summaryrefslogtreecommitdiffstats
path: root/src/main/java/com/gitblit
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/gitblit')
-rw-r--r--src/main/java/com/gitblit/manager/AuthenticationManager.java36
-rw-r--r--src/main/java/com/gitblit/manager/GitblitManager.java4
-rw-r--r--src/main/java/com/gitblit/manager/IAuthenticationManager.java3
-rw-r--r--src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java2
-rw-r--r--src/main/java/com/gitblit/wicket/pages/RootPage.java5
5 files changed, 29 insertions, 21 deletions
diff --git a/src/main/java/com/gitblit/manager/AuthenticationManager.java b/src/main/java/com/gitblit/manager/AuthenticationManager.java
index 51aa2213..7e0b07be 100644
--- a/src/main/java/com/gitblit/manager/AuthenticationManager.java
+++ b/src/main/java/com/gitblit/manager/AuthenticationManager.java
@@ -310,15 +310,12 @@ public class AuthenticationManager implements IAuthenticationManager {
if (values.length == 2) {
String username = values[0];
char[] password = values[1].toCharArray();
- user = authenticate(username, password);
+ user = authenticate(username, password, httpRequest.getRemoteAddr());
if (user != null) {
flagRequest(httpRequest, AuthenticationType.CREDENTIALS, user.username);
logger.debug(MessageFormat.format("{0} authenticated by BASIC request header from {1}",
user.username, httpRequest.getRemoteAddr()));
return validateAuthentication(user, AuthenticationType.CREDENTIALS);
- } else {
- logger.warn(MessageFormat.format("Failed login attempt for {0}, invalid credentials from {1}",
- username, httpRequest.getRemoteAddr()));
}
}
}
@@ -445,7 +442,7 @@ public class AuthenticationManager implements IAuthenticationManager {
* @return a user object or null
*/
@Override
- public UserModel authenticate(String username, char[] password) {
+ public UserModel authenticate(String username, char[] password, String remoteIP) {
if (StringUtils.isEmpty(username)) {
// can not authenticate empty username
return null;
@@ -462,22 +459,29 @@ public class AuthenticationManager implements IAuthenticationManager {
// try local authentication
if (user != null && user.isLocalAccount()) {
- return authenticateLocal(user, password);
- }
-
- // try registered external authentication providers
- for (AuthenticationProvider provider : authenticationProviders) {
- if (provider instanceof UsernamePasswordAuthenticationProvider) {
- UserModel returnedUser = provider.authenticate(usernameDecoded, password);
- if (returnedUser != null) {
- // user authenticated
- returnedUser.accountType = provider.getAccountType();
- return validateAuthentication(returnedUser, AuthenticationType.CREDENTIALS);
+ UserModel returnedUser = authenticateLocal(user, password);
+ if (returnedUser != null) {
+ // user authenticated
+ return returnedUser;
+ }
+ } else {
+ // try registered external authentication providers
+ for (AuthenticationProvider provider : authenticationProviders) {
+ if (provider instanceof UsernamePasswordAuthenticationProvider) {
+ UserModel returnedUser = provider.authenticate(usernameDecoded, password);
+ if (returnedUser != null) {
+ // user authenticated
+ returnedUser.accountType = provider.getAccountType();
+ return validateAuthentication(returnedUser, AuthenticationType.CREDENTIALS);
+ }
}
}
}
// could not authenticate locally or with a provider
+ logger.warn(MessageFormat.format("Failed login attempt for {0}, invalid credentials from {1}", username,
+ remoteIP != null ? remoteIP : "unknown"));
+
return null;
}
diff --git a/src/main/java/com/gitblit/manager/GitblitManager.java b/src/main/java/com/gitblit/manager/GitblitManager.java
index a34e29d7..4a385fc1 100644
--- a/src/main/java/com/gitblit/manager/GitblitManager.java
+++ b/src/main/java/com/gitblit/manager/GitblitManager.java
@@ -649,8 +649,8 @@ public class GitblitManager implements IGitblit {
*/
@Override
- public UserModel authenticate(String username, char[] password) {
- return authenticationManager.authenticate(username, password);
+ public UserModel authenticate(String username, char[] password, String remoteIP) {
+ return authenticationManager.authenticate(username, password, remoteIP);
}
@Override
diff --git a/src/main/java/com/gitblit/manager/IAuthenticationManager.java b/src/main/java/com/gitblit/manager/IAuthenticationManager.java
index c81092b9..5406a794 100644
--- a/src/main/java/com/gitblit/manager/IAuthenticationManager.java
+++ b/src/main/java/com/gitblit/manager/IAuthenticationManager.java
@@ -65,10 +65,11 @@ public interface IAuthenticationManager extends IManager {
* @see IUserService.authenticate(String, char[])
* @param username
* @param password
+ * @param remoteIP
* @return a user object or null
* @since 1.4.0
*/
- UserModel authenticate(String username, char[] password);
+ UserModel authenticate(String username, char[] password, String remoteIP);
/**
* Return the UserModel for already authenticated user.
diff --git a/src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java
index a6d77ec4..e9e2d7e1 100644
--- a/src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java
+++ b/src/main/java/com/gitblit/transport/ssh/UsernamePasswordAuthenticator.java
@@ -51,7 +51,7 @@ public class UsernamePasswordAuthenticator implements PasswordAuthenticator {
}
username = username.toLowerCase(Locale.US);
- UserModel user = authManager.authenticate(username, password.toCharArray());
+ UserModel user = authManager.authenticate(username, password.toCharArray(), null);
if (user != null) {
client.setUser(user);
return true;
diff --git a/src/main/java/com/gitblit/wicket/pages/RootPage.java b/src/main/java/com/gitblit/wicket/pages/RootPage.java
index 93d44fc7..b48f7224 100644
--- a/src/main/java/com/gitblit/wicket/pages/RootPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/RootPage.java
@@ -36,6 +36,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.wicket.MarkupContainer;
import org.apache.wicket.PageParameters;
+import org.apache.wicket.RequestCycle;
import org.apache.wicket.behavior.HeaderContributor;
import org.apache.wicket.markup.html.IHeaderContributor;
import org.apache.wicket.markup.html.IHeaderResponse;
@@ -566,7 +567,9 @@ public abstract class RootPage extends BasePage {
String username = RootPage.this.username.getObject();
char[] password = RootPage.this.password.getObject().toCharArray();
- UserModel user = app().authentication().authenticate(username, password);
+ HttpServletRequest request = ((WebRequest)RequestCycle.get().getRequest()).getHttpServletRequest();
+
+ UserModel user = app().authentication().authenticate(username, password, request.getRemoteAddr());
if (user == null) {
error(getString("gb.invalidUsernameOrPassword"));
} else if (user.username.equals(Constants.FEDERATION_USER)) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-06 19:24:37 +0000