(); |
| assertThat(updatedAccountState.get().account().status()).isEqualTo("B-2"); |
| assertThat(accounts.get(admin.id()).get().account().status()).isEqualTo("B-2"); |
| assertThat(gApi.accounts().id(admin.id().get()).get().status).isEqualTo("B-2"); |
| } |
| |
| @Test |
| public void atomicReadMofifyWriteExternalIds() throws Exception { |
| projectOperations |
| .allProjectsForUpdate() |
| .add(allowCapability(GlobalCapability.ACCESS_DATABASE).group(REGISTERED_USERS)) |
| .update(); |
| |
| Account.Id accountId = Account.id(seq.nextAccountId()); |
| ExternalId extIdA1 = externalIdFactory.create("foo", "A-1", accountId); |
| accountsUpdateProvider |
| .get() |
| .insert("Create Test Account", accountId, u -> u.addExternalId(extIdA1)); |
| |
| AtomicInteger bgCounterA1 = new AtomicInteger(0); |
| AtomicInteger bgCounterA2 = new AtomicInteger(0); |
| PersonIdent ident = serverIdent.get(); |
| ExternalId extIdA2 = externalIdFactory.create("foo", "A-2", accountId); |
| AccountsUpdate update = |
| new AccountsUpdate( |
| repoManager, |
| gitReferenceUpdated, |
| Optional.empty(), |
| allUsers, |
| externalIds, |
| metaDataUpdateInternalFactory, |
| new RetryHelper( |
| cfg, |
| retryMetrics, |
| null, |
| null, |
| null, |
| exceptionHooks, |
| r -> r.withBlockStrategy(noSleepBlockStrategy)), |
| extIdNotesFactory, |
| ident, |
| ident, |
| Runnables.doNothing(), |
| () -> { |
| try { |
| accountsUpdateProvider |
| .get() |
| .update( |
| "Update External ID", |
| accountId, |
| u -> u.replaceExternalId(extIdA1, extIdA2)); |
| } catch (IOException | ConfigInvalidException | StorageException e) { |
| // Ignore, the expected exception is asserted later |
| } |
| }); |
| assertThat(bgCounterA1.get()).isEqualTo(0); |
| assertThat(bgCounterA2.get()).isEqualTo(0); |
| assertThat( |
| gApi.accounts().id(accountId.get()).getExternalIds().stream() |
| .map(i -> i.identity) |
| .collect(toSet())) |
| .containsExactly(extIdA1.key().get()); |
| |
| ExternalId extIdB1 = externalIdFactory.create("foo", "B-1", accountId); |
| ExternalId extIdB2 = externalIdFactory.create("foo", "B-2", accountId); |
| Optional<AccountState> updatedAccount = |
| update.update( |
| "Update External ID", |
| accountId, |
| (a, u) -> { |
| if (a.externalIds().contains(extIdA1)) { |
| bgCounterA1.getAndIncrement(); |
| u.replaceExternalId(extIdA1, extIdB1); |
| } |
| |
| if (a.externalIds().contains(extIdA2)) { |
| bgCounterA2.getAndIncrement(); |
| u.replaceExternalId(extIdA2, extIdB2); |
| } |
| }); |
| |
| assertThat(bgCounterA1.get()).isEqualTo(1); |
| assertThat(bgCounterA2.get()).isEqualTo(1); |
| |
| assertThat(updatedAccount).isPresent(); |
| assertThat(updatedAccount.get().externalIds()).containsExactly(extIdB2); |
| assertThat(accounts.get(accountId).get().externalIds()).containsExactly(extIdB2); |
| assertThat( |
| gApi.accounts().id(accountId.get()).getExternalIds().stream() |
| .map(i -> i.identity) |
| .collect(toSet())) |
| .containsExactly(extIdB2.key().get()); |
| } |
| |
| @Test |
| public void stalenessChecker() throws Exception { |
| // Newly created account is not stale. |
| AccountInfo accountInfo = gApi.accounts().create(name("foo")).get(); |
| Account.Id accountId = Account.id(accountInfo._accountId); |
| assertThat(stalenessChecker.check(accountId).isStale()).isFalse(); |
| |
| // Manually updating the user ref makes the index document stale. |
| String userRef = RefNames.refsUsers(accountId); |
| testRefAction( |
| () -> { |
| try (Repository repo = repoManager.openRepository(allUsers); |
| ObjectInserter oi = repo.newObjectInserter(); |
| RevWalk rw = new RevWalk(repo)) { |
| RevCommit commit = rw.parseCommit(repo.exactRef(userRef).getObjectId()); |
| |
| PersonIdent ident = new PersonIdent(serverIdent.get(), TimeUtil.now()); |
| CommitBuilder cb = new CommitBuilder(); |
| cb.setTreeId(commit.getTree()); |
| cb.setCommitter(ident); |
| cb.setAuthor(ident); |
| cb.setMessage(commit.getFullMessage()); |
| ObjectId emptyCommit = oi.insert(cb); |
| oi.flush(); |
| |
| RefUpdate updateRef = repo.updateRef(userRef); |
| updateRef.setExpectedOldObjectId(commit.toObjectId()); |
| updateRef.setNewObjectId(emptyCommit); |
| assertThat(updateRef.forceUpdate()).isEqualTo(RefUpdate.Result.FORCED); |
| } |
| }); |
| assertStaleAccountAndReindex(accountId); |
| |
| // Manually inserting/updating/deleting an external ID of the user makes the index document |
| // stale. |
| try (Repository repo = repoManager.openRepository(allUsers)) { |
| testRefAction( |
| () -> { |
| ExternalIdNotes extIdNotes = |
| ExternalIdNotes.load( |
| allUsers, |
| repo, |
| externalIdFactory, |
| authConfig.isUserNameCaseInsensitiveMigrationMode()); |
| |
| ExternalId.Key key = externalIdKeyFactory.create("foo", "foo"); |
| extIdNotes.insert(externalIdFactory.create(key, accountId)); |
| try (MetaDataUpdate update = metaDataUpdateFactory.create(allUsers)) { |
| extIdNotes.commit(update); |
| } |
| assertStaleAccountAndReindex(accountId); |
| |
| extIdNotes = |
| ExternalIdNotes.load( |
| allUsers, |
| repo, |
| externalIdFactory, |
| authConfig.isUserNameCaseInsensitiveMigrationMode()); |
| extIdNotes.upsert(externalIdFactory.createWithEmail(key, accountId, "foo@example.com")); |
| try (MetaDataUpdate update = metaDataUpdateFactory.create(allUsers)) { |
| extIdNotes.commit(update); |
| } |
| assertStaleAccountAndReindex(accountId); |
| |
| extIdNotes = |
| ExternalIdNotes.load( |
| allUsers, |
| repo, |
| externalIdFactory, |
| authConfig.isUserNameCaseInsensitiveMigrationMode()); |
| extIdNotes.delete(accountId, key); |
| try (MetaDataUpdate update = metaDataUpdateFactory.create(allUsers)) { |
| extIdNotes.commit(update); |
| } |
| }); |
| assertStaleAccountAndReindex(accountId); |
| } |
| |
| // Manually delete account |
| testRefAction( |
| () -> { |
| try (Repository repo = repoManager.openRepository(allUsers); |
| RevWalk rw = new RevWalk(repo)) { |
| RevCommit commit = rw.parseCommit(repo.exactRef(userRef).getObjectId()); |
| RefUpdate updateRef = repo.updateRef(userRef); |
| updateRef.setExpectedOldObjectId(commit.toObjectId()); |
| updateRef.setNewObjectId(ObjectId.zeroId()); |
| updateRef.setForceUpdate(true); |
| assertThat(updateRef.delete()).isEqualTo(RefUpdate.Result.FORCED); |
| } |
| }); |
| assertStaleAccountAndReindex(accountId); |
| } |
| |
| private void assertStaleAccountAndReindex(Account.Id accountId) throws IOException { |
| assertThat(stalenessChecker.check(accountId).isStale()).isTrue(); |
| |
| // Reindex fixes staleness |
| accountIndexer.index(accountId); |
| assertThat(stalenessChecker.check(accountId).isStale()).isFalse(); |
| } |
| |
| @Test |
| @UseClockStep |
| public void deleteAllDraftComments() throws Exception { |
| try { |
| Project.NameKey project2 = projectOperations.newProject().create(); |
| PushOneCommit.Result r1 = createChange(); |
| |
| TestRepository<?> tr2 = cloneProject(project2); |
| PushOneCommit.Result r2 = |
| createChange( |
| tr2, |
| "refs/heads/master", |
| "Change in project2", |
| PushOneCommit.FILE_NAME, |
| "content2", |
| null); |
| |
| // Create 2 drafts each on both changes for user. |
| requestScopeOperations.setApiUser(user.id()); |
| createDraft(r1, PushOneCommit.FILE_NAME, "draft 1a"); |
| createDraft(r1, PushOneCommit.FILE_NAME, "draft 1b"); |
| createDraft(r2, PushOneCommit.FILE_NAME, "draft 2a"); |
| createDraft(r2, PushOneCommit.FILE_NAME, "draft 2b"); |
| assertThat(gApi.changes().id(r1.getChangeId()).current().draftsAsList()).hasSize(2); |
| assertThat(gApi.changes().id(r2.getChangeId()).current().draftsAsList()).hasSize(2); |
| |
| // Create 1 draft on first change for admin. |
| requestScopeOperations.setApiUser(admin.id()); |
| createDraft(r1, PushOneCommit.FILE_NAME, "admin draft"); |
| assertThat(gApi.changes().id(r1.getChangeId()).current().draftsAsList()).hasSize(1); |
| |
| // Delete user's draft comments; leave admin's alone. |
| requestScopeOperations.setApiUser(user.id()); |
| List<DeletedDraftCommentInfo> result = |
| gApi.accounts().self().deleteDraftComments(new DeleteDraftCommentsInput()); |
| |
| // Results are ordered according to the change search, most recently updated first. |
| assertThat(result).hasSize(2); |
| DeletedDraftCommentInfo del2 = result.get(0); |
| assertThat(del2.change.changeId).isEqualTo(r2.getChangeId()); |
| assertThat(del2.deleted.stream().map(c -> c.message)).containsExactly("draft 2a", "draft 2b"); |
| DeletedDraftCommentInfo del1 = result.get(1); |
| assertThat(del1.change.changeId).isEqualTo(r1.getChangeId()); |
| assertThat(del1.deleted.stream().map(c -> c.message)).containsExactly("draft 1a", "draft 1b"); |
| |
| assertThat(gApi.changes().id(r1.getChangeId()).current().draftsAsList()).isEmpty(); |
| assertThat(gApi.changes().id(r2.getChangeId()).current().draftsAsList()).isEmpty(); |
| |
| requestScopeOperations.setApiUser(admin.id()); |
| assertThat(gApi.changes().id(r1.getChangeId()).current().draftsAsList()).hasSize(1); |
| } finally { |
| cleanUpDrafts(); |
| } |
| } |
| |
| @Test |
| public void deleteDraftCommentsByQuery() throws Exception { |
| try { |
| PushOneCommit.Result r1 = createChange(); |
| PushOneCommit.Result r2 = createChange(); |
| |
| createDraft(r1, PushOneCommit.FILE_NAME, "draft a"); |
| createDraft(r2, PushOneCommit.FILE_NAME, "draft b"); |
| assertThat(gApi.changes().id(r1.getChangeId()).current().draftsAsList()).hasSize(1); |
| assertThat(gApi.changes().id(r2.getChangeId()).current().draftsAsList()).hasSize(1); |
| |
| List<DeletedDraftCommentInfo> result = |
| gApi.accounts() |
| .self() |
| .deleteDraftComments(new DeleteDraftCommentsInput("change:" + r1.getChangeId())); |
| assertThat(result).hasSize(1); |
| assertThat(result.get(0).change.changeId).isEqualTo(r1.getChangeId()); |
| assertThat(result.get(0).deleted.stream().map(c -> c.message)).containsExactly("draft a"); |
| |
| assertThat(gApi.changes().id(r1.getChangeId()).current().draftsAsList()).isEmpty(); |
| assertThat(gApi.changes().id(r2.getChangeId()).current().draftsAsList()).hasSize(1); |
| } finally { |
| cleanUpDrafts(); |
| } |
| } |
| |
| @Test |
| public void deleteOtherUsersDraftCommentsDisallowed() throws Exception { |
| try { |
| PushOneCommit.Result r = createChange(); |
| requestScopeOperations.setApiUser(user.id()); |
| createDraft(r, PushOneCommit.FILE_NAME, "draft"); |
| requestScopeOperations.setApiUser(admin.id()); |
| AuthException thrown = |
| assertThrows( |
| AuthException.class, |
| () -> |
| gApi.accounts() |
| .id(user.id().get()) |
| .deleteDraftComments(new DeleteDraftCommentsInput())); |
| assertThat(thrown).hasMessageThat().isEqualTo("Cannot delete drafts of other user"); |
| } finally { |
| cleanUpDrafts(); |
| } |
| } |
| |
| @Test |
| public void deleteDraftCommentsSkipsInvisibleChanges() throws Exception { |
| try { |
| createBranch(BranchNameKey.create(project, "secret")); |
| PushOneCommit.Result r1 = createChange(); |
| PushOneCommit.Result r2 = createChange("refs/for/secret"); |
| |
| requestScopeOperations.setApiUser(user.id()); |
| createDraft(r1, PushOneCommit.FILE_NAME, "draft a"); |
| createDraft(r2, PushOneCommit.FILE_NAME, "draft b"); |
| assertThat(gApi.changes().id(r1.getChangeId()).current().draftsAsList()).hasSize(1); |
| assertThat(gApi.changes().id(r2.getChangeId()).current().draftsAsList()).hasSize(1); |
| |
| projectOperations |
| .project(project) |
| .forUpdate() |
| .add(block(Permission.READ).ref("refs/heads/secret").group(REGISTERED_USERS)) |
| .update(); |
| List<DeletedDraftCommentInfo> result = |
| gApi.accounts().self().deleteDraftComments(new DeleteDraftCommentsInput()); |
| assertThat(result).hasSize(1); |
| assertThat(result.get(0).change.changeId).isEqualTo(r1.getChangeId()); |
| assertThat(result.get(0).deleted.stream().map(c -> c.message)).containsExactly("draft a"); |
| |
| projectOperations |
| .project(project) |
| .forUpdate() |
| .remove(permissionKey(Permission.READ).ref("refs/heads/secret")) |
| .update(); |
| assertThat(gApi.changes().id(r1.getChangeId()).current().draftsAsList()).isEmpty(); |
| // Draft still exists since change wasn't visible when drafts where deleted. |
| assertThat(gApi.changes().id(r2.getChangeId()).current().draftsAsList()).hasSize(1); |
| } finally { |
| cleanUpDrafts(); |
| } |
| } |
| |
| @Test |
| public void userCanGenerateNewHttpPassword() throws Exception { |
| sender.clear(); |
| String newPassword = gApi.accounts().self().generateHttpPassword(); |
| assertThat(newPassword).isNotNull(); |
| assertThat(sender.getMessages()).hasSize(1); |
| assertThat(sender.getMessages().get(0).body()).contains("HTTP password was added or updated"); |
| } |
| |
| @Test |
| public void adminCanGenerateNewHttpPasswordForUser() throws Exception { |
| requestScopeOperations.setApiUser(admin.id()); |
| sender.clear(); |
| String newPassword = gApi.accounts().id(user.username()).generateHttpPassword(); |
| assertThat(newPassword).isNotNull(); |
| assertThat(sender.getMessages()).hasSize(1); |
| assertThat(sender.getMessages().get(0).body()).contains("HTTP password was added or updated"); |
| } |
| |
| @Test |
| public void userCannotGenerateNewHttpPasswordForOtherUser() throws Exception { |
| requestScopeOperations.setApiUser(user.id()); |
| assertThrows( |
| AuthException.class, () -> gApi.accounts().id(admin.username()).generateHttpPassword()); |
| } |
| |
| @Test |
| public void userCannotExplicitlySetHttpPassword() throws Exception { |
| requestScopeOperations.setApiUser(user.id()); |
| assertThrows( |
| AuthException.class, () -> gApi.accounts().self().setHttpPassword("my-new-password")); |
| } |
| |
| @Test |
| public void userCannotExplicitlySetHttpPasswordForOtherUser() throws Exception { |
| requestScopeOperations.setApiUser(user.id()); |
| assertThrows( |
| AuthException.class, |
| () -> gApi.accounts().id(admin.username()).setHttpPassword("my-new-password")); |
| } |
| |
| @Test |
| public void userCanRemoveHttpPassword() throws Exception { |
| requestScopeOperations.setApiUser(user.id()); |
| sender.clear(); |
| assertThat(gApi.accounts().self().setHttpPassword(null)).isNull(); |
| assertThat(sender.getMessages()).hasSize(1); |
| assertThat(sender.getMessages().get(0).body()).contains("HTTP password was deleted"); |
| } |
| |
| @Test |
| public void userCannotRemoveHttpPasswordForOtherUser() throws Exception { |
| requestScopeOperations.setApiUser(user.id()); |
| assertThrows( |
| AuthException.class, () -> gApi.accounts().id(admin.username()).setHttpPassword(null)); |
| } |
| |
| @Test |
| public void adminCanExplicitlySetHttpPasswordForUser() throws Exception { |
| requestScopeOperations.setApiUser(admin.id()); |
| String httpPassword = "new-password-for-user"; |
| sender.clear(); |
| assertThat(gApi.accounts().id(user.username()).setHttpPassword(httpPassword)) |
| .isEqualTo(httpPassword); |
| assertThat(sender.getMessages()).hasSize(1); |
| assertThat(sender.getMessages().get(0).body()).contains("HTTP password was added or updated"); |
| } |
| |
| @Test |
| public void adminCanRemoveHttpPasswordForUser() throws Exception { |
| requestScopeOperations.setApiUser(admin.id()); |
| sender.clear(); |
| assertThat(gApi.accounts().id(user.username()).setHttpPassword(null)).isNull(); |
| assertThat(sender.getMessages()).hasSize(1); |
| assertThat(sender.getMessages().get(0).body()).contains("HTTP password was deleted"); |
| } |
| |
| @Test |
| public void cannotGenerateHttpPasswordWhenUsernameIsNotSet() throws Exception { |
| requestScopeOperations.setApiUser(admin.id()); |
| int userId = accountCreator.create().id().get(); |
| assertThat(gApi.accounts().id(userId).get().username).isNull(); |
| ResourceConflictException thrown = |
| assertThrows( |
| ResourceConflictException.class, |
| () -> gApi.accounts().id(userId).generateHttpPassword()); |
| assertThat(thrown).hasMessageThat().contains("username"); |
| } |
| |
| @Test |
| public void externalIdBatchUpdates() throws Exception { |
| String extId1String = "foo:bar"; |
| String extId2String = "foo:baz"; |
| ExternalId extId1 = |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse(extId1String), admin.id(), "1@foo.com"); |
| ExternalId extId2 = |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse(extId2String), user.id(), "2@foo.com"); |
| |
| ObjectId revBefore; |
| try (Repository repo = repoManager.openRepository(allUsers)) { |
| revBefore = repo.exactRef(RefNames.REFS_EXTERNAL_IDS).getObjectId(); |
| } |
| |
| AccountsUpdate.UpdateArguments ua1 = |
| new AccountsUpdate.UpdateArguments( |
| "Add External ID", admin.id(), (a, u) -> u.addExternalId(extId1)); |
| AccountsUpdate.UpdateArguments ua2 = |
| new AccountsUpdate.UpdateArguments( |
| "Add External ID", user.id(), (a, u) -> u.addExternalId(extId2)); |
| ImmutableList<Optional<AccountState>> accountStates = |
| accountsUpdateProvider.get().updateBatch(ImmutableList.of(ua1, ua2)); |
| assertThat(accountStates).hasSize(2); |
| assertThat(accountStates.get(0).get().externalIds()).contains(extId1); |
| assertThat(accountStates.get(1).get().externalIds()).contains(extId2); |
| assertThat( |
| gApi.accounts().id(admin.id().get()).getExternalIds().stream() |
| .map(e -> e.identity) |
| .collect(toSet())) |
| .contains(extId1String); |
| assertThat( |
| gApi.accounts().id(user.id().get()).getExternalIds().stream() |
| .map(e -> e.identity) |
| .collect(toSet())) |
| .contains(extId2String); |
| |
| // Ensure that we only applied one single commit. |
| try (Repository repo = repoManager.openRepository(allUsers); |
| RevWalk rw = new RevWalk(repo)) { |
| RevCommit after = rw.parseCommit(repo.exactRef(RefNames.REFS_EXTERNAL_IDS).getObjectId()); |
| assertThat(after.getParent(0).toObjectId()).isEqualTo(revBefore); |
| } |
| } |
| |
| @Test |
| public void externalIdBatchUpdates_fail_sameAccount() { |
| ExternalId extId1 = |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse("foo:bar"), admin.id(), "1@foo.com"); |
| ExternalId extId2 = |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse("foo:baz"), user.id(), "2@foo.com"); |
| |
| AccountsUpdate.UpdateArguments ua1 = |
| new AccountsUpdate.UpdateArguments( |
| "Add External ID", admin.id(), (a, u) -> u.addExternalId(extId1)); |
| // Another update for the same account is not allowed. |
| AccountsUpdate.UpdateArguments ua2 = |
| new AccountsUpdate.UpdateArguments( |
| "Add External ID", admin.id(), (a, u) -> u.addExternalId(extId2)); |
| IllegalArgumentException e = |
| assertThrows( |
| IllegalArgumentException.class, |
| () -> accountsUpdateProvider.get().updateBatch(ImmutableList.of(ua1, ua2))); |
| assertThat(e).hasMessageThat().contains("updates must all be for different accounts"); |
| } |
| |
| @Test |
| public void externalIdBatchUpdates_fail_duplicateKey() { |
| ExternalId extIdAdmin = |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse("foo:bar"), admin.id(), "1@foo.com"); |
| ExternalId extIdUser = |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse("foo:bar"), user.id(), "2@foo.com"); |
| |
| AccountsUpdate.UpdateArguments ua1 = |
| new AccountsUpdate.UpdateArguments( |
| "Add External ID", admin.id(), (a, u) -> u.addExternalId(extIdAdmin)); |
| AccountsUpdate.UpdateArguments ua2 = |
| new AccountsUpdate.UpdateArguments( |
| "Add External ID", user.id(), (a, u) -> u.addExternalId(extIdUser)); |
| DuplicateExternalIdKeyException e = |
| assertThrows( |
| DuplicateExternalIdKeyException.class, |
| () -> accountsUpdateProvider.get().updateBatch(ImmutableList.of(ua1, ua2))); |
| assertThat(e).hasMessageThat().contains("foo:bar"); |
| } |
| |
| @Test |
| public void externalIdBatchUpdates_commitMsg_multipleAccounts() throws Exception { |
| ExternalId extId1 = |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse("foo:bar"), admin.id(), "1@foo.com"); |
| ExternalId extId2 = |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse("foo:baz"), user.id(), "2@foo.com"); |
| |
| AccountsUpdate.UpdateArguments ua1 = |
| new AccountsUpdate.UpdateArguments( |
| "first message", admin.id(), (a, u) -> u.addExternalId(extId1)); |
| AccountsUpdate.UpdateArguments ua2 = |
| new AccountsUpdate.UpdateArguments( |
| "second message", user.id(), (a, u) -> u.addExternalId(extId2)); |
| accountsUpdateProvider.get().updateBatch(ImmutableList.of(ua1, ua2)); |
| |
| try (Repository allUsersRepo = repoManager.openRepository(allUsers); |
| RevWalk rw = new RevWalk(allUsersRepo)) { |
| RevCommit commit = |
| rw.parseCommit(allUsersRepo.exactRef(RefNames.REFS_EXTERNAL_IDS).getObjectId()); |
| |
| assertThat(commit.getFullMessage()).isEqualTo("Batch update for 2 accounts\n"); |
| } |
| } |
| |
| @Test |
| public void externalIdBatchUpdates_commitMsg_singleAccount() throws Exception { |
| ExternalId extId = |
| externalIdFactory.createWithEmail( |
| externalIdKeyFactory.parse("foo:bar"), admin.id(), "1@foo.com"); |
| |
| accountsUpdateProvider.get().update("foobar", admin.id(), (a, u) -> u.addExternalId(extId)); |
| |
| try (Repository allUsersRepo = repoManager.openRepository(allUsers); |
| RevWalk rw = new RevWalk(allUsersRepo)) { |
| RevCommit commit = |
| rw.parseCommit(allUsersRepo.exactRef(RefNames.REFS_EXTERNAL_IDS).getObjectId()); |
| |
| assertThat(commit.getFullMessage()).isEqualTo("foobar\n"); |
| } |
| } |
| |
| @Test |
| public void searchForSecondaryEmailRequiresModifyAccountPermission() throws Exception { |
| String email = "preferred@example.com"; |
| TestAccount foo = accountCreator.create(name("foo"), email, "Foo", null); |
| String secondaryEmail = "secondary@example.com"; |
| EmailInput input = newEmailInput(secondaryEmail); |
| gApi.accounts().id(foo.id().get()).addEmail(input); |
| |
| requestScopeOperations.setApiUser(user.id()); |
| assertThrows(ResourceNotFoundException.class, () -> gApi.accounts().id("secondary")); |
| assertThrows( |
| ResourceNotFoundException.class, () -> gApi.accounts().id("secondary@example.com")); |
| requestScopeOperations.setApiUser(admin.id()); |
| assertThat(gApi.accounts().id("secondary").get()._accountId).isEqualTo(foo.id().get()); |
| assertThat(gApi.accounts().id("secondary@example.com").get()._accountId) |
| .isEqualTo(foo.id().get()); |
| } |
| |
| @Test |
| public void getAccountFromMetaId() throws RestApiException { |
| AccountState preUpdateState = accountCache.get(admin.id()).get(); |
| requestScopeOperations.setApiUser(admin.id()); |
| gApi.accounts().self().setStatus("New status"); |
| |
| AccountState postUpdateStatus = accountCache.get(admin.id()).get(); |
| assertThat(postUpdateStatus).isNotEqualTo(preUpdateState); |
| assertThat( |
| accountCache.getFromMetaId( |
| admin.id(), ObjectId.fromString(preUpdateState.account().metaId()))) |
| .isEqualTo(preUpdateState); |
| assertThat( |
| accountCache.getFromMetaId( |
| admin.id(), ObjectId.fromString(postUpdateStatus.account().metaId()))) |
| .isEqualTo(postUpdateStatus); |
| } |
| |
| private void createDraft(PushOneCommit.Result r, String path, String message) throws Exception { |
| DraftInput in = new DraftInput(); |
| in.path = path; |
| in.line = 1; |
| in.message = message; |
| gApi.changes().id(r.getChangeId()).current().createDraft(in); |
| } |
| |
| private void cleanUpDrafts() throws Exception { |
| for (TestAccount testAccount : accountCreator.getAll()) { |
| requestScopeOperations.setApiUser(testAccount.id()); |
| for (ChangeInfo changeInfo : gApi.changes().query("has:draft").get()) { |
| for (CommentInfo c : |
| gApi.changes().id(changeInfo.id).drafts().values().stream() |
| .flatMap(List::stream) |
| .collect(toImmutableList())) { |
| gApi.changes().id(changeInfo.id).revision(c.patchSet).draft(c.id).delete(); |
| } |
| } |
| } |
| } |
| |
| @Test |
| public void projectWatchesUpdate_refsUsersUpdated() throws RestApiException { |
| AccountState preUpdateState = accountCache.get(admin.id()).get(); |
| requestScopeOperations.setApiUser(admin.id()); |
| |
| ProjectWatchInfo projectWatchInfo = new ProjectWatchInfo(); |
| projectWatchInfo.project = project.get(); |
| projectWatchInfo.notifyAllComments = true; |
| gApi.accounts().self().setWatchedProjects(ImmutableList.of(projectWatchInfo)); |
| |
| AccountState updatedState1 = accountCache.get(admin.id()).get(); |
| assertThat(preUpdateState.account().metaId()).isNotEqualTo(updatedState1.account().metaId()); |
| |
| gApi.accounts().self().deleteWatchedProjects(ImmutableList.of(projectWatchInfo)); |
| |
| AccountState updatedState2 = accountCache.get(admin.id()).get(); |
| assertThat(updatedState1.account().metaId()).isNotEqualTo(updatedState2.account().metaId()); |
| } |
| |
| @Test |
| public void updateExternalId_externalIdApiUpdate_refsUsersUpdated() throws Exception { |
| AccountState preUpdateState = accountCache.get(admin.id()).get(); |
| requestScopeOperations.setApiUser(admin.id()); |
| |
| gApi.accounts().self().addEmail(newEmailInput("secondary@google.com")); |
| assertExternalIds( |
| admin.id(), |
| ImmutableSet.of( |
| "mailto:admin@example.com", "username:admin", "mailto:secondary@google.com")); |
| |
| AccountState updatedState1 = accountCache.get(admin.id()).get(); |
| assertThat(preUpdateState.account().metaId()).isNotEqualTo(updatedState1.account().metaId()); |
| |
| gApi.accounts().self().deleteExternalIds(ImmutableList.of("mailto:secondary@google.com")); |
| |
| AccountState updatedState2 = accountCache.get(admin.id()).get(); |
| assertThat(updatedState1.account().metaId()).isNotEqualTo(updatedState2.account().metaId()); |
| } |
| |
| @Test |
| public void addExternalId_accountUpdate_refsUsersUpdated() throws Exception { |
| AccountState preUpdateState = accountCache.get(admin.id()).get(); |
| requestScopeOperations.setApiUser(admin.id()); |
| |
| ExternalId externalId = externalIdFactory.create("custom", "value", admin.id()); |
| accountsUpdateProvider |
| .get() |
| .update("Add External ID", admin.id(), (a, u) -> u.addExternalId(externalId)); |
| assertExternalIds( |
| admin.id(), ImmutableSet.of("mailto:admin@example.com", "username:admin", "custom:value")); |
| |
| AccountState updatedState = accountCache.get(admin.id()).get(); |
| assertThat(preUpdateState.account().metaId()).isNotEqualTo(updatedState.account().metaId()); |
| } |
| |
| @Test |
| public void deleteExternalId_accountUpdate_refsUsersUpdated() throws Exception { |
| AccountState preUpdateState = accountCache.get(admin.id()).get(); |
| requestScopeOperations.setApiUser(admin.id()); |
| |
| ExternalId externalId = externalIdFactory.create("mailto", "admin@example.com", admin.id()); |
| accountsUpdateProvider |
| .get() |
| .update("Remove External ID", admin.id(), (a, u) -> u.deleteExternalId(externalId)); |
| assertExternalIds(admin.id(), ImmutableSet.of("username:admin")); |
| |
| AccountState updatedState = accountCache.get(admin.id()).get(); |
| assertThat(preUpdateState.account().metaId()).isNotEqualTo(updatedState.account().metaId()); |
| } |
| |
| @Test |
| public void updateExternalId_accountUpdate_refsUsersUpdated() throws Exception { |
| AccountState preUpdateState = accountCache.get(admin.id()).get(); |
| requestScopeOperations.setApiUser(admin.id()); |
| |
| ExternalId externalId = |
| externalIdFactory.createWithEmail( |
| SCHEME_USERNAME, "admin", admin.id(), "secondary@example.com"); |
| accountsUpdateProvider |
| .get() |
| .update("Remove External ID", admin.id(), (a, u) -> u.updateExternalId(externalId)); |
| assertExternalIds(admin.id(), ImmutableSet.of("mailto:admin@example.com", "username:admin")); |
| |
| AccountState updatedState = accountCache.get(admin.id()).get(); |
| assertThat(preUpdateState.account().metaId()).isNotEqualTo(updatedState.account().metaId()); |
| } |
| |
| @Test |
| public void replaceExternalId_accountUpdate_refsUsersUpdated() throws Exception { |
| AccountState preUpdateState = accountCache.get(admin.id()).get(); |
| requestScopeOperations.setApiUser(admin.id()); |
| |
| ExternalId externalId = |
| externalIdFactory.createWithEmail( |
| SCHEME_USERNAME, "admin", admin.id(), "secondary@example.com"); |
| accountsUpdateProvider |
| .get() |
| .update( |
| "Remove External ID", |
| admin.id(), |
| (a, u) -> |
| u.replaceExternalId( |
| externalIds.get(externalIdKeyFactory.create(SCHEME_USERNAME, "admin")).get(), |
| externalId)); |
| assertExternalIds(admin.id(), ImmutableSet.of("mailto:admin@example.com", "username:admin")); |
| |
| AccountState updatedState = accountCache.get(admin.id()).get(); |
| assertThat(preUpdateState.account().metaId()).isNotEqualTo(updatedState.account().metaId()); |
| } |
| |
| @Test |
| public void accountUpdate_updateBatch_allUsersExternalIdsUpdated_refsUsersUpdated() |
| throws Exception { |
| AccountState preUpdateAdminState = accountCache.get(admin.id()).get(); |
| AccountState preUpdateUserState = accountCache.get(user.id()).get(); |
| |
| requestScopeOperations.setApiUser(admin.id()); |
| ExternalId extId1 = |
| externalIdFactory.createWithEmail("custom", "admin-id", admin.id(), "admin-id@test.com"); |
| |
| ExternalId extId2 = |
| externalIdFactory.createWithEmail("custom", "user-id", user.id(), "user-id@test.com"); |
| |
| AccountsUpdate.UpdateArguments ua1 = |
| new AccountsUpdate.UpdateArguments( |
| "Add External ID", admin.id(), (a, u) -> u.addExternalId(extId1)); |
| AccountsUpdate.UpdateArguments ua2 = |
| new AccountsUpdate.UpdateArguments( |
| "Add External ID", user.id(), (a, u) -> u.addExternalId(extId2)); |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| accountsUpdateProvider.get().updateBatch(ImmutableList.of(ua1, ua2)); |
| } |
| accountIndexedCounter.assertReindexOf(admin.id(), 1); |
| accountIndexedCounter.assertReindexOf(user.id(), 1); |
| |
| assertExternalIds( |
| admin.id(), |
| ImmutableSet.of("mailto:admin@example.com", "username:admin", "custom:admin-id")); |
| assertExternalIds( |
| user.id(), ImmutableSet.of("username:user1", "mailto:user1@example.com", "custom:user-id")); |
| // Assert reindexing has worked on the updated accounts. |
| assertThat( |
| Iterables.getOnlyElement(gApi.accounts().query("admin-id@test.com").get())._accountId) |
| .isEqualTo(admin.id().get()); |
| assertThat(Iterables.getOnlyElement(gApi.accounts().query("user-id@test.com").get())._accountId) |
| .isEqualTo(user.id().get()); |
| AccountState updatedAdminState = accountCache.get(admin.id()).get(); |
| AccountState updatedUserState = accountCache.get(user.id()).get(); |
| assertThat(preUpdateAdminState.account().metaId()) |
| .isNotEqualTo(updatedAdminState.account().metaId()); |
| assertThat(preUpdateUserState.account().metaId()) |
| .isNotEqualTo(updatedUserState.account().metaId()); |
| } |
| |
| @Test |
| public void accountUpdate_updateBatch_someUsersExternalIdsUpdated_refsUsersUpdated() |
| throws Exception { |
| AccountState preUpdateAdminState = accountCache.get(admin.id()).get(); |
| AccountState preUpdateUserState = accountCache.get(user.id()).get(); |
| |
| requestScopeOperations.setApiUser(admin.id()); |
| AccountsUpdate.UpdateArguments ua1 = |
| new AccountsUpdate.UpdateArguments( |
| "Update Display Name", admin.id(), (a, u) -> u.setDisplayName("DN")); |
| AccountsUpdate.UpdateArguments ua2 = |
| new AccountsUpdate.UpdateArguments( |
| "Remove external Id", |
| user.id(), |
| (a, u) -> |
| u.deleteExternalId( |
| externalIdFactory.createWithEmail( |
| SCHEME_MAILTO, user.email(), user.id(), user.email()))); |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| accountsUpdateProvider.get().updateBatch(ImmutableList.of(ua1, ua2)); |
| } |
| accountIndexedCounter.assertReindexOf(admin.id(), 1); |
| accountIndexedCounter.assertReindexOf(user.id(), 1); |
| |
| // Only the version in config of the user with external id update was updated. |
| AccountState updatedAdminState = accountCache.get(admin.id()).get(); |
| AccountState updatedUserState = accountCache.get(user.id()).get(); |
| assertThat(preUpdateAdminState.account().metaId()) |
| .isNotEqualTo(updatedAdminState.account().metaId()); |
| assertThat(preUpdateUserState.account().metaId()) |
| .isNotEqualTo(updatedUserState.account().metaId()); |
| } |
| |
| @Test |
| @GerritConfig(name = "accounts.visibility", value = "SAME_GROUP") |
| public void accountsCanSeeEachOtherThroughASharedExternalGroupOnlyWhenTheGroupIsMentionedInAcls() |
| throws Exception { |
| TestAccount user2 = accountCreator.user2(); |
| |
| // user and user2 cannot see each other because they do not share a Gerrit internal group |
| assertThat( |
| accountControlFactory.get(identifiedUserFactory.create(user.id())).canSee(user2.id())) |
| .isFalse(); |
| assertThat( |
| accountControlFactory.get(identifiedUserFactory.create(user2.id())).canSee(user.id())) |
| .isFalse(); |
| |
| // Configure an external group backend that has a single group that contains all users. |
| TestGroupBackend testGroupBackend = createTestGroupBackendWithAllUsersGroup("AllUsers"); |
| try (ExtensionRegistry.Registration registration = |
| extensionRegistry.newRegistration().add(testGroupBackend)) { |
| // user and user2 cannot see each other although the external AllUsers group contains both |
| // users. That's because this group is not detected as relevant and hence its memberships are |
| // not checked. |
| assertThat( |
| accountControlFactory.get(identifiedUserFactory.create(user.id())).canSee(user2.id())) |
| .isFalse(); |
| assertThat( |
| accountControlFactory.get(identifiedUserFactory.create(user2.id())).canSee(user.id())) |
| .isFalse(); |
| |
| // Add ACL for the external group. |
| projectOperations |
| .project(project) |
| .forUpdate() |
| .add( |
| TestProjectUpdate.allowLabel("Code-Review") |
| .range(0, 1) |
| .ref("refs/heads/*") |
| .group(AccountGroup.uuid(TestGroupBackend.PREFIX + "AllUsers")) |
| .build()) |
| .update(); |
| |
| // user and user2 can now see each other because the external AllUsers group that contains |
| // both users is guessed as relevant now that permissions are assigned to this group. |
| assertThat( |
| accountControlFactory.get(identifiedUserFactory.create(user.id())).canSee(user2.id())) |
| .isTrue(); |
| assertThat( |
| accountControlFactory.get(identifiedUserFactory.create(user2.id())).canSee(user.id())) |
| .isTrue(); |
| } |
| } |
| |
| @Test |
| @GerritConfig(name = "accounts.visibility", value = "SAME_GROUP") |
| @GerritConfig(name = "groups.relevantGroup", value = "testbackend:AllUsers") |
| public void accountsCanSeeEachOtherThroughASharedExternalGroupThatIsConfiguredAsRelevant() |
| throws Exception { |
| TestAccount user2 = accountCreator.user2(); |
| |
| // user and user2 cannot see each other because they do not share a Gerrit internal group |
| assertThat( |
| accountControlFactory.get(identifiedUserFactory.create(user.id())).canSee(user2.id())) |
| .isFalse(); |
| assertThat( |
| accountControlFactory.get(identifiedUserFactory.create(user2.id())).canSee(user.id())) |
| .isFalse(); |
| |
| // Check that the configured relevant group is included into the guessed groups. |
| assertThat(projectCache.guessRelevantGroupUUIDs()) |
| .contains(AccountGroup.uuid("testbackend:AllUsers")); |
| |
| // Configure an external group backend that has a single group that contains all users. |
| TestGroupBackend testGroupBackend = createTestGroupBackendWithAllUsersGroup("AllUsers"); |
| try (ExtensionRegistry.Registration registration = |
| extensionRegistry.newRegistration().add(testGroupBackend)) { |
| // user and user2 can see each other since the external AllUsers that contains both users has |
| // been configured as a relevant group. |
| assertThat( |
| accountControlFactory.get(identifiedUserFactory.create(user.id())).canSee(user2.id())) |
| .isTrue(); |
| assertThat( |
| accountControlFactory.get(identifiedUserFactory.create(user2.id())).canSee(user.id())) |
| .isTrue(); |
| } |
| } |
| |
| private TestGroupBackend createTestGroupBackendWithAllUsersGroup(String nameOfAllUsersGroup) |
| throws IOException { |
| TestGroupBackend testGroupBackend = new TestGroupBackend(); |
| |
| AccountGroup.UUID allUsersGroupUuid = |
| testGroupBackend.create(nameOfAllUsersGroup).getGroupUUID(); |
| |
| GroupMembership testGroupMembership = |
| new GroupMembership() { |
| @Override |
| public Set<AccountGroup.UUID> intersection(Iterable<AccountGroup.UUID> groupUuids) { |
| return StreamSupport.stream(groupUuids.spliterator(), /* parallel= */ false) |
| .filter(this::contains) |
| .collect(toSet()); |
| } |
| |
| @Override |
| public Set<AccountGroup.UUID> getKnownGroups() { |
| // Typically for external group backends it's too expensive to query all groups that the |
| // user is a member of. Instead limit the group membership check to groups that are |
| // guessed to be relevant. |
| return projectCache.guessRelevantGroupUUIDs().stream() |
| // filter out groups of other group backends and groups of this group backend that |
| // don't exist |
| .filter( |
| uuid -> testGroupBackend.handles(uuid) && testGroupBackend.get(uuid) != null) |
| .collect(toImmutableSet()); |
| } |
| |
| @Override |
| public boolean containsAnyOf(Iterable<AccountGroup.UUID> groupUuids) { |
| return StreamSupport.stream(groupUuids.spliterator(), /* parallel= */ false) |
| .anyMatch(this::contains); |
| } |
| |
| @Override |
| public boolean contains(AccountGroup.UUID groupUuid) { |
| return allUsersGroupUuid.equals(groupUuid); |
| } |
| }; |
| |
| accounts |
| .allIds() |
| .forEach(accountId -> testGroupBackend.setMembershipsOf(accountId, testGroupMembership)); |
| |
| return testGroupBackend; |
| } |
| |
| private void assertExternalIds(Account.Id accountId, ImmutableSet<String> extIds) |
| throws Exception { |
| assertThat( |
| gApi.accounts().id(accountId.get()).getExternalIds().stream() |
| .map(e -> e.identity) |
| .collect(toImmutableSet())) |
| .isEqualTo(extIds); |
| } |
| |
| private static Correspondence<GroupInfo, String> getGroupToNameCorrespondence() { |
| return NullAwareCorrespondence.transforming(groupInfo -> groupInfo.name, "has name"); |
| } |
| |
| private void assertSequenceNumbers(List<SshKeyInfo> sshKeys) { |
| int seq = 1; |
| for (SshKeyInfo key : sshKeys) { |
| assertThat(key.seq).isEqualTo(seq++); |
| } |
| } |
| |
| private PGPPublicKey getOnlyKeyFromStore(TestKey key) throws Exception { |
| try (PublicKeyStore store = publicKeyStoreProvider.get()) { |
| Iterable<PGPPublicKeyRing> keys = store.get(key.getKeyId()); |
| assertThat(keys).hasSize(1); |
| return keys.iterator().next().getPublicKey(); |
| } |
| } |
| |
| private static String armor(PGPPublicKey key) throws Exception { |
| ByteArrayOutputStream out = new ByteArrayOutputStream(4096); |
| try (ArmoredOutputStream aout = new ArmoredOutputStream(out)) { |
| key.encode(aout); |
| } |
| return new String(out.toByteArray(), UTF_8); |
| } |
| |
| private static void assertIteratorSize(int size, Iterator<?> it) { |
| List<?> lst = ImmutableList.copyOf(it); |
| assertThat(lst).hasSize(size); |
| } |
| |
| private static void assertKeyMapContains(TestKey expected, Map<String, GpgKeyInfo> actualMap) { |
| GpgKeyInfo actual = actualMap.get(expected.getKeyIdString()); |
| assertThat(actual).isNotNull(); |
| assertThat(actual.id).isNull(); |
| actual.id = expected.getKeyIdString(); |
| assertKeyEquals(expected, actual); |
| } |
| |
| private void assertKeys(TestKey... expectedKeys) throws Exception { |
| assertKeys(Arrays.asList(expectedKeys)); |
| } |
| |
| private void assertKeys(Iterable<TestKey> expectedKeys) throws Exception { |
| // Check via API. |
| FluentIterable<TestKey> expected = FluentIterable.from(expectedKeys); |
| Map<String, GpgKeyInfo> keyMap = gApi.accounts().self().listGpgKeys(); |
| assertWithMessage("keys returned by listGpgKeys()") |
| .that(keyMap.keySet()) |
| .containsExactlyElementsIn(expected.transform(TestKey::getKeyIdString)); |
| |
| for (TestKey key : expected) { |
| assertKeyEquals(key, gApi.accounts().self().gpgKey(key.getKeyIdString()).get()); |
| assertKeyEquals( |
| key, |
| gApi.accounts() |
| .self() |
| .gpgKey(Fingerprint.toString(key.getPublicKey().getFingerprint())) |
| .get()); |
| assertKeyMapContains(key, keyMap); |
| } |
| |
| // Check raw external IDs. |
| Account.Id currAccountId = atrScope.get().getUser().getAccountId(); |
| Iterable<String> expectedFps = |
| expected.transform(k -> BaseEncoding.base16().encode(k.getPublicKey().getFingerprint())); |
| Iterable<String> actualFps = |
| externalIds.byAccount(currAccountId, SCHEME_GPGKEY).stream() |
| .map(e -> e.key().id()) |
| .collect(toSet()); |
| assertWithMessage("external IDs in database") |
| .that(actualFps) |
| .containsExactlyElementsIn(expectedFps); |
| |
| // Check raw stored keys. |
| for (TestKey key : expected) { |
| getOnlyKeyFromStore(key); |
| } |
| } |
| |
| private static void assertKeyEquals(TestKey expected, GpgKeyInfo actual) { |
| String id = expected.getKeyIdString(); |
| assertWithMessage(id).that(actual.id).isEqualTo(id); |
| assertWithMessage(id) |
| .that(actual.fingerprint) |
| .isEqualTo(Fingerprint.toString(expected.getPublicKey().getFingerprint())); |
| List<String> userIds = ImmutableList.copyOf(expected.getPublicKey().getUserIDs()); |
| assertWithMessage(id).that(actual.userIds).containsExactlyElementsIn(userIds); |
| String key = actual.key; |
| assertWithMessage(id).that(key).startsWith("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"); |
| assertWithMessage(id).that(key).endsWith("-----END PGP PUBLIC KEY BLOCK-----\n"); |
| assertThat(actual.status).isEqualTo(GpgKeyInfo.Status.TRUSTED); |
| assertThat(actual.problems).isEmpty(); |
| } |
| |
| private void addExternalIdEmail(TestAccount account, String email) throws Exception { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| requireNonNull(email); |
| accountsUpdateProvider |
| .get() |
| .update( |
| "Add Email", |
| account.id(), |
| u -> |
| u.addExternalId( |
| externalIdFactory.createWithEmail(name("test"), email, account.id(), email))); |
| accountIndexedCounter.assertReindexOf(account); |
| requestScopeOperations.setApiUser(account.id()); |
| } |
| } |
| |
| private Map<String, GpgKeyInfo> addGpgKey(String armored) throws Exception { |
| return addGpgKey(admin, armored); |
| } |
| |
| private Map<String, GpgKeyInfo> addGpgKey(TestAccount account, String armored) throws Exception { |
| return testRefAction( |
| () -> { |
| AccountIndexedCounter accountIndexedCounter = new AccountIndexedCounter(); |
| try (Registration registration = |
| extensionRegistry.newRegistration().add(accountIndexedCounter)) { |
| Map<String, GpgKeyInfo> gpgKeys = |
| gApi.accounts() |
| .id(account.username()) |
| .putGpgKeys(ImmutableList.of(armored), ImmutableList.<String>of()); |
| accountIndexedCounter.assertReindexOf(gApi.accounts().id(account.username()).get()); |
| return gpgKeys; |
| } |
| }); |
| } |
| |
| private Map<String, GpgKeyInfo> addGpgKeyNoReindex(String armored) throws Exception { |
| return gApi.accounts().self().putGpgKeys(ImmutableList.of(armored), ImmutableList.of()); |
| } |
| |
| private void assertUser(AccountInfo info, TestAccount account) throws Exception { |
| assertUser(info, account, null); |
| } |
| |
| private void assertUser(AccountInfo info, TestAccount account, @Nullable String expectedStatus) |
| throws Exception { |
| assertThat(info.name).isEqualTo(account.fullName()); |
| assertThat(info.email).isEqualTo(account.email()); |
| assertThat(info.username).isEqualTo(account.username()); |
| assertThat(info.status).isEqualTo(expectedStatus); |
| } |
| |
| private Set<String> getEmails() throws RestApiException { |
| return gApi.accounts().self().getEmails().stream().map(e -> e.email).collect(toSet()); |
| } |
| |
| private void assertEmail(Set<Account.Id> accounts, TestAccount expectedAccount) { |
| assertThat(accounts).hasSize(1); |
| assertThat(Iterables.getOnlyElement(accounts)).isEqualTo(expectedAccount.id()); |
| } |
| |
| private AccountApi accountIdApi() throws RestApiException { |
| return gApi.accounts().id(user.id().get()); |
| } |
| |
| private Set<String> getCookiesNames() { |
| Set<String> cookieNames = |
| httpCookieStore.getCookies().stream() |
| .map(cookie -> cookie.getName()) |
| .collect(Collectors.toSet()); |
| return cookieNames; |
| } |
| |
| private void webLogin(Integer accountId) throws IOException, ClientProtocolException { |
| httpGetAndAssertStatus( |
| "login?account_id=" + accountId, HttpServletResponse.SC_MOVED_TEMPORARILY); |
| } |
| |
| private void httpGetAndAssertStatus(String urlPath, int expectedHttpStatus) |
| throws ClientProtocolException, IOException { |
| HttpGet httpGet = new HttpGet(canonicalWebUrl.get() + urlPath); |
| HttpResponse loginResponse = httpclient.execute(httpGet); |
| assertThat(loginResponse.getStatusLine().getStatusCode()).isEqualTo(expectedHttpStatus); |
| } |
| |
| private static class RefUpdateCounter implements GitReferenceUpdatedListener { |
| private final AtomicLongMap<String> countsByProjectRefs = AtomicLongMap.create(); |
| |
| static String projectRef(Project.NameKey project, String ref) { |
| return projectRef(project.get(), ref); |
| } |
| |
| static String projectRef(String project, String ref) { |
| return project + ":" + ref; |
| } |
| |
| @Override |
| public void onGitReferenceUpdated(Event event) { |
| countsByProjectRefs.incrementAndGet(projectRef(event.getProjectName(), event.getRefName())); |
| } |
| |
| void clear() { |
| countsByProjectRefs.clear(); |
| } |
| |
| void assertRefUpdateFor(String... projectRefs) { |
| Map<String, Long> expectedRefUpdateCounts = new HashMap<>(); |
| for (String projectRef : projectRefs) { |
| expectedRefUpdateCounts.put(projectRef, 1L); |
| } |
| assertRefUpdateFor(expectedRefUpdateCounts); |
| } |
| |
| void assertRefUpdateFor(Map<String, Long> expectedProjectRefUpdateCounts) { |
| assertThat(countsByProjectRefs.asMap()) |
| .containsExactlyEntriesIn(expectedProjectRefUpdateCounts); |
| clear(); |
| } |
| } |
| } |