Allow execution of account removal REST API
Enable to cookie-based authentication for the sole purpose of
invoking the DELETE /accounts/self REST API that allows the
self-removal of accounts
Change-Id: I9251243b688548e61deb6c463d640ce7b1ffdac6
diff --git a/BUILD b/BUILD
index bcaa2f0..487c348 100644
--- a/BUILD
+++ b/BUILD
@@ -13,6 +13,7 @@
"Gerrit-PluginName: account",
"Gerrit-Module: com.gerritforge.gerrit.plugins.account.Module",
"Gerrit-SshModule: com.gerritforge.gerrit.plugins.account.SshModule",
+ "Gerrit-HttpModule: com.gerritforge.gerrit.plugins.account.HttpModule",
],
resources = glob(["src/main/resources/**/*"]),
)
diff --git a/src/main/java/com/gerritforge/gerrit/plugins/account/HttpModule.java b/src/main/java/com/gerritforge/gerrit/plugins/account/HttpModule.java
new file mode 100644
index 0000000..fe322fc
--- /dev/null
+++ b/src/main/java/com/gerritforge/gerrit/plugins/account/HttpModule.java
@@ -0,0 +1,27 @@
+// Copyright (C) 2018 GerritForge Ltd
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.gerritforge.gerrit.plugins.account;
+
+import com.google.gerrit.extensions.registration.DynamicSet;
+import com.google.gerrit.httpd.AllRequestFilter;
+import com.google.inject.servlet.ServletModule;
+
+public class HttpModule extends ServletModule {
+
+ @Override
+ protected void configureServlets() {
+ DynamicSet.bind(binder(), AllRequestFilter.class).to(XAuthFilter.class);
+ }
+}
diff --git a/src/main/java/com/gerritforge/gerrit/plugins/account/XAuthFilter.java b/src/main/java/com/gerritforge/gerrit/plugins/account/XAuthFilter.java
new file mode 100644
index 0000000..25d3df1
--- /dev/null
+++ b/src/main/java/com/gerritforge/gerrit/plugins/account/XAuthFilter.java
@@ -0,0 +1,61 @@
+// Copyright (C) 2018 GerritForge Ltd
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.gerritforge.gerrit.plugins.account;
+
+import com.google.gerrit.extensions.registration.DynamicItem;
+import com.google.gerrit.httpd.AllRequestFilter;
+import com.google.gerrit.httpd.WebSession;
+import com.google.gerrit.server.AccessPath;
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+import java.io.IOException;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@Singleton
+public class XAuthFilter extends AllRequestFilter {
+ public static final String ALLOWED_URI_SUFFIX = "/a/accounts/self";
+
+ private static final Logger log = LoggerFactory.getLogger(XAuthFilter.class);
+
+ private DynamicItem<WebSession> webSession;
+
+ @Inject
+ public XAuthFilter(DynamicItem<WebSession> webSession) {
+ this.webSession = webSession;
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ String uri = ((HttpServletRequest) request).getRequestURI();
+
+ if (uri.endsWith(ALLOWED_URI_SUFFIX)) {
+ WebSession session = webSession.get();
+ if (session != null && session.isSignedIn() && session.getXGerritAuth() != null) {
+ String currentUser = session.getUser().getUserName();
+ log.info("REST API URI {} allowed for user {}", uri, currentUser);
+ session.setAccessPathOk(AccessPath.REST_API, true);
+ }
+ }
+
+ chain.doFilter(request, response);
+ }
+}
