From ec7ed84b04cd3981ae01b104bd52fc010f31e6a7 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 25 Sep 2014 09:06:39 -0400
Subject: [PATCH] Restrict Gitblit cookie to the context path
---
src/main/java/com/gitblit/utils/ActivityUtils.java | 89 ++++++++++++++------------------------------
1 files changed, 28 insertions(+), 61 deletions(-)
diff --git a/src/main/java/com/gitblit/utils/ActivityUtils.java b/src/main/java/com/gitblit/utils/ActivityUtils.java
index fa74350..ba5599a 100644
--- a/src/main/java/com/gitblit/utils/ActivityUtils.java
+++ b/src/main/java/com/gitblit/utils/ActivityUtils.java
@@ -15,9 +15,6 @@
*/
package com.gitblit.utils;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.lang.reflect.Type;
import java.text.DateFormat;
import java.text.MessageFormat;
import java.text.SimpleDateFormat;
@@ -34,27 +31,30 @@
import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.lib.Repository;
-import com.gitblit.GitBlit;
+import com.gitblit.IStoredSettings;
import com.gitblit.Keys;
+import com.gitblit.manager.IRepositoryManager;
import com.gitblit.models.Activity;
-import com.gitblit.models.GravatarProfile;
import com.gitblit.models.RefModel;
import com.gitblit.models.RepositoryCommit;
import com.gitblit.models.RepositoryModel;
-import com.google.gson.reflect.TypeToken;
/**
* Utility class for building activity information from repositories.
- *
+ *
* @author James Moger
- *
+ *
*/
public class ActivityUtils {
/**
* Gets the recent activity from the repositories for the last daysBack days
* on the specified branch.
- *
+ *
+ * @param settings
+ * the runtime settings
+ * @param repositoryManager
+ * the repository manager
* @param models
* the list of repositories to query
* @param daysBack
@@ -66,8 +66,13 @@
* the timezone for aggregating commits
* @return
*/
- public static List<Activity> getRecentActivity(List<RepositoryModel> models, int daysBack,
- String objectId, TimeZone timezone) {
+ public static List<Activity> getRecentActivity(
+ IStoredSettings settings,
+ IRepositoryManager repositoryManager,
+ List<RepositoryModel> models,
+ int daysBack,
+ String objectId,
+ TimeZone timezone) {
// Activity panel shows last daysBack of activity across all
// repositories.
@@ -79,10 +84,10 @@
df.setTimeZone(timezone);
Calendar cal = Calendar.getInstance();
cal.setTimeZone(timezone);
-
+
// aggregate author exclusions
Set<String> authorExclusions = new TreeSet<String>();
- authorExclusions.addAll(GitBlit.getStrings(Keys.web.metricAuthorExclusions));
+ authorExclusions.addAll(settings.getStrings(Keys.web.metricAuthorExclusions));
for (RepositoryModel model : models) {
if (!ArrayUtils.isEmpty(model.metricAuthorExclusions)) {
authorExclusions.addAll(model.metricAuthorExclusions);
@@ -99,12 +104,15 @@
if (model.isCollectingGarbage) {
continue;
}
- Repository repository = GitBlit.self()
- .getRepository(model.name);
+ Repository repository = repositoryManager.getRepository(model.name);
List<String> branches = new ArrayList<String>();
if (StringUtils.isEmpty(objectId)) {
for (RefModel local : JGitUtils.getLocalBranches(
repository, true, -1)) {
+ if (!local.getDate().after(thresholdDate)) {
+ // branch not recently updated
+ continue;
+ }
branches.add(local.getName());
}
} else {
@@ -121,7 +129,7 @@
// trim commits to maximum count
commits = commits.subList(0, model.maxActivityCommits);
}
- for (RepositoryCommit commit : commits) {
+ for (RepositoryCommit commit : commits) {
Date date = commit.getCommitDate();
String dateStr = df.format(date);
if (!activity.containsKey(dateStr)) {
@@ -138,7 +146,7 @@
activity.get(dateStr).addCommit(commit);
}
}
-
+
// close the repository
repository.close();
}
@@ -149,21 +157,8 @@
}
/**
- * Returns the Gravatar profile, if available, for the specified email
- * address.
- *
- * @param emailaddress
- * @return a Gravatar Profile
- * @throws IOException
- */
- public static GravatarProfile getGravatarProfileFromAddress(String emailaddress)
- throws IOException {
- return getGravatarProfile(StringUtils.getMD5(emailaddress.toLowerCase()));
- }
-
- /**
* Creates a Gravatar thumbnail url from the specified email address.
- *
+ *
* @param email
* address to query Gravatar
* @param width
@@ -179,10 +174,10 @@
"https://www.gravatar.com/avatar/{0}?s={1,number,0}&d=identicon", emailHash, width);
return url;
}
-
+
/**
* Creates a Gravatar thumbnail url from the specified email address.
- *
+ *
* @param email
* address to query Gravatar
* @param width
@@ -197,33 +192,5 @@
String url = MessageFormat.format(
"https://www.gravatar.com/avatar/{0}?s={1,number,0}&d=mm", emailHash, width);
return url;
- }
-
- /**
- * Returns the Gravatar profile, if available, for the specified hashcode.
- * address.
- *
- * @param hash
- * the hash of the email address
- * @return a Gravatar Profile
- * @throws IOException
- */
- public static GravatarProfile getGravatarProfile(String hash) throws IOException {
- String url = MessageFormat.format("https://www.gravatar.com/{0}.json", hash);
- // Gravatar has a complex json structure
- Type profileType = new TypeToken<Map<String, List<GravatarProfile>>>() {
- }.getType();
- Map<String, List<GravatarProfile>> profiles = null;
- try {
- profiles = JsonUtils.retrieveJson(url, profileType);
- } catch (FileNotFoundException e) {
- }
- if (profiles == null || profiles.size() == 0) {
- return null;
- }
- // due to the complex json structure we need to pull out the profile
- // from a list 2 levels deep
- GravatarProfile profile = profiles.values().iterator().next().get(0);
- return profile;
}
}
--
Gitblit v1.9.1