summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormereth <mereth78@gmail.com>2014-08-19 01:13:37 +0200
committermereth <mereth78@gmail.com>2014-08-19 01:13:37 +0200
commit2445d4b2b80671bdcefbd4ed81f394a5249ee13d (patch)
treebb7c428ba09ba8cbc3a491b22dc4bee002633e3b
parent3e0c6ca8a65bd4b076cac1451c9cdfde4be1d4b8 (diff)
downloadgitblit-2445d4b2b80671bdcefbd4ed81f394a5249ee13d.tar.gz
gitblit-2445d4b2b80671bdcefbd4ed81f394a5249ee13d.zip
fix misstyped passwords leaked in log files with redmine auth provider
-rw-r--r--src/main/java/com/gitblit/auth/RedmineAuthProvider.java5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/main/java/com/gitblit/auth/RedmineAuthProvider.java b/src/main/java/com/gitblit/auth/RedmineAuthProvider.java
index 7e957ecb..e505a54d 100644
--- a/src/main/java/com/gitblit/auth/RedmineAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/RedmineAuthProvider.java
@@ -153,15 +153,16 @@ public class RedmineAuthProvider extends UsernamePasswordAuthenticationProvider
if (!url.endsWith("/")) {
url = url.concat("/");
}
+ String apiUrl = url + "users/current.json";
+
HttpURLConnection http;
if (username == null) {
// apikey authentication
String apiKey = String.valueOf(password);
- String apiUrl = url + "users/current.json?key=" + apiKey;
http = (HttpURLConnection) ConnectionUtils.openConnection(apiUrl, null, null);
+ http.addRequestProperty("X-Redmine-API-Key", apiKey);
} else {
// username/password BASIC authentication
- String apiUrl = url + "users/current.json";
http = (HttpURLConnection) ConnectionUtils.openConnection(apiUrl, username, password);
}
http.setRequestMethod("GET");