All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.google.gerrit.server.restapi.account.PutUsername Maven / Gradle / Ivy

The newest version!
// Copyright (C) 2015 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.google.gerrit.server.restapi.account;

import static com.google.gerrit.server.account.externalids.ExternalId.SCHEME_USERNAME;

import com.google.common.base.Strings;
import com.google.gerrit.entities.Account;
import com.google.gerrit.exceptions.DuplicateKeyException;
import com.google.gerrit.extensions.api.accounts.UsernameInput;
import com.google.gerrit.extensions.client.AccountFieldName;
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.MethodNotAllowedException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.ServerInitiated;
import com.google.gerrit.server.account.AccountResource;
import com.google.gerrit.server.account.AccountsUpdate;
import com.google.gerrit.server.account.Realm;
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.account.externalids.ExternalIdFactory;
import com.google.gerrit.server.account.externalids.ExternalIdKeyFactory;
import com.google.gerrit.server.account.externalids.ExternalIds;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.ssh.SshKeyCache;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.Optional;
import org.eclipse.jgit.errors.ConfigInvalidException;

/**
 * REST endpoint to set the username of an account.
 *
 * 

This REST endpoint handles {@code PUT /accounts//username} requests. * *

Whether a username can be set depends on whether the used {@link Realm} supports this. * *

Once set a username cannot be changed or deleted. Changing usernames is disallowed because * they can be used in ref names that represent user-specific sandbox branches which can exist in * any repository and we have no way to find and rename those refs. */ @Singleton public class PutUsername implements RestModifyView { private final Provider self; private final PermissionBackend permissionBackend; private final ExternalIds externalIds; private final Provider accountsUpdateProvider; private final SshKeyCache sshKeyCache; private final Realm realm; private final ExternalIdFactory externalIdFactory; private final ExternalIdKeyFactory externalIdKeyFactory; @Inject PutUsername( Provider self, PermissionBackend permissionBackend, ExternalIds externalIds, @ServerInitiated Provider accountsUpdateProvider, SshKeyCache sshKeyCache, Realm realm, ExternalIdFactory externalIdFactory, ExternalIdKeyFactory externalIdKeyFactory) { this.self = self; this.permissionBackend = permissionBackend; this.externalIds = externalIds; this.accountsUpdateProvider = accountsUpdateProvider; this.sshKeyCache = sshKeyCache; this.realm = realm; this.externalIdFactory = externalIdFactory; this.externalIdKeyFactory = externalIdKeyFactory; } @Override public Response apply(AccountResource rsrc, UsernameInput input) throws RestApiException, IOException, ConfigInvalidException, PermissionBackendException { if (!self.get().hasSameAccountId(rsrc.getUser())) { permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER); } Account.Id accountId = rsrc.getUser().getAccountId(); if (!externalIds.byAccount(accountId, SCHEME_USERNAME).isEmpty()) { throw new MethodNotAllowedException("Username cannot be changed."); } if (realm.accountBelongsToRealm(externalIds.byAccount(accountId)) && !realm.allowsEdit(AccountFieldName.USER_NAME)) { throw new MethodNotAllowedException("realm does not allow editing username"); } if (input == null || Strings.isNullOrEmpty(input.username)) { throw new BadRequestException("input required"); } if (!ExternalId.isValidUsername(input.username)) { throw new UnprocessableEntityException("invalid username"); } ExternalId.Key key = externalIdKeyFactory.create(SCHEME_USERNAME, input.username); try { accountsUpdateProvider .get() .update( "Set Username via API", accountId, u -> u.addExternalId(externalIdFactory.create(key, accountId, null, null))); } catch (DuplicateKeyException dupeErr) { // If we are using this identity, don't report the exception. Optional other = externalIds.get(key); if (other.isPresent() && other.get().accountId().equals(accountId)) { return Response.ok(input.username); } // Otherwise, someone else has this identity. throw new ResourceConflictException("username already used", dupeErr); } sshKeyCache.evict(input.username); return Response.ok(input.username); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy