aiden
/
depot_tools
mirror of https://chromium.googlesource.com/chromium/tools/depot_tools
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[gerrit_util] Don't try to use SSO on non-googlesource hosts

Browse Source 
In case you're getting funny thoughts, these requests would not attach
any cookies anyway because the domain doesn't match.  It just allows
requests to properly fallback to OAuth path.

Bug: b/362741558
Change-Id: Iaf83ad640501ff45671dbc358e676cbeaf04d686
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/5824222
Commit-Queue: Allen Li <ayatane@chromium.org>
Reviewed-by: Josip Sokcevic <sokcevic@chromium.org>
changes/22/5824222/4
Allen Li 8 months ago committed by LUCI CQ
parent b89b440351
commit dc8d502d13
2 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File

3
gerrit_util.py
Unescape Escape View File

@ -179,6 +179,9 @@ def ShouldUseSSO(host: str, email: str) -> bool:
if not newauth.Enabled():
LOGGER.debug("SSO=False: not opted in")
return False
if not host.endswith('.googlesource.com'):
LOGGER.debug("SSO=False: non-googlesource host %r", host)
return False
if newauth.SkipSSO():
LOGGER.debug("SSO=False: set skip SSO config")
return False

34
tests/gerrit_util_test.py
Unescape Escape View File

@ -752,23 +752,33 @@ class ShouldUseSSOTest(unittest.TestCase):
@mock.patch('newauth.Enabled', return_value=False)
def testDisabled(self, _):
self.assertFalse(
gerrit_util.ShouldUseSSO('fake-host', 'firefly@google.com'))
gerrit_util.ShouldUseSSO('fake-host.googlesource.com',
'firefly@google.com'))
@mock.patch('gerrit_util.ssoHelper.find_cmd', return_value='')
def testMissingCommand(self, _):
self.assertFalse(
gerrit_util.ShouldUseSSO('fake-host', 'firefly@google.com'))
gerrit_util.ShouldUseSSO('fake-host.googlesource.com',
'firefly@google.com'))
def testBadHost(self):
self.assertFalse(
gerrit_util.ShouldUseSSO('fake-host.coreboot.org',
'firefly@google.com'))
def testEmptyEmail(self):
self.assertTrue(gerrit_util.ShouldUseSSO('fake-host', ''))
self.assertTrue(
gerrit_util.ShouldUseSSO('fake-host.googlesource.com', ''))
def testGoogleEmail(self):
self.assertTrue(
gerrit_util.ShouldUseSSO('fake-host', 'firefly@google.com'))
gerrit_util.ShouldUseSSO('fake-host.googlesource.com',
'firefly@google.com'))
def testGmail(self):
self.assertFalse(
gerrit_util.ShouldUseSSO('fake-host', 'firefly@gmail.com'))
gerrit_util.ShouldUseSSO('fake-host.googlesource.com',
'firefly@gmail.com'))
@mock.patch('gerrit_util.GetAccountEmails',
return_value=[{
@ -776,8 +786,11 @@ class ShouldUseSSOTest(unittest.TestCase):
}])
def testLinkedChromium(self, email):
self.assertTrue(
gerrit_util.ShouldUseSSO('fake-host', 'firefly@chromium.org'))
email.assert_called_with('fake-host', 'self', authenticator=mock.ANY)
gerrit_util.ShouldUseSSO('fake-host.googlesource.com',
'firefly@chromium.org'))
email.assert_called_with('fake-host.googlesource.com',
'self',
authenticator=mock.ANY)
@mock.patch('gerrit_util.GetAccountEmails',
return_value=[{
@ -785,8 +798,11 @@ class ShouldUseSSOTest(unittest.TestCase):
}])
def testUnlinkedChromium(self, email):
self.assertFalse(
gerrit_util.ShouldUseSSO('fake-host', 'firefly@chromium.org'))
email.assert_called_with('fake-host', 'self', authenticator=mock.ANY)
gerrit_util.ShouldUseSSO('fake-host.googlesource.com',
'firefly@chromium.org'))
email.assert_called_with('fake-host.googlesource.com',
'self',
authenticator=mock.ANY)
if __name__ == '__main__':

Write Preview
Loading…
Cancel
Save