From 19c072304541a97e5bc62b928d753f20489b9c7c Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 11 Sep 2022 17:34:47 +0100 Subject: chore(3p): gerrit: 3.4.0 -> 3.6.1 This change cannot be deployed OOTB: you must upgrade by 3.5.2+ first, and run copy-approvals. Change-Id: Ia2e49da4d801a21a3db59e2d5b054eeb46d7dc79 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6505 Tested-by: BuildkiteCI Reviewed-by: tazjin --- third_party/gerrit_plugins/oauth/cas-6x.patch | 69 --------------------------- third_party/gerrit_plugins/oauth/default.nix | 14 ++---- 2 files changed, 3 insertions(+), 80 deletions(-) delete mode 100644 third_party/gerrit_plugins/oauth/cas-6x.patch (limited to 'third_party/gerrit_plugins/oauth') diff --git a/third_party/gerrit_plugins/oauth/cas-6x.patch b/third_party/gerrit_plugins/oauth/cas-6x.patch deleted file mode 100644 index 7494298b3f26..000000000000 --- a/third_party/gerrit_plugins/oauth/cas-6x.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java -index 450549f..27310cd 100644 ---- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java -+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java -@@ -15,7 +15,7 @@ - package com.googlesource.gerrit.plugins.oauth; - - import com.github.scribejava.core.builder.api.DefaultApi20; --import com.github.scribejava.core.extractors.OAuth2AccessTokenExtractor; -+import com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor; - import com.github.scribejava.core.extractors.TokenExtractor; - import com.github.scribejava.core.model.OAuth2AccessToken; - import com.github.scribejava.core.oauth2.bearersignature.BearerSignature; -@@ -47,6 +47,6 @@ public class CasApi extends DefaultApi20 { - - @Override - public TokenExtractor getAccessTokenExtractor() { -- return OAuth2AccessTokenExtractor.instance(); -+ return OAuth2AccessTokenJsonExtractor.instance(); - } - } -diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java -index 5f3e4a1..fc5bc50 100644 ---- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java -+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java -@@ -106,36 +106,14 @@ class CasOAuthService implements OAuthServiceProvider { - throw new IOException(String.format("CAS response missing id: %s", response.getBody())); - } - -- JsonElement attrListJson = jsonObject.get("attributes"); -- if (attrListJson == null) { -- throw new IOException( -- String.format("CAS response missing attributes: %s", response.getBody())); -- } -- - String email = null, name = null, login = null; -- if (attrListJson.isJsonArray()) { -- // It is possible for CAS to be configured to not return any attributes (email, name, -- // login), -- // in which case, -- // CAS returns an empty JSON object "attributes":{}, rather than "null" or an empty JSON -- // array -- // "attributes": [] -- -- JsonArray attrJson = attrListJson.getAsJsonArray(); -- for (JsonElement elem : attrJson) { -- if (elem == null || !elem.isJsonObject()) { -- throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", elem)); -- } -- JsonObject obj = elem.getAsJsonObject(); -- -- String property = getStringElement(obj, "email"); -- if (property != null) email = property; -- property = getStringElement(obj, "name"); -- if (property != null) name = property; -- property = getStringElement(obj, "login"); -- if (property != null) login = property; -- } -- } -+ -+ String property = getStringElement(jsonObject, "mail"); -+ if (property != null) email = property; -+ property = getStringElement(jsonObject, "displayName"); -+ if (property != null) name = property; -+ property = getStringElement(jsonObject, "uid"); -+ if (property != null) login = property; - - return new OAuthUserInfo( - CAS_PROVIDER_PREFIX + id.getAsString(), diff --git a/third_party/gerrit_plugins/oauth/default.nix b/third_party/gerrit_plugins/oauth/default.nix index 01748ba84220..04d4244f4d17 100644 --- a/third_party/gerrit_plugins/oauth/default.nix +++ b/third_party/gerrit_plugins/oauth/default.nix @@ -5,23 +5,15 @@ let in buildGerritBazelPlugin rec { name = "oauth"; - depsOutputHash = "sha256:0j86amkw54y177s522hc988hqg034fsrkywbsb9a7h14zwcqbran"; + depsOutputHash = "sha256:14xw282ianq52y5cbcpxrlkfjjakcvh7igpkvs49hcgcb7v4rds8"; src = pkgs.fetchgit { url = "https://gerrit.googlesource.com/plugins/oauth"; - rev = "4aa7322db5ec221b2419e12a9ec7af5b8c66659c"; - sha256 = "1szra3pjl0axf4a7k96flpk7rhfvp37rdxay4gbglh939gzbba88"; + rev = "f9bef7476bc99f7b1dc3fe2d52ec95cd7ac571dc"; + sha256 = "08wf50bz7ash37mzlrxfy7hvmjsf6s4ncpcw5969hs9hjvjfj4dz"; }; overlayPluginCmd = '' chmod +w "$out" "$out/plugins/external_plugin_deps.bzl" cp -R "${src}" "$out/plugins/${name}" cp "${src}/external_plugin_deps.bzl" "$out/plugins/external_plugin_deps.bzl" ''; - - # The code in the OAuth repo expects CAS to return oauth2 access tokens as urlencoded. - # Our version of CAS returns them as JSON instead. - postPatch = '' - pushd plugins/oauth - patch -p1 <${./cas-6x.patch} - popd - ''; } -- cgit 1.4.1