)]}' { "log": [ { "commit": "8af457d3634e67e6e06ada4772c2f6fc40578692", "tree": "d0402fd3e7655b709428db219350d56e03e7e9b8", "parents": [ "0405ec0719d25ab6cfc02a825b6f0a8704b6578c" ], "author": { "name": "Thomas Draebing", "email": "thomas.draebing@sap.com", "time": "Wed Feb 06 17:39:21 2019 +0100" }, "committer": { "name": "Thomas Dräbing", "email": "thomas.draebing@sap.com", "time": "Mon Feb 11 15:22:40 2019 +0000" }, "message": "Fix conversion from AccessToken to OAuthToken\n\nThe login via UAA failed with \"Server Error\", when using the cfoauth\nplugin with Gerrit stable-2.16, because OAuthToken-constructor provided\nby the oauth extension of Gerrit does now require the \u0027secret\u0027- and the\n\u0027raw\u0027-parameter not to be null.\n\nThis change adds the raw response of the UAA server to the AccessToken\nobject, which is then handed to the OAuth extension point of Gerrit\ninstead of null.\n\nSince UAA uses OAuth 2.0, no token secret is used. Since the Gerrit\nOAuth extension point expects a token secret to be sent, an empty string\nwill be used instead. This follows the approach used by the scribe-java\nlibrary, which is used in the OAuth implementation of Gerrit and this\nplugin.\n\nChange-Id: I4e36b2a651951aff1cf08932b2902fa86905976e\n" }, { "commit": "0405ec0719d25ab6cfc02a825b6f0a8704b6578c", "tree": "9ae25b82335a2eaaf9a88b2b5127da554700153c", "parents": [ "d75fb7e45a0f0e6f422c4b6463afad98929fa0d1" ], "author": { "name": "Thomas Draebing", "email": "thomas.draebing@sap.com", "time": "Tue Feb 05 15:47:32 2019 +0100" }, "committer": { "name": "Thomas Dräbing", "email": "thomas.draebing@sap.com", "time": "Mon Feb 11 15:22:21 2019 +0000" }, "message": "Fix assembly of external id\n\nTwo tests for the master-branch of the cfoauth-plugin failed:\n\n- testParseAccessTokenResponse\n- testGetAsAccessToken\n\nBoth tests showed the same ComparisonFailure:\n\n expected:\u003cexternal[:]marissa\u003e but was:\u003cexternal[]marissa\u003e\n\nSince Commit 744d2b89 in Gerrit the scheme for external auth is defined\nwithout the trailing \u0027:\u0027. The colon however was expected by the cfoauth\nplugin, causing false assembly of the external id.\n\nThis change adds the addition of a colon, when defining the external ID\nin the plugin code.\n\nChange-Id: If3d0cc52c0e64fb2b9cf3ce0a4b0774e9533da56\n" }, { "commit": "d75fb7e45a0f0e6f422c4b6463afad98929fa0d1", "tree": "f7d04c4a1d1e8a9c8fc938bb70c977f722647954", "parents": [ "3e081d0e3009cb1030e4d98ed3349b28eaf5b071" ], "author": { "name": "Thomas Draebing", "email": "thomas.draebing@sap.com", "time": "Tue Feb 05 14:09:39 2019 +0100" }, "committer": { "name": "Thomas Dräbing", "email": "thomas.draebing@sap.com", "time": "Mon Feb 11 15:18:17 2019 +0000" }, "message": "Load TestUtils.java as a library instead of a test source file\n\nThe tests of the cfoauth-plugin failed on master branch with 3 failures.\nOne failure was caused by the TestUtils-class, which did not contain\nany method annotated with `@Test`, causing Junit to raise\n`java.lang.Exception: No runnable methods tests`.\n\nThis change creates a library containing the TestUtils-class, which is\nloaded as a test-dependency and excludes TestUtils.java from the\ntest-sources.\n\nThis fixes one of the three observed test failures. The other test\nfailures will be addressed in a dedicated change.\n\nChange-Id: I393969b46c39757d8bd4c84cda8d3b8a884b7510\n" }, { "commit": "3e081d0e3009cb1030e4d98ed3349b28eaf5b071", "tree": "9c3f80947374e6d5db3fc09631f4009162f6e040", "parents": [ "cb912f3a48d44459a6b5b961904d3a27fcc6ea7e" ], "author": { "name": "Paladox none", "email": "thomasmulhall410@yahoo.com", "time": "Sat Oct 21 12:22:14 2017 +0000" }, "committer": { "name": "Paladox none", "email": "thomasmulhall410@yahoo.com", "time": "Sat Oct 21 12:23:51 2017 +0000" }, "message": "Replace AccountExternalId with ExternalId\n\nChange-Id: Ib1361fecc4f57732ee699cccf77e9f639d6fcf13\n" }, { "commit": "cb912f3a48d44459a6b5b961904d3a27fcc6ea7e", "tree": "edc21afa56f6c8d2025b84b1cd56e5f4dbcd6908", "parents": [ "a8e61e928234ebdaa088a4364cc1de708f6b7a94" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Tue Jun 20 14:30:53 2017 +0200" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Tue Jun 20 14:30:53 2017 +0200" }, "message": "Support RS256 and HS256 algorithm aliases\n\nOlder versions of CF/XSA UAA used the identifiers\nSHA256withRSA or HMACSHA256 to specify the algorithm\n used to sign OAuth 2 access tokens they issued.\n\nNewer CF/XSA UAA versions, however, prefer the following\nidentifiers:\n\nRS256 (common alias for SHA256withRSA)\nHS256 (common alias for HMACSHA256)\n\nMost other implementations of JSON web tokens (e.g. OpenId)\nalso prefer these aliases over the more specific identifiers.\nConsequently, the cfoauth plugin should support them, too.\n\nChange-Id: Ib1786552e08be8583c5360243acd215e7193abdd\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "a8e61e928234ebdaa088a4364cc1de708f6b7a94", "tree": "021c66b6399f2d0ca5e805b79a5f19b938b8e963", "parents": [ "ae9a32ebb50f86222058fd0878b58777cc345973" ], "author": { "name": "Paladox none", "email": "thomasmulhall410@yahoo.com", "time": "Sat Feb 04 22:25:39 2017 +0000" }, "committer": { "name": "Paladox none", "email": "thomasmulhall410@yahoo.com", "time": "Thu Feb 09 11:10:01 2017 +0000" }, "message": "Add support for Bazel in Gerrit tree build\n\nChange-Id: I2f7e5e394afaffe947531e67249d4961a3e5dd11\n" }, { "commit": "ae9a32ebb50f86222058fd0878b58777cc345973", "tree": "70243f38c24199634577d0a33a2b899b9e1e56e2", "parents": [ "14ae44b0bdada4583ce5f11640cfcd8defcb1ead" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Thu Sep 15 15:30:34 2016 +0200" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Thu Sep 15 16:06:09 2016 +0200" }, "message": "Fix broken import for AuthType\n\nAuthType has been moved to package\ncom.google.gerrit.extensions.client with\nchange I94d93e7776accd08d9d307781952b899ba13cbad.\n\nChange-Id: I475943c74178b33aac2b06efe351b4db51847a3f\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "14ae44b0bdada4583ce5f11640cfcd8defcb1ead", "tree": "3a20172b3596c2a6af2dead038dd5b5a360c551c", "parents": [ "2c22d98a8e30b96fac2357fe8a2fd695983f5ed7", "d33894ec74be5adefa77de51d20497037498267c" ], "author": { "name": "Saša Živkov", "email": "zivkov@gmail.com", "time": "Tue Jun 14 14:39:47 2016 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Tue Jun 14 14:39:47 2016 +0000" }, "message": "Merge \"Deliver expiresAt and providerId for access token\"" }, { "commit": "2c22d98a8e30b96fac2357fe8a2fd695983f5ed7", "tree": "1e97ea2b671d1759b78c766f12310305e1780846", "parents": [ "438877243f6f8a0c03c54acc1ded567a897f4c3e", "ebe07c55e37f92c9df0d82f3be5ef58bfc437868" ], "author": { "name": "Saša Živkov", "email": "zivkov@gmail.com", "time": "Tue Jun 14 14:37:37 2016 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Tue Jun 14 14:37:37 2016 +0000" }, "message": "Merge \"Add redirect parameter to logout URL\"" }, { "commit": "d33894ec74be5adefa77de51d20497037498267c", "tree": "85c2e850618c238975b3f665dc70d7a3b67bda6f", "parents": [ "01b0efc98c1665594d43b37fdda1ee85117dac76" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Mon May 09 17:34:57 2016 +0200" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Tue May 10 14:48:54 2016 +0200" }, "message": "Deliver expiresAt and providerId for access token\n\nThe REST API for OAuth access tokens requires tokens to\nhave an expiration date and the identifier of the OAuth\nprovider. This patch adds the missing attributes.\n\nA constant is introduced in OAuthModule to denote the\nexport name of the provider. This constant is used\nto construct the providerId for the representation\nof access tokens in the REST API.\n\nChange-Id: I7334949ff18ede75f33eda55a7087655e7b88aa5\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "438877243f6f8a0c03c54acc1ded567a897f4c3e", "tree": "ce686a20df0d4657aee8815d3fe55182a406e392", "parents": [ "01b0efc98c1665594d43b37fdda1ee85117dac76" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Thu Jan 07 16:16:50 2016 +0100" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Mon May 09 18:03:02 2016 +0200" }, "message": "Conversion from AccessToken to OAuthUserInfo\n\nMinor refactoring extrating the common parts of\nconverting an access token to user info and\nretrieving the display name.\n\nChange-Id: Id5635601cafa6198208017620f6b47b36a90e3b6\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "ebe07c55e37f92c9df0d82f3be5ef58bfc437868", "tree": "9875c4cfeb43f4fbf083d69aefae83a9a3127837", "parents": [ "01b0efc98c1665594d43b37fdda1ee85117dac76" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Mon May 09 16:38:17 2016 +0200" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Mon May 09 16:38:17 2016 +0200" }, "message": "Add redirect parameter to logout URL\n\nThe logout page of UAA has the capability to redirect back to an\narbitrary URL [1]. Change the init step to write a logout URL\nwith a redirect parameter pointing to the canonical web URL of\nGerrit, so that a user can sign in again immediately.\n\nNote, recent versions of UAA switch off the redirect by default\nfor security reasons. Make sure to uncomment the \"logout\" section\nin the login.yml configuration file of the UAA and add the\nGerrit canonical web URL to the whitelisted redirect URLs.\n\n[1] https://github.com/cloudfoundry/uaa/blob/master/docs/login/Login-APIs.md#logout-get-logoutdo\n\nChange-Id: I0f581ff6897e77ffc5ec5677ab39a366b1685d2c\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "01b0efc98c1665594d43b37fdda1ee85117dac76", "tree": "e6f2e0817b79f119c94ee11415272d986379da78", "parents": [ "a63b47b8d811bd387ccda7edd7d1405139bd44d2", "da668db0184d503e568ddc9025e270a0f2216ed4" ], "author": { "name": "Saša Živkov", "email": "zivkov@gmail.com", "time": "Mon Feb 01 10:48:11 2016 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Mon Feb 01 10:48:11 2016 +0000" }, "message": "Merge \"Respect auth.userNameToLowerCase\"" }, { "commit": "da668db0184d503e568ddc9025e270a0f2216ed4", "tree": "41dc493d0742d8d82bddec417413d3b1a0608682", "parents": [ "d60261d09b22c5cbb02301cf56bf55a408e370f4" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Thu Jan 28 15:38:14 2016 +0100" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Fri Jan 29 14:12:32 2016 +0100" }, "message": "Respect auth.userNameToLowerCase\n\nThe CloudFoundry UAA in general is preserving the case\nof user names, if attached to another user store, e.g.\nan LDAP system or database. Therefore, the plugin should\nrespect the auth.userNameToLowerCase configuration\nparameter. If this parameter is set to true, the plugin\nwill return the username and externalId parameters in\nOAuthUserInfo in lowercase, but it will not touch the\naccess tokens since the latter have a signature.\nHowever, when comparing user names with the \"user_name\"\nor \"sub\" attributes of access tokens the correct case\nconversion will be applied.\n\nChange-Id: I9198809ab3d52d9a05ad96082cf2667981042bd9\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "a63b47b8d811bd387ccda7edd7d1405139bd44d2", "tree": "ef4980ae611f3cc534f7f17482d0767509803a1d", "parents": [ "d60261d09b22c5cbb02301cf56bf55a408e370f4" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Fri Jan 15 18:01:06 2016 +0100" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Fri Jan 15 18:04:24 2016 +0100" }, "message": "Avoid long overflow in AccessToken#isExpired()\n\nChange-Id: Ia21fe609f63f9b069dfd37e9b90e4cb59e6c4ab2\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "d60261d09b22c5cbb02301cf56bf55a408e370f4", "tree": "386d4a7978f3a05dc51af83b3a9528c812015811", "parents": [ "e6ce0b4fb0a9848c312b110974225b22d76c4b94" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Tue Oct 20 17:25:54 2015 +0200" }, "committer": { "name": "Michael Ochmann", "email": "mochmann92@gmail.com", "time": "Wed Nov 25 13:44:30 2015 +0000" }, "message": "OAuth2 support for Git-over-HTTP communication\n\nCFOAuthService now implements also the extension point\nOAuthLoginProvider. If an UAA access token is passed to the\nservice the UAA /check_token endpoint is called to verify\nthe token. If instead of an access token a password is passed\nto the service it tries to obtain a fresh access token by\nsending the user credentials to the UAA (\"Resource Owner\nPassword Credentials Grant\", see RFC6749 section 4.3).\n\nThe plugin supports both ordinary users and clients,\nwhich are some sort of technical users provided by UAA.\nBoth can obtain access tokens for communication with a\nresource server, i.e. Gerrit, but the attributes of\nthese tokens are different and must therefore be\nevaluated differently.\n\nThis patch depends on\nhttps://gerrit-review.googlesource.com/#/c/71735\n\nChange-Id: I6ba255dde92563ef6ebad9481683d89a151bea61\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "e6ce0b4fb0a9848c312b110974225b22d76c4b94", "tree": "c22a9347a7dfd9dc5d2dac4502c874e756f5109f", "parents": [ "0cf96b75c9911038b8ad8fc9bd901bb2022dac11" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Mon Oct 19 17:00:07 2015 +0200" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Tue Oct 20 15:16:45 2015 +0200" }, "message": "Skip init step if auth type is not OAUTH\n\nChange-Id: Ib78d320a3ce5257d43e1d4f3fcb7eddc10706ebb\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "0cf96b75c9911038b8ad8fc9bd901bb2022dac11", "tree": "053ebeaf45ddec188c3a46bdf95a38b884208434", "parents": [ "bf4142a05321352c0aa2547c5618fb45bf10f43c" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Mon Oct 19 16:56:45 2015 +0200" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Tue Oct 20 15:16:45 2015 +0200" }, "message": "Set the auth.logouturl property during init\n\nWhen user signed out in the UI only the web session in Gerrit\nwas invalidated, but not that in UAA. Consequently when the\nuser clicked on \"Sign In\" again the UAA did not present the\nlogin screen but directly returned a new access token. This\nbehavior can be prevented by configuring an explicit logout\npage with the auth.logouturl in the Gerrit configuration.\n\nThis patch enhances the plugin\u0027s init step to configure the\nauth.logouturl property to point to /logout.do in UAA. This\nwill close the UAA web session and the user can login with\ndifferent credentials again.\n\nChange-Id: Id30b9d0d0836439040c05867a0d82e14333d8563\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "bf4142a05321352c0aa2547c5618fb45bf10f43c", "tree": "ebcd3781b914d1f837168a79254ed961782441a2", "parents": [ "3af92fbf24c4ebba5526a922a7afaaa7120ce5b2" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Mon Oct 19 17:19:01 2015 +0200" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Tue Oct 20 15:16:45 2015 +0200" }, "message": "Extract JSON helper methods to JsonUtils\n\nChange-Id: I31d758e359d9c11ad6c84125600e661e8d869703\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "3af92fbf24c4ebba5526a922a7afaaa7120ce5b2", "tree": "a0dadc0089914bec05ebeb429faf0d7139355a23", "parents": [ "f229d7a5bfd829dc70329f11c605d5026d8c4ff6" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Mon Oct 19 17:08:10 2015 +0200" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Tue Oct 20 15:16:45 2015 +0200" }, "message": "Refactor the extraction of access tokens\n\nChange-Id: Ib7bfaac995d53cd8fe5e730f5e17abcc2c6cc20f\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "f229d7a5bfd829dc70329f11c605d5026d8c4ff6", "tree": "7696c1cb24a6b88c7089b99565a112b96c782d8b", "parents": [ "c690ad2c0a87d5bb7f726672c9014b8841981887" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Mon Oct 19 16:54:24 2015 +0200" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Tue Oct 20 15:16:45 2015 +0200" }, "message": "Protect public methods against missing parameters\n\nChange-Id: I1fec98233b9cab2248a6e6c6ba059892ff1b788f\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "c690ad2c0a87d5bb7f726672c9014b8841981887", "tree": "8f62754ec9e48f230b9a976fd5525fdb6407e9c9", "parents": [ "24f35d022533a32dc114f7f3f1e2062b239d76f2" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Mon Oct 19 16:42:09 2015 +0200" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Tue Oct 20 15:16:45 2015 +0200" }, "message": "Introduce UserInfo helper class\n\nA new helper class UserInfo is introduced that collects\ninformation about a resource or token owner.\nThe corresponding attributes have been extracted from\nthe AccessToken class and moved to UserInfo.\n\nThis patch also adds unit tests for both classes.\n\nChange-Id: Icedd68d68fb76f00749eee0d242584afb5cb1117\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "24f35d022533a32dc114f7f3f1e2062b239d76f2", "tree": "4cb8792d54d84c63d940e08aad721dbc882305af", "parents": [ "5a071f8a5e97e7be5d4fd49f9ef6c3aeac31b12c" ], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Thu Jul 30 12:26:19 2015 +0200" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Thu Jul 30 13:36:28 2015 +0200" }, "message": "Retrieve display name from UAA userinfo endpoint\n\nThe JSON Web Tokens returned by UAA contain only\nuser name and email address, but not the user\u0027s display name.\nFor that an additional request to the UAA /userinfo endpoint\nis necessary. Note that the UAA client configured for\nGerrit must have the scope \"openid\" for this to work\nas described in the configuration documentation.\n\nChange-Id: I5d1169da88cb32c8eb4133e9710df7a200d7d74a\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" }, { "commit": "5a071f8a5e97e7be5d4fd49f9ef6c3aeac31b12c", "tree": "18a2bf7eb94fdf57878980b3ed11e4835ae5b6bd", "parents": [], "author": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Mon Jul 20 11:40:23 2015 +0200" }, "committer": { "name": "Michael Ochmann", "email": "michael.ochmann@sap.com", "time": "Wed Jul 22 11:52:00 2015 +0200" }, "message": "OAuth2 Plugin for CloudFoundry UAA\n\nInitial implementation of a plugin that supports the\nCloudFoundry UAA OAuth2 server protocol (see\nhttps://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst)\n\nUAA uses so-called JSON web tokens as access tokens,\nwhich already contain the required user id and email\ninformation. This makes an additional request for the\nuser detail information obsolete. JSON web tokens\nhave a signature that is verified by the service.\nBoth HMACSHA256 and SHA256withRSA signatures are\nsupported.\n\nThe plugin has been tested with UAA 2.4.0 but should work\nalso with older UAA versions.\n\nChange-Id: I3a7c4a885b7dc7491c9092e9a340974b0a37748d\nSigned-off-by: Michael Ochmann \u003cmichael.ochmann@sap.com\u003e\n" } ] }