blob: 65a81f7457201689cb682ca5d098601598f959ce [file] [log] [blame]
// Copyright (C) 2009 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server;
import static com.google.common.base.MoreObjects.firstNonNull;
import static com.google.common.collect.ImmutableSet.toImmutableSet;
import static com.google.common.flogger.LazyArgs.lazy;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.google.common.flogger.FluentLogger;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.common.UsedAt;
import com.google.gerrit.entities.Account;
import com.google.gerrit.server.account.AccountCache;
import com.google.gerrit.server.account.AccountState;
import com.google.gerrit.server.account.GroupBackend;
import com.google.gerrit.server.account.GroupMembership;
import com.google.gerrit.server.account.ListGroupMembership;
import com.google.gerrit.server.account.Realm;
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.config.AnonymousCowardName;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.gerrit.server.config.EnablePeerIPInReflogRecord;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.inject.Inject;
import com.google.inject.OutOfScopeException;
import com.google.inject.Provider;
import com.google.inject.ProvisionException;
import com.google.inject.Singleton;
import com.google.inject.util.Providers;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.SocketAddress;
import java.net.URL;
import java.time.Instant;
import java.time.ZoneId;
import java.util.Optional;
import java.util.Set;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.util.SystemReader;
/** An authenticated user. */
public class IdentifiedUser extends CurrentUser {
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
/** Create an IdentifiedUser, ignoring any per-request state. */
@Singleton
public static class GenericFactory {
private final AuthConfig authConfig;
private final Realm realm;
private final String anonymousCowardName;
private final Provider<String> canonicalUrl;
private final AccountCache accountCache;
private final GroupBackend groupBackend;
private final Boolean enablePeerIPInReflogRecord;
@Inject
public GenericFactory(
AuthConfig authConfig,
Realm realm,
@AnonymousCowardName String anonymousCowardName,
@CanonicalWebUrl Provider<String> canonicalUrl,
@EnablePeerIPInReflogRecord Boolean enablePeerIPInReflogRecord,
AccountCache accountCache,
GroupBackend groupBackend) {
this.authConfig = authConfig;
this.realm = realm;
this.anonymousCowardName = anonymousCowardName;
this.canonicalUrl = canonicalUrl;
this.accountCache = accountCache;
this.groupBackend = groupBackend;
this.enablePeerIPInReflogRecord = enablePeerIPInReflogRecord;
}
public IdentifiedUser create(AccountState state) {
return new IdentifiedUser(
authConfig,
realm,
anonymousCowardName,
canonicalUrl,
accountCache,
groupBackend,
enablePeerIPInReflogRecord,
Providers.of(null),
state,
null);
}
public IdentifiedUser create(Account.Id id) {
return create(null, id);
}
@VisibleForTesting
@UsedAt(UsedAt.Project.GOOGLE)
public IdentifiedUser forTest(Account.Id id, PropertyMap properties) {
return runAs(null, id, null, properties);
}
public IdentifiedUser create(SocketAddress remotePeer, Account.Id id) {
return runAs(remotePeer, id, null);
}
public IdentifiedUser runAs(
SocketAddress remotePeer, Account.Id id, @Nullable CurrentUser caller) {
return runAs(remotePeer, id, caller, PropertyMap.EMPTY);
}
private IdentifiedUser runAs(
SocketAddress remotePeer,
Account.Id id,
@Nullable CurrentUser caller,
PropertyMap properties) {
return new IdentifiedUser(
authConfig,
realm,
anonymousCowardName,
canonicalUrl,
accountCache,
groupBackend,
enablePeerIPInReflogRecord,
Providers.of(remotePeer),
id,
caller,
properties);
}
}
/**
* Create an IdentifiedUser, relying on current request state.
*
* <p>Can only be used from within a module that has defined a request scoped {@code @RemotePeer
* SocketAddress} provider.
*/
@Singleton
public static class RequestFactory {
private final AuthConfig authConfig;
private final Realm realm;
private final String anonymousCowardName;
private final Provider<String> canonicalUrl;
private final AccountCache accountCache;
private final GroupBackend groupBackend;
private final Boolean enablePeerIPInReflogRecord;
private final Provider<SocketAddress> remotePeerProvider;
@Inject
RequestFactory(
AuthConfig authConfig,
Realm realm,
@AnonymousCowardName String anonymousCowardName,
@CanonicalWebUrl Provider<String> canonicalUrl,
AccountCache accountCache,
GroupBackend groupBackend,
@EnablePeerIPInReflogRecord Boolean enablePeerIPInReflogRecord,
@RemotePeer Provider<SocketAddress> remotePeerProvider) {
this.authConfig = authConfig;
this.realm = realm;
this.anonymousCowardName = anonymousCowardName;
this.canonicalUrl = canonicalUrl;
this.accountCache = accountCache;
this.groupBackend = groupBackend;
this.enablePeerIPInReflogRecord = enablePeerIPInReflogRecord;
this.remotePeerProvider = remotePeerProvider;
}
public IdentifiedUser create(Account.Id id) {
return create(id, PropertyMap.EMPTY);
}
public <T> IdentifiedUser create(Account.Id id, PropertyMap properties) {
return new IdentifiedUser(
authConfig,
realm,
anonymousCowardName,
canonicalUrl,
accountCache,
groupBackend,
enablePeerIPInReflogRecord,
remotePeerProvider,
id,
null,
properties);
}
public IdentifiedUser runAs(Account.Id id, CurrentUser caller, PropertyMap properties) {
return new IdentifiedUser(
authConfig,
realm,
anonymousCowardName,
canonicalUrl,
accountCache,
groupBackend,
enablePeerIPInReflogRecord,
remotePeerProvider,
id,
caller,
properties);
}
}
private static final GroupMembership registeredGroups =
new ListGroupMembership(
ImmutableSet.of(SystemGroupBackend.ANONYMOUS_USERS, SystemGroupBackend.REGISTERED_USERS));
private final Provider<String> canonicalUrl;
private final AccountCache accountCache;
private final AuthConfig authConfig;
private final Realm realm;
private final GroupBackend groupBackend;
private final String anonymousCowardName;
private final Boolean enablePeerIPInReflogRecord;
private final Set<String> validEmails = Sets.newTreeSet(String.CASE_INSENSITIVE_ORDER);
private final CurrentUser realUser; // Must be final since cached properties depend on it.
private final Provider<SocketAddress> remotePeerProvider;
private final Account.Id accountId;
private AccountState state;
private boolean loadedAllEmails;
private Set<String> invalidEmails;
private GroupMembership effectiveGroups;
private IdentifiedUser(
AuthConfig authConfig,
Realm realm,
String anonymousCowardName,
Provider<String> canonicalUrl,
AccountCache accountCache,
GroupBackend groupBackend,
Boolean enablePeerIPInReflogRecord,
@Nullable Provider<SocketAddress> remotePeerProvider,
AccountState state,
@Nullable CurrentUser realUser) {
this(
authConfig,
realm,
anonymousCowardName,
canonicalUrl,
accountCache,
groupBackend,
enablePeerIPInReflogRecord,
remotePeerProvider,
state.account().id(),
realUser,
PropertyMap.EMPTY);
this.state = state;
}
private IdentifiedUser(
AuthConfig authConfig,
Realm realm,
String anonymousCowardName,
Provider<String> canonicalUrl,
AccountCache accountCache,
GroupBackend groupBackend,
Boolean enablePeerIPInReflogRecord,
@Nullable Provider<SocketAddress> remotePeerProvider,
Account.Id id,
@Nullable CurrentUser realUser,
PropertyMap properties) {
super(properties);
this.canonicalUrl = canonicalUrl;
this.accountCache = accountCache;
this.groupBackend = groupBackend;
this.authConfig = authConfig;
this.realm = realm;
this.anonymousCowardName = anonymousCowardName;
this.enablePeerIPInReflogRecord = enablePeerIPInReflogRecord;
this.remotePeerProvider = remotePeerProvider;
this.accountId = id;
this.realUser = realUser != null ? realUser : this;
}
@Override
public CurrentUser getRealUser() {
return realUser;
}
@Override
public boolean isImpersonating() {
if (realUser == this) {
return false;
}
if (realUser.isIdentifiedUser()) {
if (realUser.getAccountId().equals(getAccountId())) {
// Impersonating another copy of this user is allowed.
return false;
}
}
return true;
}
/**
* Returns the account state of the identified user.
*
* @return the account state of the identified user, an empty account state if the account is
* missing
*/
public AccountState state() {
if (state == null) {
// TODO(ekempin):
// Ideally we would only create IdentifiedUser instances for existing accounts. To ensure
// this we could load the account state eagerly on the creation of IdentifiedUser and fail is
// the account is missing. In most cases, e.g. when creating an IdentifiedUser for a request
// context, we really want to fail early if the account is missing. However there are some
// usages where an IdentifiedUser may be instantiated for a missing account. We may go
// through all of them and ensure that they never try to create an IdentifiedUser for a
// missing account or make this explicit by adding a createEvenIfMissing method to
// IdentifiedUser.GenericFactory. However since this is a lot of effort we stick with calling
// AccountCache#getEvenIfMissing(Account.Id) for now.
// Alternatively we could be could also return an Optional<AccountState> from the state()
// method and let callers handle the missing account case explicitly. But this would be a lot
// of work too.
state = accountCache.getEvenIfMissing(getAccountId());
}
return state;
}
@Override
public IdentifiedUser asIdentifiedUser() {
return this;
}
@Override
public Account.Id getAccountId() {
return accountId;
}
/**
* Returns the user's user name; null if one has not been selected/assigned or if the user name is
* empty.
*/
@Override
public Optional<String> getUserName() {
return state().userName();
}
/** Returns unique name of the user for logging, never {@code null} */
@Override
public String getLoggableName() {
return getUserName()
.orElseGet(() -> firstNonNull(getAccount().preferredEmail(), "a/" + getAccountId().get()));
}
/**
* Returns the account of the identified user.
*
* @return the account of the identified user, an empty account if the account is missing
*/
public Account getAccount() {
return state().account();
}
public boolean hasEmailAddress(String email) {
if (validEmails.contains(email)) {
return true;
} else if (invalidEmails != null && invalidEmails.contains(email)) {
return false;
} else if (realm.hasEmailAddress(this, email)) {
validEmails.add(email);
return true;
} else if (invalidEmails == null) {
invalidEmails = Sets.newTreeSet(String.CASE_INSENSITIVE_ORDER);
}
invalidEmails.add(email);
return false;
}
@Override
public ImmutableSet<String> getEmailAddresses() {
if (!loadedAllEmails) {
validEmails.addAll(realm.getEmailAddresses(this));
loadedAllEmails = true;
}
return ImmutableSet.copyOf(validEmails);
}
@Override
public ImmutableSet<ExternalId.Key> getExternalIdKeys() {
return state().externalIds().stream().map(ExternalId::key).collect(toImmutableSet());
}
public String getName() {
return getAccount().getName();
}
public String getNameEmail() {
return getAccount().getNameEmail(anonymousCowardName);
}
@Override
public GroupMembership getEffectiveGroups() {
if (effectiveGroups == null) {
if (authConfig.isIdentityTrustable(state().externalIds())) {
effectiveGroups = groupBackend.membershipsOf(this);
logger.atFinest().log(
"Known groups of %s: %s", getLoggableName(), lazy(effectiveGroups::getKnownGroups));
} else {
effectiveGroups = registeredGroups;
logger.atFinest().log(
"%s has a non-trusted identity, falling back to %s as known groups",
getLoggableName(), lazy(registeredGroups::getKnownGroups));
}
}
return effectiveGroups;
}
@Override
public Object getCacheKey() {
return getAccountId();
}
public PersonIdent newRefLogIdent() {
return newRefLogIdent(Instant.now(), ZoneId.systemDefault());
}
public PersonIdent newRefLogIdent(Instant when, ZoneId zoneId) {
final Account ua = getAccount();
String name = ua.fullName();
if (name == null || name.isEmpty()) {
name = ua.preferredEmail();
}
if (name == null || name.isEmpty()) {
name = anonymousCowardName;
}
String user;
if (enablePeerIPInReflogRecord) {
user = constructMailAddress(ua, guessHost());
} else {
user =
Strings.isNullOrEmpty(ua.preferredEmail())
? constructMailAddress(ua, "unknown")
: ua.preferredEmail();
}
return new PersonIdent(name, user, when, zoneId);
}
private String constructMailAddress(Account ua, String host) {
return getUserName().orElse("") + "|account-" + ua.id().toString() + "@" + host;
}
public PersonIdent newCommitterIdent(PersonIdent ident) {
return newCommitterIdent(ident.getWhenAsInstant(), ident.getZoneId());
}
public PersonIdent newCommitterIdent(Instant when, ZoneId zoneId) {
final Account ua = getAccount();
String name = ua.fullName();
String email = ua.preferredEmail();
if (email == null || email.isEmpty()) {
// No preferred email is configured. Use a generic identity so we
// don't leak an address the user may have given us, but doesn't
// necessarily want to publish through Git records.
//
String user = getUserName().orElseGet(() -> "account-" + ua.id().toString());
String host;
if (canonicalUrl.get() != null) {
try {
host = new URL(canonicalUrl.get()).getHost();
} catch (MalformedURLException e) {
host = SystemReader.getInstance().getHostname();
}
} else {
host = SystemReader.getInstance().getHostname();
}
email = user + "@" + host;
}
if (name == null || name.isEmpty()) {
final int at = email.indexOf('@');
if (0 < at) {
name = email.substring(0, at);
} else {
name = anonymousCowardName;
}
}
return new PersonIdent(name, email, when, zoneId);
}
@Override
public String toString() {
return "IdentifiedUser[account " + getAccountId() + "]";
}
/** Check if user is the IdentifiedUser */
@Override
public boolean isIdentifiedUser() {
return true;
}
/**
* Returns a materialized copy of the user with all dependencies.
*
* <p>Invoke all providers and factories of dependent objects and store the references to a copy
* of the current identified user.
*
* @return copy of the identified user
*/
public IdentifiedUser materializedCopy() {
Provider<SocketAddress> remotePeer;
try {
remotePeer = Providers.of(remotePeerProvider.get());
} catch (OutOfScopeException | ProvisionException e) {
remotePeer =
() -> {
throw e;
};
}
return new IdentifiedUser(
authConfig,
realm,
anonymousCowardName,
Providers.of(canonicalUrl.get()),
accountCache,
groupBackend,
enablePeerIPInReflogRecord,
remotePeer,
state,
realUser);
}
@Override
public boolean hasSameAccountId(CurrentUser other) {
return getAccountId().get() == other.getAccountId().get();
}
private String guessHost() {
String host = null;
SocketAddress remotePeer = null;
try {
remotePeer = remotePeerProvider.get();
} catch (OutOfScopeException | ProvisionException e) {
// Leave null.
}
if (remotePeer instanceof InetSocketAddress) {
InetSocketAddress sa = (InetSocketAddress) remotePeer;
InetAddress in = sa.getAddress();
host = in != null ? in.getHostAddress() : sa.getHostName();
}
if (Strings.isNullOrEmpty(host)) {
return "unknown";
}
return host;
}
}