summaryrefslogtreecommitdiffstats
path: root/src/main/java/com/gitblit/manager
Commit message (Collapse)AuthorAgeFilesLines
* Detect and report if running in containerFlorian Zschocke2021-12-101-0/+2
| | | | | | | To help with analysis, try to detect if the instance is running inside a container. Some containers are detected, but this is probably not exhaustive. At least a Docker container should be detectable. Report in the runtime manager to the log if a container was detected.
* Delete password from memory in AuthenticationManagerFlorian Zschocke2020-04-051-19/+23
| | | | | | Zero out the password to remove it from memory after use. This is only a first step, implementing it for one method: `AuthenticationManager.authenticate(String, char[], String)`.
* 🦟 fix: Password hash upgrade kills existing passwordsFlorian Zschocke2020-04-051-17/+26
| | | | | | | | | | The upgrade of a MD5 stored password hash to a PBKDF password hash destroys the stored password. The has check zeroes out the password that is tested, so that the new hash is built over the zeroed out value. This fix prevents that an also adds a check to the test. Fixes #1335
* Merge branch 'pingunaut-1166_more_secure_password_hashes' into master.Florian Zschocke2019-11-061-12/+38
|\
| * Use the new PasswordHash classes.Florian Zschocke2019-11-051-35/+22
| | | | | | | | | | | | Integrate the `PasswordHash` class and subclass in the user and password editing and authentication. Replaces the old code and the previous `SecurePasswordHashingUtils` class.
| * fix commentMartin Spielmann2017-01-071-1/+1
| |
| * Update AuthenticationManager to update weakly stored passwords on loginMartin Spielmann2017-01-071-6/+35
| |
| * Added possibility to use secure hashes to store passwordsMartin Spielmann2017-01-011-0/+10
| | | | | | | | Addresses #1166
* | Revert "Fix nullpointer exception with unsupported URL protocol #1237"Martin Spielmann2017-05-221-1/+1
| | | | | | | | This reverts commit 51b9b7f9016899bbf8a39f6bc33a916a3d2b3838.
* | Fix nullpointer exception with unsupported URL protocol #1237Martin Spielmann2017-05-211-1/+1
| |
* | extracted methodMartin Spielmann2017-01-061-9/+20
| |
* | updated commentde4c9d2016-12-301-1/+1
| |
* | update user manager to support instantiation if IUserService with ↵de4c9d2016-12-301-2/+11
|/ | | | IRuntimeManager as a parameter
* Merge pull request #1167 from fzs/secureCookiesJames Moger2016-12-141-0/+14
|\ | | | | Secure cookies
| * Set secure user cookies and only for HTTP.Florian Zschocke2016-12-101-0/+14
| | | | | | | | | | | | | | | | | | Mark the user authentication cookie to be only used for HTTP, making it inaccessible for JavaScript engines. If only HTTPS is used and no HTTP (i.e. also if HTTP is redirected to HTTPS) then mark the user cookie to be sent only over secure connections.
* | Merge pull request #1142 from fzs/merge-strategyJames Moger2016-10-281-0/+9
|\ \ | | | | | | Merge strategy
| * | Add integration strategy to merge tickes fast-forward or with commit.Florian Zschocke2016-10-281-0/+9
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Add the option to merge a ticket branch to the integration branch only when it can be fast-forwarded, or always with a merge commit, or by fast-foward if possible, otherwise with a merge commit. Adds a new property ticket.mergeType with the valid values FAST_FOWARD_ONLY, MERGE_ALWAYS and MERGE_IF_NECESSARY. Merging and canMerge were refactored to make use of a new IntegrationStrategy class for each type of strategy.
* / Issue #1076: load commit cache in a background threadTom2016-10-271-27/+35
|/ | | | | | | | | | * Make the CommitCache fully thread-safe. It was using a ConcurrentHashMap containing lists, but then handed out these lists. It also did multiple operations on that map that as a whole should be atomic. * Use isEmpty() instead of size() == 0. * Run the loading of the commit cache in a background daemon thread
* Use getInteger not getFilesize, fixes #1049James Moger2016-04-201-1/+1
|
* Merge pull request #990 from dbywalec/authenthication-of-federation-userJames Moger2016-01-161-0/+6
|\ | | | | Fix authentication failure warning log messages for FEDERATION_USER
| * Fix authentication failure warning log messages for FEDERATION_USERDariusz Bywalec2016-01-041-0/+6
| | | | | | | | | | | | | | | | | | | | The AuthenticationManager did not encounter for FEDERATION_USER and would unnecessarily generate a lot of failure warning log messages, e.g: Failed login attempt for $gitblit, invalid credentials from XXX.XX.XX.XX A simple condition will prematurely return null bypassing the regular authentication path and immediately make the authentication be routed via FederationManager.
* | Lower log level of servlet authenticate when request is already authenticatedDariusz Bywalec2016-01-041-1/+1
|/ | | | | | | | | When calling a servlet which has already been authenticated, the server would produce a lot of superfluous log entries, e.g: Called servlet authenticate when request is already authenticated. The log level for this log entry has been lowered down to DEBUG.
* implement an HTTP header AuthenticationProviderJoel Johnson2015-12-091-2/+20
|
* fix for #967 filestore menu for all usersPaul Martin2015-12-073-6/+31
| | | | | | + Filestore listing filtered by user view permissions + Configuration help for filestore relocated to website files + Added migration example
* Fix 2 possible NullPointer occurencesmarco2015-11-231-0/+4
|
* Fix failure to start WAR variantsJames Moger2015-11-231-88/+88
|
* Create filestore directory on startupJames Moger2015-11-191-2/+4
|
* Catch some potential NPEsJames Moger2015-11-181-0/+7
|
* Log update for Fail2Ban usagePaul Martin2015-10-253-19/+24
| | | | | + Adds standard logging for all authentication providers + Updates help page to use default GitBlit SSH port
* Git-LFS supportPaul Martin2015-10-104-2/+567
| | | | | | | | | | | | | | + Metadata maintained in append-only JSON file providing complete audit history. + Filestore menu item + Lists filestore items + Current size and availability + Link to GitBlit Filestore help page (top right) + Hooks into existing repository permissions + Uses default repository path for out-of-box operation with Git-LFS client + accessRestrictionFilter now has access to http method and auth header + Testing for servlet and manager
* prevent session fixation for external authenticationJoel Johnson2015-07-141-10/+25
| | | | | + use request instead of session to flag authentication status and user, for external authentication types
* Merge pull request #281 from mrjoel/mrjoel-ticketswithexternalurlJames Moger2015-07-041-9/+28
|\ | | | | allow internal privilege evaluation external URLs
| * allow advertising gitblit privileges for external URLsJoel Johnson2015-07-011-9/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit c20191fc0931a19bec0df1ab2b56f287e5d8b7c7 enabled support for hiding internal URLs, but didn't consider that it broke the evaluation of permissions (used for tickets, etc.), and caused a NPE on repoUrl.permission when trying to view the TicketPage. With all internal mechanisms disabled, it would result in the first URL being external with unknown permissions. This adds an option to use internal permissions even for external URLs. Note that this does not grant any additional permissions, but does offer the option to have gitblit advertise the full set of what is allowed, even if the external URL imposes additional restrictions.
* | fix comment typoJoel Johnson2015-07-011-1/+1
|/
* Merge pull request #282 from mrjoel/mrjoel-fixhttpurlpermsJames Moger2015-06-301-2/+3
|\ | | | | fix permission capping for HTTP/HTTPS
| * fix permission capping for HTTP/HTTPSJoel Johnson2015-06-301-2/+3
| | | | | | | | | | | | Previously used request scheme, but request scheme is unrelated to the URL being generated. Instead, base the permission capping on the scheme of the URL itself.
* | typo: instantiate log messageJoel Johnson2015-06-291-1/+1
|/
* allow configuring of internal URLs offeredJoel Johnson2015-06-121-3/+6
|
* Merged #255 "Invalid kerberos patches, works now and with a test."James Moger2015-05-273-0/+44
|\
| * Invalid kerberos patches, works now and with a test.Fabrice Bacchella2015-05-263-0/+44
| |
* | Two slight improvement for custom UserService:Fabrice Bacchella2015-05-261-2/+4
|/ | | | | - try userRealm as a file only if class is not found, other exeptions are real error - log userService only after setup, for better logging, as it can use gitblit.properties for custom .toString
* Add onFork and onRename methods to RepositoryLifeCycleListenerJames Moger2015-05-222-1/+22
|
* A patch that allows to extract a new user informations from the HTTP sessionFabrice Bacchella2015-05-151-0/+48
| | | | if the webapp container can fill it.
* Update SLF4j, JGit, Groovy, BouncyCastle, Mina, Gson, Freemarker, libpam4j, ↵James Moger2015-03-051-9/+6
| | | | args4j, Jedis, waffle-jna, Unboundid
* Merge branch 'ticket/237' into developJames Moger2015-02-111-1/+3
|\
| * Add 'UTF8' encoding aliasJames Moger2015-02-111-1/+3
| |
| * Fix PluginManager not properly respecting --noverifyJames Moger2014-10-271-0/+4
| |
* | Add support for specifying the `Proxy-Authorization` header for the ↵James Moger2014-12-031-2/+3
| | | | | | | | PluginManager
* | Add support for configurable HTTP proxy host/port in PluginManager.javaDariusz Bywalec2014-12-021-1/+9
| | | | | | | | | | Formerly by default the PluginMaganer would support no proxy setting. For servers behind firewall and HTTP proxy this would prevent installation of gitblit plugins.
* | Allow finer-grained determination of available transport preferencesJames Moger2014-10-312-6/+39
| |
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-25 23:34:51 +0000