Line data Source code
1 : // Copyright (C) 2009 The Android Open Source Project
2 : //
3 : // Licensed under the Apache License, Version 2.0 (the "License");
4 : // you may not use this file except in compliance with the License.
5 : // You may obtain a copy of the License at
6 : //
7 : // http://www.apache.org/licenses/LICENSE-2.0
8 : //
9 : // Unless required by applicable law or agreed to in writing, software
10 : // distributed under the License is distributed on an "AS IS" BASIS,
11 : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 : // See the License for the specific language governing permissions and
13 : // limitations under the License.
14 :
15 : package com.google.gerrit.pgm.init;
16 :
17 : import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.HTTP;
18 : import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.HTTP_LDAP;
19 : import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.LDAP;
20 : import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.OAUTH;
21 : import static com.google.gerrit.pgm.init.api.InitUtil.dnOf;
22 :
23 : import com.google.gerrit.extensions.client.AuthType;
24 : import com.google.gerrit.extensions.client.GitBasicAuthPolicy;
25 : import com.google.gerrit.pgm.init.api.ConsoleUI;
26 : import com.google.gerrit.pgm.init.api.InitFlags;
27 : import com.google.gerrit.pgm.init.api.InitStep;
28 : import com.google.gerrit.pgm.init.api.Section;
29 : import com.google.gerrit.server.config.SitePaths;
30 : import com.google.gerrit.server.mail.SignedToken;
31 : import com.google.inject.Inject;
32 : import com.google.inject.Singleton;
33 : import java.util.EnumSet;
34 :
35 : /** Initialize the {@code auth} configuration section. */
36 : @Singleton
37 : class InitAuth implements InitStep {
38 : private static final String RECEIVE = "receive";
39 : private static final String ENABLE_SIGNED_PUSH = "enableSignedPush";
40 :
41 : private final ConsoleUI ui;
42 : private final Section auth;
43 : private final Section ldap;
44 : private final Section receive;
45 : private final InitFlags flags;
46 : private final SitePaths site;
47 :
48 : @Inject
49 15 : InitAuth(InitFlags flags, ConsoleUI ui, final SitePaths site, Section.Factory sections) {
50 15 : this.flags = flags;
51 15 : this.ui = ui;
52 15 : this.site = site;
53 15 : this.auth = sections.get("auth", null);
54 15 : this.ldap = sections.get("ldap", null);
55 15 : this.receive = sections.get(RECEIVE, null);
56 15 : }
57 :
58 : @Override
59 : public void run() {
60 15 : ui.header("User Authentication");
61 :
62 15 : initAuthType();
63 15 : if (auth.getSecure("registerEmailPrivateKey") == null) {
64 15 : auth.setSecure("registerEmailPrivateKey", SignedToken.generateRandomKey());
65 : }
66 :
67 15 : initSignedPush();
68 :
69 15 : if (site.isNew) {
70 0 : initUserNameCaseSensitivity();
71 : }
72 15 : }
73 :
74 : private void initAuthType() {
75 15 : AuthType authType =
76 15 : auth.select(
77 : "Authentication method",
78 : "type",
79 15 : flags.dev ? AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT : AuthType.OPENID);
80 15 : switch (authType) {
81 : case HTTP:
82 : case HTTP_LDAP:
83 : {
84 0 : String hdr = auth.get("httpHeader");
85 0 : if (ui.yesno(hdr != null, "Get username from custom HTTP header")) {
86 0 : auth.string("Username HTTP header", "httpHeader", "SM_USER");
87 0 : } else if (hdr != null) {
88 0 : auth.unset("httpHeader");
89 : }
90 0 : auth.string("SSO logout URL", "logoutUrl", null);
91 0 : break;
92 : }
93 :
94 : case LDAP:
95 : {
96 0 : auth.select(
97 : "Git/HTTP authentication",
98 : "gitBasicAuthPolicy",
99 : HTTP,
100 0 : EnumSet.of(HTTP, HTTP_LDAP, LDAP));
101 0 : break;
102 : }
103 : case OAUTH:
104 : {
105 0 : GitBasicAuthPolicy gitBasicAuth =
106 0 : auth.select(
107 0 : "Git/HTTP authentication", "gitBasicAuthPolicy", HTTP, EnumSet.of(HTTP, OAUTH));
108 :
109 0 : if (gitBasicAuth == OAUTH) {
110 0 : ui.message(
111 : "*WARNING* Please make sure that your chosen OAuth provider\n"
112 : + "supports Git token authentication.\n");
113 : }
114 : break;
115 : }
116 : case CLIENT_SSL_CERT_LDAP:
117 : case CUSTOM_EXTENSION:
118 : case DEVELOPMENT_BECOME_ANY_ACCOUNT:
119 : case LDAP_BIND:
120 : case OPENID:
121 : case OPENID_SSO:
122 : break;
123 : }
124 :
125 15 : switch (authType) {
126 : case LDAP:
127 : case LDAP_BIND:
128 : case HTTP_LDAP:
129 : {
130 0 : String server = ldap.string("LDAP server", "server", "ldap://localhost");
131 0 : if (server != null //
132 0 : && !server.startsWith("ldap://") //
133 0 : && !server.startsWith("ldaps://")) {
134 0 : if (ui.yesno(false, "Use SSL")) {
135 0 : server = "ldaps://" + server;
136 : } else {
137 0 : server = "ldap://" + server;
138 : }
139 0 : ldap.set("server", server);
140 : }
141 :
142 0 : ldap.string("LDAP username", "username", null);
143 0 : ldap.password("username", "password");
144 :
145 0 : String aBase = ldap.string("Account BaseDN", "accountBase", dnOf(server));
146 0 : ldap.string("Group BaseDN", "groupBase", aBase);
147 0 : break;
148 : }
149 :
150 : case CLIENT_SSL_CERT_LDAP:
151 : case CUSTOM_EXTENSION:
152 : case DEVELOPMENT_BECOME_ANY_ACCOUNT:
153 : case HTTP:
154 : case OAUTH:
155 : case OPENID:
156 : case OPENID_SSO:
157 : break;
158 : }
159 15 : }
160 :
161 : private void initSignedPush() {
162 15 : boolean def = flags.cfg.getBoolean(RECEIVE, ENABLE_SIGNED_PUSH, false);
163 15 : boolean enable = ui.yesno(def, "Enable signed push support");
164 15 : receive.set("enableSignedPush", Boolean.toString(enable));
165 15 : }
166 :
167 : private void initUserNameCaseSensitivity() {
168 0 : boolean enableCaseInsensitivity = ui.yesno(true, "Use case insensitive usernames");
169 0 : auth.set("userNameCaseInsensitive", Boolean.toString(enableCaseInsensitivity));
170 0 : }
171 : }
|
