From c1b0e4a5a3acc31bd469cf498d1ba7d390c379b2 Mon Sep 17 00:00:00 2001 From: James Moger Date: Wed, 11 Dec 2013 09:08:26 -0500 Subject: [PATCH] Centralize cookie creation Change-Id: I1a17416121764f33a8d05a88c80cece0c03ac41d --- .../java/com/gitblit/auth/AuthenticationProvider.java | 9 +++++++++ .../java/com/gitblit/auth/HtpasswdAuthProvider.java | 6 +----- src/main/java/com/gitblit/auth/LdapAuthProvider.java | 4 +--- src/main/java/com/gitblit/auth/PAMAuthProvider.java | 10 ++++------ .../java/com/gitblit/auth/RedmineAuthProvider.java | 9 ++++----- .../java/com/gitblit/auth/SalesforceAuthProvider.java | 10 ++-------- .../java/com/gitblit/auth/WindowsAuthProvider.java | 9 ++++----- 7 files changed, 25 insertions(+), 32 deletions(-) diff --git a/src/main/java/com/gitblit/auth/AuthenticationProvider.java b/src/main/java/com/gitblit/auth/AuthenticationProvider.java index cb970cc6..f7b75fa3 100644 --- a/src/main/java/com/gitblit/auth/AuthenticationProvider.java +++ b/src/main/java/com/gitblit/auth/AuthenticationProvider.java @@ -26,6 +26,8 @@ import com.gitblit.manager.IRuntimeManager; import com.gitblit.manager.IUserManager; import com.gitblit.models.TeamModel; import com.gitblit.models.UserModel; +import com.gitblit.utils.ArrayUtils; +import com.gitblit.utils.StringUtils; public abstract class AuthenticationProvider { @@ -68,6 +70,13 @@ public abstract class AuthenticationProvider { return serviceName; } + protected void setCookie(UserModel user, char [] password) { + // create a user cookie + if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) { + user.cookie = StringUtils.getSHA1(user.username + new String(password)); + } + } + protected void updateUser(UserModel userModel) { // TODO implement user model change detection // account for new user and revised user diff --git a/src/main/java/com/gitblit/auth/HtpasswdAuthProvider.java b/src/main/java/com/gitblit/auth/HtpasswdAuthProvider.java index 559a0fa0..5ffb6930 100644 --- a/src/main/java/com/gitblit/auth/HtpasswdAuthProvider.java +++ b/src/main/java/com/gitblit/auth/HtpasswdAuthProvider.java @@ -35,8 +35,6 @@ import com.gitblit.Constants.AccountType; import com.gitblit.Keys; import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider; import com.gitblit.models.UserModel; -import com.gitblit.utils.ArrayUtils; -import com.gitblit.utils.StringUtils; /** @@ -186,9 +184,7 @@ public class HtpasswdAuthProvider extends UsernamePasswordAuthenticationProvider } // create a user cookie - if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) { - user.cookie = StringUtils.getSHA1(user.username + passwd); - } + setCookie(user, password); // Set user attributes, hide password from backing user service. user.password = Constants.EXTERNAL_ACCOUNT; diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java index 6a2dd437..8fef620d 100644 --- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java +++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java @@ -295,9 +295,7 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider { } // create a user cookie - if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) { - user.cookie = StringUtils.getSHA1(user.username + new String(password)); - } + setCookie(user, password); if (!supportsTeamMembershipChanges()) { getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user); diff --git a/src/main/java/com/gitblit/auth/PAMAuthProvider.java b/src/main/java/com/gitblit/auth/PAMAuthProvider.java index bbc82d84..7e82bc63 100644 --- a/src/main/java/com/gitblit/auth/PAMAuthProvider.java +++ b/src/main/java/com/gitblit/auth/PAMAuthProvider.java @@ -26,8 +26,6 @@ import com.gitblit.Constants.AccountType; import com.gitblit.Keys; import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider; import com.gitblit.models.UserModel; -import com.gitblit.utils.ArrayUtils; -import com.gitblit.utils.StringUtils; /** * Implementation of PAM authentication for Linux/Unix/MacOSX. @@ -104,13 +102,13 @@ public class PAMAuthProvider extends UsernamePasswordAuthenticationProvider { } UserModel user = userManager.getUserModel(username); - if (user == null) // create user object for new authenticated user + if (user == null) { + // create user object for new authenticated user user = new UserModel(username.toLowerCase()); + } // create a user cookie - if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) { - user.cookie = StringUtils.getSHA1(user.username + new String(password)); - } + setCookie(user, password); // update user attributes from UnixUser user.accountType = getAccountType(); diff --git a/src/main/java/com/gitblit/auth/RedmineAuthProvider.java b/src/main/java/com/gitblit/auth/RedmineAuthProvider.java index 176c576b..04adc459 100644 --- a/src/main/java/com/gitblit/auth/RedmineAuthProvider.java +++ b/src/main/java/com/gitblit/auth/RedmineAuthProvider.java @@ -26,7 +26,6 @@ import com.gitblit.Constants.AccountType; import com.gitblit.Keys; import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider; import com.gitblit.models.UserModel; -import com.gitblit.utils.ArrayUtils; import com.gitblit.utils.ConnectionUtils; import com.gitblit.utils.StringUtils; import com.google.gson.Gson; @@ -122,13 +121,13 @@ public class RedmineAuthProvider extends UsernamePasswordAuthenticationProvider } UserModel user = userManager.getUserModel(username); - if (user == null) // create user object for new authenticated user + if (user == null) { + // create user object for new authenticated user user = new UserModel(username.toLowerCase()); + } // create a user cookie - if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) { - user.cookie = StringUtils.getSHA1(user.username + new String(password)); - } + setCookie(user, password); // update user attributes from Redmine user.accountType = getAccountType(); diff --git a/src/main/java/com/gitblit/auth/SalesforceAuthProvider.java b/src/main/java/com/gitblit/auth/SalesforceAuthProvider.java index fdda32af..e4273ff6 100644 --- a/src/main/java/com/gitblit/auth/SalesforceAuthProvider.java +++ b/src/main/java/com/gitblit/auth/SalesforceAuthProvider.java @@ -5,8 +5,6 @@ import com.gitblit.Constants.AccountType; import com.gitblit.Keys; import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider; import com.gitblit.models.UserModel; -import com.gitblit.utils.ArrayUtils; -import com.gitblit.utils.StringUtils; import com.sforce.soap.partner.Connector; import com.sforce.soap.partner.GetUserInfoResult; import com.sforce.soap.partner.PartnerConnection; @@ -62,15 +60,11 @@ public class SalesforceAuthProvider extends UsernamePasswordAuthenticationProvid UserModel user = null; synchronized (this) { user = userManager.getUserModel(simpleUsername); - if (user == null) + if (user == null) { user = new UserModel(simpleUsername); - - if (StringUtils.isEmpty(user.cookie) - && !ArrayUtils.isEmpty(password)) { - user.cookie = StringUtils.getSHA1(user.username - + new String(password)); } + setCookie(user, password); setUserAttributes(user, info); updateUser(user); diff --git a/src/main/java/com/gitblit/auth/WindowsAuthProvider.java b/src/main/java/com/gitblit/auth/WindowsAuthProvider.java index d455d58f..93cae046 100644 --- a/src/main/java/com/gitblit/auth/WindowsAuthProvider.java +++ b/src/main/java/com/gitblit/auth/WindowsAuthProvider.java @@ -29,7 +29,6 @@ import com.gitblit.Constants.AccountType; import com.gitblit.Keys; import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider; import com.gitblit.models.UserModel; -import com.gitblit.utils.ArrayUtils; import com.gitblit.utils.StringUtils; import com.sun.jna.platform.win32.Win32Exception; @@ -136,13 +135,13 @@ public class WindowsAuthProvider extends UsernamePasswordAuthenticationProvider } UserModel user = userManager.getUserModel(username); - if (user == null) // create user object for new authenticated user + if (user == null) { + // create user object for new authenticated user user = new UserModel(username.toLowerCase()); + } // create a user cookie - if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) { - user.cookie = StringUtils.getSHA1(user.username + new String(password)); - } + setCookie(user, password); // update user attributes from Windows identity user.accountType = getAccountType(); -- 2.39.5