From b69d1b3ed3d8397e64890dd8c63aecf2248a3ea2 Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Fri, 30 Sep 2016 21:07:23 +0200
Subject: [PATCH] send http status code 401 unauthorized on failed git
 authentication, see issue #870

Revert use of GitSmartHttpTools to send unauthoried errors back to the git client, because the password is stored in the git credentials store event if the username or password was invalid. Switch back to default method, which send http status code 401 back to the client. This method does not send the customized client message, but the default one from git is good enough.
---
 .../scm/web/GitBasicAuthenticationFilter.java | 47 +++----------------
 1 file changed, 6 insertions(+), 41 deletions(-)

diff --git a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitBasicAuthenticationFilter.java b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitBasicAuthenticationFilter.java
index b15f75f297..5a0b14bdce 100644
--- a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitBasicAuthenticationFilter.java
+++ b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitBasicAuthenticationFilter.java
@@ -35,26 +35,19 @@ package sonia.scm.web;
 
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
-
-import org.eclipse.jgit.http.server.GitSmartHttpTools;
-
-import sonia.scm.ClientMessages;
 import sonia.scm.config.ScmConfiguration;
-import sonia.scm.repository.GitUtil;
 import sonia.scm.web.filter.AutoLoginModule;
 import sonia.scm.web.filter.BasicAuthenticationFilter;
 
 //~--- JDK imports ------------------------------------------------------------
 
-import java.io.IOException;
 
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 
 /**
- *
+ * Handles git specific basic authentication.
+ * 
  * @author Sebastian Sdorra
  */
 @Singleton
@@ -62,12 +55,12 @@ public class GitBasicAuthenticationFilter extends BasicAuthenticationFilter
 {
 
   /**
-   * Constructs ...
+   * Constructs a new instance.
    *
    *
-   * @param configuration
-   * @param autoLoginModules
-   * @param userAgentParser
+   * @param configuration scm-manager main configuration
+   * @param autoLoginModules auto login modules
+   * @param userAgentParser user agent parser
    */
   @Inject
   public GitBasicAuthenticationFilter(ScmConfiguration configuration,
@@ -75,32 +68,4 @@ public class GitBasicAuthenticationFilter extends BasicAuthenticationFilter
   {
     super(configuration, autoLoginModules, userAgentParser);
   }
-
-  //~--- methods --------------------------------------------------------------
-
-  /**
-   * Method description
-   *
-   *
-   * @param request
-   * @param response
-   *
-   * @throws IOException
-   */
-  @Override
-  protected void sendFailedAuthenticationError(HttpServletRequest request,
-    HttpServletResponse response)
-    throws IOException
-  {
-    if (GitUtil.isGitClient(request))
-    {
-      GitSmartHttpTools.sendError(request, response,
-        HttpServletResponse.SC_FORBIDDEN,
-        ClientMessages.get(request).failedAuthentication());
-    }
-    else
-    {
-      super.sendFailedAuthenticationError(request, response);
-    }
-  }
 }