Merge "Check that root URL is absolute URL" into stable-2.15
diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
index 6c5977d..f360cd9 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
@@ -29,8 +29,10 @@
import com.google.gson.JsonObject;
import com.google.inject.Inject;
import com.google.inject.Provider;
+import com.google.inject.ProvisionException;
import com.google.inject.Singleton;
import java.io.IOException;
+import java.net.URI;
import javax.servlet.http.HttpServletResponse;
import org.scribe.builder.ServiceBuilder;
import org.scribe.model.OAuthRequest;
@@ -60,6 +62,9 @@
@CanonicalWebUrl Provider<String> urlProvider) {
PluginConfig cfg = cfgFactory.getFromGerritConfig(pluginName + CONFIG_SUFFIX);
rootUrl = cfg.getString(InitOAuth.ROOT_URL);
+ if (!URI.create(rootUrl).isAbsolute()) {
+ throw new ProvisionException("Root URL must be absolute URL");
+ }
String canonicalWebUrl = CharMatcher.is('/').trimTrailingFrom(urlProvider.get()) + "/";
fixLegacyUserId = cfg.getBoolean(InitOAuth.FIX_LEGACY_USER_ID, false);
service =
diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/DexOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/DexOAuthService.java
index 55f373b..c899e5e 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/DexOAuthService.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/DexOAuthService.java
@@ -30,8 +30,10 @@
import com.google.gson.JsonObject;
import com.google.inject.Inject;
import com.google.inject.Provider;
+import com.google.inject.ProvisionException;
import com.google.inject.Singleton;
import java.io.IOException;
+import java.net.URI;
import org.apache.commons.codec.binary.Base64;
import org.scribe.builder.ServiceBuilder;
import org.scribe.model.Token;
@@ -57,6 +59,9 @@
String canonicalWebUrl = CharMatcher.is('/').trimTrailingFrom(urlProvider.get()) + "/";
rootUrl = cfg.getString(InitOAuth.ROOT_URL);
+ if (!URI.create(rootUrl).isAbsolute()) {
+ throw new ProvisionException("Root URL must be absolute URL");
+ }
domain = cfg.getString(InitOAuth.DOMAIN, null);
serviceName = cfg.getString(InitOAuth.SERVICE_NAME, "Dex OAuth2");
diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/GitLabOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/GitLabOAuthService.java
index 792342e..7e67424 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/GitLabOAuthService.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/GitLabOAuthService.java
@@ -31,8 +31,10 @@
import com.google.gson.JsonObject;
import com.google.inject.Inject;
import com.google.inject.Provider;
+import com.google.inject.ProvisionException;
import com.google.inject.Singleton;
import java.io.IOException;
+import java.net.URI;
import org.scribe.builder.ServiceBuilder;
import org.scribe.model.OAuthRequest;
import org.scribe.model.Response;
@@ -59,6 +61,9 @@
PluginConfig cfg = cfgFactory.getFromGerritConfig(pluginName + CONFIG_SUFFIX);
String canonicalWebUrl = CharMatcher.is('/').trimTrailingFrom(urlProvider.get()) + "/";
rootUrl = cfg.getString(InitOAuth.ROOT_URL);
+ if (!URI.create(rootUrl).isAbsolute()) {
+ throw new ProvisionException("Root URL must be absolute URL");
+ }
service =
new ServiceBuilder()
.provider(new GitLabApi(rootUrl))
diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/InitOAuth.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/InitOAuth.java
index 842a0d7..9be38aa 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/InitOAuth.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/InitOAuth.java
@@ -18,6 +18,8 @@
import com.google.gerrit.pgm.init.api.InitStep;
import com.google.gerrit.pgm.init.api.Section;
import com.google.inject.Inject;
+import com.google.inject.ProvisionException;
+import java.net.URI;
class InitOAuth implements InitStep {
static final String PLUGIN_SECTION = "plugin";
@@ -97,7 +99,10 @@
boolean configureCasOAuthProvider = ui.yesno(true, "Use CAS OAuth provider for Gerrit login ?");
if (configureCasOAuthProvider) {
- casOAuthProviderSection.string("CAS Root URL", ROOT_URL, null);
+ String rootUrl = casOAuthProviderSection.string("CAS Root URL", ROOT_URL, null);
+ if (!URI.create(rootUrl).isAbsolute()) {
+ throw new ProvisionException("Root URL must be absolute URL");
+ }
configureOAuth(casOAuthProviderSection);
casOAuthProviderSection.string(FIX_LEGACY_USER_ID_QUESTION, FIX_LEGACY_USER_ID, "false");
}
@@ -111,20 +116,29 @@
boolean configureGitLabOAuthProvider =
ui.yesno(true, "Use GitLab OAuth provider for Gerrit login ?");
if (configureGitLabOAuthProvider) {
- gitlabOAuthProviderSection.string("GitLab Root URL", ROOT_URL, null);
+ String rootUrl = gitlabOAuthProviderSection.string("GitLab Root URL", ROOT_URL, null);
+ if (!URI.create(rootUrl).isAbsolute()) {
+ throw new ProvisionException("Root URL must be absolute URL");
+ }
configureOAuth(gitlabOAuthProviderSection);
}
boolean configureDexOAuthProvider = ui.yesno(true, "Use Dex OAuth provider for Gerrit login ?");
if (configureDexOAuthProvider) {
- dexOAuthProviderSection.string("Dex Root URL", ROOT_URL, null);
+ String rootUrl = dexOAuthProviderSection.string("Dex Root URL", ROOT_URL, null);
+ if (!URI.create(rootUrl).isAbsolute()) {
+ throw new ProvisionException("Root URL must be absolute URL");
+ }
configureOAuth(dexOAuthProviderSection);
}
boolean configureKeycloakOAuthProvider =
ui.yesno(true, "Use Keycloak OAuth provider for Gerrit login ?");
if (configureKeycloakOAuthProvider) {
- keycloakOAuthProviderSection.string("Keycloak Root URL", ROOT_URL, null);
+ String rootUrl = keycloakOAuthProviderSection.string("Keycloak Root URL", ROOT_URL, null);
+ if (!URI.create(rootUrl).isAbsolute()) {
+ throw new ProvisionException("Root URL must be absolute URL");
+ }
keycloakOAuthProviderSection.string("Keycloak Realm", REALM, null);
configureOAuth(keycloakOAuthProviderSection);
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/KeycloakOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/KeycloakOAuthService.java
index 4b47fdf..99be7ee 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/KeycloakOAuthService.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/KeycloakOAuthService.java
@@ -30,7 +30,9 @@
import com.google.gson.JsonObject;
import com.google.inject.Inject;
import com.google.inject.Provider;
+import com.google.inject.ProvisionException;
import java.io.IOException;
+import java.net.URI;
import org.apache.commons.codec.binary.Base64;
import org.scribe.builder.ServiceBuilder;
import org.scribe.model.Token;
@@ -57,6 +59,9 @@
String canonicalWebUrl = CharMatcher.is('/').trimTrailingFrom(urlProvider.get()) + "/";
String rootUrl = cfg.getString(InitOAuth.ROOT_URL);
+ if (!URI.create(rootUrl).isAbsolute()) {
+ throw new ProvisionException("Root URL must be absolute URL");
+ }
String realm = cfg.getString(InitOAuth.REALM);
serviceName = cfg.getString(InitOAuth.SERVICE_NAME, "Keycloak OAuth2");
