Merge branch 'stable-3.4'
* stable-3.4:
Create HTTP session only for login requests
Change-Id: I6143bccd46a0a683d5da241db3eb3d1e1f945830
diff --git a/BUILD b/BUILD
index 3454255..a13b9ed 100644
--- a/BUILD
+++ b/BUILD
@@ -9,6 +9,7 @@
resources = glob(["src/main/resources/**"]),
deps = [
"@commons-collections//jar",
+ "@commons-lang//jar",
"@cryptacular//jar",
"@joda-time//jar",
"@opensaml-core//jar",
diff --git a/external_plugin_deps.bzl b/external_plugin_deps.bzl
index 59f0529..16b7dad 100644
--- a/external_plugin_deps.bzl
+++ b/external_plugin_deps.bzl
@@ -15,6 +15,12 @@
)
maven_jar(
+ name = "commons-lang",
+ artifact = "commons-lang:commons-lang:2.6",
+ sha1 = "0ce1edb914c94ebc388f086c6827e8bdeec71ac2",
+ )
+
+ maven_jar(
name = "cryptacular",
artifact = "org.cryptacular:cryptacular:1.2.1",
sha1 = "c470bac7309ac04b0b9529bd7dcb1e0b75954f11",
diff --git a/src/main/java/com/googlesource/gerrit/plugins/saml/SamlMembership.java b/src/main/java/com/googlesource/gerrit/plugins/saml/SamlMembership.java
index 06940dc..7b91f1e 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/saml/SamlMembership.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/saml/SamlMembership.java
@@ -24,9 +24,9 @@
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.ServerInitiated;
import com.google.gerrit.server.account.*;
+import com.google.gerrit.server.group.db.GroupDelta;
import com.google.gerrit.server.group.db.GroupsUpdate;
import com.google.gerrit.server.group.db.InternalGroupCreation;
-import com.google.gerrit.server.group.db.InternalGroupUpdate;
import com.google.gerrit.server.notedb.Sequences;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -56,6 +56,7 @@
private final IdentifiedUser.GenericFactory userFactory;
private final Provider<GroupsUpdate> groupsUpdateProvider;
private final Sequences sequences;
+ private final AuthRequest.Factory authRequestFactory;
@Inject
SamlMembership(
@@ -65,7 +66,8 @@
GroupCache groupCache,
IdentifiedUser.GenericFactory userFactory,
@ServerInitiated Provider<GroupsUpdate> groupsUpdateProvider,
- Sequences sequences) {
+ Sequences sequences,
+ AuthRequest.Factory authRequestFactory) {
this.memberAttr = samlConfig.getMemberOfAttr();
this.serverIdent = serverIdent;
this.accountManager = accountManager;
@@ -73,6 +75,7 @@
this.userFactory = userFactory;
this.groupsUpdateProvider = groupsUpdateProvider;
this.sequences = sequences;
+ this.authRequestFactory = authRequestFactory;
}
/**
@@ -84,7 +87,8 @@
public void sync(AuthenticatedUser user, SAML2Profile profile) throws IOException {
Set<AccountGroup.UUID> samlMembership =
Optional.ofNullable((List<?>) profile.getAttribute(memberAttr, List.class))
- .orElse(Collections.emptyList()).stream()
+ .orElse(Collections.emptyList())
+ .stream()
.map(m -> getOrCreateGroup(m.toString()))
.filter(Optional::isPresent)
.map(Optional::get)
@@ -130,9 +134,8 @@
}
private void updateMembers(
- AccountGroup.UUID group, InternalGroupUpdate.MemberModification memberModification) {
- InternalGroupUpdate update =
- InternalGroupUpdate.builder().setMemberModification(memberModification).build();
+ AccountGroup.UUID group, GroupDelta.MemberModification memberModification) {
+ GroupDelta update = GroupDelta.builder().setMemberModification(memberModification).build();
try {
groupsUpdateProvider.get().updateGroup(group, update);
} catch (Exception e) {
@@ -156,8 +159,8 @@
.setNameKey(name)
.setId(groupId)
.build();
- InternalGroupUpdate.Builder groupUpdateBuilder =
- InternalGroupUpdate.builder()
+ GroupDelta.Builder groupUpdateBuilder =
+ GroupDelta.builder()
.setVisibleToAll(false)
.setDescription(samlGroup + " (imported by the SAML plugin)");
return groupsUpdateProvider.get().createGroup(groupCreation, groupUpdateBuilder.build());
@@ -174,7 +177,7 @@
}
private Account.Id getOrCreateAccountId(AuthenticatedUser user) throws IOException {
- AuthRequest authRequest = AuthRequest.forUser(user.getUsername());
+ AuthRequest authRequest = authRequestFactory.createForUser(user.getUsername());
authRequest.setUserName(user.getUsername());
authRequest.setEmailAddress(user.getEmail());
authRequest.setDisplayName(user.getDisplayName());
