Merge "AccountPatchReview : fix mariadb status matching" into stable-3.2
diff --git a/.bazelrc b/.bazelrc
index bf3aa6c..3556b82 100644
--- a/.bazelrc
+++ b/.bazelrc
@@ -11,6 +11,10 @@
# this flag here once flipped in Bazel again.
build --incompatible_strict_action_env
+# Workaround Bazel worker crash (remove after upgrading to 4.1.0)
+# https://github.com/bazelbuild/bazel/issues/13333
+build --experimental_worker_multiplex=false
+
test --build_tests_only
test --test_output=errors
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt
index e9d5e55..0c0626e 100644
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -604,7 +604,14 @@
By default this is set to `LDAP` when link:#auth.type[`auth.type`] is `LDAP`
and `OAUTH` when link:#auth.type[`auth.type`] is `OAUTH`.
Otherwise, the default value is `HTTP`.
-
++
+When gitBasicAuthPolicy is set to `LDAP` or `HTTP_LDAP` and the user
+is authenticating with the LDAP username/password, the Git client config
+needs to have `http.cookieFile` set to a local file, otherwise every
+single call would trigger a full LDAP authentication and groups resolution
+which could introduce a noticeable latency on the overall execution
+and produce unwanted load to the LDAP server.
++
[[auth.gitOAuthProvider]]auth.gitOAuthProvider::
+
Selects the OAuth 2 provider to authenticate git over HTTP traffic with.
@@ -634,7 +641,9 @@
existing accounts this username is already in lower case. It is not
possible to convert the usernames of the existing accounts to lower
case because this would break the access to existing per-user
-branches and Gerrit provides no tool to do such a conversion.
+branches and Gerrit provides no tool to do such a conversion. Accounts
+created using the REST API or the `create-account` SSH command will
+be created with all lowercase characters, when this option is set.
+
Setting this parameter to `true` will prevent all users from login that
have a non-lower-case username.
diff --git a/Documentation/config-sso.txt b/Documentation/config-sso.txt
index 14399a3..37ab0c0 100644
--- a/Documentation/config-sso.txt
+++ b/Documentation/config-sso.txt
@@ -44,9 +44,9 @@
* `http://` -- trust all OpenID providers using the HTTP protocol
* `https://` -- trust all OpenID providers using the HTTPS protocol
-To trust only Yahoo!:
+To trust only Launchpad:
----
- git config --file $site_path/etc/gerrit.config auth.trustedOpenID https://me.yahoo.com
+ git config --file $site_path/etc/gerrit.config auth.trustedOpenID https://login.launchpad.net/+openid
----
=== Database Schema
diff --git a/Documentation/dev-bazel.txt b/Documentation/dev-bazel.txt
index 02ae43c..0be4f2f 100644
--- a/Documentation/dev-bazel.txt
+++ b/Documentation/dev-bazel.txt
@@ -507,6 +507,10 @@
* ~/.gerritcodereview/bazel-cache/repository
* ~/.gerritcodereview/bazel-cache/cas
+The `downloaded-artifacts` cache can be relocated by setting the
+`GERRIT_CACHE_HOME` environment variable. The other two can be adjusted with
+`bazel build` options `--repository_cache` and `--disk_cache` respectively.
+
Currently none of these caches have a maximum size limit. See
link:https://github.com/bazelbuild/bazel/issues/5139[this bazel issue,role=external,window=_blank] for
details. Users should watch the cache sizes and clean them manually if
diff --git a/Documentation/dev-design.txt b/Documentation/dev-design.txt
index c94862e..1935586 100644
--- a/Documentation/dev-design.txt
+++ b/Documentation/dev-design.txt
@@ -256,11 +256,7 @@
Gerrit integrates with any OpenID provider for user authentication,
making it easier for users to join a Gerrit site and manage their
-authentication credentials to it. To make use of Google Accounts
-as an OpenID provider easier, Gerrit has a shorthand "Sign in with
-a Google Account" link on its sign-in screen. Gerrit also supports
-a shorthand sign in link for Yahoo!. Other providers may also be
-supported more directly in the future.
+authentication credentials to it.
Site administrators may limit the range of OpenID providers to
a subset of "reliable providers". Users may continue to use
diff --git a/Documentation/metrics.txt b/Documentation/metrics.txt
index 4724445..5eadc74 100644
--- a/Documentation/metrics.txt
+++ b/Documentation/metrics.txt
@@ -96,6 +96,13 @@
* `http/server/jetty/threadpool/pool_size`: Current thread pool size
* `http/server/jetty/threadpool/queue_size`: Queued requests waiting for a thread
+==== LDAP
+
+* `ldap/login_latency`: Latency of logins.
+* `ldap/user_search_latency`: Latency for searching the user account.
+* `ldap/group_search_latency`: Latency for querying the group memberships of an account.
+* `ldap/group_expansion_latency`: Latency for expanding nested groups.
+
==== REST API
* `http/server/error_count`: Rate of REST API error responses.
diff --git a/Documentation/pgm-LocalUsernamesToLowerCase.txt b/Documentation/pgm-LocalUsernamesToLowerCase.txt
index 53081a1..a526647 100644
--- a/Documentation/pgm-LocalUsernamesToLowerCase.txt
+++ b/Documentation/pgm-LocalUsernamesToLowerCase.txt
@@ -28,10 +28,14 @@
Please be aware that the conversion of the local usernames to lower
case can't be undone.
-The program will produce errors if there are accounts that have the
+The program will produce errors if there are accounts with a different
+account-id or other properties (e.g. email, password) that have the
same local username, but with different case. In this case the local
username for these accounts is not converted to lower case.
+The program will automatically remove duplicates where the username
+differs only in case but all other attributes are identical.
+
After all usernames have been migrated, the link:pgm-reindex.html[
reindex] program is automatically invoked to reindex all accounts.
diff --git a/Documentation/rest-api-changes.txt b/Documentation/rest-api-changes.txt
index cebf45c..e9a4caf 100644
--- a/Documentation/rest-api-changes.txt
+++ b/Documentation/rest-api-changes.txt
@@ -6730,7 +6730,7 @@
|=======================
|Field Name||Description
|`add` |optional|The list of hashtags to be added to the change.
-|`remove |optional|The list of hashtags to be removed from the change.
+|`remove` |optional|The list of hashtags to be removed from the change.
|=======================
[[included-in-info]]
diff --git a/Documentation/user-upload.txt b/Documentation/user-upload.txt
index cdaf155..0670968 100644
--- a/Documentation/user-upload.txt
+++ b/Documentation/user-upload.txt
@@ -29,6 +29,13 @@
* Both, the HTTP and the LDAP passwords (in this order) if `gitBasicAuthPolicy`
is `HTTP_LDAP`.
+When gitBasicAuthPolicy is set to `LDAP` or `HTTP_LDAP` and the user
+is authenticating with the LDAP username/password, the Git client config
+needs to have `http.cookieFile` set to a local file, otherwise every
+single call would trigger a full LDAP authentication and groups resolution
+which could introduce a noticeable latency on the overall execution
+and produce unwanted load to the LDAP server.
+
When gitBasicAuthPolicy is not `LDAP`, the user's HTTP credentials can
be regenerated by going to `Settings`, and then accessing the `HTTP
Password` tab. Revocation can effectively be done by regenerating the
diff --git a/contrib/find-duplicate-usernames.sh b/contrib/find-duplicate-usernames.sh
new file mode 100755
index 0000000..b59e5be
--- /dev/null
+++ b/contrib/find-duplicate-usernames.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+# Copyright (C) 2021 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+usage() {
+ f="$(basename -- $0)"
+ cat <<EOF
+Usage:
+ cd /path/to/All-Users.git
+ "$f [username|gerrit|external]"
+
+This script finds duplicate usernames only differing in case in the given
+account schema ("username", "gerrit" or "external") and their respective accountIds.
+EOF
+ exit 1
+}
+
+if [[ "$#" -ne "1" ]] || ! [[ "$1" =~ ^(gerrit|username|external)$ ]]; then
+ usage
+fi
+
+# 1. find lines with user name and subsequent line in external-ids notes branch
+# example output of git grep -A1 "\[externalId \"username:" refs/meta/external-ids:
+# refs/meta/external-ids:00/1d/abd037e437f71d42134e6ad532a06948a2ba:[externalId "username:johndoe"]
+# refs/meta/external-ids:00/1d/abd037e437f71d42134e6ad532a06948a2ba- accountId = 1000815
+# --
+# refs/meta/external-ids:00/1f/0270fc2a6fc3a2439c454c8ab0c75323fdb0:[externalId "username:JohnDoe"]
+# refs/meta/external-ids:00/1f/0270fc2a6fc3a2439c454c8ab0c75323fdb0- accountId = 1000816
+# --
+# 2. remove group separators
+# 3. remove line break between user name and accountId lines
+# 4. unify separators to ":"
+# 5. cut on ":", select username and accountId fields
+# 6. sort case-insensitive
+# 7. flip columns
+# 8. uniq case-insensitive, only show duplicates, avoid comparing first field
+# 9. flip columns back
+git grep -A1 "\[externalId \"$1:" refs/meta/external-ids \
+ | sed -E "/$1/,/accountId/!d" \
+ | paste -d ' ' - - \
+ | tr \"= : \
+ | cut -d: --output-delimiter="" -f 5,8 \
+ | sort -f \
+ | sed -E "s/(.*) (.*)/\2 \1/" \
+ | uniq -Di -f1 \
+ | sed -E "s/(.*) (.*)/\2 \1/"
diff --git a/e2e-tests/src/test/resources/data/com/google/gerrit/scenarios/DeleteProject-body.json b/e2e-tests/src/test/resources/data/com/google/gerrit/scenarios/DeleteProject-body.json
new file mode 100644
index 0000000..488de6d
--- /dev/null
+++ b/e2e-tests/src/test/resources/data/com/google/gerrit/scenarios/DeleteProject-body.json
@@ -0,0 +1,3 @@
+{
+ "force": "${force_project_deletion}"
+}
diff --git a/e2e-tests/src/test/scala/com/google/gerrit/scenarios/DeleteProject.scala b/e2e-tests/src/test/scala/com/google/gerrit/scenarios/DeleteProject.scala
index 1752634..eb4df30 100644
--- a/e2e-tests/src/test/scala/com/google/gerrit/scenarios/DeleteProject.scala
+++ b/e2e-tests/src/test/scala/com/google/gerrit/scenarios/DeleteProject.scala
@@ -20,6 +20,7 @@
class DeleteProject extends ProjectSimulation {
private val data: FeederBuilder = jsonFile(resource).convert(keys).queue
+ private val forceKey = "force_project_deletion"
def this(projectName: String) {
this()
@@ -28,7 +29,10 @@
val test: ScenarioBuilder = scenario(uniqueName)
.feed(data)
- .exec(httpRequest)
+ .exec(session => {
+ session.set(forceKey, getProperty(forceKey, "false"))
+ })
+ .exec(httpRequest.body(ElFileBody(body)).asJson)
setUp(
test.inject(
diff --git a/java/com/google/gerrit/acceptance/AbstractPredicateTest.java b/java/com/google/gerrit/acceptance/AbstractPredicateTest.java
new file mode 100644
index 0000000..c9fd3fb
--- /dev/null
+++ b/java/com/google/gerrit/acceptance/AbstractPredicateTest.java
@@ -0,0 +1,104 @@
+// Copyright (C) 2021 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.acceptance;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.gerrit.common.Nullable;
+import com.google.gerrit.extensions.annotations.Exports;
+import com.google.gerrit.extensions.common.PluginDefinedInfo;
+import com.google.gerrit.index.query.Predicate;
+import com.google.gerrit.index.query.QueryParseException;
+import com.google.gerrit.json.OutputFormat;
+import com.google.gerrit.server.DynamicOptions;
+import com.google.gerrit.server.change.ChangeAttributeFactory;
+import com.google.gerrit.server.query.change.ChangeData;
+import com.google.gerrit.server.query.change.ChangeQueryBuilder;
+import com.google.gerrit.server.restapi.change.QueryChanges;
+import com.google.gerrit.sshd.commands.Query;
+import com.google.gson.Gson;
+import com.google.gson.reflect.TypeToken;
+import com.google.inject.AbstractModule;
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import java.util.Collections;
+import java.util.List;
+import org.kohsuke.args4j.Option;
+
+public abstract class AbstractPredicateTest extends AbstractDaemonTest {
+ public static final String PLUGIN_NAME = "my-plugin";
+ public static final Gson GSON = OutputFormat.JSON.newGson();
+
+ public static class MyInfo extends PluginDefinedInfo {
+ public String message;
+ }
+
+ protected static class PluginModule extends AbstractModule {
+ @Override
+ public void configure() {
+ bind(DynamicOptions.DynamicBean.class)
+ .annotatedWith(Exports.named(Query.class))
+ .to(MyQueryOptions.class);
+ bind(DynamicOptions.DynamicBean.class)
+ .annotatedWith(Exports.named(QueryChanges.class))
+ .to(MyQueryOptions.class);
+ bind(ChangeAttributeFactory.class)
+ .annotatedWith(Exports.named("sample"))
+ .to(AttributeFactory.class);
+ }
+ }
+
+ public static class MyQueryOptions implements DynamicOptions.DynamicBean {
+ @Option(name = "--sample")
+ public boolean sample;
+ }
+
+ protected static class AttributeFactory implements ChangeAttributeFactory {
+ private final Provider<ChangeQueryBuilder> queryBuilderProvider;
+
+ @Inject
+ AttributeFactory(Provider<ChangeQueryBuilder> queryBuilderProvider) {
+ this.queryBuilderProvider = queryBuilderProvider;
+ }
+
+ @Override
+ public PluginDefinedInfo create(
+ ChangeData cd, DynamicOptions.BeanProvider beanProvider, String plugin) {
+ MyQueryOptions options = (MyQueryOptions) beanProvider.getDynamicBean(plugin);
+ MyInfo myInfo = new MyInfo();
+ if (options.sample) {
+ try {
+ Predicate<ChangeData> predicate = queryBuilderProvider.get().parse("label:Code-Review+2");
+ if (predicate.isMatchable() && predicate.asMatchable().match(cd)) {
+ myInfo.message = "matched";
+ } else {
+ myInfo.message = "not matched";
+ }
+ } catch (QueryParseException e) {
+ // ignored
+ }
+ }
+ return myInfo;
+ }
+ }
+
+ protected static List<MyInfo> decodeRawPluginsList(@Nullable Object plugins) {
+ if (plugins == null) {
+ return Collections.emptyList();
+ }
+ checkArgument(plugins instanceof List, "not a list: %s", plugins);
+ return GSON.fromJson(GSON.toJson(plugins), new TypeToken<List<MyInfo>>() {}.getType());
+ }
+}
diff --git a/java/com/google/gerrit/acceptance/InProcessProtocol.java b/java/com/google/gerrit/acceptance/InProcessProtocol.java
index 2a3a35f..83c63f9 100644
--- a/java/com/google/gerrit/acceptance/InProcessProtocol.java
+++ b/java/com/google/gerrit/acceptance/InProcessProtocol.java
@@ -338,7 +338,7 @@
.project(req.project)
.availableTokens(REPOSITORY_SIZE_GROUP);
availableTokens.throwOnError();
- availableTokens.availableTokens().ifPresent(v -> rp.setMaxObjectSizeLimit(v));
+ availableTokens.availableTokens().ifPresent(rp::setMaxPackSizeLimit);
ImmutableList<PostReceiveHook> hooks =
ImmutableList.<PostReceiveHook>builder()
diff --git a/java/com/google/gerrit/common/auth/openid/OpenIdUrls.java b/java/com/google/gerrit/common/auth/openid/OpenIdUrls.java
index 713fd4d..16dfb9b 100644
--- a/java/com/google/gerrit/common/auth/openid/OpenIdUrls.java
+++ b/java/com/google/gerrit/common/auth/openid/OpenIdUrls.java
@@ -18,5 +18,4 @@
public static final String LASTID_COOKIE = "gerrit.last_openid";
public static final String URL_LAUNCHPAD = "https://login.launchpad.net/+openid";
- public static final String URL_YAHOO = "https://me.yahoo.com";
}
diff --git a/java/com/google/gerrit/elasticsearch/ElasticVersion.java b/java/com/google/gerrit/elasticsearch/ElasticVersion.java
index 5e72780..c6400df 100644
--- a/java/com/google/gerrit/elasticsearch/ElasticVersion.java
+++ b/java/com/google/gerrit/elasticsearch/ElasticVersion.java
@@ -18,8 +18,6 @@
import java.util.regex.Pattern;
public enum ElasticVersion {
- V7_4("7.4.*"),
- V7_5("7.5.*"),
V7_6("7.6.*"),
V7_7("7.7.*"),
V7_8("7.8.*");
diff --git a/java/com/google/gerrit/httpd/CacheBasedWebSession.java b/java/com/google/gerrit/httpd/CacheBasedWebSession.java
index 5c4830c..3a84a29 100644
--- a/java/com/google/gerrit/httpd/CacheBasedWebSession.java
+++ b/java/com/google/gerrit/httpd/CacheBasedWebSession.java
@@ -75,29 +75,27 @@
this.identified = identified;
this.byIdCache = byIdCache;
- if (request.getRequestURI() == null || !GitSmartHttpTools.isGitClient(request)) {
- String cookie = readCookie(request);
- if (cookie != null) {
- authFromCookie(cookie);
- } else {
- String token;
- try {
- token = ParameterParser.getQueryParams(request).accessToken();
- } catch (BadRequestException e) {
- token = null;
- }
- if (token != null) {
- authFromQueryParameter(token);
- }
+ String cookie = readCookie(request);
+ if (cookie != null) {
+ authFromCookie(cookie);
+ } else if (request.getRequestURI() == null || !GitSmartHttpTools.isGitClient(request)) {
+ String token;
+ try {
+ token = ParameterParser.getQueryParams(request).accessToken();
+ } catch (BadRequestException e) {
+ token = null;
}
- if (val != null && !checkAccountStatus(val.getAccountId())) {
- val = null;
- okPaths.clear();
+ if (token != null) {
+ authFromQueryParameter(token);
}
- if (val != null && val.needsCookieRefresh()) {
- // Session is more than half old; update cache entry with new expiration date.
- val = manager.createVal(key, val);
- }
+ }
+ if (val != null && !checkAccountStatus(val.getAccountId())) {
+ val = null;
+ okPaths.clear();
+ }
+ if (val != null && val.needsCookieRefresh()) {
+ // Session is more than half old; update cache entry with new expiration date.
+ val = manager.createVal(key, val);
}
}
diff --git a/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java b/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java
index 111cc34..de989ac 100644
--- a/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java
+++ b/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java
@@ -22,6 +22,7 @@
import com.google.common.base.Strings;
import com.google.common.flogger.FluentLogger;
import com.google.common.io.BaseEncoding;
+import com.google.gerrit.common.Nullable;
import com.google.gerrit.entities.Account;
import com.google.gerrit.extensions.client.GitBasicAuthPolicy;
import com.google.gerrit.extensions.registration.DynamicItem;
@@ -51,6 +52,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
+import org.eclipse.jgit.http.server.GitSmartHttpTools;
/**
* Authenticates the current user by HTTP basic authentication.
@@ -99,11 +101,21 @@
HttpServletRequest req = (HttpServletRequest) request;
Response rsp = new Response((HttpServletResponse) response);
- if (verify(req, rsp)) {
+ if (isSignedInGitRequest(req) || verify(req, rsp)) {
chain.doFilter(req, rsp);
}
}
+ private boolean isSignedInGitRequest(HttpServletRequest req) {
+ boolean isGitRequest = req.getRequestURI() != null && GitSmartHttpTools.isGitClient(req);
+ boolean isAlreadySignedIn = session.get().isSignedIn();
+ boolean res = isAlreadySignedIn && isGitRequest;
+ logger.atFine().log(
+ "HTTP:%s %s signedIn=%s (isAlreadySignedIn=%s, isGitRequest=%s)",
+ req.getMethod(), req.getRequestURI(), res, isAlreadySignedIn, isGitRequest);
+ return res;
+ }
+
private boolean verify(HttpServletRequest req, Response rsp) throws IOException {
final String hdr = req.getHeader(AUTHORIZATION);
if (hdr == null || !hdr.startsWith(LIT_BASIC)) {
@@ -144,7 +156,10 @@
if (gitBasicAuthPolicy == GitBasicAuthPolicy.HTTP
|| gitBasicAuthPolicy == GitBasicAuthPolicy.HTTP_LDAP) {
if (PasswordVerifier.checkPassword(who.externalIds(), username, password)) {
- return succeedAuthentication(who);
+ logger.atFine().log(
+ "HTTP:%s %s username/password authentication succeeded",
+ req.getMethod(), req.getRequestURI());
+ return succeedAuthentication(who, null);
}
}
@@ -157,11 +172,13 @@
try {
AuthResult whoAuthResult = accountManager.authenticate(whoAuth);
- setUserIdentified(whoAuthResult.getAccountId());
+ setUserIdentified(whoAuthResult.getAccountId(), whoAuthResult);
+ logger.atFine().log(
+ "HTTP:%s %s Realm authentication succeeded", req.getMethod(), req.getRequestURI());
return true;
} catch (NoSuchUserException e) {
if (PasswordVerifier.checkPassword(who.externalIds(), username, password)) {
- return succeedAuthentication(who);
+ return succeedAuthentication(who, null);
}
logger.atWarning().withCause(e).log(authenticationFailedMsg(username, req));
rsp.sendError(SC_UNAUTHORIZED);
@@ -183,8 +200,8 @@
}
}
- private boolean succeedAuthentication(AccountState who) {
- setUserIdentified(who.account().id());
+ private boolean succeedAuthentication(AccountState who, @Nullable AuthResult whoAuthResult) {
+ setUserIdentified(who.account().id(), whoAuthResult);
return true;
}
@@ -201,11 +218,15 @@
return String.format("Authentication from %s failed for %s", req.getRemoteAddr(), username);
}
- private void setUserIdentified(Account.Id id) {
+ private void setUserIdentified(Account.Id id, @Nullable AuthResult whoAuthResult) {
WebSession ws = session.get();
ws.setUserAccountId(id);
ws.setAccessPathOk(AccessPath.GIT, true);
ws.setAccessPathOk(AccessPath.REST_API, true);
+
+ if (whoAuthResult != null) {
+ ws.login(whoAuthResult, false);
+ }
}
private String encoding(HttpServletRequest req) {
diff --git a/java/com/google/gerrit/httpd/XsrfCookieFilter.java b/java/com/google/gerrit/httpd/XsrfCookieFilter.java
index d15ecac..079efa4 100644
--- a/java/com/google/gerrit/httpd/XsrfCookieFilter.java
+++ b/java/com/google/gerrit/httpd/XsrfCookieFilter.java
@@ -32,6 +32,7 @@
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.eclipse.jgit.http.server.GitSmartHttpTools;
@Singleton
public class XsrfCookieFilter implements Filter {
@@ -50,8 +51,11 @@
@Override
public void doFilter(ServletRequest req, ServletResponse rsp, FilterChain chain)
throws IOException, ServletException {
- WebSession s = user.get().isIdentifiedUser() ? session.get() : null;
- setXsrfTokenCookie((HttpServletRequest) req, (HttpServletResponse) rsp, s);
+ HttpServletRequest httpRequest = (HttpServletRequest) req;
+ if (!GitSmartHttpTools.isGitClient(httpRequest)) {
+ WebSession s = user.get().isIdentifiedUser() ? session.get() : null;
+ setXsrfTokenCookie(httpRequest, (HttpServletResponse) rsp, s);
+ }
chain.doFilter(req, rsp);
}
diff --git a/java/com/google/gerrit/httpd/auth/openid/LoginForm.java b/java/com/google/gerrit/httpd/auth/openid/LoginForm.java
index 283cd50..0b6008c 100644
--- a/java/com/google/gerrit/httpd/auth/openid/LoginForm.java
+++ b/java/com/google/gerrit/httpd/auth/openid/LoginForm.java
@@ -59,9 +59,7 @@
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
private static final ImmutableMap<String, String> ALL_PROVIDERS =
- ImmutableMap.of(
- "launchpad", OpenIdUrls.URL_LAUNCHPAD,
- "yahoo", OpenIdUrls.URL_YAHOO);
+ ImmutableMap.of("launchpad", OpenIdUrls.URL_LAUNCHPAD);
private final ImmutableSet<String> suggestProviders;
private final Provider<String> urlProvider;
diff --git a/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java b/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java
index be975c5..b685011 100644
--- a/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java
+++ b/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java
@@ -477,8 +477,9 @@
final StringBuilder rdr = new StringBuilder();
rdr.append(urlProvider.get(req));
String nextToken = Url.decode(token);
- if (isNew && !token.startsWith(PageLinks.REGISTER + "/")) {
- rdr.append('#' + PageLinks.REGISTER);
+ String registerUri = PageLinks.REGISTER + "/";
+ if (isNew && !token.startsWith(registerUri)) {
+ rdr.append('#' + registerUri);
if (nextToken.startsWith("#")) {
// Need to strip the leading # off the token to fix registration page redirect
nextToken = nextToken.substring(1);
diff --git a/java/com/google/gerrit/httpd/raw/StaticModule.java b/java/com/google/gerrit/httpd/raw/StaticModule.java
index 414a120..07dbf84 100644
--- a/java/com/google/gerrit/httpd/raw/StaticModule.java
+++ b/java/com/google/gerrit/httpd/raw/StaticModule.java
@@ -53,6 +53,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
+import org.eclipse.jgit.http.server.GitSmartHttpTools;
import org.eclipse.jgit.lib.Config;
public class StaticModule extends ServletModule {
@@ -371,16 +372,18 @@
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
- GuiceFilterRequestWrapper reqWrapper = new GuiceFilterRequestWrapper(req);
- String path = pathInfo(req);
+ if (!GitSmartHttpTools.isGitClient(req)) {
+ GuiceFilterRequestWrapper reqWrapper = new GuiceFilterRequestWrapper(req);
+ String path = pathInfo(req);
- if (isPolyGerritIndex(path)) {
- polyGerritIndex.service(reqWrapper, res);
- return;
- }
- if (isPolyGerritAsset(path)) {
- polygerritUI.service(reqWrapper, res);
- return;
+ if (isPolyGerritIndex(path)) {
+ polyGerritIndex.service(reqWrapper, res);
+ return;
+ }
+ if (isPolyGerritAsset(path)) {
+ polygerritUI.service(reqWrapper, res);
+ return;
+ }
}
chain.doFilter(req, res);
diff --git a/java/com/google/gerrit/httpd/restapi/RestApiServlet.java b/java/com/google/gerrit/httpd/restapi/RestApiServlet.java
index ce5de3c..d427caa 100644
--- a/java/com/google/gerrit/httpd/restapi/RestApiServlet.java
+++ b/java/com/google/gerrit/httpd/restapi/RestApiServlet.java
@@ -1562,9 +1562,11 @@
// Check if we want to delegate to a child collection. Child collections are bound with
// GET.name so we have to check for this since we haven't found any other views.
- core = views.get(PluginName.GERRIT, "GET." + p.get(0));
- if (core != null) {
- return new ViewData(PluginName.GERRIT, core);
+ if (method.equals("GET")) {
+ core = views.get(PluginName.GERRIT, "GET." + p.get(0));
+ if (core != null) {
+ return new ViewData(PluginName.GERRIT, core);
+ }
}
Map<String, RestView<RestResource>> r = new TreeMap<>();
diff --git a/java/com/google/gerrit/pgm/BUILD b/java/com/google/gerrit/pgm/BUILD
index a57b37a..2b1b83d 100644
--- a/java/com/google/gerrit/pgm/BUILD
+++ b/java/com/google/gerrit/pgm/BUILD
@@ -46,6 +46,7 @@
"//lib:servlet-api-without-neverlink",
"//lib/auto:auto-value",
"//lib/auto:auto-value-annotations",
+ "//lib/commons:lang",
"//lib/flogger:api",
"//lib/guice",
"//lib/guice:guice-assistedinject",
diff --git a/java/com/google/gerrit/pgm/LocalUsernamesToLowerCase.java b/java/com/google/gerrit/pgm/LocalUsernamesToLowerCase.java
index e6e091c..8e2f70f 100644
--- a/java/com/google/gerrit/pgm/LocalUsernamesToLowerCase.java
+++ b/java/com/google/gerrit/pgm/LocalUsernamesToLowerCase.java
@@ -36,6 +36,9 @@
import java.io.IOException;
import java.util.Collection;
import java.util.Locale;
+import java.util.Optional;
+import org.apache.commons.lang.StringUtils;
+import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.lib.ProgressMonitor;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.lib.TextProgressMonitor;
@@ -108,8 +111,38 @@
extId.accountId(),
extId.email(),
extId.password());
+ replaceIfNotExists(extIdNotes, extId, extIdLowerCase);
+ }
+ }
+ }
+
+ private void replaceIfNotExists(
+ ExternalIdNotes extIdNotes, ExternalId extId, ExternalId extIdLowerCase) throws IOException {
+ try {
+ Optional<ExternalId> existingExternalId =
+ extIdNotes
+ .get(extIdLowerCase.key())
+ .filter(eid -> eid.accountId().equals(extIdLowerCase.accountId()))
+ .filter(eid -> StringUtils.equalsIgnoreCase(eid.email(), extId.email()))
+ .filter(eid -> StringUtils.equalsIgnoreCase(eid.password(), extId.password()));
+ if (existingExternalId.isPresent()) {
+ System.err.println(
+ "WARNING: external-id "
+ + extIdLowerCase
+ + " already exists with the same account-id "
+ + extId.accountId()
+ + " :"
+ + "removing the duplicate external-id "
+ + extId.key());
+ extIdNotes.delete(extId);
+ } else {
extIdNotes.replace(extId, extIdLowerCase);
}
+ } catch (ConfigInvalidException e) {
+ throw new IOException(
+ "Unable to parse external id definition when looking for current external-id "
+ + extIdLowerCase,
+ e);
}
}
diff --git a/java/com/google/gerrit/pgm/http/jetty/ProjectQoSFilter.java b/java/com/google/gerrit/pgm/http/jetty/ProjectQoSFilter.java
index 4f9d7e7..1cca789 100644
--- a/java/com/google/gerrit/pgm/http/jetty/ProjectQoSFilter.java
+++ b/java/com/google/gerrit/pgm/http/jetty/ProjectQoSFilter.java
@@ -18,6 +18,7 @@
import static java.util.concurrent.TimeUnit.MINUTES;
import static javax.servlet.http.HttpServletResponse.SC_SERVICE_UNAVAILABLE;
+import com.google.common.annotations.VisibleForTesting;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.account.AccountLimits;
import com.google.gerrit.server.config.GerritServerConfig;
@@ -170,7 +171,7 @@
request.setAttribute(TASK, task);
Future<?> f = getExecutor().submit(task);
- asyncContext.addListener(new Listener(f));
+ asyncContext.addListener(new Listener(f, task));
break;
case CANCELED:
rsp.sendError(SC_SERVICE_UNAVAILABLE);
@@ -181,7 +182,6 @@
task.begin(Thread.currentThread());
chain.doFilter(req, rsp);
} finally {
- task.end();
Thread.interrupted();
}
break;
@@ -211,29 +211,38 @@
@Override
public void destroy() {}
- private static final class Listener implements AsyncListener {
+ @VisibleForTesting
+ protected static final class Listener implements AsyncListener {
final Future<?> future;
+ final TaskThunk task;
- Listener(Future<?> future) {
+ Listener(Future<?> future, TaskThunk task) {
this.future = future;
+ this.task = task;
}
@Override
- public void onComplete(AsyncEvent event) throws IOException {}
+ public void onComplete(AsyncEvent event) throws IOException {
+ task.end();
+ }
@Override
public void onTimeout(AsyncEvent event) throws IOException {
+ task.end();
future.cancel(true);
}
@Override
- public void onError(AsyncEvent event) throws IOException {}
+ public void onError(AsyncEvent event) throws IOException {
+ task.end();
+ }
@Override
public void onStartAsync(AsyncEvent event) throws IOException {}
}
- private final class TaskThunk implements CancelableRunnable {
+ @VisibleForTesting
+ protected class TaskThunk implements CancelableRunnable {
private final AsyncContext asyncContext;
private final String name;
private final Object lock = new Object();
@@ -292,6 +301,10 @@
}
}
+ public boolean isDone() {
+ return done;
+ }
+
@Override
public String toString() {
return name;
diff --git a/java/com/google/gerrit/server/auth/ldap/Helper.java b/java/com/google/gerrit/server/auth/ldap/Helper.java
index 5c6b391..b0f011a 100644
--- a/java/com/google/gerrit/server/auth/ldap/Helper.java
+++ b/java/com/google/gerrit/server/auth/ldap/Helper.java
@@ -20,6 +20,10 @@
import com.google.common.flogger.FluentLogger;
import com.google.gerrit.common.data.ParameterizedString;
import com.google.gerrit.entities.AccountGroup;
+import com.google.gerrit.metrics.Description;
+import com.google.gerrit.metrics.Description.Units;
+import com.google.gerrit.metrics.MetricMaker;
+import com.google.gerrit.metrics.Timer0;
import com.google.gerrit.server.account.AccountException;
import com.google.gerrit.server.account.AuthenticationFailedException;
import com.google.gerrit.server.auth.NoSuchUserException;
@@ -81,11 +85,16 @@
private final String connectTimeoutMillis;
private final boolean useConnectionPooling;
private final boolean groupsVisibleToAll;
+ private final Timer0 loginLatencyTimer;
+ private final Timer0 userSearchLatencyTimer;
+ private final Timer0 groupSearchLatencyTimer;
+ private final Timer0 groupExpansionLatencyTimer;
@Inject
Helper(
@GerritServerConfig Config config,
- @Named(LdapModule.PARENT_GROUPS_CACHE) Cache<String, ImmutableSet<String>> parentGroups) {
+ @Named(LdapModule.PARENT_GROUPS_CACHE) Cache<String, ImmutableSet<String>> parentGroups,
+ MetricMaker metricMaker) {
this.config = config;
this.server = LdapRealm.optional(config, "server");
this.username = LdapRealm.optional(config, "username");
@@ -112,6 +121,33 @@
}
this.parentGroups = parentGroups;
this.useConnectionPooling = LdapRealm.optional(config, "useConnectionPooling", false);
+
+ this.loginLatencyTimer =
+ metricMaker.newTimer(
+ "ldap/login_latency",
+ new Description("Latency of logins").setCumulative().setUnit(Units.NANOSECONDS));
+ this.userSearchLatencyTimer =
+ metricMaker.newTimer(
+ "ldap/user_search_latency",
+ new Description("Latency for searching the user account")
+ .setCumulative()
+ .setUnit(Units.NANOSECONDS));
+ this.groupSearchLatencyTimer =
+ metricMaker.newTimer(
+ "ldap/group_search_latency",
+ new Description("Latency for querying the groups membership of an account")
+ .setCumulative()
+ .setUnit(Units.NANOSECONDS));
+ this.groupExpansionLatencyTimer =
+ metricMaker.newTimer(
+ "ldap/group_expansion_latency",
+ new Description("Latency for expanding nested groups")
+ .setCumulative()
+ .setUnit(Units.NANOSECONDS));
+ }
+
+ Timer0 getGroupSearchLatencyTimer() {
+ return groupSearchLatencyTimer;
}
private Properties createContextProperties() {
@@ -191,7 +227,9 @@
private DirContext kerberosOpen(Properties env)
throws IOException, LoginException, NamingException {
LoginContext ctx = new LoginContext("KerberosLogin");
- ctx.login();
+ try (Timer0.Context ignored = loginLatencyTimer.start()) {
+ ctx.login();
+ }
Subject subject = ctx.getSubject();
try {
return Subject.doAs(
@@ -209,7 +247,7 @@
DirContext authenticate(String dn, String password) throws AccountException {
final Properties env = createContextProperties();
- try {
+ try (Timer0.Context ignored = loginLatencyTimer.start()) {
env.put(Context.REFERRAL, referral);
if (!supportAnonymous) {
@@ -258,7 +296,7 @@
}
for (LdapQuery accountQuery : accountQueryList) {
- List<LdapQuery.Result> res = accountQuery.query(ctx, params);
+ List<LdapQuery.Result> res = accountQuery.query(ctx, params, userSearchLatencyTimer);
if (res.size() == 1) {
return res.get(0);
} else if (res.size() > 1) {
@@ -290,8 +328,10 @@
params.put(LdapRealm.USERNAME, username);
for (LdapQuery groupMemberQuery : schema.groupMemberQueryList) {
- for (LdapQuery.Result r : groupMemberQuery.query(ctx, params)) {
- recursivelyExpandGroups(groupDNs, schema, ctx, r.getDN());
+ for (LdapQuery.Result r : groupMemberQuery.query(ctx, params, groupSearchLatencyTimer)) {
+ try (Timer0.Context ignored = groupExpansionLatencyTimer.start()) {
+ recursivelyExpandGroups(groupDNs, schema, ctx, r.getDN());
+ }
}
}
}
diff --git a/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java b/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java
index 1d85a5e..0d8f3f8 100644
--- a/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java
+++ b/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java
@@ -213,7 +213,8 @@
Map<String, String> params = Collections.emptyMap();
for (String groupBase : schema.groupBases) {
LdapQuery query = new LdapQuery(groupBase, schema.groupScope, filter, returnAttrs);
- for (LdapQuery.Result res : query.query(ctx, params)) {
+ for (LdapQuery.Result res :
+ query.query(ctx, params, helper.getGroupSearchLatencyTimer())) {
out.add(groupReference(schema.groupName, res));
}
}
diff --git a/java/com/google/gerrit/server/auth/ldap/LdapQuery.java b/java/com/google/gerrit/server/auth/ldap/LdapQuery.java
index 3d25e86..3e549f6 100644
--- a/java/com/google/gerrit/server/auth/ldap/LdapQuery.java
+++ b/java/com/google/gerrit/server/auth/ldap/LdapQuery.java
@@ -15,6 +15,7 @@
package com.google.gerrit.server.auth.ldap;
import com.google.gerrit.common.data.ParameterizedString;
+import com.google.gerrit.metrics.Timer0;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -61,13 +62,16 @@
return pattern.getParameterNames();
}
- List<Result> query(DirContext ctx, Map<String, String> params) throws NamingException {
+ List<Result> query(DirContext ctx, Map<String, String> params, Timer0 queryTimer)
+ throws NamingException {
final SearchControls sc = new SearchControls();
final NamingEnumeration<SearchResult> res;
sc.setSearchScope(searchScope.scope());
sc.setReturningAttributes(returnAttributes);
- res = ctx.search(base, pattern.getRawPattern(), pattern.bind(params), sc);
+ try (Timer0.Context ignored = queryTimer.start()) {
+ res = ctx.search(base, pattern.getRawPattern(), pattern.bind(params), sc);
+ }
try {
final List<Result> r = new ArrayList<>();
try {
diff --git a/java/com/google/gerrit/server/change/ChangeFinder.java b/java/com/google/gerrit/server/change/ChangeFinder.java
index 71d7ba0..ba104d8 100644
--- a/java/com/google/gerrit/server/change/ChangeFinder.java
+++ b/java/com/google/gerrit/server/change/ChangeFinder.java
@@ -100,7 +100,9 @@
}
public Optional<ChangeNotes> findOne(String id) {
- List<ChangeNotes> ctls = find(id);
+ // Limit the maximum number of results to just 2 items for saving CPU cycles
+ // in reading change-notes.
+ List<ChangeNotes> ctls = find(id, 2);
if (ctls.size() != 1) {
return Optional.empty();
}
@@ -114,6 +116,17 @@
* @return possibly-empty list of notes for all matching changes; may or may not be visible.
*/
public List<ChangeNotes> find(String id) {
+ return find(id, 0);
+ }
+
+ /**
+ * Find at most N changes matching the given identifier.
+ *
+ * @param id change identifier.
+ * @param queryLimit maximum number of changes to be returned
+ * @return possibly-empty list of notes for all matching changes; may or may not be visible.
+ */
+ public List<ChangeNotes> find(String id, int queryLimit) {
if (id.isEmpty()) {
return Collections.emptyList();
}
@@ -141,6 +154,9 @@
// Use the index to search for changes, but don't return any stored fields,
// to force rereading in case the index is stale.
InternalChangeQuery query = queryProvider.get().noFields();
+ if (queryLimit > 0) {
+ query.setLimit(queryLimit);
+ }
// Try commit hash
if (id.matches("^([0-9a-fA-F]{" + ObjectIds.ABBREV_STR_LEN + "," + ObjectIds.STR_LEN + "})$")) {
diff --git a/java/com/google/gerrit/server/git/receive/AsyncReceiveCommits.java b/java/com/google/gerrit/server/git/receive/AsyncReceiveCommits.java
index 0d762c7..fc80490 100644
--- a/java/com/google/gerrit/server/git/receive/AsyncReceiveCommits.java
+++ b/java/com/google/gerrit/server/git/receive/AsyncReceiveCommits.java
@@ -296,7 +296,7 @@
REPOSITORY_SIZE_GROUP, projectName);
throw new RuntimeException(e);
}
- availableTokens.availableTokens().ifPresent(v -> receivePack.setMaxObjectSizeLimit(v));
+ availableTokens.availableTokens().ifPresent(receivePack::setMaxPackSizeLimit);
}
/** Determine if the user can upload commits. */
diff --git a/java/com/google/gerrit/server/query/change/ChangeData.java b/java/com/google/gerrit/server/query/change/ChangeData.java
index 69f1a4e..c741506 100644
--- a/java/com/google/gerrit/server/query/change/ChangeData.java
+++ b/java/com/google/gerrit/server/query/change/ChangeData.java
@@ -1011,7 +1011,7 @@
}
draftsByUser = new HashMap<>();
- for (Ref ref : commentsUtil.getDraftRefs(notes.getChangeId())) {
+ for (Ref ref : commentsUtil.getDraftRefs(notes().getChangeId())) {
Account.Id account = Account.Id.fromRefSuffix(ref.getName());
if (account != null
// Double-check that any drafts exist for this user after
diff --git a/java/com/google/gerrit/server/query/change/EqualsLabelPredicate.java b/java/com/google/gerrit/server/query/change/EqualsLabelPredicate.java
index 569d7cb..160e9f9 100644
--- a/java/com/google/gerrit/server/query/change/EqualsLabelPredicate.java
+++ b/java/com/google/gerrit/server/query/change/EqualsLabelPredicate.java
@@ -73,6 +73,7 @@
}
boolean hasVote = false;
+ object.setLazyLoad(true);
for (PatchSetApproval p : object.currentApprovals()) {
if (labelType.matches(p)) {
hasVote = true;
@@ -107,7 +108,15 @@
return false;
}
- if (account != null && !account.equals(approver)) {
+ if (account != null
+ && !account.equals(approver)
+ && !account.equals(ChangeQueryBuilder.OWNER_ACCOUNT_ID)) {
+ return false;
+ }
+
+ if (account != null
+ && account.equals(ChangeQueryBuilder.OWNER_ACCOUNT_ID)
+ && !cd.change().getOwner().equals(approver)) {
return false;
}
diff --git a/java/com/google/gerrit/server/restapi/account/CreateAccount.java b/java/com/google/gerrit/server/restapi/account/CreateAccount.java
index 907dd18..26333b4 100644
--- a/java/com/google/gerrit/server/restapi/account/CreateAccount.java
+++ b/java/com/google/gerrit/server/restapi/account/CreateAccount.java
@@ -44,6 +44,7 @@
import com.google.gerrit.server.account.VersionedAuthorizedKeys;
import com.google.gerrit.server.account.externalids.DuplicateExternalIdKeyException;
import com.google.gerrit.server.account.externalids.ExternalId;
+import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.group.GroupResolver;
import com.google.gerrit.server.group.db.GroupsUpdate;
import com.google.gerrit.server.group.db.InternalGroupUpdate;
@@ -59,6 +60,7 @@
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
+import java.util.Locale;
import java.util.Set;
import org.eclipse.jgit.errors.ConfigInvalidException;
@@ -82,6 +84,7 @@
private final PluginSetContext<AccountExternalIdCreator> externalIdCreators;
private final Provider<GroupsUpdate> groupsUpdate;
private final OutgoingEmailValidator validator;
+ private final AuthConfig authConfig;
@Inject
CreateAccount(
@@ -93,7 +96,8 @@
AccountLoader.Factory infoLoader,
PluginSetContext<AccountExternalIdCreator> externalIdCreators,
@UserInitiated Provider<GroupsUpdate> groupsUpdate,
- OutgoingEmailValidator validator) {
+ OutgoingEmailValidator validator,
+ AuthConfig authConfig) {
this.seq = seq;
this.groupResolver = groupResolver;
this.authorizedKeys = authorizedKeys;
@@ -103,6 +107,7 @@
this.externalIdCreators = externalIdCreators;
this.groupsUpdate = groupsUpdate;
this.validator = validator;
+ this.authConfig = authConfig;
}
@Override
@@ -116,14 +121,18 @@
public Response<AccountInfo> apply(IdString id, AccountInput input)
throws BadRequestException, ResourceConflictException, UnprocessableEntityException,
IOException, ConfigInvalidException, PermissionBackendException {
- String username = id.get();
- if (input.username != null && !username.equals(input.username)) {
+ String username = applyCaseOfUsername(id.get());
+ if (input.username != null && !username.equals(applyCaseOfUsername(input.username))) {
throw new BadRequestException("username must match URL");
}
if (!ExternalId.isValidUsername(username)) {
throw new BadRequestException("Invalid username '" + username + "'");
}
+ if (input.name == null) {
+ input.name = input.username;
+ }
+
Set<AccountGroup.UUID> groups = parseGroups(input.groups);
Account.Id accountId = Account.id(seq.nextAccountId());
@@ -182,6 +191,10 @@
return Response.created(info);
}
+ private String applyCaseOfUsername(String username) {
+ return authConfig.isUserNameToLowerCase() ? username.toLowerCase(Locale.US) : username;
+ }
+
private Set<AccountGroup.UUID> parseGroups(List<String> groups)
throws UnprocessableEntityException {
Set<AccountGroup.UUID> groupUuids = new HashSet<>();
diff --git a/java/com/google/gerrit/server/restapi/change/ChangesCollection.java b/java/com/google/gerrit/server/restapi/change/ChangesCollection.java
index 95b74f8..572f704 100644
--- a/java/com/google/gerrit/server/restapi/change/ChangesCollection.java
+++ b/java/com/google/gerrit/server/restapi/change/ChangesCollection.java
@@ -82,7 +82,7 @@
@Override
public ChangeResource parse(TopLevelResource root, IdString id)
throws RestApiException, PermissionBackendException, IOException {
- List<ChangeNotes> notes = changeFinder.find(id.encoded());
+ List<ChangeNotes> notes = changeFinder.find(id.encoded(), 2);
if (notes.isEmpty()) {
throw new ResourceNotFoundException(id);
} else if (notes.size() != 1) {
diff --git a/java/com/google/gerrit/server/schema/MariaDBAccountPatchReviewStore.java b/java/com/google/gerrit/server/schema/MariaDBAccountPatchReviewStore.java
index 5073af1..32b6c8f 100644
--- a/java/com/google/gerrit/server/schema/MariaDBAccountPatchReviewStore.java
+++ b/java/com/google/gerrit/server/schema/MariaDBAccountPatchReviewStore.java
@@ -22,6 +22,7 @@
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.sql.SQLException;
+import java.sql.Statement;
import org.eclipse.jgit.lib.Config;
@Singleton
@@ -50,4 +51,17 @@
return new StorageException(op + " failure on ACCOUNT_PATCH_REVIEWS", err);
}
}
+
+ @Override
+ protected void doCreateTable(Statement stmt) throws SQLException {
+ stmt.executeUpdate(
+ "CREATE TABLE IF NOT EXISTS account_patch_reviews ("
+ + "account_id INTEGER DEFAULT 0 NOT NULL, "
+ + "change_id INTEGER DEFAULT 0 NOT NULL, "
+ + "patch_set_id INTEGER DEFAULT 0 NOT NULL, "
+ + "file_name VARCHAR(255) DEFAULT '' NOT NULL, "
+ + "CONSTRAINT primary_key_account_patch_reviews "
+ + "PRIMARY KEY (change_id, patch_set_id, account_id, file_name)"
+ + ")");
+ }
}
diff --git a/java/com/google/gerrit/sshd/LogMaxConnectionsPerUserExceeded.java b/java/com/google/gerrit/sshd/LogMaxConnectionsPerUserExceeded.java
new file mode 100644
index 0000000..6f568b1
--- /dev/null
+++ b/java/com/google/gerrit/sshd/LogMaxConnectionsPerUserExceeded.java
@@ -0,0 +1,42 @@
+// Copyright (C) 2021 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.sshd;
+
+import com.google.common.flogger.FluentLogger;
+import com.google.inject.Singleton;
+import java.io.IOException;
+import org.apache.sshd.common.Service;
+import org.apache.sshd.common.session.Session;
+import org.apache.sshd.common.session.SessionDisconnectHandler;
+
+@Singleton
+public class LogMaxConnectionsPerUserExceeded implements SessionDisconnectHandler {
+ private static final FluentLogger logger = FluentLogger.forEnclosingClass();
+
+ @Override
+ public boolean handleSessionsCountDisconnectReason(
+ Session session,
+ Service service,
+ String username,
+ int currentSessionCount,
+ int maxSessionCount)
+ throws IOException {
+ logger.atWarning().log(
+ "Max connection count for user %s exceeded, rejecting new connection."
+ + " currentSessionCount = %d, maxSessionCount = %d",
+ username, currentSessionCount, maxSessionCount);
+ return false;
+ }
+}
diff --git a/java/com/google/gerrit/sshd/NoShell.java b/java/com/google/gerrit/sshd/NoShell.java
index dd31e4c..2a29a62 100644
--- a/java/com/google/gerrit/sshd/NoShell.java
+++ b/java/com/google/gerrit/sshd/NoShell.java
@@ -27,10 +27,14 @@
import java.io.OutputStream;
import java.net.MalformedURLException;
import java.net.URL;
+import org.apache.sshd.common.io.IoInputStream;
+import org.apache.sshd.common.io.IoOutputStream;
+import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.apache.sshd.server.Environment;
import org.apache.sshd.server.ExitCallback;
import org.apache.sshd.server.SessionAware;
import org.apache.sshd.server.channel.ChannelSession;
+import org.apache.sshd.server.command.AsyncCommand;
import org.apache.sshd.server.command.Command;
import org.apache.sshd.server.session.ServerSession;
import org.apache.sshd.server.shell.ShellFactory;
@@ -56,13 +60,19 @@
return shell.get();
}
- static class SendMessage implements Command, SessionAware {
+ /**
+ * When AsyncCommand is implemented by a command as below, the usual blocking streams aren't set.
+ *
+ * @see org.apache.sshd.server.command.AsyncCommand
+ */
+ static class SendMessage implements AsyncCommand, SessionAware {
private final Provider<MessageFactory> messageFactory;
private final SshScope sshScope;
- private InputStream in;
- private OutputStream out;
- private OutputStream err;
+ private IoInputStream in;
+ private IoOutputStream out;
+ private IoOutputStream err;
+
private ExitCallback exit;
private Context context;
@@ -73,21 +83,36 @@
}
@Override
- public void setInputStream(InputStream in) {
+ public void setIoInputStream(IoInputStream in) {
this.in = in;
}
@Override
- public void setOutputStream(OutputStream out) {
+ public void setIoOutputStream(IoOutputStream out) {
this.out = out;
}
@Override
- public void setErrorStream(OutputStream err) {
+ public void setIoErrorStream(IoOutputStream err) {
this.err = err;
}
@Override
+ public void setInputStream(InputStream in) {
+ // ignored
+ }
+
+ @Override
+ public void setOutputStream(OutputStream out) {
+ // ignore
+ }
+
+ @Override
+ public void setErrorStream(OutputStream err) {
+ // ignore
+ }
+
+ @Override
public void setExitCallback(ExitCallback callback) {
this.exit = callback;
}
@@ -107,8 +132,7 @@
} finally {
sshScope.set(old);
}
- err.write(Constants.encode(message));
- err.flush();
+ err.writePacket(new ByteArrayBuffer(Constants.encode(message)));
in.close();
out.close();
diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java
index c14ebd8..fa3529c 100644
--- a/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/java/com/google/gerrit/sshd/SshDaemon.java
@@ -161,7 +161,8 @@
SshLog sshLog,
@SshListenAddresses List<SocketAddress> listen,
@SshAdvertisedAddresses List<String> advertised,
- MetricMaker metricMaker) {
+ MetricMaker metricMaker,
+ LogMaxConnectionsPerUserExceeded logMaxConnectionsPerUserExceeded) {
setPort(IANA_SSH_PORT /* never used */);
this.cfg = cfg;
@@ -241,6 +242,7 @@
setKeyPairProvider(hostKeyProvider);
setCommandFactory(commandFactory);
setShellFactory(noShell);
+ setSessionDisconnectHandler(logMaxConnectionsPerUserExceeded);
final AtomicInteger connected = new AtomicInteger();
metricMaker.newCallbackMetric(
diff --git a/javatests/com/google/gerrit/acceptance/rest/account/CreateAccountIT.java b/javatests/com/google/gerrit/acceptance/rest/account/CreateAccountIT.java
index aca6c4c..8d801f1 100644
--- a/javatests/com/google/gerrit/acceptance/rest/account/CreateAccountIT.java
+++ b/javatests/com/google/gerrit/acceptance/rest/account/CreateAccountIT.java
@@ -18,6 +18,7 @@
import com.google.gerrit.acceptance.AbstractDaemonTest;
import com.google.gerrit.acceptance.RestResponse;
+import com.google.gerrit.acceptance.config.GerritConfig;
import com.google.gerrit.extensions.api.accounts.AccountInput;
import org.junit.Test;
@@ -31,4 +32,44 @@
r.assertCreated();
assertThat(accountCache.getByUsername(input.username)).isPresent();
}
+
+ @Test
+ @GerritConfig(name = "auth.userNameToLowerCase", value = "false")
+ public void createAccountRestApiUserNameToLowerCaseFalse() throws Exception {
+ AccountInput input = new AccountInput();
+ input.username = "JohnDoe";
+ assertThat(accountCache.getByUsername(input.username)).isEmpty();
+ RestResponse r = adminRestSession.put("/accounts/" + input.username, input);
+ r.assertCreated();
+ assertThat(accountCache.getByUsername(input.username)).isPresent();
+ }
+
+ @Test
+ @GerritConfig(name = "auth.userNameToLowerCase", value = "true")
+ public void createAccountRestApiUserNameToLowerCaseTrue() throws Exception {
+ testUserNameToLowerCase("John1", "John1", "john1");
+ assertThat(accountCache.getByUsername("John1")).isEmpty();
+
+ testUserNameToLowerCase("john2", "John2", "john2");
+ assertThat(accountCache.getByUsername("John2")).isEmpty();
+
+ testUserNameToLowerCase("John3", "john3", "john3");
+ assertThat(accountCache.getByUsername("John3")).isEmpty();
+
+ testUserNameToLowerCase("John4", "johN4", "john4");
+ assertThat(accountCache.getByUsername("John4")).isEmpty();
+ assertThat(accountCache.getByUsername("johN4")).isEmpty();
+
+ testUserNameToLowerCase("john5", "john5", "john5");
+ }
+
+ private void testUserNameToLowerCase(String usernameUrl, String usernameInput, String usernameDb)
+ throws Exception {
+ AccountInput input = new AccountInput();
+ input.username = usernameInput;
+ assertThat(accountCache.getByUsername(usernameDb)).isEmpty();
+ RestResponse r = adminRestSession.put("/accounts/" + usernameUrl, input);
+ r.assertCreated();
+ assertThat(accountCache.getByUsername(usernameDb)).isPresent();
+ }
}
diff --git a/javatests/com/google/gerrit/acceptance/rest/binding/PluginProvidedChildRestApiBindingsIT.java b/javatests/com/google/gerrit/acceptance/rest/binding/PluginProvidedChildRestApiBindingsIT.java
index 22feeb7..90b4f01 100644
--- a/javatests/com/google/gerrit/acceptance/rest/binding/PluginProvidedChildRestApiBindingsIT.java
+++ b/javatests/com/google/gerrit/acceptance/rest/binding/PluginProvidedChildRestApiBindingsIT.java
@@ -15,12 +15,16 @@
package com.google.gerrit.acceptance.rest.binding;
import static com.google.gerrit.server.change.RevisionResource.REVISION_KIND;
+import static com.google.gerrit.server.change.RobotCommentResource.ROBOT_COMMENT_KIND;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Iterables;
import com.google.gerrit.acceptance.AbstractDaemonTest;
+import com.google.gerrit.acceptance.PushOneCommit;
import com.google.gerrit.acceptance.rest.util.RestApiCallHelper;
import com.google.gerrit.acceptance.rest.util.RestCall;
+import com.google.gerrit.entities.Change;
import com.google.gerrit.entities.PatchSet;
import com.google.gerrit.extensions.registration.DynamicMap;
import com.google.gerrit.extensions.restapi.ChildCollection;
@@ -34,6 +38,8 @@
import com.google.gerrit.extensions.restapi.RestResource;
import com.google.gerrit.extensions.restapi.RestView;
import com.google.gerrit.server.change.RevisionResource;
+import com.google.gerrit.server.change.RobotCommentResource;
+import com.google.gerrit.testing.TestCommentHelper;
import com.google.inject.AbstractModule;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -47,6 +53,7 @@
* not test the functionality of the plugin REST endpoints.
*/
public class PluginProvidedChildRestApiBindingsIT extends AbstractDaemonTest {
+ @Inject private TestCommentHelper testCommentHelper;
/** Resource to bind a child collection. */
public static final TypeLiteral<RestView<TestPluginResource>> TEST_KIND =
@@ -54,7 +61,7 @@
private static final String PLUGIN_NAME = "my-plugin";
- private static final ImmutableSet<RestCall> TEST_CALLS =
+ private static final ImmutableSet<RestCall> REVISION_TEST_CALLS =
ImmutableSet.of(
// Calls that have the plugin name as part of the collection name
RestCall.get("/changes/%s/revisions/%s/" + PLUGIN_NAME + "~test-collection/"),
@@ -70,6 +77,9 @@
RestCall.post("/changes/%s/revisions/%s/test-collection/"),
RestCall.post("/changes/%s/revisions/%s/test-collection/1/update"));
+ private static final ImmutableSet<RestCall> ROBOTCOMMENT_TEST_CALLS =
+ ImmutableSet.of(RestCall.delete("/changes/%s/revisions/%s/robotcomments/%s"));
+
/**
* Module for all sys bindings.
*
@@ -89,6 +99,7 @@
postOnCollection(TEST_KIND).to(TestPostOnCollection.class);
post(TEST_KIND, "update").to(TestPost.class);
get(TEST_KIND, "detail").to(TestGet.class);
+ delete(ROBOT_COMMENT_KIND).to(TestDelete.class);
}
});
}
@@ -148,15 +159,46 @@
}
}
+ @Singleton
+ static class TestDelete implements RestModifyView<RobotCommentResource, String> {
+ @Override
+ public Response<?> apply(RobotCommentResource resource, String input) throws Exception {
+ return Response.none();
+ }
+ }
+
@Test
- public void testEndpoints() throws Exception {
+ public void testRevisionEndpoints() throws Exception {
PatchSet.Id patchSetId = createChange().getPatchSetId();
try (AutoCloseable ignored = installPlugin(PLUGIN_NAME, MyPluginSysModule.class, null, null)) {
RestApiCallHelper.execute(
adminRestSession,
- TEST_CALLS.asList(),
+ REVISION_TEST_CALLS.asList(),
String.valueOf(patchSetId.changeId().get()),
String.valueOf(patchSetId.get()));
}
}
+
+ @Test
+ public void testRobotCommentEndpoints() throws Exception {
+ PatchSet.Id patchSetId = createChange().getPatchSetId();
+ String robotCommentUuid = createRobotComment(patchSetId.changeId());
+ try (AutoCloseable ignored = installPlugin(PLUGIN_NAME, MyPluginSysModule.class, null, null)) {
+ RestApiCallHelper.execute(
+ adminRestSession,
+ ROBOTCOMMENT_TEST_CALLS.asList(),
+ String.valueOf(patchSetId.changeId().get()),
+ String.valueOf(patchSetId.get()),
+ robotCommentUuid);
+ }
+ }
+
+ private String createRobotComment(Change.Id changeId) throws Exception {
+ testCommentHelper.addRobotComment(
+ changeId.toString(), TestCommentHelper.createRobotCommentInput(PushOneCommit.FILE_NAME));
+ return Iterables.getOnlyElement(
+ Iterables.getOnlyElement(
+ gApi.changes().id(changeId.get()).current().robotComments().values()))
+ .id;
+ }
}
diff --git a/javatests/com/google/gerrit/acceptance/rest/change/ChangeIdIT.java b/javatests/com/google/gerrit/acceptance/rest/change/ChangeIdIT.java
index bc52681..06e24ab 100644
--- a/javatests/com/google/gerrit/acceptance/rest/change/ChangeIdIT.java
+++ b/javatests/com/google/gerrit/acceptance/rest/change/ChangeIdIT.java
@@ -81,6 +81,14 @@
}
@Test
+ public void tripletWithoutChangeIdReturnsNotFound() throws Exception {
+ createChange().assertOkStatus();
+ createChange().assertOkStatus();
+ RestResponse res = adminRestSession.get(changeDetail(project.get() + "~master~"));
+ res.assertNotFound();
+ }
+
+ @Test
public void changeIdReturnsChange() throws Exception {
PushOneCommit.Result c = createChange();
RestResponse res = adminRestSession.get(changeDetail(c.getChangeId()));
diff --git a/javatests/com/google/gerrit/acceptance/rest/change/PredicateIT.java b/javatests/com/google/gerrit/acceptance/rest/change/PredicateIT.java
new file mode 100644
index 0000000..5e29538
--- /dev/null
+++ b/javatests/com/google/gerrit/acceptance/rest/change/PredicateIT.java
@@ -0,0 +1,52 @@
+// Copyright (C) 2021 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.acceptance.rest.change;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import com.google.gerrit.acceptance.AbstractPredicateTest;
+import com.google.gerrit.acceptance.RestResponse;
+import com.google.gerrit.entities.Change;
+import com.google.gson.reflect.TypeToken;
+import java.util.List;
+import java.util.Map;
+import org.junit.Test;
+
+public class PredicateIT extends AbstractPredicateTest {
+
+ @Test
+ public void testLabelPredicate() throws Exception {
+ try (AutoCloseable ignored = installPlugin(PLUGIN_NAME, PluginModule.class)) {
+ Change.Id changeId = createChange().getChange().getId();
+ approve(String.valueOf(changeId.get()));
+ List<MyInfo> myInfos =
+ pluginInfoFromSingletonList(
+ adminRestSession.get("/changes/?--my-plugin--sample&q=change:" + changeId.get()));
+
+ assertThat(myInfos).hasSize(1);
+ assertThat(myInfos.get(0).name).isEqualTo(PLUGIN_NAME);
+ assertThat(myInfos.get(0).message).isEqualTo("matched");
+ }
+ }
+
+ public List<MyInfo> pluginInfoFromSingletonList(RestResponse res) throws Exception {
+ res.assertOK();
+ List<Map<String, Object>> changeInfos =
+ GSON.fromJson(res.getReader(), new TypeToken<List<Map<String, Object>>>() {}.getType());
+
+ assertThat(changeInfos).hasSize(1);
+ return decodeRawPluginsList(changeInfos.get(0).get("plugins"));
+ }
+}
diff --git a/javatests/com/google/gerrit/acceptance/server/quota/RepositorySizeQuotaIT.java b/javatests/com/google/gerrit/acceptance/server/quota/RepositorySizeQuotaIT.java
index 801288a..2692584 100644
--- a/javatests/com/google/gerrit/acceptance/server/quota/RepositorySizeQuotaIT.java
+++ b/javatests/com/google/gerrit/acceptance/server/quota/RepositorySizeQuotaIT.java
@@ -34,7 +34,7 @@
import com.google.gerrit.server.quota.QuotaResponse;
import com.google.inject.Module;
import java.util.Collections;
-import org.eclipse.jgit.api.errors.TooLargeObjectInPackException;
+import org.eclipse.jgit.api.errors.TooLargePackException;
import org.eclipse.jgit.api.errors.TransportException;
import org.junit.Before;
import org.junit.Test;
@@ -77,7 +77,7 @@
@Test
public void pushWithAvailableTokens() throws Exception {
when(quotaBackendWithResource.availableTokens(REPOSITORY_SIZE_GROUP))
- .thenReturn(singletonAggregation(ok(276L)));
+ .thenReturn(singletonAggregation(ok(277L)));
when(quotaBackendWithResource.requestTokens(eq(REPOSITORY_SIZE_GROUP), anyLong()))
.thenReturn(singletonAggregation(ok()));
when(quotaBackendWithUser.project(project)).thenReturn(quotaBackendWithResource);
@@ -91,12 +91,10 @@
when(quotaBackendWithResource.availableTokens(REPOSITORY_SIZE_GROUP))
.thenReturn(singletonAggregation(ok(availableTokens)));
when(quotaBackendWithUser.project(project)).thenReturn(quotaBackendWithResource);
- TooLargeObjectInPackException thrown =
- assertThrows(TooLargeObjectInPackException.class, () -> pushCommit());
- assertThat(thrown).hasMessageThat().contains("Object too large");
- assertThat(thrown)
- .hasMessageThat()
- .contains(String.format("Max object size limit is %d bytes.", availableTokens));
+ assertThat(assertThrows(TooLargePackException.class, () -> pushCommit()).getMessage())
+ .contains(
+ String.format(
+ "Pack exceeds the limit of %d bytes, rejecting the pack", availableTokens));
}
@Test
diff --git a/javatests/com/google/gerrit/acceptance/ssh/PredicateIT.java b/javatests/com/google/gerrit/acceptance/ssh/PredicateIT.java
new file mode 100644
index 0000000..fc6100b
--- /dev/null
+++ b/javatests/com/google/gerrit/acceptance/ssh/PredicateIT.java
@@ -0,0 +1,65 @@
+// Copyright (C) 2021 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.acceptance.ssh;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import com.google.common.io.CharStreams;
+import com.google.gerrit.acceptance.AbstractPredicateTest;
+import com.google.gerrit.acceptance.NoHttpd;
+import com.google.gerrit.acceptance.UseSsh;
+import com.google.gerrit.entities.Change;
+import com.google.gson.reflect.TypeToken;
+import java.io.StringReader;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import org.junit.Test;
+
+@NoHttpd
+@UseSsh
+public class PredicateIT extends AbstractPredicateTest {
+
+ @Test
+ public void testLabelPredicate() throws Exception {
+ try (AutoCloseable ignored = installPlugin(PLUGIN_NAME, PluginModule.class)) {
+ Change.Id changeId = createChange().getChange().getId();
+ approve(String.valueOf(changeId.get()));
+ String sshOutput =
+ adminSshSession.exec(
+ "gerrit query --format json --my-plugin--sample change:" + changeId.get());
+ adminSshSession.assertSuccess();
+ List<MyInfo> myInfos = pluginInfoFromSingletonList(sshOutput);
+
+ assertThat(myInfos).hasSize(1);
+ assertThat(myInfos.get(0).name).isEqualTo(PLUGIN_NAME);
+ assertThat(myInfos.get(0).message).isEqualTo("matched");
+ }
+ }
+
+ private static List<MyInfo> pluginInfoFromSingletonList(String sshOutput) throws Exception {
+ List<Map<String, Object>> changeAttrs = new ArrayList<>();
+ for (String line : CharStreams.readLines(new StringReader(sshOutput))) {
+ Map<String, Object> changeAttr =
+ GSON.fromJson(line, new TypeToken<Map<String, Object>>() {}.getType());
+ if (!"stats".equals(changeAttr.get("type"))) {
+ changeAttrs.add(changeAttr);
+ }
+ }
+
+ assertThat(changeAttrs).hasSize(1);
+ return decodeRawPluginsList(changeAttrs.get(0).get("plugins"));
+ }
+}
diff --git a/javatests/com/google/gerrit/elasticsearch/ElasticContainer.java b/javatests/com/google/gerrit/elasticsearch/ElasticContainer.java
index 8cd09e6..c330961 100644
--- a/javatests/com/google/gerrit/elasticsearch/ElasticContainer.java
+++ b/javatests/com/google/gerrit/elasticsearch/ElasticContainer.java
@@ -39,10 +39,6 @@
private static String getImageName(ElasticVersion version) {
switch (version) {
- case V7_4:
- return "blacktop/elasticsearch:7.4.2";
- case V7_5:
- return "blacktop/elasticsearch:7.5.2";
case V7_6:
return "blacktop/elasticsearch:7.6.2";
case V7_7:
diff --git a/javatests/com/google/gerrit/elasticsearch/ElasticVersionTest.java b/javatests/com/google/gerrit/elasticsearch/ElasticVersionTest.java
index 508dc84..2ce3a2c 100644
--- a/javatests/com/google/gerrit/elasticsearch/ElasticVersionTest.java
+++ b/javatests/com/google/gerrit/elasticsearch/ElasticVersionTest.java
@@ -22,12 +22,6 @@
public class ElasticVersionTest {
@Test
public void supportedVersion() throws Exception {
- assertThat(ElasticVersion.forVersion("7.4.0")).isEqualTo(ElasticVersion.V7_4);
- assertThat(ElasticVersion.forVersion("7.4.1")).isEqualTo(ElasticVersion.V7_4);
-
- assertThat(ElasticVersion.forVersion("7.5.0")).isEqualTo(ElasticVersion.V7_5);
- assertThat(ElasticVersion.forVersion("7.5.1")).isEqualTo(ElasticVersion.V7_5);
-
assertThat(ElasticVersion.forVersion("7.6.0")).isEqualTo(ElasticVersion.V7_6);
assertThat(ElasticVersion.forVersion("7.6.1")).isEqualTo(ElasticVersion.V7_6);
diff --git a/javatests/com/google/gerrit/httpd/BUILD b/javatests/com/google/gerrit/httpd/BUILD
index d751890..121cbc4 100644
--- a/javatests/com/google/gerrit/httpd/BUILD
+++ b/javatests/com/google/gerrit/httpd/BUILD
@@ -4,6 +4,7 @@
name = "httpd_tests",
srcs = glob(["**/*.java"]),
deps = [
+ "//java/com/google/gerrit/entities",
"//java/com/google/gerrit/extensions:api",
"//java/com/google/gerrit/httpd",
"//java/com/google/gerrit/server",
@@ -17,6 +18,7 @@
"//lib:junit",
"//lib:servlet-api-without-neverlink",
"//lib:soy",
+ "//lib/bouncycastle:bcprov",
"//lib/guice",
"//lib/guice:guice-servlet",
"//lib/mockito",
diff --git a/javatests/com/google/gerrit/httpd/ProjectBasicAuthFilterTest.java b/javatests/com/google/gerrit/httpd/ProjectBasicAuthFilterTest.java
new file mode 100644
index 0000000..2f0fafa
--- /dev/null
+++ b/javatests/com/google/gerrit/httpd/ProjectBasicAuthFilterTest.java
@@ -0,0 +1,293 @@
+// Copyright (C) 2021 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.httpd;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.mockito.Mockito.any;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+
+import com.google.common.collect.ImmutableSet;
+import com.google.gerrit.entities.Account;
+import com.google.gerrit.extensions.client.GitBasicAuthPolicy;
+import com.google.gerrit.extensions.registration.DynamicItem;
+import com.google.gerrit.server.IdentifiedUser;
+import com.google.gerrit.server.account.AccountCache;
+import com.google.gerrit.server.account.AccountException;
+import com.google.gerrit.server.account.AccountManager;
+import com.google.gerrit.server.account.AccountState;
+import com.google.gerrit.server.account.AuthResult;
+import com.google.gerrit.server.account.externalids.ExternalId;
+import com.google.gerrit.server.config.AuthConfig;
+import com.google.gerrit.util.http.testutil.FakeHttpServletRequest;
+import com.google.gerrit.util.http.testutil.FakeHttpServletResponse;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Optional;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletResponse;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Captor;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+
+@RunWith(MockitoJUnitRunner.class)
+public class ProjectBasicAuthFilterTest {
+ private static final Base64.Encoder B64_ENC = Base64.getEncoder();
+ private static final Account.Id AUTH_ACCOUNT_ID = Account.id(1000);
+ private static final String AUTH_USER = "johndoe";
+ private static final String AUTH_USER_B64 =
+ B64_ENC.encodeToString(AUTH_USER.getBytes(StandardCharsets.UTF_8));
+ private static final String AUTH_PASSWORD = "jd123";
+ private static final String GERRIT_COOKIE_KEY = "GerritAccount";
+ private static final String AUTH_COOKIE_VALUE = "gerritcookie";
+ private static final ExternalId AUTH_USER_PASSWORD_EXTERNAL_ID =
+ ExternalId.createWithPassword(
+ ExternalId.Key.create(ExternalId.SCHEME_USERNAME, AUTH_USER),
+ AUTH_ACCOUNT_ID,
+ null,
+ AUTH_PASSWORD);
+
+ @Mock private DynamicItem<WebSession> webSessionItem;
+
+ @Mock private AccountCache accountCache;
+
+ @Mock private AccountState accountState;
+
+ @Mock private Account account;
+
+ @Mock private AccountManager accountManager;
+
+ @Mock private AuthConfig authConfig;
+
+ @Mock private FilterChain chain;
+
+ @Captor private ArgumentCaptor<HttpServletResponse> filterResponseCaptor;
+
+ @Mock private IdentifiedUser.RequestFactory userRequestFactory;
+
+ @Mock private WebSessionManager webSessionManager;
+
+ private WebSession webSession;
+ private FakeHttpServletRequest req;
+ private HttpServletResponse res;
+ private AuthResult authSuccessful;
+
+ @Before
+ public void setUp() throws Exception {
+ req = new FakeHttpServletRequest("gerrit.example.com", 80, "", "");
+ res = new FakeHttpServletResponse();
+
+ authSuccessful =
+ new AuthResult(AUTH_ACCOUNT_ID, ExternalId.Key.create("username", AUTH_USER), false);
+ doReturn(Optional.of(accountState)).when(accountCache).getByUsername(AUTH_USER);
+ doReturn(Optional.of(accountState)).when(accountCache).get(AUTH_ACCOUNT_ID);
+ doReturn(account).when(accountState).account();
+ doReturn(true).when(account).isActive();
+ doReturn(authSuccessful).when(accountManager).authenticate(any());
+
+ doReturn(new WebSessionManager.Key(AUTH_COOKIE_VALUE)).when(webSessionManager).createKey(any());
+ WebSessionManager.Val webSessionValue =
+ new WebSessionManager.Val(AUTH_ACCOUNT_ID, 0L, false, null, 0L, "", "");
+ doReturn(webSessionValue)
+ .when(webSessionManager)
+ .createVal(any(), any(), eq(false), any(), any(), any());
+ }
+
+ @Test
+ public void shouldAllowAnonymousRequest() throws Exception {
+ initMockedWebSession();
+ res.setStatus(HttpServletResponse.SC_OK);
+
+ ProjectBasicAuthFilter basicAuthFilter =
+ new ProjectBasicAuthFilter(webSessionItem, accountCache, accountManager, authConfig);
+
+ basicAuthFilter.doFilter(req, res, chain);
+
+ verify(chain).doFilter(eq(req), filterResponseCaptor.capture());
+ assertThat(res.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+ }
+
+ @Test
+ public void shouldRequestAuthenticationForBasicAuthRequest() throws Exception {
+ initMockedWebSession();
+ req.addHeader("Authorization", "Basic " + AUTH_USER_B64);
+ res.setStatus(HttpServletResponse.SC_OK);
+
+ ProjectBasicAuthFilter basicAuthFilter =
+ new ProjectBasicAuthFilter(webSessionItem, accountCache, accountManager, authConfig);
+
+ basicAuthFilter.doFilter(req, res, chain);
+
+ verify(chain, never()).doFilter(any(), any());
+ assertThat(res.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+ assertThat(res.getHeader("WWW-Authenticate")).contains("Basic realm=");
+ }
+
+ @Test
+ public void shouldAuthenticateSucessfullyAgainstRealmAndReturnCookie() throws Exception {
+ initWebSessionWithoutCookie();
+ requestBasicAuth(req);
+ res.setStatus(HttpServletResponse.SC_OK);
+
+ doReturn(true).when(account).isActive();
+ doReturn(GitBasicAuthPolicy.LDAP).when(authConfig).getGitBasicAuthPolicy();
+
+ ProjectBasicAuthFilter basicAuthFilter =
+ new ProjectBasicAuthFilter(webSessionItem, accountCache, accountManager, authConfig);
+
+ basicAuthFilter.doFilter(req, res, chain);
+
+ verify(accountManager).authenticate(any());
+
+ verify(chain).doFilter(eq(req), any());
+ assertThat(res.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+ assertThat(res.getHeader("Set-Cookie")).contains(GERRIT_COOKIE_KEY);
+ }
+
+ @Test
+ public void shouldValidateUserPasswordAndNotReturnCookie() throws Exception {
+ initWebSessionWithoutCookie();
+ requestBasicAuth(req);
+ initMockedUsernamePasswordExternalId();
+ doReturn(GitBasicAuthPolicy.HTTP).when(authConfig).getGitBasicAuthPolicy();
+ res.setStatus(HttpServletResponse.SC_OK);
+
+ ProjectBasicAuthFilter basicAuthFilter =
+ new ProjectBasicAuthFilter(webSessionItem, accountCache, accountManager, authConfig);
+
+ basicAuthFilter.doFilter(req, res, chain);
+
+ verify(accountManager, never()).authenticate(any());
+
+ verify(chain).doFilter(eq(req), any());
+ assertThat(res.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+ assertThat(res.getHeader("Set-Cookie")).isNull();
+ }
+
+ @Test
+ public void shouldNotReauthenticateForGitPostRequest() throws Exception {
+ req.setPathInfo("/a/project.git/git-upload-pack");
+ req.setMethod("POST");
+ req.addHeader("Content-Type", "application/x-git-upload-pack-request");
+ doFilterForRequestWhenAlreadySignedIn();
+
+ verify(accountManager, never()).authenticate(any());
+ verify(chain).doFilter(eq(req), any());
+ assertThat(res.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+ }
+
+ @Test
+ public void shouldReauthenticateForRegularRequestEvenIfAlreadySignedIn() throws Exception {
+ doReturn(GitBasicAuthPolicy.LDAP).when(authConfig).getGitBasicAuthPolicy();
+ doFilterForRequestWhenAlreadySignedIn();
+
+ verify(accountManager).authenticate(any());
+ verify(chain).doFilter(eq(req), any());
+ assertThat(res.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+ }
+
+ @Test
+ public void shouldReauthenticateEvenIfHasExistingCookie() throws Exception {
+ initWebSessionWithCookie("GerritAccount=" + AUTH_COOKIE_VALUE);
+ res.setStatus(HttpServletResponse.SC_OK);
+ requestBasicAuth(req);
+ doReturn(GitBasicAuthPolicy.LDAP).when(authConfig).getGitBasicAuthPolicy();
+
+ ProjectBasicAuthFilter basicAuthFilter =
+ new ProjectBasicAuthFilter(webSessionItem, accountCache, accountManager, authConfig);
+
+ basicAuthFilter.doFilter(req, res, chain);
+
+ verify(accountManager).authenticate(any());
+ verify(chain).doFilter(eq(req), any());
+ assertThat(res.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+ }
+
+ @Test
+ public void shouldFailedAuthenticationAgainstRealm() throws Exception {
+ initMockedWebSession();
+ requestBasicAuth(req);
+
+ doReturn(true).when(account).isActive();
+ doThrow(new AccountException("Authentication error")).when(accountManager).authenticate(any());
+ doReturn(GitBasicAuthPolicy.LDAP).when(authConfig).getGitBasicAuthPolicy();
+
+ ProjectBasicAuthFilter basicAuthFilter =
+ new ProjectBasicAuthFilter(webSessionItem, accountCache, accountManager, authConfig);
+
+ basicAuthFilter.doFilter(req, res, chain);
+
+ verify(accountManager).authenticate(any());
+
+ verify(chain, never()).doFilter(any(), any());
+ assertThat(res.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+ }
+
+ private void doFilterForRequestWhenAlreadySignedIn()
+ throws IOException, ServletException, AccountException {
+ initMockedWebSession();
+ doReturn(true).when(account).isActive();
+ doReturn(true).when(webSession).isSignedIn();
+ doReturn(authSuccessful).when(accountManager).authenticate(any());
+ requestBasicAuth(req);
+ res.setStatus(HttpServletResponse.SC_OK);
+
+ ProjectBasicAuthFilter basicAuthFilter =
+ new ProjectBasicAuthFilter(webSessionItem, accountCache, accountManager, authConfig);
+
+ basicAuthFilter.doFilter(req, res, chain);
+ }
+
+ private void initWebSessionWithCookie(String cookie) {
+ req.addHeader("Cookie", cookie);
+ initWebSessionWithoutCookie();
+ }
+
+ private void initWebSessionWithoutCookie() {
+ webSession =
+ new CacheBasedWebSession(
+ req, res, webSessionManager, authConfig, null, userRequestFactory, accountCache) {};
+ doReturn(webSession).when(webSessionItem).get();
+ }
+
+ private void initMockedWebSession() {
+ webSession = mock(WebSession.class);
+ doReturn(webSession).when(webSessionItem).get();
+ }
+
+ private void initMockedUsernamePasswordExternalId() {
+ doReturn(ImmutableSet.builder().add(AUTH_USER_PASSWORD_EXTERNAL_ID).build())
+ .when(accountState)
+ .externalIds();
+ }
+
+ private void requestBasicAuth(FakeHttpServletRequest fakeReq) {
+ fakeReq.addHeader(
+ "Authorization",
+ "Basic "
+ + B64_ENC.encodeToString(
+ (AUTH_USER + ":" + AUTH_PASSWORD).getBytes(StandardCharsets.UTF_8)));
+ }
+}
diff --git a/javatests/com/google/gerrit/integration/ssh/BUILD b/javatests/com/google/gerrit/integration/ssh/BUILD
index dc8e68c..412aad8 100644
--- a/javatests/com/google/gerrit/integration/ssh/BUILD
+++ b/javatests/com/google/gerrit/integration/ssh/BUILD
@@ -5,3 +5,9 @@
group = "peer-keys-auth",
labels = ["ssh"],
)
+
+acceptance_tests(
+ srcs = ["NoShellIT.java"],
+ group = "no-shell",
+ labels = ["ssh"],
+)
diff --git a/javatests/com/google/gerrit/integration/ssh/NoShellIT.java b/javatests/com/google/gerrit/integration/ssh/NoShellIT.java
new file mode 100644
index 0000000..2bbbf1a
--- /dev/null
+++ b/javatests/com/google/gerrit/integration/ssh/NoShellIT.java
@@ -0,0 +1,96 @@
+// Copyright (C) 2021 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.integration.ssh;
+
+import static com.google.common.truth.Truth.assertThat;
+import static com.google.gerrit.testing.GerritJUnit.assertThrows;
+import static java.nio.charset.StandardCharsets.UTF_8;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.gerrit.acceptance.GerritServer.TestSshServerAddress;
+import com.google.gerrit.acceptance.NoHttpd;
+import com.google.gerrit.acceptance.StandaloneSiteTest;
+import com.google.gerrit.acceptance.UseSsh;
+import com.google.gerrit.extensions.api.GerritApi;
+import com.google.inject.Inject;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import org.junit.Test;
+
+@NoHttpd
+@UseSsh
+public class NoShellIT extends StandaloneSiteTest {
+ private static final String[] SSH_KEYGEN_CMD =
+ new String[] {"ssh-keygen", "-t", "rsa", "-q", "-P", "", "-f"};
+
+ @Inject private GerritApi gApi;
+ @Inject private @TestSshServerAddress InetSocketAddress sshAddress;
+
+ private String identityPath;
+
+ @Test(timeout = 60000)
+ public void verifyCommandsIsClosed() throws Exception {
+ try (ServerContext ctx = startServer()) {
+ setUpTestHarness(ctx);
+
+ IOException thrown = assertThrows(IOException.class, () -> execute(cmd()));
+ assertThat(thrown)
+ .hasMessageThat()
+ .contains("Hi Administrator, you have successfully connected over SSH.");
+ }
+ }
+
+ private void setUpTestHarness(ServerContext ctx) throws Exception {
+ ctx.getInjector().injectMembers(this);
+ setUpAuthentication();
+ identityPath = sitePaths.data_dir.resolve(String.format("id_rsa_%s", "admin")).toString();
+ }
+
+ private void setUpAuthentication() throws Exception {
+ execute(
+ ImmutableList.<String>builder()
+ .add(SSH_KEYGEN_CMD)
+ .add(String.format("id_rsa_%s", "admin"))
+ .build());
+ gApi.accounts()
+ .id("admin")
+ .addSshKey(
+ new String(
+ java.nio.file.Files.readAllBytes(
+ sitePaths.data_dir.resolve(String.format("id_rsa_%s.pub", "admin"))),
+ UTF_8));
+ }
+
+ private ImmutableList<String> cmd() {
+ return ImmutableList.<String>builder()
+ .add("ssh")
+ .add("-tt")
+ .add("-o")
+ .add("StrictHostKeyChecking=no")
+ .add("-o")
+ .add("UserKnownHostsFile=/dev/null")
+ .add("-p")
+ .add(String.valueOf(sshAddress.getPort()))
+ .add("admin@" + sshAddress.getHostName())
+ .add("-i")
+ .add(identityPath)
+ .build();
+ }
+
+ private String execute(ImmutableList<String> cmd) throws Exception {
+ return execute(cmd, sitePaths.data_dir.toFile(), ImmutableMap.of());
+ }
+}
diff --git a/javatests/com/google/gerrit/pgm/BUILD b/javatests/com/google/gerrit/pgm/BUILD
index 5a3a824..0fe4fad 100644
--- a/javatests/com/google/gerrit/pgm/BUILD
+++ b/javatests/com/google/gerrit/pgm/BUILD
@@ -5,6 +5,7 @@
name = "pgm_tests",
srcs = glob(["**/*.java"]),
deps = [
+ "//java/com/google/gerrit/pgm/http/jetty",
"//java/com/google/gerrit/pgm/init/api",
"//java/com/google/gerrit/server",
"//java/com/google/gerrit/server/securestore/testing",
@@ -15,6 +16,8 @@
"//lib/guice",
"//lib/mockito",
"//lib/truth",
+ "@jetty-server//jar",
+ "@servlet-api//jar",
],
)
diff --git a/javatests/com/google/gerrit/pgm/http/jetty/ProjectQoSFilterTest.java b/javatests/com/google/gerrit/pgm/http/jetty/ProjectQoSFilterTest.java
new file mode 100644
index 0000000..b969d68
--- /dev/null
+++ b/javatests/com/google/gerrit/pgm/http/jetty/ProjectQoSFilterTest.java
@@ -0,0 +1,175 @@
+// Copyright (C) 2021 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.pgm.http.jetty;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.mockito.Mockito.when;
+
+import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.account.AccountLimits;
+import com.google.gerrit.server.account.GroupMembership;
+import com.google.gerrit.server.git.QueueProvider;
+import com.google.inject.Provider;
+import java.util.Optional;
+import java.util.concurrent.Future;
+import java.util.concurrent.ScheduledThreadPoolExecutor;
+import javax.servlet.AsyncContext;
+import javax.servlet.AsyncEvent;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jgit.lib.Config;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+
+@RunWith(MockitoJUnitRunner.class)
+public class ProjectQoSFilterTest {
+
+ @Mock AsyncEvent asyncEvent;
+ @Mock AsyncContext asyncContext;
+
+ @Mock AccountLimits.Factory limitsFactory;
+ @Mock Provider<CurrentUser> userProvider;
+ @Mock QueueProvider queue;
+ @Mock ServletContext context;
+
+ @Test
+ public void shouldCallTaskEndOnListenerCompleteFromDifferentThread() {
+ ProjectQoSFilter.TaskThunk taskThunk = getTaskThunk();
+ ScheduledThreadPoolExecutor scheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(1);
+
+ Future<?> f = scheduledThreadPoolExecutor.submit(taskThunk);
+ taskThunk.begin(Thread.currentThread());
+
+ new Thread() {
+ @Override
+ public void run() {
+ ProjectQoSFilter.Listener listener = new ProjectQoSFilter.Listener(f, taskThunk);
+ try {
+ listener.onComplete(asyncEvent);
+ } catch (Exception e) {
+ }
+ }
+ }.run();
+
+ assertThat(taskThunk.isDone()).isTrue();
+ }
+
+ @Test
+ public void shouldCallTaskEndOnListenerTimeoutFromDifferentThread() {
+ ProjectQoSFilter.TaskThunk taskThunk = getTaskThunk();
+ ScheduledThreadPoolExecutor scheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(1);
+
+ Future<?> f = scheduledThreadPoolExecutor.submit(taskThunk);
+ taskThunk.begin(Thread.currentThread());
+
+ new Thread() {
+ @Override
+ public void run() {
+ ProjectQoSFilter.Listener listener = new ProjectQoSFilter.Listener(f, taskThunk);
+ try {
+ listener.onTimeout(asyncEvent);
+ } catch (Exception e) {
+ }
+ }
+ }.run();
+
+ assertThat(taskThunk.isDone()).isTrue();
+ }
+
+ @Test
+ public void shouldCallTaskEndOnListenerErrorFromDifferentThread() {
+ ProjectQoSFilter.TaskThunk taskThunk = getTaskThunk();
+ ScheduledThreadPoolExecutor scheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(1);
+
+ Future<?> f = scheduledThreadPoolExecutor.submit(taskThunk);
+ taskThunk.begin(Thread.currentThread());
+
+ new Thread() {
+ @Override
+ public void run() {
+ ProjectQoSFilter.Listener listener = new ProjectQoSFilter.Listener(f, taskThunk);
+ try {
+ listener.onError(asyncEvent);
+ } catch (Exception e) {
+ }
+ }
+ }.run();
+
+ assertThat(taskThunk.isDone()).isTrue();
+ }
+
+ private ProjectQoSFilter.TaskThunk getTaskThunk() {
+ HttpServletRequest servletRequest = new FakeHttpServletRequest();
+ Config config = new Config();
+ String HTTP_MAX_WAIT = "1 minute";
+ config.setString("httpd", null, "maxwait", HTTP_MAX_WAIT);
+
+ when(userProvider.get()).thenReturn(new FakeUser("testUser"));
+ when(asyncContext.getRequest()).thenReturn(servletRequest);
+
+ ProjectQoSFilter projectQoSFilter =
+ new ProjectQoSFilter(limitsFactory, userProvider, queue, context, config);
+ return projectQoSFilter.new TaskThunk(asyncContext, servletRequest);
+ }
+
+ private static class FakeUser extends CurrentUser {
+ private final String username;
+
+ FakeUser(String name) {
+ username = name;
+ }
+
+ @Override
+ public GroupMembership getEffectiveGroups() {
+ return null;
+ }
+
+ @Override
+ public Object getCacheKey() {
+ return new Object();
+ }
+
+ @Override
+ public Optional<String> getUserName() {
+ return Optional.ofNullable(username);
+ }
+ }
+
+ private static final class FakeHttpServletRequest extends HttpServletRequestWrapper {
+
+ FakeHttpServletRequest() {
+ super(new Request(null, null));
+ }
+
+ @Override
+ public String getRemoteHost() {
+ return "1.2.3.4";
+ }
+
+ @Override
+ public String getRemoteUser() {
+ return "bob";
+ }
+
+ @Override
+ public String getServletPath() {
+ return "http://testulr/a/plugins_replication/info/refs?service=git-upload-pack";
+ }
+ }
+}
diff --git a/javatests/com/google/gerrit/util/http/testutil/FakeHttpServletRequest.java b/javatests/com/google/gerrit/util/http/testutil/FakeHttpServletRequest.java
index a4175e3..0bb4de4 100644
--- a/javatests/com/google/gerrit/util/http/testutil/FakeHttpServletRequest.java
+++ b/javatests/com/google/gerrit/util/http/testutil/FakeHttpServletRequest.java
@@ -17,6 +17,7 @@
import static com.google.common.base.Preconditions.checkArgument;
import static java.nio.charset.StandardCharsets.UTF_8;
import static java.util.Objects.requireNonNull;
+import static java.util.stream.Collectors.toList;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
@@ -66,6 +67,7 @@
private String contextPath;
private String servletPath;
private String path;
+ private String method;
public FakeHttpServletRequest() {
this("gerrit.example.com", 80, "", SERVLET_PATH);
@@ -80,6 +82,7 @@
attributes = Maps.newConcurrentMap();
parameters = LinkedListMultimap.create();
headers = LinkedListMultimap.create();
+ method = "GET";
}
@Override
@@ -104,6 +107,11 @@
@Override
public String getContentType() {
+ List<String> contentType = headers.get("Content-Type");
+ if (contentType != null && !contentType.isEmpty()) {
+ return contentType.get(0);
+ }
+
return null;
}
@@ -257,7 +265,15 @@
@Override
public Cookie[] getCookies() {
- return new Cookie[0];
+ return Splitter.on(";").splitToList(Strings.nullToEmpty(getHeader("Cookie"))).stream()
+ .filter(s -> !s.isEmpty())
+ .map(
+ (String cookieValue) -> {
+ String[] kv = cookieValue.split("=");
+ return new Cookie(kv[0], kv[1]);
+ })
+ .collect(toList())
+ .toArray(new Cookie[0]);
}
@Override
@@ -288,7 +304,11 @@
@Override
public String getMethod() {
- return "GET";
+ return method;
+ }
+
+ public void setMethod(String method) {
+ this.method = method;
}
@Override
diff --git a/javatests/com/google/gerrit/util/http/testutil/FakeHttpServletResponse.java b/javatests/com/google/gerrit/util/http/testutil/FakeHttpServletResponse.java
index 9a98ecd..f39b875 100644
--- a/javatests/com/google/gerrit/util/http/testutil/FakeHttpServletResponse.java
+++ b/javatests/com/google/gerrit/util/http/testutil/FakeHttpServletResponse.java
@@ -161,7 +161,7 @@
@Override
public void addCookie(Cookie cookie) {
- throw new UnsupportedOperationException();
+ addHeader("Set-Cookie", cookie.getName() + "=" + cookie.getValue());
}
@Override
diff --git a/modules/jgit b/modules/jgit
index 8f422e9..73f8acd 160000
--- a/modules/jgit
+++ b/modules/jgit
@@ -1 +1 @@
-Subproject commit 8f422e9a9add4a7a7d972e8aa1dfa5e15fccdf99
+Subproject commit 73f8acdc5c97e068143c86765995c4fb6923ee91
diff --git a/polygerrit-ui/app/behaviors/gr-access-behavior/gr-access-behavior.js b/polygerrit-ui/app/behaviors/gr-access-behavior/gr-access-behavior.js
index 7b48ecc..4028b18 100644
--- a/polygerrit-ui/app/behaviors/gr-access-behavior/gr-access-behavior.js
+++ b/polygerrit-ui/app/behaviors/gr-access-behavior/gr-access-behavior.js
@@ -82,10 +82,6 @@
id: 'owner',
name: 'Owner',
},
- publishDrafts: {
- id: 'publishDrafts',
- name: 'Publish Drafts',
- },
push: {
id: 'push',
name: 'Push',
diff --git a/polygerrit-ui/app/elements/admin/gr-repo-list/gr-repo-list.js b/polygerrit-ui/app/elements/admin/gr-repo-list/gr-repo-list.js
index 1f33b25..1dd28e8 100644
--- a/polygerrit-ui/app/elements/admin/gr-repo-list/gr-repo-list.js
+++ b/polygerrit-ui/app/elements/admin/gr-repo-list/gr-repo-list.js
@@ -152,7 +152,9 @@
.then(repos => {
// Late response.
if (filter !== this._filter || !repos) { return; }
- this._repos = repos.filter(repo => repo.name.includes(filter));
+ this._repos = repos.filter(repo =>
+ repo.name.toLowerCase().includes(filter.toLowerCase())
+ );
this._loading = false;
});
}
diff --git a/polygerrit-ui/app/elements/admin/gr-repo-list/gr-repo-list_test.html b/polygerrit-ui/app/elements/admin/gr-repo-list/gr-repo-list_test.html
index e848980..4b1a2af 100644
--- a/polygerrit-ui/app/elements/admin/gr-repo-list/gr-repo-list_test.html
+++ b/polygerrit-ui/app/elements/admin/gr-repo-list/gr-repo-list_test.html
@@ -37,20 +37,22 @@
import './gr-repo-list.js';
import page from 'page/page.mjs';
-let counter;
-const repoGenerator = () => {
+function createRepo(name, counter) {
return {
- id: `test${++counter}`,
- name: `test`,
+ id: `${name}${counter}`,
+ name: `${name}`,
state: 'ACTIVE',
web_links: [
{
name: 'diffusion',
- url: `https://phabricator.example.org/r/project/test${counter}`,
+ url: `https://phabricator.example.org/r/project/${name}${counter}`,
},
],
};
-};
+}
+
+let counter;
+const repoGenerator = () => createRepo('test', ++counter);
suite('gr-repo-list tests', () => {
let element;
@@ -154,6 +156,15 @@
done();
});
});
+
+ test('filter is case insensitive', async () => {
+ const repoStub = sandbox.stub(element.$.restAPI, 'getRepos');
+ const repos = [createRepo('aSDf', 0)];
+ repoStub.withArgs('asdf').returns(Promise.resolve(repos));
+ element._filter = 'asdf';
+ await element._getRepos('asdf', 25, 0);
+ assert.equal(element._repos.length, 1);
+ });
});
suite('loading', () => {
diff --git a/polygerrit-ui/app/elements/change/gr-change-view/gr-change-view.js b/polygerrit-ui/app/elements/change/gr-change-view/gr-change-view.js
index ddf28d4..7ce6990 100644
--- a/polygerrit-ui/app/elements/change/gr-change-view/gr-change-view.js
+++ b/polygerrit-ui/app/elements/change/gr-change-view/gr-change-view.js
@@ -1563,7 +1563,47 @@
* @param {?Object} edit
*/
_processEdit(change, edit) {
+ if (
+ !edit &&
+ this._patchRange &&
+ this._patchRange.patchNum === this.EDIT_NAME &&
+ change.status === this.ChangeStatus.NEW
+ ) {
+ /* eslint-disable max-len */
+ const message = 'Change edit not found. Please create a change edit.';
+ this.dispatchEvent(
+ new CustomEvent('show-alert', {
+ detail: {message},
+ bubbles: true,
+ composed: true,
+ })
+ );
+ GerritNav.navigateToChange(change);
+ return;
+ }
+
+ if (
+ !edit &&
+ (change.status === this.ChangeStatus.MERGED ||
+ change.status === this.ChangeStatus.ABANDONED) &&
+ this._editMode
+ ) {
+ /* eslint-disable max-len */
+ const message =
+ 'Change edits cannot be created if change is merged or abandoned. Redirected to non edit mode.';
+ this.dispatchEvent(
+ new CustomEvent('show-alert', {
+ detail: {message},
+ bubbles: true,
+ composed: true,
+ })
+ );
+ GerritNav.navigateToChange(change);
+ return;
+ }
+
if (!edit) { return; }
+
change.revisions[edit.commit.commit] = {
_number: this.EDIT_NAME,
basePatchNum: edit.base_patch_set_number,
@@ -1691,6 +1731,24 @@
}
_getCommitInfo() {
+ // We only call _getEdit if the patchset number is an edit.
+ // We have to do this to ensure we can tell if an edit
+ // exists or not.
+ // This safely works even if a edit does not exist.
+ if (this._patchRange.patchNum === this.EDIT_NAME) {
+ return this._getEdit().then(edit => {
+ if (!edit) {
+ return Promise.resolve();
+ }
+
+ return this._getChangeCommitInfo();
+ });
+ }
+
+ return this._getChangeCommitInfo();
+ }
+
+ _getChangeCommitInfo() {
return this.$.restAPI.getChangeCommitInfo(
this._changeNum, this._patchRange.patchNum).then(
commitInfo => {
@@ -1871,6 +1929,12 @@
return Promise.resolve();
}
+ // If mergeable bit was already returned in detail REST endpoint, use it.
+ if (this._change.mergeable !== undefined) {
+ this._mergeable = this._change.mergeable;
+ return Promise.resolve();
+ }
+
this._mergeable = null;
return this.$.restAPI.getMergeable(this._changeNum).then(m => {
this._mergeable = m.mergeable;
diff --git a/polygerrit-ui/app/elements/change/gr-download-dialog/gr-download-dialog_html.js b/polygerrit-ui/app/elements/change/gr-download-dialog/gr-download-dialog_html.js
index 9569c03..0a118d6 100644
--- a/polygerrit-ui/app/elements/change/gr-download-dialog/gr-download-dialog_html.js
+++ b/polygerrit-ui/app/elements/change/gr-download-dialog/gr-download-dialog_html.js
@@ -63,6 +63,9 @@
.hidden {
display: none;
}
+ gr-download-commands {
+ width: min(80vw, 1200px);
+ }
</style>
<section>
<h3 class="title">
diff --git a/polygerrit-ui/app/elements/core/gr-main-header/gr-main-header.js b/polygerrit-ui/app/elements/core/gr-main-header/gr-main-header.js
index 3294f5f..44537e1 100644
--- a/polygerrit-ui/app/elements/core/gr-main-header/gr-main-header.js
+++ b/polygerrit-ui/app/elements/core/gr-main-header/gr-main-header.js
@@ -235,7 +235,7 @@
);
if (m.name in topMenuLinks) {
items.forEach(link => { topMenuLinks[m.name].push(link); });
- } else {
+ } else if (items.length > 0) {
links.push({
title: m.name,
links: topMenuLinks[m.name] = items,
diff --git a/polygerrit-ui/app/elements/edit/gr-edit-controls/gr-edit-controls.js b/polygerrit-ui/app/elements/edit/gr-edit-controls/gr-edit-controls.js
index 7ca849f..67357c4 100644
--- a/polygerrit-ui/app/elements/edit/gr-edit-controls/gr-edit-controls.js
+++ b/polygerrit-ui/app/elements/edit/gr-edit-controls/gr-edit-controls.js
@@ -302,6 +302,11 @@
fr.readAsDataURL(file);
}
}
+
+ _handleKeyPress(event) {
+ event.preventDefault();
+ event.stopImmediatePropagation();
+ }
}
customElements.define(GrEditControls.is, GrEditControls);
diff --git a/polygerrit-ui/app/elements/edit/gr-edit-controls/gr-edit-controls_html.js b/polygerrit-ui/app/elements/edit/gr-edit-controls/gr-edit-controls_html.js
index 02639c0..73487de 100644
--- a/polygerrit-ui/app/elements/edit/gr-edit-controls/gr-edit-controls_html.js
+++ b/polygerrit-ui/app/elements/edit/gr-edit-controls/gr-edit-controls_html.js
@@ -95,21 +95,29 @@
query="[[_query]]"
text="{{_path}}"
></gr-autocomplete>
- <div id="dragDropArea" on-drop="_handleDragAndDropUpload">
- <p>Drag and drop a file here</p>
- <p>or</p>
- <p>
+ <div
+ id="dragDropArea"
+ contenteditable="true"
+ on-drop="_handleDragAndDropUpload"
+ on-keypress="_handleKeyPress"
+ >
+ <p contenteditable="false">Drag and drop a file here</p>
+ <p contenteditable="false">or</p>
+ <p contenteditable="false">
<iron-input>
<input
is="iron-input"
id="fileUploadInput"
type="file"
on-change="_handleFileUploadChanged"
+ multiple
hidden
/>
</iron-input>
<label for="fileUploadInput">
- <gr-button id="fileUploadBrowse">Browse</gr-button>
+ <gr-button id="fileUploadBrowse" contenteditable="false"
+ >Browse</gr-button
+ >
</label>
</p>
</div>
diff --git a/polygerrit-ui/app/elements/edit/gr-editor-view/gr-editor-view.js b/polygerrit-ui/app/elements/edit/gr-editor-view/gr-editor-view.js
index d2ffa56..6e4d8c6 100644
--- a/polygerrit-ui/app/elements/edit/gr-editor-view/gr-editor-view.js
+++ b/polygerrit-ui/app/elements/edit/gr-editor-view/gr-editor-view.js
@@ -32,6 +32,7 @@
import {htmlTemplate} from './gr-editor-view_html.js';
import {PatchSetBehavior} from '../../../behaviors/gr-patch-set-behavior/gr-patch-set-behavior.js';
import {PathListBehavior} from '../../../behaviors/gr-path-list-behavior/gr-path-list-behavior.js';
+import {RESTClientBehavior} from '../../../behaviors/rest-client-behavior/rest-client-behavior.js';
import {KeyboardShortcutBehavior} from '../../../behaviors/keyboard-shortcut-behavior/keyboard-shortcut-behavior.js';
import {GerritNav} from '../../core/gr-navigation/gr-navigation.js';
@@ -49,6 +50,7 @@
KeyboardShortcutBehavior,
PatchSetBehavior,
PathListBehavior,
+ RESTClientBehavior,
], GestureEventListeners(
LegacyElementMixin(
PolymerElement))) {
@@ -77,7 +79,10 @@
observer: '_paramsChanged',
},
- _change: Object,
+ _change: {
+ type: Object,
+ observer: '_editChange',
+ },
_changeEditDetail: Object,
_changeNum: String,
_patchNum: String,
@@ -169,6 +174,23 @@
});
}
+ _editChange(value) {
+ if (!value) return;
+ if (value.status !== this.ChangeStatus.MERGED &&
+ value.status !== this.ChangeStatus.ABANDONED) return;
+ /* eslint-disable max-len */
+ const message =
+ 'Change edits cannot be created if change is merged or abandoned. Redirected to non edit mode.';
+ this.dispatchEvent(
+ new CustomEvent('show-alert', {
+ detail: {message},
+ bubbles: true,
+ composed: true,
+ })
+ );
+ GerritNav.navigateToChange(value);
+ }
+
_handlePathChanged(e) {
const path = e.detail;
if (path === this._path) {
@@ -184,9 +206,7 @@
}
_viewEditInChangeView() {
- const patch = this._successfulSave ? this.EDIT_NAME : this._patchNum;
- GerritNav.navigateToChange(this._change, patch, null,
- patch !== this.EDIT_NAME);
+ GerritNav.navigateToChange(this._change, undefined, undefined, true);
}
_getFileData(changeNum, path, patchNum) {
diff --git a/polygerrit-ui/app/elements/edit/gr-editor-view/gr-editor-view_test.html b/polygerrit-ui/app/elements/edit/gr-editor-view/gr-editor-view_test.html
index e385854..f353a1c 100644
--- a/polygerrit-ui/app/elements/edit/gr-editor-view/gr-editor-view_test.html
+++ b/polygerrit-ui/app/elements/edit/gr-editor-view/gr-editor-view_test.html
@@ -297,18 +297,13 @@
element._showAlert('test message');
});
- test('_viewEditInChangeView respects _patchNum', () => {
+ test('_viewEditInChangeView', () => {
navigateStub.restore();
const navStub = sandbox.stub(GerritNav, 'navigateToChange');
element._patchNum = element.EDIT_NAME;
element._viewEditInChangeView();
- assert.equal(navStub.lastCall.args[1], element.EDIT_NAME);
- element._patchNum = '1';
- element._viewEditInChangeView();
- assert.equal(navStub.lastCall.args[1], '1');
- element._successfulSave = true;
- element._viewEditInChangeView();
- assert.equal(navStub.lastCall.args[1], element.EDIT_NAME);
+ assert.equal(navStub.lastCall.args[1], undefined);
+ assert.equal(navStub.lastCall.args[3], true);
});
suite('keyboard shortcuts', () => {
diff --git a/polygerrit-ui/app/elements/settings/gr-account-info/gr-account-info.js b/polygerrit-ui/app/elements/settings/gr-account-info/gr-account-info.js
index 7e312d3..b1b5ba7 100644
--- a/polygerrit-ui/app/elements/settings/gr-account-info/gr-account-info.js
+++ b/polygerrit-ui/app/elements/settings/gr-account-info/gr-account-info.js
@@ -102,6 +102,8 @@
this._serverConfig = config;
}));
+ promises.push(this.$.restAPI.invalidateAccountsDetailCache());
+
promises.push(this.$.restAPI.getAccount().then(account => {
this._hasNameChange = false;
this._hasUsernameChange = false;
diff --git a/polygerrit-ui/app/elements/shared/gr-download-commands/gr-download-commands_html.js b/polygerrit-ui/app/elements/shared/gr-download-commands/gr-download-commands_html.js
index 7248e65..599fdf2 100644
--- a/polygerrit-ui/app/elements/shared/gr-download-commands/gr-download-commands_html.js
+++ b/polygerrit-ui/app/elements/shared/gr-download-commands/gr-download-commands_html.js
@@ -44,7 +44,6 @@
flex-direction: column;
}
gr-shell-command {
- width: 60em;
margin-bottom: var(--spacing-m);
}
.hidden {
diff --git a/polygerrit-ui/app/elements/shared/gr-dropdown-list/gr-dropdown-list_html.js b/polygerrit-ui/app/elements/shared/gr-dropdown-list/gr-dropdown-list_html.js
index 0f80af2..6e5e461 100644
--- a/polygerrit-ui/app/elements/shared/gr-dropdown-list/gr-dropdown-list_html.js
+++ b/polygerrit-ui/app/elements/shared/gr-dropdown-list/gr-dropdown-list_html.js
@@ -139,7 +139,6 @@
slot="dropdown-content"
attr-for-selected="data-value"
selected="{{value}}"
- on-tap="_handleDropdownTap"
>
<template
is="dom-repeat"
diff --git a/polygerrit-ui/app/elements/shared/gr-rest-api-interface/gr-rest-api-interface.js b/polygerrit-ui/app/elements/shared/gr-rest-api-interface/gr-rest-api-interface.js
index b675df7..72c8058 100644
--- a/polygerrit-ui/app/elements/shared/gr-rest-api-interface/gr-rest-api-interface.js
+++ b/polygerrit-ui/app/elements/shared/gr-rest-api-interface/gr-rest-api-interface.js
@@ -1349,6 +1349,10 @@
this._restApiHelper.invalidateFetchPromisesPrefix('/accounts/');
}
+ invalidateAccountsDetailCache() {
+ this._restApiHelper.invalidateFetchPromisesPrefix('/accounts/self/detail');
+ }
+
/**
* @param {string} filter
* @param {number} groupsPerPage
diff --git a/resources/com/google/gerrit/httpd/auth/openid/LoginForm.html b/resources/com/google/gerrit/httpd/auth/openid/LoginForm.html
index 4923143..efd760f 100644
--- a/resources/com/google/gerrit/httpd/auth/openid/LoginForm.html
+++ b/resources/com/google/gerrit/httpd/auth/openid/LoginForm.html
@@ -75,11 +75,6 @@
<a href="?id=https://login.launchpad.net/%2Bopenid" id="id_launchpad">Sign in with a Launchpad ID</a>
</div>
- <div id="provider_yahoo">
- <img height="16" width="16" src="data:image/gif;base64,R0lGODlhEAAQAPECAAAAAP8AAP///8zMzCH5BAEAAAMALAAAAAAQABAAAAIqnI+py30BY3AgAjCkfJDjiIAQlgUkNxqWkqrm0honKk7KhZOzw/f+fygAADs=" />
- <a href="?id=https://me.yahoo.com" id="id_yahoo">Sign in with a Yahoo! ID</a>
- </div>
-
<div style="margin-top: 25px;">
<h2>What is OpenID?</h2>
<p>OpenID provides secure single-sign-on, without revealing your passwords to this website.</p>
diff --git a/resources/com/google/gerrit/pgm/init/gerrit.sh b/resources/com/google/gerrit/pgm/init/gerrit.sh
index ce858d5..7dcd441 100755
--- a/resources/com/google/gerrit/pgm/init/gerrit.sh
+++ b/resources/com/google/gerrit/pgm/init/gerrit.sh
@@ -96,6 +96,36 @@
fi
}
+# Limited support for Gerrit's getTimeUnit() limited from seconds to days
+# because having gerrit startup/shutdown that wait for weeks or years would
+# not make so much sense.
+get_time_unit_sec() {
+ TIME_LC=`echo $1 | tr '[:upper:]' '[:lower:]'`
+ if echo "$TIME_LC" | grep -qE '^(0|[1-9][0-9]*)$'
+ then
+ echo $TIME_LC
+ elif echo "$TIME_LC" | grep -qE '^[1-9][0-9]*\ *(s|sec|second|seconds)$'
+ then
+ echo "$TIME_LC" | tr -d -c 0-9
+ elif echo "$TIME_LC" | grep -qE '^[1-9][0-9]*\ *(m|min|minute|minutes)$'
+ then
+ expr `echo "$TIME_LC" | tr -d -c 0-9` '*' 60
+ elif echo "$TIME_LC" | grep -qE '^[1-9][0-9]*\ *(h|hr|hour|hours)$'
+ then
+ expr `echo "$TIME_LC" | tr -d -c 0-9` '*' 3600
+ elif echo "$TIME_LC" | grep -qE '^[1-9][0-9]*\ *(d|day|days)$'
+ then
+ expr `echo "$TIME_LC" | tr -d -c 0-9` '*' 86400
+ else
+ >&2 echo "Unsupported time format $1"
+ exit 1
+ fi
+}
+
+max() {
+ echo $(( $1 > $2 ? $1 : $2 ))
+}
+
##################################################
# Get the action and options
##################################################
@@ -316,6 +346,15 @@
ulimit -x >/dev/null 2>&1 && ulimit -x unlimited ; # file locks
#####################################################
+# Configure the maximum wait time for shutdown
+#####################################################
+EXTRA_STOP_TIMEOUT=30
+HTTPD_STOP_TIMEOUT=$(get_time_unit_sec "$(get_config --get httpd.gracefulStopTimeout || echo 0)")
+SSHD_STOP_TIMEOUT=$(get_time_unit_sec "$(get_config --get sshd.gracefulStopTimeout || echo 0)")
+
+STOP_TIMEOUT=`expr $(max $HTTPD_STOP_TIMEOUT $SSHD_STOP_TIMEOUT) '+' $EXTRA_STOP_TIMEOUT`
+
+#####################################################
# This is how the Gerrit server will be started
#####################################################
@@ -477,7 +516,7 @@
if running "$GERRIT_PID" ; then
sleep 3
if running "$GERRIT_PID" ; then
- sleep 30
+ sleep $STOP_TIMEOUT
if running "$GERRIT_PID" ; then
start-stop-daemon -K -p "$GERRIT_PID" -s KILL
fi
@@ -487,7 +526,7 @@
echo OK
else
PID=`cat "$GERRIT_PID" 2>/dev/null`
- TIMEOUT=30
+ TIMEOUT=$STOP_TIMEOUT
while running "$GERRIT_PID" && test $TIMEOUT -gt 0 ; do
kill $PID 2>/dev/null
sleep 1
diff --git a/tools/download_file.py b/tools/download_file.py
index f86fd3e..936bcef 100755
--- a/tools/download_file.py
+++ b/tools/download_file.py
@@ -17,7 +17,7 @@
import argparse
from hashlib import sha1
-from os import link, makedirs, path, remove
+from os import environ, link, makedirs, path, remove
import shutil
from subprocess import check_call, CalledProcessError
from sys import stderr
@@ -25,7 +25,10 @@
from zipfile import ZipFile, BadZipfile, LargeZipFile
GERRIT_HOME = path.expanduser('~/.gerritcodereview')
-CACHE_DIR = path.join(GERRIT_HOME, 'bazel-cache', 'downloaded-artifacts')
+CACHE_DIR = environ.get(
+ 'GERRIT_CACHE_HOME',
+ path.join(GERRIT_HOME, 'bazel-cache', 'downloaded-artifacts'))
+
LOCAL_PROPERTIES = 'local.properties'
diff --git a/tools/js/download_bower.py b/tools/js/download_bower.py
index 1df4b82..d541b56 100755
--- a/tools/js/download_bower.py
+++ b/tools/js/download_bower.py
@@ -25,8 +25,12 @@
import bowerutil
-CACHE_DIR = os.path.expanduser(os.path.join(
- '~', '.gerritcodereview', 'bazel-cache', 'downloaded-artifacts'))
+CACHE_DIR = os.environ.get(
+ 'GERRIT_CACHE_HOME',
+ os.path.expanduser(os.path.join(
+ '~', '.gerritcodereview', 'bazel-cache', 'downloaded-artifacts'
+ ))
+)
def bower_cmd(bower, *args):
diff --git a/tools/maven/gerrit-acceptance-framework_pom.xml b/tools/maven/gerrit-acceptance-framework_pom.xml
index 8360c26..9be4ad0 100644
--- a/tools/maven/gerrit-acceptance-framework_pom.xml
+++ b/tools/maven/gerrit-acceptance-framework_pom.xml
@@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.google.gerrit</groupId>
<artifactId>gerrit-acceptance-framework</artifactId>
- <version>3.2.8-SNAPSHOT</version>
+ <version>3.2.12-SNAPSHOT</version>
<packaging>jar</packaging>
<name>Gerrit Code Review - Acceptance Test Framework</name>
<description>Framework for Gerrit's acceptance tests</description>
diff --git a/tools/maven/gerrit-extension-api_pom.xml b/tools/maven/gerrit-extension-api_pom.xml
index 8efe17d..8f293ac 100644
--- a/tools/maven/gerrit-extension-api_pom.xml
+++ b/tools/maven/gerrit-extension-api_pom.xml
@@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.google.gerrit</groupId>
<artifactId>gerrit-extension-api</artifactId>
- <version>3.2.8-SNAPSHOT</version>
+ <version>3.2.12-SNAPSHOT</version>
<packaging>jar</packaging>
<name>Gerrit Code Review - Extension API</name>
<description>API for Gerrit Extensions</description>
diff --git a/tools/maven/gerrit-plugin-api_pom.xml b/tools/maven/gerrit-plugin-api_pom.xml
index 586a78a..63775e1 100644
--- a/tools/maven/gerrit-plugin-api_pom.xml
+++ b/tools/maven/gerrit-plugin-api_pom.xml
@@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.google.gerrit</groupId>
<artifactId>gerrit-plugin-api</artifactId>
- <version>3.2.8-SNAPSHOT</version>
+ <version>3.2.12-SNAPSHOT</version>
<packaging>jar</packaging>
<name>Gerrit Code Review - Plugin API</name>
<description>API for Gerrit Plugins</description>
diff --git a/tools/maven/gerrit-war_pom.xml b/tools/maven/gerrit-war_pom.xml
index 30eaeba..62e6e46 100644
--- a/tools/maven/gerrit-war_pom.xml
+++ b/tools/maven/gerrit-war_pom.xml
@@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.google.gerrit</groupId>
<artifactId>gerrit-war</artifactId>
- <version>3.2.8-SNAPSHOT</version>
+ <version>3.2.12-SNAPSHOT</version>
<packaging>war</packaging>
<name>Gerrit Code Review - WAR</name>
<description>Gerrit WAR</description>
diff --git a/tools/workspace_status.py b/tools/workspace_status.py
index 86df519..443c2f0 100644
--- a/tools/workspace_status.py
+++ b/tools/workspace_status.py
@@ -36,9 +36,11 @@
print("STABLE_BUILD_GERRIT_LABEL %s" % revision(ROOT, ROOT))
-for d in os.listdir(os.path.join(ROOT, 'plugins')):
- p = os.path.join('plugins', d)
- if os.path.isdir(p):
- v = revision(p, ROOT)
- print('STABLE_BUILD_%s_LABEL %s' % (os.path.basename(p).upper(),
- v if v else 'unknown'))
+for kind in ['modules', 'plugins']:
+ kind_dir = os.path.join(ROOT, kind)
+ for d in os.listdir(kind_dir):
+ p = os.path.join(kind_dir, d)
+ if os.path.isdir(p):
+ v = revision(p, ROOT)
+ print('STABLE_BUILD_%s_LABEL %s' % (os.path.basename(p).upper(),
+ v if v else 'unknown'))
diff --git a/version.bzl b/version.bzl
index 4f80099..a1b999a 100644
--- a/version.bzl
+++ b/version.bzl
@@ -2,4 +2,4 @@
# Used by :api_install and :api_deploy targets
# when talking to the destination repository.
#
-GERRIT_VERSION = "3.2.8-SNAPSHOT"
+GERRIT_VERSION = "3.2.12-SNAPSHOT"
