Exception when logging out after restart #9
Comments
|
I have also seen this. |
|
Fixed in: [1], [2]. |
openstack-gerrit
pushed a commit
to openstack-infra/gerrit
that referenced
this issue
Apr 27, 2015
GitHub-Bug: davido/gerrit-oauth-provider#9 Change-Id: I17aaed508ef61959a3fc5634d76eb5386305f9a0
openstack-gerrit
pushed a commit
to openstack-infra/gerrit
that referenced
this issue
May 6, 2015
GitHub-Bug: davido/gerrit-oauth-provider#9 Change-Id: Id25792cdf6e28ba8d0f97bcc41d8c6409558314e
rockylmc
added a commit
to rockylmc/gerrit-1
that referenced
this issue
Oct 28, 2019
* Fix cleanup after tests
Some tests left over cloned Git repositories in the file system.
Now all temporary folders created are cleaned up in the
AbstractDaemonTest.
Change-Id: I13a376784066f767f6fd792f908f8a09d6c0307e
* Fix detection of symlinks in acceptance tests
Delete of temporary files failed if the tmp folder in which the
temporary directory was created is a symlink.
Now, the temporary folder is canonicalized before it is used. This
fixes this issue.
Change-Id: Ic5aa91e5242b5b836131c11b05b8723c50b359d9
* Load notes in ChangeUpdate.storeCommentsInNotes()
ChangeUpdate assumes the NoteMap in ChangeNotes is already
loaded. However, the ChangeNotes were never loaded, so the NoteMap
will always be empty. Therefore, we loaded the ChangeNotes.
Change-Id: Ibebb0d8c75dcac57178438b633e18447ec3cdb2e
* Fix successful login redirection to keep parameters
Login screen accept a token to redirect to on successful login but
if the token contained parameters, they were dropped.
Encode/decode the token to fix this issue.
When a URL has a pound sign, it is included in the token as well.
This removes the hardcoded behaviour to include a pound sign in every
redirect URL. Will now be able to use login redirection for URLs with
no pound sign (e.g. GitWeb)
Change-Id: If8a74a74ce11f79389895e4d036b06a1e81abbe5
* CM3: Add reStructuredText mode
Rst mode depends on stex mode and makes use of overlay.
Bug: Issue 2779
Change-Id: Idf745f50459b3d058d9a84496e43745c64ddfe5d
* Fix example response in changes REST API documentation
The example request is for a change on the gerrit project, but the
response shows the change Id with project name 'demo'.
Change-Id: I1a35402a8018bb316a6e908be610efdb9815466c
* Make gitweb redirect to login
Make gitweb redirect to the login page if the user isn't currently
logged in
Change-Id: Ib5b30d433b7ae629da00c02de5abc9d6990c6fc1
* Config Section: Add passwordForKey() convenience method
Section class already provides password() method that does the right
thing (store the value in secure.config) and suppresses the input from
the terminal. However this method expects user/password pair to exist.
With OAuth Github authentication provider we need to provide password
for GitHub Client Secret. Add another convenience method for Section to
operate on single field with description.
Change-Id: I9593cd5b35ae263003c1d1c9d771638a780ef96a
* Add documentation of the changes REST API /related endpoint
Bug: Issue 2782
Change-Id: I42e650904d924890e367b7fc6478489311da3f41
* Factor setPatchSetId out of ChangeUpdate
I missed this when factoring out AbstractChangeUpdate from
ChangeUpdate.
Change-Id: If6eb57fa1a2ed9b37061bdca2fcde200ef034329
* Modify CommentsInNotesUtil to handle removing a notes object
Previously, we were using the inserter to insert null if the list of
comments to write to the NoteMap was empty. However, in this case, we
should be removing the note that existed before. Therefore, I made an
additional method for the purpose of removing the note if we deleted
all remaining comments from that note, removeNoteFromNoteMap().
Callers should call writeCommentsToNoteMap if they have a non-empty
list of comments that they want to write to a note. If they have an
empty list, they should call removeNoteFromNoteMap which requires a
parameter for the RevId for the note where the comments used to be.
Change-Id: Ia91d8698206ab4814039a47190319838ecb541cc
* Modify PatchLineComment parser to incorporate status
In anticipation of the ability to write draft PatchLineComments to
NoteMaps, I modified some of the parsing code for reading comments out
of NoteMaps to take status as a parameter so that when it parses a
List of PatchLineComments out of the notes, they have the correct
status. This is valid to do because all comments in the same note
will all have the same status.
Additionally, I had to modify the ChangeNotesTest class in combination
with this to make sure that the comments being created for testing
purposes had the status flag set correctly.
Change-Id: If32e7075427abd2e6f02721824e8099243806243
* Factor out commit(MetaDataUpdate md) from ChangeUpdate
I missed this when factoring out AbstractChangeUpdate from ChangeUpdate.
Change-Id: I37d9fe82e1dbad64ef4e0733a4938053957e53fa
* Correct ordering of PatchLineComments in ChangeNotes
The ordering of the comment comparator in ChangeNotes should match the
ordering defined in the PatchLineCommentAccess (compare filename, then
line number, then writtenOn).
Change-Id: Icc96f807f6e8a954f9e0a922e777278cb86a3bf1
* Update version to 2.10-rc0
Change-Id: Icf14daa3d9ba14e57b6c487140617191a895e203
* Lowcase table name
Some Jdbc dialects (MySQL) are case sensitive, or to be more precise
their behaviour depend on underlying operating system, as on some
storage engines every table is saved in its own file.
Fix uppercase table name to lowcase bug introduced in Schema 98.
Bug: Issue 2788
Change-Id: I40065eee91aa9e48888ee675b68c6233cb7ab424
* Allow debug and trace log statements to be printed in log files
System logs file appenders were created with an info threshold which
was preventing debug and trace log statement to be printed in the
files. File appenders should not have a threshold. Instead, the root
logger should have a proper level (i.e. info) so if a specific logger is
using a finer grain level (e.g. debug, trace), the log statements won't
be filtered out by the appender.
Set the root category to info and no longer set the file appender
threshold when creating system logs.
Change-Id: I747bef1f5dcb99784ba91dba6d29cf1fba582b62
* Fix Guice module auto-discover for plugin providers
When a plugin provider was using the AbstractPreloadedPluginScanner
to automatically scan its contents, the Guice modules were incorrectly
detected and wrongly assigned:
- Modules not initialised to null at the beginning of the scan
- SshModule incorrectly assigned to SysModule and the other way around
- Inner modules were clashing with named Guice modules
e.g. install(new Module() { })
This fix brings much more sanity to module detection for plugin
providers (e.g. Groovy, Scala or other pluggable plugin formats).
Change-Id: I4edddd29acd0ff81cd61841bef8d2356ea20e716
* Set the version to 2.10-SNAPSHOT
Change-Id: I46d413a0e61b5356eb5702ee230785b8b1471ff1
* Fix broken test compilation
Change-Id: Id4bd313626142f115357c747a47107025e233e8a
* Fix using HTTP methods other than GET from plugins
Commit 3bde74c2797 introduced a bug in the REST API. Methods other
than GET could not be used anymore from plugins. For example it was not
possible anymore to delete projects with the delete-plugin using DELETE.
Bug: issue 2949
Change-Id: If90247ec4e0dad03b02d0a9e21202455fece90a7
Signed-off-by: Stefan Lay <stefan.lay@sap.com>
(cherry picked from commit 3d227bbadfa234bcac7400cf41030423bf183ff3)
* Update replication plugin to latest version
- Remove unneeded 'throws NoSuchChangeException'
- Avoid throwing exception due to deleted change
Change-Id: I97b86245c97f869828ba4feadb9ab73821e5b1ed
* Fix example in documentation of Set User Preferences endpoint
The example showed GET, but should be PUT.
Change-Id: I37da23217f8bec351703755d3266f42b3f8c75ee
* Revert "CM3: Add reStructuredText mode"
Causing rendering failures in some cases. Filed a bug upstream:
https://github.com/codemirror/CodeMirror/issues/2850
Change-Id: I0b4032d41b1fe5b9756ff59f752f5fce86634c41
* Mention the push %l-parameter in the documentation
Change-Id: Icc564ca82c2e05d176f75ddfd3b11924dcabaabe
* Fix broken formatting in Tomcat reverse proxy config documentation
Remove the unnecessary [TIP] block.
Fix the formatting of links.
Enclose example settings in backticks.
Add an anchor to make it easier to link the section from the release
notes.
Change-Id: I46dcc5cb6afc24c6717885a5ca5f1faa04d7a746
* Update Guice version to 4.0-beta5
Beta 5 releases the fix to Cookie mutability bug [1], so that we can
switch again to Central repository and don't need custom Guice
guice-servlet build.
[1] http://code.google.com/p/google-guice/issues/detail?id=806
Change-Id: Ia766f3d9163afdae06ea7c702824909a8349b98e
* Initial release notes for Gerrit 2.10
Change-Id: Iccaf7d4ea66eff290967c41ee70348a4dfc4511b
* Update JGit to version 3.5.1.201410131835-r
This JGit version fixes:
- Bug 420915 - jgit gc hangs in partitionTasks with a very small repo
- Bug 427107 - cannot push anymore
The latter was observed by CollabNet to break Gerrit replication if gc
created a bitmap index which may have induced PackWriterBitmapWalker.
findObjects() to throw a MissingObjectException.
This version of JGit also fixes the recursive merger on all storage
systems. Objects created during the virtual base construction of a
recursive merge must be written out somewhere and made available
through an ObjectReader for later passes to work on.
In both local filesystem and DFS implementations Gerrit was no-op'ing
the inserter in dry-run mode, causing these objects to be lost and
unavailable during the later processing stages of the merger. With a
virtual common ancestor tree or blob missing, the dry-run merger fails
and a spurious merge conflict is reported.
Instead build a non-flushing inserter wrapper around a real inserter
for the repository. On local disk (standard storage) this will allow
the virtual base to write loose objects, which may be reclaimed in
about two weeks by the standard `git prune` invoked by `git gc`.
On DFS systems this will create a new pack file and buffer a block of
data in memory before starting to store to persistent storage.
However with no flush() the DfsInserter will attempt to rollback the
pack, which may allow the DFS system to reclaim its storage quickly.
Some implementations of DFS may buffer even more deeply than one
block, making the discard even cheaper for smaller merges.
This update also fixes a potential infinite loop during object
inflation within both the WindowCursor or DfsReader versions of
ObjectReader. Inflation could get stuck if an object's compression
stream within a pack ended at a very precise alignment with the cache
block size. The alignment problem is very rare, as it has taken
several years to identify and track down.
Includes changes done in I9859bd073bd710424e12b8b091abb8278f4f9fcc
on master.
Change-Id: I898ad7d5e836ebae0f8f84b17d0ae74489479ef9
* Buck: Package servlet-api in WEB-INF/pgm-lib again
Idc8c24854 added servlet-api as transitive dependency to gerrit-server
Buck artifact. As the consequence servlet-api was included in lib
drectory instead of in pgm-lib.
Change-Id: I190a4d98d85d17b619ee81e3bb32eee58134677c
* Fix login redirect for non default (root) context
Login redirection was working fine when gerrit is deployed in the root
context but did not otherwise.
Issue: 2990
Change-Id: I851d45d4b9de1f70e45cdd5daaa838546dae02db
* Update replication plugin
- Fix replication_log no longer logging after plugin reload
- Prevent creating repos on extra servers
Change-Id: I4320e53fa4c2f0c619cd38dfa83eddd55a5e8bf0
* Fix NullPointerException in Reindex
Reindex was loading the AccessControlModule which is loading the
GitUploadPackGroupsProvider and the GitReceivePackGroupsProvider. Those
2 classes need the CurrentUser in order to determine if he can see the
configured groups if those are not visible to all the users. Reindex
binds the CurrentUser to null which was causing the
NullPointerException if upload of receive groups were configured in
gerrit.config.
Instead of binding the CurrentUser to the InternalUser class which
would have fixed the issue, bind the GitUploadPackGroups and
GitReceivePackGroups to empty sets. The reason to use the second option
is because the providers of GitUploadPackGroups and GitReceivePackGroups
will require to load groups information from the GroupBackend which can
take time and is not required by the Reindex.
Issue: 3025
Change-Id: I78d7bb93195aefb82ebec421237147db2f7e4b3d
* Update 2.10 release notes with information from 2.9.2
Mention that 2.10 includes the fixes that were done in 2.9.2.
Add a warning about database table primary key update during
site init.
Change-Id: I1a517b338d223b922de8f2b45b2e37a0b2891d28
* Remove 2.9.2 fix from 2.10 release notes
"Remove 'send email' checkbox from reply box on change screen" is
included in 2.9.2 and should not be listed in the 2.10 release
notes.
Change-Id: Ifa6b3dcfa01d30148f33859402e0bafd7dbd1c26
* Update 2.10 release notes with info from 2.9.2
- Add a warning that the init should be run in interactive mode.
- Switch from UK to US spelling.
Change-Id: I13c0ab025287e6eb1e8b42f1ccadf77cdbfddd01
* Fix inconsistent behaviour when adding reviewers
It was possible to add reviewers to a change when they had no visibility
to said change and/or were not active users. This is inconsistent with
what happens when adding groups. When adding groups, the non-active
users and the users with no visibility to the change would not be added.
Make the behavior of adding single reviewers consistent with adding
groups.
Change-Id: I606d43e6ca5ada88f26d3b14dd6f16c2306f74af
* Only create All-Projects ACL once
If refs/meta/config already exists do not overwrite or update it
with default configuration. This protects site administrators who
run `java -war gerrit.war init -d /some/existing/site --batch` and
corrupt ACLs of a live server with default settings.
To really set the default ACLs on an existing site the admin
should remove the refs/meta/config branch so it can be created.
Change-Id: I44a21b0c162812747ebcd50535709e8330dfbef8
* Enable scrollbars for "Edit Commit Message" TextArea
Bug: Issue 2890
Change-Id: I5de5179d2c059ddd9ef26ec37dcf9891926e1c8e
* Use current time for cherry picked commits
Cherry picking with the submitter time could cause massive clock skew
in the Git commit graph if the server is shutdown before the submit can
finish, and restarted hours later. In such a case Gerrit will write out
new cherry picks using hour-old committer times. This can confuse a Git
revision walker if there are many such badly dated commits, more than
the "slop bucket" the revision walker can tolerate (5-10).
Updating the commit time on each attempt also allows this strategy to
work around bugs elsewhere in Gerrit that does not handle patch sets
with the same commit SHA-1 well. Each new retry will get a new SHA-1,
as the timestamp is updated.
Change-Id: Ia0be365054cdc4692a8f5aa2afc2fb87f2e7888a
* Fix exception when clicking on binary file without being signed in
The user preferences are only available if the user is signed in.
Change-Id: I2ec307d34464394cd902218a32de1afdf5314f86
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
* ACL: Fix transitions check & a '1' in RefName
In determining which access pattern has precedence, the 1st check is
which pattern is closer via Levenshtein distance. The 2nd criteria is
if they differ on finite vs inifite. The 3rd criteria is based on
number of transitions in the pattern, where it is supposed to be the
pattern with the greatest number of transitions having precedence. The
check of using the number of transitions had the check reversed. This
caused the pattern with the fewest number of transitions to have
precedence.
When determining the Levenshtein distance of a glob style pattern the
trailing '*' would be changed to a '1'. The issue with doing this is
that it could cause a different access pattern to take precedence if a
RefName contained a '1' character as that would cause the Levenshtein
distance to become decreased by one.
Change-Id: Ibdcd483c303d24565ef43001b3831f6463c2ed8f
Signed-off-by: John L. Villalovos <john.l.villalovos@intel.com>
* Honor expireAfterWrite in the H2CacheImpl
The H2CacheImpl didn't honor the expireAfterWrite. This had an effect
that persisted entries never expired. For example, the web_sessions
cache entries didn't expire after their maxAge was reached.
Change-Id: I3a7c754ee05fe9ac92d96652db4b862bb597eba1
Signed-off-by: Saša Živkov <sasa.zivkov@sap.com>
Signed-off-by: Adrian Görler <adrian.goerler@sap.com>
* Include all command arguments in SSH log entry
Previously the SSH log only included the first argument. This
prevented the repository name from being logged when
'git receive-pack' was executed instead of 'git-receive-pack'.
Now the SSH log includes all command arguments in the log ensuring
that the repository name is always logged. This is desirable behavior
for anyone looking to monitor repository access via the SSH log.
Change-Id: Idff950e5480a122a2cb366a443d25aa9e0a8f5c8
(cherry picked from commit a56057f97620ae7b958c338149853d605d8d3604)
* Update 2.10 release notes
- Add information about bug fixes that were recently cherry-picked from
the master branch.
- Move some bug fixes from the new features section to the bug fixes
section.
- Expand the description of the "Add Me" feature on the change screen.
Change-Id: Ie14bab657f5a4f358489b04d16fd330ee66c2c4b
* Clarify behaviour of the 'Remove Reviewer' permission for change owners
Without having the 'Remove Reviewer' permission, change owners can only
remove reviewers that have given a zero or positive score. I.e. they
cannot remove reviewers that have given negative scores.
Clarify this in the documentation.
Change-Id: Ic1c5a292607f64337f82596553066cdbcd04eda2
* Disable Git over http when Gerrit is not configured to support http
When http is not defined as a download scheme, it removes the http download
links in the UI but git over http was still working.
Bug: issue 1050
Change-Id: I0da82f75c420ddbc8f35382bb66c0aed4b7dbef3
* Don't show 'Add Me' button for change owner or existing reviewers
Change-Id: Ib79bd18d863b7b62e90be7179d85465f25cc7759
* Revert "SSHD: Prevent double authentication for the same public key"
This reverts commit a5959d2216bee502c70ba7c285b2e3873d69d190.
This revert is necessary because of downgrade to the SSHD 0.9.0.
Change-Id: Ia41ad2d9a713ddd515bc383923844227b676070f
* Update version to 2.10-rc1
Change-Id: Ia5ed1dd73dbfbbfc1330c8af7ddbd3bdf1be27aa
* Set version to 2.10-SNAPSHOT
Change-Id: I7a051ebca6d5d989fe8c5b12e84d9974ce4dcb1d
* Don't duplicate commandName in SSH log
Using an enhanced for loop caused it to include arg[0]
which duplicated commandName. Now it uses an explicit
for loop starting at index 1 to avoid this.
Change-Id: Ie1db7d41c1670ba463f8c8002560192183015113
* Show link on hover for headings and anchors in documentation
For supporting users it is often useful to send them links to a
certain section in the documentation. The Gerrit documenation contains
a lot of anchors, but they are not easily accessible. If the section
is linked from the TOC the link to the section can be gained by
clicking on the link in the TOC. To link to other elements it is often
needed to check the HTML source code to find out the link target.
Make the links to section headings and anchors easier accessible by
displaying a link icon when the mouse is hovered over the heading or
anchor. By clicking on the link icon the page anchor is set and the
link can be copied from the address bar of the browser.
Having this functionality for anchors is especially useful for linking
to certain configuration parameters in the config-gerrit.html page.
The link icon is taken from the 'Freebie: Application Icon Set' [1]
which is licensed under the Creative Commons Attribution 3.0 Unported
License [2].
[1] http://tympanus.net/codrops/2012/10/02/freebie-application-icon-set-png-psd-csh/
[2] http://creativecommons.org/licenses/by/3.0/deed.en_US
Change-Id: I4377ea23ad76143fd4caa78afc30b82690e533ff
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
(cherry picked from commit a92861fb0126238014fc603257da65748efb05ca)
* Detecting Trivial Rebases fails unnecessarily early
When label.Label-Name.copyAllScoresOnTrivialRebase
is enabled, the detection of Trivial Rebases fails
unnecessarily early if useContentMerge is disabled
in the project settings.
According to the code comments, a Rebase is Trivial
if the Old PatchSet, cherry picked ontop of Parent
of the New PS, yields the exact same tree as the
New PS.
There is no reason to fail this detection due to
a path conflict regardless of the circumstances.
A Trivial Rebase is always a Trivial Rebase if the
code delta is unchanged.
This fix makes the Trivial Rebase detection ignore
the useContentMerge settings.
Change-Id: I7ef9bda0db3acce0d19bc6888084e57e55cb4b32
(cherry picked from commit dd4c0fb16d66bb010ef97d9f12487f350e08595f)
* Remove now unused project parameter
Change I7ef9bda0db3acce0d19bc6888084e57e55cb4b32 removed the usage of the
project parameter.
Change-Id: I14857e0cb92662b1233bc3351d3367a73fceed0b
* Fix missing return after %submit is rejected
Using %submit is currently only allowed if the caller has
Submit granted on refs/for/$branch. Early return once it
is known submit permission is missing.
Change-Id: I8da76454bf1efdf9fbc9ec662e1711489dbce009
(cherry picked from commit d07a5ab586ca38b067a3c3ded387353b0fba2c09)
* Do not include project watchers on new draft changes
If a draft change is created by pushing to refs/drafts/master only
the reviewers explicitly named on the command line (which may be
empty) should be notified of the change. Users watching the project
should not be notified, as the change has not yet been published.
Change-Id: I703ea779106c025c8002e79d39c060208b2e119d
(cherry picked from commit 8690a108f6f63b58496d49c09e1e6ea954c7c7b0)
* Update ReleaseNotes-2.10
Change-Id: Ief964e57fca8a75f75719c6d3e16f8e16e7acdec
* Show link on hover for h4 headings in documentation
E.g. in cmd-stream-events.txt we use h4 headings for the different
events and it would be nice to be able to link to them.
Change-Id: I1aaf496852a1793b34f1c694a2b2d486af0a028e
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
* SideBySide2: Fix alignment for long insertion/deletion blocks
In commit 1dbc53126cafc0f553b709 the line-height was changed to
"normal", allowing for taller text lines. Padding for insertion
or deletion blocks was no longer tall enough, which caused the
two sides to stop aligning.
Correct this by computing the line height on the fly after the
UI is displayed and the browser was able to compute font metrics
to a sampling of 10 lines of text.
Use the guessed value from a prior rendering for the new one,
reducing any reflow that has to occur upon viewing another
file in the same application session.
Chrome on Linux is showing the lines are 15px tall, so use
that as the current default guess, reducing initial reflow
for any platform that has this font height.
Bug: issue 2970
Change-Id: Ic5f7dbbd1cc3582388cfcdf6faf9dca1f7a85fa0
(cherry picked from commit 941d32cff210e3bec4e114ea35822b017faf18f1)
* Update 2.10 release notes
Change-Id: Ie130be8f6bb9e20e88be9f1b481e1f2853f033db
* Update JGit to 3.5.3.201412180710-r
This JGit version mitigates CVE-2014-9390 [1].
[1] https://projects.eclipse.org/projects/technology.jgit/releases/3.5.3
Change-Id: I7fa9ae43205afcc30f71578691f0fc30457fbd6b
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Update 2.10 release notes
- 2.10 includes fixes from 2.9.3 and 2.9.4
- Update JGit version
Change-Id: Ib53144a7f2008ab7cf51687e72fce12f84fdac8e
* Resource exhausted because of unclosed LDAP connection
When auth.type is set to LDAP (not LDAP_BIND), there will be two ldap
connections. The 1st connection will bind LDAP to find the DN of the
login user, and this connection will be closed in the try...finally
block. But the 2nd LDAP connection used to validate user password
is not closed at all. Too much unclosed TCP connections cause resource
exhausted and latter LDAP authentication will fail.
Change-Id: Ia5d83cccde8a0e6590d3e2fadc638d67f6e300e8
Reported-by: Wang Yiming <youthdragon.wangyiming@huawei.com>
Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
* Let RefControlTest be responsible for creating own test projects
All test cases which test inheritance of the access rights assume
existence of two projects: "local" and "parent", where "parent"
is the parent of the "local".
The cc00e0056991355b8780bebd221acf3baf1f55e7 moved the creation of
the "parent" into the Util class and it wasn't intuitive to follow
what exactly the "util.getParentConfig()" meant.
Remove the creation of the "parent" project from the Util class and
create the "parent" in the RefControlTest. Also, make sure that "parent"
is set to be the parent of the "local" in the setUp method.
Change-Id: I991a9bc25ca7609b5d9e15e54167446c7b0aa6cf
* Fix faulty behaviour in BLOCK permission
BLOCK can be overruled with ALLOW on the same project, however there
is a bug that happens when a child of the above project duplicates the
ALLOW permission, in this case the BLOCK will always win for the child,
even though the BLOCK was overruled in the parent.
This behaviour occurs because the ALLOW permission of the parent is
overridden by the ALLOW of the child, so when the BLOCK check occurs
the code thinks the permission should be blocked because it doesn't see
the ALLOW of the parent and BLOCK can only be overruled from the same
project.
Bug: issue 2995
Change-Id: Ib100deb181a0fdb07527a7242c4d4e8c4fe24b9b
* Update 2.10 release notes
Change-Id: I9c5dd2d3662ccd5e8bf59b8614f4fa46f6ab946a
* Re-enable the Cherry Pick button when cancelled
If the Cherry Pick dialog is cancelled, the Cherry Pick button
cannot be clicked again.
Change-Id: I5c2fb48ae4b01cfa122797b84a226cfb4ef6efe5
(cherry picked from commit 06810e758c7ea0eabf7ff43d785c65e2c90d1373)
* Update 2.10 release notes
Change-Id: I686ee169aebb42ff649c2ffa27cf0a58af1949c3
* Fix JSON errors in /projects REST API documentation
The JSON in some example responses was invalid as it contained
extraneous commas in some places.
Bug: issue 3107
Change-Id: I118fc8fb9cf2db30e9d71d6a44d892a37e5c9f27
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
* Fix plugin reloading for DynamicItems
Since DynamicItems could only ever be loaded by a single
plugin at a time (they are singletons), the code enforcing
this prevented those plugins from being reloaded.
Test Plan: reload the following plugins:
* gravatar-avatar-provider
* websession-flatfile
Bug: issue 2895
Change-Id: I52a07f34d1fa0b756f4cc22d0d83d2ef6906840e
(cherry picked from commit 9a5e78aa73fc4cf1159e2bcca95bf11c1f0b5cb5)
* Update JGit to 3.6.2.201501210735-r
This version of JGit logs IOExceptions caught while accessing pack files
and only removes affected packs from the pack list if we know that the
pack is corrupt. Other IOExceptions could be transient hence JGit
doesn't remove the affected pack from the list anymore to avoid the
problem reported on the Gerrit list [1]. It looks like in the reported
case the pack was removed from the pack list causing
MissingObjectExceptions which disappear when the server is restarted.
[1] https://groups.google.com/forum/#!topic/repo-discuss/Qdmbl-YZ4NU
Bug: issue 3094
Change-Id: I3cf36e1c2000f42652053ada712eccb955e99390
* Update 2.10 release notes
Change-Id: I4590930934f509455ca1fe553d9159ae5eebfff9
* Update 2.10 release notes
Change-Id: I6c084fc4834ab3e5665c59cb97c15e4b735e0f7e
* Update version to 2.10-rc2
Change-Id: I734c379890a5b705aa2b1f2b34d9a19fe4fcdcb3
* Drop broken Schema migrations
The code in the Schema_82 didn't work when upgrading from a 2.7 or an
older release to 2.10.
Drop the broken schema migrations. An upgrade from 2.7 or earlier
release to 2.10 will need to be done in two steps:
* upgrade to 2.8 or 2.9
* upgrade to 2.10
Change-Id: Ie7ae48326adb5d5c6e77190d9bf6739350a64887
* Update 2.10 release notes
Change-Id: I1724daa28675ef63bbbbb5bec07ae7529c3b6dec
* Update the Gerrit version in the plugin development documentation
Change-Id: Idace56cc33efc4129be39e0c2f5fb7545ad6a967
* Remove the archetypeRepository property from the mvn archetype:generate
When working with released artifacts there is no need to specify an
archetype repository.
Change-Id: Ib3010e1b08d361ae663f9cd3b3a412826f262cf4
* Update version to 2.10
Change-Id: I2795796ae77d240001fe5c789fe1aeae5fc34d56
* ChangeControl: Optimize creation by not re-reading changes
There are two different controlFor() methods that accept change id
and change. It seems that all callers have change instance available
so there is no need to re-read the changes from the database.
This fixes flaky query tests, see this thread for more details [1].
TEST PLAN:
To reproduce you need heavy load on your machine. For example start
LibreOffice's unit tests parallel to Gerrit's query tests:
$ libreoffice> make check
$ gerrit> buck test --no-results-cache //gerrit-server:query_tests
Repeat the last command multiple times. Without this change I observed
2-4 failures from 10 runs.
[1] https://groups.google.com/d/topic/repo-discuss/9wGKjTaVG7k
Change-Id: Ia95458e86b214b12186ca60ccad46d586e13a01c
(cherry picked from commit fa5fd568d0b945632e4dd3f4cff84f56d9e4b1f5)
* Add config options of LDAP 'connection pooling'
With these config options user can enable LDAP 'connection pooling'
for Helper.open() to improve the performance of LDAP server access.
Change-Id: If1c7bb5a9f5824aaa0bd71e8419b91a8f588493d
* Honor ldap.connectTimeout also without connection pooling
The com.sun.jndi.ldap.connect.timeout env variable is independent from
whether LDAP connection pooling is used or not.
Change-Id: I8e84efa89deb5c292d51e941e0a325cb7fc3f0a6
* Improve method and variable names related to group inclusion caches
In [1] group's accounts will be cached, thus in the semantic
environment of group inclusion caches the words 'member' and
'include' will not only be limited to subgroups and parent groups,
but will also include accounts.
This commit does not update cache names and does not affect users.
It only updates related method names to be more meaningful.
[1] https://gerrit-review.googlesource.com/58302
Change-Id: I9a5be1cb08ff53e2cede251a6f63e16ec25cdcfa
* Fix LDAP connection pool configuration.
Commit cd04bbc1 introduced LDAP connection pooling but it made a wrong
assumption that connection pool settings can be provided as env
variables.
According to [1] and also [2] the LDAP connection pool configuration is
done via JVM system properties. Only "com.sun.jndi.ldap.connect.pool" is
specified as an env variable.
[1] http://docs.oracle.com/javase/7/docs/technotes/guides/jndi/jndi-ldap.html#POOL
[2] http://stackoverflow.com/questions/22411967/which-ldap-jndi-provider-pool-settings-are-system-properties-and-which-are-envi
Change-Id: I71eb1934a23d658a1801afcd125895c59b69581e
* Reduce number of LDAP queries when having multiple accountBases
When searching for an account in LDAP we used to first execute one query
for each account base and, after that, check if the account was found.
For an LDAP configuration with N accountBases this always executed N
LDAP queries. In most cases this was not necessary as the account was often
found in the first configured accountBase.
Check if the account is found after each query and return as soon as it
is found. When most users are found in the first configured accountBase
this should reduce the number of LDAP queries by a factor of N.
Change-Id: I6eced365506ac9a2716cef643b5760b68fc3966d
* Improve LDAP login times, transfer 40x less data.
When recursively expanding LDAP groups we used to fetch all attributes
for each group. In our corporate setup this has been causing a huge
amount of data being transfered from the LDAP server to our Gerrit
instances. In the tcpdump output I could find a list of all corporate
user accounts being returned (probably as an attribute of a group).
However, we are really only interested in one attribute. Therefore, ask
the LDAP server for this one attribute only. This reduces the amount
of transfered data by a factor of 40, in our corporate setup.
Change-Id: I74df9064771d174a02f0e4d7cb2c5a994b9d8333
* Configurable ldap.fetchMemberOfEagerly to optimize LDAP login
Only query for all groups where the user belongs to if the
fetchMemberOfEagerly=true. Since querying for LDAP group membership
also performs recursive group lookup, this may save a lot of LDAP
requests and traffic on user login. Gerrit instances which use LDAP
for user authentication but otherwise rely on local Gerrit groups
will want to set the fetchMemberOfEagerly=false.
NOTE: Even if we avoid fetching LDAP group membership eagerly on user
login, we just postpone querying of the LDAP group membership until the
UI asks for all capabilities for this user. This happens immediately
after the login. This issue is addressed in the follow up change.
Change-Id: I4c33361976d814788dceb58a67c2027b9fd3e8d1
* Lazily lookup LDAP group memberships
By deferring LDAP queries until a contains method is called the
server can avoid looking up LDAP group information when only
internal Gerrit groups are used in access rules.
Change-Id: I96ac1894da07e00935ed6182084885a237ac414e
* Fix NullPointerException when executing query with --comments option
messages method was accesssing the notes member variable directly
instead of using the notes method, which will load the notes if not
already loaded.
Issue: 3210
Change-Id: I4b02f10d75070507cedbe9876a0f7c90944e0e2d
* Prevent NPE in ListTasks
If the show-queue command is executed while an ls-projects command is
executing, NPE occurs in the ListTasks REST API endpoint.
Add a null check to prevent this.
Bug: Issue 3211
Change-Id: Iea0ad5d1336d258ee2cd898eb5488ef610eb7d0c
* OpenID: Remove support for Google Accounts
From May 19, 2014[1] Google is no longer allowing new servers to use
OpenID API to authenticate user accounts. From April 20, 2015 Google
will shut down the OpenID service.
Delete Google Account suggestion from the web interface.
[1] https://developers.google.com/+/api/auth-migration#timetable
Change-Id: Idcf4e5a528e574c0042c897db87ea821fbf89315
* OpenID: Add support for Launchpad on the login form
The icon used in the login page is taken from [1] and encoded to
base64 using [2].
[1] https://launchpadlibrarian.net/16111289/gem-sm.png
[2] http://www.base64-image.de/
Change-Id: I8b3b10b7aef8a6dbae451edc017f9a35c1b9f1a9
* Update cookbook plugin to latest revision
- Maven: use same version number for plugin version and API version
- Maven: Add missing junit dependency
- Consume API version 2.10
Change-Id: Id28b58cfdc329a335b6c26f3eb55c5ecc97e9dde
* Point CGit link to new upstream
Change-Id: Ib64b9ec1c8e297ef3a8fb2f4e3bb14248bb9785c
Signed-off-by: Thomas Schneider <thosch97@gmail.com>
* Expose extension point for generic OAuth providers
Further development of OAuth authentication scheme support suggested in
I86fb8fab3 is to restrict the core to expose only the OAuth extension
point and use Gerrit plugin concept for OAuth provider implementations.
When multiple OAuth providers are deployed on Gerrit site (from one or
multiple plugins) selection page is shown to select OAuth provider per
user base (as it's known for OpenID authentication scheme). The only
difference is that the user can only select between deployed providers.
OAuth logo was borrowed from:
http://en.wikipedia.org/wiki/OAuth and
http://en.wikipedia.org/wiki/File:Oauth_logo.svg
The OAuth logo, designed by Chris Messina
Creative Commons Attribution-Share Alike 3.0 Unported license
Converted as base64 using: http://www.base64-image.de
Source for OAuth protocol description: the same link as above.
Bug: issue 2677
Bug: issue 2715
Contributed-by: Luca Milanesio <luca.milanesio@gmail.com>
Change-Id: I7da0a6b3f2a99b6188bd14cf2818f673a3ddd680
* Improve performance of ListBranches REST endpoint
Branch listing was reading all the refs from the repo and then
filtering out any branches that were not refs/meta/config or starting
with refs/heads. This extra IO and processing is hard to notice on fast
file systems but it's not on slow ones, especially if repo has a lot of
refs that do not start with refs/heads (e.g. refs/changes).
Rework the branch listing to get only the refs that start with refs/heads
from the repo and then add the 2 other branches required: HEAD and
refs/meta/config.
In one of our repos with 10k branches and 250k changes, this change
reduced the branch listing to 10% of the time it took without this
change.
Change-Id: I0932d06229e6a8cbc9497abcc5b604d2f9a0113b
* Fix LDAP authentication for the RFC2307 server type
The accountWithMemberOfQuery is only set for the active directory server
type. We must not use this query for authenticating against an RFC2307
server type as it is null in this case and no account is found.
Honor the fetchMemberOf parameter of the Helper.findAccount only when
the accountMemberField is supported for the given LDAP type.
Bug: Issue 3201
Change-Id: Ifa58dcf6588b6bcae7c46d1cf793aaecb107aff2
* Fix NPE when indexing changed lines
Change-Id: I0256dd2e3b194bf9fe989b196276e1405354ae0e
* Improve class naming of group inclusion cache loaders
In [1] the inner classes were named with lowerCaseNames.
thisIsNotStandard. StandardForClassNamesBeginsWithCaps.
[1] https://gerrit-review.googlesource.com/60356
Change-Id: Ia223cb6f010555841fd00be06c56b880968312fe
(cherry picked from commit b6b88ebe9c5d85624f0fbb9dfb2c84b9373f9a4d)
* Release notes for Gerrit 2.10.1
Change-Id: Ib5317c67ab058f8397ed1c2c353f55f3581217e5
* Set version to 2.10.1
Change-Id: I1bc1d4d6b270fe72c4bb3b7e7e4437e1e136b321
* Allow plugins to use self-provided licenses for used Maven Jars
maven_jar only allowed to use licenses that were defined in
'//lib:'. But plugins may need further licenses that are not yet in
core (E.g.: plugins/its-jira relies on a jar with CPL1.0
license). Since, plugins cannot add rules underneath '//lib:', we add
the local_license parameter to maven_jar, which allows plugins to use
licenses from ':' instead of '//lib:'.
Change-Id: Icc40c413eed65a0b6e3003021050d91086ca4c34
* Allow PatchListLoader to use recursive merger
The automerge "base" created on merge commits should use the
recursive merger, if it has not been disabled on this server.
Switching to recursive allows handling changes that require
the virtual common ancestor to be built when multiple merge
bases are discovered for the two parents.
Change-Id: Ica2daa6bd0a38f7fa1430bed28bd7f54d3bfb2c4
* OAuth: Allow to change username
OAuth extension point was derived from GitHub OAuth implementation.
Changing of user setting was disabled for GitHub, because it can be
induced from the endpoints. Given that other OAuth providers don't
expose username it makes sense to allow to change the attributes,
as it is the case for OpenID authentication scheme.
Inspired-by: Kelly Campbell <kelly.a.campbell@gmail.com>
Change-Id: Idc15271b619f11c17c9ea88e611259e5a113b0e5
* OAuth: Allow to link claimed identity to existing accounts
One of use cases OAuth plugin based authentication scheme is aiming
to support is switch from deprecated OpenID provider to OAuth scheme
offered by the same povider. In this specific case the database is
already pre-populated with OpenID accounts. After switching the auth
scheme to OAuth all existing accounts must be linked to the new OAuth
identity.
To support linking new OAuth identity to existing accounts, user info
extension point is extended with claimed identity attribute. When
passed, the account for this identity is looked up and when found new
OAuth identity is linked to it.
Change-Id: Ia6489762dd370bfbbaa16a7418cd3106d2d1112a
* Workaround a RecursiveMerger bug [1], avoid online reindexing failure
When performing a mergeability check for two commits which don't have a
common parent the RecursiveMerger will fail with a NPE. This prevented
the OnlineReindexer from finishing Lucene index upgrade.
This issue was also discussed in [2].
Workaround: consider any exception from the RecursiveMerger as an
expected error and return false as the result of the mergeability check.
Also, never fail the online reindexing when the mergeability check is
not able to finish properly.
[1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=462671
[2] https://groups.google.com/d/topic/repo-discuss/REYuk4mgIw8/discussion
Change-Id: Iea88440a9e25edf9385aba0663779d30e622e4f8
* Update replication plugin
* Fix replication_log with external log4j.configuration
Change-Id: I3594fa888e408cf5dbfecaf9531941abc019dfc8
* Update JGit to 3.7.0.201502260915-r.58-g65c379e
Change-Id: Ib4b994c10d83ffc30e478428545dfb0d1be97dfe
* Rework intra line diff to interrupt threads instead of killing them
Now that MyersDiff is interruptible[1], interrupt threads instead of
killing them when MyersDiff goes into infinite loop.
Replace IntraLineWorkerPool that was created to allow killing threads by
a standard CachedThreadPool.
[1] https://git.eclipse.org/r/44041
Change-Id: I39ceef66f503fb9f0b6036fc32b671818772c258
* Work around MyersDiff infinite loop in PatchListLoader
This infinite loop is happening for some files when the PatchListLoader
is computing the differences between 2 commits. It first showed up[1] in
the mergeability checks done in background and was easy to work around
by killing the thread using Javamelody and abandoning the faulty commits.
The issue showed up again, when upgrading from 2.9.x to 2.10: the online
reindexer getting stuck because of that infinite loop and this time, no
easy work around.
Use a similar approach that was done in intraline diff to work around
the MyersDiff infinite loop. Instead of returning a timeout error
message when the infinite loop is detected, fallback to a diff algorithm
that does not use MyersDiff. Returning a timeout error was not an option
because the failing operation is not always triggered by a user.
From the user perspective, the only difference when the infinite loop
is detected is that the files in the commit will not be compared
in-depth, which will result in bigger edit regions.
[1]https://groups.google.com/d/msg/repo-discuss/ZtiCilM3wFA/LijfZ4YkLHsJ
Change-Id: Ib00de070dd8df1722d4ade0a83c0ffa8eaa37f8e
* OnlineReindexer: log the success/failure numbers on exit
When the OnlineReindexer fails to reindex all changes it will not
activate the new index schema version. However, it may happen that only
there were only a few failures and that activating the new index schema
makes sense. Help the admins make the decision whether to activate the
new index schema version by logging the success/failure numbers in the
error_log.
Change-Id: I522e236ab1e9b60d5c3c7c215d8308972db45f70
* Remove unused OAuthToken in authorisation URL
When the user needs to be redirected to the OAuth authentication URL
for entering their credentials, the session is not active yet and
there is no OAuthToken available. There is no value then in having
a RequestToken parameter that will always be null anyway.
Change-Id: I00fdbd32923a51e0c92e6bc0efff551936ec344f
* Add log messages to troubleshoot OAuth/OpenID linking
Change-Id: Ic8e13eb570d66e144520c29cd65308ce1f1d15c1
* Do not return 403 when clicking on Gitweb breadcrumb
A message "Forbidden" was displayed when clicking on any part of the
breadcrumb trail displayed at the top of Gitweb pages. That happened for
projects with parent folders because browsing parent folders is not
supported by Gerrit.
Now when the user clicks on the parent folder, redirect to Gerrit projects
list screen with the parent folder path as the filter.
Change-Id: I86dfb3f29d8da6ee02efc95470673fe70a1f2d3e
* Release notes for Gerrit 2.10.2
Change-Id: Ie1f5c51e498864cbc719f5cd4b1a511f87067381
* Update version to 2.10.2
Change-Id: I1d2c4096151a8451c6cff0dc136eea84808a0779
* Remove stripping # in login redirect
The login redirect was set up to strip '#/' when redirecting to
the login page. In 2.10, HttpLoginServlet assumed the URL already
contained '#/', which means the redirect back to the original
page after login would fail.
Bug: Issue 3044
Change-Id: I5dc297e31d26006f52f869a63e5b9cc6f9591b21
* Revert "Downgrade SSHD to 0.9.0-4-g5967cfd"
All versions of SSHD since release 0.10 were suffering from exhaustion
of thread pool. Number of valuable features had to be reverted to
downgrade the SSHD version to 0.9. This blocking bug [1] was fixed [2]
and released in 0.14.0.
Update to the new version of SSHD and revert the downgrade.
This reverts commit bde8e9ac6f26a85c1a757ac0fa298f8b0c3c5783.
[1] https://issues.apache.org/jira/browse/SSHD-348
[2] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commitdiff;h=964e76890cf56da4491199860d0ea8276fbd26a6
Change-Id: Ib5faf1df0cb6bde2e2cd554c9311cc5e55095b04
* Revert "Revert "SSHD: Prevent double authentication for the same public key""
This reverts commit c7dedf989cf1717548b0793490d0be9506c1bc2e.
Change-Id: Ic4295ee58db8e0eb8869e526988ac4a3758370ee
* Revert "Revert "SSHD: Allow ECDSA based public key authentication""
This reverts commit ef74c883e6cc07c0a55f14960dfc31b0feafc39e.
Change-Id: I365c57365b4ea7271f104b8040f951b088cf80ab
* Revert "Revert "Allow configuration of SSH rekey values""
This reverts commit 3435c536a6024fc2a92610be452ab4d85ae5268c.
Change-Id: I4efe2e209ff05e68d8add596025622e76646bfde
* Print proper name for ListenableFutureTask in show-queue command
Any Gerrit WorkQueue.Executor that is decorated by a Guava
MoreExecutors.listeningDecorator was not printing the proper task name
in show-queue command. Even if the task defined a toString method, the
toString method of the ListenableFutureTask was called instead.
Since the task that we need to call the toString is wrapped into a
FutureTask which is also wrapped into a ListenableFutureTask, there is
no clean way to call proper toString other than modifying both classes
to delegate the toString to task they are wrapping.
Modify WorkQueue.Task.toString method to call the proper toString method
by reflection when the task is a ListenableFutureTask.
Change-Id: I551a89e88c4961b7412ff732bf47e2e3e9f3352f
* Print proper name for mergeability check tasks in show-queue command
Change-Id: I51e41c5eb52edddd3a7abc72e00cde248b68254d
* Don't use deprecated PGPPublicKeyRingCollection constructor
The PGPPublicKeyRingCollection constructor was deprecated in
Bouncycastle v1.51.
Use BcPGPPublicKeyRingCollection instead.
Change-Id: If718a6eab13ff991fae3b8334c53f2bc6227f061
* Remove unused imports
Change-Id: I079fc5767954d9ac795de459a9174d45825fe5e5
* Fix unused exception throws in EncryptedContactStore
Change-Id: I7e3f13699a55e457c498010b9806b60dbf163ad4
* PatchListLoader: Don't use deprecated TemporaryBuffer.LocalFile constructor
Change-Id: Iec0cae61e7c47d65278b9fc95328dfda90854e3a
* SshDaemon: Don't use deprecated IoAcceptor.dispose()
Change-Id: I971a5326c19b0274bfe28f84acff7dc76a664f3f
* Revert "Revert "SSH: Simplify CachingPublicKeyAuthenticator implementation""
This reverts commit 48bf33b2ebf58d501d5745a64a76d7b47c85c407.
Change-Id: I145d159327796ee524e05cc2019bb355f245a94b
* Prevent wrong content type for CSS files
The mime-util library contains two content type mappings for .css
files: application/x-pointplus and text/css. Unfortunately, using
the wrong one will result in most browsers discarding the file as
a CSS file. Ensure we only use the correct type for CSS files.
This happens because MimeUtilFileTypeRegistry attempts to get all
MIME types from mime-util and then sort the result based on the
specificity of each type. Since both types have no magic string,
only the ExtensionMimeDetector matches.
Change-Id: Idfe88dc823f191d9c9e0b9c9da3b5d2ec471f9db
* Invalidate OAuth session after web_sessions cache expiration
When web_sessions cache is expired, OAuth session preserves it
logged in state. This makes new sign-in impossible.
Rectify it by checking the states mismatch and invalidating OAuth
session when web_sessions cache was expired.
GitHub-Bug: https://github.com/davido/gerrit-oauth-provider/issues/5
Change-Id: I3d57193c5af29561fd1fac0804dd19c08a0e9dbe
* OAuth: Respect servlet context path in URL for login token
Due to a limitation in Jetty [1] we cannot rely on getPathInfo() from
web filter and need to strip the context path manually.
[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=28323
GitHub-Bug: https://github.com/davido/gerrit-oauth-provider/issues/6
Change-Id: Ie5e82abfc1b03b5be72769e05665ecd6099d2897
* Update revision of the replication plugin
- Set connection timeout to 120 sec for SSH remote operations
Change-Id: I651e331706d6a8b64bf3470eb9036e65930d160e
* Fix NPE in GitWebServlet
Bug: Issue 3289
Change-Id: I6c2a9e231343c3790ec913e1bf5de37f319d616a
* Release notes for Gerrit 2.10.3
Change-Id: I03e0294f2e0d3beb7cb77e61103ed7b8bfc40509
* Support hybrid OpenID and OAuth2 authentication
e9707d8f85 exposed OAuth authentication extension point. Using this
extension point plugins can offer OAuth2 authentications.
That is fine for new Gerrit sites, which can restrict the auth scheme
to OAuth2 only.
For the existing sites, that rely on non SSO OpenID auth scheme it
doesn't work to migrate to OAuth2 because of diverse contributors
base that use different OpenID providers. Not all OpenID providers
offer OAuth2 protocol. Particularly, widespread OpenID providers
among open source Gerrit communities are Launchpad/UbuntuOne and
FedoraProject don't offer OAuth2 protocol. To not lock out those
contributors from being able to contribute to open source Gerrit
based projects OpenID must still be supported.
With Google's shut down of their OpenID service in April 2015, big
user base is locked out from contribution to Gerrit based projects
that only support OpenID auth scheme.
The only way to still support OpenID 2.0 providers and new OAuth2
based protocol is native support for hybrid authentication scheme
in Gerrit.
This change extends OpenID auth scheme by making it aware of optional
OAuth plugin-based authentication.
When no oauth-provider plugins are deployed, OpenID auth scheme works
as usual. When OAuth provider plugins are deployed, OAuth2 providers
are offered on the OpenID login form, in addition to hard coded Yahoo!
and Launchpad OpenID providers: [1].
[1] http://imgur.com/IcCrChN
Change-Id: I6d70212f4fea5443a6322c7da683e1e943d058eb
* Include submitter in ChangeMessage on submission
Change-Id: I2136577857b3307ddcd91fa0d77265acd6532ea0
* Update 2.10.3 release notes
Change-Id: Ia54e447f55e2884c68994bc2d95e71cf5c6aaa6f
* Check reachability from R_HEADS/R_TAGS/REFS_CONFIG when creating branches
Creating branches has become a very heavy operation for Gerrit on large
Gits with many change-refs. By only taking R_HEADS/R_TAGS/REFS_CONFIG
into consideration when checking commit connectivity, the creation time
went from 50 seconds to 3 seconds (creation initiated using the UI) on
a git with 158k refs (143k refs from patch sets).
Change-Id: I386f3456b35c28ffa6580cafbe6901c5d420a47d
* Improve the version computation for the release notes
The "make -C ReleaseNotes" used to produce a version descriptor like:
X.Y (from X.Y-rcN-...)
when the ReleaseNotes-X.Y.txt wasn't changed in the vX.Y tagged commit.
For example, if we checked out the v2.10 and then built the
ReleaseNotes-2.10.txt the version string in the html file was:
2.10 (from v2.10-rc2-...)
which wasn't really nice for a final release. I had to change the
generated html file manually.
Here is an overview of how this change improves the computation of the
version string for the ReleaseNotes-2.10.txt file:
Checked out | Version (before) | Version (after)
------------+--------------------------+---------------------
v2.10-rc2 | 2.10 (from 2.10-rc1-...) | 2.10 (from v2.10-rc2)
v2.10 | 2.10 (from 2.10-rc2-...) | 2.10
master | 2.10 (from 2.10-rc2-...) | 2.10
Only add the "(from N)" suffix if the ReleaseNotes-X.Y.txt is
different in HEAD and in the vX.Y. In the "(from N)" string compute the
N as "git describe HEAD" instead of describing the last commit where the
ReleaseNotes-X.Y was changed.
Change-Id: I66aff6cc57cfbd42a332ca19445dedbfbee0b088
(cherry picked from commit 25bd938158aead6583bc1f6c0b64d8b33a657ab1)
* Update 2.10.3 release notes
Change-Id: I07be2d363b85e0372504b8782fd4be451ed4f486
* Update version to 2.10.3
Change-Id: I2f5be2347f614fbd2016aee9183aa175d408efb6
* Fix broken formatting in 2.10.3 release notes
Change-Id: I4ecccf14f5b2f6cf1edb0e408c120025ca673c37
* Release notes for 2.10.3.1
Change-Id: Ia37d71db50b88f624c59eb1815a73689a1613fb7
* Update version to 2.10.3.1
Change-Id: If6e4ad9ae769d261035566ef3c60763f83c5e054
* RestApiServlet: Flush pending padding as well
This issue was found by scan.coverity.com (CID 19911)
which is a static code analysis tool, free for open source
code. Originally it was classified as a resource leak, but
this is a miss classification as the auto closing of the
OutputStream will flush any pending padding.
Change-Id: I4dc2d1cd9f52740490fda7c37e98b115fa59ec3a
* RestApiServlet: Leave OutputStream open when flushing base64 padding
Some Java servlet containers fail if the response's OutputStream is
closed twice by the application. This appears to contradict standard
behavior in Java where most streams gracefully ignore extra close.
Unfortunately the container is required to power gerrit-review and
as such Gerrit needs to try to tolerate its behavior.
Wrap the supplied OutputStream delegating all calls except for
close(). No-op the close() method so the Java 7 try-with-resources
block does not automatically close the servlet OutputStream, leaving
this for the caller's finally block.
Change-Id: I84bd3c8031580f805d5d4ef5d70f09b89e170450
* Hybrid OpenID/OAuth: Check for session validity during logout
GitHub-Bug: https://github.com/davido/gerrit-oauth-provider/issues/9
Change-Id: I17aaed508ef61959a3fc5634d76eb5386305f9a0
* OAuth: Check for session validity during logout
GitHub-Bug: https://github.com/davido/gerrit-oauth-provider/issues/9
Change-Id: Id25792cdf6e28ba8d0f97bcc41d8c6409558314e
* Bump JGit version to 3.7.1.201504261725-r
This version fixed JGit regression, causing severe (>10x)
performance degradation on huge repositories (>2GB) on git
push and CPU consumption explosion during replication: [1].
[1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=465509
Bug: Issue 3300
Change-Id: I6b1fa985fa3738801d3fa27d690a1c02c1afc1db
* Hybrid OpenID/OAuth: Allow to link identity accross protocols
This change support all linking directions:
* From OpenID to OAuth
* From OAuth to OpenID
* From OAuth to OAuth
TEST PLAN:
1. Set up vanilla Gerrit site
2. Assign auth scheme to OpenID
3. Install gerrit-oauth-provider plugin
4. Configure GitHub or Google provider (or both)
5. Sign in with source identity
6. Click User => Settings => Identities => Link Another Identity
7. Select target identity from the login form
8. Confirm that the target identity is linked to the source identity
GitHub-Bug: https://github.com/davido/gerrit-oauth-provider/issues/12
Change-Id: I06e5cfc2ad1dde81050b951c0b7f602461af7992
* Hybrid OpenID/OAuth: Support switching identities
Change-Id: Iac0e36c2dd6b8e99a3b99c9594e29cca9bac22ca
GutHub-Bug: https://github.com/davido/gerrit-oauth-provider/issues/11
* Fix project creation with plugin config if user is not project owner
On project creation it is possible to specify plugin configuration
values that should be stored in the project.config file. This failed
if the calling user was not becoming owner of the created project,
because only project owners can edit the project.config file.
With this change now it is sufficient to have the 'Create Project'
capability to create a project with an initial plugin configuration,
even if the creating user is not becoming project owner of the created
project.
Change-Id: Ifecfeadd425afeff83197b11c97c1c2bbbef8eef
* Add '/.apt_generated' and '/.factorypath' to .gitignore
These files are not created with Gerrit 2.10, but only with Gerrit
2.11 and newer where these patterns are already ignored. However
switching from a new branch >= stable-2.11 to stable-2.10 leaves these
files in the working tree so that it is dirty.
Change-Id: I50f4069bb8600ed133fc2e0aade7974c6f721b7d
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
* Update JGit to the 4.0.0.201505050340-m2 version
18c4ccd2c3 changed JGit version from the 3.7.0.201502260915-r.58-g65c379e
to the 3.7.1.201504261725-r. However, except for the one new commit
which the 3.7.1.201504261725-r brought, this was effectively a JGit
downgrade.
We need to upgrade JGit to a version which contains the fix
for the [1] and is a successor of the snapshot version
3.7.0.201502260915-r.58-g65c379e which was used in the 2.10.3.1.
[1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=465509
Change-Id: I7b5f21700c6cda20b000e1e55266015f081b66bf
* Allow to link user identity to another OAuth provider
GitHub-Bug: https://github.com/davido/gerrit-oauth-provider/issues/12
Change-Id: I9507d15983cd021ba883afbdf4e526091d55c517
* OAuth: Simplify protocol implementation
Change-Id: Ia713593c57d9f68f6fcac8ff3978428052aee5fb
* Release notes for Gerrit 2.10.4
This is a fix for >10x performance degradation, caused by this JGit
change: [1].
In addidtion some minor fixes for base64 patch download and OAuth2
extension point are also included.
[1] https://git.eclipse.org/r/31081
Change-Id: Ia9e190b22e1573a3876db2a87198fca9dd7ea01f
* Update version to 2.10.4
Change-Id: I8557fb050b9bebeab2f5999c86c6e947955d5f52
* Set VERSION to 2.10.4
Change-Id: I5b4b519f09e3d9cfefec27db4429a350af64fa08
* Prolog-Cookbook: tidy up rule status descriptions
Change-Id: I3fef34f837381b046180c04b726add68c865569a
* Fix various spelling mistakes
Change-Id: I5fb811eab02d48a649990c6418977915c7dd7430
* Fixed regression caused by the defaultValue feature
[1] added support for selecting default values for labels.
Unfortunately it also broke the ability to remove labels
as described in [2], more precisely by: "To remove a label in a child
project, add an empty label with the same name as in the parent."
This fix make it possible to push empty labels in project.config
to refs/meta/config again. Without it, the following error is returned
by gerrit: 'project.config: Invalid defaultValue "0" for label ...'
[1] https://gerrit-review.googlesource.com/#/c/55750/
[2] https://gerrit-review.googlesource.com/Documentation/config-labels.html#label_custom
Change-Id: Icd727f64cb7a904957a2acc5143fe801653cfabe
* Bump JGit to v4.0.0.201506090130-r
This JGit version includes the bugfix [1] which is an attempt to fix the
"Cannot read project" issue in Gerrit, as discussed in [2] and [3].
This version of JGit also removes the 'release()' method in many
interfaces/classes in favor or the implementing the AutoCloseable
interface. In stable-2.10 we just replace all usages of the release()
method with the close() method. Refactoring the code to make use of the
AutoCloseable in stable-2.10 would be a larger change which wouldn't
justify itself as we don't expect any major development in stable-2.10
and the usage of AutoCloseable in the master branch is already done.
[1] https://git.eclipse.org/r/48288
[2] https://groups.google.com/forum/#!topic/repo-discuss/ZeGWPyyJlrM
[3] https://groups.google.com/forum/#!topic/repo-discuss/CYYoHfDxCfA
Change-Id: Ie540296238e3bbaf453c9e29426825431e15d423
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Release notes for 2.10.5
Change-Id: I3b78cd335a2766cb710c5a2fbfebcad734f391b5
* Update version to 2.10.5
* Fix license generation
Broken by d8af092c0a37025d84ced45903af2e52048d387e
dropping the license dependency from JARs by accident.
Change-Id: I64fcb042ee65dc554353b58bce22f9d1462985e2
(cherry picked from commit c535dd6e231821a940ef692ca36d8182b30ff80c)
* Release notes for Gerrit 2.10.6
Change-Id: I49b5094db78ca28e0ae56732670e9f0f62b310b2
* Update version to 2.10.6
Change-Id: I2e41f2b6044563f4f63324fa50ad8ed3145d8c24
* PatchListLoader: Synchronize MyersDiff and HistogramDiff invocations
To overcome MyersDiff endless loop problem, the computation thread can
be interrupted and set to cancel with Future.cancel(boolean) method.
However it cannot be assumed that after this method returns the thread
is terminated. When the system is under heavy load or/and the thread in
question is in a tight loop, it won't stop. It can be seen with this
instrumentation change in JGit: [1] with the corresponding dump [2].
Synchronize the MyersDiff and alternative HistogramDiff algorithm
invocations to prevent pack file corruption, as WindowCursor.inflate()
method isn't synchronized.
[1] https://git.eclipse.org/r/#/c/57583
[2] http://paste.openstack.org/show/475785
Bug-JGit: https://bugs.eclipse.org/bugs/show_bug.cgi?id=467467
Bug: Issue 3361
Contributed-By: Khai Do <zaro0508@gmail.com>
Change-Id: I4516bcc2c41792acdb8174cb9d3cc198ddfaf8ef
* Set version to 2.10.7
Change-Id: Ifaa53d31ae88211d069e35d699e6a2ad5cc6c8f6
* Release notes for Gerrit 2.10.7
Change-Id: I18096e6ed7b86206f4287ba3445d631994571ac9
* Fix link in 2.10.7 release notes
The "bug report on JGit" was actually pointing to a change
on the Eclipse review server, and not the bug report.
Change-Id: I833e37bf775c1f0153a370b239e7acbe3155bec5
* Update JGit to latest 4.5.x release
JGit releases older than 4.5 are known to be prone to issues
with MissingObjectExceptions.
Change-Id: Ia9099a5ac8fcbaf873e3354b5a47d2178c97444a
Signed-off-by: Edwin Kempin <ekempin@google.com>
* Set version to 2.10.8
Change-Id: I31bb360d26502a46faa74f0ca47e53e227c3b113
* Add release notes for Gerrit v2.10.8
Change-Id: I083658b124db4891343083a95cfc114437b8ce44
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Logging out a session which was authenticated before a restart gives me:
It doesn't seem to cause any problems.
The text was updated successfully, but these errors were encountered: