merge with branch issue-384

2025-11-12 00:15:44 +01:00 · 2013-04-26 14:46:37 +02:00
parent 6ca57dc2e8 c9dfd62db1
commit 1726bb0bc0
17 changed files with 65 additions and 25 deletions
--- a/scm-core/src/main/java/sonia/scm/repository/PermissionUtil.java
+++ b/scm-core/src/main/java/sonia/scm/repository/PermissionUtil.java
@@ -183,7 +183,7 @@ public final class PermissionUtil

    Subject subject = SecurityUtils.getSubject();

-    if (subject.isAuthenticated())
+    if (subject.isAuthenticated() || subject.isRemembered())
    {
      String username = subject.getPrincipal().toString();

--- a/scm-core/src/main/java/sonia/scm/security/Tokens.java
+++ b/scm-core/src/main/java/sonia/scm/security/Tokens.java
@@ -69,12 +69,33 @@ public final class Tokens
   * @param username username of the user to authenticate
   * @param password password of the user to authenticate
   *
-   * @return
+   * @return authentication token
   */
  public static AuthenticationToken createAuthenticationToken(
    HttpServletRequest request, String username, String password)
  {
-    return new UsernamePasswordToken(username, password,
+    return createAuthenticationToken(request, username, password, false);
+  }
+
+  /**
+   * Build an {@link AuthenticationToken} for use with
+   * {@link Subject#login(org.apache.shiro.authc.AuthenticationToken)}.
+   *
+   *
+   * @param request servlet request
+   * @param username username of the user to authenticate
+   * @param password password of the user to authenticate
+   * @param rememberMe true to remember the user across sessions
+   *
+   * @return authentication token
+   *
+   * @since 1.31
+   */
+  public static AuthenticationToken createAuthenticationToken(
+    HttpServletRequest request, String username, String password,
+    boolean rememberMe)
+  {
+    return new UsernamePasswordToken(username, password, rememberMe,
      request.getRemoteAddr());
  }
 }
--- a/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java
+++ b/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java
@@ -87,7 +87,7 @@ public final class SecurityUtil
  {
    Subject subject = SecurityUtils.getSubject();

-    if (!subject.isAuthenticated())
+    if (!subject.hasRole(Role.USER))
    {
      throw new ScmSecurityException("user is not authenticated");
    }
--- a/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
+++ b/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
@@ -156,7 +156,7 @@ public class BasicAuthenticationFilter extends HttpFilter
        }
      }
    }
-    else if (subject.isAuthenticated())
+    else if (subject.isAuthenticated() || subject.isRemembered())
    {
      if (logger.isTraceEnabled())
      {
--- a/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
+++ b/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
@@ -65,6 +65,7 @@ import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import sonia.scm.security.Role;

 /**
 * Abstract http filter to check repository permissions.
@@ -255,7 +256,7 @@ public abstract class PermissionFilter extends HttpFilter
  private void sendAccessDenied(HttpServletResponse response, Subject subject)
    throws IOException
  {
-    if (subject.isAuthenticated())
+    if (subject.hasRole(Role.USER))
    {
      response.sendError(HttpServletResponse.SC_FORBIDDEN);
    }
--- a/scm-plugin-backend/src/main/java/sonia/scm/plugin/rest/SubjectWrapper.java
+++ b/scm-plugin-backend/src/main/java/sonia/scm/plugin/rest/SubjectWrapper.java
@@ -73,7 +73,7 @@ public class SubjectWrapper
  {
    String name;

-    if (subject.isAuthenticated())
+    if (subject.isAuthenticated() || subject.isRemembered())
    {
      name = (String) subject.getPrincipal();
    }
@@ -104,7 +104,7 @@ public class SubjectWrapper
   */
  public boolean isAuthenticated()
  {
-    return subject.isAuthenticated();
+    return subject.isAuthenticated() || subject.isRemembered();
  }

  //~--- fields ---------------------------------------------------------------
--- a/scm-samples/scm-sample-hello/src/main/java/sample/hello/HelloResource.java
+++ b/scm-samples/scm-sample-hello/src/main/java/sample/hello/HelloResource.java
@@ -66,7 +66,7 @@ public class HelloResource
    Subject subject = SecurityUtils.getSubject();
    String displayName = "Unknown";

-    if (subject.isAuthenticated())
+    if (subject.isAuthenticated() || subject.isRemembered())
    {
      displayName =
        subject.getPrincipals().oneByType(User.class).getDisplayName();
--- a/scm-test/src/main/java/sonia/scm/util/MockUtil.java
+++ b/scm-test/src/main/java/sonia/scm/util/MockUtil.java
@@ -62,6 +62,7 @@ import java.util.List;

 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import sonia.scm.security.Role;

 /**
 *
@@ -116,7 +117,8 @@ public final class MockUtil
    when(subject.isPermittedAll(anyCollectionOf(Permission.class))).thenReturn(
      Boolean.TRUE);
    when(subject.isPermittedAll()).thenReturn(Boolean.TRUE);
-    when(subject.hasRole("admin")).thenReturn(Boolean.TRUE);
+    when(subject.hasRole(Role.ADMIN)).thenReturn(Boolean.TRUE);
+    when(subject.hasRole(Role.USER)).thenReturn(Boolean.TRUE);

    PrincipalCollection collection = mock(PrincipalCollection.class);

--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java
@@ -68,6 +68,7 @@ import java.util.Collections;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

+import javax.ws.rs.DefaultValue;
 import javax.ws.rs.FormParam;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
@@ -131,6 +132,7 @@ public class AuthenticationResource
   * @param response the current http response
   * @param username the username for the authentication
   * @param password the password for the authentication
+   * @param rememberMe true to remember the user across sessions
   *
   * @return
   */
@@ -139,7 +141,8 @@ public class AuthenticationResource
  @TypeHint(ScmState.class)
  public ScmState authenticate(@Context HttpServletRequest request,
    @FormParam("username") String username,
-    @FormParam("password") String password)
+    @FormParam("password") String password, @FormParam("rememberMe")
+  @DefaultValue("false") boolean rememberMe)
  {
    ScmState state = null;

@@ -148,7 +151,7 @@ public class AuthenticationResource
    try
    {
      subject.login(Tokens.createAuthenticationToken(request, username,
-        password));
+        password, rememberMe));
      state = createState(subject);
    }
    catch (AuthenticationException ex)
@@ -253,11 +256,16 @@ public class AuthenticationResource
    Response response = null;
    Subject subject = SecurityUtils.getSubject();

-    if (subject.isAuthenticated())
+    if (subject.isAuthenticated() || subject.isRemembered())
    {
      if (logger.isDebugEnabled())
      {
-        logger.debug("return state for user {}", subject.getPrincipal());
+        String auth = subject.isRemembered()
+          ? "remembered"
+          : "authenticated";
+
+        logger.debug("return state for {} user {}", auth,
+          subject.getPrincipal());
      }

      ScmState state = createState(subject);
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/ChangePasswordResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/ChangePasswordResource.java
@@ -65,6 +65,7 @@ import javax.ws.rs.Produces;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import sonia.scm.security.Role;

 /**
 *
@@ -137,7 +138,7 @@ public class ChangePasswordResource
    Response response = null;
    Subject subject = SecurityUtils.getSubject();

-    if (!subject.isAuthenticated())
+    if (!subject.hasRole(Role.USER))
    {
      throw new ScmSecurityException("user is not authenticated");
    }
--- a/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java
@@ -111,7 +111,7 @@ public class SecurityFilter extends HttpFilter
        chain.doFilter(new SecurityHttpServletRequestWrapper(request,
          getUser(subject)), response);
      }
-      else if (subject.isAuthenticated())
+      else if (subject.isAuthenticated() || subject.isRemembered())
      {
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
      }
@@ -142,8 +142,7 @@ public class SecurityFilter extends HttpFilter
   */
  protected boolean hasPermission(Subject subject)
  {
-    return ((configuration != null)
-      && configuration.isAnonymousAccessEnabled()) || subject.isAuthenticated();
+    return ((configuration != null) && configuration.isAnonymousAccessEnabled()) || subject.isAuthenticated() || subject.isRemembered();
  }

  /**
@@ -158,7 +157,7 @@ public class SecurityFilter extends HttpFilter
  {
    User user = null;

-    if (subject.isAuthenticated())
+    if (subject.isAuthenticated() || subject.isRemembered())
    {
      user = subject.getPrincipals().oneByType(User.class);
    }
--- a/scm-webapp/src/main/java/sonia/scm/search/SearchHandler.java
+++ b/scm-webapp/src/main/java/sonia/scm/search/SearchHandler.java
@@ -55,6 +55,7 @@ import java.util.Collection;

 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Response.Status;
+import sonia.scm.security.Role;

 /**
 *
@@ -112,7 +113,7 @@ public class SearchHandler<T>
  {
    Subject subject = SecurityUtils.getSubject();

-    if (!subject.isAuthenticated())
+    if (!subject.hasRole(Role.USER))
    {
      throw new ScmSecurityException("Authentication is required");
    }
--- a/scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java
@@ -169,7 +169,7 @@ public class DefaultUserManager extends AbstractUserManager

    Subject subject = SecurityUtils.getSubject();

-    if (!subject.isAuthenticated())
+    if (!subject.hasRole(Role.USER))
    {
      throw new ScmSecurityException("user is not authenticated");
    }
--- a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
@@ -227,7 +227,7 @@ public class BasicSecurityContext implements WebSecurityContext
    T result = null;
    Subject subject = SecurityUtils.getSubject();

-    if (subject.isAuthenticated())
+    if (subject.isAuthenticated() ||  subject.isRemembered())
    {
      PrincipalCollection pc = subject.getPrincipals();

--- a/scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java
@@ -242,7 +242,7 @@ public class DefaultAdministrationContext implements AdministrationContext
    {
      String username = null;

-      if (subject.isAuthenticated())
+      if (subject.hasRole(Role.USER))
      {
        username = principal;
      }
--- a/scm-webapp/src/main/webapp/resources/js/i18n/de.js
+++ b/scm-webapp/src/main/webapp/resources/js/i18n/de.js
@@ -88,7 +88,8 @@ if (Sonia.login.Form){
    WaitMsgText: 'Übertrage Daten...',
    failedMsgText: 'Anmeldung fehlgeschlagen!',
    failedDescriptionText: 'Falscher Benutzername, Passwort oder sie haben nicht\n\
-                             genug Berechtigungen. Bitte versuchen sie es erneut.'
+                             genug Berechtigungen. Bitte versuchen sie es erneut.',
+    rememberMeText: 'Angemeldet bleiben'
  });

 }
--- a/scm-webapp/src/main/webapp/resources/js/login/sonia.login.form.js
+++ b/scm-webapp/src/main/webapp/resources/js/login/sonia.login.form.js
@@ -39,11 +39,12 @@ Sonia.login.Form = Ext.extend(Ext.FormPanel,{
  WaitMsgText: 'Sending data...',
  failedMsgText: 'Login failed!',
  failedDescriptionText: 'Incorrect username, password or not enough permission. Please Try again.',
+  rememberMeText: 'Remember me',

  initComponent: function(){

    var config = {
-      labelWidth: 80,
+      labelWidth: 120,
      url: restUrl + "authentication/login.json",
      frame: true,
      title: this.titleText,
@@ -76,6 +77,11 @@ Sonia.login.Form = Ext.extend(Ext.FormPanel,{
            scope: this
          }
        }
+      },{
+        xtype: 'checkbox',
+        fieldLabel: this.rememberMeText,
+        name: 'rememberMe',
+        inputValue: 'true'
      }],
      buttons:[{
          text: this.cancelText,