Line data    Source code

       1             : // Copyright (C) 2013 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.server.restapi.account;
      16             : 
      17             : import com.google.common.flogger.FluentLogger;
      18             : import com.google.gerrit.exceptions.EmailException;
      19             : import com.google.gerrit.extensions.common.Input;
      20             : import com.google.gerrit.extensions.restapi.AuthException;
      21             : import com.google.gerrit.extensions.restapi.Response;
      22             : import com.google.gerrit.extensions.restapi.RestModifyView;
      23             : import com.google.gerrit.server.CurrentUser;
      24             : import com.google.gerrit.server.IdentifiedUser;
      25             : import com.google.gerrit.server.account.AccountResource;
      26             : import com.google.gerrit.server.account.AccountSshKey;
      27             : import com.google.gerrit.server.account.VersionedAuthorizedKeys;
      28             : import com.google.gerrit.server.mail.send.DeleteKeySender;
      29             : import com.google.gerrit.server.permissions.GlobalPermission;
      30             : import com.google.gerrit.server.permissions.PermissionBackend;
      31             : import com.google.gerrit.server.permissions.PermissionBackendException;
      32             : import com.google.gerrit.server.ssh.SshKeyCache;
      33             : import com.google.inject.Inject;
      34             : import com.google.inject.Provider;
      35             : import com.google.inject.Singleton;
      36             : import java.io.IOException;
      37             : import org.eclipse.jgit.errors.ConfigInvalidException;
      38             : import org.eclipse.jgit.errors.RepositoryNotFoundException;
      39             : 
      40             : /**
      41             :  * REST endpoint to delete an SSH key of an account.
      42             :  *
      43             :  * <p>This REST endpoint handles {@code DELETE
      44             :  * /accounts/<account-identifier>/sshkeys/<ssh-key-identifier>} requests.
      45             :  */
      46             : @Singleton
      47             : public class DeleteSshKey implements RestModifyView<AccountResource.SshKey, Input> {
      48         148 :   private static final FluentLogger logger = FluentLogger.forEnclosingClass();
      49             : 
      50             :   private final Provider<CurrentUser> self;
      51             :   private final PermissionBackend permissionBackend;
      52             :   private final VersionedAuthorizedKeys.Accessor authorizedKeys;
      53             :   private final SshKeyCache sshKeyCache;
      54             :   private final DeleteKeySender.Factory deleteKeySenderFactory;
      55             : 
      56             :   @Inject
      57             :   DeleteSshKey(
      58             :       Provider<CurrentUser> self,
      59             :       PermissionBackend permissionBackend,
      60             :       VersionedAuthorizedKeys.Accessor authorizedKeys,
      61             :       SshKeyCache sshKeyCache,
      62         148 :       DeleteKeySender.Factory deleteKeySenderFactory) {
      63         148 :     this.self = self;
      64         148 :     this.permissionBackend = permissionBackend;
      65         148 :     this.authorizedKeys = authorizedKeys;
      66         148 :     this.sshKeyCache = sshKeyCache;
      67         148 :     this.deleteKeySenderFactory = deleteKeySenderFactory;
      68         148 :   }
      69             : 
      70             :   @Override
      71             :   public Response<?> apply(AccountResource.SshKey rsrc, Input input)
      72             :       throws AuthException, RepositoryNotFoundException, IOException, ConfigInvalidException,
      73             :           PermissionBackendException {
      74           3 :     if (!self.get().hasSameAccountId(rsrc.getUser())) {
      75           2 :       permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
      76             :     }
      77             : 
      78           3 :     return apply(rsrc.getUser(), rsrc.getSshKey());
      79             :   }
      80             : 
      81             :   public Response<?> apply(IdentifiedUser user, AccountSshKey sshKey)
      82             :       throws RepositoryNotFoundException, IOException, ConfigInvalidException {
      83           3 :     authorizedKeys.deleteKey(user.getAccountId(), sshKey.seq());
      84             :     try {
      85           3 :       deleteKeySenderFactory.create(user, sshKey).send();
      86           0 :     } catch (EmailException e) {
      87           0 :       logger.atSevere().withCause(e).log(
      88           0 :           "Cannot send SSH key deletion message to %s", user.getAccount().preferredEmail());
      89           3 :     }
      90           3 :     user.getUserName().ifPresent(sshKeyCache::evict);
      91             : 
      92           3 :     return Response.none();
      93             :   }
      94             : }