Remove Wicket references from non-Wicket packages

3 files changed, 126 insertions, 123 deletions

diff --git a/src/main/java/com/gitblit/wicket/GitBlitWebSession.java b/src/main/java/com/gitblit/wicket/GitBlitWebSession.java
index b26a1118..31ccf1f5 100644
--- a/src/main/java/com/gitblit/wicket/GitBlitWebSession.java
+++ b/src/main/java/com/gitblit/wicket/GitBlitWebSession.java
@@ -30,7 +30,6 @@ import org.apache.wicket.protocol.http.WebRequestCycle;
 import org.apache.wicket.protocol.http.WebSession;

 import org.apache.wicket.protocol.http.request.WebClientInfo;

 

-import com.gitblit.Constants.AuthenticationType;

 import com.gitblit.models.UserModel;

 

 public final class GitBlitWebSession extends WebSession {

@@ -47,12 +46,9 @@ public final class GitBlitWebSession extends WebSession {
 

 	private AtomicBoolean isForking;

 

-	public AuthenticationType authenticationType;

-

 	public GitBlitWebSession(Request request) {

 		super(request);

 		isForking = new AtomicBoolean();

-		authenticationType = AuthenticationType.CREDENTIALS;

 	}

 

 	@Override

diff --git a/src/main/java/com/gitblit/wicket/pages/RootPage.java b/src/main/java/com/gitblit/wicket/pages/RootPage.java
index 43de3b9f..c4d4dd11 100644
--- a/src/main/java/com/gitblit/wicket/pages/RootPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/RootPage.java
@@ -31,6 +31,9 @@ import java.util.TreeSet;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.regex.Pattern;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.wicket.MarkupContainer;
 import org.apache.wicket.PageParameters;
 import org.apache.wicket.behavior.HeaderContributor;
@@ -50,6 +53,7 @@ import org.apache.wicket.protocol.http.WebRequest;
 import org.apache.wicket.protocol.http.WebResponse;
 
 import com.gitblit.Constants;
+import com.gitblit.Constants.AuthenticationType;
 import com.gitblit.Keys;
 import com.gitblit.extensions.NavLinkExtension;
 import com.gitblit.extensions.UserMenuExtension;
@@ -262,19 +266,22 @@ public abstract class RootPage extends BasePage {
 
 	private void loginUser(UserModel user) {
 		if (user != null) {
+			HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
+			HttpServletResponse response = ((WebResponse) getResponse()).getHttpServletResponse();
+
 			// Set the user into the session
 			GitBlitWebSession session = GitBlitWebSession.get();
+
 			// issue 62: fix session fixation vulnerability
 			session.replaceSession();
 			session.setUser(user);
 
+			request = ((WebRequest) getRequest()).getHttpServletRequest();
+			response = ((WebResponse) getResponse()).getHttpServletResponse();
+			request.getSession().setAttribute(Constants.AUTHENTICATION_TYPE, AuthenticationType.CREDENTIALS);
+
 			// Set Cookie
-			if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, false)) {
-				WebRequest request = (WebRequest) getRequestCycle().getRequest();
-				WebResponse response = (WebResponse) getRequestCycle().getResponse();
-				app().authentication().setCookie(request.getHttpServletRequest(),
-						response.getHttpServletResponse(), user);
-			}
+			app().authentication().setCookie(request, response, user);
 
 			if (!session.continueRequest()) {
 				PageParameters params = getPageParameters();
@@ -599,7 +606,9 @@ public abstract class RootPage extends BasePage {
 			GitBlitWebSession session = GitBlitWebSession.get();
 			UserModel user = session.getUser();
 			boolean editCredentials = app().authentication().supportsCredentialChanges(user);
-			boolean standardLogin = session.authenticationType.isStandard();
+			HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
+			AuthenticationType authenticationType = (AuthenticationType) request.getSession().getAttribute(Constants.AUTHENTICATION_TYPE);
+			boolean standardLogin = authenticationType.isStandard();
 
 			if (app().settings().getBoolean(Keys.web.allowGravatar, true)) {
 				add(new GravatarImage("username", user, "navbarGravatar", 20, false));
diff --git a/src/main/java/com/gitblit/wicket/pages/SessionPage.java b/src/main/java/com/gitblit/wicket/pages/SessionPage.java
index 7717854b..0dda9495 100644
--- a/src/main/java/com/gitblit/wicket/pages/SessionPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/SessionPage.java
@@ -1,112 +1,110 @@
-/*

- * Copyright 2013 gitblit.com.

- *

- * Licensed under the Apache License, Version 2.0 (the "License");

- * you may not use this file except in compliance with the License.

- * You may obtain a copy of the License at

- *

- *     http://www.apache.org/licenses/LICENSE-2.0

- *

- * Unless required by applicable law or agreed to in writing, software

- * distributed under the License is distributed on an "AS IS" BASIS,

- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

- * See the License for the specific language governing permissions and

- * limitations under the License.

- */

-package com.gitblit.wicket.pages;

-

-import javax.servlet.http.HttpServletRequest;

-import javax.servlet.http.HttpServletResponse;

-

-import org.apache.wicket.PageParameters;

-import org.apache.wicket.markup.html.WebPage;

-import org.apache.wicket.protocol.http.WebRequest;

-import org.apache.wicket.protocol.http.WebResponse;

-

-import com.gitblit.Keys;

-import com.gitblit.models.UserModel;

-import com.gitblit.utils.StringUtils;

-import com.gitblit.wicket.GitBlitWebApp;

-import com.gitblit.wicket.GitBlitWebSession;

-

-public abstract class SessionPage extends WebPage {

-

-	public SessionPage() {

-		super();

-		login();

-	}

-

-	public SessionPage(final PageParameters params) {

-		super(params);

-		login();

-	}

-

-	protected String [] getEncodings() {

-		return app().settings().getStrings(Keys.web.blobEncodings).toArray(new String[0]);

-	}

-

-	protected GitBlitWebApp app() {

-		return GitBlitWebApp.get();

-	}

-

-	private void login() {

-		GitBlitWebSession session = GitBlitWebSession.get();

-		if (session.isLoggedIn() && !session.isSessionInvalidated()) {

-			// already have a session, refresh usermodel to pick up

-			// any changes to permissions or roles (issue-186)

-			UserModel user = app().users().getUserModel(session.getUser().username);

-

-			if (user == null || user.disabled) {

-				// user was deleted/disabled during session

-				HttpServletRequest request = ((WebRequest) getRequestCycle().getRequest())

-						.getHttpServletRequest();

-				HttpServletResponse response = ((WebResponse) getRequestCycle().getResponse())

-						.getHttpServletResponse();

-				app().authentication().logout(request, response, user);

-				session.setUser(null);

-				session.invalidateNow();

-				return;

-			}

-

-			// validate cookie during session (issue-361)

-			if (user != null && app().settings().getBoolean(Keys.web.allowCookieAuthentication, true)) {

-				HttpServletRequest request = ((WebRequest) getRequestCycle().getRequest())

-						.getHttpServletRequest();

-				String requestCookie = app().authentication().getCookie(request);

-				if (!StringUtils.isEmpty(requestCookie) && !StringUtils.isEmpty(user.cookie)) {

-					if (!requestCookie.equals(user.cookie)) {

-						// cookie was changed during our session

-						HttpServletResponse response = ((WebResponse) getRequestCycle().getResponse())

-								.getHttpServletResponse();

-						app().authentication().logout(request, response, user);

-						session.setUser(null);

-						session.invalidateNow();

-						return;

-					}

-				}

-			}

-			session.setUser(user);

-			return;

-		}

-

-		// try to authenticate by servlet request

-		HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest())

-				.getHttpServletRequest();

-		UserModel user = app().authentication().authenticate(httpRequest);

-

-		// Login the user

-		if (user != null) {

-			// issue 62: fix session fixation vulnerability

-			session.replaceSession();

-			session.setUser(user);

-

-			// Set Cookie

-			WebRequest request = (WebRequest) getRequestCycle().getRequest();

-			WebResponse response = (WebResponse) getRequestCycle().getResponse();

-			app().authentication().setCookie(request.getHttpServletRequest(),

-					response.getHttpServletResponse(), user);

-

-			session.continueRequest();

-		}

-	}

-}

+/*
+ * Copyright 2013 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gitblit.wicket.pages;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.wicket.PageParameters;
+import org.apache.wicket.markup.html.WebPage;
+import org.apache.wicket.protocol.http.WebRequest;
+import org.apache.wicket.protocol.http.WebResponse;
+
+import com.gitblit.Constants;
+import com.gitblit.Constants.AuthenticationType;
+import com.gitblit.Keys;
+import com.gitblit.models.UserModel;
+import com.gitblit.utils.StringUtils;
+import com.gitblit.wicket.GitBlitWebApp;
+import com.gitblit.wicket.GitBlitWebSession;
+
+public abstract class SessionPage extends WebPage {
+
+	public SessionPage() {
+		super();
+		login();
+	}
+
+	public SessionPage(final PageParameters params) {
+		super(params);
+		login();
+	}
+
+	protected String [] getEncodings() {
+		return app().settings().getStrings(Keys.web.blobEncodings).toArray(new String[0]);
+	}
+
+	protected GitBlitWebApp app() {
+		return GitBlitWebApp.get();
+	}
+
+	private void login() {
+		GitBlitWebSession session = GitBlitWebSession.get();
+		HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
+		HttpServletResponse response = ((WebResponse) getResponse()).getHttpServletResponse();
+
+		if (session.isLoggedIn() && !session.isSessionInvalidated()) {
+			// already have a session, refresh usermodel to pick up
+			// any changes to permissions or roles (issue-186)
+			UserModel user = app().users().getUserModel(session.getUser().username);
+
+			if (user == null || user.disabled) {
+				// user was deleted/disabled during session
+				app().authentication().logout(request, response, user);
+				session.setUser(null);
+				session.invalidateNow();
+				return;
+			}
+
+			// validate cookie during session (issue-361)
+			if (user != null && app().settings().getBoolean(Keys.web.allowCookieAuthentication, true)) {
+				String requestCookie = app().authentication().getCookie(request);
+				if (!StringUtils.isEmpty(requestCookie) && !StringUtils.isEmpty(user.cookie)) {
+					if (!requestCookie.equals(user.cookie)) {
+						// cookie was changed during our session
+						app().authentication().logout(request, response, user);
+						session.setUser(null);
+						session.invalidateNow();
+						return;
+					}
+				}
+			}
+			session.setUser(user);
+			return;
+		}
+
+		// try to authenticate by servlet request
+		UserModel user = app().authentication().authenticate(request);
+
+		// Login the user
+		if (user != null) {
+			// preserve the authentication type across session replacement
+			AuthenticationType authenticationType = (AuthenticationType) request.getSession()
+					.getAttribute(Constants.AUTHENTICATION_TYPE);
+
+			// issue 62: fix session fixation vulnerability
+			session.replaceSession();
+			session.setUser(user);
+
+			request.getSession().setAttribute(Constants.AUTHENTICATION_TYPE, authenticationType);
+
+			// Set Cookie
+			app().authentication().setCookie(request, response, user);
+
+			session.continueRequest();
+		}
+	}
+}