From 59b5fa4e22a473e6814e1dd0af273883ccafe4f2 Mon Sep 17 00:00:00 2001
From: Stardrad Yin <yin8086@gmail.com>
Date: Sat, 08 Mar 2014 01:46:57 -0500
Subject: [PATCH] add Chinese strings

---
 src/main/java/com/gitblit/manager/AuthenticationManager.java |   44 ++++++++++++++++++++++++++++++++++++--------
 1 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/src/main/java/com/gitblit/manager/AuthenticationManager.java b/src/main/java/com/gitblit/manager/AuthenticationManager.java
index cd4a258..ad4a985 100644
--- a/src/main/java/com/gitblit/manager/AuthenticationManager.java
+++ b/src/main/java/com/gitblit/manager/AuthenticationManager.java
@@ -150,6 +150,13 @@
 
 	@Override
 	public AuthenticationManager stop() {
+		for (AuthenticationProvider provider : authenticationProviders) {
+			try {
+				provider.stop();
+			} catch (Exception e) {
+				logger.error("Failed to stop " + provider.getClass().getSimpleName(), e);
+			}
+		}
 		return this;
 	}
 
@@ -191,7 +198,7 @@
 						flagWicketSession(AuthenticationType.CONTAINER);
 						logger.debug(MessageFormat.format("{0} authenticated by servlet container principal from {1}",
 								user.username, httpRequest.getRemoteAddr()));
-						return user;
+						return validateAuthentication(user, AuthenticationType.CONTAINER);
 					} else if (settings.getBoolean(Keys.realm.container.autoCreateAccounts, false)
 							&& !internalAccount) {
 						// auto-create user from an authenticated container principal
@@ -203,7 +210,7 @@
 						flagWicketSession(AuthenticationType.CONTAINER);
 						logger.debug(MessageFormat.format("{0} authenticated and created by servlet container principal from {1}",
 								user.username, httpRequest.getRemoteAddr()));
-						return user;
+						return validateAuthentication(user, AuthenticationType.CONTAINER);
 					} else if (!internalAccount) {
 						logger.warn(MessageFormat.format("Failed to find UserModel for {0}, attempted servlet container authentication from {1}",
 								principal.getName(), httpRequest.getRemoteAddr()));
@@ -224,7 +231,7 @@
 				flagWicketSession(AuthenticationType.CERTIFICATE);
 				logger.debug(MessageFormat.format("{0} authenticated by client certificate {1} from {2}",
 						user.username, metadata.serialNumber, httpRequest.getRemoteAddr()));
-				return user;
+				return validateAuthentication(user, AuthenticationType.CERTIFICATE);
 			} else {
 				logger.warn(MessageFormat.format("Failed to find UserModel for {0}, attempted client certificate ({1}) authentication from {2}",
 						model.username, metadata.serialNumber, httpRequest.getRemoteAddr()));
@@ -246,7 +253,7 @@
 				flagWicketSession(AuthenticationType.COOKIE);
 				logger.debug(MessageFormat.format("{0} authenticated by cookie from {1}",
 					user.username, httpRequest.getRemoteAddr()));
-				return user;
+				return validateAuthentication(user, AuthenticationType.COOKIE);
 			}
 		}
 
@@ -268,7 +275,7 @@
 					flagWicketSession(AuthenticationType.CREDENTIALS);
 					logger.debug(MessageFormat.format("{0} authenticated by BASIC request header from {1}",
 							user.username, httpRequest.getRemoteAddr()));
-					return user;
+					return validateAuthentication(user, AuthenticationType.CREDENTIALS);
 				} else {
 					logger.warn(MessageFormat.format("Failed login attempt for {0}, invalid credentials from {1}",
 							username, httpRequest.getRemoteAddr()));
@@ -276,6 +283,27 @@
 			}
 		}
 		return null;
+	}
+
+	/**
+	 * This method allows the authentication manager to reject authentication
+	 * attempts.  It is called after the username/secret have been verified to
+	 * ensure that the authentication technique has been logged.
+	 *
+	 * @param user
+	 * @return
+	 */
+	protected UserModel validateAuthentication(UserModel user, AuthenticationType type) {
+		if (user == null) {
+			return null;
+		}
+		if (user.disabled) {
+			// user has been disabled
+			logger.warn("Rejected {} authentication attempt by disabled account \"{}\"",
+					type, user.username);
+			return null;
+		}
+		return user;
 	}
 
 	protected void flagWicketSession(AuthenticationType authenticationType) {
@@ -331,7 +359,7 @@
 				// plain-text password
 				returnedUser = user;
 			}
-			return returnedUser;
+			return validateAuthentication(returnedUser, AuthenticationType.CREDENTIALS);
 		}
 
 		// try registered external authentication providers
@@ -342,12 +370,12 @@
 					if (user != null) {
 						// user authenticated
 						user.accountType = provider.getAccountType();
-						return user;
+						return validateAuthentication(user, AuthenticationType.CREDENTIALS);
 					}
 				}
 			}
 		}
-		return user;
+		return validateAuthentication(user, AuthenticationType.CREDENTIALS);
 	}
 
 	/**

--
Gitblit v1.9.1