Fix capability of serviceuser owners to delete auth tokens
Change-Id: I8d17ec694fca8dcd24b0a3087f85a5b3aae01ce9
diff --git a/src/main/java/com/googlesource/gerrit/plugins/serviceuser/DeleteToken.java b/src/main/java/com/googlesource/gerrit/plugins/serviceuser/DeleteToken.java
index 8662fa3..89a4df7 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/serviceuser/DeleteToken.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/serviceuser/DeleteToken.java
@@ -21,6 +21,7 @@
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.account.AuthTokenAccessor;
import com.google.gerrit.server.account.InvalidAuthTokenException;
import com.google.gerrit.server.config.PluginConfig;
import com.google.gerrit.server.config.PluginConfigFactory;
@@ -30,14 +31,13 @@
import com.google.inject.Provider;
import com.google.inject.Singleton;
import com.googlesource.gerrit.plugins.serviceuser.email.ServiceUserOutgoingEmail;
-import com.googlesource.gerrit.plugins.serviceuser.email.ServiceUserUpdatedEmailDecorator.Operation;
import java.io.IOException;
import org.eclipse.jgit.errors.ConfigInvalidException;
@Singleton
public class DeleteToken implements RestModifyView<ServiceUserResource.Token, Input> {
private final PluginConfig config;
- private final com.google.gerrit.server.restapi.account.DeleteToken deleteToken;
+ private final AuthTokenAccessor tokenAccessor;
private final Provider<CurrentUser> self;
private final PermissionBackend permissionBackend;
private final ServiceUserOutgoingEmail.Factory outgoingEmailFactory;
@@ -46,12 +46,12 @@
DeleteToken(
@PluginName String pluginName,
PluginConfigFactory pluginConfigFactory,
- com.google.gerrit.server.restapi.account.DeleteToken deleteToken,
+ AuthTokenAccessor tokenAccessor,
Provider<CurrentUser> self,
PermissionBackend permissionBackend,
ServiceUserOutgoingEmail.Factory outgoingEmailFactory) {
this.config = pluginConfigFactory.getFromGerritConfig(pluginName);
- this.deleteToken = deleteToken;
+ this.tokenAccessor = tokenAccessor;
this.self = self;
this.permissionBackend = permissionBackend;
this.outgoingEmailFactory = outgoingEmailFactory;
@@ -69,10 +69,7 @@
permissionBackend.user(self.get()).check(ADMINISTRATE_SERVER);
}
- Response<String> resp = deleteToken.apply(rsrc.getUser(), rsrc.getToken().id(), false);
- if (resp.statusCode() == Response.none().statusCode()) {
- outgoingEmailFactory.create(rsrc, Operation.DELETE_TOKEN).send();
- }
- return resp;
+ tokenAccessor.deleteToken(rsrc.getUser().getAccountId(), rsrc.getToken().id());
+ return Response.none();
}
}
diff --git a/src/test/java/com/googlesource/gerrit/plugins/serviceuser/DeleteTokenIT.java b/src/test/java/com/googlesource/gerrit/plugins/serviceuser/DeleteTokenIT.java
new file mode 100644
index 0000000..92354d5
--- /dev/null
+++ b/src/test/java/com/googlesource/gerrit/plugins/serviceuser/DeleteTokenIT.java
@@ -0,0 +1,63 @@
+// Copyright (C) 2025 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.plugins.serviceuser;
+
+import com.google.gerrit.acceptance.LightweightPluginDaemonTest;
+import com.google.gerrit.acceptance.TestPlugin;
+import com.google.gerrit.acceptance.UseSsh;
+import com.google.gerrit.acceptance.config.GerritConfig;
+import org.junit.Before;
+import org.junit.Test;
+
+@UseSsh
+@TestPlugin(
+ name = "serviceuser",
+ sysModule = "com.googlesource.gerrit.plugins.serviceuser.Module",
+ sshModule = "com.googlesource.gerrit.plugins.serviceuser.SshModule",
+ httpModule = "com.googlesource.gerrit.plugins.serviceuser.HttpModule")
+public class DeleteTokenIT extends LightweightPluginDaemonTest {
+ private static final String SERVICEUSER_NAME = "testServiceuser";
+ private static final String OWNER_GROUP_NAME = "testGroup";
+ private static final String SERVICEUSER_TOKEN_ID = "token";
+ private static final String SERVICEUSER_BASE_URL = "/config/server/serviceuser~serviceusers/";
+
+ @Before
+ public void setUp() throws Exception {
+ adminRestSession.put(SERVICEUSER_BASE_URL + SERVICEUSER_NAME).assertCreated();
+ adminRestSession.put("/groups/" + OWNER_GROUP_NAME).assertCreated();
+
+ PutOwner.Input ownerInput = new PutOwner.Input();
+ ownerInput.group = OWNER_GROUP_NAME;
+ adminRestSession
+ .put(SERVICEUSER_BASE_URL + SERVICEUSER_NAME + "/owner", ownerInput)
+ .assertCreated();
+
+ adminRestSession
+ .put(SERVICEUSER_BASE_URL + SERVICEUSER_NAME + "/tokens/" + SERVICEUSER_TOKEN_ID)
+ .assertCreated();
+ }
+
+ @Test
+ @GerritConfig(name = "plugin.serviceuser.allowHttpPassword", value = "true")
+ public void testDeleteToken() throws Exception {
+ userRestSession
+ .delete(SERVICEUSER_BASE_URL + SERVICEUSER_NAME + "/tokens/" + SERVICEUSER_TOKEN_ID)
+ .assertNotFound();
+ adminRestSession.put("/groups/" + OWNER_GROUP_NAME + "/members/" + user.id());
+ userRestSession
+ .delete(SERVICEUSER_BASE_URL + SERVICEUSER_NAME + "/tokens/" + SERVICEUSER_TOKEN_ID)
+ .assertNoContent();
+ }
+}
