-
Notifications
You must be signed in to change notification settings - Fork 203
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'stable-3.1' into stable-3.2
* stable-3.1: Fix header of "Pitfalls" subsection of Private Changes documentation AccountIT#accountIdApi: Get account API with id rather than name Fix header of "Pitfalls" subsection of Private Changes documentation Set version to 2.15.20-SNAPSHOT Set version to 2.15.19 Close open SSH connections upon account deactivation Allow to listen for account deactivations Extract method to iterate SSH sessions CacheBasedWebSession: Remove unnecessary 'final' in constructor args Add account listener integration tests using a real plugin Bazel: Add always pass test to avoid boilerplate in the CI Deny access over HTTP for disabled accounts Bazel: Consistently use bazelisk during publishing of artifacts Change-Id: I2d23a6fdcf6b44a9f55f3c01f5090aa8f0a343d4
- Loading branch information
Showing
16 changed files
with
594 additions
and
42 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
42 changes: 42 additions & 0 deletions
42
java/com/google/gerrit/extensions/events/AccountActivationListener.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
// Copyright (C) 2020 The Android Open Source Project | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package com.google.gerrit.extensions.events; | ||
|
||
import com.google.gerrit.extensions.annotations.ExtensionPoint; | ||
|
||
/** | ||
* Notified whenever an account got activated or deactivated. | ||
* | ||
* <p>This listener is called only after an account got (de)activated and hence cannot cancel the | ||
* (de)activation. See {@link | ||
* com.google.gerrit.server.validators.AccountActivationValidationListener} for a listener that can | ||
* cancel a (de)activation. | ||
*/ | ||
@ExtensionPoint | ||
public interface AccountActivationListener { | ||
/** | ||
* Invoked after an account got activated | ||
* | ||
* @param id of the account | ||
*/ | ||
default void onAccountActivated(int id) {} | ||
|
||
/** | ||
* Invoked after an account got deactivated | ||
* | ||
* @param id of the account | ||
*/ | ||
default void onAccountDeactivated(int id) {} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
60 changes: 60 additions & 0 deletions
60
java/com/google/gerrit/sshd/InactiveAccountDisconnector.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
// Copyright (C) 2020 The Android Open Source Project | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package com.google.gerrit.sshd; | ||
|
||
import com.google.common.flogger.FluentLogger; | ||
import com.google.gerrit.extensions.events.AccountActivationListener; | ||
import com.google.gerrit.server.CurrentUser; | ||
import com.google.gerrit.sshd.BaseCommand.Failure; | ||
import com.google.inject.Inject; | ||
import java.io.IOException; | ||
|
||
/** Closes open SSH connections upon account deactivation. */ | ||
public class InactiveAccountDisconnector implements AccountActivationListener { | ||
private static final FluentLogger logger = FluentLogger.forEnclosingClass(); | ||
|
||
private final SshDaemon sshDaemon; | ||
|
||
@Inject | ||
InactiveAccountDisconnector(SshDaemon sshDaemon) { | ||
this.sshDaemon = sshDaemon; | ||
} | ||
|
||
@Override | ||
public void onAccountDeactivated(int id) { | ||
try { | ||
SshUtil.forEachSshSession( | ||
sshDaemon, | ||
(sshId, sshSession, abstractSession, ioSession) -> { | ||
CurrentUser sessionUser = sshSession.getUser(); | ||
if (sessionUser.isIdentifiedUser() && sessionUser.getAccountId().get() == id) { | ||
logger.atInfo().log( | ||
"Disconnecting SSH session %s because user %s(%d) got deactivated", | ||
abstractSession, sessionUser.getLoggableName(), id); | ||
try { | ||
abstractSession.disconnect(-1, "user deactivated"); | ||
} catch (IOException e) { | ||
logger.atWarning().withCause(e).log( | ||
"Failure while deactivating session %s", abstractSession); | ||
} | ||
} | ||
}); | ||
} catch (Failure e) { | ||
// Ssh Daemon no longer running. Since we're only disconnecting connections anyways, this is | ||
// most likely ok, so we log only at info level. | ||
logger.atInfo().withCause(e).log("Failure while disconnecting deactivated account %d", id); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.