From 86a9855288ef73380a5de613a45052bb7cda7a0a Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 29 Nov 2012 17:24:37 -0500
Subject: [PATCH] Moved  cookie and certificate authentication to http request authentication method

---
 src/com/gitblit/GitBlit.java               |   21 ++++++++++++++++-----
 src/com/gitblit/wicket/pages/BasePage.java |   13 ++-----------
 2 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index c05a924..c8deee1 100644
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -537,7 +537,7 @@
 	 * @param cookies
 	 * @return a user object or null
 	 */
-	public UserModel authenticate(Cookie[] cookies) {
+	protected UserModel authenticate(Cookie[] cookies) {
 		if (userService == null) {
 			return null;
 		}
@@ -555,22 +555,33 @@
 	}
 
 	/**
-	 * Authenticate a user based on HTTP request paramters.
-	 * This method is inteded to be used as fallback when other
-	 * means of authentication are failing (username / password or cookies).
+	 * Authenticate a user based on HTTP request parameters.
+	 * 
+	 * Authentication by X509Certificate is tried first and then by cookie.
+	 * 
 	 * @param httpRequest
 	 * @return a user object or null
 	 */
 	public UserModel authenticate(HttpServletRequest httpRequest) {
+		// try to authenticate by certificate
 		boolean checkValidity = settings.getBoolean(Keys.git.enforceCertificateValidity, true);
 		String [] oids = getStrings(Keys.git.certificateUsernameOIDs).toArray(new String[0]);
 		UserModel model = HttpUtils.getUserModelFromCertificate(httpRequest, checkValidity, oids);
 		if (model != null) {
-			UserModel user = GitBlit.self().getUserModel(model.username);
+			// grab real user model and preserve certificate serial number
+			UserModel user = getUserModel(model.username);
 			logger.info(MessageFormat.format("{0} authenticated by client certificate from {1}",
 					user.username, httpRequest.getRemoteAddr()));
 			return user;
 		}
+		
+		// try to authenticate by cookie
+		Cookie[] cookies = httpRequest.getCookies();
+		if (allowCookieAuthentication() && cookies != null && cookies.length > 0) {
+			// Grab cookie from Browser Session
+			UserModel user = authenticate(cookies);
+			return user;
+		}
 		return null;
 	}
 
diff --git a/src/com/gitblit/wicket/pages/BasePage.java b/src/com/gitblit/wicket/pages/BasePage.java
index 05640ad..d04271d 100644
--- a/src/com/gitblit/wicket/pages/BasePage.java
+++ b/src/com/gitblit/wicket/pages/BasePage.java
@@ -29,7 +29,6 @@
 import java.util.TimeZone;
 import java.util.regex.Pattern;
 
-import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.wicket.Application;
@@ -132,16 +131,8 @@
 
 	private void login() {
 		// try to authenticate by servlet request
-		UserModel user = GitBlit.self().authenticate(((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest());
-
-		if (user == null) {
-			// try to authenticate by cookie
-			Cookie[] cookies = ((WebRequest) getRequestCycle().getRequest()).getCookies();
-			if (GitBlit.self().allowCookieAuthentication() && cookies != null && cookies.length > 0) {
-				// Grab cookie from Browser Session
-				user = GitBlit.self().authenticate(cookies);
-			}
-		}
+		HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest();
+		UserModel user = GitBlit.self().authenticate(httpRequest);
 
 		// Login the user
 		if (user != null) {

--
Gitblit v1.9.1