Adapted to Gerrit 2.6 sessionId (instead of referring to token).
Previously used session.getToken() is no more valid
on Gerrit 2.6.
Change-Id: I249efea272f09c800b71e4464ffb74a26b1fd20b
Signed-off-by: Luca Milanesio <luca.milanesio@gmail.com>
diff --git a/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritAuthFilter.java b/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritAuthFilter.java
index 81ff438..8c8da56 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritAuthFilter.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritAuthFilter.java
@@ -64,7 +64,7 @@
|| httpRequest.getHeader("Authorization") != null) {
request.setAttribute("gerrit-username", webSession.get().getCurrentUser()
.getUserName());
- request.setAttribute("gerrit-token", webSession.get().getToken());
+ request.setAttribute("gerrit-token", webSession.get().getSessionId());
return true;
} else {
httpResponse.setStatus(HttpURLConnection.HTTP_UNAUTHORIZED);
diff --git a/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritToGitBlitUserService.java b/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritToGitBlitUserService.java
index 6ae5d57..e0f3323 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritToGitBlitUserService.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritToGitBlitUserService.java
@@ -70,18 +70,18 @@
public UserModel authenticateSSO(String username, String sessionToken) {
WebSession session = webSession.get();
- if (session.getToken() == null || !session.getToken().equals(sessionToken)) {
+ if (session.getSessionId() == null || !session.getSessionId().equals(sessionToken)) {
log.warn("Invalid Gerrit session token for user '" + username + "'");
return null;
}
if (!session.isSignedIn()) {
- log.warn("Gerrit session " + session.getToken() + " is not signed-in");
+ log.warn("Gerrit session " + session.getSessionId() + " is not signed-in");
return null;
}
if (!session.getCurrentUser().getUserName().equals(username)) {
- log.warn("Gerrit session " + session.getToken()
+ log.warn("Gerrit session " + session.getSessionId()
+ " is not assigned to user " + username);
return null;
}
