summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJames Moger <james.moger@gitblit.com>2012-02-03 18:16:16 -0500
committerJames Moger <james.moger@gitblit.com>2012-02-03 18:16:16 -0500
commitb7403152813c7fee783e3c999c7f7ae9fbaacce0 (patch)
treeb30326dec98319aab292b3a160eb9f3e39db104c
parentfe7c01a8bd76dff240e74bb770212911e227ba59 (diff)
downloadgitblit-b7403152813c7fee783e3c999c7f7ae9fbaacce0.tar.gz
gitblit-b7403152813c7fee783e3c999c7f7ae9fbaacce0.zip
Block pushes to a repository with a working copy (issue 49)
-rw-r--r--docs/00_index.mkd5
-rw-r--r--docs/04_releases.mkd1
-rw-r--r--src/com/gitblit/AccessRestrictionFilter.java17
-rw-r--r--src/com/gitblit/DownloadZipFilter.java12
-rw-r--r--src/com/gitblit/GitBlit.java1
-rw-r--r--src/com/gitblit/GitFilter.java23
-rw-r--r--src/com/gitblit/PagesFilter.java12
-rw-r--r--src/com/gitblit/SyndicationFilter.java12
-rw-r--r--src/com/gitblit/models/RepositoryModel.java6
-rw-r--r--test-gitblit.properties2
-rw-r--r--tests/com/gitblit/tests/GitServletTest.java33
11 files changed, 114 insertions, 10 deletions
diff --git a/docs/00_index.mkd b/docs/00_index.mkd
index e49750e1..a0438eef 100644
--- a/docs/00_index.mkd
+++ b/docs/00_index.mkd
@@ -30,10 +30,7 @@
Gitblit is an open-source, pure Java stack for managing, viewing, and serving [Git][git] repositories.
It's designed primarily as a tool for small workgroups who want to host centralized repositories.
-You can browse a live demo [here](http://demo-gitblit.rhcloud.com) hosted on [RedHat's OpenShift][rhcloud] cloud service.
-
-**NOTE:**
-The demo is a bit unstable due to a bug in JBossAS7/Tomcat when running in LOW_MEMORY mode which OpenShift mandates. RedHat engineers hope to have this issue resolved soon.
+You can browse a live demo [here](https://demo-gitblit.rhcloud.com) hosted on [RedHat's OpenShift][rhcloud] cloud service.
### GO: Single-Stack Solution
diff --git a/docs/04_releases.mkd b/docs/04_releases.mkd
index c8e9d197..e5113192 100644
--- a/docs/04_releases.mkd
+++ b/docs/04_releases.mkd
@@ -6,6 +6,7 @@
#### changes
+- block pushes to a repository with a working copy (i.e. non-bare repository) (issue-49)
- web.datetimestampLongFormat from *EEEE, MMMM d, yyyy h:mm a z* to *EEEE, MMMM d, yyyy HH:mm Z* (issue 50)
#### additions
diff --git a/src/com/gitblit/AccessRestrictionFilter.java b/src/com/gitblit/AccessRestrictionFilter.java
index a8d50b8c..e9b6587b 100644
--- a/src/com/gitblit/AccessRestrictionFilter.java
+++ b/src/com/gitblit/AccessRestrictionFilter.java
@@ -62,6 +62,15 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter {
protected abstract String getUrlRequestAction(String url);
/**
+ * Determine if the action may be executed on the repository.
+ *
+ * @param repository
+ * @param action
+ * @return true if the action may be performed
+ */
+ protected abstract boolean isActionAllowed(RepositoryModel repository, String action);
+
+ /**
* Determine if the repository requires authentication.
*
* @param repository
@@ -110,6 +119,14 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter {
httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
+
+ // Confirm that the action may be executed on the repository
+ if (!isActionAllowed(model, urlRequestType)) {
+ logger.info(MessageFormat.format("ARF: action {0} on {1} forbidden ({2})",
+ urlRequestType, model, HttpServletResponse.SC_FORBIDDEN));
+ httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
// Wrap the HttpServletRequest with the AccessRestrictionRequest which
// overrides the servlet container user principal methods.
diff --git a/src/com/gitblit/DownloadZipFilter.java b/src/com/gitblit/DownloadZipFilter.java
index c308cbbb..d22649b5 100644
--- a/src/com/gitblit/DownloadZipFilter.java
+++ b/src/com/gitblit/DownloadZipFilter.java
@@ -57,6 +57,18 @@ public class DownloadZipFilter extends AccessRestrictionFilter {
}
/**
+ * Determine if the action may be executed on the repository.
+ *
+ * @param repository
+ * @param action
+ * @return true if the action may be performed
+ */
+ @Override
+ protected boolean isActionAllowed(RepositoryModel repository, String action) {
+ return true;
+ }
+
+ /**
* Determine if the repository requires authentication.
*
* @param repository
diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index a689b48e..7a6411c4 100644
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -760,6 +760,7 @@ public class GitBlit implements ServletContextListener {
model.name = repositoryName;
model.hasCommits = JGitUtils.hasCommits(r);
model.lastChange = JGitUtils.getLastChange(r, null);
+ model.isBare = r.isBare();
StoredConfig config = JGitUtils.readConfig(r);
if (config != null) {
model.description = getConfig(config, "description", "");
diff --git a/src/com/gitblit/GitFilter.java b/src/com/gitblit/GitFilter.java
index a7f0fe74..e76fd767 100644
--- a/src/com/gitblit/GitFilter.java
+++ b/src/com/gitblit/GitFilter.java
@@ -81,6 +81,25 @@ public class GitFilter extends AccessRestrictionFilter {
}
return null;
}
+
+ /**
+ * Determine if the repository can receive pushes.
+ *
+ * @param repository
+ * @param action
+ * @return true if the action may be performed
+ */
+ @Override
+ protected boolean isActionAllowed(RepositoryModel repository, String action) {
+ if (action.equals(gitReceivePack)) {
+ // Push request
+ if (!repository.isBare) {
+ logger.warn("Gitblit does not allow pushes to repositories with a working copy");
+ return false;
+ }
+ }
+ return true;
+ }
/**
* Determine if the repository requires authentication.
@@ -107,8 +126,8 @@ public class GitFilter extends AccessRestrictionFilter {
if (!GitBlit.getBoolean(Keys.git.enableGitServlet, true)) {
// Git Servlet disabled
return false;
- }
- boolean readOnly = repository.isFrozen;
+ }
+ boolean readOnly = repository.isFrozen;
if (readOnly || repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
boolean authorizedUser = user.canAccessRepository(repository);
if (action.equals(gitReceivePack)) {
diff --git a/src/com/gitblit/PagesFilter.java b/src/com/gitblit/PagesFilter.java
index 87fef0d2..b29bede2 100644
--- a/src/com/gitblit/PagesFilter.java
+++ b/src/com/gitblit/PagesFilter.java
@@ -77,6 +77,18 @@ public class PagesFilter extends AccessRestrictionFilter {
}
/**
+ * Determine if the action may be executed on the repository.
+ *
+ * @param repository
+ * @param action
+ * @return true if the action may be performed
+ */
+ @Override
+ protected boolean isActionAllowed(RepositoryModel repository, String action) {
+ return true;
+ }
+
+ /**
* Determine if the repository requires authentication.
*
* @param repository
diff --git a/src/com/gitblit/SyndicationFilter.java b/src/com/gitblit/SyndicationFilter.java
index d6dd1f2d..7e2561b9 100644
--- a/src/com/gitblit/SyndicationFilter.java
+++ b/src/com/gitblit/SyndicationFilter.java
@@ -55,6 +55,18 @@ public class SyndicationFilter extends AccessRestrictionFilter {
}
/**
+ * Determine if the action may be executed on the repository.
+ *
+ * @param repository
+ * @param action
+ * @return true if the action may be performed
+ */
+ @Override
+ protected boolean isActionAllowed(RepositoryModel repository, String action) {
+ return true;
+ }
+
+ /**
* Determine if the repository requires authentication.
*
* @param repository
diff --git a/src/com/gitblit/models/RepositoryModel.java b/src/com/gitblit/models/RepositoryModel.java
index b633c69e..10dcbc68 100644
--- a/src/com/gitblit/models/RepositoryModel.java
+++ b/src/com/gitblit/models/RepositoryModel.java
@@ -53,14 +53,14 @@ public class RepositoryModel implements Serializable, Comparable<RepositoryModel
public boolean skipSizeCalculation;
public boolean skipSummaryMetrics;
public String frequency;
+ public boolean isBare;
public String origin;
+ public String HEAD;
+ public List<String> availableRefs;
public String size;
public List<String> preReceiveScripts;
public List<String> postReceiveScripts;
public List<String> mailingLists;
- public String HEAD;
- public List<String> availableRefs;
-
private String displayName;
public RepositoryModel() {
diff --git a/test-gitblit.properties b/test-gitblit.properties
index a815198b..9249bbd0 100644
--- a/test-gitblit.properties
+++ b/test-gitblit.properties
@@ -7,7 +7,7 @@ git.searchRepositoriesSubfolders = true
git.enableGitServlet = true
groovy.scriptsFolder = groovy
groovy.preReceiveScripts = blockpush
-groovy.postReceiveScripts = sendmail jenkins
+groovy.postReceiveScripts = sendmail
web.authenticateViewPages = false
web.authenticateAdminPages = true
web.allowCookieAuthentication = true
diff --git a/tests/com/gitblit/tests/GitServletTest.java b/tests/com/gitblit/tests/GitServletTest.java
index 88bbe917..38d7fa9f 100644
--- a/tests/com/gitblit/tests/GitServletTest.java
+++ b/tests/com/gitblit/tests/GitServletTest.java
@@ -30,6 +30,8 @@ public class GitServletTest {
static File ticgit2Folder = new File(GitBlitSuite.REPOSITORIES, "working/ticgit2");
static File jgitFolder = new File(GitBlitSuite.REPOSITORIES, "working/jgit");
+
+ static File jgit2Folder = new File(GitBlitSuite.REPOSITORIES, "working/jgit2");
String url = GitBlitSuite.url;
String account = GitBlitSuite.account;
@@ -61,6 +63,9 @@ public class GitServletTest {
if (jgitFolder.exists()) {
FileUtils.delete(jgitFolder, FileUtils.RECURSIVE);
}
+ if (jgit2Folder.exists()) {
+ FileUtils.delete(jgit2Folder, FileUtils.RECURSIVE);
+ }
}
@Test
@@ -141,6 +146,34 @@ public class GitServletTest {
close(git);
}
+ @Test
+ public void testPushToNonBareRepository() throws Exception {
+ CloneCommand clone = Git.cloneRepository();
+ clone.setURI(MessageFormat.format("{0}/git/working/jgit", url));
+ clone.setDirectory(jgit2Folder);
+ clone.setBare(false);
+ clone.setCloneAllBranches(true);
+ clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));
+ close(clone.call());
+ assertTrue(true);
+
+ Git git = Git.open(jgit2Folder);
+ File file = new File(jgit2Folder, "NONBARE");
+ OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true));
+ BufferedWriter w = new BufferedWriter(os);
+ w.write("// " + new Date().toString() + "\n");
+ w.close();
+ git.add().addFilepattern(file.getName()).call();
+ git.commit().setMessage("test commit followed by push to non-bare repository").call();
+ try {
+ git.push().setPushAll().call();
+ assertTrue(false);
+ } catch (Exception e) {
+ assertTrue(e.getCause().getMessage().contains("git-receive-pack not permitted"));
+ }
+ close(git);
+ }
+
private void close(Git git) {
// really close the repository
// decrement the use counter to 0