Refactor managers and authentication for federation

Change-Id: I5ff18b2768095fb14e7fbece2e756115829abbde

build.moxie

@@ -129,7 +129,7 @@ dependencies:
 - compile 'log4j:log4j:1.2.17' :war :fedclient :authority
 - compile 'org.slf4j:slf4j-api:1.6.6' :war :fedclient :authority
 - compile 'org.slf4j:slf4j-log4j12:1.6.6' :war :fedclient :authority
-- compile 'javax.mail:mail:1.4.3' :war :fedclient :authority
+- compile 'javax.mail:mail:1.4.3' :war :authority
 - compile 'javax.servlet:javax.servlet-api:3.0.1' :fedclient
 - compile 'org.eclipse.jetty.aggregate:jetty-webapp:${jetty.version}' @jar
 - compile 'org.eclipse.jetty:jetty-ajp:${jetty.version}' @jar
@@ -148,7 +148,7 @@ dependencies:
 - compile 'org.fusesource.wikitext:mediawiki-core:${wikitext.version}' :war
 - compile 'org.fusesource.wikitext:confluence-core:${wikitext.version}' :war
 - compile 'org.eclipse.jgit:org.eclipse.jgit:${jgit.version}' :war :fedclient :manager :authority
-- compile 'org.eclipse.jgit:org.eclipse.jgit.http.server:${jgit.version}' :war :fedclient :manager :authority
+- compile 'org.eclipse.jgit:org.eclipse.jgit.http.server:${jgit.version}' :war :manager :authority
 - compile 'org.bouncycastle:bcprov-jdk15on:${bouncycastle.version}' :war :authority
 - compile 'org.bouncycastle:bcmail-jdk15on:${bouncycastle.version}' :war :authority
 - compile 'org.bouncycastle:bcpkix-jdk15on:${bouncycastle.version}' :war :authority

build.xml

@@ -279,7 +279,8 @@
 		<!-- generate jar by traversing the class hierarchy of the specified
 			 classes, exclude any classes in classpath jars -->
 		<mx:genjar tag="" includeresources="false" excludeClasspathJars="true"
-			destfile="${project.targetDirectory}/fedclient.jar">
+			destfile="${project.targetDirectory}/fedclient.jar"
+			excludes="**/.class,**/*.java, **/Thumbs.db, **/*.mkd, com/gitblit/wicket/**">
 			<mainclass name="com.gitblit.FederationClient" />
 			<class name="com.gitblit.Keys" />
 			<launcher paths="ext" />

src/main/java/com/gitblit/DaggerModule.java

@@ -149,13 +149,11 @@ public class DaggerModule {
 	@Provides @Singleton IFederationManager provideFederationManager(
 			IRuntimeManager runtimeManager,
 			INotificationManager notificationManager,
-			IUserManager userManager,
 			IRepositoryManager repositoryManager) {
 
 		return new FederationManager(
 				runtimeManager,
 				notificationManager,
-				userManager,
 				repositoryManager);
 	}
 

src/main/java/com/gitblit/FederationClient.java

@@ -17,6 +17,7 @@ package com.gitblit;
 
 import java.io.File;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.List;
 
 import com.beust.jcommander.JCommander;
@@ -24,7 +25,9 @@ import com.beust.jcommander.Parameter;
 import com.beust.jcommander.ParameterException;
 import com.beust.jcommander.Parameters;
 import com.gitblit.manager.FederationManager;
-import com.gitblit.manager.NotificationManager;
+import com.gitblit.manager.GitblitManager;
+import com.gitblit.manager.IGitblit;
+import com.gitblit.manager.INotificationManager;
 import com.gitblit.manager.RepositoryManager;
 import com.gitblit.manager.RuntimeManager;
 import com.gitblit.manager.UserManager;
@@ -89,14 +92,14 @@ public class FederationClient {
 		}
 
 		// configure the Gitblit singleton for minimal, non-server operation
-		RuntimeManager runtime = new RuntimeManager(settings);
-		runtime.setBaseFolder(baseFolder);
-		NotificationManager notifications = new NotificationManager(settings).start();
+		RuntimeManager runtime = new RuntimeManager(settings, baseFolder).start();
+		NoopNotificationManager notifications = new NoopNotificationManager().start();
 		UserManager users = new UserManager(runtime).start();
 		RepositoryManager repositories = new RepositoryManager(runtime, users).start();
-		FederationManager federation = new FederationManager(runtime, notifications, users, repositories).start();
+		FederationManager federation = new FederationManager(runtime, notifications, repositories).start();
+		IGitblit gitblit = new GitblitManager(runtime, notifications, users, null, repositories, null, federation);
 
-		FederationPullService puller = new FederationPullService(federation.getFederationRegistrations()) {
+		FederationPullService puller = new FederationPullService(gitblit, federation.getFederationRegistrations()) {
 			@Override
 			public void reschedule(FederationModel registration) {
 				// NOOP
@@ -153,4 +156,37 @@ public class FederationClient {
 		public String repositoriesFolder;
 
 	}
+
+	private static class NoopNotificationManager implements INotificationManager {
+
+		@Override
+		public NoopNotificationManager start() {
+			return this;
+		}
+
+		@Override
+		public NoopNotificationManager stop() {
+			return this;
+		}
+
+		@Override
+		public void sendMailToAdministrators(String subject, String message) {
+		}
+
+		@Override
+		public void sendMail(String subject, String message, Collection<String> toAddresses) {
+		}
+
+		@Override
+		public void sendMail(String subject, String message, String... toAddresses) {
+		}
+
+		@Override
+		public void sendHtmlMail(String subject, String message, Collection<String> toAddresses) {
+		}
+
+		@Override
+		public void sendHtmlMail(String subject, String message, String... toAddresses) {
+		}
+	}
 }

src/main/java/com/gitblit/git/GitDaemon.java

@@ -67,9 +67,9 @@ import org.eclipse.jgit.transport.resolver.UploadPackFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.gitblit.GitBlit;
 import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
+import com.gitblit.manager.IGitblit;
 import com.gitblit.utils.StringUtils;
 
 /**
@@ -108,7 +108,7 @@ public class GitDaemon {
 
 	private ReceivePackFactory<GitDaemonClient> receivePackFactory;
 
-	public GitDaemon(GitBlit gitblit) {
+	public GitDaemon(IGitblit gitblit) {
 
 		IStoredSettings settings = gitblit.getSettings();
 		int port = settings.getInteger(Keys.git.daemonPort, 0);

src/main/java/com/gitblit/manager/AuthenticationManager.java

@@ -183,7 +183,7 @@ public class AuthenticationManager implements IAuthenticationManager {
 			if (principal != null) {
 				String username = principal.getName();
 				if (!StringUtils.isEmpty(username)) {
-					boolean internalAccount = isInternalAccount(username);
+					boolean internalAccount = userManager.isInternalAccount(username);
 					UserModel user = userManager.getUserModel(username);
 					if (user != null) {
 						// existing user
@@ -322,15 +322,6 @@ public class AuthenticationManager implements IAuthenticationManager {
 			// can not authenticate empty password
 			return null;
 		}
-		// check to see if this is the federation user
-//		if (canFederate()) {
-//			if (usernameDecoded.equalsIgnoreCase(Constants.FEDERATION_USER)) {
-//				List<String> tokens = getFederationTokens();
-//				if (tokens.contains(pw)) {
-//					return getFederationUser();
-//				}
-//			}
-//		}
 
 		// try local authentication
 		UserModel user = userManager.getUserModel(usernameDecoded);
@@ -489,23 +480,4 @@ public class AuthenticationManager implements IAuthenticationManager {
 		}
 		return AuthenticationProvider.NULL_PROVIDER;
 	}
-
-	/**
-	 * Returns true if the username represents an internal account
-	 *
-	 * @param username
-	 * @return true if the specified username represents an internal account
-	 */
-	protected boolean isInternalAccount(String username) {
-		return !StringUtils.isEmpty(username)
-				&& (username.equalsIgnoreCase(Constants.FEDERATION_USER)
-						|| username.equalsIgnoreCase(UserModel.ANONYMOUS.username));
-	}
-
-//	protected UserModel getFederationUser() {
-//		// the federation user is an administrator
-//		UserModel federationUser = new UserModel(Constants.FEDERATION_USER);
-//		federationUser.canAdmin = true;
-//		return federationUser;
-//	}
 }

src/main/java/com/gitblit/manager/FederationManager.java

@@ -17,6 +17,7 @@ package com.gitblit.manager;
 
 import java.io.File;
 import java.io.FileFilter;
+import java.nio.charset.Charset;
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -25,6 +26,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -38,6 +41,7 @@ import com.gitblit.models.FederationProposal;
 import com.gitblit.models.FederationSet;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.UserModel;
+import com.gitblit.utils.Base64;
 import com.gitblit.utils.FederationUtils;
 import com.gitblit.utils.JsonUtils;
 import com.gitblit.utils.StringUtils;
@@ -69,7 +73,6 @@ public class FederationManager implements IFederationManager {
 	public FederationManager(
 			IRuntimeManager runtimeManager,
 			INotificationManager notificationManager,
-			IUserManager userManager,
 			IRepositoryManager repositoryManager) {
 
 		this.settings = runtimeManager.getSettings();
@@ -99,6 +102,17 @@ public class FederationManager implements IFederationManager {
 		return runtimeManager.getFileOrFolder(Keys.federation.proposalsFolder, "${baseFolder}/proposals");
 	}
 
+	@Override
+	public boolean canFederate() {
+		String passphrase = settings.getString(Keys.federation.passphrase, "");
+		return !StringUtils.isEmpty(passphrase);
+	}
+
+	/**
+	 * Returns the federation user account.
+	 *
+	 * @return the federation user account
+	 */
 	@Override
 	public UserModel getFederationUser() {
 		// the federation user is an administrator
@@ -108,9 +122,30 @@ public class FederationManager implements IFederationManager {
 	}
 
 	@Override
-	public boolean canFederate() {
-		String passphrase = settings.getString(Keys.federation.passphrase, "");
-		return !StringUtils.isEmpty(passphrase);
+	public UserModel authenticate(HttpServletRequest httpRequest) {
+		if (canFederate()) {
+			// try to authenticate federation user for cloning
+			final String authorization = httpRequest.getHeader("Authorization");
+			if (authorization != null && authorization.startsWith("Basic")) {
+				// Authorization: Basic base64credentials
+				String base64Credentials = authorization.substring("Basic".length()).trim();
+				String credentials = new String(Base64.decode(base64Credentials),
+						Charset.forName("UTF-8"));
+				// credentials = username:password
+				final String[] values = credentials.split(":", 2);
+				if (values.length == 2) {
+					String username = StringUtils.decodeUsername(values[0]);
+					String password = values[1];
+					if (username.equalsIgnoreCase(Constants.FEDERATION_USER)) {
+						List<String> tokens = getFederationTokens();
+						if (tokens.contains(password)) {
+							return getFederationUser();
+						}
+					}
+				}
+			}
+		}
+		return null;
 	}
 
 	/**

src/main/java/com/gitblit/manager/IFederationManager.java

@@ -19,6 +19,8 @@ import java.io.File;
 import java.util.List;
 import java.util.Map;
 
+import javax.servlet.http.HttpServletRequest;
+
 import com.gitblit.Constants.FederationRequest;
 import com.gitblit.Constants.FederationToken;
 import com.gitblit.models.FederationModel;
@@ -37,9 +39,22 @@ public interface IFederationManager extends IManager {
 	 */
 	File getProposalsFolder();
 
+	boolean canFederate();
+
+	/**
+	 * Returns the federation user account.
+	 *
+	 * @return the federation user account
+	 */
 	UserModel getFederationUser();
 
-	boolean canFederate();
+	/**
+	 * Try to authenticate request as the Federation user.
+	 *
+	 * @param httpRequest
+	 * @return the federation user, if authenticated
+	 */
+	UserModel authenticate(HttpServletRequest httpRequest);
 
 	/**
 	 * Returns the list of federated gitblit instances that this instance will

src/main/java/com/gitblit/manager/IUserManager.java

@@ -19,5 +19,12 @@ import com.gitblit.IUserService;
 
 public interface IUserManager extends IManager, IUserService {
 
+	/**
+	 * Returns true if the username represents an internal account
+	 *
+	 * @param username
+	 * @return true if the specified username represents an internal account
+	 */
+	boolean isInternalAccount(String username);
 
 }

src/main/java/com/gitblit/manager/ServicesManager.java

@@ -32,7 +32,6 @@ import org.slf4j.LoggerFactory;
 import com.gitblit.Constants.AccessPermission;
 import com.gitblit.Constants.AccessRestrictionType;
 import com.gitblit.Constants.FederationToken;
-import com.gitblit.GitBlit;
 import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
 import com.gitblit.fanout.FanoutNioService;
@@ -62,13 +61,13 @@ public class ServicesManager implements IManager {
 
 	private final IStoredSettings settings;
 
-	private final GitBlit gitblit;
+	private final IGitblit gitblit;
 
 	private FanoutService fanoutService;
 
 	private GitDaemon gitDaemon;
 
-	public ServicesManager(GitBlit gitblit) {
+	public ServicesManager(IGitblit gitblit) {
 		this.settings = gitblit.getSettings();
 		this.gitblit = gitblit;
 	}
@@ -209,11 +208,11 @@ public class ServicesManager implements IManager {
 	private class FederationPuller extends FederationPullService {
 
 		public FederationPuller(FederationModel registration) {
-			super(Arrays.asList(registration));
+			super(gitblit, Arrays.asList(registration));
 		}
 
 		public FederationPuller(List<FederationModel> registrations) {
-			super(registrations);
+			super(gitblit, registrations);
 		}
 
 		@Override

src/main/java/com/gitblit/manager/UserManager.java

@@ -28,6 +28,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import com.gitblit.ConfigUserService;
+import com.gitblit.Constants;
 import com.gitblit.IStoredSettings;
 import com.gitblit.IUserService;
 import com.gitblit.Keys;
@@ -148,6 +149,19 @@ public class UserManager implements IUserManager {
 		return this;
 	}
 
+	/**
+	 * Returns true if the username represents an internal account
+	 *
+	 * @param username
+	 * @return true if the specified username represents an internal account
+	 */
+	@Override
+	public boolean isInternalAccount(String username) {
+		return !StringUtils.isEmpty(username)
+				&& (username.equalsIgnoreCase(Constants.FEDERATION_USER)
+						|| username.equalsIgnoreCase(UserModel.ANONYMOUS.username));
+	}
+
 	/**
 	 * Returns the cookie value for the specified user.
 	 *

src/main/java/com/gitblit/service/FederationPullService.java

@@ -31,10 +31,10 @@ import com.gitblit.Constants;
 import com.gitblit.Constants.AccessPermission;
 import com.gitblit.Constants.FederationPullStatus;
 import com.gitblit.Constants.FederationStrategy;
-import com.gitblit.GitBlit;
 import com.gitblit.GitBlitException.ForbiddenException;
 import com.gitblit.IUserService;
 import com.gitblit.Keys;
+import com.gitblit.manager.IGitblit;
 import com.gitblit.models.FederationModel;
 import com.gitblit.models.RefModel;
 import com.gitblit.models.RepositoryModel;
@@ -49,9 +49,9 @@ import com.gitblit.utils.StringUtils;
 
 public abstract class FederationPullService implements Runnable {
 
-	Logger logger = LoggerFactory.getLogger(getClass());
+	final Logger logger = LoggerFactory.getLogger(getClass());
 
-	GitBlit gitblit;
+	final IGitblit gitblit;
 
 	private final List<FederationModel> registrations;
 
@@ -62,8 +62,8 @@ public abstract class FederationPullService implements Runnable {
 	 * @param provider
 	 * @param registration
 	 */
-	public FederationPullService(FederationModel registration) {
-		this(Arrays.asList(registration));
+	public FederationPullService(IGitblit gitblit, FederationModel registration) {
+		this(gitblit, Arrays.asList(registration));
 	}
 
 	/**
@@ -77,7 +77,8 @@ public abstract class FederationPullService implements Runnable {
 	 *            if true, registrations are rescheduled in perpetuity. if
 	 *            false, the federation pull operation is executed once.
 	 */
-	public FederationPullService(List<FederationModel> registrations) {
+	public FederationPullService(IGitblit gitblit, List<FederationModel> registrations) {
+		this.gitblit = gitblit;
 		this.registrations = registrations;
 	}
 

src/main/java/com/gitblit/servlet/FederationServlet.java

@@ -29,13 +29,9 @@ import javax.inject.Inject;
 import javax.inject.Singleton;
 import javax.servlet.http.HttpServletResponse;
 
-import com.gitblit.Constants;
+import com.gitblit.Constants.FederationRequest;
 import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
-import com.gitblit.Constants.FederationRequest;
-import com.gitblit.Keys.federation;
-import com.gitblit.Keys.git;
-import com.gitblit.Keys.groovy;
 import com.gitblit.manager.IFederationManager;
 import com.gitblit.manager.IRepositoryManager;
 import com.gitblit.manager.IRuntimeManager;

src/main/java/com/gitblit/servlet/GitFilter.java

@@ -18,6 +18,7 @@ package com.gitblit.servlet;
 import java.text.MessageFormat;
 
 import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
 
 import com.gitblit.Constants.AccessRestrictionType;
 import com.gitblit.Constants.AuthorizationControl;
@@ -25,8 +26,10 @@ import com.gitblit.GitBlitException;
 import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
 import com.gitblit.manager.IAuthenticationManager;
+import com.gitblit.manager.IFederationManager;
 import com.gitblit.manager.IRepositoryManager;
 import com.gitblit.manager.IRuntimeManager;
+import com.gitblit.manager.IUserManager;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.StringUtils;
@@ -50,14 +53,22 @@ public class GitFilter extends AccessRestrictionFilter {
 
 	private final IStoredSettings settings;
 
+	private final IUserManager userManager;
+
+	private final IFederationManager federationManager;
+
 	@Inject
 	public GitFilter(
 			IRuntimeManager runtimeManager,
+			IUserManager userManager,
 			IAuthenticationManager authenticationManager,
-			IRepositoryManager repositoryManager) {
+			IRepositoryManager repositoryManager,
+			IFederationManager federationManager) {
 
 		super(runtimeManager, authenticationManager, repositoryManager);
 		this.settings = runtimeManager.getSettings();
+		this.userManager = userManager;
+		this.federationManager = federationManager;
 	}
 
 	/**
@@ -113,6 +124,21 @@ public class GitFilter extends AccessRestrictionFilter {
 		return null;
 	}
 
+	/**
+	 * Returns the user making the request, if the user has authenticated.
+	 *
+	 * @param httpRequest
+	 * @return user
+	 */
+	@Override
+	protected UserModel getUser(HttpServletRequest httpRequest) {
+		UserModel user = authenticationManager.authenticate(httpRequest, requiresClientCertificate());
+		if (user == null) {
+			user = federationManager.authenticate(httpRequest);
+		}
+		return user;
+	}
+
 	/**
 	 * Determine if a non-existing repository can be created using this filter.
 	 *