githubFork/gitblit.git - Solinfo Gitblit

			@@ -96,6 +96,10 @@

			private static final String LOCALE = "locale";

			private static final String ACCOUNTTYPE = "accountType";

			private static final String DISABLED = "disabled";

			private final File realmFile;

			private final Logger logger = LoggerFactory.getLogger(ConfigUserService.class);
			@@ -125,67 +129,13 @@
			}

			/**
			* Does the user service support changes to credentials?
			*
			* @return true or false
			* @since 1.0.0
			*/
			@Override
			public boolean supportsCredentialChanges() {
			return true;
			}

			/**
			* Does the user service support changes to user display name?
			*
			* @return true or false
			* @since 1.0.0
			*/
			@Override
			public boolean supportsDisplayNameChanges() {
			return true;
			}

			/**
			* Does the user service support changes to user email address?
			*
			* @return true or false
			* @since 1.0.0
			*/
			@Override
			public boolean supportsEmailAddressChanges() {
			return true;
			}

			/**
			* Does the user service support changes to team memberships?
			*
			* @return true or false
			* @since 1.0.0
			*/
			@Override
			public boolean supportsTeamMembershipChanges() {
			return true;
			}

			/**
			* Does the user service support cookie authentication?
			*
			* @return true or false
			*/
			@Override
			public boolean supportsCookies() {
			return true;
			}

			/**
			* Returns the cookie value for the specified user.
			*
			* @param model
			* @return cookie value
			*/
			@Override
			public String getCookie(UserModel model) {
			public synchronized String getCookie(UserModel model) {
			if (!StringUtils.isEmpty(model.cookie)) {
			return model.cookie;
			}
			@@ -197,13 +147,13 @@
			}

			/**
			* Authenticate a user based on their cookie.
			* Gets the user object for the specified cookie.
			*
			* @param cookie
			* @return a user object or null
			*/
			@Override
			public synchronized UserModel authenticate(char[] cookie) {
			public synchronized UserModel getUserModel(char[] cookie) {
			String hash = new String(cookie);
			if (StringUtils.isEmpty(hash)) {
			return null;
			@@ -220,49 +170,6 @@
			model = DeepCopier.copy(model);
			}
			return model;
			}

			/**
			* Authenticate a user based on a username and password.
			*
			* @param username
			* @param password
			* @return a user object or null
			*/
			@Override
			public UserModel authenticate(String username, char[] password) {
			UserModel returnedUser = null;
			UserModel user = getUserModel(username);
			if (user == null) {
			return null;
			}
			if (user.password.startsWith(StringUtils.MD5_TYPE)) {
			// password digest
			String md5 = StringUtils.MD5_TYPE + StringUtils.getMD5(new String(password));
			if (user.password.equalsIgnoreCase(md5)) {
			returnedUser = user;
			}
			} else if (user.password.startsWith(StringUtils.COMBINED_MD5_TYPE)) {
			// username+password digest
			String md5 = StringUtils.COMBINED_MD5_TYPE
			+ StringUtils.getMD5(username.toLowerCase() + new String(password));
			if (user.password.equalsIgnoreCase(md5)) {
			returnedUser = user;
			}
			} else if (user.password.equals(new String(password))) {
			// plain-text password
			returnedUser = user;
			}
			return returnedUser;
			}

			/**
			* Logout a user.
			*
			* @param user
			*/
			@Override
			public void logout(UserModel user) {
			}

			/**
			@@ -290,7 +197,7 @@
			* @return true if update is successful
			*/
			@Override
			public boolean updateUserModel(UserModel model) {
			public synchronized boolean updateUserModel(UserModel model) {
			return updateUserModel(model.username, model);
			}

			@@ -311,18 +218,22 @@
			// null check on "final" teams because JSON-sourced UserModel
			// can have a null teams object
			if (model.teams != null) {
			Set<TeamModel> userTeams = new HashSet<TeamModel>();
			for (TeamModel team : model.teams) {
			TeamModel t = teams.get(team.name.toLowerCase());
			if (t == null) {
			// new team
			team.addUser(model.username);
			teams.put(team.name.toLowerCase(), team);
			} else {
			// do not clobber existing team definition
			// maybe because this is a federated user
			t.addUser(model.username);
			t = team;
			teams.put(team.name.toLowerCase(), t);
			}
			// do not clobber existing team definition
			// maybe because this is a federated user
			t.addUser(model.username);
			userTeams.add(t);
			}
			// replace Team-Models in users by new ones.
			model.teams.clear();
			model.teams.addAll(userTeams);

			// check for implicit team removal
			if (originalUser != null) {
			@@ -357,8 +268,15 @@
			public synchronized boolean updateUserModel(String username, UserModel model) {
			UserModel originalUser = null;
			try {
			if (!model.isLocalAccount()) {
			// do not persist password
			model.password = Constants.EXTERNAL_ACCOUNT;
			}
			read();
			originalUser = users.remove(username.toLowerCase());
			if (originalUser != null) {
			cookies.remove(originalUser.cookie);
			}
			users.put(model.username.toLowerCase(), model);
			// null check on "final" teams because JSON-sourced UserModel
			// can have a null teams object
			@@ -409,7 +327,7 @@
			* @return true if successful
			*/
			@Override
			public boolean deleteUserModel(UserModel model) {
			public synchronized boolean deleteUserModel(UserModel model) {
			return deleteUser(model.username);
			}

			@@ -456,7 +374,7 @@
			* @since 0.8.0
			*/
			@Override
			public List<String> getAllTeamNames() {
			public synchronized List<String> getAllTeamNames() {
			read();
			List<String> list = new ArrayList<String>(teams.keySet());
			Collections.sort(list);
			@@ -505,45 +423,6 @@
			}

			/**
			* Sets the list of all teams who are allowed to bypass the access
			* restriction placed on the specified repository.
			*
			* @param role
			* the repository name
			* @param teamnames
			* @return true if successful
			*/
			@Override
			public synchronized boolean setTeamnamesForRepositoryRole(String role, List<String> teamnames) {
			try {
			Set<String> specifiedTeams = new HashSet<String>();
			for (String teamname : teamnames) {
			specifiedTeams.add(teamname.toLowerCase());
			}

			read();

			// identify teams which require add or remove role
			for (TeamModel team : teams.values()) {
			// team has role, check against revised team list
			if (specifiedTeams.contains(team.name.toLowerCase())) {
			team.addRepositoryPermission(role);
			} else {
			// remove role from team
			team.removeRepositoryPermission(role);
			}
			}

			// persist changes
			write();
			return true;
			} catch (Throwable t) {
			logger.error(MessageFormat.format("Failed to set teams for role {0}!", role), t);
			}
			return false;
			}

			/**
			* Retrieve the team object for the specified team name.
			*
			* @param teamname
			@@ -570,7 +449,7 @@
			* @since 0.8.0
			*/
			@Override
			public boolean updateTeamModel(TeamModel model) {
			public synchronized boolean updateTeamModel(TeamModel model) {
			return updateTeamModel(model.name, model);
			}

			@@ -582,7 +461,7 @@
			* @since 1.2.0
			*/
			@Override
			public boolean updateTeamModels(Collection<TeamModel> models) {
			public synchronized boolean updateTeamModels(Collection<TeamModel> models) {
			try {
			read();
			for (TeamModel team : models) {
			@@ -608,7 +487,7 @@
			* @since 0.8.0
			*/
			@Override
			public boolean updateTeamModel(String teamname, TeamModel model) {
			public synchronized boolean updateTeamModel(String teamname, TeamModel model) {
			TeamModel original = null;
			try {
			read();
			@@ -637,7 +516,7 @@
			* @since 0.8.0
			*/
			@Override
			public boolean deleteTeamModel(TeamModel model) {
			public synchronized boolean deleteTeamModel(TeamModel model) {
			return deleteTeam(model.name);
			}

			@@ -649,7 +528,7 @@
			* @since 0.8.0
			*/
			@Override
			public boolean deleteTeam(String teamname) {
			public synchronized boolean deleteTeam(String teamname) {
			try {
			// Read realm file
			read();
			@@ -668,7 +547,7 @@
			* @return list of all usernames
			*/
			@Override
			public List<String> getAllUsernames() {
			public synchronized List<String> getAllUsernames() {
			read();
			List<String> list = new ArrayList<String>(users.keySet());
			Collections.sort(list);
			@@ -713,46 +592,6 @@
			}
			Collections.sort(list);
			return list;
			}

			/**
			* Sets the list of all uses who are allowed to bypass the access
			* restriction placed on the specified repository.
			*
			* @param role
			* the repository name
			* @param usernames
			* @return true if successful
			*/
			@Override
			@Deprecated
			public synchronized boolean setUsernamesForRepositoryRole(String role, List<String> usernames) {
			try {
			Set<String> specifiedUsers = new HashSet<String>();
			for (String username : usernames) {
			specifiedUsers.add(username.toLowerCase());
			}

			read();

			// identify users which require add or remove role
			for (UserModel user : users.values()) {
			// user has role, check against revised user list
			if (specifiedUsers.contains(user.username.toLowerCase())) {
			user.addRepositoryPermission(role);
			} else {
			// remove role from user
			user.removeRepositoryPermission(role);
			}
			}

			// persist changes
			write();
			return true;
			} catch (Throwable t) {
			logger.error(MessageFormat.format("Failed to set usernames for role {0}!", role), t);
			}
			return false;
			}

			/**
			@@ -846,6 +685,9 @@
			if (!StringUtils.isEmpty(model.emailAddress)) {
			config.setString(USER, model.username, EMAILADDRESS, model.emailAddress);
			}
			if (model.accountType != null) {
			config.setString(USER, model.username, ACCOUNTTYPE, model.accountType.name());
			}
			if (!StringUtils.isEmpty(model.organizationalUnit)) {
			config.setString(USER, model.username, ORGANIZATIONALUNIT, model.organizationalUnit);
			}
			@@ -860,6 +702,9 @@
			}
			if (!StringUtils.isEmpty(model.countryCode)) {
			config.setString(USER, model.username, COUNTRYCODE, model.countryCode);
			}
			if (model.disabled) {
			config.setBoolean(USER, model.username, DISABLED, true);
			}
			if (model.getPreferences() != null) {
			if (!StringUtils.isEmpty(model.getPreferences().locale)) {
			@@ -928,6 +773,9 @@
			roles.add(Constants.NO_ROLE);
			}
			config.setStringList(TEAM, model.name, ROLE, roles);
			if (model.accountType != null) {
			config.setString(TEAM, model.name, ACCOUNTTYPE, model.accountType.name());
			}

			if (!model.canAdmin) {
			// write team permission for non-admin teams
			@@ -1021,6 +869,11 @@
			user.password = config.getString(USER, username, PASSWORD);
			user.displayName = config.getString(USER, username, DISPLAYNAME);
			user.emailAddress = config.getString(USER, username, EMAILADDRESS);
			user.accountType = AccountType.fromString(config.getString(USER, username, ACCOUNTTYPE));
			if (Constants.EXTERNAL_ACCOUNT.equals(user.password) && user.accountType.isLocal()) {
			user.accountType = AccountType.EXTERNAL;
			}
			user.disabled = config.getBoolean(USER, username, DISABLED, false);
			user.organizationalUnit = config.getString(USER, username, ORGANIZATIONALUNIT);
			user.organization = config.getString(USER, username, ORGANIZATION);
			user.locality = config.getString(USER, username, LOCALITY);
			@@ -1074,6 +927,7 @@
			team.canAdmin = roles.contains(Constants.ADMIN_ROLE);
			team.canFork = roles.contains(Constants.FORK_ROLE);
			team.canCreate = roles.contains(Constants.CREATE_ROLE);
			team.accountType = AccountType.fromString(config.getString(TEAM, teamname, ACCOUNTTYPE));

			if (!team.canAdmin) {
			// non-admin team, read permissions
			@@ -1111,10 +965,5 @@
			@Override
			public String toString() {
			return getClass().getSimpleName() + "(" + realmFile.getAbsolutePath() + ")";
			}

			@Override
			public AccountType getAccountType() {
			return AccountType.LOCAL;
			}
			}