Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-09 23:15:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix authentication for public repository.

Browse Source
This commit is contained in:
takezoe
2013-06-05 10:15:31 +09:00
parent 64beb295e5
commit a9104f51f1
1 changed files with 23 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/main/scala/servlet/BasicAuthenticationFilter.scala
View File

@@ -21,15 +21,28 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
val response = res.asInstanceOf[HttpServletResponse] val response = res.asInstanceOf[HttpServletResponse]
try { try {
request.getHeader("Authorization") match { val paths = request.getRequestURI.split("/")
case null => requireAuth(response) val repositoryOwner = paths(2)
case auth => decodeAuthHeader(auth).split(":") match { val repositoryName = paths(3).replaceFirst("\\.git$", "")
case Array(username, password) if(isValidUser(username, password, request)) => { getRepository(repositoryOwner, repositoryName, request.getServletContext) match {
request.setAttribute("USER_NAME", username) case Some(repository) => {
if(!request.getRequestURI.endsWith("/git-receive-pack") &&
repository.repository.repositoryType == RepositoryService.Public){
chain.doFilter(req, res) chain.doFilter(req, res)
} else {
request.getHeader("Authorization") match {
case null => requireAuth(response)
case auth => decodeAuthHeader(auth).split(":") match {
case Array(username, password) if(isWritableUser(username, password, repository)) => {
request.setAttribute("USER_NAME", username)
chain.doFilter(req, res)
}
case _ => requireAuth(response)
}
}
} }
case _ => requireAuth(response)
} }
case None => response.sendError(HttpServletResponse.SC_NOT_FOUND)
} }
} catch { } catch {
case ex: Exception => { case ex: Exception => {
@@ -39,18 +52,12 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
} }
} }
// TODO If the repository is public, it must allow users which have readable right. private def isWritableUser(username: String, password: String, repository: RepositoryService.RepositoryInfo): Boolean = {
private def isValidUser(username: String, password: String, request: HttpServletRequest): Boolean = {
val paths = request.getRequestURI.split("/")
getAccountByUserName(username) match { getAccountByUserName(username) match {
case Some(account) if(account.password == password) => { case Some(account) if(account.password == password) => {
if(account.userType == AccountService.Administrator // administrator (account.userType == AccountService.Administrator // administrator
|| account.userName == paths(2) // repository owner || account.userName == repository.owner // repository owner
|| getCollaborators(paths(2), paths(3).replaceFirst("\\.git$", "")).contains(account.userName)){ // collaborator || getCollaborators(repository.owner, repository.name).contains(account.userName)) // collaborator
true
} else {
false
}
} }
case _ => false case _ => false
} }