Return 401 for non-browsers when authentication is failed

2026-02-24 07:20:57 +01:00 · 2018-01-25 02:15:50 +09:00
parent fb34b0909e
commit d6df35f072
2 changed files with 17 additions and 3 deletions
--- a/build.sbt
+++ b/build.sbt
@@ -62,7 +62,8 @@ libraryDependencies ++= Seq(
  "org.mockito"                     %  "mockito-core"                 % "2.13.0"         % "test",
  "com.wix"                         %  "wix-embedded-mysql"           % "3.0.0"          % "test",
  "ru.yandex.qatools.embed"         %  "postgresql-embedded"          % "2.6"            % "test",
-  "net.i2p.crypto"                  % "eddsa"                         % "0.2.0"
+  "net.i2p.crypto"                  % "eddsa"                         % "0.2.0",
+  "is.tagomor.woothee"              % "woothee-java"                  % "1.7.0"
 )

 // Compiler settings
--- a/src/main/scala/gitbucket/core/controller/ControllerBase.scala
+++ b/src/main/scala/gitbucket/core/controller/ControllerBase.scala
@@ -4,7 +4,7 @@ import java.io.FileInputStream

 import gitbucket.core.api.ApiError
 import gitbucket.core.model.Account
-import gitbucket.core.service.{AccountService, SystemSettingsService,RepositoryService}
+import gitbucket.core.service.{AccountService, RepositoryService, SystemSettingsService}
 import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Directory._
 import gitbucket.core.util.Implicits._
@@ -17,9 +17,10 @@ import org.scalatra.forms._
 import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
 import javax.servlet.{FilterChain, ServletRequest, ServletResponse}

+import is.tagomor.woothee.Classifier
+
 import scala.util.Try
 import net.coobird.thumbnailator.Thumbnails
-
 import org.eclipse.jgit.api.Git
 import org.eclipse.jgit.lib.ObjectId
 import org.eclipse.jgit.revwalk.RevCommit
@@ -113,12 +114,24 @@ abstract class ControllerBase extends ScalatraFilter
      org.scalatra.NotFound(gitbucket.core.html.error("Not Found"))
    }

+  private def isBrowser(userAgent: String): Boolean = {
+    if(userAgent == null || userAgent.isEmpty){
+      false
+    } else {
+      val data = Classifier.parse(userAgent)
+      val category = data.get("category")
+      category == "pc" || category == "smartphone" || category == "mobilephone"
+    }
+  }
+
  protected def Unauthorized()(implicit context: Context) =
    if(request.hasAttribute(Keys.Request.Ajax)){
      org.scalatra.Unauthorized()
    } else if(request.hasAttribute(Keys.Request.APIv3)){
      contentType = formats("json")
      org.scalatra.Unauthorized(ApiError("Requires authentication"))
+    } else if(!isBrowser(request.getHeader("USER-AGENT"))){
+      org.scalatra.Unauthorized()
    } else {
      if(context.loginAccount.isDefined){
        org.scalatra.Unauthorized(redirect("/"))