Merge branch 'stable-3.4' into stable-3.5
* stable-3.4:
Fix update HEAD action detection from BearerAuthenticationFilter
Change-Id: I138734fae309b1f1a0af66bb165abacc1905ce2b
diff --git a/src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/BearerAuthenticationFilter.java b/src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/BearerAuthenticationFilter.java
index be71946..68dac6a 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/BearerAuthenticationFilter.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/BearerAuthenticationFilter.java
@@ -85,7 +85,7 @@
if (isBasicAuthenticationRequest(requestURI)) {
filterChain.doFilter(servletRequest, servletResponse);
- } else if (isPullReplicationApiRequest(requestURI)
+ } else if (isPullReplicationApiRequest(httpRequest.getMethod(), requestURI)
|| (isGitUploadPackRequest(httpRequest)
&& isAuthenticationHeaderWithBearerToken(authorizationHeader))) {
if (isBearerTokenAuthenticated(authorizationHeader, bearerToken))
@@ -121,14 +121,15 @@
return requestURI.startsWith("/a/");
}
- private boolean isPullReplicationApiRequest(String requestURI) {
+ private boolean isPullReplicationApiRequest(String requestMethod, String requestURI) {
return (requestURI.contains(pluginName)
&& (requestURI.endsWith(String.format("/%s~apply-object", pluginName))
|| requestURI.endsWith(String.format("/%s~apply-objects", pluginName))
|| requestURI.endsWith(String.format("/%s~fetch", pluginName))
|| requestURI.endsWith(String.format("/%s~delete-project", pluginName))
|| requestURI.contains(String.format("/%s/init-project/", pluginName))))
- || requestURI.matches(".*/projects/[^/]+/HEAD");
+ || (requestURI.matches(String.format(".*/projects/[^/]+/%s~HEAD", pluginName))
+ && "PUT".equals(requestMethod));
}
private Optional<String> extractBearerToken(String authorizationHeader) {
diff --git a/src/test/java/com/googlesource/gerrit/plugins/replication/pull/api/BearerAuthenticationFilterTest.java b/src/test/java/com/googlesource/gerrit/plugins/replication/pull/api/BearerAuthenticationFilterTest.java
index ca69f06..72aee76 100644
--- a/src/test/java/com/googlesource/gerrit/plugins/replication/pull/api/BearerAuthenticationFilterTest.java
+++ b/src/test/java/com/googlesource/gerrit/plugins/replication/pull/api/BearerAuthenticationFilterTest.java
@@ -52,6 +52,12 @@
@Mock private FilterChain filterChain;
private final String pluginName = "pull-replication";
+ private void authenticateAndFilter(String method, String uri, Optional<String> queryStringMaybe)
+ throws ServletException, IOException {
+ when(httpServletRequest.getMethod()).thenReturn(method);
+ authenticateAndFilter(uri, queryStringMaybe);
+ }
+
private void authenticateAndFilter(String uri, Optional<String> queryStringMaybe)
throws ServletException, IOException {
final String bearerToken = "some-bearer-token";
@@ -97,7 +103,8 @@
@Test
public void shouldAuthenticateWhenUpdateHead() throws ServletException, IOException {
- authenticateAndFilter("any-prefix/projects/my-project/HEAD", NO_QUERY_PARAMETERS);
+ authenticateAndFilter(
+ "PUT", "any-prefix/projects/my-project/pull-replication~HEAD", NO_QUERY_PARAMETERS);
}
@Test
