diff options
Diffstat (limited to 'src')
9 files changed, 887 insertions, 18 deletions
diff --git a/src/main/distrib/data/defaults.properties b/src/main/distrib/data/defaults.properties index 0857ccf6..59fa3996 100644 --- a/src/main/distrib/data/defaults.properties +++ b/src/main/distrib/data/defaults.properties @@ -126,6 +126,28 @@ git.sshKeysManager = com.gitblit.transport.ssh.FileKeyManager # SINCE 1.5.0 git.sshKeysFolder= ${baseFolder}/ssh +# Use kerberos5 (GSS) authentication +# +# SINCE 1.7.0 +git.sshWithKrb5 = "false" + +# The path to a kerberos 5 keytab. +# +# SINCE 1.7.0 +git.sshKrb5Keytab = "" + +# The service principal name to be used for Kerberos5. The default is host/hostname. +# +# SINCE 1.7.0 +git.sshKrb5ServicePrincipalName = "" + +# A comma-separated list of authentication method. They will be tried in +# the given order. Possible values are +# "gssapi-with-mic", "publickey", "keyboard-interactive" or "password" +# +# SINCE 1.7.0 +git.sshAuthenticatorsOrder = "password,keyboard-interactive,publickey" + # SSH backend NIO2|MINA. # # The Apache Mina project recommends using the NIO2 backend. @@ -1610,6 +1632,22 @@ federation.sets = # SINCE 1.3.0 realm.container.autoCreateAccounts = false +# A set of mapping used to map HTTP session attributes to user informations +# They are used if realm.container.autoCreateAccounts is set to true and +# the webapp container used can fill the session with user informations +# +# SINCE 1.7.0 +realm.container.autoAccounts.displayName = +realm.container.autoAccounts.emailAddress = +realm.container.autoAccounts.locale = + +# If the user's created by the webapp container is given this role, +# the user created will be a admin user. +# +# SINCE 1.7.0 +realm.container.autoAccounts.adminRole = + + # Allow or prohibit Windows guest account logins # # SINCE 1.3.0 diff --git a/src/main/java/com/gitblit/guice/WebModule.java b/src/main/java/com/gitblit/guice/WebModule.java index 5b569182..c6172c3d 100644 --- a/src/main/java/com/gitblit/guice/WebModule.java +++ b/src/main/java/com/gitblit/guice/WebModule.java @@ -19,6 +19,7 @@ import java.util.HashMap; import java.util.Map; import com.gitblit.Constants; +import com.gitblit.servlet.AccessDeniedServlet; import com.gitblit.servlet.BranchGraphServlet; import com.gitblit.servlet.DownloadZipFilter; import com.gitblit.servlet.DownloadZipServlet; @@ -70,6 +71,17 @@ public class WebModule extends ServletModule { serve("/robots.txt").with(RobotsTxtServlet.class); serve("/logo.png").with(LogoServlet.class); + /* Prevent accidental access to 'resources' such as GitBlit java classes + * + * In the GO setup the JAR containing the application and the WAR injected + * into Jetty are the same file. However Jetty expects to serve the entire WAR + * contents, except the WEB-INF folder. Thus, all java binary classes in the + * JAR are served by default as is they were legitimate resources. + * + * The below servlet mappings prevent that behavior + */ + serve(fuzzy("/com/")).with(AccessDeniedServlet.class); + // global filters filter(ALL).through(ProxyFilter.class); filter(ALL).through(EnforceAuthenticationFilter.class); diff --git a/src/main/java/com/gitblit/manager/AuthenticationManager.java b/src/main/java/com/gitblit/manager/AuthenticationManager.java index 29221e6f..cbf0a1bd 100644 --- a/src/main/java/com/gitblit/manager/AuthenticationManager.java +++ b/src/main/java/com/gitblit/manager/AuthenticationManager.java @@ -215,6 +215,29 @@ public class AuthenticationManager implements IAuthenticationManager { user.displayName = username; user.password = Constants.EXTERNAL_ACCOUNT; user.accountType = AccountType.CONTAINER; + + // Try to extract user's informations for the session + // it uses "realm.container.autoAccounts.*" as the attribute name to look for + HttpSession session = httpRequest.getSession(); + String emailAddress = resolveAttribute(session, Keys.realm.container.autoAccounts.emailAddress); + if(emailAddress != null) { + user.emailAddress = emailAddress; + } + String displayName = resolveAttribute(session, Keys.realm.container.autoAccounts.displayName); + if(displayName != null) { + user.displayName = displayName; + } + String userLocale = resolveAttribute(session, Keys.realm.container.autoAccounts.locale); + if(userLocale != null) { + user.getPreferences().setLocale(userLocale); + } + String adminRole = settings.getString(Keys.realm.container.autoAccounts.adminRole, null); + if(adminRole != null && ! adminRole.isEmpty()) { + if(httpRequest.isUserInRole(adminRole)) { + user.canAdmin = true; + } + } + userManager.updateUserModel(user); flagSession(httpRequest, AuthenticationType.CONTAINER); logger.debug(MessageFormat.format("{0} authenticated and created by servlet container principal from {1}", @@ -293,6 +316,31 @@ public class AuthenticationManager implements IAuthenticationManager { } return null; } + + /** + * Extract given attribute from the session and return it's content + * it return null if attributeMapping is empty, or if the value is + * empty + * + * @param session The user session + * @param attributeMapping + * @return + */ + private String resolveAttribute(HttpSession session, String attributeMapping) { + String attributeName = settings.getString(attributeMapping, null); + if(StringUtils.isEmpty(attributeName)) { + return null; + } + Object attributeValue = session.getAttribute(attributeName); + if(attributeValue == null) { + return null; + } + String value = attributeValue.toString(); + if(value.isEmpty()) { + return null; + } + return value; + } /** * Authenticate a user based on a public key. diff --git a/src/main/java/com/gitblit/servlet/AccessDeniedServlet.java b/src/main/java/com/gitblit/servlet/AccessDeniedServlet.java new file mode 100644 index 00000000..ae0797e2 --- /dev/null +++ b/src/main/java/com/gitblit/servlet/AccessDeniedServlet.java @@ -0,0 +1,63 @@ +/* + * Copyright 2015 Jean-Baptiste Mayer + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gitblit.servlet; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.google.inject.Singleton; + +/** + * Access-denied Servlet. + * + * This servlet serves only 404 Not Found error replies. + * + * This servlet is used to override the container's default behavior to serve + * all contents of the application's WAR. We can selectively prevent access to + * a specific path simply by mapping this servlet onto specific paths. + * + * + * @author Jean-Baptiste Mayer + * + */ +@Singleton +public class AccessDeniedServlet extends HttpServlet { + /** + * + */ + private static final long serialVersionUID = -3239463647917811122L; + + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, java.io.IOException { + processRequest(request, response); + } + + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + private void processRequest(HttpServletRequest request, + HttpServletResponse response) { + response.setStatus(HttpServletResponse.SC_NOT_FOUND); + } +} diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java index 9667154f..ec7d7c36 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java +++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java @@ -23,15 +23,25 @@ import java.net.InetSocketAddress; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.text.MessageFormat; +import java.util.ArrayList; +import java.util.List; +import java.util.Locale; import java.util.concurrent.atomic.AtomicBoolean; import org.apache.sshd.SshServer; +import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.io.IoServiceFactoryFactory; import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory; import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory; import org.apache.sshd.common.keyprovider.FileKeyPairProvider; import org.apache.sshd.common.util.SecurityUtils; import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator; +import org.apache.sshd.server.UserAuth; +import org.apache.sshd.server.auth.UserAuthKeyboardInteractive; +import org.apache.sshd.server.auth.UserAuthPassword; +import org.apache.sshd.server.auth.UserAuthPublicKey; +import org.apache.sshd.server.auth.gss.GSSAuthenticator; +import org.apache.sshd.server.auth.gss.UserAuthGSS; import org.bouncycastle.openssl.PEMWriter; import org.eclipse.jgit.internal.JGitText; import org.slf4j.Logger; @@ -120,7 +130,49 @@ public class SshDaemon { } else { addr = new InetSocketAddress(bindInterface, port); } - + + //Will do GSS ? + GSSAuthenticator gssAuthenticator = null; + if(settings.getBoolean(Keys.git.sshWithKrb5, false)) { + gssAuthenticator = new GSSAuthenticator(); + String keytabString = settings.getString(Keys.git.sshKrb5Keytab, + ""); + if(! keytabString.isEmpty()) { + gssAuthenticator.setKeytabFile(keytabString); + } + String servicePrincipalName = settings.getString(Keys.git.sshKrb5ServicePrincipalName, + ""); + if(! servicePrincipalName.isEmpty()) { + gssAuthenticator.setServicePrincipalName(servicePrincipalName); + } + } + + //Sort the authenticators for sshd + List<NamedFactory<UserAuth>> userAuthFactories = new ArrayList<>(); + String sshAuthenticatorsOrderString = settings.getString(Keys.git.sshAuthenticatorsOrder, + "password,keyboard-interactive,publickey"); + for(String authenticator: sshAuthenticatorsOrderString.split(",")) { + String authenticatorName = authenticator.trim().toLowerCase(Locale.US); + switch (authenticatorName) { + case "gssapi-with-mic": + if(gssAuthenticator != null) { + userAuthFactories.add(new UserAuthGSS.Factory()); + } + break; + case "publickey": + userAuthFactories.add(new UserAuthPublicKey.Factory()); + break; + case "password": + userAuthFactories.add(new UserAuthPassword.Factory()); + break; + case "keyboard-interactive": + userAuthFactories.add(new UserAuthKeyboardInteractive.Factory()); + break; + default: + log.error("Unknown ssh authenticator: '{}'", authenticatorName); + } + } + // Create the SSH server sshd = SshServer.setUpDefaultServer(); sshd.setPort(addr.getPort()); @@ -128,6 +180,10 @@ public class SshDaemon { sshd.setKeyPairProvider(hostKeyPairProvider); sshd.setPublickeyAuthenticator(new CachingPublicKeyAuthenticator(keyAuthenticator)); sshd.setPasswordAuthenticator(new UsernamePasswordAuthenticator(gitblit)); + if(gssAuthenticator != null) { + sshd.setGSSAuthenticator(gssAuthenticator); + } + sshd.setUserAuthFactories(userAuthFactories); sshd.setSessionFactory(new SshServerSessionFactory()); sshd.setFileSystemFactory(new DisabledFilesystemFactory()); sshd.setTcpipForwardingFilter(new NonForwardingFilter()); diff --git a/src/test/config/test-gitblit.properties b/src/test/config/test-gitblit.properties index 78e9ab95..398047c1 100644 --- a/src/test/config/test-gitblit.properties +++ b/src/test/config/test-gitblit.properties @@ -9,6 +9,8 @@ git.enableGitServlet = true git.daemonPort = 8300 git.sshPort = 29418 git.sshKeysManager = com.gitblit.transport.ssh.MemoryKeyManager +git.sshWithKrb5 = true +git.sshAuthenticatorsOrder = password, publickey,gssapi-with-mic,invalid groovy.scriptsFolder = src/main/distrib/data/groovy groovy.preReceiveScripts = blockpush groovy.postReceiveScripts = sendmail diff --git a/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java b/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java index 0cdee6cb..d6ca89c6 100644 --- a/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java +++ b/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java @@ -15,15 +15,44 @@ */ package com.gitblit.tests; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.security.Principal; +import java.util.Collection; +import java.util.Collections; +import java.util.Enumeration; import java.util.HashMap; +import java.util.List; +import java.util.Locale; +import java.util.Map; + +import javax.servlet.AsyncContext; +import javax.servlet.DispatcherType; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.ServletInputStream; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.servlet.http.HttpSessionContext; +import javax.servlet.http.HttpUpgradeHandler; +import javax.servlet.http.Part; import org.junit.Test; +import com.gitblit.IUserService; +import com.gitblit.Keys; import com.gitblit.manager.AuthenticationManager; import com.gitblit.manager.IAuthenticationManager; -import com.gitblit.manager.IUserManager; +import com.gitblit.manager.IRuntimeManager; import com.gitblit.manager.RuntimeManager; import com.gitblit.manager.UserManager; +import com.gitblit.models.TeamModel; import com.gitblit.models.UserModel; import com.gitblit.tests.mock.MemorySettings; import com.gitblit.utils.XssFilter; @@ -35,27 +64,596 @@ import com.gitblit.utils.XssFilter.AllowXssFilter; * @author James Moger * */ +@SuppressWarnings("deprecation") public class AuthenticationManagerTest extends GitblitUnitTest { - IUserManager users; + UserManager users; + + private static final class DummyHttpServletRequest implements HttpServletRequest { + + @Override + public Object getAttribute(String name) { + return null; + } + + @Override + public Enumeration<String> getAttributeNames() { + return null; + } + + @Override + public String getCharacterEncoding() { + return null; + } + + @Override + public void setCharacterEncoding(String env) + throws UnsupportedEncodingException { + } + + @Override + public int getContentLength() { + return 0; + } + + @Override + public long getContentLengthLong() { + return 0; + } + + @Override + public String getContentType() { + return null; + } + + @Override + public ServletInputStream getInputStream() throws IOException { + return null; + } + + @Override + public String getParameter(String name) { + return null; + } + + @Override + public Enumeration<String> getParameterNames() { + return null; + } + + @Override + public String[] getParameterValues(String name) { + return null; + } + + @Override + public Map<String, String[]> getParameterMap() { + return null; + } + + @Override + public String getProtocol() { + return null; + } + + @Override + public String getScheme() { + return null; + } + + @Override + public String getServerName() { + return null; + } + + @Override + public int getServerPort() { + return 0; + } + + @Override + public BufferedReader getReader() throws IOException { + return null; + } + + @Override + public String getRemoteAddr() { + return null; + } + + @Override + public String getRemoteHost() { + return null; + } + + @Override + public void setAttribute(String name, Object o) { + } + + @Override + public void removeAttribute(String name) { + } + + @Override + public Locale getLocale() { + return null; + } + + @Override + public Enumeration<Locale> getLocales() { + return null; + } + + @Override + public boolean isSecure() { + return false; + } + + @Override + public RequestDispatcher getRequestDispatcher(String path) { + return null; + } + + @Override + public String getRealPath(String path) { + return null; + } + + @Override + public int getRemotePort() { + return 0; + } + + @Override + public String getLocalName() { + return null; + } + + @Override + public String getLocalAddr() { + return null; + } + + @Override + public int getLocalPort() { + return 0; + } + + @Override + public ServletContext getServletContext() { + return null; + } + + @Override + public AsyncContext startAsync() throws IllegalStateException { + return null; + } + + @Override + public AsyncContext startAsync(ServletRequest servletRequest, + ServletResponse servletResponse) + throws IllegalStateException { + return null; + } + + @Override + public boolean isAsyncStarted() { + return false; + } + + @Override + public boolean isAsyncSupported() { + return false; + } + + @Override + public AsyncContext getAsyncContext() { + return null; + } + + @Override + public DispatcherType getDispatcherType() { + return null; + } + + @Override + public String getAuthType() { + return null; + } + + @Override + public Cookie[] getCookies() { + return null; + } + + @Override + public long getDateHeader(String name) { + return 0; + } + + @Override + public String getHeader(String name) { + return null; + } + + @Override + public Enumeration<String> getHeaders(String name) { + return null; + } + + @Override + public Enumeration<String> getHeaderNames() { + return null; + } + + @Override + public int getIntHeader(String name) { + return 0; + } + + @Override + public String getMethod() { + return null; + } + + @Override + public String getPathInfo() { + return null; + } + + @Override + public String getPathTranslated() { + return null; + } + + @Override + public String getContextPath() { + return null; + } + + @Override + public String getQueryString() { + return null; + } + + @Override + public String getRemoteUser() { + return null; + } + + @Override + public boolean isUserInRole(String role) { + if(role != null && "admin".equals(role)) { + return true; + } + return false; + } + + @Override + public Principal getUserPrincipal() { + return new Principal(){ + @Override + public String getName() { + return "sunnyjim"; + } + + }; + } + + @Override + public String getRequestedSessionId() { + return null; + } + + @Override + public String getRequestURI() { + return null; + } + + @Override + public StringBuffer getRequestURL() { + return null; + } + + @Override + public String getServletPath() { + return null; + } + + @Override + public HttpSession getSession(boolean create) { + return null; + } + + final Map<String, Object> sessionAttributes = new HashMap<String, Object>(); + @Override + public HttpSession getSession() { + return new HttpSession() { + + @Override + public long getCreationTime() { + return 0; + } + + @Override + public String getId() { + return null; + } + + @Override + public long getLastAccessedTime() { + return 0; + } - MemorySettings getSettings() { - return new MemorySettings(new HashMap<String, Object>()); - } + @Override + public ServletContext getServletContext() { + return null; + } - IAuthenticationManager newAuthenticationManager() { - XssFilter xssFilter = new AllowXssFilter(); - RuntimeManager runtime = new RuntimeManager(getSettings(), xssFilter, GitBlitSuite.BASEFOLDER).start(); - users = new UserManager(runtime, null).start(); - AuthenticationManager auth = new AuthenticationManager(runtime, users).start(); - return auth; - } + @Override + public void setMaxInactiveInterval(int interval) { + } - @Test - public void testAuthenticate() throws Exception { - IAuthenticationManager auth = newAuthenticationManager(); + @Override + public int getMaxInactiveInterval() { + return 0; + } - UserModel user = new UserModel("sunnyjim"); + @Override + public HttpSessionContext getSessionContext() { + return null; + } + + @Override + public Object getAttribute(String name) { + return sessionAttributes.get(name); + } + + @Override + public Object getValue(String name) { + return null; + } + + @Override + public Enumeration<String> getAttributeNames() { + return Collections.enumeration(sessionAttributes.keySet()); + } + + @Override + public String[] getValueNames() { + return null; + } + + @Override + public void setAttribute(String name, + Object value) { + } + + @Override + public void putValue(String name, Object value) { + } + + @Override + public void removeAttribute(String name) { + } + + @Override + public void removeValue(String name) { + } + + @Override + public void invalidate() { + } + + @Override + public boolean isNew() { + return false; + } + + }; + } + + @Override + public String changeSessionId() { + return null; + } + + @Override + public boolean isRequestedSessionIdValid() { + return false; + } + + @Override + public boolean isRequestedSessionIdFromCookie() { + return false; + } + + @Override + public boolean isRequestedSessionIdFromURL() { + return false; + } + + @Override + public boolean isRequestedSessionIdFromUrl() { + return false; + } + + @Override + public boolean authenticate(HttpServletResponse response) + throws IOException, ServletException { + return false; + } + + @Override + public void login(String username, String password) + throws ServletException { + } + + @Override + public void logout() throws ServletException { + } + + @Override + public Collection<Part> getParts() throws IOException, + ServletException { + return null; + } + + @Override + public Part getPart(String name) throws IOException, + ServletException { + return null; + } + + @Override + public <T extends HttpUpgradeHandler> T upgrade( + Class<T> handlerClass) throws IOException, + ServletException { + return null; + } + + } + + HashMap<String, Object> settings = new HashMap<String, Object>(); + + MemorySettings getSettings() { + return new MemorySettings(settings); + } + + IAuthenticationManager newAuthenticationManager() { + XssFilter xssFilter = new AllowXssFilter(); + RuntimeManager runtime = new RuntimeManager(getSettings(), xssFilter, GitBlitSuite.BASEFOLDER).start(); + users = new UserManager(runtime, null).start(); + final Map<String, UserModel> virtualUsers = new HashMap<String, UserModel>(); + users.setUserService(new IUserService() { + + @Override + public void setup(IRuntimeManager runtimeManager) { + } + + @Override + public String getCookie(UserModel model) { + return null; + } + + @Override + public UserModel getUserModel(char[] cookie) { + return null; + } + + @Override + public UserModel getUserModel(String username) { + return virtualUsers.get(username); + } + + @Override + public boolean updateUserModel(UserModel model) { + virtualUsers.put(model.username, model); + return true; + } + + @Override + public boolean updateUserModels(Collection<UserModel> models) { + return false; + } + + @Override + public boolean updateUserModel(String username, UserModel model) { + virtualUsers.put(username, model); + return true; + } + + @Override + public boolean deleteUserModel(UserModel model) { + return false; + } + + @Override + public boolean deleteUser(String username) { + return false; + } + + @Override + public List<String> getAllUsernames() { + return null; + } + + @Override + public List<UserModel> getAllUsers() { + return null; + } + + @Override + public List<String> getAllTeamNames() { + return null; + } + + @Override + public List<TeamModel> getAllTeams() { + return null; + } + + @Override + public List<String> getTeamNamesForRepositoryRole(String role) { + return null; + } + + @Override + public TeamModel getTeamModel(String teamname) { + return null; + } + + @Override + public boolean updateTeamModel(TeamModel model) { + return false; + } + + @Override + public boolean updateTeamModels(Collection<TeamModel> models) { + return false; + } + + @Override + public boolean updateTeamModel(String teamname, TeamModel model) { + return false; + } + + @Override + public boolean deleteTeamModel(TeamModel model) { + return false; + } + + @Override + public boolean deleteTeam(String teamname) { + return false; + } + + @Override + public List<String> getUsernamesForRepositoryRole(String role) { + return null; + } + + @Override + public boolean renameRepositoryRole(String oldRole, + String newRole) { + return false; + } + + @Override + public boolean deleteRepositoryRole(String role) { + return false; + } + + }); + AuthenticationManager auth = new AuthenticationManager(runtime, users).start(); + return auth; + } + + @Test + public void testAuthenticate() throws Exception { + IAuthenticationManager auth = newAuthenticationManager(); + + UserModel user = new UserModel("sunnyjim"); user.password = "password"; users.updateUserModel(user); @@ -65,5 +663,48 @@ public class AuthenticationManagerTest extends GitblitUnitTest { users.updateUserModel(user); assertNull(auth.authenticate(user.username, user.password.toCharArray())); users.deleteUserModel(user); - } + } + + @Test + public void testContenairAuthenticate() throws Exception { + settings.put(Keys.realm.container.autoCreateAccounts, "true"); + settings.put(Keys.realm.container.autoAccounts.displayName, "displayName"); + settings.put(Keys.realm.container.autoAccounts.emailAddress, "emailAddress"); + settings.put(Keys.realm.container.autoAccounts.adminRole, "admin"); + settings.put(Keys.realm.container.autoAccounts.locale, "locale"); + + DummyHttpServletRequest request = new DummyHttpServletRequest(); + request.sessionAttributes.put("displayName", "Sunny Jim"); + request.sessionAttributes.put("emailAddress", "Jim.Sunny@gitblit.com"); + request.sessionAttributes.put("locale", "it"); + + IAuthenticationManager auth = newAuthenticationManager(); + + UserModel user = auth.authenticate(request); + + assertTrue(user.canAdmin); + assertEquals("Sunny Jim", user.displayName); + assertEquals("Jim.Sunny@gitblit.com", user.emailAddress); + assertEquals(Locale.ITALIAN, user.getPreferences().getLocale()); + } + + @Test + public void testContenairAuthenticateEmpty() throws Exception { + settings.put(Keys.realm.container.autoCreateAccounts, "true"); + settings.put(Keys.realm.container.autoAccounts.displayName, "displayName"); + settings.put(Keys.realm.container.autoAccounts.emailAddress, "emailAddress"); + settings.put(Keys.realm.container.autoAccounts.adminRole, "notAdmin"); + + DummyHttpServletRequest request = new DummyHttpServletRequest(); + + IAuthenticationManager auth = newAuthenticationManager(); + + UserModel user = auth.authenticate(request); + + assertFalse(user.canAdmin); + assertEquals("sunnyjim", user.displayName); + assertNull(user.emailAddress); + assertNull(user.getPreferences().getLocale()); + } + } diff --git a/src/test/java/com/gitblit/tests/JschConfigTestSessionFactory.java b/src/test/java/com/gitblit/tests/JschConfigTestSessionFactory.java index 5d24b401..421f3366 100644 --- a/src/test/java/com/gitblit/tests/JschConfigTestSessionFactory.java +++ b/src/test/java/com/gitblit/tests/JschConfigTestSessionFactory.java @@ -21,6 +21,7 @@ public class JschConfigTestSessionFactory extends JschConfigSessionFactory { @Override
protected void configure(OpenSshConfig.Host host, Session session) {
session.setConfig("StrictHostKeyChecking", "no");
+ session.setConfig("PreferredAuthentications", "password");
}
@Override
diff --git a/src/test/java/com/gitblit/tests/SshUnitTest.java b/src/test/java/com/gitblit/tests/SshUnitTest.java index 43b51b74..3def700d 100644 --- a/src/test/java/com/gitblit/tests/SshUnitTest.java +++ b/src/test/java/com/gitblit/tests/SshUnitTest.java @@ -24,13 +24,18 @@ import java.net.SocketAddress; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PublicKey; +import java.util.ArrayList; +import java.util.List; import java.util.concurrent.atomic.AtomicBoolean; import org.apache.sshd.ClientChannel; import org.apache.sshd.ClientSession; import org.apache.sshd.SshClient; import org.apache.sshd.client.ServerKeyVerifier; +import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.util.SecurityUtils; +import org.apache.sshd.client.UserAuth; +import org.apache.sshd.client.auth.UserAuthPublicKey; import org.junit.After; import org.junit.AfterClass; import org.junit.Before; @@ -102,6 +107,9 @@ public abstract class SshUnitTest extends GitblitUnitTest { return true; } }); + List<NamedFactory<UserAuth>> userAuthFactories = new ArrayList<>(); + userAuthFactories.add(new UserAuthPublicKey.Factory()); + client.setUserAuthFactories(userAuthFactories); client.start(); return client; } |