| | |
|---|
| | |
|
|---|
| | | import java.text.MessageFormat;
|
|---|
| | |
|
|---|
| | | import javax.inject.Inject;
|
|---|
| | | import javax.servlet.FilterConfig;
|
|---|
| | | import javax.servlet.http.HttpServletRequest;
|
|---|
| | |
|
|---|
| | | import com.gitblit.Constants.AccessRestrictionType;
|
|---|
| | | import com.gitblit.Constants.AuthorizationControl;
|
|---|
| | | import com.gitblit.GitBlitException;
|
|---|
| | | import com.gitblit.IStoredSettings;
|
|---|
| | | import com.gitblit.Keys;
|
|---|
| | | import com.gitblit.manager.IAuthenticationManager;
|
|---|
| | | import com.gitblit.manager.IRepositoryManager;
|
|---|
| | | import com.gitblit.manager.IRuntimeManager;
|
|---|
| | | import com.gitblit.manager.IFederationManager;
|
|---|
| | | import com.gitblit.models.RepositoryModel;
|
|---|
| | | import com.gitblit.models.UserModel;
|
|---|
| | | import com.gitblit.utils.StringUtils;
|
|---|
| | |
|
|---|
| | | import dagger.ObjectGraph;
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | | * The GitFilter is an AccessRestrictionFilter which ensures that Git client
|
|---|
| | |
|---|
| | | protected static final String[] suffixes = { gitReceivePack, gitUploadPack, "/info/refs", "/HEAD",
|
|---|
| | | "/objects" };
|
|---|
| | |
|
|---|
| | | private final IStoredSettings settings;
|
|---|
| | | private IStoredSettings settings;
|
|---|
| | |
|
|---|
| | | @Inject
|
|---|
| | | public GitFilter(
|
|---|
| | | IRuntimeManager runtimeManager,
|
|---|
| | | IAuthenticationManager authenticationManager,
|
|---|
| | | IRepositoryManager repositoryManager) {
|
|---|
| | | private IFederationManager federationManager;
|
|---|
| | |
|
|---|
| | | super(runtimeManager, authenticationManager, repositoryManager);
|
|---|
| | | this.settings = runtimeManager.getSettings();
|
|---|
| | | @Override
|
|---|
| | | protected void inject(ObjectGraph dagger, FilterConfig filterConfig) {
|
|---|
| | | super.inject(dagger, filterConfig);
|
|---|
| | | this.settings = dagger.get(IStoredSettings.class);
|
|---|
| | | this.federationManager = dagger.get(IFederationManager.class);
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | |
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | return null;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | | * Returns the user making the request, if the user has authenticated.
|
|---|
| | | *
|
|---|
| | | * @param httpRequest
|
|---|
| | | * @return user
|
|---|
| | | */
|
|---|
| | | @Override
|
|---|
| | | protected UserModel getUser(HttpServletRequest httpRequest) {
|
|---|
| | | UserModel user = authenticationManager.authenticate(httpRequest, requiresClientCertificate());
|
|---|
| | | if (user == null) {
|
|---|
| | | user = federationManager.authenticate(httpRequest);
|
|---|
| | | }
|
|---|
| | | return user;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | |
|---|
| | | return false;
|
|---|
| | | }
|
|---|
| | | if (action.equals(gitReceivePack)) {
|
|---|
| | | // Push request
|
|---|
| | | if (user.canPush(repository)) {
|
|---|
| | | return true;
|
|---|
| | | } else {
|
|---|
| | | // user is unauthorized to push to this repository
|
|---|
| | | logger.warn(MessageFormat.format("user {0} is not authorized to push to {1}",
|
|---|
| | | user.username, repository));
|
|---|
| | | return false;
|
|---|
| | | }
|
|---|
| | | // push permissions are enforced in the receive pack
|
|---|
| | | return true;
|
|---|
| | | } else if (action.equals(gitUploadPack)) {
|
|---|
| | | // Clone request
|
|---|
| | | if (user.canClone(repository)) {
|
|---|
