about summary refs log tree commit diff
path: root/third_party/gerrit_plugins/oauth
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/gerrit_plugins/oauth')
-rw-r--r--third_party/gerrit_plugins/oauth/cas-6x.patch69
-rw-r--r--third_party/gerrit_plugins/oauth/default.nix26
2 files changed, 95 insertions, 0 deletions
diff --git a/third_party/gerrit_plugins/oauth/cas-6x.patch b/third_party/gerrit_plugins/oauth/cas-6x.patch
new file mode 100644
index 000000000000..7494298b3f26
--- /dev/null
+++ b/third_party/gerrit_plugins/oauth/cas-6x.patch
@@ -0,0 +1,69 @@
+diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java
+index 450549f..27310cd 100644
+--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java
++++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java
+@@ -15,7 +15,7 @@
+ package com.googlesource.gerrit.plugins.oauth;
+ 
+ import com.github.scribejava.core.builder.api.DefaultApi20;
+-import com.github.scribejava.core.extractors.OAuth2AccessTokenExtractor;
++import com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor;
+ import com.github.scribejava.core.extractors.TokenExtractor;
+ import com.github.scribejava.core.model.OAuth2AccessToken;
+ import com.github.scribejava.core.oauth2.bearersignature.BearerSignature;
+@@ -47,6 +47,6 @@ public class CasApi extends DefaultApi20 {
+ 
+   @Override
+   public TokenExtractor<OAuth2AccessToken> getAccessTokenExtractor() {
+-    return OAuth2AccessTokenExtractor.instance();
++    return OAuth2AccessTokenJsonExtractor.instance();
+   }
+ }
+diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
+index 5f3e4a1..fc5bc50 100644
+--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
++++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
+@@ -106,36 +106,14 @@ class CasOAuthService implements OAuthServiceProvider {
+         throw new IOException(String.format("CAS response missing id: %s", response.getBody()));
+       }
+ 
+-      JsonElement attrListJson = jsonObject.get("attributes");
+-      if (attrListJson == null) {
+-        throw new IOException(
+-            String.format("CAS response missing attributes: %s", response.getBody()));
+-      }
+-
+       String email = null, name = null, login = null;
+-      if (attrListJson.isJsonArray()) {
+-        // It is possible for CAS to be configured to not return any attributes (email, name,
+-        // login),
+-        // in which case,
+-        // CAS returns an empty JSON object "attributes":{}, rather than "null" or an empty JSON
+-        // array
+-        // "attributes": []
+-
+-        JsonArray attrJson = attrListJson.getAsJsonArray();
+-        for (JsonElement elem : attrJson) {
+-          if (elem == null || !elem.isJsonObject()) {
+-            throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", elem));
+-          }
+-          JsonObject obj = elem.getAsJsonObject();
+-
+-          String property = getStringElement(obj, "email");
+-          if (property != null) email = property;
+-          property = getStringElement(obj, "name");
+-          if (property != null) name = property;
+-          property = getStringElement(obj, "login");
+-          if (property != null) login = property;
+-        }
+-      }
++
++      String property = getStringElement(jsonObject, "mail");
++      if (property != null) email = property;
++      property = getStringElement(jsonObject, "displayName");
++      if (property != null) name = property;
++      property = getStringElement(jsonObject, "uid");
++      if (property != null) login = property;
+ 
+       return new OAuthUserInfo(
+           CAS_PROVIDER_PREFIX + id.getAsString(),
diff --git a/third_party/gerrit_plugins/oauth/default.nix b/third_party/gerrit_plugins/oauth/default.nix
new file mode 100644
index 000000000000..2298c0b39d93
--- /dev/null
+++ b/third_party/gerrit_plugins/oauth/default.nix
@@ -0,0 +1,26 @@
+{ depot, pkgs, ... }@args:
+
+let
+  inherit (import ../builder.nix args) buildGerritBazelPlugin;
+in buildGerritBazelPlugin rec {
+  name = "oauth";
+  depsOutputHash = "sha256:0ww88msym6zr5z86k5az1kmw3hv8d9giniwkii4lwnzf3kc5qnrx";
+  src = pkgs.fetchgit {
+    url = "https://gerrit.googlesource.com/plugins/oauth";
+    rev = "4aa7322db5ec221b2419e12a9ec7af5b8c66659c";
+    sha256 = "1szra3pjl0axf4a7k96flpk7rhfvp37rdxay4gbglh939gzbba88";
+  };
+  overlayPluginCmd = ''
+    chmod +w "$out" "$out/plugins/external_plugin_deps.bzl"
+    cp -R "${src}" "$out/plugins/${name}"
+    cp "${src}/external_plugin_deps.bzl" "$out/plugins/external_plugin_deps.bzl"
+  '';
+
+  # The code in the OAuth repo expects CAS to return oauth2 access tokens as urlencoded.
+  # Our version of CAS returns them as JSON instead.
+  postPatch = ''
+    pushd plugins/oauth
+    patch -p1 <${./cas-6x.patch}
+    popd
+  '';
+}