LCOV - code coverage report
Current view: top level - httpd - RunAsFilter.java (source / functions) Hit Total Coverage
Test: _coverage_report.dat Lines: 35 43 81.4 %
Date: 2022-11-19 15:00:39 Functions: 7 7 100.0 % 

          Line data    Source code
       1             : // Copyright (C) 2013 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.httpd;
      16             : 
      17             : import static com.google.gerrit.httpd.restapi.RestApiServlet.replyError;
      18             : import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
      19             : import static javax.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
      20             : 
      21             : import com.google.common.flogger.FluentLogger;
      22             : import com.google.gerrit.entities.Account;
      23             : import com.google.gerrit.extensions.registration.DynamicItem;
      24             : import com.google.gerrit.extensions.restapi.AuthException;
      25             : import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
      26             : import com.google.gerrit.server.CurrentUser;
      27             : import com.google.gerrit.server.account.AccountResolver;
      28             : import com.google.gerrit.server.config.AuthConfig;
      29             : import com.google.gerrit.server.permissions.GlobalPermission;
      30             : import com.google.gerrit.server.permissions.PermissionBackend;
      31             : import com.google.gerrit.server.permissions.PermissionBackendException;
      32             : import com.google.inject.Inject;
      33             : import com.google.inject.Singleton;
      34             : import com.google.inject.servlet.ServletModule;
      35             : import java.io.IOException;
      36             : import javax.servlet.Filter;
      37             : import javax.servlet.FilterChain;
      38             : import javax.servlet.FilterConfig;
      39             : import javax.servlet.ServletException;
      40             : import javax.servlet.ServletRequest;
      41             : import javax.servlet.ServletResponse;
      42             : import javax.servlet.http.HttpServletRequest;
      43             : import javax.servlet.http.HttpServletResponse;
      44             : import org.eclipse.jgit.errors.ConfigInvalidException;
      45             : 
      46             : /** Allows running a request as another user account. */
      47             : @Singleton
      48             : class RunAsFilter implements Filter {
      49          99 :   private static final FluentLogger logger = FluentLogger.forEnclosingClass();
      50             :   private static final String RUN_AS = "X-Gerrit-RunAs";
      51             : 
      52          99 :   static class RunAsFilterModule extends ServletModule {
      53             :     @Override
      54             :     protected void configureServlets() {
      55          99 :       filter("/*").through(RunAsFilter.class);
      56          99 :     }
      57             :   }
      58             : 
      59             :   private final boolean enabled;
      60             :   private final DynamicItem<WebSession> session;
      61             :   private final PermissionBackend permissionBackend;
      62             :   private final AccountResolver accountResolver;
      63             : 
      64             :   @Inject
      65             :   RunAsFilter(
      66             :       AuthConfig config,
      67             :       DynamicItem<WebSession> session,
      68             :       PermissionBackend permissionBackend,
      69          99 :       AccountResolver accountResolver) {
      70          99 :     this.enabled = config.isRunAsEnabled();
      71          99 :     this.session = session;
      72          99 :     this.permissionBackend = permissionBackend;
      73          99 :     this.accountResolver = accountResolver;
      74          99 :   }
      75             : 
      76             :   @Override
      77             :   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      78             :       throws IOException, ServletException {
      79          38 :     HttpServletRequest req = (HttpServletRequest) request;
      80          38 :     HttpServletResponse res = (HttpServletResponse) response;
      81             : 
      82          38 :     String runas = req.getHeader(RUN_AS);
      83          38 :     if (runas != null) {
      84           1 :       if (!enabled) {
      85           1 :         replyError(req, res, SC_FORBIDDEN, RUN_AS + " disabled by auth.enableRunAs = false", null);
      86           1 :         return;
      87             :       }
      88             : 
      89           1 :       CurrentUser self = session.get().getUser();
      90             :       try {
      91           1 :         if (!self.isIdentifiedUser()) {
      92             :           // Always disallow for anonymous users, even if permitted by the ACL,
      93             :           // because that would be crazy.
      94           1 :           throw new AuthException("denied");
      95             :         }
      96           1 :         permissionBackend.user(self).check(GlobalPermission.RUN_AS);
      97           1 :       } catch (AuthException e) {
      98           1 :         replyError(req, res, SC_FORBIDDEN, "not permitted to use " + RUN_AS, null);
      99           1 :         return;
     100           0 :       } catch (PermissionBackendException e) {
     101           0 :         logger.atWarning().withCause(e).log("cannot check runAs");
     102           0 :         replyError(req, res, SC_INTERNAL_SERVER_ERROR, RUN_AS + " unavailable", null);
     103           0 :         return;
     104           1 :       }
     105             : 
     106             :       Account.Id target;
     107             :       try {
     108           1 :         target = accountResolver.resolve(runas).asUnique().account().id();
     109           1 :       } catch (UnprocessableEntityException e) {
     110           1 :         replyError(req, res, SC_FORBIDDEN, "no account matches " + RUN_AS, null);
     111           1 :         return;
     112           0 :       } catch (IOException | ConfigInvalidException | RuntimeException e) {
     113           0 :         logger.atWarning().withCause(e).log("cannot resolve account for %s", RUN_AS);
     114           0 :         replyError(req, res, SC_INTERNAL_SERVER_ERROR, "cannot resolve " + RUN_AS, e);
     115           0 :         return;
     116           1 :       }
     117           1 :       session.get().setUserAccountId(target);
     118             :     }
     119             : 
     120          38 :     chain.doFilter(req, res);
     121          38 :   }
     122             : 
     123             :   @Override
     124          99 :   public void init(FilterConfig filterConfig) {}
     125             : 
     126             :   @Override
     127          99 :   public void destroy() {}
     128             : }

Generated by: LCOV version 1.16+git.20220603.dfeb750