diff options
Diffstat (limited to 'third_party/gerrit_plugins/oauth')
-rw-r--r-- | third_party/gerrit_plugins/oauth/cas-6x.patch | 69 | ||||
-rw-r--r-- | third_party/gerrit_plugins/oauth/default.nix | 26 |
2 files changed, 95 insertions, 0 deletions
diff --git a/third_party/gerrit_plugins/oauth/cas-6x.patch b/third_party/gerrit_plugins/oauth/cas-6x.patch new file mode 100644 index 000000000000..7494298b3f26 --- /dev/null +++ b/third_party/gerrit_plugins/oauth/cas-6x.patch @@ -0,0 +1,69 @@ +diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java +index 450549f..27310cd 100644 +--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java ++++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java +@@ -15,7 +15,7 @@ + package com.googlesource.gerrit.plugins.oauth; + + import com.github.scribejava.core.builder.api.DefaultApi20; +-import com.github.scribejava.core.extractors.OAuth2AccessTokenExtractor; ++import com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor; + import com.github.scribejava.core.extractors.TokenExtractor; + import com.github.scribejava.core.model.OAuth2AccessToken; + import com.github.scribejava.core.oauth2.bearersignature.BearerSignature; +@@ -47,6 +47,6 @@ public class CasApi extends DefaultApi20 { + + @Override + public TokenExtractor<OAuth2AccessToken> getAccessTokenExtractor() { +- return OAuth2AccessTokenExtractor.instance(); ++ return OAuth2AccessTokenJsonExtractor.instance(); + } + } +diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java +index 5f3e4a1..fc5bc50 100644 +--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java ++++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java +@@ -106,36 +106,14 @@ class CasOAuthService implements OAuthServiceProvider { + throw new IOException(String.format("CAS response missing id: %s", response.getBody())); + } + +- JsonElement attrListJson = jsonObject.get("attributes"); +- if (attrListJson == null) { +- throw new IOException( +- String.format("CAS response missing attributes: %s", response.getBody())); +- } +- + String email = null, name = null, login = null; +- if (attrListJson.isJsonArray()) { +- // It is possible for CAS to be configured to not return any attributes (email, name, +- // login), +- // in which case, +- // CAS returns an empty JSON object "attributes":{}, rather than "null" or an empty JSON +- // array +- // "attributes": [] +- +- JsonArray attrJson = attrListJson.getAsJsonArray(); +- for (JsonElement elem : attrJson) { +- if (elem == null || !elem.isJsonObject()) { +- throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", elem)); +- } +- JsonObject obj = elem.getAsJsonObject(); +- +- String property = getStringElement(obj, "email"); +- if (property != null) email = property; +- property = getStringElement(obj, "name"); +- if (property != null) name = property; +- property = getStringElement(obj, "login"); +- if (property != null) login = property; +- } +- } ++ ++ String property = getStringElement(jsonObject, "mail"); ++ if (property != null) email = property; ++ property = getStringElement(jsonObject, "displayName"); ++ if (property != null) name = property; ++ property = getStringElement(jsonObject, "uid"); ++ if (property != null) login = property; + + return new OAuthUserInfo( + CAS_PROVIDER_PREFIX + id.getAsString(), diff --git a/third_party/gerrit_plugins/oauth/default.nix b/third_party/gerrit_plugins/oauth/default.nix new file mode 100644 index 000000000000..2298c0b39d93 --- /dev/null +++ b/third_party/gerrit_plugins/oauth/default.nix @@ -0,0 +1,26 @@ +{ depot, pkgs, ... }@args: + +let + inherit (import ../builder.nix args) buildGerritBazelPlugin; +in buildGerritBazelPlugin rec { + name = "oauth"; + depsOutputHash = "sha256:0ww88msym6zr5z86k5az1kmw3hv8d9giniwkii4lwnzf3kc5qnrx"; + src = pkgs.fetchgit { + url = "https://gerrit.googlesource.com/plugins/oauth"; + rev = "4aa7322db5ec221b2419e12a9ec7af5b8c66659c"; + sha256 = "1szra3pjl0axf4a7k96flpk7rhfvp37rdxay4gbglh939gzbba88"; + }; + overlayPluginCmd = '' + chmod +w "$out" "$out/plugins/external_plugin_deps.bzl" + cp -R "${src}" "$out/plugins/${name}" + cp "${src}/external_plugin_deps.bzl" "$out/plugins/external_plugin_deps.bzl" + ''; + + # The code in the OAuth repo expects CAS to return oauth2 access tokens as urlencoded. + # Our version of CAS returns them as JSON instead. + postPatch = '' + pushd plugins/oauth + patch -p1 <${./cas-6x.patch} + popd + ''; +} |