let non-anonymous user read access to public repos with basic auth

2026-01-09 09:02:16 +01:00 · 2015-04-06 22:14:26 +09:00
parent 5c81ce9b68
commit 93e7b604cd
1 changed files with 9 additions and 5 deletions
--- a/src/main/scala/gitbucket/core/servlet/BasicAuthenticationFilter.scala
+++ b/src/main/scala/gitbucket/core/servlet/BasicAuthenticationFilter.scala
@@ -43,12 +43,16 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
                  case auth => decodeAuthHeader(auth).split(":", 2) match {
                    case Array(username, password) => {
                      authenticate(settings, username, password) match {
-                        case Some(account) if (isUpdating || repository.repository.isPrivate) => {
-                          if(hasWritePermission(repository.owner, repository.name, Some(account))){
-                            request.setAttribute(Keys.Request.UserName, account.userName)
-                            chain.doFilter(req, wrappedResponse)
+                        case Some(account) => {
+                          if (isUpdating || repository.repository.isPrivate) {
+                            if(hasWritePermission(repository.owner, repository.name, Some(account))){
+                              request.setAttribute(Keys.Request.UserName, account.userName)
+                              chain.doFilter(req, wrappedResponse)
+                            } else {
+                              requireAuth(response)
+                            }
                          } else {
-                            requireAuth(response)
+                            chain.doFilter(req, wrappedResponse)
                          }
                        }
                        case _ => requireAuth(response)