mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(3p): gerrit: 3.4.0 -> 3.6.1

Browse source 
This change cannot be deployed OOTB: you must upgrade
by 3.5.2+ first, and run copy-approvals.

Change-Id: Ia2e49da4d801a21a3db59e2d5b054eeb46d7dc79
Reviewed-on: https://cl.tvl.fyi/c/depot/+/6505
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
This commit is contained in:
Luke Granger-Brown 2022-09-11 17:34:47 +01:00 committed by lukegb
parent 43a2eaa1b6
commit 19c0723045
12 changed files with 125 additions and 282 deletions
Download patch file Download diff file Expand all files Collapse all files

69
third_party/gerrit_plugins/oauth/cas-6x.patch vendored
View file

@ -1,69 +0,0 @@
diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java
index 450549f..27310cd 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java
@@ -15,7 +15,7 @@
package com.googlesource.gerrit.plugins.oauth;
import com.github.scribejava.core.builder.api.DefaultApi20;
-import com.github.scribejava.core.extractors.OAuth2AccessTokenExtractor;
+import com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor;
import com.github.scribejava.core.extractors.TokenExtractor;
import com.github.scribejava.core.model.OAuth2AccessToken;
import com.github.scribejava.core.oauth2.bearersignature.BearerSignature;
@@ -47,6 +47,6 @@ public class CasApi extends DefaultApi20 {
@Override
public TokenExtractor<OAuth2AccessToken> getAccessTokenExtractor() {
- return OAuth2AccessTokenExtractor.instance();
+ return OAuth2AccessTokenJsonExtractor.instance();
}
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
index 5f3e4a1..fc5bc50 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
@@ -106,36 +106,14 @@ class CasOAuthService implements OAuthServiceProvider {
throw new IOException(String.format("CAS response missing id: %s", response.getBody()));
}
- JsonElement attrListJson = jsonObject.get("attributes");
- if (attrListJson == null) {
- throw new IOException(
- String.format("CAS response missing attributes: %s", response.getBody()));
- }
-
String email = null, name = null, login = null;
- if (attrListJson.isJsonArray()) {
- // It is possible for CAS to be configured to not return any attributes (email, name,
- // login),
- // in which case,
- // CAS returns an empty JSON object "attributes":{}, rather than "null" or an empty JSON
- // array
- // "attributes": []
-
- JsonArray attrJson = attrListJson.getAsJsonArray();
- for (JsonElement elem : attrJson) {
- if (elem == null || !elem.isJsonObject()) {
- throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", elem));
- }
- JsonObject obj = elem.getAsJsonObject();
-
- String property = getStringElement(obj, "email");
- if (property != null) email = property;
- property = getStringElement(obj, "name");
- if (property != null) name = property;
- property = getStringElement(obj, "login");
- if (property != null) login = property;
- }
- }
+
+ String property = getStringElement(jsonObject, "mail");
+ if (property != null) email = property;
+ property = getStringElement(jsonObject, "displayName");
+ if (property != null) name = property;
+ property = getStringElement(jsonObject, "uid");
+ if (property != null) login = property;
return new OAuthUserInfo(
CAS_PROVIDER_PREFIX + id.getAsString(),

14
third_party/gerrit_plugins/oauth/default.nix vendored
View file

@ -5,23 +5,15 @@ let
in
buildGerritBazelPlugin rec {
name = "oauth";
depsOutputHash = "sha256:0j86amkw54y177s522hc988hqg034fsrkywbsb9a7h14zwcqbran";
depsOutputHash = "sha256:14xw282ianq52y5cbcpxrlkfjjakcvh7igpkvs49hcgcb7v4rds8";
src = pkgs.fetchgit {
url = "https://gerrit.googlesource.com/plugins/oauth";
rev = "4aa7322db5ec221b2419e12a9ec7af5b8c66659c";
sha256 = "1szra3pjl0axf4a7k96flpk7rhfvp37rdxay4gbglh939gzbba88";
rev = "f9bef7476bc99f7b1dc3fe2d52ec95cd7ac571dc";
sha256 = "08wf50bz7ash37mzlrxfy7hvmjsf6s4ncpcw5969hs9hjvjfj4dz";
};
overlayPluginCmd = ''
chmod +w "$out" "$out/plugins/external_plugin_deps.bzl"
cp -R "${src}" "$out/plugins/${name}"
cp "${src}/external_plugin_deps.bzl" "$out/plugins/external_plugin_deps.bzl"
'';
# The code in the OAuth repo expects CAS to return oauth2 access tokens as urlencoded.
# Our version of CAS returns them as JSON instead.
postPatch = ''
pushd plugins/oauth
patch -p1 <${./cas-6x.patch}
popd
'';
}