Added setting to globally disable anonymous pushes in the receive pack

Change-Id: I3460c9c0eeb32503d58325fd09793a0cd40aa2c4

releases.moxie

@@ -23,9 +23,11 @@ r20: {
 	- Added branch graph image servlet based on EGit's branch graph renderer (issue-194)
 	- Added option to render Markdown commit messages (issue-203)
 	- Added setting to control creating a repository as --shared on Unix servers (issue-263)
+	- Added setting to globally disable anonymous pushes in the receive pack
     dependencyChanges: ~
     settings:
     - { name: 'git.createRepositoriesShared', defaultValue: 'false' }
+    - { name: 'git.allowAnonymousPushes', defaultValue: 'true' }
 	- { name: 'web.commitMessageRenderer', defaultValue: 'plain' }
 	- { name: 'web.showBranchGraph', defaultValue: 'true' }
     contributors:

src/main/distrib/data/gitblit.properties

@@ -145,6 +145,18 @@ git.onlyAccessBareRepositories = false
 # SINCE 1.2.0
 git.allowCreateOnPush = true
 
+# Global setting to control anonymous pushes.
+#
+# This setting allows/rejects anonymous pushes at the level of the receive pack.
+# This trumps all repository config settings.  While anonymous pushes are convenient
+# on your own box when you are a lone developer,  they are not recommended for
+# any multi-user installation where accountability is required.  Since Gitblit
+# tracks pushes and user accounts, allowing anonymous pushes compromises that
+# information.
+#
+# SINCE 1.4.0
+git.allowAnonymousPushes = true
+
 # The default access restriction for new repositories.
 # Valid values are NONE, PUSH, CLONE, VIEW
 #  NONE = anonymous view, clone, & push

src/main/java/com/gitblit/Constants.java

@@ -19,6 +19,8 @@ import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.net.URL;
+import java.util.Arrays;
+import java.util.List;
 import java.util.jar.Attributes;
 import java.util.jar.Manifest;
 
@@ -148,6 +150,8 @@ public class Constants {
 	 */
 	public static enum AccessRestrictionType {
 		NONE, PUSH, CLONE, VIEW;
+		
+		private static final AccessRestrictionType [] AUTH_TYPES = { PUSH, CLONE, VIEW };
 
 		public static AccessRestrictionType fromName(String name) {
 			for (AccessRestrictionType type : values()) {
@@ -157,6 +161,13 @@ public class Constants {
 			}
 			return NONE;
 		}
+		
+		public static List<AccessRestrictionType> choices(boolean allowAnonymousPush) {
+			if (allowAnonymousPush) {
+				return Arrays.asList(values());
+			}
+			return Arrays.asList(AUTH_TYPES);
+		}
 
 		public boolean exceeds(AccessRestrictionType type) {
 			return this.ordinal() > type.ordinal();

src/main/java/com/gitblit/git/GitblitReceivePackFactory.java

@@ -27,6 +27,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import com.gitblit.GitBlit;
+import com.gitblit.Keys;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.HttpUtils;
@@ -80,8 +81,7 @@ public class GitblitReceivePackFactory<X> implements ReceivePackFactory<X> {
 			timeout = client.getDaemon().getTimeout();
 		}
 
-		// TODO make this a setting
-		boolean allowAnonymousPushes = true;
+		boolean allowAnonymousPushes = GitBlit.getBoolean(Keys.git.allowAnonymousPushes, true);
 		if (!allowAnonymousPushes && UserModel.ANONYMOUS.equals(user)) {
 			// prohibit anonymous pushes
 			throw new ServiceNotEnabledException();

src/main/java/com/gitblit/wicket/pages/EditRepositoryPage.java

@@ -417,8 +417,8 @@ public class EditRepositoryPage extends RootSubPage {
 		form.add(new TextField<String>("description"));
 		form.add(ownersPalette);
 		form.add(new CheckBox("allowForks").setEnabled(GitBlit.getBoolean(Keys.web.allowForking, true)));
-		DropDownChoice<AccessRestrictionType> accessRestriction = new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays
-				.asList(AccessRestrictionType.values()), new AccessRestrictionRenderer());
+		DropDownChoice<AccessRestrictionType> accessRestriction = new DropDownChoice<AccessRestrictionType>("accessRestriction",
+				AccessRestrictionType.choices(GitBlit.getBoolean(Keys.git.allowAnonymousPushes, true)), new AccessRestrictionRenderer());
 		form.add(accessRestriction);
 		form.add(new CheckBox("isFrozen"));
 		// TODO enable origin definition