From 2445d4b2b80671bdcefbd4ed81f394a5249ee13d Mon Sep 17 00:00:00 2001
From: mereth <mereth78@gmail.com>
Date: Mon, 18 Aug 2014 19:13:37 -0400
Subject: [PATCH] fix misstyped passwords leaked in log files with redmine auth provider

---
 src/main/java/com/gitblit/auth/RedmineAuthProvider.java |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/gitblit/auth/RedmineAuthProvider.java b/src/main/java/com/gitblit/auth/RedmineAuthProvider.java
index 7e957ec..e505a54 100644
--- a/src/main/java/com/gitblit/auth/RedmineAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/RedmineAuthProvider.java
@@ -153,15 +153,16 @@
         if (!url.endsWith("/")) {
         	url = url.concat("/");
         }
+        String apiUrl = url + "users/current.json";
+        
         HttpURLConnection http;
         if (username == null) {
         	// apikey authentication
         	String apiKey = String.valueOf(password);
-        	String apiUrl = url + "users/current.json?key=" + apiKey;
         	http = (HttpURLConnection) ConnectionUtils.openConnection(apiUrl, null, null);
+            http.addRequestProperty("X-Redmine-API-Key", apiKey);
         } else {
         	// username/password BASIC authentication
-        	String apiUrl = url + "users/current.json";
         	http = (HttpURLConnection) ConnectionUtils.openConnection(apiUrl, username, password);
         }
         http.setRequestMethod("GET");

--
Gitblit v1.9.1