Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-10 23:45:44 +01:00
Code Issues Packages Projects Releases Activity

treat HEAD, OPTIONS and TRACE as mercurial read requests not only GET, see issue #859

Browse Source
This commit is contained in:
Sebastian Sdorra
2016-09-30 22:23:14 +02:00
parent c4111ec73f
commit 264a1af634
2 changed files with 99 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgPermissionFilter.java
View File

@@ -35,6 +35,7 @@ package sonia.scm.web;
//~--- non-JDK imports -------------------------------------------------------- //~--- non-JDK imports --------------------------------------------------------
import com.google.common.collect.ImmutableSet;
import com.google.inject.Inject; import com.google.inject.Inject;
import com.google.inject.Singleton; import com.google.inject.Singleton;
@@ -44,9 +45,12 @@ import sonia.scm.web.filter.ProviderPermissionFilter;
//~--- JDK imports ------------------------------------------------------------ //~--- JDK imports ------------------------------------------------------------
import java.util.Set;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
/** /**
* Permission filter for mercurial repositories.
* *
* @author Sebastian Sdorra * @author Sebastian Sdorra
*/ */
@@ -54,11 +58,13 @@ import javax.servlet.http.HttpServletRequest;
public class HgPermissionFilter extends ProviderPermissionFilter public class HgPermissionFilter extends ProviderPermissionFilter
{ {
private static final Set<String> READ_METHODS = ImmutableSet.of("GET", "HEAD", "OPTIONS", "TRACE");
/** /**
* Constructs ... * Constructs a new instance.
* *
* @param configuration * @param configuration scm configuration
* @param repositoryProvider * @param repositoryProvider repository provider
*/ */
@Inject @Inject
public HgPermissionFilter(ScmConfiguration configuration, public HgPermissionFilter(ScmConfiguration configuration,
@@ -69,17 +75,9 @@ public class HgPermissionFilter extends ProviderPermissionFilter
//~--- get methods ---------------------------------------------------------- //~--- get methods ----------------------------------------------------------
/**
* Method description
*
*
* @param request
*
* @return
*/
@Override @Override
protected boolean isWriteRequest(HttpServletRequest request) protected boolean isWriteRequest(HttpServletRequest request)
{ {
return !request.getMethod().equalsIgnoreCase("GET"); return !READ_METHODS.contains(request.getMethod());
} }
} }

88
scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/web/HgPermissionFilterTest.java Normal file
View File

@@ -0,0 +1,88 @@
/**
* Copyright (c) 2014, Sebastian Sdorra
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of SCM-Manager; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.web;
import javax.servlet.http.HttpServletRequest;
import org.junit.Test;
import static org.junit.Assert.*;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import static org.mockito.Mockito.*;
import org.mockito.runners.MockitoJUnitRunner;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.repository.RepositoryProvider;
/**
* Unit tests for {@link HgPermissionFilter}.
*
* @author Sebastian Sdorra
*/
@RunWith(MockitoJUnitRunner.class)
public class HgPermissionFilterTest {
@Mock
private HttpServletRequest request;
@Mock
private ScmConfiguration configuration;
@Mock
private RepositoryProvider repositoryProvider;
@InjectMocks
private HgPermissionFilter filter;
/**
* Tests {@link HgPermissionFilter#isWriteRequest(HttpServletRequest)}.
*/
@Test
public void testIsWriteRequest() {
// read methods
assertFalse(isWriteRequest("GET"));
assertFalse(isWriteRequest("HEAD"));
assertFalse(isWriteRequest("TRACE"));
assertFalse(isWriteRequest("OPTIONS"));
// write methods
assertTrue(isWriteRequest("POST"));
assertTrue(isWriteRequest("PUT"));
assertTrue(isWriteRequest("DELETE"));
assertTrue(isWriteRequest("KA"));
}
private boolean isWriteRequest(String method) {
when(request.getMethod()).thenReturn(method);
return filter.isWriteRequest(request);
}
}