Fix authentication for git repository.

2025-11-07 14:05:52 +01:00 · 2013-06-05 04:11:39 +09:00
parent b3e76db227
commit c3144383b2
2 changed files with 38 additions and 19 deletions
--- a/src/main/scala/servlet/BasicAuthenticationFilter.scala
+++ b/src/main/scala/servlet/BasicAuthenticationFilter.scala
@@ -2,11 +2,15 @@ package servlet

 import javax.servlet._
 import javax.servlet.http._
+import service.{AccountService, RepositoryService}
+import org.slf4j.LoggerFactory

 /**
- * Provides BASIC Authentication for [[app.GitRepositoryServlet]].
+ * Provides BASIC Authentication for [[servlet.GitRepositoryServlet]].
 */
-class BasicAuthenticationFilter extends Filter {
+class BasicAuthenticationFilter extends Filter with RepositoryService with AccountService {
+
+  private val logger = LoggerFactory.getLogger(classOf[BasicAuthenticationFilter])

  def init(config: FilterConfig) = {}
  
@@ -15,25 +19,40 @@ class BasicAuthenticationFilter extends Filter {
  def doFilter(req: ServletRequest, res: ServletResponse, chain: FilterChain): Unit = {
    val request  = req.asInstanceOf[HttpServletRequest]
    val response = res.asInstanceOf[HttpServletResponse]
-    val session  = request.getSession

    try {
-      session.getAttribute("USER_INFO") match {
-        case null => request.getHeader("Authorization") match {
-          case null => requireAuth(response)
-          case auth => decodeAuthHeader(auth).split(":") match {
-            // TODO authenticate using registered user info
-            case Array(username, password) if(username == "gitbucket" && password == "password") => {
-              session.setAttribute("USER_INFO", "gitbucket")
-              chain.doFilter(req, res)
-            }
-            case _ => requireAuth(response)
+      request.getHeader("Authorization") match {
+        case null => requireAuth(response)
+        case auth => decodeAuthHeader(auth).split(":") match {
+          case Array(username, password) if(isValidUser(username, password, request)) => {
+            request.setAttribute("USER_NAME", username)
+            chain.doFilter(req, res)
          }
+          case _ => requireAuth(response)
        }
-        case user => chain.doFilter(req, res)
      }
    } catch {
-      case _: Exception => requireAuth(response)
+      case ex: Exception => {
+        logger.error("error", ex)
+        requireAuth(response)
+      }
+    }
+  }
+
+  // TODO If the repository is public, it must allow users which have readable right.
+  private def isValidUser(username: String, password: String, request: HttpServletRequest): Boolean = {
+    val paths = request.getRequestURI.split("/")
+    getAccountByUserName(username) match {
+      case Some(account) if(account.password == password) => {
+        if(account.userType == AccountService.Administrator // administrator
+          || account.userName == paths(2) // repository owner
+          || getCollaborators(paths(2), paths(3).replaceFirst("\\.git$", "")).contains(account.userName)){ // collaborator
+          true
+        } else {
+          false
+        }
+      }
+      case _ => false
    }
  }
  
--- a/src/main/scala/servlet/GitRepositoryServlet.scala
+++ b/src/main/scala/servlet/GitRepositoryServlet.scala
@@ -15,7 +15,7 @@ import util.{JGitUtil, Directory}
 * Provides Git repository via HTTP.
 * 
 * This servlet provides only Git repository functionality.
- * Authentication is provided by [[app.BasicAuthenticationFilter]].
+ * Authentication is provided by [[servlet.BasicAuthenticationFilter]].
 */
 class GitRepositoryServlet extends GitServlet {

@@ -48,7 +48,7 @@ class GitBucketRecievePackFactory extends ReceivePackFactory[HttpServletRequest]
  
  override def create(req: HttpServletRequest, db: Repository): ReceivePack = {
    val receivePack = new ReceivePack(db)
-    val userName = req.getSession.getAttribute("USER_INFO")
+    val userName = req.getAttribute("USER_NAME")
    
    logger.debug("requestURI: " + req.getRequestURI)
    logger.debug("userName:" + userName)