Merge "Respect auth.userNameToLowerCase"
diff --git a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/CFOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/CFOAuthService.java
index 2fde5d9..23968a2 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/CFOAuthService.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/CFOAuthService.java
@@ -22,6 +22,7 @@
import com.google.gerrit.extensions.auth.oauth.OAuthUserInfo;
import com.google.gerrit.extensions.auth.oauth.OAuthVerifier;
import com.google.gerrit.reviewdb.client.AccountExternalId;
+import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.gerrit.server.config.PluginConfig;
import com.google.gerrit.server.config.PluginConfigFactory;
@@ -41,6 +42,7 @@
@Inject
CFOAuthService(PluginConfigFactory cfgFactory,
+ AuthConfig authConfig,
@PluginName String pluginName,
@CanonicalWebUrl Provider<String> urlProvider) {
PluginConfig cfg = cfgFactory.getFromGerritConfig(pluginName);
@@ -52,6 +54,7 @@
cfg.getString(InitOAuthConfig.CLIENT_ID),
cfg.getString(InitOAuthConfig.CLIENT_SECRET),
cfg.getBoolean(InitOAuthConfig.VERIFIY_SIGNATURES, true),
+ authConfig.isUserNameToLowerCase(),
redirectUrl);
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/UAAClient.java b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/UAAClient.java
index c1a5f1f..b800265 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/UAAClient.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/UAAClient.java
@@ -34,6 +34,7 @@
import org.scribe.model.Response;
import java.text.MessageFormat;
+import java.util.Locale;
class UAAClient {
@@ -79,6 +80,7 @@
private final String userInfoEndpoint;
private final boolean verifySignatures;
+ private final boolean userNameToLowerCase;
/**
* Lazily initialized and may be updated from time to time
@@ -90,10 +92,12 @@
String clientId,
String clientSecret,
boolean verifySignatures,
+ boolean userNameToLowerCase,
String redirectUrl) {
this.clientCredentials = BASIC_AUTHENTICATION + " "
+ encodeBase64(clientId + ":" + clientSecret);
this.verifySignatures = verifySignatures;
+ this.userNameToLowerCase = userNameToLowerCase;
this.redirectUrl = redirectUrl;
this.authorizationEndpoint = String.format(AUTHORIZE_ENDPOINT,
uaaServerUrl, encode(clientId), encode(redirectUrl));
@@ -215,7 +219,8 @@
public boolean isAccessTokenForUser(String username, String accessToken) {
try {
JsonObject jsonWebToken = toJsonWebToken(accessToken);
- return username.equals(getAttribute(jsonWebToken, USER_NAME_ATTRIBUTE));
+ return equalsAdjustCase(username,
+ getAttribute(jsonWebToken, USER_NAME_ATTRIBUTE));
} catch (UAAClientException e) {
return false;
}
@@ -234,7 +239,8 @@
try {
JsonObject jsonWebToken = toJsonWebToken(accessToken);
return getAttribute(jsonWebToken, USER_NAME_ATTRIBUTE) == null &&
- clientname.equals(getAttribute(jsonWebToken, SUB_ATTRIBUTE));
+ equalsAdjustCase(clientname,
+ getAttribute(jsonWebToken, SUB_ATTRIBUTE));
} catch (UAAClientException e) {
return false;
}
@@ -260,6 +266,9 @@
throw new UAAClientException(
"Invalid token: missing or invalid 'user_name' attribute");
}
+ if (userNameToLowerCase) {
+ username = lowercase(username);
+ }
String emailAddress = getAttribute(jsonWebToken, EMAIL_ATTRIBUTE);
if (emailAddress == null) {
throw new UAAClientException(
@@ -392,6 +401,16 @@
return accessToken;
}
+ private boolean equalsAdjustCase(String left, String right) {
+ return userNameToLowerCase
+ ? lowercase(left).equals(lowercase(right))
+ : left.equals(right);
+ }
+
+ private static String lowercase(String s) {
+ return s.toLowerCase(Locale.US);
+ }
+
private String decodeBase64(String s) {
return new String(Base64.decodeBase64(s), UTF_8);
}
diff --git a/src/test/java/com/googlesource/gerrit/plugins/cfoauth/UAAClientTest.java b/src/test/java/com/googlesource/gerrit/plugins/cfoauth/UAAClientTest.java
index 244286c..ab22c77 100644
--- a/src/test/java/com/googlesource/gerrit/plugins/cfoauth/UAAClientTest.java
+++ b/src/test/java/com/googlesource/gerrit/plugins/cfoauth/UAAClientTest.java
@@ -78,7 +78,8 @@
private static class UAATestClient extends UAAClient {
public UAATestClient() {
- super(UAA_SERVER_URL, CLIENT_ID, CLIENT_SECRET, true, REDIRECT_URL);
+ super(UAA_SERVER_URL, CLIENT_ID, CLIENT_SECRET, true, false,
+ REDIRECT_URL);
}
@Override