about summary refs log tree commit diff
path: root/third_party/gerrit_plugins/oauth/cas-6x.patch
diff options
context:
space:
mode:
authorLuke Granger-Brown <git@lukegb.com>2021-04-12T23·30+0000
committerlukegb <lukegb@tvl.fyi>2021-04-12T23·37+0000
commitba30cd6bb2393d9b08d91b2cf49af8591d09907f (patch)
treec9e75ec5f92489c6466a55f9227bbd7936a9e114 /third_party/gerrit_plugins/oauth/cas-6x.patch
parentda5512f2e9a7d97bccbcac8b8971defa5b971b83 (diff)
fix(3p/gerrit_plugins/oauth): adapt to CAS "flat" attributes r/2499
CAS nested attributes produce a key called "attributes", which is
disliked by Grafana, because it expects any key called attributes to be
a map<string, list<string>>, whereas CAS just produces a map<string,
string>.

As part of setting up Grafana SSO we need therefore to fix Gerrit so it
can adapt to the new syntax that we're adopting.

Change-Id: Ia79dae78c0eae6e21135a06cd5850606f82bcdb8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2981
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Diffstat (limited to 'third_party/gerrit_plugins/oauth/cas-6x.patch')
-rw-r--r--third_party/gerrit_plugins/oauth/cas-6x.patch56
1 files changed, 42 insertions, 14 deletions
diff --git a/third_party/gerrit_plugins/oauth/cas-6x.patch b/third_party/gerrit_plugins/oauth/cas-6x.patch
index 70ea0bda71a5..7494298b3f26 100644
--- a/third_party/gerrit_plugins/oauth/cas-6x.patch
+++ b/third_party/gerrit_plugins/oauth/cas-6x.patch
@@ -20,22 +20,50 @@ index 450549f..27310cd 100644
    }
  }
 diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
-index 5f3e4a1..5594b26 100644
+index 5f3e4a1..fc5bc50 100644
 --- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
 +++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
-@@ -135,6 +135,15 @@ class CasOAuthService implements OAuthServiceProvider {
-           property = getStringElement(obj, "login");
-           if (property != null) login = property;
-         }
-+      } else if (attrListJson.isJsonObject()) {
-+        JsonObject obj = attrListJson.getAsJsonObject();
-+
-+        String property = getStringElement(obj, "mail");
-+        if (property != null) email = property;
-+        property = getStringElement(obj, "displayName");
-+        if (property != null) name = property;
-+        property = getStringElement(obj, "uid");
-+        if (property != null) login = property;
+@@ -106,36 +106,14 @@ class CasOAuthService implements OAuthServiceProvider {
+         throw new IOException(String.format("CAS response missing id: %s", response.getBody()));
        }
  
+-      JsonElement attrListJson = jsonObject.get("attributes");
+-      if (attrListJson == null) {
+-        throw new IOException(
+-            String.format("CAS response missing attributes: %s", response.getBody()));
+-      }
+-
+       String email = null, name = null, login = null;
+-      if (attrListJson.isJsonArray()) {
+-        // It is possible for CAS to be configured to not return any attributes (email, name,
+-        // login),
+-        // in which case,
+-        // CAS returns an empty JSON object "attributes":{}, rather than "null" or an empty JSON
+-        // array
+-        // "attributes": []
+-
+-        JsonArray attrJson = attrListJson.getAsJsonArray();
+-        for (JsonElement elem : attrJson) {
+-          if (elem == null || !elem.isJsonObject()) {
+-            throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", elem));
+-          }
+-          JsonObject obj = elem.getAsJsonObject();
+-
+-          String property = getStringElement(obj, "email");
+-          if (property != null) email = property;
+-          property = getStringElement(obj, "name");
+-          if (property != null) name = property;
+-          property = getStringElement(obj, "login");
+-          if (property != null) login = property;
+-        }
+-      }
++
++      String property = getStringElement(jsonObject, "mail");
++      if (property != null) email = property;
++      property = getStringElement(jsonObject, "displayName");
++      if (property != null) name = property;
++      property = getStringElement(jsonObject, "uid");
++      if (property != null) login = property;
+ 
        return new OAuthUserInfo(
+           CAS_PROVIDER_PREFIX + id.getAsString(),