From 30affae76d64c95fb789c20a0c595a56b5d9259b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Pfeuffer?= Date: Fri, 19 May 2023 12:11:08 +0200 Subject: [PATCH] Fix hg anonymous access by sending authenticate header If anonymous access is enabled and read requests are granted to hg repositories for the anonymous user, write requests fail also for users with write requests, because no authentication header has been sent along with the 401. This fixes this issue in the default cgi servlet. --- gradle/changelog/hg_anonymous_mode.yaml | 2 ++ .../main/java/sonia/scm/web/cgi/DefaultCGIExecutor.java | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 gradle/changelog/hg_anonymous_mode.yaml diff --git a/gradle/changelog/hg_anonymous_mode.yaml b/gradle/changelog/hg_anonymous_mode.yaml new file mode 100644 index 0000000000..8d4bd0aec5 --- /dev/null +++ b/gradle/changelog/hg_anonymous_mode.yaml @@ -0,0 +1,2 @@ +- type: fixed + description: Broken HG write access when anonymous users have read access diff --git a/scm-webapp/src/main/java/sonia/scm/web/cgi/DefaultCGIExecutor.java b/scm-webapp/src/main/java/sonia/scm/web/cgi/DefaultCGIExecutor.java index 2d8a374e5e..e06f42c168 100644 --- a/scm-webapp/src/main/java/sonia/scm/web/cgi/DefaultCGIExecutor.java +++ b/scm-webapp/src/main/java/sonia/scm/web/cgi/DefaultCGIExecutor.java @@ -36,6 +36,7 @@ import org.slf4j.LoggerFactory; import sonia.scm.SCMContext; import sonia.scm.config.ScmConfiguration; +import sonia.scm.security.Authentications; import sonia.scm.util.HttpUtil; import sonia.scm.util.IOUtil; import sonia.scm.util.SystemUtil; @@ -444,7 +445,11 @@ public class DefaultCGIExecutor extends AbstractCGIExecutor if (status < 304) { response.setStatus(status); } else { - response.sendError(status); + if (status == 401 && Authentications.isAuthenticatedSubjectAnonymous()) { + HttpUtil.sendUnauthorized(response, configuration.getRealmDescription()); + } else { + response.sendError(status); + } } }