diff options
| author | Luke Granger-Brown <git@lukegb.com> | 2021-04-12T23·30+0000 |
|---|---|---|
| committer | lukegb <lukegb@tvl.fyi> | 2021-04-12T23·37+0000 |
| commit | ba30cd6bb2393d9b08d91b2cf49af8591d09907f (patch) | |
| tree | c9e75ec5f92489c6466a55f9227bbd7936a9e114 | |
| parent | da5512f2e9a7d97bccbcac8b8971defa5b971b83 (diff) | |
fix(3p/gerrit_plugins/oauth): adapt to CAS "flat" attributes r/2499
CAS nested attributes produce a key called "attributes", which is disliked by Grafana, because it expects any key called attributes to be a map<string, list<string>>, whereas CAS just produces a map<string, string>. As part of setting up Grafana SSO we need therefore to fix Gerrit so it can adapt to the new syntax that we're adopting. Change-Id: Ia79dae78c0eae6e21135a06cd5850606f82bcdb8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2981 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
| -rw-r--r-- | third_party/gerrit_plugins/oauth/cas-6x.patch | 56 |
1 files changed, 42 insertions, 14 deletions
diff --git a/third_party/gerrit_plugins/oauth/cas-6x.patch b/third_party/gerrit_plugins/oauth/cas-6x.patch index 70ea0bda71..7494298b3f 100644 --- a/third_party/gerrit_plugins/oauth/cas-6x.patch +++ b/third_party/gerrit_plugins/oauth/cas-6x.patch @@ -20,22 +20,50 @@ index 450549f..27310cd 100644 } } diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java -index 5f3e4a1..5594b26 100644 +index 5f3e4a1..fc5bc50 100644 --- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java +++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java -@@ -135,6 +135,15 @@ class CasOAuthService implements OAuthServiceProvider { - property = getStringElement(obj, "login"); - if (property != null) login = property; - } -+ } else if (attrListJson.isJsonObject()) { -+ JsonObject obj = attrListJson.getAsJsonObject(); -+ -+ String property = getStringElement(obj, "mail"); -+ if (property != null) email = property; -+ property = getStringElement(obj, "displayName"); -+ if (property != null) name = property; -+ property = getStringElement(obj, "uid"); -+ if (property != null) login = property; +@@ -106,36 +106,14 @@ class CasOAuthService implements OAuthServiceProvider { + throw new IOException(String.format("CAS response missing id: %s", response.getBody())); } +- JsonElement attrListJson = jsonObject.get("attributes"); +- if (attrListJson == null) { +- throw new IOException( +- String.format("CAS response missing attributes: %s", response.getBody())); +- } +- + String email = null, name = null, login = null; +- if (attrListJson.isJsonArray()) { +- // It is possible for CAS to be configured to not return any attributes (email, name, +- // login), +- // in which case, +- // CAS returns an empty JSON object "attributes":{}, rather than "null" or an empty JSON +- // array +- // "attributes": [] +- +- JsonArray attrJson = attrListJson.getAsJsonArray(); +- for (JsonElement elem : attrJson) { +- if (elem == null || !elem.isJsonObject()) { +- throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", elem)); +- } +- JsonObject obj = elem.getAsJsonObject(); +- +- String property = getStringElement(obj, "email"); +- if (property != null) email = property; +- property = getStringElement(obj, "name"); +- if (property != null) name = property; +- property = getStringElement(obj, "login"); +- if (property != null) login = property; +- } +- } ++ ++ String property = getStringElement(jsonObject, "mail"); ++ if (property != null) email = property; ++ property = getStringElement(jsonObject, "displayName"); ++ if (property != null) name = property; ++ property = getStringElement(jsonObject, "uid"); ++ if (property != null) login = property; + return new OAuthUserInfo( + CAS_PROVIDER_PREFIX + id.getAsString(), |