commit 91873bd559f323da9c1cc8b950479f48818db0e0
author Luca Milanesio <luca.milanesio@gmail.com> Sun Mar 02 23:25:13 2014 +0000
committer Luca Milanesio <luca.milanesio@gmail.com> Sun Mar 23 15:13:59 2014 +0000
tree d41c525dff0cca0f61573666d06949cdc911ac10
parent 02bef2e5ef0c94c0b8d05e6a6c744ef1be1213e0

Set GitHub OAuth scope as persistent cookie

Once the GitHub OAuth scope has been chosen for login,
makes it persistent as Browser Cookie with 50 years
max age.

This allows to "remember" the desired login scope
across multiple logins to Gerrit. Scope can be changed
again specifying another "scope=X" query parameter during
login.

Change-Id: I466781c1d14a92809ac8808bee31148fe0ab47b5

github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java

diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
index ccb04b3..b10a606 100644
--- a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
@@ -27,6 +27,7 @@
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.http.HttpStatus;
+import org.joda.time.Seconds;
 import org.kohsuke.github.GHMyself;
 import org.kohsuke.github.GitHub;
 import org.slf4j.Logger;
@@ -38,9 +39,12 @@
 import com.google.inject.Singleton;
 import com.googlesource.gerrit.plugins.github.oauth.OAuthProtocol.AccessToken;
 import com.googlesource.gerrit.plugins.github.oauth.OAuthProtocol.Scope;
+import static java.util.concurrent.TimeUnit.*;
 
 public class GitHubLogin {
   private static final Logger LOG = LoggerFactory.getLogger(GitHubLogin.class);
+  private static final int YEARS = 365;
+  private static final long SCOPE_COOKIE_NEVER_EXPIRES = DAYS.toSeconds(50 * YEARS);
 
   @Singleton
   public static class Provider extends HttpSessionProvider<GitHubLogin> {
@@ -147,7 +151,7 @@
         return false;
       }
     } else {
-      this.loginScopes = getScopes(getScopesKey(request), scopes);
+      this.loginScopes = getScopes(getScopesKey(request, response), scopes);
       LOG.debug("Login-PHASE1 " + this);
       oauth.loginPhase1(request, response, loginScopes);
       return false;
@@ -175,11 +179,31 @@
         + loginScopes + "]";
   }
 
-  private String getScopesKey(HttpServletRequest request) {
+  private String getScopesKey(HttpServletRequest request, HttpServletResponse response) {
     String scopeRequested = request.getParameter("scope");
+    if(scopeRequested == null) {
+      scopeRequested = getScopesKeyFromCookie(request);
+    }
+
+    if(scopeRequested != null) {
+      Cookie scopeCookie = new Cookie("scope", scopeRequested);
+      scopeCookie.setPath("/");
+      scopeCookie.setMaxAge((int) SCOPE_COOKIE_NEVER_EXPIRES);
+      response.addCookie(scopeCookie);
+    }
+
     return Objects.firstNonNull(scopeRequested, "scopes");
   }
 
+  private String getScopesKeyFromCookie(HttpServletRequest request) {
+    for(Cookie cookie : request.getCookies()) {
+      if(cookie.getName().equalsIgnoreCase("scope")) {
+        return cookie.getValue();
+      }
+    }
+    return null;
+  }
+
   private SortedSet<Scope> getScopes(String baseScopeKey, Scope... scopes) {
     HashSet<Scope> fullScopes =
         oAuthCookie == null ? new HashSet<Scope>(