Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2026-01-30 19:29:11 +01:00
Code Issues Packages Projects Releases Activity

Merge pull request #1081 from scm-manager/bugfix/authentication_with_anonymous_access

Browse Source 
Fix authentication for repositories with anonymous read access
This commit is contained in:
eheimbuch
2020-03-30 14:32:39 +02:00
committed by GitHub
parent 0c7aebb1ef 0ee2aaaa45
commit c11d766a99
4 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## Unreleased
### Fixed
- Authentication for write requests for repositories with anonymous read access ([#108](https://github.com/scm-manager/scm-manager/pull/1081))
## 2.0.0-rc6 - 2020-03-26
### Added
- Extension point to add links to the repository cards from plug ins ([#1041](https://github.com/scm-manager/scm-manager/pull/1041))

6
scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
View File

@@ -21,7 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.web.filter;
import org.apache.shiro.SecurityUtils;
@@ -35,7 +35,7 @@ import sonia.scm.repository.Repository;
import sonia.scm.repository.RepositoryPermissions;
import sonia.scm.repository.spi.ScmProviderHttpServlet;
import sonia.scm.repository.spi.ScmProviderHttpServletDecorator;
import sonia.scm.security.Role;
import sonia.scm.security.Authentications;
import sonia.scm.security.ScmSecurityException;
import sonia.scm.util.HttpUtil;
@@ -177,7 +177,7 @@ public abstract class PermissionFilter extends ScmProviderHttpServletDecorator
HttpServletResponse response, Subject subject)
throws IOException
{
if (subject.hasRole(Role.USER))
if (!Authentications.isAuthenticatedSubjectAnonymous())
{
sendNotEnoughPrivilegesError(request, response);
}

13
scm-core/src/test/java/sonia/scm/web/filter/PermissionFilterTest.java
View File

@@ -21,7 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.web.filter;
import com.github.sdorra.shiro.ShiroRule;
@@ -82,6 +82,17 @@ public class PermissionFilterTest {
permissionFilter.service(request, response, REPOSITORY);
verify(response).sendError(eq(403));
verify(delegateServlet, never()).service(request, response, REPOSITORY);
}
@Test
@SubjectAware(username = "_anonymous", password = "secret")
public void shouldBlockForAnonymousOnWriteRequestWithAuthenticationRequest() throws IOException, ServletException {
writeRequest = true;
permissionFilter.service(request, response, REPOSITORY);
verify(response).sendError(eq(401), anyString());
verify(delegateServlet, never()).service(request, response, REPOSITORY);
}

1
scm-core/src/test/resources/sonia/scm/shiro.ini
View File

@@ -4,6 +4,7 @@ admin = secret, admin
writer = secret, repo_write
reader = secret, repo_read
unpriv = secret
_anonymous = secret
[roles]
admin = *