githubFork/gitblit.git - Solinfo Gitblit

			@@ -15,6 +15,7 @@
			*/
			package com.gitblit.wicket.pages;

			import java.text.MessageFormat;
			import java.util.ArrayList;
			import java.util.Calendar;
			import java.util.Collections;
			@@ -28,7 +29,6 @@
			import java.util.TimeZone;
			import java.util.regex.Pattern;

			import javax.servlet.http.Cookie;
			import javax.servlet.http.HttpServletRequest;

			import org.apache.wicket.Application;
			@@ -52,7 +52,9 @@
			import org.slf4j.LoggerFactory;

			import com.gitblit.Constants;
			import com.gitblit.Constants.AccessPermission;
			import com.gitblit.Constants.AccessRestrictionType;
			import com.gitblit.Constants.AuthorizationControl;
			import com.gitblit.Constants.FederationStrategy;
			import com.gitblit.GitBlit;
			import com.gitblit.Keys;
			@@ -76,14 +78,14 @@
			super();
			logger = LoggerFactory.getLogger(getClass());
			customizeHeader();
			loginByCookie();
			login();
			}

			public BasePage(PageParameters params) {
			super(params);
			logger = LoggerFactory.getLogger(getClass());
			customizeHeader();
			loginByCookie();
			login();
			}

			private void customizeHeader() {
			@@ -94,6 +96,10 @@

			protected String getLanguageCode() {
			return GitBlitWebSession.get().getLocale().getLanguage();
			}

			protected String getCountryCode() {
			return GitBlitWebSession.get().getLocale().getCountry().toLowerCase();
			}

			protected TimeUtils getTimeUtils() {
			@@ -127,22 +133,19 @@
			super.onAfterRender();
			}

			private void loginByCookie() {
			if (!GitBlit.getBoolean(Keys.web.allowCookieAuthentication, false)) {
			private void login() {
			GitBlitWebSession session = GitBlitWebSession.get();
			if (session.isLoggedIn() && !session.isSessionInvalidated()) {
			// already have a session
			return;
			}
			UserModel user = null;

			// Grab cookie from Browser Session
			Cookie[] cookies = ((WebRequest) getRequestCycle().getRequest()).getCookies();
			if (cookies != null && cookies.length > 0) {
			user = GitBlit.self().authenticate(cookies);
			}

			// try to authenticate by servlet request
			HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest();
			UserModel user = GitBlit.self().authenticate(httpRequest);

			// Login the user
			if (user != null) {
			// Set the user into the session
			GitBlitWebSession session = GitBlitWebSession.get();
			// issue 62: fix session fixation vulnerability
			session.replaceSession();
			session.setUser(user);
			@@ -205,6 +208,39 @@
			return map;
			}

			protected Map<AccessPermission, String> getAccessPermissions() {
			Map<AccessPermission, String> map = new LinkedHashMap<AccessPermission, String>();
			for (AccessPermission type : AccessPermission.values()) {
			switch (type) {
			case NONE:
			map.put(type, MessageFormat.format(getString("gb.noPermission"), type.code));
			break;
			case EXCLUDE:
			map.put(type, MessageFormat.format(getString("gb.excludePermission"), type.code));
			break;
			case VIEW:
			map.put(type, MessageFormat.format(getString("gb.viewPermission"), type.code));
			break;
			case CLONE:
			map.put(type, MessageFormat.format(getString("gb.clonePermission"), type.code));
			break;
			case PUSH:
			map.put(type, MessageFormat.format(getString("gb.pushPermission"), type.code));
			break;
			case CREATE:
			map.put(type, MessageFormat.format(getString("gb.createPermission"), type.code));
			break;
			case DELETE:
			map.put(type, MessageFormat.format(getString("gb.deletePermission"), type.code));
			break;
			case REWIND:
			map.put(type, MessageFormat.format(getString("gb.rewindPermission"), type.code));
			break;
			}
			}
			return map;
			}

			protected Map<FederationStrategy, String> getFederationTypes() {
			Map<FederationStrategy, String> map = new LinkedHashMap<FederationStrategy, String>();
			for (FederationStrategy type : FederationStrategy.values()) {
			@@ -217,6 +253,21 @@
			break;
			case FEDERATE_ORIGIN:
			map.put(type, getString("gb.federateOrigin"));
			break;
			}
			}
			return map;
			}

			protected Map<AuthorizationControl, String> getAuthorizationControls() {
			Map<AuthorizationControl, String> map = new LinkedHashMap<AuthorizationControl, String>();
			for (AuthorizationControl type : AuthorizationControl.values()) {
			switch (type) {
			case AUTHENTICATED:
			map.put(type, getString("gb.allowAuthenticatedDescription"));
			break;
			case NAMED:
			map.put(type, getString("gb.allowNamedDescription"));
			break;
			}
			}
			@@ -379,14 +430,19 @@
			public UserFragment(String id, String markupId, MarkupContainer markupProvider) {
			super(id, markupId, markupProvider);

			if (GitBlitWebSession.get().isLoggedIn()) {
			GitBlitWebSession session = GitBlitWebSession.get();
			if (session.isLoggedIn()) {
			UserModel user = session.getUser();
			boolean editCredentials = GitBlit.self().supportsCredentialChanges(user);
			boolean standardLogin = session.authenticationType.isStandard();

			// username, logout, and change password
			add(new Label("username", GitBlitWebSession.get().getUser().getDisplayName() + ":"));
			add(new Label("username", user.getDisplayName() + ":"));
			add(new LinkPanel("loginLink", null, markupProvider.getString("gb.logout"),
			LogoutPage.class));
			boolean editCredentials = GitBlit.self().supportsCredentialChanges();
			LogoutPage.class).setVisible(standardLogin));

			// quick and dirty hack for showing a separator
			add(new Label("separator", "\|").setVisible(editCredentials));
			add(new Label("separator", "\|").setVisible(standardLogin && editCredentials));
			add(new BookmarkablePageLink<Void>("changePasswordLink",
			ChangePasswordPage.class).setVisible(editCredentials));
			} else {