From c2188a840bc4153ae92112b04b2e06a90d3944aa Mon Sep 17 00:00:00 2001
From: Paul Martin <paul@paulsputer.com>
Date: Wed, 27 Apr 2016 18:58:06 -0400
Subject: [PATCH] Ticket Reference handling #1048

---
 src/main/java/com/gitblit/git/GitblitReceivePackFactory.java |   70 +++++++++++++++++++++++++++++------
 1 files changed, 58 insertions(+), 12 deletions(-)

diff --git a/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java b/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java
index 9911258..afda23b 100644
--- a/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java
+++ b/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java
@@ -15,6 +15,9 @@
  */
 package com.gitblit.git;
 
+import java.util.HashSet;
+import java.util.Set;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.eclipse.jgit.lib.PersonIdent;
@@ -26,12 +29,14 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.gitblit.Constants.Transport;
 import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
 import com.gitblit.manager.IGitblit;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.UserModel;
-import com.gitblit.transport.ssh.SshSession;
+import com.gitblit.transport.git.GitDaemonClient;
+import com.gitblit.transport.ssh.SshDaemonClient;
 import com.gitblit.utils.HttpUtils;
 import com.gitblit.utils.StringUtils;
 
@@ -65,21 +70,29 @@
 		String origin = "";
 		String gitblitUrl = "";
 		int timeout = 0;
+		Transport transport = null;
 
 		if (req instanceof HttpServletRequest) {
 			// http/https request may or may not be authenticated
-			HttpServletRequest request = (HttpServletRequest) req;
-			repositoryName = request.getAttribute("gitblitRepositoryName").toString();
-			origin = request.getRemoteHost();
-			gitblitUrl = HttpUtils.getGitblitURL(request);
+			HttpServletRequest client = (HttpServletRequest) req;
+			repositoryName = client.getAttribute("gitblitRepositoryName").toString();
+			origin = client.getRemoteHost();
+			gitblitUrl = HttpUtils.getGitblitURL(client);
 
 			// determine pushing user
-			String username = request.getRemoteUser();
+			String username = client.getRemoteUser();
 			if (!StringUtils.isEmpty(username)) {
 				UserModel u = gitblit.getUserModel(username);
 				if (u != null) {
 					user = u;
 				}
+			}
+
+			// determine the transport
+			if ("http".equals(client.getScheme())) {
+				transport = Transport.HTTP;
+			} else if ("https".equals(client.getScheme())) {
+				transport = Transport.HTTPS;
 			}
 		} else if (req instanceof GitDaemonClient) {
 			// git daemon request is always anonymous
@@ -89,13 +102,20 @@
 
 			// set timeout from Git daemon
 			timeout = client.getDaemon().getTimeout();
-		} else if (req instanceof SshSession) {
+
+			transport = Transport.GIT;
+		} else if (req instanceof SshDaemonClient) {
 			// SSH request is always authenticated
-			SshSession s = (SshSession) req;
-			repositoryName = s.getRepositoryName();
-			origin = s.getRemoteAddress().toString();
-			String username = s.getRemoteUser();
-			user = gitblit.getUserModel(username);
+			SshDaemonClient client = (SshDaemonClient) req;
+			repositoryName = client.getRepositoryName();
+			origin = client.getRemoteAddress().toString();
+			user = client.getUser();
+
+			transport = Transport.SSH;
+		}
+
+		if (!acceptPush(transport)) {
+			throw new ServiceNotAuthorizedException();
 		}
 
 		boolean allowAnonymousPushes = settings.getBoolean(Keys.git.allowAnonymousPushes, false);
@@ -125,4 +145,30 @@
 
 		return rp;
 	}
+
+	protected boolean acceptPush(Transport byTransport) {
+		if (byTransport == null) {
+			logger.info("Unknown transport, push rejected!");
+			return false;
+		}
+
+		Set<Transport> transports = new HashSet<Transport>();
+		for (String value : gitblit.getSettings().getStrings(Keys.git.acceptedPushTransports)) {
+			Transport transport = Transport.fromString(value);
+			if (transport == null) {
+				logger.info(String.format("Ignoring unknown registered transport %s", value));
+				continue;
+			}
+
+			transports.add(transport);
+		}
+
+		if (transports.isEmpty()) {
+			// no transports are explicitly specified, all are acceptable
+			return true;
+		}
+
+		// verify that the transport is permitted
+		return transports.contains(byTransport);
+	}
 }
\ No newline at end of file

--
Gitblit v1.9.1