Added setting to globally disable anonymous pushes in the receive pack

Change-Id: I3460c9c0eeb32503d58325fd09793a0cd40aa2c4

5 files changed, 29 insertions, 4 deletions

diff --git a/releases.moxie b/releases.moxie
index f9e21d4b..3418a051 100644
--- a/releases.moxie
+++ b/releases.moxie
@@ -23,9 +23,11 @@ r20: {
 	- Added branch graph image servlet based on EGit's branch graph renderer (issue-194)
 	- Added option to render Markdown commit messages (issue-203)
 	- Added setting to control creating a repository as --shared on Unix servers (issue-263)
+	- Added setting to globally disable anonymous pushes in the receive pack
     dependencyChanges: ~
     settings:
     - { name: 'git.createRepositoriesShared', defaultValue: 'false' }
+    - { name: 'git.allowAnonymousPushes', defaultValue: 'true' }
 	- { name: 'web.commitMessageRenderer', defaultValue: 'plain' }
 	- { name: 'web.showBranchGraph', defaultValue: 'true' }
     contributors:
diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties
index ab7b9992..9a02e231 100644
--- a/src/main/distrib/data/gitblit.properties
+++ b/src/main/distrib/data/gitblit.properties
@@ -145,6 +145,18 @@ git.onlyAccessBareRepositories = false
 # SINCE 1.2.0

 git.allowCreateOnPush = true

 

+# Global setting to control anonymous pushes.

+#

+# This setting allows/rejects anonymous pushes at the level of the receive pack.

+# This trumps all repository config settings.  While anonymous pushes are convenient

+# on your own box when you are a lone developer,  they are not recommended for

+# any multi-user installation where accountability is required.  Since Gitblit

+# tracks pushes and user accounts, allowing anonymous pushes compromises that

+# information.

+#

+# SINCE 1.4.0

+git.allowAnonymousPushes = true

+

 # The default access restriction for new repositories.

 # Valid values are NONE, PUSH, CLONE, VIEW

 #  NONE = anonymous view, clone, & push

diff --git a/src/main/java/com/gitblit/Constants.java b/src/main/java/com/gitblit/Constants.java
index bd04128e..3ac7082e 100644
--- a/src/main/java/com/gitblit/Constants.java
+++ b/src/main/java/com/gitblit/Constants.java
@@ -19,6 +19,8 @@ import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;

 import java.lang.annotation.RetentionPolicy;

 import java.net.URL;

+import java.util.Arrays;

+import java.util.List;

 import java.util.jar.Attributes;

 import java.util.jar.Manifest;

 

@@ -148,6 +150,8 @@ public class Constants {
 	 */

 	public static enum AccessRestrictionType {

 		NONE, PUSH, CLONE, VIEW;

+		

+		private static final AccessRestrictionType [] AUTH_TYPES = { PUSH, CLONE, VIEW };

 

 		public static AccessRestrictionType fromName(String name) {

 			for (AccessRestrictionType type : values()) {

@@ -157,6 +161,13 @@ public class Constants {
 			}

 			return NONE;

 		}

+		

+		public static List<AccessRestrictionType> choices(boolean allowAnonymousPush) {

+			if (allowAnonymousPush) {

+				return Arrays.asList(values());

+			}

+			return Arrays.asList(AUTH_TYPES);

+		}

 

 		public boolean exceeds(AccessRestrictionType type) {

 			return this.ordinal() > type.ordinal();

diff --git a/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java b/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java
index b9eb8a62..feb33e92 100644
--- a/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java
+++ b/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java
@@ -27,6 +27,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import com.gitblit.GitBlit;
+import com.gitblit.Keys;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.HttpUtils;
@@ -80,8 +81,7 @@ public class GitblitReceivePackFactory<X> implements ReceivePackFactory<X> {
 			timeout = client.getDaemon().getTimeout();
 		}
 
-		// TODO make this a setting
-		boolean allowAnonymousPushes = true;
+		boolean allowAnonymousPushes = GitBlit.getBoolean(Keys.git.allowAnonymousPushes, true);
 		if (!allowAnonymousPushes && UserModel.ANONYMOUS.equals(user)) {
 			// prohibit anonymous pushes
 			throw new ServiceNotEnabledException();
diff --git a/src/main/java/com/gitblit/wicket/pages/EditRepositoryPage.java b/src/main/java/com/gitblit/wicket/pages/EditRepositoryPage.java
index a25797ff..568c3123 100644
--- a/src/main/java/com/gitblit/wicket/pages/EditRepositoryPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/EditRepositoryPage.java
@@ -417,8 +417,8 @@ public class EditRepositoryPage extends RootSubPage {
 		form.add(new TextField<String>("description"));

 		form.add(ownersPalette);

 		form.add(new CheckBox("allowForks").setEnabled(GitBlit.getBoolean(Keys.web.allowForking, true)));

-		DropDownChoice<AccessRestrictionType> accessRestriction = new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays

-				.asList(AccessRestrictionType.values()), new AccessRestrictionRenderer());

+		DropDownChoice<AccessRestrictionType> accessRestriction = new DropDownChoice<AccessRestrictionType>("accessRestriction",

+				AccessRestrictionType.choices(GitBlit.getBoolean(Keys.git.allowAnonymousPushes, true)), new AccessRestrictionRenderer());

 		form.add(accessRestriction);

 		form.add(new CheckBox("isFrozen"));

 		// TODO enable origin definition