diff options
author | James Moger <james.moger@gitblit.com> | 2011-12-04 16:55:42 -0500 |
---|---|---|
committer | James Moger <james.moger@gitblit.com> | 2011-12-04 16:55:42 -0500 |
commit | 93f4729cdfc856d2a3b155bcf3e97f85b47ce760 (patch) | |
tree | 791870de5a0cfcd1072d953b17e4ba4c95f57dfd | |
parent | b774dedd7f0ab1567e790610b70eb7f2241423fb (diff) | |
download | gitblit-93f4729cdfc856d2a3b155bcf3e97f85b47ce760.tar.gz gitblit-93f4729cdfc856d2a3b155bcf3e97f85b47ce760.zip |
Implemented ConfigUserService. Fixed and deprecated FileUserService.
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | build.xml | 6 | ||||
-rw-r--r-- | distrib/gitblit.properties | 5 | ||||
-rw-r--r-- | distrib/users.conf | 4 | ||||
-rw-r--r-- | distrib/users.properties | 3 | ||||
-rw-r--r-- | docs/01_setup.mkd | 40 | ||||
-rw-r--r-- | docs/02_federation.mkd | 8 | ||||
-rw-r--r-- | docs/03_faq.mkd | 6 | ||||
-rw-r--r-- | docs/04_releases.mkd | 6 | ||||
-rw-r--r-- | docs/05_roadmap.mkd | 3 | ||||
-rw-r--r-- | src/com/gitblit/ConfigUserService.java | 471 | ||||
-rw-r--r-- | src/com/gitblit/FederationPullExecutor.java | 4 | ||||
-rw-r--r-- | src/com/gitblit/FileUserService.java | 27 | ||||
-rw-r--r-- | src/com/gitblit/GitBlit.java | 38 | ||||
-rw-r--r-- | src/com/gitblit/models/UserModel.java | 8 | ||||
-rw-r--r-- | tests/com/gitblit/tests/FederationTests.java | 2 | ||||
-rw-r--r-- | tests/com/gitblit/tests/GitBlitSuite.java | 7 | ||||
-rw-r--r-- | tests/com/gitblit/tests/GitBlitTest.java | 4 | ||||
-rw-r--r-- | tests/com/gitblit/tests/GitServletTest.java | 2 | ||||
-rw-r--r-- | tests/com/gitblit/tests/SyndicationUtilsTest.java | 2 | ||||
-rw-r--r-- | tests/com/gitblit/tests/UserServiceTest.java | 100 |
21 files changed, 694 insertions, 53 deletions
@@ -23,3 +23,4 @@ /javadoc /express /build-demo.xml +/users.conf @@ -103,7 +103,7 @@ <copy todir="${basedir}" overwrite="false">
<fileset dir="${basedir}/distrib">
<include name="gitblit.properties" />
- <include name="users.properties" />
+ <include name="users.conf" />
</fileset>
</copy>
@@ -321,10 +321,10 @@ <delete dir="${project.war.dir}" />
- <!-- Copy web.xml and users.properties to WEB-INF -->
+ <!-- Copy web.xml and users.conf to WEB-INF -->
<copy todir="${project.war.dir}/WEB-INF">
<fileset dir="${basedir}/distrib">
- <include name="users.properties" />
+ <include name="users.conf" />
</fileset>
<fileset dir="${basedir}/src/WEB-INF">
<include name="web.xml" />
diff --git a/distrib/gitblit.properties b/distrib/gitblit.properties index 34361efc..39e47885 100644 --- a/distrib/gitblit.properties +++ b/distrib/gitblit.properties @@ -50,13 +50,14 @@ web.authenticateAdminPages = true # SINCE 0.5.0
web.allowCookieAuthentication = true
-# Either the path to a simple user properties file
+# Either the full path to a user config file (users.conf)
+# OR the full path to a simple user properties file (users.properties)
# OR a fully qualified class name that implements the IUserService interface.
# Any custom implementation must have a public default constructor.
#
# SINCE 0.5.0
# RESTART REQUIRED
-realm.userService = users.properties
+realm.userService = users.conf
# How to store passwords.
# Valid values are plain, md5, or combined-md5. md5 is the hash of password.
diff --git a/distrib/users.conf b/distrib/users.conf new file mode 100644 index 00000000..e9dbd83d --- /dev/null +++ b/distrib/users.conf @@ -0,0 +1,4 @@ +[user "admin"] + password = admin + role = "#admin" + role = "#notfederated" diff --git a/distrib/users.properties b/distrib/users.properties deleted file mode 100644 index 009c8e3a..00000000 --- a/distrib/users.properties +++ /dev/null @@ -1,3 +0,0 @@ -## Gitblit realm file format: username=password,\#permission,repository1,repository2...
-#Fri Jul 22 14:27:08 EDT 2011
-admin=admin,\#admin,\#notfederated
diff --git a/docs/01_setup.mkd b/docs/01_setup.mkd index 0939d5a2..468421d3 100644 --- a/docs/01_setup.mkd +++ b/docs/01_setup.mkd @@ -2,11 +2,11 @@ 1. Download [Gitblit WAR %VERSION%](http://code.google.com/p/gitblit/downloads/detail?name=%WAR%) to the webapps folder of your servlet container.
2. You may have to manually extract the WAR (zip file) to a folder within your webapps folder.
-3. Copy the `WEB-INF/users.properties` file to a location outside the webapps folder that is accessible by your servlet container.
+3. Copy the `WEB-INF/users.conf` file to a location outside the webapps folder that is accessible by your servlet container.
4. The Gitblit webapp is configured through its `web.xml` file.
Open `web.xml` in your favorite text editor and make sure to review and set:
- <context-parameter> *git.repositoryFolder* (set the full path to your repositories folder)
- - <context-parameter> *realm.userService* (set the full path to `users.properties`)
+ - <context-parameter> *realm.userService* (set the full path to `users.conf`)
5. You may have to restart your servlet container.
6. Open your browser to <http://localhost/gitblit> or whatever the url should be.
7. Enter the default administrator credentials: **admin / admin** and click the *Login* button
@@ -89,17 +89,22 @@ Command-Line parameters override the values in `gitblit.properties` at runtime. **Example**
- java -jar gitblit.jar --userService c:\myrealm.properties --storePassword something
+ java -jar gitblit.jar --userService c:\myrealm.config --storePassword something
## Upgrading Gitblit
Generally, upgrading is easy.
-Since Gitblit does not use a database the only files you have to worry about are your configuration file (`gitblit.properties` or `web.xml`) and possibly your `users.properties` file.
+Since Gitblit does not use a database the only files you have to worry about are your configuration file (`gitblit.properties` or `web.xml`) and possibly your `users.conf` or `users.properties` file.
Any important changes to the setting keys or default values will always be mentioned in the [release log](releases.html).
+Gitblit v0.8.0 introduced a new default user service implementation which serializes and deserializes user objects into `users.conf`. A `users.conf` file will be automatically created from an existing `users.properties` file on the first launch after an upgrade. To use the `users.conf` service, *realm.userService=users.conf* must be set. This revised user service allows for more sophisticated Gitblit user objects and will facilitate the development of more advanced features without adding the complexity of an embedded SQL database.
+
+`users.properties` and its user service implementation are deprecated as of v0.8.0.
+
### Upgrading Gitblit WAR
-1. Backup your `web.xml` file
+1. Backup your `web.xml` file
+Backup your `web.properties` file (if you have one, these are the setting overrides from using the RPC administration service)
2. Delete currently deployed gitblit WAR
3. Deploy new WAR and overwrite the `web.xml` file with your backup
4. Review and optionally apply any new settings as indicated in the [release log](releases.html).
@@ -107,10 +112,14 @@ Any important changes to the setting keys or default values will always be menti ### Upgrading Gitblit GO
1. Backup your `gitblit.properties` file
-2. Backup your `users.properties` file *(if it is located in the Gitblit GO folder)*
+2. Backup your `users.properties` file *(if it is located in the Gitblit GO folder)*
+OR
+Backup your `users.conf` file *(if it is located in the Gitblit GO folder)*
3. Unzip Gitblit GO to a new folder
4. Overwrite the `gitblit.properties` file with your backup
-5. Overwrite the `users.properties` file with your backup *(if it was located in the Gitblit GO folder)*
+5. Overwrite the `users.properties` file with your backup *(if it was located in the Gitblit GO folder)*
+OR
+Overwrite the `users.conf` file with your backup *(if it was located in the Gitblit GO folder)*
6. Review and optionally apply any new settings as indicated in the [release log](releases.html).
#### Upgrading Windows Service
@@ -148,7 +157,20 @@ All repositories created with Gitblit are *bare* and will automatically have *.g #### Repository Owner
The *Repository Owner* has the special permission of being able to edit a repository through the web UI. The Repository Owner is not permitted to rename the repository, delete the repository, or reassign ownership to another user.
-### Administering Users
+### Administering Users (Gitblit v0.8.0+)
+All users are stored in the `users.conf` file or in the file you specified in `gitblit.properties`.<br/>
+The `users.conf` file uses a Git-style configuration format:
+
+ [user "admin"]
+ password = admin
+ role = "#admin"
+ role = "#notfederated"
+ repository = repo1.git
+ repository = repo2.git
+
+The `users.conf` file allows flexibility for adding new fields to a UserModel object that the original `users.properties` file does not afford without imposing the complexity of relying on an embedded SQL database.
+
+### Administering Users (Gitblit v0.5.0 - v0.7.0)
All users are stored in the `users.properties` file or in the file you specified in `gitblit.properties`.<br/>
The format of `users.properties` follows Jetty's convention for HashRealms:
@@ -165,7 +187,7 @@ User passwords are CASE-SENSITIVE and may be *plain*, *md5*, or *combined-md5* f There are two actual *roles* in Gitblit: *#admin*, which grants administrative powers to that user, and *#notfederated*, which prevents an account from being pulled by another Gitblit instance. Administrators automatically have access to all repositories. All other *roles* are repository names. If a repository is access-restricted, the user must have the repository's name within his/her roles to bypass the access restriction. This is how users are granted access to a restricted repository.
## Authentication and Authorization Customization
-Instead of maintaining a `users.properties` file, you may want to integrate Gitblit into an existing environment.
+Instead of maintaining a `users.conf` or `users.properties` file, you may want to integrate Gitblit into an existing environment.
You may use your own custom *com.gitblit.IUserService* implementation by specifying its fully qualified classname in the *realm.userService* setting.
diff --git a/docs/02_federation.mkd b/docs/02_federation.mkd index dff71875..a592c1ed 100644 --- a/docs/02_federation.mkd +++ b/docs/02_federation.mkd @@ -155,9 +155,9 @@ If they do not match, the repository is skipped and this is indicated in the log By default all user accounts except the *admin* account are automatically pulled when using the *ALL* token or the *USERS_AND_REPOSITORIES* token. You may exclude a user account from being pulled by a federated Gitblit instance by checking *exclude from federation* in the edit user page.
-The pulling Gitblit instance will store a registration-specific `users.properties` file for the pulled user accounts and their repository permissions. This file is stored in the *federation.N.folder* folder.
+The pulling Gitblit instance will store a registration-specific `users.conf` file for the pulled user accounts and their repository permissions. This file is stored in the *federation.N.folder* folder.
-If you specify *federation.N.mergeAccounts=true*, then the user accounts from the origin Gitblit instance will be integrated into the `users.properties` file of your Gitblit instance and allow sign-on of those users.
+If you specify *federation.N.mergeAccounts=true*, then the user accounts from the origin Gitblit instance will be integrated into the `users.conf` file of your Gitblit instance and allow sign-on of those users.
**NOTE:**
Upgrades from older Gitblit versions will not have the *#notfederated* role assigned to the *admin* account. Without that role, your admin account WILL be transferred with an *ALL* or *USERS_AND_REPOSITORIES* token.
@@ -214,7 +214,7 @@ By default, federated repositories can not be pushed to, they are read-only by t <tr><th>federation.N.mergeAccounts</th>
<td>boolean</td>
-<td>if <b>true</b>, merge the retrieved accounts into the <code>users.properties</code> of <b>this</b> Gitblit instance.<br/><em>default is false</em></td>
+<td>if <b>true</b>, merge the retrieved accounts into the <code>users.conf</code> of <b>this</b> Gitblit instance.<br/><em>default is false</em></td>
</tr>
<tr><th>federation.N.sendStatus</th>
@@ -248,7 +248,7 @@ These examples would be entered into the `gitblit.properties` file of the pullin This assumes that the *token* is the *ALL* token from the origin gitblit instance.
-The repositories, example1_users.properties, and example1_gitblit.properties will be put in *git.repositoriesFolder* and the origin user accounts will be merged into the local user accounts, including passwords and all roles. The Gitblit instance will also send a status acknowledgment to the origin Gitblit instance at the end of the pull operation. The status report will include the state of each repository pull (EXCLUDED, SKIPPED, NOCHANGE, PULLED, MIRRORED). This way the origin Gitblit instance can monitor the health of its mirrors.
+The repositories, example1_users.conf, and example1_gitblit.properties will be put in *git.repositoriesFolder* and the origin user accounts will be merged into the local user accounts, including passwords and all roles. The Gitblit instance will also send a status acknowledgment to the origin Gitblit instance at the end of the pull operation. The status report will include the state of each repository pull (EXCLUDED, SKIPPED, NOCHANGE, PULLED, MIRRORED). This way the origin Gitblit instance can monitor the health of its mirrors.
This example is considered *nearly* perfect because while the origin Gitblit's server settings are pulled and saved locally, they are not merged with your server settings so its not a true mirror, but its likely the mirror you'd want to configure.
diff --git a/docs/03_faq.mkd b/docs/03_faq.mkd index 478e1992..8b08e19a 100644 --- a/docs/03_faq.mkd +++ b/docs/03_faq.mkd @@ -34,7 +34,7 @@ Run the server as *root* (security concern) or change the ports you are serving 2. Confirm that the servlet container process has full read-write-execute permissions to your *git.repositoriesFolder*.
### Gitblit WAR will not authenticate any users?!
-Confirm that the <context-param> *realm.userService* value in your `web.xml` file actually points to a `users.properties` file.
+Confirm that the <context-param> *realm.userService* value in your `web.xml` file actually points to a `users.conf` or `users.properties` file.
### Gitblit won't open my grouped repository (/group/myrepo.git) or browse my log/branch/tag/ref?!
This is likely an url encoding/decoding problem with forward slashes:
@@ -111,9 +111,9 @@ Yes. Gitblit will run just fine with a JRE. Gitblit can optionally use `keytool` from the JDK to generate self-signed certificates, but normally Gitblit uses [BouncyCastle][bouncycastle] for that need.
### Does Gitblit use a database to store its data?
-No. Gitblit stores its repository configuration information within the `.git/config` file and its user information in `users.properties` or whatever filename is configured in `gitblit.properties`.
+No. Gitblit stores its repository configuration information within the `.git/config` file and its user information in `users.conf`, `users.properties`, or whatever filename is configured in `gitblit.properties`.
-### Can I manually edit users.properties, gitblit.properties, or .git/config?
+### Can I manually edit users.conf, users.properties, gitblit.properties, or .git/config?
Yes. You can manually manipulate all of them and (most) changes will be immediately available to Gitblit.<br/>Exceptions to this are noted in `gitblit.properties`.
**NOTE:**
diff --git a/docs/04_releases.mkd b/docs/04_releases.mkd index a4a2c4c4..7a0cb094 100644 --- a/docs/04_releases.mkd +++ b/docs/04_releases.mkd @@ -3,13 +3,17 @@ ### Current Release
**%VERSION%** ([go](http://code.google.com/p/gitblit/downloads/detail?name=%GO%) | [war](http://code.google.com/p/gitblit/downloads/detail?name=%WAR%) | [express](http://code.google.com/p/gitblit/downloads/detail?name=%EXPRESS%) | [fedclient](http://code.google.com/p/gitblit/downloads/detail?name=%FEDCLIENT%) | [manager](http://code.google.com/p/gitblit/downloads/detail?name=%MANAGER%) | [api](http://code.google.com/p/gitblit/downloads/detail?name=%API%)) based on [%JGIT%][jgit] *released %BUILDDATE%*
-- added: Gitblit Express bundle for running Gitblit on RedHat's OpenShift cloud
+- added: new default user service implementation: com.gitblit.ConfigUserService (users.conf)
+This user service implementation allows for serialization and deserialization of more sophisticated Gitblit User objects and will open the door for more advanced Gitblit features. For upgrading installations, a `users.conf` file will automatically be created for you from your existing `users.properties` file on your first launch of Gitblit. You will have to manually set *realm.userService=users.conf* to switch to the new user service. The original `users.properties` file and it's corresponding implementation are deprecated.
+ **New:** *realm.userService = users.conf*
+- added: Gitblit Express bundle to get started running Gitblit on RedHat's OpenShift cloud
- added: optional Gravatar integration
**New:** *web.allowGravatar = true*
- added: multi-repository activity page. this is a timeline of commit activity over the last N days for one or more repositories.
**New:** *web.activityDuration = 14*
**New:** *web.timeFormat = HH:mm*
**New:** *web.datestampLongFormat = EEEE, MMMM d, yyyy*
+- fixed: several a bugs in FileUserService related to cleaning up old repository permissions on a rename or delete
### Older Releases
diff --git a/docs/05_roadmap.mkd b/docs/05_roadmap.mkd index b29f622e..e9d2dcbe 100644 --- a/docs/05_roadmap.mkd +++ b/docs/05_roadmap.mkd @@ -29,8 +29,6 @@ This list is volatile. * push-restricted repositories would have anonymous R git:// access
* clone-restricted repositories would prohibit git:// access
* view-restricted repositories would prohibit git:// access
-* Gitblit: Consider using Git-style config file instead of Java properties file for user storage (users.config vs. users.properties)
- * this would allow for additional fields per user without bringing in a database
### TODO (low priority)
@@ -39,6 +37,7 @@ This list is volatile. ### IDEAS
+* Gitblit: consider user-subscribed email notifications for a repository branch
* Gitblit: aggregate RSS feeds by tag or subfolder
* Gitblit: Consider creating more Git model objects and exposing them via the JSON RPC interface to allow inspection/retrieval of Git commits, Git trees, etc from Gitblit.
* Gitblit: Stronger ticgit integration (issue 8)
diff --git a/src/com/gitblit/ConfigUserService.java b/src/com/gitblit/ConfigUserService.java new file mode 100644 index 00000000..28a16c50 --- /dev/null +++ b/src/com/gitblit/ConfigUserService.java @@ -0,0 +1,471 @@ +/*
+ * Copyright 2011 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gitblit;
+
+import java.io.File;
+import java.io.IOException;
+import java.text.MessageFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.eclipse.jgit.lib.StoredConfig;
+import org.eclipse.jgit.storage.file.FileBasedConfig;
+import org.eclipse.jgit.util.FS;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.gitblit.models.UserModel;
+import com.gitblit.utils.StringUtils;
+
+/**
+ * ConfigUserService is Gitblit's default user service implementation since
+ * version 0.8.0.
+ *
+ * Users and their repository memberships are stored in a git-style config file
+ * which is cached and dynamically reloaded when modified. This file is
+ * plain-text, human-readable, and may be edited with a text editor.
+ *
+ * Additionally, this format allows for expansion of the user model without
+ * bringing in the complexity of a database.
+ *
+ * @author James Moger
+ *
+ */
+public class ConfigUserService implements IUserService {
+
+ private final File realmFile;
+
+ private final Logger logger = LoggerFactory.getLogger(ConfigUserService.class);
+
+ private final Map<String, UserModel> users = new ConcurrentHashMap<String, UserModel>();
+
+ private final Map<String, UserModel> cookies = new ConcurrentHashMap<String, UserModel>();
+
+ private final String userSection = "user";
+
+ private final String passwordField = "password";
+
+ private final String repositoryField = "repository";
+
+ private final String roleField = "role";
+
+ private volatile long lastModified;
+
+ public ConfigUserService(File realmFile) {
+ this.realmFile = realmFile;
+ }
+
+ /**
+ * Setup the user service.
+ *
+ * @param settings
+ * @since 0.6.1
+ */
+ @Override
+ public void setup(IStoredSettings settings) {
+ }
+
+ /**
+ * Does the user service support cookie authentication?
+ *
+ * @return true or false
+ */
+ @Override
+ public boolean supportsCookies() {
+ return true;
+ }
+
+ /**
+ * Returns the cookie value for the specified user.
+ *
+ * @param model
+ * @return cookie value
+ */
+ @Override
+ public char[] getCookie(UserModel model) {
+ read();
+ UserModel storedModel = users.get(model.username.toLowerCase());
+ String cookie = StringUtils.getSHA1(model.username + storedModel.password);
+ return cookie.toCharArray();
+ }
+
+ /**
+ * Authenticate a user based on their cookie.
+ *
+ * @param cookie
+ * @return a user object or null
+ */
+ @Override
+ public UserModel authenticate(char[] cookie) {
+ String hash = new String(cookie);
+ if (StringUtils.isEmpty(hash)) {
+ return null;
+ }
+ read();
+ UserModel model = null;
+ if (cookies.containsKey(hash)) {
+ model = cookies.get(hash);
+ }
+ return model;
+ }
+
+ /**
+ * Authenticate a user based on a username and password.
+ *
+ * @param username
+ * @param password
+ * @return a user object or null
+ */
+ @Override
+ public UserModel authenticate(String username, char[] password) {
+ read();
+ UserModel returnedUser = null;
+ UserModel user = getUserModel(username);
+ if (user == null) {
+ return null;
+ }
+ if (user.password.startsWith(StringUtils.MD5_TYPE)) {
+ // password digest
+ String md5 = StringUtils.MD5_TYPE + StringUtils.getMD5(new String(password));
+ if (user.password.equalsIgnoreCase(md5)) {
+ returnedUser = user;
+ }
+ } else if (user.password.startsWith(StringUtils.COMBINED_MD5_TYPE)) {
+ // username+password digest
+ String md5 = StringUtils.COMBINED_MD5_TYPE
+ + StringUtils.getMD5(username.toLowerCase() + new String(password));
+ if (user.password.equalsIgnoreCase(md5)) {
+ returnedUser = user;
+ }
+ } else if (user.password.equals(new String(password))) {
+ // plain-text password
+ returnedUser = user;
+ }
+ return returnedUser;
+ }
+
+ /**
+ * Retrieve the user object for the specified username.
+ *
+ * @param username
+ * @return a user object or null
+ */
+ @Override
+ public UserModel getUserModel(String username) {
+ read();
+ UserModel model = users.get(username.toLowerCase());
+ return model;
+ }
+
+ /**
+ * Updates/writes a complete user object.
+ *
+ * @param model
+ * @return true if update is successful
+ */
+ @Override
+ public boolean updateUserModel(UserModel model) {
+ return updateUserModel(model.username, model);
+ }
+
+ /**
+ * Updates/writes and replaces a complete user object keyed by username.
+ * This method allows for renaming a user.
+ *
+ * @param username
+ * the old username
+ * @param model
+ * the user object to use for username
+ * @return true if update is successful
+ */
+ @Override
+ public boolean updateUserModel(String username, UserModel model) {
+ try {
+ read();
+ users.remove(username.toLowerCase());
+ users.put(model.username.toLowerCase(), model);
+ write();
+ return true;
+ } catch (Throwable t) {
+ logger.error(MessageFormat.format("Failed to update user model {0}!", model.username),
+ t);
+ }
+ return false;
+ }
+
+ /**
+ * Deletes the user object from the user service.
+ *
+ * @param model
+ * @return true if successful
+ */
+ @Override
+ public boolean deleteUserModel(UserModel model) {
+ return deleteUser(model.username);
+ }
+
+ /**
+ * Delete the user object with the specified username
+ *
+ * @param username
+ * @return true if successful
+ */
+ @Override
+ public boolean deleteUser(String username) {
+ try {
+ // Read realm file
+ read();
+ users.remove(username.toLowerCase());
+ write();
+ return true;
+ } catch (Throwable t) {
+ logger.error(MessageFormat.format("Failed to delete user {0}!", username), t);
+ }
+ return false;
+ }
+
+ /**
+ * Returns the list of all users available to the login service.
+ *
+ * @return list of all usernames
+ */
+ @Override
+ public List<String> getAllUsernames() {
+ read();
+ List<String> list = new ArrayList<String>(users.keySet());
+ return list;
+ }
+
+ /**
+ * Returns the list of all users who are allowed to bypass the access
+ * restriction placed on the specified repository.
+ *
+ * @param role
+ * the repository name
+ * @return list of all usernames that can bypass the access restriction
+ */
+ @Override
+ public List<String> getUsernamesForRepositoryRole(String role) {
+ List<String> list = new ArrayList<String>();
+ try {
+ read();
+ for (Map.Entry<String, UserModel> entry : users.entrySet()) {
+ UserModel model = entry.getValue();
+ if (model.hasRepository(role)) {
+ list.add(model.username);
+ }
+ }
+ } catch (Throwable t) {
+ logger.error(MessageFormat.format("Failed to get usernames for role {0}!", role), t);
+ }
+ return list;
+ }
+
+ /**
+ * Sets the list of all uses who are allowed to bypass the access
+ * restriction placed on the specified repository.
+ *
+ * @param role
+ * the repository name
+ * @param usernames
+ * @return true if successful
+ */
+ @Override
+ public boolean setUsernamesForRepositoryRole(String role, List<String> usernames) {
+ try {
+ Set<String> specifiedUsers = new HashSet<String>();
+ for (String username : usernames) {
+ specifiedUsers.add(username.toLowerCase());
+ }
+
+ read();
+
+ // identify users which require add or remove role
+ for (UserModel user : users.values()) {
+ // user has role, check against revised user list
+ if (specifiedUsers.contains(user.username.toLowerCase())) {
+ user.addRepository(role);
+ } else {
+ // remove role from user
+ user.removeRepository(role);
+ }
+ }
+
+ // persist changes
+ write();
+ return true;
+ } catch (Throwable t) {
+ logger.error(MessageFormat.format("Failed to set usernames for role {0}!", role), t);
+ }
+ return false;
+ }
+
+ /**
+ * Renames a repository role.
+ *
+ * @param oldRole
+ * @param newRole
+ * @return true if successful
+ */
+ @Override
+ public boolean renameRepositoryRole(String oldRole, String newRole) {
+ try {
+ read();
+ // identify users which require role rename
+ for (UserModel model : users.values()) {
+ if (model.hasRepository(oldRole)) {
+ model.removeRepository(oldRole);
+ model.addRepository(newRole);
+ }
+ }
+
+ // persist changes
+ write();
+ return true;
+ } catch (Throwable t) {
+ logger.error(
+ MessageFormat.format("Failed to rename role {0} to {1}!", oldRole, newRole), t);
+ }
+ return false;
+ }
+
+ /**
+ * Removes a repository role from all users.
+ *
+ * @param role
+ * @return true if successful
+ */
+ @Override
+ public boolean deleteRepositoryRole(String role) {
+ try {
+ read();
+
+ // identify users which require role rename
+ for (UserModel user : users.values()) {
+ user.removeRepository(role);
+ }
+
+ // persist changes
+ write();
+ return true;
+ } catch (Throwable t) {
+ logger.error(MessageFormat.format("Failed to delete role {0}!", role), t);
+ }
+ return false;
+ }
+
+ /**
+ * Writes the properties file.
+ *
+ * @param properties
+ * @throws IOException
+ */
+ private synchronized void write() throws IOException {
+ // Write a temporary copy of the users file
+ File realmFileCopy = new File(realmFile.getAbsolutePath() + ".tmp");
+
+ StoredConfig config = new FileBasedConfig(realmFileCopy, FS.detect());
+ for (UserModel model : users.values()) {
+ config.setString(userSection, model.username, passwordField, model.password);
+
+ // user roles
+ List<String> roles = new ArrayList<String>();
+ if (model.canAdmin) {
+ roles.add(Constants.ADMIN_ROLE);
+ }
+ if (model.excludeFromFederation) {
+ roles.add(Constants.NOT_FEDERATED_ROLE);
+ }
+ config.setStringList(userSection, model.username, roleField, roles);
+
+ // repository memberships
+ config.setStringList(userSection, model.username, repositoryField,
+ new ArrayList<String>(model.repositories));
+ }
+ config.save();
+
+ // If the write is successful, delete the current file and rename
+ // the temporary copy to the original filename.
+ if (realmFileCopy.exists() && realmFileCopy.length() > 0) {
+ if (realmFile.exists()) {
+ if (!realmFile.delete()) {
+ throw new IOException(MessageFormat.format("Failed to delete {0}!",
+ realmFile.getAbsolutePath()));
+ }
+ }
+ if (!realmFileCopy.renameTo(realmFile)) {
+ throw new IOException(MessageFormat.format("Failed to rename {0} to {1}!",
+ realmFileCopy.getAbsolutePath(), realmFile.getAbsolutePath()));
+ }
+ } else {
+ throw new IOException(MessageFormat.format("Failed to save {0}!",
+ realmFileCopy.getAbsolutePath()));
+ }
+ }
+
+ /**
+ * Reads the realm file and rebuilds the in-memory lookup tables.
+ */
+ protected synchronized void read() {
+ if (realmFile.exists() && (realmFile.lastModified() > lastModified)) {
+ lastModified = realmFile.lastModified();
+ users.clear();
+ cookies.clear();
+ try {
+ StoredConfig config = new FileBasedConfig(realmFile, FS.detect());
+ config.load();
+ Set<String> usernames = config.getSubsections(userSection);
+ for (String username : usernames) {
+ UserModel user = new UserModel(username);
+ user.password = config.getString(userSection, username, passwordField);
+
+ // user roles
+ Set<String> roles = new HashSet<String>(Arrays.asList(config.getStringList(
+ userSection, username, roleField)));
+ user.canAdmin = roles.contains(Constants.ADMIN_ROLE);
+ user.excludeFromFederation = roles.contains(Constants.NOT_FEDERATED_ROLE);
+
+ // repository memberships
+ Set<String> repositories = new HashSet<String>(Arrays.asList(config
+ .getStringList(userSection, username, repositoryField)));
+ for (String repository : repositories) {
+ user.addRepository(repository);
+ }
+
+ // update cache
+ users.put(username, user);
+ cookies.put(StringUtils.getSHA1(username + user.password), user);
+ }
+ } catch (Exception e) {
+ logger.error(MessageFormat.format("Failed to read {0}", realmFile), e);
+ }
+ }
+ }
+
+ protected long lastModified() {
+ return lastModified;
+ }
+
+ @Override
+ public String toString() {
+ return getClass().getSimpleName() + "(" + realmFile.getAbsolutePath() + ")";
+ }
+}
diff --git a/src/com/gitblit/FederationPullExecutor.java b/src/com/gitblit/FederationPullExecutor.java index b190e7b5..20fd67c6 100644 --- a/src/com/gitblit/FederationPullExecutor.java +++ b/src/com/gitblit/FederationPullExecutor.java @@ -285,9 +285,9 @@ public class FederationPullExecutor implements Runnable { Collection<UserModel> users = FederationUtils.getUsers(registration);
if (users != null && users.size() > 0) {
File realmFile = new File(registrationFolderFile, registration.name
- + "_users.properties");
+ + "_users.conf");
realmFile.delete();
- FileUserService userService = new FileUserService(realmFile);
+ ConfigUserService userService = new ConfigUserService(realmFile);
for (UserModel user : users) {
userService.updateUserModel(user.username, user);
diff --git a/src/com/gitblit/FileUserService.java b/src/com/gitblit/FileUserService.java index 3c8914dd..a98e4175 100644 --- a/src/com/gitblit/FileUserService.java +++ b/src/com/gitblit/FileUserService.java @@ -34,14 +34,19 @@ import com.gitblit.models.UserModel; import com.gitblit.utils.StringUtils;
/**
- * FileUserService is Gitblit's default user service implementation.
+ * FileUserService is Gitblit's original default user service implementation.
*
* Users and their repository memberships are stored in a simple properties file
* which is cached and dynamically reloaded when modified.
*
+ * This class was deprecated in Gitblit 0.8.0 in favor of ConfigUserService
+ * which is still a human-readable, editable, plain-text file but it is more
+ * flexible for storing additional fields.
+ *
* @author James Moger
*
*/
+@Deprecated
public class FileUserService extends FileSettings implements IUserService {
private final Logger logger = LoggerFactory.getLogger(FileUserService.class);
@@ -360,12 +365,11 @@ public class FileUserService extends FileSettings implements IUserService { StringBuilder sb = new StringBuilder();
sb.append(password);
sb.append(',');
- List<String> revisedRoles = new ArrayList<String>();
+
// skip first value (password)
for (int i = 1; i < values.length; i++) {
String value = values[i];
if (!value.equalsIgnoreCase(role)) {
- revisedRoles.add(value);
sb.append(value);
sb.append(',');
}
@@ -406,7 +410,7 @@ public class FileUserService extends FileSettings implements IUserService { for (int i = 1; i < roles.length; i++) {
String r = roles[i];
if (r.equalsIgnoreCase(oldRole)) {
- needsRenameRole.remove(username);
+ needsRenameRole.add(username);
break;
}
}
@@ -420,13 +424,13 @@ public class FileUserService extends FileSettings implements IUserService { StringBuilder sb = new StringBuilder();
sb.append(password);
sb.append(',');
- List<String> revisedRoles = new ArrayList<String>();
- revisedRoles.add(newRole);
+ sb.append(newRole);
+ sb.append(',');
+
// skip first value (password)
for (int i = 1; i < values.length; i++) {
String value = values[i];
if (!value.equalsIgnoreCase(oldRole)) {
- revisedRoles.add(value);
sb.append(value);
sb.append(',');
}
@@ -467,7 +471,7 @@ public class FileUserService extends FileSettings implements IUserService { for (int i = 1; i < roles.length; i++) {
String r = roles[i];
if (r.equalsIgnoreCase(role)) {
- needsDeleteRole.remove(username);
+ needsDeleteRole.add(username);
break;
}
}
@@ -481,12 +485,10 @@ public class FileUserService extends FileSettings implements IUserService { StringBuilder sb = new StringBuilder();
sb.append(password);
sb.append(',');
- List<String> revisedRoles = new ArrayList<String>();
// skip first value (password)
for (int i = 1; i < values.length; i++) {
String value = values[i];
if (!value.equalsIgnoreCase(role)) {
- revisedRoles.add(value);
sb.append(value);
sb.append(',');
}
@@ -558,4 +560,9 @@ public class FileUserService extends FileSettings implements IUserService { }
return allUsers;
}
+
+ @Override
+ public String toString() {
+ return getClass().getSimpleName() + "(" + propertiesFile.getAbsolutePath() + ")";
+ }
}
diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java index 80550f49..60a96e66 100644 --- a/src/com/gitblit/GitBlit.java +++ b/src/com/gitblit/GitBlit.java @@ -1435,6 +1435,7 @@ public class GitBlit implements ServletContextListener { *
* @param settings
*/
+ @SuppressWarnings("deprecation")
public void configureContext(IStoredSettings settings, boolean startFederation) {
logger.info("Reading configuration from " + settings.toString());
this.settings = settings;
@@ -1453,20 +1454,45 @@ public class GitBlit implements ServletContextListener { } catch (Throwable t) {
// not a login service class or class could not be instantiated.
// try to use default file login service
- File realmFile = getFileOrFolder(Keys.realm.userService, "users.properties");
+ File realmFile = getFileOrFolder(Keys.realm.userService, "users.conf");
if (realmFile.exists()) {
// load the existing realm file
- loginService = new FileUserService(realmFile);
+ if (realmFile.getName().toLowerCase().endsWith(".properties")) {
+ // load the v0.5.0 - v0.7.0 properties-based realm file
+ loginService = new FileUserService(realmFile);
+
+ // automatically create a users.conf realm file from the
+ // original users.properties file
+ File usersConfig = new File(realmFile.getParentFile(), "users.conf");
+ if (!usersConfig.exists()) {
+ logger.info(MessageFormat.format("Automatically creating {0} based on {1}",
+ usersConfig.getAbsolutePath(), realmFile.getAbsolutePath()));
+ ConfigUserService configService = new ConfigUserService(usersConfig);
+ for (String username : loginService.getAllUsernames()) {
+ UserModel userModel = loginService.getUserModel(username);
+ configService.updateUserModel(userModel);
+ }
+ }
+
+ // issue suggestion about switching to users.conf
+ logger.warn("Please consider using \"users.conf\" instead of the deprecated \"users.properties\" file");
+ } else if (realmFile.getName().toLowerCase().endsWith(".conf")) {
+ // load the config-based realm file
+ loginService = new ConfigUserService(realmFile);
+ }
} else {
- // create a new realm file and add the default admin account.
- // this is necessary for bootstrapping a dynamic environment
- // like running on a cloud service.
+ // Create a new realm file and add the default admin
+ // account. This is necessary for bootstrapping a dynamic
+ // environment like running on a cloud service.
+ // As of v0.8.0 the default realm file is ConfigUserService.
try {
+ realmFile = getFileOrFolder(Keys.realm.userService, "users.conf");
realmFile.createNewFile();
- loginService = new FileUserService(realmFile);
+ loginService = new ConfigUserService(realmFile);
UserModel admin = new UserModel("admin");
admin.password = "admin";
admin.canAdmin = true;
+ admin.excludeFromFederation = true;
loginService.updateUserModel(admin);
} catch (IOException x) {
logger.error(
diff --git a/src/com/gitblit/models/UserModel.java b/src/com/gitblit/models/UserModel.java index dadc44e7..8c99512b 100644 --- a/src/com/gitblit/models/UserModel.java +++ b/src/com/gitblit/models/UserModel.java @@ -63,10 +63,18 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel> return canAdmin || isOwner || repositories.contains(repository.name.toLowerCase());
}
+ public boolean hasRepository(String name) {
+ return repositories.contains(name.toLowerCase());
+ }
+
public void addRepository(String name) {
repositories.add(name.toLowerCase());
}
+ public void removeRepository(String name) {
+ repositories.remove(name.toLowerCase());
+ }
+
@Override
public String getName() {
return username;
diff --git a/tests/com/gitblit/tests/FederationTests.java b/tests/com/gitblit/tests/FederationTests.java index 66bb949c..e81867b9 100644 --- a/tests/com/gitblit/tests/FederationTests.java +++ b/tests/com/gitblit/tests/FederationTests.java @@ -47,7 +47,7 @@ public class FederationTests extends TestCase { GitBlitServer.main("--httpPort", "" + port, "--httpsPort", "0", "--shutdownPort",
"" + shutdownPort, "--repositoriesFolder",
"\"" + GitBlitSuite.REPOSITORIES.getAbsolutePath() + "\"", "--userService",
- "distrib/users.properties");
+ "distrib/users.conf");
}
});
diff --git a/tests/com/gitblit/tests/GitBlitSuite.java b/tests/com/gitblit/tests/GitBlitSuite.java index ad87cb0b..a2ab3e8b 100644 --- a/tests/com/gitblit/tests/GitBlitSuite.java +++ b/tests/com/gitblit/tests/GitBlitSuite.java @@ -25,8 +25,8 @@ import junit.framework.TestSuite; import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.storage.file.FileRepository;
+import com.gitblit.ConfigUserService;
import com.gitblit.FileSettings;
-import com.gitblit.FileUserService;
import com.gitblit.GitBlit;
import com.gitblit.GitBlitException;
import com.gitblit.GitBlitServer;
@@ -57,6 +57,7 @@ public class GitBlitSuite extends TestSetup { suite.addTestSuite(JsonUtilsTest.class);
suite.addTestSuite(ByteFormatTest.class);
suite.addTestSuite(ObjectCacheTest.class);
+ suite.addTestSuite(UserServiceTest.class);
suite.addTestSuite(MarkdownUtilsTest.class);
suite.addTestSuite(JGitUtilsTest.class);
suite.addTestSuite(SyndicationUtilsTest.class);
@@ -91,7 +92,7 @@ public class GitBlitSuite extends TestSetup { GitBlitServer.main("--httpPort", "" + port, "--httpsPort", "0", "--shutdownPort",
"" + shutdownPort, "--repositoriesFolder",
"\"" + GitBlitSuite.REPOSITORIES.getAbsolutePath() + "\"", "--userService",
- "distrib/users.properties");
+ "distrib/users.conf");
}
});
@@ -111,7 +112,7 @@ public class GitBlitSuite extends TestSetup { protected void setUp() throws Exception {
FileSettings settings = new FileSettings("distrib/gitblit.properties");
GitBlit.self().configureContext(settings, true);
- FileUserService loginService = new FileUserService(new File("distrib/users.properties"));
+ ConfigUserService loginService = new ConfigUserService(new File("distrib/users.conf"));
GitBlit.self().setUserService(loginService);
if (REPOSITORIES.exists() || REPOSITORIES.mkdirs()) {
diff --git a/tests/com/gitblit/tests/GitBlitTest.java b/tests/com/gitblit/tests/GitBlitTest.java index 669b25ac..6d36d497 100644 --- a/tests/com/gitblit/tests/GitBlitTest.java +++ b/tests/com/gitblit/tests/GitBlitTest.java @@ -96,7 +96,7 @@ public class GitBlitTest extends TestCase { assertTrue(settings.getInteger("realm.realmFile", 5) == 5);
assertTrue(settings.getBoolean("git.enableGitServlet", false));
- assertTrue(settings.getString("realm.userService", null).equals("users.properties"));
+ assertTrue(settings.getString("realm.userService", null).equals("users.conf"));
assertTrue(settings.getInteger("realm.minPasswordLength", 0) == 5);
List<String> mdExtensions = settings.getStrings("web.markdownExtensions");
assertTrue(mdExtensions.size() > 0);
@@ -117,7 +117,7 @@ public class GitBlitTest extends TestCase { assertEquals(5, GitBlit.getInteger("realm.userService", 5));
assertTrue(GitBlit.getBoolean("git.enableGitServlet", false));
- assertEquals("distrib/users.properties", GitBlit.getString("realm.userService", null));
+ assertEquals("distrib/users.conf", GitBlit.getString("realm.userService", null));
assertEquals(5, GitBlit.getInteger("realm.minPasswordLength", 0));
List<String> mdExtensions = GitBlit.getStrings("web.markdownExtensions");
assertTrue(mdExtensions.size() > 0);
diff --git a/tests/com/gitblit/tests/GitServletTest.java b/tests/com/gitblit/tests/GitServletTest.java index 89466d7f..db8182de 100644 --- a/tests/com/gitblit/tests/GitServletTest.java +++ b/tests/com/gitblit/tests/GitServletTest.java @@ -34,7 +34,7 @@ public class GitServletTest { GitBlitServer.main("--httpPort", "" + port, "--httpsPort", "0", "--shutdownPort",
"" + shutdownPort, "--repositoriesFolder",
"\"" + GitBlitSuite.REPOSITORIES.getAbsolutePath() + "\"", "--userService",
- "distrib/users.properties");
+ "distrib/users.conf");
}
});
diff --git a/tests/com/gitblit/tests/SyndicationUtilsTest.java b/tests/com/gitblit/tests/SyndicationUtilsTest.java index 0a2420f6..448874f4 100644 --- a/tests/com/gitblit/tests/SyndicationUtilsTest.java +++ b/tests/com/gitblit/tests/SyndicationUtilsTest.java @@ -62,7 +62,7 @@ public class SyndicationUtilsTest extends TestCase { Set<String> links = new HashSet<String>();
for (int i = 0; i < 2; i++) {
List<FeedEntryModel> feed = SyndicationUtils.readFeed(GitBlitSuite.url,
- "ticgit.git", "master", 5, i, GitBlitSuite.account,
+ "ticgit.git", "deving", 5, i, GitBlitSuite.account,
GitBlitSuite.password.toCharArray());
assertTrue(feed != null);
assertTrue(feed.size() > 0);
diff --git a/tests/com/gitblit/tests/UserServiceTest.java b/tests/com/gitblit/tests/UserServiceTest.java new file mode 100644 index 00000000..3dfdf7ac --- /dev/null +++ b/tests/com/gitblit/tests/UserServiceTest.java @@ -0,0 +1,100 @@ +/*
+ * Copyright 2011 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gitblit.tests;
+
+import java.io.File;
+import java.io.IOException;
+
+import junit.framework.TestCase;
+
+import com.gitblit.ConfigUserService;
+import com.gitblit.FileUserService;
+import com.gitblit.IUserService;
+import com.gitblit.models.UserModel;
+
+public class UserServiceTest extends TestCase {
+
+ public void testFileUserService() throws IOException {
+ File file = new File("us-test.properties");
+ file.delete();
+ test(new FileUserService(file));
+ file.delete();
+ }
+
+ public void testConfigUserService() throws IOException {
+ File file = new File("us-test.conf");
+ file.delete();
+ test(new ConfigUserService(file));
+ file.delete();
+ }
+
+ protected void test(IUserService service) {
+
+ UserModel admin = service.getUserModel("admin");
+ assertTrue(admin == null);
+
+ // add admin
+ admin = new UserModel("admin");
+ admin.password = "password";
+ admin.canAdmin = true;
+ admin.excludeFromFederation = true;
+ service.updateUserModel(admin);
+ admin = null;
+
+ // add new user
+ UserModel newUser = new UserModel("test");
+ newUser.password = "testPassword";
+ newUser.addRepository("repo1");
+ newUser.addRepository("repo2");
+ newUser.addRepository("sub/repo3");
+ service.updateUserModel(newUser);
+
+ // add one more new user and then test reload of first new user
+ newUser = new UserModel("garbage");
+ newUser.password = "garbage";
+ service.updateUserModel(newUser);
+
+ // confirm all added users
+ assertEquals(3, service.getAllUsernames().size());
+
+ // confirm reloaded test user
+ newUser = service.getUserModel("test");
+ assertEquals("testPassword", newUser.password);
+ assertEquals(3, newUser.repositories.size());
+ assertTrue(newUser.hasRepository("repo1"));
+ assertTrue(newUser.hasRepository("repo2"));
+ assertTrue(newUser.hasRepository("sub/repo3"));
+
+ // confirm authentication of test user
+ UserModel testUser = service.authenticate("test", "testPassword".toCharArray());
+ assertEquals("test", testUser.username);
+ assertEquals("testPassword", testUser.password);
+
+ // delete a repository role and confirm role removal from test user
+ service.deleteRepositoryRole("repo2");
+ testUser = service.getUserModel("test");
+ assertEquals(2, testUser.repositories.size());
+
+ // delete garbage user and confirm user count
+ service.deleteUser("garbage");
+ assertEquals(2, service.getAllUsernames().size());
+
+ // rename repository and confirm role change for test user
+ service.renameRepositoryRole("repo1", "newrepo1");
+ testUser = service.getUserModel("test");
+ assertTrue(testUser.hasRepository("newrepo1"));
+ }
+}
\ No newline at end of file |