Add user/password authentication for CGit client CGit client must provide user and password authentication for pull-replication fetch calls when specified in secure.config. Amend replication uri with credentials from secure.config. Bug: Issue 15629 Change-Id: Ib8a67650671997cd9044ce54e56f3f2e1b75c271
diff --git a/src/main/java/com/googlesource/gerrit/plugins/replication/pull/fetch/CGitFetch.java b/src/main/java/com/googlesource/gerrit/plugins/replication/pull/fetch/CGitFetch.java index 9f055c8..c404e30 100644 --- a/src/main/java/com/googlesource/gerrit/plugins/replication/pull/fetch/CGitFetch.java +++ b/src/main/java/com/googlesource/gerrit/plugins/replication/pull/fetch/CGitFetch.java
@@ -19,6 +19,7 @@ import com.google.common.collect.Lists; import com.google.inject.Inject; import com.google.inject.assistedinject.Assisted; +import com.googlesource.gerrit.plugins.replication.CredentialsFactory; import com.googlesource.gerrit.plugins.replication.pull.SourceConfiguration; import java.io.BufferedReader; import java.io.File; @@ -30,6 +31,8 @@ import org.eclipse.jgit.errors.TransportException; import org.eclipse.jgit.lib.RefUpdate; import org.eclipse.jgit.lib.Repository; +import org.eclipse.jgit.transport.CredentialItem; +import org.eclipse.jgit.transport.CredentialsProvider; import org.eclipse.jgit.transport.RefSpec; import org.eclipse.jgit.transport.URIish; @@ -40,17 +43,20 @@ private int timeout; @Inject - public CGitFetch(SourceConfiguration config, @Assisted URIish uri, @Assisted Repository git) { - + public CGitFetch( + SourceConfiguration config, + CredentialsFactory cpFactory, + @Assisted URIish uri, + @Assisted Repository git) { this.localProjectDirectory = git.getDirectory(); - this.uri = uri; + this.uri = appendCredentials(uri, cpFactory.create(config.getRemoteConfig().getName())); this.timeout = config.getRemoteConfig().getTimeout(); } @Override public List<RefUpdateState> fetch(List<RefSpec> refsSpec) throws IOException { List<String> refs = refsSpec.stream().map(s -> s.toString()).collect(Collectors.toList()); - List<String> command = Lists.newArrayList("git", "fetch", uri.toASCIIString()); + List<String> command = Lists.newArrayList("git", "fetch", uri.toPrivateASCIIString()); command.addAll(refs); ProcessBuilder pb = new ProcessBuilder().command(command).directory(localProjectDirectory); repLog.info("Fetch references {} from {}", refs, uri); @@ -83,6 +89,19 @@ } } + protected URIish appendCredentials(URIish uri, CredentialsProvider credentialsProvider) { + CredentialItem.Username user = new CredentialItem.Username(); + CredentialItem.Password pass = new CredentialItem.Password(); + if (credentialsProvider.supports(user, pass) + && credentialsProvider.get(uri, user, pass) + && uri.getScheme() != null + && !"ssh".equalsIgnoreCase(uri.getScheme())) { + return uri.setUser(user.getValue()).setPass(String.valueOf(pass.getValue())); + } + + return uri; + } + public boolean waitForTaskToFinish(Process process) throws InterruptedException { if (timeout == 0) { process.waitFor();
diff --git a/src/test/java/com/googlesource/gerrit/plugins/replication/pull/CGitFetchIT.java b/src/test/java/com/googlesource/gerrit/plugins/replication/pull/CGitFetchIT.java index a02f43f..406cd8c 100644 --- a/src/test/java/com/googlesource/gerrit/plugins/replication/pull/CGitFetchIT.java +++ b/src/test/java/com/googlesource/gerrit/plugins/replication/pull/CGitFetchIT.java
@@ -34,7 +34,12 @@ import com.google.gerrit.extensions.config.FactoryModule; import com.google.gerrit.server.config.SitePaths; import com.google.inject.Inject; +import com.google.inject.Scopes; import com.google.inject.assistedinject.FactoryModuleBuilder; +import com.googlesource.gerrit.plugins.replication.AutoReloadSecureCredentialsFactoryDecorator; +import com.googlesource.gerrit.plugins.replication.CredentialsFactory; +import com.googlesource.gerrit.plugins.replication.ReplicationConfig; +import com.googlesource.gerrit.plugins.replication.ReplicationFileBasedConfig; import com.googlesource.gerrit.plugins.replication.pull.fetch.BatchFetchClient; import com.googlesource.gerrit.plugins.replication.pull.fetch.CGitFetch; import com.googlesource.gerrit.plugins.replication.pull.fetch.Fetch; @@ -270,6 +275,10 @@ try { RemoteConfig remoteConfig = new RemoteConfig(cf, "test_config"); SourceConfiguration sourceConfig = new SourceConfiguration(remoteConfig, cf); + bind(ReplicationConfig.class).to(ReplicationFileBasedConfig.class); + bind(CredentialsFactory.class) + .to(AutoReloadSecureCredentialsFactoryDecorator.class) + .in(Scopes.SINGLETON); bind(SourceConfiguration.class).toInstance(sourceConfig); install(