From 234572e359588e535c00a85715bec4450b7ff77d Mon Sep 17 00:00:00 2001
From: Steffen Gebert <steffen.gebert@typo3.org>
Date: Tue, 24 Mar 2015 16:21:13 -0400
Subject: [PATCH] Docs: Fix RPC URL
---
src/main/java/com/gitblit/wicket/pages/RootPage.java | 30 ++++++++++++++++++++----------
1 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/src/main/java/com/gitblit/wicket/pages/RootPage.java b/src/main/java/com/gitblit/wicket/pages/RootPage.java
index 6a933b7..37e9870 100644
--- a/src/main/java/com/gitblit/wicket/pages/RootPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/RootPage.java
@@ -31,6 +31,9 @@
import java.util.concurrent.atomic.AtomicInteger;
import java.util.regex.Pattern;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.apache.wicket.MarkupContainer;
import org.apache.wicket.PageParameters;
import org.apache.wicket.behavior.HeaderContributor;
@@ -50,6 +53,7 @@
import org.apache.wicket.protocol.http.WebResponse;
import com.gitblit.Constants;
+import com.gitblit.Constants.AuthenticationType;
import com.gitblit.Keys;
import com.gitblit.extensions.NavLinkExtension;
import com.gitblit.extensions.UserMenuExtension;
@@ -147,6 +151,7 @@
boolean authenticateAdmin = app().settings().getBoolean(Keys.web.authenticateAdminPages, true);
boolean allowAdmin = app().settings().getBoolean(Keys.web.allowAdministration, true);
boolean allowLucene = app().settings().getBoolean(Keys.web.allowLuceneIndexing, true);
+ boolean displayUserPanel = app().settings().getBoolean(Keys.web.displayUserPanel, true);
boolean isLoggedIn = GitBlitWebSession.get().isLoggedIn();
if (authenticateAdmin) {
@@ -164,7 +169,7 @@
}
}
- if (authenticateView || authenticateAdmin) {
+ if (displayUserPanel && (authenticateView || authenticateAdmin)) {
if (isLoggedIn) {
UserMenu userFragment = new UserMenu("userPanel", "userMenuFragment", RootPage.this);
add(userFragment);
@@ -262,30 +267,33 @@
private void loginUser(UserModel user) {
if (user != null) {
+ HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
+ HttpServletResponse response = ((WebResponse) getResponse()).getHttpServletResponse();
+
// Set the user into the session
GitBlitWebSession session = GitBlitWebSession.get();
+
// issue 62: fix session fixation vulnerability
session.replaceSession();
session.setUser(user);
+ request = ((WebRequest) getRequest()).getHttpServletRequest();
+ response = ((WebResponse) getResponse()).getHttpServletResponse();
+ request.getSession().setAttribute(Constants.AUTHENTICATION_TYPE, AuthenticationType.CREDENTIALS);
+
// Set Cookie
- if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, false)) {
- WebRequest request = (WebRequest) getRequestCycle().getRequest();
- WebResponse response = (WebResponse) getRequestCycle().getResponse();
- app().authentication().setCookie(request.getHttpServletRequest(),
- response.getHttpServletResponse(), user);
- }
+ app().authentication().setCookie(request, response, user);
if (!session.continueRequest()) {
PageParameters params = getPageParameters();
if (params == null) {
// redirect to this page
- setResponsePage(getClass());
+ redirectTo(getClass());
} else {
// Strip username and password and redirect to this page
params.remove("username");
params.remove("password");
- setResponsePage(getClass(), params);
+ redirectTo(getClass(), params);
}
}
}
@@ -599,7 +607,9 @@
GitBlitWebSession session = GitBlitWebSession.get();
UserModel user = session.getUser();
boolean editCredentials = app().authentication().supportsCredentialChanges(user);
- boolean standardLogin = session.authenticationType.isStandard();
+ HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
+ AuthenticationType authenticationType = (AuthenticationType) request.getSession().getAttribute(Constants.AUTHENTICATION_TYPE);
+ boolean standardLogin = authenticationType.isStandard();
if (app().settings().getBoolean(Keys.web.allowGravatar, true)) {
add(new GravatarImage("username", user, "navbarGravatar", 20, false));
--
Gitblit v1.9.1