Skip to content

Commit 31ff7a8

Browse files
committed
Merge branch 'stable-2.12'
* stable-2.12: Document that ldap.groupBase and ldap.accountBase are repeatable Put Change-Id after Test: footers in commit messages. Remove bucklets/local_jar.bucklet soft-link to removed lib/local.defs Normalize case of {Author,Committer}Predicate OAuth-Linking: Don't create new account when claimed identity unknown Update 2.11.5 release notes to mention forked buck Revert "Update buck to ba9f239f69287a553ca93af76a27484d83693563" Change-Id: I46c53b5c43ecbdc4d63cb03da25c35737b2c5afd
2 parents 8b38aef + a897647 commit 31ff7a8

File tree

7 files changed

+54
-10
lines changed

7 files changed

+54
-10
lines changed

Documentation/config-gerrit.txt

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2561,6 +2561,9 @@ server to respond until the TCP connection times out.
25612561
+
25622562
Root of the tree containing all user accounts. This is typically
25632563
of the form `ou=people,dc=example,dc=com`.
2564+
+
2565+
This setting may be added multiple times to specify more than
2566+
one root.
25642567

25652568
[[ldap.accountScope]]ldap.accountScope::
25662569
+
@@ -2672,6 +2675,9 @@ Active Directory.
26722675
+
26732676
Root of the tree containing all group objects. This is typically
26742677
of the form `ou=groups,dc=example,dc=com`.
2678+
+
2679+
This setting may be added multiple times to specify more than
2680+
one root.
26752681

26762682
[[ldap.groupScope]]ldap.groupScope::
26772683
+

ReleaseNotes/ReleaseNotes-2.11.5.txt

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,22 @@ https://gerrit-releases.storage.googleapis.com/gerrit-2.11.5.war]
99
There are no schema changes from link:ReleaseNotes-2.11.4.html[2.11.4].
1010

1111

12+
Important Notes
13+
---------------
14+
15+
*WARNING:* This release uses a forked version of buck.
16+
17+
Buck was forked to cherry-pick an upstream fix for building on Mac OSX
18+
El Capitan.
19+
20+
To build this release from source, the Google repository must be added to
21+
the remotes in the buck checkout:
22+
23+
----
24+
$ git remote add google https://gerrit.googlesource.com/buck
25+
----
26+
27+
1228
Bug Fixes
1329
---------
1430

bucklets/local_jar.bucklet

Lines changed: 0 additions & 1 deletion
This file was deleted.

gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OAuthSessionOverOpenID.java

Lines changed: 22 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -125,26 +125,41 @@ private void authenticateAndRedirect(HttpServletRequest req,
125125
try {
126126
String claimedIdentifier = user.getClaimedIdentity();
127127
Account.Id actualId = accountManager.lookup(user.getExternalId());
128-
// Use case 1: claimed identity was provided during handshake phase
128+
Account.Id claimedId = null;
129+
130+
// We try to retrieve claimed identity.
131+
// For some reason, for example staging instance
132+
// it may deviate from the really old OpenID identity.
133+
// What we want to avoid in any event is to create new
134+
// account instead of linking to the existing one.
135+
// That why we query it here, not to lose linking mode.
129136
if (!Strings.isNullOrEmpty(claimedIdentifier)) {
130-
log.debug("Claimed identity is set");
131-
Account.Id claimedId = accountManager.lookup(claimedIdentifier);
132-
if (claimedId != null && actualId != null) {
137+
claimedId = accountManager.lookup(claimedIdentifier);
138+
if (claimedId == null) {
139+
log.debug("Claimed identity is unknown");
140+
}
141+
}
142+
143+
// Use case 1: claimed identity was provided during handshake phase
144+
// and user account exists for this identity
145+
if (claimedId != null) {
146+
log.debug("Claimed identity is set and is known");
147+
if (actualId != null) {
133148
if (claimedId.equals(actualId)) {
134149
// Both link to the same account, that's what we expected.
135150
log.debug("Both link to the same account. All is fine.");
136151
} else {
137152
// This is (for now) a fatal error. There are two records
138-
// for what might be the same user.
139-
//
153+
// for what might be the same user. The admin would have to
154+
// link the accounts manually.
140155
log.error("OAuth accounts disagree over user identity:\n"
141156
+ " Claimed ID: " + claimedId + " is " + claimedIdentifier
142157
+ "\n" + " Delgate ID: " + actualId + " is "
143158
+ user.getExternalId());
144159
rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
145160
return;
146161
}
147-
} else if (claimedId != null && actualId == null) {
162+
} else {
148163
// Claimed account already exists: link to it.
149164
log.debug("Claimed account already exists: link to it.");
150165
try {

gerrit-server/src/main/java/com/google/gerrit/server/query/change/AuthorPredicate.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323

2424
public class AuthorPredicate extends IndexPredicate<ChangeData> {
2525
AuthorPredicate(String value) {
26-
super(AUTHOR, FIELD_AUTHOR, value);
26+
super(AUTHOR, FIELD_AUTHOR, value.toLowerCase());
2727
}
2828

2929
@Override

gerrit-server/src/main/java/com/google/gerrit/server/query/change/CommitterPredicate.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323

2424
public class CommitterPredicate extends IndexPredicate<ChangeData> {
2525
CommitterPredicate(String value) {
26-
super(COMMITTER, FIELD_COMMITTER, value);
26+
super(COMMITTER, FIELD_COMMITTER, value.toLowerCase());
2727
}
2828

2929
@Override

gerrit-server/src/test/java/com/google/gerrit/server/query/change/AbstractQueryChangesTest.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -378,6 +378,10 @@ public void byAuthor() throws Exception {
378378
// By name part
379379
assertQuery("author:Author", change1);
380380

381+
// Case insensitive
382+
assertQuery("author:jAuThOr", change1);
383+
assertQuery("author:ExAmPlE", change1);
384+
381385
// By non-existing email address / name / part
382386
assertQuery("author:jcommitter@example.com");
383387
assertQuery("author:somewhere.com");
@@ -401,6 +405,10 @@ public void byCommitter() throws Exception {
401405
// By name part
402406
assertQuery("committer:Committer", change1);
403407

408+
// Case insensitive
409+
assertQuery("committer:jCoMmItTeR", change1);
410+
assertQuery("committer:ExAmPlE", change1);
411+
404412
// By non-existing email address / name / part
405413
assertQuery("committer:jauthor@example.com");
406414
assertQuery("committer:somewhere.com");

0 commit comments

Comments
 (0)