From 2539ceea0d47467d54cedd340afa6ede2909b2bd Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gmail.com>
Date: Wed, 23 Dec 2015 08:43:39 -0500
Subject: [PATCH] Merge pull request #986 from rgroux/jenkins-groovy-all-proto
---
src/main/java/com/gitblit/auth/AuthenticationProvider.java | 167 +++++++++++++++++++++++++++++++++----------------------
1 files changed, 101 insertions(+), 66 deletions(-)
diff --git a/src/main/java/com/gitblit/auth/AuthenticationProvider.java b/src/main/java/com/gitblit/auth/AuthenticationProvider.java
index 6205fd7..0bfe235 100644
--- a/src/main/java/com/gitblit/auth/AuthenticationProvider.java
+++ b/src/main/java/com/gitblit/auth/AuthenticationProvider.java
@@ -15,24 +15,24 @@
*/
package com.gitblit.auth;
-import java.io.ByteArrayOutputStream;
import java.io.File;
-import java.io.IOException;
-import java.io.ObjectOutputStream;
import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
+
+import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.gitblit.Constants.AccountType;
+import com.gitblit.Constants.Role;
+import com.gitblit.Constants.AuthenticationType;
import com.gitblit.IStoredSettings;
import com.gitblit.manager.IRuntimeManager;
import com.gitblit.manager.IUserManager;
import com.gitblit.models.TeamModel;
import com.gitblit.models.UserModel;
import com.gitblit.utils.ArrayUtils;
+import com.gitblit.utils.DeepCopier;
import com.gitblit.utils.StringUtils;
public abstract class AuthenticationProvider {
@@ -76,6 +76,8 @@
return serviceName;
}
+ public abstract AuthenticationType getAuthenticationType();
+
protected void setCookie(UserModel user, char [] password) {
// create a user cookie
if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
@@ -83,69 +85,35 @@
}
}
- /**
- * Utility method to calculate the checksum of an object.
- * @param sourceObject The object from which to establish the checksum.
- * @return The checksum
- * @throws IOException
- * @throws NoSuchAlgorithmException
- */
- private BigInteger checksum(Object sourceObject) throws IOException, NoSuchAlgorithmException {
-
- if (sourceObject == null) {
- return BigInteger.ZERO;
- }
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- ObjectOutputStream oos = new ObjectOutputStream(baos);
- oos.writeObject(sourceObject);
- oos.close();
-
- MessageDigest m = MessageDigest.getInstance("SHA1");
- m.update(baos.toByteArray());
-
- return new BigInteger(1, m.digest());
- }
-
protected void updateUser(UserModel userModel) {
final UserModel userLocalDB = userManager.getUserModel(userModel.getName());
- try {
- // Establish the checksum of the current version of the user
- final BigInteger userCurrentCheck = checksum(userModel);
- // Establish the checksum of the stored version of the user
- final BigInteger userLocalDBcheck = checksum(userLocalDB);
- // Compare the checksums
- if (!userCurrentCheck.equals(userLocalDBcheck))
- {
- // If mismatch, save the new instance.
- userManager.updateUserModel(userModel);
- }
- } catch (NoSuchAlgorithmException | IOException e) {
- // Trace any potential error.
- if (logger.isErrorEnabled()) {
- logger.error(e.getMessage());
- }
+
+ // Establish the checksum of the current version of the user
+ final BigInteger userCurrentCheck = DeepCopier.checksum(userModel);
+
+ // Establish the checksum of the stored version of the user
+ final BigInteger userLocalDBcheck = DeepCopier.checksum(userLocalDB);
+
+ // Compare the checksums
+ if (!userCurrentCheck.equals(userLocalDBcheck)) {
+ // If mismatch, save the new instance.
+ userManager.updateUserModel(userModel);
}
}
protected void updateTeam(TeamModel teamModel) {
final TeamModel teamLocalDB = userManager.getTeamModel(teamModel.name);
- try {
- // Establish the checksum of the current version of the team
- final BigInteger teamCurrentCheck = checksum(teamModel);
- // Establish the checksum of the stored version of the team
- final BigInteger teamLocalDBcheck = checksum(teamLocalDB);
- // Compare the checksums
- if (!teamCurrentCheck.equals(teamLocalDBcheck))
- {
- // If mismatch, save the new instance.
- userManager.updateTeamModel(teamModel);
- }
- } catch (NoSuchAlgorithmException | IOException e) {
- // Trace any potential error.
- if (logger.isErrorEnabled()) {
- logger.error(e.getMessage());
- }
+
+ // Establish the checksum of the current version of the team
+ final BigInteger teamCurrentCheck = DeepCopier.checksum(teamModel);
+
+ // Establish the checksum of the stored version of the team
+ final BigInteger teamLocalDBcheck = DeepCopier.checksum(teamLocalDB);
+
+ // Compare the checksums
+ if (!teamCurrentCheck.equals(teamLocalDBcheck)) {
+ // If mismatch, save the new instance.
+ userManager.updateTeamModel(teamModel);
}
}
@@ -153,14 +121,32 @@
public abstract void stop();
+ /**
+ * Used to handle requests for requests for pages requiring authentication.
+ * This allows authentication to occur based on the contents of the request
+ * itself.
+ *
+ * @param httpRequest
+ * @return
+ */
+ public abstract UserModel authenticate(HttpServletRequest httpRequest);
+
+ /**
+ * Used to authentication user/password credentials, both for login form
+ * and HTTP Basic authentication processing.
+ *
+ * @param username
+ * @param password
+ * @return
+ */
public abstract UserModel authenticate(String username, char[] password);
public abstract AccountType getAccountType();
/**
- * Does the user service support changes to credentials?
+ * Returns true if the users's credentials can be changed.
*
- * @return true or false
+ * @return true if the authentication provider supports credential changes
* @since 1.0.0
*/
public abstract boolean supportsCredentialChanges();
@@ -169,7 +155,7 @@
* Returns true if the user's display name can be changed.
*
* @param user
- * @return true if the user service supports display name changes
+ * @return true if the authentication provider supports display name changes
*/
public abstract boolean supportsDisplayNameChanges();
@@ -177,7 +163,7 @@
* Returns true if the user's email address can be changed.
*
* @param user
- * @return true if the user service supports email address changes
+ * @return true if the authentication provider supports email address changes
*/
public abstract boolean supportsEmailAddressChanges();
@@ -185,9 +171,27 @@
* Returns true if the user's team memberships can be changed.
*
* @param user
- * @return true if the user service supports team membership changes
+ * @return true if the authentication provider supports team membership changes
*/
public abstract boolean supportsTeamMembershipChanges();
+
+ /**
+ * Returns true if the user's role can be changed.
+ *
+ * @param user
+ * @param role
+ * @return true if the user's role can be changed
+ */
+ public abstract boolean supportsRoleChanges(UserModel user, Role role);
+
+ /**
+ * Returns true if the team's role can be changed.
+ *
+ * @param user
+ * @param role
+ * @return true if the team's role can be changed
+ */
+ public abstract boolean supportsRoleChanges(TeamModel team, Role role);
@Override
public String toString() {
@@ -198,6 +202,16 @@
protected UsernamePasswordAuthenticationProvider(String serviceName) {
super(serviceName);
}
+
+ @Override
+ public UserModel authenticate(HttpServletRequest httpRequest) {
+ return null;
+ }
+
+ @Override
+ public AuthenticationType getAuthenticationType() {
+ return AuthenticationType.CREDENTIALS;
+ }
@Override
public void stop() {
@@ -222,6 +236,11 @@
}
@Override
+ public UserModel authenticate(HttpServletRequest httpRequest) {
+ return null;
+ }
+
+ @Override
public UserModel authenticate(String username, char[] password) {
return null;
}
@@ -229,6 +248,11 @@
@Override
public AccountType getAccountType() {
return AccountType.LOCAL;
+ }
+
+ @Override
+ public AuthenticationType getAuthenticationType() {
+ return null;
}
@Override
@@ -250,5 +274,16 @@
public boolean supportsTeamMembershipChanges() {
return true;
}
+
+ @Override
+ public boolean supportsRoleChanges(UserModel user, Role role) {
+ return true;
+ }
+
+ @Override
+ public boolean supportsRoleChanges(TeamModel team, Role role) {
+ return true;
+ }
+
}
}
--
Gitblit v1.9.1