From 62aeb92c04024a90d9ed392bb79de03a246a45d8 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 11 Jul 2012 17:06:38 -0400
Subject: [PATCH] Persist cookies in ConfigUserService.  Update LDAPUserService to generate cookies.

---
 src/com/gitblit/GitBlit.java            |   12 ++++-
 src/com/gitblit/utils/ArrayUtils.java   |    6 ++
 src/com/gitblit/LdapUserService.java    |   19 +++------
 src/com/gitblit/ConfigUserService.java  |   21 ++++++++--
 src/com/gitblit/IUserService.java       |    2 
 src/com/gitblit/GitblitUserService.java |    2 
 src/com/gitblit/FileUserService.java    |    7 ++-
 7 files changed, 44 insertions(+), 25 deletions(-)

diff --git a/src/com/gitblit/ConfigUserService.java b/src/com/gitblit/ConfigUserService.java
index b97154f..66eb176 100644
--- a/src/com/gitblit/ConfigUserService.java
+++ b/src/com/gitblit/ConfigUserService.java
@@ -64,6 +64,8 @@
 	private static final String DISPLAYNAME = "displayName";
 	
 	private static final String EMAILADDRESS = "emailAddress";
+	
+	private static final String COOKIE = "cookie";
 
 	private static final String REPOSITORY = "repository";
 
@@ -163,11 +165,13 @@
 	 * @return cookie value
 	 */
 	@Override
-	public char[] getCookie(UserModel model) {
+	public String getCookie(UserModel model) {
+		if (!StringUtils.isEmpty(model.cookie)) {
+			return model.cookie;
+		}
 		read();
 		UserModel storedModel = users.get(model.username.toLowerCase());
-		String cookie = StringUtils.getSHA1(model.username + storedModel.password);
-		return cookie.toCharArray();
+		return storedModel.cookie;
 	}
 
 	/**
@@ -715,6 +719,9 @@
 			if (!StringUtils.isEmpty(model.password)) {
 				config.setString(USER, model.username, PASSWORD, model.password);
 			}
+			if (!StringUtils.isEmpty(model.cookie)) {
+				config.setString(USER, model.username, COOKIE, model.cookie);
+			}
 			if (!StringUtils.isEmpty(model.displayName)) {
 				config.setString(USER, model.username, DISPLAYNAME, model.displayName);
 			}
@@ -820,6 +827,10 @@
 					user.password = config.getString(USER, username, PASSWORD);					
 					user.displayName = config.getString(USER, username, DISPLAYNAME);
 					user.emailAddress = config.getString(USER, username, EMAILADDRESS);
+					user.cookie = config.getString(USER, username, COOKIE);
+					if (StringUtils.isEmpty(user.cookie) && !StringUtils.isEmpty(user.password)) {
+						user.cookie = StringUtils.getSHA1(user.username + user.password);
+					}
 
 					// user roles
 					Set<String> roles = new HashSet<String>(Arrays.asList(config.getStringList(
@@ -836,7 +847,9 @@
 
 					// update cache
 					users.put(user.username, user);
-					cookies.put(StringUtils.getSHA1(user.username + user.password), user);
+					if (!StringUtils.isEmpty(user.cookie)) {
+						cookies.put(user.cookie, user);
+					}
 				}
 
 				// load the teams
diff --git a/src/com/gitblit/FileUserService.java b/src/com/gitblit/FileUserService.java
index fcb8eae..7705dfd 100644
--- a/src/com/gitblit/FileUserService.java
+++ b/src/com/gitblit/FileUserService.java
@@ -133,13 +133,16 @@
 	 * @return cookie value
 	 */
 	@Override
-	public char[] getCookie(UserModel model) {
+	public String getCookie(UserModel model) {
+		if (!StringUtils.isEmpty(model.cookie)) {
+			return model.cookie;
+		}
 		Properties allUsers = super.read();
 		String value = allUsers.getProperty(model.username);
 		String[] roles = value.split(",");
 		String password = roles[0];
 		String cookie = StringUtils.getSHA1(model.username + password);
-		return cookie.toCharArray();
+		return cookie;
 	}
 
 	/**
diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index eab265a..27d43c8 100644
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -512,9 +512,15 @@
 				userCookie = new Cookie(Constants.NAME, "");
 			} else {
 				// set cookie for login
-				char[] cookie = userService.getCookie(user);
-				userCookie = new Cookie(Constants.NAME, new String(cookie));
-				userCookie.setMaxAge(Integer.MAX_VALUE);
+				String cookie = userService.getCookie(user);
+				if (StringUtils.isEmpty(cookie)) {
+					// create empty cookie
+					userCookie = new Cookie(Constants.NAME, "");
+				} else {
+					// create real cookie
+					userCookie = new Cookie(Constants.NAME, cookie);
+					userCookie.setMaxAge(Integer.MAX_VALUE);
+				}
 			}
 			userCookie.setPath("/");
 			response.addCookie(userCookie);
diff --git a/src/com/gitblit/GitblitUserService.java b/src/com/gitblit/GitblitUserService.java
index bb52bef..b4640b5 100644
--- a/src/com/gitblit/GitblitUserService.java
+++ b/src/com/gitblit/GitblitUserService.java
@@ -138,7 +138,7 @@
 	}
 
 	@Override
-	public char[] getCookie(UserModel model) {
+	public String getCookie(UserModel model) {
 		return serviceImpl.getCookie(model);
 	}
 
diff --git a/src/com/gitblit/IUserService.java b/src/com/gitblit/IUserService.java
index 78b6e2f..8822d02 100644
--- a/src/com/gitblit/IUserService.java
+++ b/src/com/gitblit/IUserService.java
@@ -84,7 +84,7 @@
 	 * @param model
 	 * @return cookie value
 	 */
-	char[] getCookie(UserModel model);
+	String getCookie(UserModel model);
 
 	/**
 	 * Authenticate a user based on their cookie.
diff --git a/src/com/gitblit/LdapUserService.java b/src/com/gitblit/LdapUserService.java
index 78b5f99..bba943d 100644
--- a/src/com/gitblit/LdapUserService.java
+++ b/src/com/gitblit/LdapUserService.java
@@ -27,6 +27,7 @@
 
 import com.gitblit.models.TeamModel;
 import com.gitblit.models.UserModel;
+import com.gitblit.utils.ArrayUtils;
 import com.gitblit.utils.StringUtils;
 import com.unboundid.ldap.sdk.Attribute;
 import com.unboundid.ldap.sdk.LDAPConnection;
@@ -140,17 +141,6 @@
 		return !settings.getBoolean(Keys.realm.ldap.maintainTeams, false);
 	}
 
-	/**
-	 * Does the user service support cookie authentication?
-	 * 
-	 * @return true or false
-	 */
-	@Override
-	public boolean supportsCookies() {
-		// TODO cookies need to be reviewed
-		return false;
-	}
-
 	@Override
 	public UserModel authenticate(String username, char[] password) {
 		String simpleUsername = getSimpleUsername(username);
@@ -173,8 +163,11 @@
 					UserModel user = getUserModel(simpleUsername);
 					if (user == null)	// create user object for new authenticated user
 						user = new UserModel(simpleUsername);
-					
-					
+
+					// create a user cookie
+					if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
+						user.cookie = StringUtils.getSHA1(user.username + new String(password));
+					}
 					
 					if (!supportsTeamMembershipChanges())
 						getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);
diff --git a/src/com/gitblit/utils/ArrayUtils.java b/src/com/gitblit/utils/ArrayUtils.java
index d0322b6..41d110a 100644
--- a/src/com/gitblit/utils/ArrayUtils.java
+++ b/src/com/gitblit/utils/ArrayUtils.java
@@ -29,7 +29,11 @@
 	public static boolean isEmpty(byte [] array) {
 		return array == null || array.length == 0;
 	}
-	
+
+	public static boolean isEmpty(char [] array) {
+		return array == null || array.length == 0;
+	}
+
 	public static boolean isEmpty(Object [] array) {
 		return array == null || array.length == 0;
 	}

--
Gitblit v1.9.1