Merge branch 'stable-2.15' into stable-2.16
* stable-2.15:
Extend ServletModule instead of HttpPluginModule
Change-Id: I87316c67513a26986c9338d0d37bd406ef5d74db
diff --git a/BUILD b/BUILD
index aac05ab..2f873b7 100644
--- a/BUILD
+++ b/BUILD
@@ -40,5 +40,6 @@
exports = PLUGIN_DEPS + PLUGIN_TEST_DEPS + [
":lfs__plugin",
"@jgit-lfs//jar",
+ "@joda-time//jar",
],
)
diff --git a/WORKSPACE b/WORKSPACE
index 1f5662a..588bdc0 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -3,7 +3,7 @@
load("//:bazlets.bzl", "load_bazlets")
load_bazlets(
- commit = "f4fcc606a6afa8ce27a013bcf62e495a5ec2505c",
+ commit = "5c1e201c6835e56a69a980c72206431e2a9d7d80",
#local_path = "/home/<user>/projects/bazlets",
)
diff --git a/external_plugin_deps.bzl b/external_plugin_deps.bzl
index aff59ef..f9c5ae7 100644
--- a/external_plugin_deps.bzl
+++ b/external_plugin_deps.bzl
@@ -1,13 +1,13 @@
load("//tools/bzl:maven_jar.bzl", "GERRIT", "MAVEN_CENTRAL", "MAVEN_LOCAL", "maven_jar")
-JGIT_VERSION = "4.9.8.201812241815-r"
+JGIT_VERSION = "5.1.3.201810200350-r"
REPO = MAVEN_CENTRAL
def external_plugin_deps():
maven_jar(
name = "jgit-http-apache",
artifact = "org.eclipse.jgit:org.eclipse.jgit.http.apache:" + JGIT_VERSION,
- sha1 = "a33c9029a6ed9b0b476d0763da38d9b4ba3a0a7a",
+ sha1 = "d98ca013eb8159b369af99e28be8b96a651c4f79",
repository = REPO,
unsign = True,
exclude = [
@@ -19,7 +19,7 @@
maven_jar(
name = "jgit-lfs",
artifact = "org.eclipse.jgit:org.eclipse.jgit.lfs:" + JGIT_VERSION,
- sha1 = "081d5d72d927fa5897ae0bbba72fa7522d502130",
+ sha1 = "9fa727360ff65f0443684a78dfc3a099da70a4f2",
repository = REPO,
unsign = True,
exclude = [
@@ -31,7 +31,7 @@
maven_jar(
name = "jgit-lfs-server",
artifact = "org.eclipse.jgit:org.eclipse.jgit.lfs.server:" + JGIT_VERSION,
- sha1 = "d12cdeb61eff7f7ce43de403fadc8a378f7d4726",
+ sha1 = "8655240c3cf005ff22b7da95c2f1f1b23dc746c5",
repository = REPO,
unsign = True,
exclude = [
@@ -39,3 +39,9 @@
"plugin.properties",
],
)
+
+ maven_jar(
+ name = "joda-time",
+ artifact = "joda-time:joda-time:2.9.9",
+ sha1 = "f7b520c458572890807d143670c9b24f4de90897",
+ )
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
index d5eeddc..bbdfe4f 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
@@ -19,15 +19,13 @@
import static com.google.gerrit.extensions.client.ProjectState.HIDDEN;
import static com.google.gerrit.extensions.client.ProjectState.READ_ONLY;
import static com.google.gerrit.server.permissions.ProjectPermission.ACCESS;
+import static com.google.gerrit.server.permissions.ProjectPermission.PUSH_AT_LEAST_ONE_REF;
-import com.google.common.base.Strings;
import com.google.gerrit.common.ProjectUtil;
-import com.google.gerrit.common.data.Capable;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectCache;
-import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -125,17 +123,17 @@
private void authorizeUser(CurrentUser user, ProjectState state, LfsRequest request)
throws LfsUnauthorized {
- ProjectControl control = state.controlFor(user);
+ Project.NameKey projectName = state.getNameKey();
if ((request.isDownload()
+ && !permissionBackend.user(user).project(projectName).testOrFalse(ACCESS))
+ || (request.isUpload()
&& !permissionBackend
.user(user)
- .project(state.getProject().getNameKey())
- .testOrFalse(ACCESS))
- || (request.isUpload() && Capable.OK != control.canPushToAtLeastOneRef())) {
+ .project(projectName)
+ .testOrFalse(PUSH_AT_LEAST_ONE_REF))) {
String op = request.getOperation().toLowerCase();
String project = state.getProject().getName();
- String userName =
- Strings.isNullOrEmpty(user.getUserName()) ? "anonymous" : user.getUserName();
+ String userName = user.getUserName().orElse("anonymous");
log.debug("operation {} unauthorized for user {} on project {}", op, userName, project);
throw new LfsUnauthorized(op, project);
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsAuthToken.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsAuthToken.java
index 909d295..a603705 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsAuthToken.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsAuthToken.java
@@ -23,7 +23,6 @@
public abstract class LfsAuthToken {
public abstract static class Processor<T extends LfsAuthToken> {
private static final char DELIMETER = '~';
-
protected final LfsCipher cipher;
protected Processor(LfsCipher cipher) {
@@ -39,7 +38,6 @@
if (!decrypted.isPresent()) {
return Optional.empty();
}
-
return createToken(Splitter.on(DELIMETER).splitToList(decrypted.get()));
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsAuthUserProvider.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsAuthUserProvider.java
index f7d3078..fdb89b5 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsAuthUserProvider.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsAuthUserProvider.java
@@ -55,9 +55,9 @@
sshAuth.getUserFromValidToken(
auth.substring(SSH_AUTH_PREFIX.length()), project, operation);
if (user.isPresent()) {
- AccountState acc = accounts.getByUsername(user.get());
- if (acc != null) {
- return userFactory.create(acc);
+ Optional<AccountState> acc = accounts.getByUsername(user.get());
+ if (acc.isPresent()) {
+ return userFactory.create(acc.get());
}
}
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsProjectsConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsProjectsConfig.java
index 390a65f..ea5e076 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsProjectsConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsProjectsConfig.java
@@ -21,7 +21,7 @@
import com.google.gerrit.extensions.annotations.PluginName;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.config.AllProjectsName;
-import com.google.gerrit.server.git.VersionedMetaData;
+import com.google.gerrit.server.git.meta.VersionedMetaData;
import com.google.gerrit.server.project.ProjectCache;
import java.io.IOException;
import java.util.ArrayList;
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsSshRequestAuthorizer.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsSshRequestAuthorizer.java
index 12c5552..6397e7a 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsSshRequestAuthorizer.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsSshRequestAuthorizer.java
@@ -35,7 +35,6 @@
private static final Logger log = LoggerFactory.getLogger(LfsSshRequestAuthorizer.class);
private static final int DEFAULT_SSH_TIMEOUT = 10;
static final String SSH_AUTH_PREFIX = "Ssh: ";
-
private final Processor processor;
private final Long expiresIn;
@@ -59,7 +58,7 @@
SshAuthInfo generateAuthInfo(CurrentUser user, String project, String operation) {
LfsSshAuthToken token =
- new LfsSshAuthToken(user.getUserName(), project, operation, Instant.now(), expiresIn);
+ new LfsSshAuthToken(user.getUserName().get(), project, operation, Instant.now(), expiresIn);
return new SshAuthInfo(processor.serialize(token), token.issued, token.expiresIn);
}
@@ -68,13 +67,11 @@
if (!token.isPresent()) {
return Optional.empty();
}
-
Verifier verifier = new Verifier(token.get(), project, operation);
if (!verifier.verify()) {
log.error("Invalid data was provided with auth token {}.", authToken);
return Optional.empty();
}
-
return Optional.of(token.get().user);
}
@@ -100,7 +97,6 @@
if (values.size() != 5) {
return Optional.empty();
}
-
return Optional.of(
new LfsSshAuthToken(
values.get(0),
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
index 5b0468f..7ebd1ef 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
@@ -30,7 +30,7 @@
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsName;
-import com.google.gerrit.server.git.MetaDataUpdate;
+import com.google.gerrit.server.git.meta.MetaDataUpdate;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectResource;
import com.google.inject.Inject;
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/fs/LfsFsRequestAuthorizer.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/fs/LfsFsRequestAuthorizer.java
index 7e982b5..1336884 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/fs/LfsFsRequestAuthorizer.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/fs/LfsFsRequestAuthorizer.java
@@ -47,7 +47,6 @@
if (!token.isPresent()) {
return false;
}
-
return new Verifier(token.get(), operation, id).verify();
}
@@ -72,7 +71,6 @@
if (values.size() != 4) {
return Optional.empty();
}
-
return Optional.of(
new LfsFsAuthToken(
values.get(0),
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
index 32616f6..b730624 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
@@ -23,9 +23,9 @@
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackend.ForProject;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
-import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.assistedinject.Assisted;
@@ -34,7 +34,6 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.eclipse.jgit.lfs.errors.LfsException;
-import org.eclipse.jgit.lfs.errors.LfsUnauthorized;
public class LfsGetLocksAction extends LfsLocksAction {
interface Factory extends LfsLocksAction.Factory<LfsGetLocksAction> {}
@@ -42,8 +41,6 @@
static final Pattern LFS_LOCKS_URL_PATTERN =
Pattern.compile(String.format(LFS_URL_REGEX_TEMPLATE, LFS_LOCKS_PATH_REGEX));
- private final PermissionBackend permissionBackend;
-
@Inject
LfsGetLocksAction(
PermissionBackend permissionBackend,
@@ -51,8 +48,7 @@
LfsAuthUserProvider userProvider,
LfsLocksHandler handler,
@Assisted LfsLocksContext context) {
- super(projectCache, userProvider, handler, context);
- this.permissionBackend = permissionBackend;
+ super(permissionBackend, projectCache, userProvider, handler, context);
}
@Override
@@ -66,15 +62,14 @@
}
@Override
- protected void authorizeUser(ProjectControl control) throws LfsUnauthorized {
- try {
- permissionBackend
- .user(control.getUser())
- .project(control.getProject().getNameKey())
- .check(ACCESS);
- } catch (AuthException | PermissionBackendException e) {
- throwUnauthorizedOp("list locks", control);
- }
+ protected void authorizeUser(ForProject project)
+ throws AuthException, PermissionBackendException {
+ project.check(ACCESS);
+ }
+
+ @Override
+ protected String getAction() {
+ return "list-locks";
}
@Override
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksAction.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksAction.java
index 8a13514..41bd582 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksAction.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksAction.java
@@ -21,12 +21,14 @@
import static org.apache.http.HttpStatus.SC_UNAUTHORIZED;
import static org.eclipse.jgit.util.HttpSupport.HDR_AUTHORIZATION;
-import com.google.common.base.Strings;
import com.google.gerrit.common.ProjectUtil;
+import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackend.ForProject;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
-import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
import com.googlesource.gerrit.plugins.lfs.LfsAuthUserProvider;
import com.googlesource.gerrit.plugins.lfs.locks.LfsLocksHandler.LfsLockExistsException;
@@ -50,12 +52,15 @@
protected final LfsAuthUserProvider userProvider;
protected final LfsLocksHandler handler;
protected final LfsLocksContext context;
+ protected final PermissionBackend permissionBackend;
protected LfsLocksAction(
+ PermissionBackend permissionBackend,
ProjectCache projectCache,
LfsAuthUserProvider userProvider,
LfsLocksHandler handler,
LfsLocksContext context) {
+ this.permissionBackend = permissionBackend;
this.projectCache = projectCache;
this.userProvider = userProvider;
this.handler = handler;
@@ -67,8 +72,12 @@
String name = getProjectName();
ProjectState project = getProject(name);
CurrentUser user = getUser(name);
- ProjectControl control = project.controlFor(user);
- authorizeUser(control);
+ ProjectState state = projectCache.checkedGet(project.getNameKey());
+ try {
+ authorizeUser(permissionBackend.user(user).project(state.getNameKey()));
+ } catch (AuthException | PermissionBackendException e) {
+ throwUnauthorizedOp(getAction(), project, user);
+ }
doRun(project, user);
} catch (LfsUnauthorized e) {
context.sendError(SC_UNAUTHORIZED, e.getMessage());
@@ -83,7 +92,10 @@
protected abstract String getProjectName() throws LfsException;
- protected abstract void authorizeUser(ProjectControl control) throws LfsUnauthorized;
+ protected abstract String getAction();
+
+ protected abstract void authorizeUser(ForProject project)
+ throws AuthException, PermissionBackendException;
protected abstract void doRun(ProjectState project, CurrentUser user)
throws LfsException, IOException;
@@ -102,12 +114,10 @@
context.getHeader(HDR_AUTHORIZATION), project, LFS_LOCKING_OPERATION);
}
- protected void throwUnauthorizedOp(String op, ProjectControl control) throws LfsUnauthorized {
- String project = control.getProject().getName();
- String userName =
- Strings.isNullOrEmpty(control.getUser().getUserName())
- ? "anonymous"
- : control.getUser().getUserName();
+ private void throwUnauthorizedOp(String op, ProjectState state, CurrentUser user)
+ throws LfsUnauthorized {
+ String project = state.getProject().getName();
+ String userName = user.getUserName().orElse("anonymous");
log.debug(
String.format(
"operation %s unauthorized for user %s on project %s", op, userName, project));
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksHandler.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksHandler.java
index 3692374..0885d2d 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksHandler.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksHandler.java
@@ -102,7 +102,7 @@
}
LfsLock lock = hasLock.get();
- if (lock.owner.name.equals(user.getUserName())) {
+ if (lock.owner.name.equals(user.getUserName().get())) {
locks.deleteLock(lock);
return new LfsLockResponse(lock);
} else if (input.force) {
@@ -122,7 +122,7 @@
.collect(
Collectors.groupingBy(
(in) -> {
- return in.owner.name.equals(user.getUserName());
+ return in.owner.name.equals(user.getUserName().get());
}));
return new LfsVerifyLocksResponse(groupByOurs.get(true), groupByOurs.get(false), null);
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsProjectLocks.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsProjectLocks.java
index a578736..4f612ee 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsProjectLocks.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsProjectLocks.java
@@ -50,7 +50,6 @@
.setFieldNamingPolicy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES)
.disableHtmlEscaping()
.create();
-
private final PathToLockId toLockId;
private final String project;
private final Path locksPath;
@@ -103,7 +102,9 @@
throw new LfsLockExistsException(lock);
}
- lock = new LfsLock(lockId, input.path, LfsDateTime.now(), new LfsLockOwner(user.getUserName()));
+ lock =
+ new LfsLock(
+ lockId, input.path, LfsDateTime.now(), new LfsLockOwner(user.getUserName().get()));
LockFile fileLock = new LockFile(locksPath.resolve(lockId).toFile());
try {
if (!fileLock.lock()) {
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsPutLocksAction.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsPutLocksAction.java
index ffbcc8d..39c7861 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsPutLocksAction.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsPutLocksAction.java
@@ -16,13 +16,16 @@
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_REGEX_TEMPLATE;
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_VERIFICATION_PATH;
+import static com.google.gerrit.server.permissions.ProjectPermission.PUSH_AT_LEAST_ONE_REF;
import static com.googlesource.gerrit.plugins.lfs.locks.LfsGetLocksAction.LFS_LOCKS_URL_PATTERN;
import com.google.common.base.Strings;
-import com.google.gerrit.common.data.Capable;
+import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackend.ForProject;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
-import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.assistedinject.Assisted;
@@ -31,7 +34,6 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.eclipse.jgit.lfs.errors.LfsException;
-import org.eclipse.jgit.lfs.errors.LfsUnauthorized;
public class LfsPutLocksAction extends LfsLocksAction {
interface Factory extends LfsLocksAction.Factory<LfsPutLocksAction> {}
@@ -43,11 +45,12 @@
@Inject
LfsPutLocksAction(
+ PermissionBackend permissionBackend,
ProjectCache projectCache,
LfsAuthUserProvider userProvider,
LfsLocksHandler handler,
@Assisted LfsLocksContext context) {
- super(projectCache, userProvider, handler, context);
+ super(permissionBackend, projectCache, userProvider, handler, context);
}
@Override
@@ -74,11 +77,15 @@
}
@Override
- protected void authorizeUser(ProjectControl control) throws LfsUnauthorized {
+ protected void authorizeUser(ForProject project)
+ throws AuthException, PermissionBackendException {
// all operations require push permission
- if (Capable.OK != control.canPushToAtLeastOneRef()) {
- throwUnauthorizedOp(action.getName(), control);
- }
+ project.check(PUSH_AT_LEAST_ONE_REF);
+ }
+
+ @Override
+ protected String getAction() {
+ return action.getName();
}
@Override
diff --git a/src/test/java/com/googlesource/gerrit/plugins/lfs/LfsAuthTokenTest.java b/src/test/java/com/googlesource/gerrit/plugins/lfs/LfsAuthTokenTest.java
index f41307b..5a72637 100644
--- a/src/test/java/com/googlesource/gerrit/plugins/lfs/LfsAuthTokenTest.java
+++ b/src/test/java/com/googlesource/gerrit/plugins/lfs/LfsAuthTokenTest.java
@@ -30,9 +30,7 @@
TestTokenProessor processor = new TestTokenProessor(cipher);
TestToken token = new TestToken(Instant.now(), 0L);
String serialized = processor.serialize(token);
-
assertThat(serialized).isNotEmpty();
-
Optional<TestToken> deserialized = processor.deserialize(serialized);
assertThat(deserialized.isPresent()).isTrue();
assertThat(token.issued).isEqualTo(deserialized.get().issued);