Remove www from scm-manager.org url (#1837)

This commit is contained in:
Sebastian Sdorra
2021-10-28 11:00:24 +02:00
committed by GitHub
parent de53e1f882
commit 87aea1936b
17 changed files with 107 additions and 107 deletions

View File

@@ -21,7 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security;
import com.google.common.annotations.VisibleForTesting;
@@ -41,12 +41,12 @@ import java.util.concurrent.TimeUnit;
/**
* Generates cookies and invalidates access token cookies.
*
*
* @author Sebastian Sdorra
* @since 2.0.0
*/
public final class DefaultAccessTokenCookieIssuer implements AccessTokenCookieIssuer {
/**
* the logger for DefaultAccessTokenCookieIssuer
*/
@@ -55,22 +55,22 @@ public final class DefaultAccessTokenCookieIssuer implements AccessTokenCookieIs
private static final int DEFAULT_COOKIE_EXPIRATION_AMOUNT = 365;
private static final TimeUnit DEFAULT_COOKIE_EXPIRATION_UNIT = TimeUnit.DAYS;
private static final int DEFAULT_COOKIE_EXPIRATION = (int) TimeUnit.SECONDS.convert(DEFAULT_COOKIE_EXPIRATION_AMOUNT, DEFAULT_COOKIE_EXPIRATION_UNIT);
private final ScmConfiguration configuration;
/**
* Constructs a new instance.
*
*
* @param configuration scm main configuration
*/
@Inject
public DefaultAccessTokenCookieIssuer(ScmConfiguration configuration) {
this.configuration = configuration;
}
/**
* Creates a cookie for token authentication and attaches it to the response.
*
*
* @param request http servlet request
* @param response http servlet response
* @param accessToken access token
@@ -82,26 +82,26 @@ public final class DefaultAccessTokenCookieIssuer implements AccessTokenCookieIs
c.setMaxAge(DEFAULT_COOKIE_EXPIRATION);
c.setHttpOnly(isHttpOnly());
c.setSecure(isSecure(request));
// attach cookie to response
response.addCookie(c);
}
/**
* Invalidates the authentication cookie.
*
*
* @param request http servlet request
* @param response http servlet response
*/
public void invalidate(HttpServletRequest request, HttpServletResponse response) {
LOG.trace("invalidates access token cookie");
Cookie c = new Cookie(HttpUtil.COOKIE_BEARER_AUTHENTICATION, Util.EMPTY_STRING);
c.setPath(contextPath(request));
c.setMaxAge(0);
c.setHttpOnly(isHttpOnly());
c.setSecure(isSecure(request));
// attach empty cookie, that the browser can remove it
response.addCookie(c);
}
@@ -114,19 +114,19 @@ public final class DefaultAccessTokenCookieIssuer implements AccessTokenCookieIs
}
return contextPath;
}
private boolean isSecure(HttpServletRequest request){
boolean secure = request.isSecure();
if (!secure) {
LOG.warn("issuet a non secure cookie, protect your scm-manager instance with tls https://www.scm-manager.org/docs/latest/en/administration/scm-server/");
LOG.warn("issuet a non secure cookie, protect your scm-manager instance with tls https://scm-manager.org/docs/latest/en/administration/scm-server/");
}
return secure;
}
private boolean isHttpOnly(){
// set http only flag only xsrf protection is disabled,
// because we have to extract the xsrf key with javascript in the wui
return !configuration.isEnabledXsrfProtection();
}
}