From 1388052ace1ea3fe9061edfb967f405573c5949b Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Sun, 20 Apr 2014 13:11:41 +0200 Subject: [PATCH] return authentication header, if the login attempt limit is disabled --- .../sonia/scm/config/ScmConfiguration.java | 19 ++++++++++++++++--- .../scm/web/HgBasicAuthenticationFilter.java | 3 ++- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java b/scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java index d9d1d8a119..eebefe4e1c 100644 --- a/scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java +++ b/scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java @@ -484,12 +484,25 @@ public class ScmConfiguration return forceBaseUrl; } + /** + * Returns true if the login attempt limit is enabled. + * + * + * @return true if login attempt limit is enabled + * + * @since 1.37 + */ + public boolean isLoginAttemptLimitEnabled() + { + return loginAttemptLimit > 0; + } + /** * Returns true if failed authenticators are skipped. * * * @return true if failed authenticators are skipped - * + * * @since 1.36 */ public boolean isSkipFailedAuthenticators() @@ -762,11 +775,11 @@ public class ScmConfiguration } /** - * If set to true the authentication chain is not stopped, if an + * If set to true the authentication chain is not stopped, if an * authenticator finds the user but fails to authenticate the user. * * @param skipFailedAuthenticators true to skip failed authenticators - * + * * @since 1.36 */ public void setSkipFailedAuthenticators(boolean skipFailedAuthenticators) diff --git a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgBasicAuthenticationFilter.java b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgBasicAuthenticationFilter.java index afbef65557..6d3c819e13 100644 --- a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgBasicAuthenticationFilter.java +++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgBasicAuthenticationFilter.java @@ -87,7 +87,8 @@ public class HgBasicAuthenticationFilter extends BasicAuthenticationFilter HttpServletResponse response) throws IOException { - if (HgUtil.isHgClient(request)) + if (HgUtil.isHgClient(request) + && (configuration.isLoginAttemptLimitEnabled())) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED); }