diff options
author | mereth <mereth78@gmail.com> | 2014-08-19 01:13:37 +0200 |
---|---|---|
committer | mereth <mereth78@gmail.com> | 2014-08-19 01:13:37 +0200 |
commit | 2445d4b2b80671bdcefbd4ed81f394a5249ee13d (patch) | |
tree | bb7c428ba09ba8cbc3a491b22dc4bee002633e3b | |
parent | 3e0c6ca8a65bd4b076cac1451c9cdfde4be1d4b8 (diff) | |
download | gitblit-2445d4b2b80671bdcefbd4ed81f394a5249ee13d.tar.gz gitblit-2445d4b2b80671bdcefbd4ed81f394a5249ee13d.zip |
fix misstyped passwords leaked in log files with redmine auth provider
-rw-r--r-- | src/main/java/com/gitblit/auth/RedmineAuthProvider.java | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/main/java/com/gitblit/auth/RedmineAuthProvider.java b/src/main/java/com/gitblit/auth/RedmineAuthProvider.java index 7e957ecb..e505a54d 100644 --- a/src/main/java/com/gitblit/auth/RedmineAuthProvider.java +++ b/src/main/java/com/gitblit/auth/RedmineAuthProvider.java @@ -153,15 +153,16 @@ public class RedmineAuthProvider extends UsernamePasswordAuthenticationProvider if (!url.endsWith("/")) { url = url.concat("/"); } + String apiUrl = url + "users/current.json"; + HttpURLConnection http; if (username == null) { // apikey authentication String apiKey = String.valueOf(password); - String apiUrl = url + "users/current.json?key=" + apiKey; http = (HttpURLConnection) ConnectionUtils.openConnection(apiUrl, null, null); + http.addRequestProperty("X-Redmine-API-Key", apiKey); } else { // username/password BASIC authentication - String apiUrl = url + "users/current.json"; http = (HttpURLConnection) ConnectionUtils.openConnection(apiUrl, username, password); } http.setRequestMethod("GET"); |