diff options
author | Luke Granger-Brown <git@lukegb.com> | 2021-04-03T14·15+0000 |
---|---|---|
committer | lukegb <lukegb@tvl.fyi> | 2021-04-03T19·11+0000 |
commit | 81a7bd4765ac452f455ad817a08ef8f2532fe017 (patch) | |
tree | 8b527d8c3e02f7decc4fc4d3da710308e0411e94 /third_party/gerrit_plugins | |
parent | ed7240ade52532048e08ff9be80b0fc99ea1e82c (diff) |
chore(3p/gerrit_plugins): init oauth r/2415
Add the OAuth gerrit plugin to our mini collection of Gerrit plugins. This includes a patch to make the plugin work correctly with CAS 6.x, which has changed the attributes into a JSON object with the attributes nested inside, instead of a JSON list. Change-Id: I4741f137cca9c8eb45b9ea660fb4cbf6962be9a4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2782 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
Diffstat (limited to 'third_party/gerrit_plugins')
-rw-r--r-- | third_party/gerrit_plugins/builder.nix | 5 | ||||
-rw-r--r-- | third_party/gerrit_plugins/oauth/cas-6x.patch | 41 | ||||
-rw-r--r-- | third_party/gerrit_plugins/oauth/default.nix | 26 |
3 files changed, 72 insertions, 0 deletions
diff --git a/third_party/gerrit_plugins/builder.nix b/third_party/gerrit_plugins/builder.nix index 7676f5020848..ff1754e088f3 100644 --- a/third_party/gerrit_plugins/builder.nix +++ b/third_party/gerrit_plugins/builder.nix @@ -7,6 +7,7 @@ overlayPluginCmd ? '' cp -R "${src}" "$out/plugins/${name}" '', + postPatch ? "", }: ((depot.third_party.gerrit.override { name = "${name}.jar"; @@ -24,5 +25,9 @@ installPhase = '' cp "bazel-bin/plugins/${name}/${name}.jar" "$out" ''; + postPatch = if super ? postPatch then '' + ${super.postPatch} + ${postPatch} + '' else postPatch; })); } diff --git a/third_party/gerrit_plugins/oauth/cas-6x.patch b/third_party/gerrit_plugins/oauth/cas-6x.patch new file mode 100644 index 000000000000..70ea0bda71a5 --- /dev/null +++ b/third_party/gerrit_plugins/oauth/cas-6x.patch @@ -0,0 +1,41 @@ +diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java +index 450549f..27310cd 100644 +--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java ++++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java +@@ -15,7 +15,7 @@ + package com.googlesource.gerrit.plugins.oauth; + + import com.github.scribejava.core.builder.api.DefaultApi20; +-import com.github.scribejava.core.extractors.OAuth2AccessTokenExtractor; ++import com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor; + import com.github.scribejava.core.extractors.TokenExtractor; + import com.github.scribejava.core.model.OAuth2AccessToken; + import com.github.scribejava.core.oauth2.bearersignature.BearerSignature; +@@ -47,6 +47,6 @@ public class CasApi extends DefaultApi20 { + + @Override + public TokenExtractor<OAuth2AccessToken> getAccessTokenExtractor() { +- return OAuth2AccessTokenExtractor.instance(); ++ return OAuth2AccessTokenJsonExtractor.instance(); + } + } +diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java +index 5f3e4a1..5594b26 100644 +--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java ++++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java +@@ -135,6 +135,15 @@ class CasOAuthService implements OAuthServiceProvider { + property = getStringElement(obj, "login"); + if (property != null) login = property; + } ++ } else if (attrListJson.isJsonObject()) { ++ JsonObject obj = attrListJson.getAsJsonObject(); ++ ++ String property = getStringElement(obj, "mail"); ++ if (property != null) email = property; ++ property = getStringElement(obj, "displayName"); ++ if (property != null) name = property; ++ property = getStringElement(obj, "uid"); ++ if (property != null) login = property; + } + + return new OAuthUserInfo( diff --git a/third_party/gerrit_plugins/oauth/default.nix b/third_party/gerrit_plugins/oauth/default.nix new file mode 100644 index 000000000000..68434a902ebe --- /dev/null +++ b/third_party/gerrit_plugins/oauth/default.nix @@ -0,0 +1,26 @@ +{ depot, pkgs, ... }@args: + +let + inherit (import ../builder.nix args) buildGerritBazelPlugin; +in buildGerritBazelPlugin rec { + name = "oauth"; + depsOutputHash = "sha256:0g0cga9s1bmzvii8nh372kdaxypc1rj0hlyhralwiyh67r4zlv2c"; + src = pkgs.fetchgit { + url = "https://gerrit.googlesource.com/plugins/oauth"; + rev = "4aa7322db5ec221b2419e12a9ec7af5b8c66659c"; + sha256 = "1szra3pjl0axf4a7k96flpk7rhfvp37rdxay4gbglh939gzbba88"; + }; + overlayPluginCmd = '' + chmod +w "$out" "$out/plugins/external_plugin_deps.bzl" + cp -R "${src}" "$out/plugins/${name}" + cp "${src}/external_plugin_deps.bzl" "$out/plugins/external_plugin_deps.bzl" + ''; + + # The code in the OAuth repo expects CAS to return oauth2 access tokens as urlencoded. + # Our version of CAS returns them as JSON instead. + postPatch = '' + pushd plugins/oauth + patch -p1 <${./cas-6x.patch} + popd + ''; +} |