LCOV - code coverage report
Current view: top level - server/mail - SignedTokenEmailTokenVerifier.java (source / functions) Hit Total Coverage
Test: _coverage_report.dat Lines: 26 30 86.7 %
Date: 2022-11-19 15:00:39 Functions: 6 6 100.0 % 

          Line data    Source code
       1             : // Copyright (C) 2012 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.server.mail;
      16             : 
      17             : import static com.google.common.base.Preconditions.checkState;
      18             : import static java.nio.charset.StandardCharsets.UTF_8;
      19             : 
      20             : import com.google.common.io.BaseEncoding;
      21             : import com.google.gerrit.entities.Account;
      22             : import com.google.gerrit.server.account.AuthRequest;
      23             : import com.google.gerrit.server.config.AuthConfig;
      24             : import com.google.gerrit.server.mail.send.RegisterNewEmailSender;
      25             : import com.google.inject.AbstractModule;
      26             : import com.google.inject.Inject;
      27             : import com.google.inject.Singleton;
      28             : import java.util.regex.Matcher;
      29             : import java.util.regex.Pattern;
      30             : 
      31             : /** Verifies the token sent by {@link RegisterNewEmailSender}. */
      32             : @Singleton
      33             : public class SignedTokenEmailTokenVerifier implements EmailTokenVerifier {
      34             :   private final SignedToken emailRegistrationToken;
      35             :   private final AuthRequest.Factory authRequestFactory;
      36             : 
      37         152 :   public static class SignedTokenEmailTokenVerifierModule extends AbstractModule {
      38             :     @Override
      39             :     protected void configure() {
      40         152 :       bind(EmailTokenVerifier.class).to(SignedTokenEmailTokenVerifier.class);
      41         152 :     }
      42             :   }
      43             : 
      44             :   @Inject
      45         138 :   SignedTokenEmailTokenVerifier(AuthConfig config, AuthRequest.Factory authRequestFactory) {
      46         138 :     emailRegistrationToken = config.getEmailRegistrationToken();
      47         138 :     this.authRequestFactory = authRequestFactory;
      48         138 :   }
      49             : 
      50             :   @Override
      51             :   public String encode(Account.Id accountId, String emailAddress) {
      52           4 :     checkEmailRegistrationToken();
      53             :     try {
      54           4 :       String payload = String.format("%s:%s", accountId, emailAddress);
      55           4 :       byte[] utf8 = payload.getBytes(UTF_8);
      56           4 :       String base64 = BaseEncoding.base64Url().encode(utf8);
      57           4 :       return emailRegistrationToken.newToken(base64);
      58           0 :     } catch (XsrfException e) {
      59           0 :       throw new IllegalArgumentException(e);
      60             :     }
      61             :   }
      62             : 
      63             :   @Override
      64             :   public ParsedToken decode(String tokenString) throws InvalidTokenException {
      65           2 :     checkEmailRegistrationToken();
      66             :     ValidToken token;
      67             :     try {
      68           2 :       token = emailRegistrationToken.checkToken(tokenString, null);
      69           2 :     } catch (XsrfException | CheckTokenException err) {
      70           2 :       throw new InvalidTokenException(err);
      71           2 :     }
      72           2 :     if (token == null || token.getData() == null || token.getData().isEmpty()) {
      73           0 :       throw new InvalidTokenException();
      74             :     }
      75             : 
      76           2 :     String payload = new String(BaseEncoding.base64Url().decode(token.getData()), UTF_8);
      77           2 :     Matcher matcher = Pattern.compile("^([0-9]+):(.+@.+)$").matcher(payload);
      78           2 :     if (!matcher.matches()) {
      79           0 :       throw new InvalidTokenException();
      80             :     }
      81           2 :     Account.Id id = Account.Id.tryParse(matcher.group(1)).orElseThrow(InvalidTokenException::new);
      82           2 :     String newEmail = matcher.group(2);
      83           2 :     return new ParsedToken(id, newEmail, authRequestFactory);
      84             :   }
      85             : 
      86             :   private void checkEmailRegistrationToken() {
      87           4 :     checkState(
      88             :         emailRegistrationToken != null, "'auth.registerEmailPrivateKey' not set in gerrit.config");
      89           4 :   }
      90             : }

Generated by: LCOV version 1.16+git.20220603.dfeb750