From 86a9855288ef73380a5de613a45052bb7cda7a0a Mon Sep 17 00:00:00 2001 From: James Moger Date: Thu, 29 Nov 2012 17:24:37 -0500 Subject: [PATCH] Moved cookie and certificate authentication to http request authentication method --- src/com/gitblit/GitBlit.java | 21 ++++++++++++++++----- src/com/gitblit/wicket/pages/BasePage.java | 13 ++----------- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java index c05a9248..c8deee12 100644 --- a/src/com/gitblit/GitBlit.java +++ b/src/com/gitblit/GitBlit.java @@ -537,7 +537,7 @@ public class GitBlit implements ServletContextListener { * @param cookies * @return a user object or null */ - public UserModel authenticate(Cookie[] cookies) { + protected UserModel authenticate(Cookie[] cookies) { if (userService == null) { return null; } @@ -555,22 +555,33 @@ public class GitBlit implements ServletContextListener { } /** - * Authenticate a user based on HTTP request paramters. - * This method is inteded to be used as fallback when other - * means of authentication are failing (username / password or cookies). + * Authenticate a user based on HTTP request parameters. + * + * Authentication by X509Certificate is tried first and then by cookie. + * * @param httpRequest * @return a user object or null */ public UserModel authenticate(HttpServletRequest httpRequest) { + // try to authenticate by certificate boolean checkValidity = settings.getBoolean(Keys.git.enforceCertificateValidity, true); String [] oids = getStrings(Keys.git.certificateUsernameOIDs).toArray(new String[0]); UserModel model = HttpUtils.getUserModelFromCertificate(httpRequest, checkValidity, oids); if (model != null) { - UserModel user = GitBlit.self().getUserModel(model.username); + // grab real user model and preserve certificate serial number + UserModel user = getUserModel(model.username); logger.info(MessageFormat.format("{0} authenticated by client certificate from {1}", user.username, httpRequest.getRemoteAddr())); return user; } + + // try to authenticate by cookie + Cookie[] cookies = httpRequest.getCookies(); + if (allowCookieAuthentication() && cookies != null && cookies.length > 0) { + // Grab cookie from Browser Session + UserModel user = authenticate(cookies); + return user; + } return null; } diff --git a/src/com/gitblit/wicket/pages/BasePage.java b/src/com/gitblit/wicket/pages/BasePage.java index 05640ad0..d04271db 100644 --- a/src/com/gitblit/wicket/pages/BasePage.java +++ b/src/com/gitblit/wicket/pages/BasePage.java @@ -29,7 +29,6 @@ import java.util.Set; import java.util.TimeZone; import java.util.regex.Pattern; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import org.apache.wicket.Application; @@ -132,16 +131,8 @@ public abstract class BasePage extends WebPage { private void login() { // try to authenticate by servlet request - UserModel user = GitBlit.self().authenticate(((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest()); - - if (user == null) { - // try to authenticate by cookie - Cookie[] cookies = ((WebRequest) getRequestCycle().getRequest()).getCookies(); - if (GitBlit.self().allowCookieAuthentication() && cookies != null && cookies.length > 0) { - // Grab cookie from Browser Session - user = GitBlit.self().authenticate(cookies); - } - } + HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest(); + UserModel user = GitBlit.self().authenticate(httpRequest); // Login the user if (user != null) { -- 2.39.5