From b131d4b804bd254f165fbcb9c8a8fd0f1de1507b Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Sat, 15 Mar 2014 16:12:14 +0100
Subject: [PATCH] improve error handling for failed authentication and not
 enough privileges

---
 .../scm/web/HgBasicAuthenticationFilter.java  | 101 ++++++++++++++++++
 .../sonia/scm/web/HgPermissionFilter.java     |   3 -
 .../java/sonia/scm/web/HgServletModule.java   |   2 +-
 .../src/main/java/sonia/scm/web/HgUtil.java   |  24 +++++
 4 files changed, 126 insertions(+), 4 deletions(-)
 create mode 100644 scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgBasicAuthenticationFilter.java

diff --git a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgBasicAuthenticationFilter.java b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgBasicAuthenticationFilter.java
new file mode 100644
index 0000000000..fb94a50061
--- /dev/null
+++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgBasicAuthenticationFilter.java
@@ -0,0 +1,101 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer. 2. Redistributions in
+ * binary form must reproduce the above copyright notice, this list of
+ * conditions and the following disclaimer in the documentation and/or other
+ * materials provided with the distribution. 3. Neither the name of SCM-Manager;
+ * nor the names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import com.google.common.io.Closeables;
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+
+import sonia.scm.config.ScmConfiguration;
+import sonia.scm.web.filter.AutoLoginModule;
+import sonia.scm.web.filter.BasicAuthenticationFilter;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+@Singleton
+public class HgBasicAuthenticationFilter extends BasicAuthenticationFilter
+{
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param configuration
+   * @param autoLoginModules
+   */
+  @Inject
+  public HgBasicAuthenticationFilter(ScmConfiguration configuration,
+    Set<AutoLoginModule> autoLoginModules)
+  {
+    super(configuration, autoLoginModules);
+  }
+
+  //~--- methods --------------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param request
+   * @param response
+   *
+   * @throws IOException
+   */
+  @Override
+  protected void sendFailedAuthenticationError(HttpServletRequest request,
+    HttpServletResponse response)
+    throws IOException
+  {
+    if (HgUtil.isHgClient(request))
+    {
+      response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+    }
+    else
+    {
+      super.sendFailedAuthenticationError(request, response);
+    }
+  }
+}
diff --git a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgPermissionFilter.java b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgPermissionFilter.java
index 73d20530ea..0a9d3e43b9 100644
--- a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgPermissionFilter.java
+++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgPermissionFilter.java
@@ -57,9 +57,6 @@ public class HgPermissionFilter extends ProviderPermissionFilter
   /**
    * Constructs ...
    *
-   *
-   * @param securityContextProvider
-   *
    * @param configuration
    * @param repositoryProvider
    */
diff --git a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgServletModule.java b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgServletModule.java
index 792bafe80b..5bf080860a 100644
--- a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgServletModule.java
+++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgServletModule.java
@@ -75,7 +75,7 @@ public class HgServletModule extends ServletModule
     serve(MAPPING_HOOK).with(HgHookCallbackServlet.class);
 
     // register hg cgi servlet
-    filter(MAPPING_HG).through(BasicAuthenticationFilter.class);
+    filter(MAPPING_HG).through(HgBasicAuthenticationFilter.class);
     filter(MAPPING_HG).through(HgPermissionFilter.class);
     serve(MAPPING_HG).with(HgCGIServlet.class);
   }
diff --git a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgUtil.java b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgUtil.java
index 0d7150205f..2db7c12d40 100644
--- a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgUtil.java
+++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgUtil.java
@@ -58,6 +58,10 @@ import java.io.File;
 
 import java.nio.charset.Charset;
 
+import java.util.Locale;
+
+import javax.servlet.http.HttpServletRequest;
+
 /**
  *
  * @author Sebastian Sdorra
@@ -68,6 +72,12 @@ public final class HgUtil
   /** Field description */
   public static final String REVISION_TIP = "tip";
 
+  /** Field description */
+  private static final String HEADER_USERAGENT = "User-Agent";
+
+  /** Field description */
+  private static final String USERAGENT_HG = "mercurial/";
+
   /**
    * the logger for HgUtil
    */
@@ -180,4 +190,18 @@ public final class HgUtil
       ? REVISION_TIP
       : revision;
   }
+
+  /**
+   * Returns true if the request comes from a mercurial client.
+   *
+   *
+   * @param request servlet request
+   *
+   * @return true if the client is mercurial
+   */
+  public static boolean isHgClient(HttpServletRequest request)
+  {
+    return Strings.nullToEmpty(request.getHeader(HEADER_USERAGENT)).toLowerCase(
+      Locale.ENGLISH).startsWith(USERAGENT_HG);
+  }
 }