GitHub OAuth2 implementation as Gerrit HTTP Auth.
First integration point for allowing Gerrit to authenticate users through GitHub OAuth.
It relies on the installation of the github-oauth Java library under the $GERRIT_SITE/lib
in order filter all the HTTP requests through the GitHub OAuth 2.0 secure authentication.
In order to configure the GitHub authentication you need to:
- copy the github-oauth into $GERRIT_SITE/lib
- copy the github-plugin into $GERRIT_SITE/plugins
- run the Gerrit init steps by choosing HTTP Auth
- set the GitHub parameters during the GitHub custom init step
Change-Id: I0898994169fec0b477dc8944045ceba9526a4d9c
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d163d47
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+target
+.project
+.classpath
+.settings
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..11069ed
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,201 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/github-oauth/pom.xml b/github-oauth/pom.xml
new file mode 100644
index 0000000..b92be3e
--- /dev/null
+++ b/github-oauth/pom.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0"?>
+<!--
+Copyright (C) 2013 The Android Open Source Project
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>com.googlesource.gerrit.plugins.github</groupId>
+ <artifactId>github-parent</artifactId>
+ <version>2.8-SNAPSHOT</version>
+ </parent>
+ <artifactId>github-oauth</artifactId>
+ <name>Gerrit Code Review - GitHub OAuth login</name>
+ <url>http://maven.apache.org</url>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-shade-plugin</artifactId>
+ <version>1.6</version>
+ <configuration>
+ <promoteTransitiveDependencies>true</promoteTransitiveDependencies>
+ <artifactSet>
+ <excludes>
+ <exclude>com.google.*:*</exclude>
+ <exclude>javax.inject:*:*</exclude>
+ <exclude>aopalliance:aopalliance:*</exclude>
+ <exclude>org.slf4j:*</exclude>
+ <exclude>log4j:log4j:*</exclude>
+ <exclude>commons-lang:*:*</exclude>
+ <exclude>commons-codec:*:*</exclude>
+ <exclude>commons-io:*:*</exclude>
+ <exclude>com.google.guava:*</exclude>
+ </excludes>
+ </artifactSet>
+ </configuration>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>shade</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/AuthenticatedHttpRequest.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/AuthenticatedHttpRequest.java
new file mode 100644
index 0000000..ccb2d5c
--- /dev/null
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/AuthenticatedHttpRequest.java
@@ -0,0 +1,81 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package com.googlesource.gerrit.plugins.github.oauth;
+
+import java.util.Enumeration;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+import com.google.common.base.Objects;
+
+public class AuthenticatedHttpRequest extends HttpServletRequestWrapper {
+ private String httpHeaderName;
+ private String httpHeaderValue;
+
+ public AuthenticatedHttpRequest(HttpServletRequest request,
+ String authHeaderName, String authHeaderValue) {
+ super(request);
+ this.httpHeaderName = authHeaderName;
+ this.httpHeaderValue = authHeaderValue;
+ }
+
+ @Override
+ public Enumeration<String> getHeaderNames() {
+
+ final Enumeration<String> wrappedHeaderNames = super.getHeaderNames();
+ return new Enumeration<String>() {
+
+ boolean lastElement;
+ boolean headerFound;
+
+ @Override
+ public boolean hasMoreElements() {
+ if (wrappedHeaderNames.hasMoreElements()) {
+ return true;
+ } else if (!lastElement && !headerFound) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ @Override
+ public String nextElement() {
+ if (wrappedHeaderNames.hasMoreElements()) {
+ String nextHeader = wrappedHeaderNames.nextElement();
+ if (nextHeader.equalsIgnoreCase(httpHeaderName)) {
+ headerFound = true;
+ }
+ return nextHeader;
+ } else if (!lastElement && !headerFound) {
+ lastElement = true;
+ return httpHeaderName;
+ } else {
+ return null;
+ }
+ }
+
+ };
+ }
+
+ @Override
+ public String getHeader(String name) {
+ if (name.equalsIgnoreCase(httpHeaderName)) {
+ return httpHeaderValue;
+ } else {
+ return super.getHeader(name);
+ }
+ }
+}
diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubHttpProvider.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubHttpProvider.java
new file mode 100644
index 0000000..d1ed048
--- /dev/null
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubHttpProvider.java
@@ -0,0 +1,31 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package com.googlesource.gerrit.plugins.github.oauth;
+
+import org.apache.http.client.HttpClient;
+import org.apache.http.impl.client.DefaultHttpClient;
+
+import com.google.inject.Provider;
+
+public class GitHubHttpProvider implements Provider<HttpClient>{
+ private static final GitHubHttpProvider singleton = new GitHubHttpProvider();
+ @Override
+ public HttpClient get() {
+ return new DefaultHttpClient();
+ }
+
+ public static Provider<HttpClient> getInstance() {
+ return singleton;
+ }
+}
diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
new file mode 100644
index 0000000..50018ea
--- /dev/null
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
@@ -0,0 +1,50 @@
+package com.googlesource.gerrit.plugins.github.oauth;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.kohsuke.github.GitHub;
+
+import com.google.inject.Inject;
+import com.google.inject.servlet.SessionScoped;
+import com.googlesource.gerrit.plugins.github.oauth.OAuthProtocol.AccessToken;
+
+@SessionScoped
+public class GitHubLogin {
+ public AccessToken token;
+ public GitHub hub;
+
+ private transient OAuthProtocol oauth;
+
+ @Inject
+ public GitHubLogin(OAuthProtocol oauth) {
+ this.oauth = oauth;
+ }
+
+ public GitHubLogin(GitHub hub, AccessToken token) {
+ this.hub = hub;
+ this.token = token;
+ }
+
+ public boolean isLoggedIn() {
+ return token != null && hub != null;
+ }
+
+ public boolean login(HttpServletRequest request, HttpServletResponse response)
+ throws IOException {
+ if (oauth.isOAuthFinal(request)) {
+ init(oauth.loginPhase2(request, response));
+ return isLoggedIn();
+ } else {
+ oauth.loginPhase1(request, response);
+ return false;
+ }
+ }
+
+ private void init(GitHubLogin initValues) {
+ this.hub = initValues.hub;
+ this.token = initValues.token;
+ }
+}
diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthConfig.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthConfig.java
new file mode 100644
index 0000000..1ddfe03
--- /dev/null
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthConfig.java
@@ -0,0 +1,72 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package com.googlesource.gerrit.plugins.github.oauth;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.eclipse.jgit.lib.Config;
+
+import com.google.common.base.Objects;
+import com.google.gerrit.reviewdb.client.AuthType;
+import com.google.gerrit.server.config.GerritServerConfig;
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+
+@Singleton
+public class OAuthConfig {
+ private static final String LOGIN_OAUTH_AUTHORIZE = "/login/oauth/authorize";
+ private static final String GITHUB_URL = "https://github.com";
+ public static final String OAUTH_FINAL = "/oauth";
+ public static final String LOGIN_OAUTH_ACCESS_TOKEN =
+ "/login/oauth/access_token";
+
+ public final String gitHubUrl;
+ public final String gitHubClientId;
+ public final String gitHubClientSecret;
+ public final String httpHeader;
+ public final String gitHubOAuthUrl;
+ public final String oAuthFinalRedirectUrl;
+ public final String gitHubOAuthAccessTokenUrl;
+ public final boolean enabled;
+
+ @Inject
+ public OAuthConfig(@GerritServerConfig Config config)
+ throws MalformedURLException {
+ httpHeader = config.getString("auth", null, "httpHeader");
+ gitHubUrl =
+ Objects.firstNonNull(config.getString("github", null, "url"),
+ GITHUB_URL);
+ gitHubClientId = config.getString("github", null, "clientId");
+ gitHubClientSecret = config.getString("github", null, "clientSecret");
+ gitHubOAuthUrl = getUrl(gitHubUrl, LOGIN_OAUTH_AUTHORIZE);
+ gitHubOAuthAccessTokenUrl = getUrl(gitHubUrl, LOGIN_OAUTH_ACCESS_TOKEN);
+ oAuthFinalRedirectUrl =
+ getUrl(config.getString("gerrit", null, "canonicalWebUrl"), OAUTH_FINAL);
+
+ enabled =
+ config.getString("auth", null, "type").equalsIgnoreCase(
+ AuthType.HTTP.toString());
+ }
+
+ public String getUrl(String baseUrl, String path)
+ throws MalformedURLException {
+ if (baseUrl.indexOf("://") > 0) {
+ return new URL(new URL(baseUrl), path).toExternalForm();
+ } else {
+ return baseUrl + (baseUrl.endsWith("/") ? "" : "/")
+ + (path.startsWith("/") ? path.substring(1) : path);
+ }
+ }
+}
diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthCookie.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthCookie.java
new file mode 100644
index 0000000..3bf35d5
--- /dev/null
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthCookie.java
@@ -0,0 +1,29 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package com.googlesource.gerrit.plugins.github.oauth;
+
+import javax.servlet.http.Cookie;
+
+public class OAuthCookie extends Cookie {
+ private static final long serialVersionUID = 2771690299147135167L;
+ public static final String OAUTH_COOKIE_NAME = "GerritOAuth";
+
+ public final String user;
+
+ OAuthCookie(String user, String cookieValue) {
+ super(OAUTH_COOKIE_NAME, cookieValue);
+
+ this.user = user;
+ }
+}
diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthCookieProvider.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthCookieProvider.java
new file mode 100644
index 0000000..2cdaab4
--- /dev/null
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthCookieProvider.java
@@ -0,0 +1,131 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package com.googlesource.gerrit.plugins.github.oauth;
+
+import java.net.URLEncoder;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.servlet.http.Cookie;
+
+import org.slf4j.Logger;
+
+public class OAuthCookieProvider {
+ private static final String UTF8 = "UTF-8";
+ private static final String ENC_ALGO_PADDING = "AES/CBC/PKCS5Padding";
+ private static final String JCE_PROVIDER = "SunJCE";
+ private static final String ENC_ALGO = "AES";
+ private static final Logger log = org.slf4j.LoggerFactory
+ .getLogger(OAuthCookieProvider.class);
+ private static final Long COOKIE_TIMEOUT = 15 * 60 * 1000L;
+ private SecretKey aesKey;
+ private byte[] IV;
+ private SecureRandom sessionRnd = new SecureRandom();
+
+
+ void init() {
+ KeyGenerator kgen;
+ try {
+ kgen = KeyGenerator.getInstance(ENC_ALGO);
+ kgen.init(128);
+ SecureRandom sr = new SecureRandom();
+ sr.setSeed(System.currentTimeMillis());
+ byte[] key = new byte[16];
+ IV = new byte[16];
+ sr.nextBytes(key);
+ sr.nextBytes(IV);
+ aesKey = kgen.generateKey();
+ sessionRnd.setSeed(System.currentTimeMillis());
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Cannot find encryption algorithm " + ENC_ALGO);
+ throw new IllegalArgumentException(e);
+ }
+ }
+
+ public OAuthCookie getFromUser(String username) {
+ try {
+ return new OAuthCookie(username, encode(username));
+ } catch (OAuthTokenException e) {
+ return null;
+ }
+ }
+
+ public OAuthCookie getFromCookie(Cookie cookie) {
+ try {
+ return new OAuthCookie(decode(cookie.getValue()), cookie.getValue());
+ } catch (OAuthTokenException e) {
+ return null;
+ }
+ }
+
+ public String encode(String user) throws OAuthTokenException {
+ try {
+ long sessionId = sessionRnd.nextLong();
+ long ts = System.currentTimeMillis();
+ String userSession =
+ String.format("%d/%d/%s", sessionId, ts,
+ URLEncoder.encode(user, UTF8));
+ byte[] plainText =
+ (userSession + "/" + userSession.hashCode()).getBytes(UTF8);
+
+ Cipher cipher = Cipher.getInstance(ENC_ALGO_PADDING, JCE_PROVIDER);
+ cipher.init(Cipher.ENCRYPT_MODE, aesKey, new IvParameterSpec(IV));
+ byte[] enc = cipher.doFinal(plainText);
+ return org.eclipse.jgit.util.Base64.encodeBytes(enc).trim();
+ } catch (Exception e) {
+ log.error("Encryption failed", e);
+ throw new OAuthTokenException("Cannot generate session token for user "
+ + user, e);
+ }
+ }
+
+ public String decode(String sessionToken) throws OAuthTokenException {
+ try {
+ byte[] enc =
+ org.eclipse.jgit.util.Base64.decode(sessionToken.trim().getBytes(),
+ 0, sessionToken.length());
+ Cipher cipher = Cipher.getInstance(ENC_ALGO_PADDING, JCE_PROVIDER);
+ cipher.init(Cipher.DECRYPT_MODE, aesKey, new IvParameterSpec(IV));
+
+ String[] clearTextParts =
+ new String(cipher.doFinal(enc), UTF8).split("/");
+
+ isValid(sessionToken, clearTextParts);
+
+ return clearTextParts[2];
+ } catch (Exception e) {
+ log.error("Decryption failed", e);
+ throw new OAuthTokenException("Invalid session token " + sessionToken, e);
+ }
+ }
+
+ private void isValid(String sessionToken, String[] clearTextParts)
+ throws OAuthTokenException {
+ int hashCode = Integer.parseInt(clearTextParts[3]);
+ if (hashCode != (clearTextParts[0] + "/" + clearTextParts[1] + "/" + clearTextParts[2])
+ .hashCode()) {
+ throw new OAuthTokenException("Invalid or forged token " + sessionToken);
+ }
+
+ long ts = Long.parseLong(clearTextParts[1]);
+ if ((System.currentTimeMillis() - ts) > COOKIE_TIMEOUT) {
+ throw new OAuthTokenException("Session token " + sessionToken
+ + " has expired");
+ }
+ }
+}
diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthFilter.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthFilter.java
new file mode 100644
index 0000000..ce2cfd5
--- /dev/null
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthFilter.java
@@ -0,0 +1,122 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package com.googlesource.gerrit.plugins.github.oauth;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Strings;
+import com.google.gerrit.httpd.WebSession;
+import com.google.gson.Gson;
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+
+public class OAuthFilter implements Filter {
+ private static final org.slf4j.Logger log = LoggerFactory
+ .getLogger(OAuthFilter.class);
+
+ private final OAuthConfig config;
+ private final OAuthCookieProvider cookieProvider;
+ private final OAuthProtocol oauth;
+
+ @Inject
+ public OAuthFilter(OAuthConfig config) {
+ this.config = config;
+ this.cookieProvider = new OAuthCookieProvider();
+ this.oauth =
+ new OAuthProtocol(config, GitHubHttpProvider.getInstance().get(),
+ new Gson());
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ cookieProvider.init();
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws IOException, ServletException {
+ if (!config.enabled) {
+ chain.doFilter(request, response);
+ return;
+ }
+
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+ HttpServletResponse httpResponse = (HttpServletResponse) response;
+ log.info("doFilter(" + httpRequest.getRequestURI() + ")");
+
+ OAuthCookie authCookie = getOAuthCookie(httpRequest);
+ String targetUrl = httpRequest.getParameter("state");
+
+ if (authCookie == null) {
+ if (oauth.isOAuthFinal(httpRequest)) {
+
+ String user =
+ oauth.loginPhase2(httpRequest, httpResponse).hub.getMyself()
+ .getLogin();
+
+ if (user != null) {
+ httpResponse.addCookie(cookieProvider.getFromUser(user));
+ httpResponse.sendRedirect(targetUrl);
+ return;
+ } else {
+ httpResponse.sendError(HttpURLConnection.HTTP_UNAUTHORIZED,
+ "Login failed");
+ }
+ } else {
+ oauth.loginPhase1(httpRequest, httpResponse);
+ }
+ return;
+ } else {
+ HttpServletRequest wrappedRequest =
+ new AuthenticatedHttpRequest(httpRequest, config.httpHeader,
+ authCookie.user);
+
+ if (targetUrl != null && oauth.isOAuthFinal(httpRequest)) {
+ httpResponse.sendRedirect(config.getUrl(targetUrl,
+ OAuthConfig.OAUTH_FINAL) + "?code=" + request.getParameter("code"));
+ return;
+ } else {
+ chain.doFilter(wrappedRequest, response);
+ }
+ }
+ }
+
+ private OAuthCookie getOAuthCookie(HttpServletRequest request) {
+ for (Cookie cookie : request.getCookies()) {
+ if (cookie.getName().equalsIgnoreCase(OAuthCookie.OAUTH_COOKIE_NAME)
+ && !Strings.isNullOrEmpty(cookie.getValue())) {
+ return cookieProvider.getFromCookie(cookie);
+ }
+ }
+ return null;
+ }
+
+ @Override
+ public void destroy() {
+ log.info("Init");
+ }
+}
diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthProtocol.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthProtocol.java
new file mode 100644
index 0000000..92562e6
--- /dev/null
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthProtocol.java
@@ -0,0 +1,114 @@
+package com.googlesource.gerrit.plugins.github.oauth;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.UnsupportedEncodingException;
+import java.net.HttpURLConnection;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.http.HttpResponse;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.message.BasicNameValuePair;
+import org.apache.http.protocol.HTTP;
+import org.kohsuke.github.GHMyself;
+import org.kohsuke.github.GitHub;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.gson.Gson;
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+
+@Singleton
+public class OAuthProtocol {
+ private static final Logger log = LoggerFactory.getLogger(OAuthProtocol.class);
+
+ private final OAuthConfig config;
+ private final HttpClient http;
+ private final Gson gson;
+
+ public static class AccessToken {
+ public String access_token;
+ public String token_type;
+ }
+
+ @Inject
+ public OAuthProtocol(OAuthConfig config, HttpClient httpClient, Gson gson) {
+ this.config = config;
+ this.http = httpClient;
+ this.gson = gson;
+ }
+
+ public void loginPhase1(HttpServletRequest request,
+ HttpServletResponse response) throws IOException {
+ response.sendRedirect(String.format(
+ "%s?client_id=%s&redirect_uri=%s&state=%s", config.gitHubOAuthUrl,
+ config.gitHubClientId, getURLEncoded(config.oAuthFinalRedirectUrl),
+ getURLEncoded(request.getRequestURI().toString())));
+ }
+
+ public boolean isOAuthFinal(HttpServletRequest request) {
+ return request.getRequestURI().endsWith(OAuthConfig.OAUTH_FINAL);
+ }
+
+ public GitHubLogin loginPhase2(HttpServletRequest request,
+ HttpServletResponse response) throws IOException {
+
+ HttpPost post = null;
+
+ post = new HttpPost(config.gitHubOAuthAccessTokenUrl);
+ post.setHeader("Accept", "application/json");
+ List<NameValuePair> nvps = new ArrayList<NameValuePair>();
+ nvps.add(new BasicNameValuePair("client_id", config.gitHubClientId));
+ nvps.add(new BasicNameValuePair("client_secret", config.gitHubClientSecret));
+ nvps.add(new BasicNameValuePair("code", request.getParameter("code")));
+ try {
+ post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
+ } catch (UnsupportedEncodingException e) {
+ // Will never happen
+ }
+
+ try {
+ HttpResponse postResponse = http.execute(post);
+ if (postResponse.getStatusLine().getStatusCode() != HttpURLConnection.HTTP_OK) {
+ log.error("POST " + config.gitHubOAuthAccessTokenUrl
+ + " request for access token failed with status "
+ + postResponse.getStatusLine());
+ response.sendError(HttpURLConnection.HTTP_UNAUTHORIZED,
+ "Request for access token not authorised");
+ postResponse.getEntity().consumeContent();
+ return null;
+ }
+
+ AccessToken token =
+ gson.fromJson(new InputStreamReader(postResponse.getEntity()
+ .getContent(), "UTF-8"), AccessToken.class);
+ GitHub github = GitHub.connectUsingOAuth(token.access_token);
+ return new GitHubLogin(github, token);
+ } catch (IOException e) {
+ log.error("POST " + config.gitHubOAuthAccessTokenUrl
+ + " request for access token failed", e);
+ response.sendError(HttpURLConnection.HTTP_UNAUTHORIZED,
+ "Request for access token not authorised");
+ return null;
+ }
+ }
+
+ private String getURLEncoded(String url) {
+ try {
+ return URLEncoder.encode(url, "UTF-8");
+ } catch (UnsupportedEncodingException e) {
+ // UTF-8 is hardcoded, cannot fail
+ return null;
+ }
+ }
+}
diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthTokenException.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthTokenException.java
new file mode 100644
index 0000000..3ee1291
--- /dev/null
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthTokenException.java
@@ -0,0 +1,27 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package com.googlesource.gerrit.plugins.github.oauth;
+
+public class OAuthTokenException extends Exception {
+ public OAuthTokenException(String message, Exception e) {
+ super(message, e);
+ }
+
+ public OAuthTokenException(String message) {
+ super(message);
+ }
+
+ private static final long serialVersionUID = -2177841968402814337L;
+
+}
diff --git a/github-plugin/.gitignore b/github-plugin/.gitignore
new file mode 100644
index 0000000..80d6257
--- /dev/null
+++ b/github-plugin/.gitignore
@@ -0,0 +1,5 @@
+/target
+/.classpath
+/.project
+/.settings/org.maven.ide.eclipse.prefs
+/.settings/org.eclipse.m2e.core.prefs
diff --git a/github-plugin/LICENSE b/github-plugin/LICENSE
new file mode 100644
index 0000000..11069ed
--- /dev/null
+++ b/github-plugin/LICENSE
@@ -0,0 +1,201 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/github-plugin/pom.xml b/github-plugin/pom.xml
new file mode 100644
index 0000000..77c706e
--- /dev/null
+++ b/github-plugin/pom.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Copyright (C) 2013 The Android Open Source Project
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>github-parent</artifactId>
+ <groupId>com.googlesource.gerrit.plugins.github</groupId>
+ <version>2.8-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>github-plugin</artifactId>
+ <packaging>jar</packaging>
+ <name>Gerrit Code Review - GitHub plugin</name>
+
+ <properties>
+ <Gerrit-ApiType>plugin</Gerrit-ApiType>
+ <Gerrit-ApiVersion>${project.version}</Gerrit-ApiVersion>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.4</version>
+ <configuration>
+ <archive>
+ <manifestEntries>
+ <Gerrit-Module>com.googlesource.gerrit.plugins.github.Module</Gerrit-Module>
+ <Gerrit-InitStep>com.googlesource.gerrit.plugins.github.InitGitHub</Gerrit-InitStep>
+
+ <Implementation-Vendor>GerritForge</Implementation-Vendor>
+ <Implementation-URL>http://www.gerritforge.com</Implementation-URL>
+
+ <Implementation-Title>${Gerrit-ApiType} ${project.artifactId}</Implementation-Title>
+ <Implementation-Version>${project.version}</Implementation-Version>
+
+ <Gerrit-ApiType>${Gerrit-ApiType}</Gerrit-ApiType>
+ <Gerrit-ApiVersion>${Gerrit-ApiVersion}</Gerrit-ApiVersion>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>2.3.2</version>
+ <configuration>
+ <source>1.6</source>
+ <target>1.6</target>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>com.google.gerrit</groupId>
+ <artifactId>gerrit-${Gerrit-ApiType}-api</artifactId>
+ <version>${Gerrit-ApiVersion}</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <repositories>
+ <repository>
+ <id>gerrit-api-repository</id>
+ <url>https://gerrit-api.commondatastorage.googleapis.com/snapshot/</url>
+ </repository>
+ </repositories>
+</project>
diff --git a/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/InitGitHub.java b/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/InitGitHub.java
new file mode 100644
index 0000000..ffc7da5
--- /dev/null
+++ b/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/InitGitHub.java
@@ -0,0 +1,55 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package com.googlesource.gerrit.plugins.github;
+
+import com.google.gerrit.pgm.init.InitStep;
+import com.google.gerrit.pgm.init.Section;
+import com.google.gerrit.pgm.util.ConsoleUI;
+import com.google.inject.Inject;
+
+public class InitGitHub implements InitStep {
+ private final ConsoleUI ui;
+ private final Section auth;
+ private final Section httpd;
+ private Section github;
+
+ @Inject
+ InitGitHub(final ConsoleUI ui, final Section.Factory sections) {
+ this.ui = ui;
+ this.github = sections.get("github", null);
+ this.httpd = sections.get("httpd", null);
+ this.auth = sections.get("auth", null);
+ }
+
+ @Override
+ public void run() throws Exception {
+ ui.header("GitHub Integration");
+
+ github.string("GitHub URL", "url", "https://github.com");
+
+ boolean gitHubAuth = ui.yesno(true, "Use GitHub for Gerrit login ?");
+ if(gitHubAuth) {
+ configureAuth();
+ }
+ }
+
+ private void configureAuth() {
+ github.string("ClientId", "clientId", null);
+ github.string("ClientSecret", "clientSecret", null);
+
+ auth.string("HTTP Authentication Header", "httpHeader", "GITHUB_USER");
+ auth.set("type", "HTTP");
+ httpd.set("filterClass", "com.googlesource.gerrit.plugins.github.oauth.OAuthFilter");
+ }
+}
diff --git a/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/Module.java b/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/Module.java
new file mode 100644
index 0000000..d608e64
--- /dev/null
+++ b/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/Module.java
@@ -0,0 +1,23 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.plugins.github;
+
+import com.google.inject.AbstractModule;
+
+class Module extends AbstractModule {
+ @Override
+ protected void configure() {
+ }
+}
diff --git a/github-plugin/src/main/resources/Documentation/config.md b/github-plugin/src/main/resources/Documentation/config.md
new file mode 100644
index 0000000..2d18944
--- /dev/null
+++ b/github-plugin/src/main/resources/Documentation/config.md
@@ -0,0 +1,36 @@
+Plugin @PLUGIN@
+===============
+
+This plugins allows to integrate Gerrit with external set of users configured
+on GitHub.
+It relies on the installation of the github-oauth Java library under the $GERRIT_SITE/lib
+in order filter all the HTTP requests through the GitHub OAuth 2.0 secure authentication.
+
+GitHub init step
+----------------
+
+This plugin provides a customized Gerrit init step for the self-configuration of
+the main GitHub and Gerrit authentication settings for allowing the github-oauth
+library to work properly.
+
+GitHub OAuth library rely on Gerrit HTTP authentication defined during the standard
+Gerrit init steps.
+See below a sample session of relevant init steps for a default
+configuration pointing to the Web GitHub instance:
+
+ *** User Authentication
+ ***
+
+ Authentication method []: HTTP
+ Get username from custom HTTP header [Y/n]? Y
+ Username HTTP header []: GITHUB_USER
+ SSO logout URL : /oauth/reset
+
+
+ *** GitHub Integration
+ ***
+
+ GitHub URL [https://github.com]:
+ Use GitHub for Gerrit login ? [Y/n]? Y
+ ClientId []: 384cbe2e8d98192f9799
+ ClientSecret []: f82c3f9b3802666f2adcc4c8cacfb164295b0a99
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..2741a35
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,299 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Copyright (C) 2013 The Android Open Source Project
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>com.googlesource.gerrit.plugins.github</groupId>
+ <artifactId>github-parent</artifactId>
+ <version>2.8-SNAPSHOT</version>
+ <name>Gerrit Code Review - GitHub integration</name>
+ <url>http://www.gerritforge.com</url>
+ <packaging>pom</packaging>
+ <licenses>
+ <license>
+ <name>Apache License, 2.0</name>
+ <comments>
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ </comments>
+ </license>
+ </licenses>
+ <modules>
+ <module>github-oauth</module>
+ <module>github-plugin</module>
+ </modules>
+ <dependencies>
+ <dependency>
+ <groupId>com.google.gerrit</groupId>
+ <artifactId>gerrit-plugin-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>javax.servlet-api</artifactId>
+ <version>3.0.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.google.inject</groupId>
+ <artifactId>guice</artifactId>
+ <version>3.0</version>
+ </dependency>
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ <version>14.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <version>1.7.5</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <version>1.7.5</version>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.17</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jenkins-ci.plugins</groupId>
+ <artifactId>github-api</artifactId>
+ <version>1.40</version>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>3.1</version>
+ <configuration>
+ <source>1.6</source>
+ <target>1.6</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ <repositories>
+ <repository>
+ <id>repo.jenkins-ci.org</id>
+ <url>http://repo.jenkins-ci.org/public/</url>
+ </repository>
+ </repositories>
+</project>