Google Git
Sign in
gerrit / plugins / cfoauth / 0cf96b75c9911038b8ad8fc9bd901bb2022dac11^! / .
commit0cf96b75c9911038b8ad8fc9bd901bb2022dac11[log] [tgz]
authorMichael Ochmann <michael.ochmann@sap.com>Mon Oct 19 16:56:45 2015 +0200
committerMichael Ochmann <michael.ochmann@sap.com>Tue Oct 20 15:16:45 2015 +0200
tree053ebeaf45ddec188c3a46bdf95a38b884208434
parentbf4142a05321352c0aa2547c5618fb45bf10f43c [diff]
Set the auth.logouturl property during init

When user signed out in the UI only the web session in Gerrit
was invalidated, but not that in UAA. Consequently when the
user clicked on "Sign In" again the UAA did not present the
login screen but directly returned a new access token. This
behavior can be prevented by configuring an explicit logout
page with the auth.logouturl in the Gerrit configuration.

This patch enhances the plugin's init step to configure the
auth.logouturl property to point to /logout.do in UAA. This
will close the UAA web session and the user can login with
different credentials again.

Change-Id: Id30b9d0d0836439040c05867a0d82e14333d8563
Signed-off-by: Michael Ochmann <michael.ochmann@sap.com>

diff --git a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/InitOAuthConfig.java b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/InitOAuthConfig.java
index f0b76fb..fa7bdfb 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/InitOAuthConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/InitOAuthConfig.java

@@ -14,8 +14,10 @@
 
 package com.googlesource.gerrit.plugins.cfoauth;
 
+import com.google.common.base.CharMatcher;
 import com.google.gerrit.extensions.annotations.PluginName;
 import com.google.gerrit.pgm.init.api.ConsoleUI;
+import com.google.gerrit.pgm.init.api.InitFlags;
 import com.google.gerrit.pgm.init.api.InitStep;
 import com.google.gerrit.pgm.init.api.Section;
 import com.google.inject.Inject;
@@ -30,13 +32,15 @@
   static final String DEFAULT_SERVER_URL = "http://localhost:8080/uaa";
   static final String DEFAULT_CLIENT_ID = "gerrit";
 
+  private final InitFlags flags;
   private final ConsoleUI ui;
   private final Section cfg;
 
   @Inject
-  InitOAuthConfig(ConsoleUI ui,
+  InitOAuthConfig(InitFlags flags, ConsoleUI ui,
       Section.Factory sections,
       @PluginName String pluginName) {
+    this.flags = flags;
     this.ui = ui;
     this.cfg = sections.get(PLUGIN_SECTION, pluginName);
   }
@@ -49,6 +53,8 @@
     cfg.passwordForKey("Client secret", CLIENT_SECRET);
     cfg.set(VERIFIY_SIGNATURES, Boolean.toString(
         ui.yesno(true, "Verify token signatures", VERIFIY_SIGNATURES)));
+    flags.cfg.setString("auth", null, "logouturl", CharMatcher.is('/')
+        .trimTrailingFrom(cfg.get(SERVER_URL)) + "/logout.do");
   }
 
   @Override