Workaround to be able to invoke Gerrit API
Historically Gerrit needed the X-Gerrit-Auth HTTP header that is
unknown to the browser and to the client. Workaround the issue
by injecting a ServletFilter that will enable the REST API
paths relevant to the current plugin as valid authenticated endpoints.
Bug: Issue 8843
Change-Id: I5c39157d5adbcc34a2d112ffe8c2229183476ef8
diff --git a/build.sbt b/build.sbt
index 7b9e7ea..fc26036 100644
--- a/build.sbt
+++ b/build.sbt
@@ -25,6 +25,7 @@
("Gerrit-ApiType", "plugin"),
("Gerrit-PluginName", pluginName),
("Gerrit-Module", "com.googlesource.gerrit.plugins.analytics.wizard.Module"),
+ ("Gerrit-HttpModule", "com.googlesource.gerrit.plugins.analytics.wizard.HttpModule"),
("Implementation-Title", "Analytics plugin wizard")
)
)
diff --git a/src/main/scala/com/googlesource/gerrit/plugins/analytics/wizard/HttpModule.scala b/src/main/scala/com/googlesource/gerrit/plugins/analytics/wizard/HttpModule.scala
new file mode 100644
index 0000000..b2ab5a9
--- /dev/null
+++ b/src/main/scala/com/googlesource/gerrit/plugins/analytics/wizard/HttpModule.scala
@@ -0,0 +1,26 @@
+// Copyright (C) 2018 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.plugins.analytics.wizard
+
+import com.google.gerrit.extensions.registration.DynamicSet
+import com.google.gerrit.httpd.AllRequestFilter
+import com.google.inject.servlet.ServletModule
+
+class HttpModule extends ServletModule {
+
+ override def configureServlets() {
+ DynamicSet.bind(binder(), classOf[AllRequestFilter]).to(classOf[XAuthFilter])
+ }
+}
diff --git a/src/main/scala/com/googlesource/gerrit/plugins/analytics/wizard/Module.scala b/src/main/scala/com/googlesource/gerrit/plugins/analytics/wizard/Module.scala
index 36d21dd..9c77724 100644
--- a/src/main/scala/com/googlesource/gerrit/plugins/analytics/wizard/Module.scala
+++ b/src/main/scala/com/googlesource/gerrit/plugins/analytics/wizard/Module.scala
@@ -1,4 +1,4 @@
-// Copyright (C) 2017 The Android Open Source Project
+// Copyright (C) 2018 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -13,7 +13,9 @@
// limitations under the License.
package com.googlesource.gerrit.plugins.analytics.wizard
+import com.google.gerrit.extensions.registration.DynamicSet
import com.google.gerrit.extensions.restapi.RestApiModule
+import com.google.gerrit.httpd.AllRequestFilter
import com.google.gerrit.server.project.ProjectResource.PROJECT_KIND
import com.google.inject.AbstractModule
diff --git a/src/main/scala/com/googlesource/gerrit/plugins/analytics/wizard/XAuthFilter.scala b/src/main/scala/com/googlesource/gerrit/plugins/analytics/wizard/XAuthFilter.scala
new file mode 100644
index 0000000..d940da7
--- /dev/null
+++ b/src/main/scala/com/googlesource/gerrit/plugins/analytics/wizard/XAuthFilter.scala
@@ -0,0 +1,48 @@
+// Copyright (C) 2018 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.plugins.analytics.wizard
+
+import javax.servlet._
+import javax.servlet.http.HttpServletRequest
+
+import com.google.gerrit.extensions.annotations.PluginName
+import com.google.gerrit.extensions.registration.DynamicItem
+import com.google.gerrit.httpd.{AllRequestFilter, WebSession}
+import com.google.gerrit.server.AccessPath
+import com.google.inject.{Inject, Singleton}
+import org.slf4j.{Logger, LoggerFactory}
+
+@Singleton
+class XAuthFilter @Inject()(val webSession: DynamicItem[WebSession], @PluginName pluginName: String) extends AllRequestFilter {
+ implicit val log: Logger = LoggerFactory.getLogger(classOf[XAuthFilter])
+ val authenticatedPluginURIs = (s".*/a/.*$pluginName.*").r
+
+ override def init(filterConfig: FilterConfig) {}
+
+ override def destroy() {}
+
+ override def doFilter(req: ServletRequest, resp: ServletResponse, chain: FilterChain) {
+ val uri = req.asInstanceOf[HttpServletRequest].getRequestURI
+ authenticatedPluginURIs.findFirstIn(uri).foreach { _ =>
+ val session = webSession.get
+ if (session != null && session.isSignedIn && session.getXGerritAuth != null) {
+ session.setAccessPathOk(AccessPath.REST_API, true)
+ log.debug(s"Set URI $uri as authenticated REST-API access path")
+ }
+ }
+
+ chain.doFilter(req, resp)
+ }
+}
\ No newline at end of file