Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-01 11:05:56 +01:00
Code Issues Packages Projects Releases Activity

Fix usage of custom realm description for scm protocols (#1512)

Browse Source 
Fixes missing usage of custom realm description for scm client operations.

Fixes #1487
This commit is contained in:
Sebastian Sdorra
2021-01-29 07:59:18 +01:00
committed by GitHub
parent 1115cae81b
commit 4202178c01
7 changed files with 127 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -31,6 +31,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed ### Fixed
- Add explicit provider setup for bouncy castle ([#1500](https://github.com/scm-manager/scm-manager/pull/1500)) - Add explicit provider setup for bouncy castle ([#1500](https://github.com/scm-manager/scm-manager/pull/1500))
- Repository contact information is editable ([#1508](https://github.com/scm-manager/scm-manager/pull/1508)) - Repository contact information is editable ([#1508](https://github.com/scm-manager/scm-manager/pull/1508))
- Usage of custom realm description for scm protocols ([#1512](https://github.com/scm-manager/scm-manager/pull/1512))
## [2.12.0] - 2020-12-17 ## [2.12.0] - 2020-12-17
### Added ### Added

24
scm-core/src/main/java/sonia/scm/util/HttpUtil.java
View File

@@ -582,20 +582,20 @@ public final class HttpUtil
HttpServletResponse response, String realmDescription) HttpServletResponse response, String realmDescription)
throws IOException throws IOException
{ {
if ((request == null) ||!isWUIRequest(request)) if ((request == null) ||!isWUIRequest(request)) {
{ String headerValue = "Basic realm=\"";
response.setHeader(HEADER_WWW_AUTHENTICATE, if (Strings.isNullOrEmpty(realmDescription)) {
"Basic realm=\"".concat(realmDescription).concat("\"")); headerValue += AUTHENTICATION_REALM;
} else {
} headerValue += realmDescription;
else if (logger.isTraceEnabled()) }
{ headerValue += "\"";
logger.trace( response.setHeader(HEADER_WWW_AUTHENTICATE, headerValue);
"do not send WWW-Authenticate header, because the client is the web interface"); } else if (logger.isTraceEnabled()) {
logger.trace("do not send WWW-Authenticate header, because the client is the web interface");
} }
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, response.sendError(HttpServletResponse.SC_UNAUTHORIZED, STATUS_UNAUTHORIZED_MESSAGE);
STATUS_UNAUTHORIZED_MESSAGE);
} }
/** /**

4
scm-core/src/main/java/sonia/scm/web/filter/HttpProtocolServletAuthenticationFilterBase.java
View File

@@ -21,7 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
*/ */
package sonia.scm.web.filter; package sonia.scm.web.filter;
import sonia.scm.config.ScmConfiguration; import sonia.scm.config.ScmConfiguration;
@@ -57,7 +57,7 @@ public class HttpProtocolServletAuthenticationFilterBase extends AuthenticationF
// we can proceed the filter chain because the HttpProtocolServlet will render the ui if the client is a browser // we can proceed the filter chain because the HttpProtocolServlet will render the ui if the client is a browser
chain.doFilter(request, response); chain.doFilter(request, response);
} else { } else {
HttpUtil.sendUnauthorized(request, response); HttpUtil.sendUnauthorized(request, response, configuration.getRealmDescription());
} }
} }

39
scm-core/src/test/java/sonia/scm/util/HttpUtilTest.java
View File

@@ -39,6 +39,8 @@ import static org.mockito.Mockito.*;
//~--- JDK imports ------------------------------------------------------------ //~--- JDK imports ------------------------------------------------------------
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/** /**
* *
@@ -396,13 +398,10 @@ public class HttpUtilTest
@Test @Test
public void getPortFromUrlTest() public void getPortFromUrlTest()
{ {
assertTrue(HttpUtil.getPortFromUrl("http://www.scm-manager.org") == 80); assertThat(HttpUtil.getPortFromUrl("http://www.scm-manager.org")).isEqualTo(80);
assertTrue(HttpUtil.getPortFromUrl("https://www.scm-manager.org") == 443); assertThat(HttpUtil.getPortFromUrl("https://www.scm-manager.org")).isEqualTo(443);
assertTrue(HttpUtil.getPortFromUrl("http://www.scm-manager.org:8080") assertThat(HttpUtil.getPortFromUrl("http://www.scm-manager.org:8080")).isEqualTo(8080);
== 8080); assertThat(HttpUtil.getPortFromUrl("http://www.scm-manager.org:8181/test/folder")).isEqualTo(8181);
assertTrue(
HttpUtil.getPortFromUrl("http://www.scm-manager.org:8181/test/folder")
== 8181);
} }
/** /**
@@ -418,9 +417,9 @@ public class HttpUtilTest
ScmConfiguration config = new ScmConfiguration(); ScmConfiguration config = new ScmConfiguration();
assertTrue(HttpUtil.getServerPort(config, request) == 443); assertThat(HttpUtil.getServerPort(config, request)).isEqualTo(443);
config.setBaseUrl("http://www.scm-manager.org:8080"); config.setBaseUrl("http://www.scm-manager.org:8080");
assertTrue(HttpUtil.getServerPort(config, request) == 8080); assertThat(HttpUtil.getServerPort(config, request)).isEqualTo(8080);
} }
/** /**
@@ -508,4 +507,26 @@ public class HttpUtilTest
assertThat(HttpUtil.isWUIRequest(request)).isTrue(); assertThat(HttpUtil.isWUIRequest(request)).isTrue();
} }
@Test
public void sendUnauthorized() throws IOException {
HttpServletResponse response = mock(HttpServletResponse.class);
HttpUtil.sendUnauthorized(response, "Hitchhikers finest");
verify(response).setHeader(HttpUtil.HEADER_WWW_AUTHENTICATE, "Basic realm=\"Hitchhikers finest\"");
verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, HttpUtil.STATUS_UNAUTHORIZED_MESSAGE);
}
@Test
public void sendUnauthorizedWithDefaultRealmForNullDescription() throws IOException {
HttpServletResponse response = mock(HttpServletResponse.class);
HttpUtil.sendUnauthorized(response, null);
verify(response).setHeader(HttpUtil.HEADER_WWW_AUTHENTICATE, "Basic realm=\"" + HttpUtil.AUTHENTICATION_REALM + "\"");
}
@Test
public void sendUnauthorizedWithDefaultRealmForEmptyDescription() throws IOException {
HttpServletResponse response = mock(HttpServletResponse.class);
HttpUtil.sendUnauthorized(response, "");
verify(response).setHeader(HttpUtil.HEADER_WWW_AUTHENTICATE, "Basic realm=\"" + HttpUtil.AUTHENTICATION_REALM + "\"");
}
} }

13
scm-core/src/test/java/sonia/scm/web/filter/HttpProtocolServletAuthenticationFilterBaseTest.java
View File

@@ -51,7 +51,7 @@ import static org.mockito.Mockito.when;
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class HttpProtocolServletAuthenticationFilterBaseTest { class HttpProtocolServletAuthenticationFilterBaseTest {
private ScmConfiguration configuration = new ScmConfiguration(); private ScmConfiguration configuration;
private Set<WebTokenGenerator> tokenGenerators = Collections.emptySet(); private Set<WebTokenGenerator> tokenGenerators = Collections.emptySet();
@@ -74,6 +74,7 @@ class HttpProtocolServletAuthenticationFilterBaseTest {
@BeforeEach @BeforeEach
void setUpObjectUnderTest() { void setUpObjectUnderTest() {
configuration = new ScmConfiguration();
authenticationFilter = new HttpProtocolServletAuthenticationFilterBase(configuration, tokenGenerators, userAgentParser); authenticationFilter = new HttpProtocolServletAuthenticationFilterBase(configuration, tokenGenerators, userAgentParser);
} }
@@ -86,6 +87,16 @@ class HttpProtocolServletAuthenticationFilterBaseTest {
verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, HttpUtil.STATUS_UNAUTHORIZED_MESSAGE); verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, HttpUtil.STATUS_UNAUTHORIZED_MESSAGE);
} }
@Test
void shouldSendConfiguredRealmDescription() throws IOException, ServletException {
configuration.setRealmDescription("Hitchhikers finest");
when(userAgentParser.parse(request)).thenReturn(nonBrowser);
authenticationFilter.handleUnauthorized(request, response, filterChain);
verify(response).setHeader(HttpUtil.HEADER_WWW_AUTHENTICATE, "Basic realm=\"Hitchhikers finest\"");
}
@Test @Test
void shouldCallFilterChain() throws IOException, ServletException { void shouldCallFilterChain() throws IOException, ServletException {
when(userAgentParser.parse(request)).thenReturn(browser); when(userAgentParser.parse(request)).thenReturn(browser);

9
scm-webapp/src/main/java/sonia/scm/web/protocol/HttpProtocolServlet.java
View File

@@ -21,7 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
*/ */
package sonia.scm.web.protocol; package sonia.scm.web.protocol;
import com.google.inject.Inject; import com.google.inject.Inject;
@@ -31,6 +31,7 @@ import org.apache.http.HttpStatus;
import org.apache.shiro.authz.AuthorizationException; import org.apache.shiro.authz.AuthorizationException;
import sonia.scm.NotFoundException; import sonia.scm.NotFoundException;
import sonia.scm.PushStateDispatcher; import sonia.scm.PushStateDispatcher;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.filter.WebElement; import sonia.scm.filter.WebElement;
import sonia.scm.repository.DefaultRepositoryProvider; import sonia.scm.repository.DefaultRepositoryProvider;
import sonia.scm.repository.NamespaceAndName; import sonia.scm.repository.NamespaceAndName;
@@ -57,6 +58,7 @@ public class HttpProtocolServlet extends HttpServlet {
public static final String PATH = "/repo"; public static final String PATH = "/repo";
public static final String PATTERN = PATH + "/*"; public static final String PATTERN = PATH + "/*";
private final ScmConfiguration configuration;
private final RepositoryServiceFactory serviceFactory; private final RepositoryServiceFactory serviceFactory;
private final NamespaceAndNameFromPathExtractor pathExtractor; private final NamespaceAndNameFromPathExtractor pathExtractor;
private final PushStateDispatcher dispatcher; private final PushStateDispatcher dispatcher;
@@ -64,7 +66,8 @@ public class HttpProtocolServlet extends HttpServlet {
@Inject @Inject
public HttpProtocolServlet(RepositoryServiceFactory serviceFactory, NamespaceAndNameFromPathExtractor pathExtractor, PushStateDispatcher dispatcher, UserAgentParser userAgentParser) { public HttpProtocolServlet(ScmConfiguration configuration, RepositoryServiceFactory serviceFactory, NamespaceAndNameFromPathExtractor pathExtractor, PushStateDispatcher dispatcher, UserAgentParser userAgentParser) {
this.configuration = configuration;
this.serviceFactory = serviceFactory; this.serviceFactory = serviceFactory;
this.pathExtractor = pathExtractor; this.pathExtractor = pathExtractor;
this.dispatcher = dispatcher; this.dispatcher = dispatcher;
@@ -100,7 +103,7 @@ public class HttpProtocolServlet extends HttpServlet {
} catch (AuthorizationException e) { } catch (AuthorizationException e) {
log.debug(e.getMessage()); log.debug(e.getMessage());
if (Authentications.isAuthenticatedSubjectAnonymous()) { if (Authentications.isAuthenticatedSubjectAnonymous()) {
HttpUtil.sendUnauthorized(resp); HttpUtil.sendUnauthorized(resp, configuration.getRealmDescription());
} else { } else {
resp.setStatus(HttpStatus.SC_FORBIDDEN); resp.setStatus(HttpStatus.SC_FORBIDDEN);
} }

65
scm-webapp/src/test/java/sonia/scm/web/protocol/HttpProtocolServletTest.java
View File

@@ -21,9 +21,13 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
*/ */
package sonia.scm.web.protocol; package sonia.scm.web.protocol;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -33,6 +37,8 @@ import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import sonia.scm.NotFoundException; import sonia.scm.NotFoundException;
import sonia.scm.PushStateDispatcher; import sonia.scm.PushStateDispatcher;
import sonia.scm.SCMContext;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.repository.DefaultRepositoryProvider; import sonia.scm.repository.DefaultRepositoryProvider;
import sonia.scm.repository.NamespaceAndName; import sonia.scm.repository.NamespaceAndName;
import sonia.scm.repository.Repository; import sonia.scm.repository.Repository;
@@ -40,6 +46,9 @@ import sonia.scm.repository.RepositoryTestData;
import sonia.scm.repository.api.RepositoryService; import sonia.scm.repository.api.RepositoryService;
import sonia.scm.repository.api.RepositoryServiceFactory; import sonia.scm.repository.api.RepositoryServiceFactory;
import sonia.scm.repository.spi.HttpScmProtocol; import sonia.scm.repository.spi.HttpScmProtocol;
import sonia.scm.security.AnonymousMode;
import sonia.scm.security.AnonymousToken;
import sonia.scm.util.HttpUtil;
import sonia.scm.web.UserAgent; import sonia.scm.web.UserAgent;
import sonia.scm.web.UserAgentParser; import sonia.scm.web.UserAgentParser;
@@ -67,6 +76,9 @@ class HttpProtocolServletTest {
@Mock @Mock
private UserAgentParser userAgentParser; private UserAgentParser userAgentParser;
@Mock
private ScmConfiguration configuration;
@InjectMocks @InjectMocks
private HttpProtocolServlet servlet; private HttpProtocolServlet servlet;
@@ -153,5 +165,56 @@ class HttpProtocolServletTest {
verify(repositoryService).close(); verify(repositoryService).close();
} }
@Nested
class WithSubject {
@Mock
private Subject subject;
@BeforeEach
void setUpSubject() {
ThreadContext.bind(subject);
}
@AfterEach
void tearDownSubject() {
ThreadContext.unbindSubject();
}
@Test
void shouldSendUnauthorizedWithCustomRealmDescription() throws IOException, ServletException {
when(subject.getPrincipal()).thenReturn(SCMContext.USER_ANONYMOUS);
when(configuration.getRealmDescription()).thenReturn("Hitchhikers finest");
callServiceWithAuthorizationException();
verify(response).setHeader(HttpUtil.HEADER_WWW_AUTHENTICATE, "Basic realm=\"Hitchhikers finest\"");
verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, HttpUtil.STATUS_UNAUTHORIZED_MESSAGE);
}
@Test
void shouldSendForbidden() throws IOException, ServletException {
callServiceWithAuthorizationException();
verify(response).setStatus(HttpServletResponse.SC_FORBIDDEN);
}
private void callServiceWithAuthorizationException() throws IOException, ServletException {
NamespaceAndName repo = new NamespaceAndName("space", "name");
when(extractor.fromUri("/space/name")).thenReturn(Optional.of(repo));
when(serviceFactory.create(repo)).thenReturn(repositoryService);
when(request.getPathInfo()).thenReturn("/space/name");
Repository repository = RepositoryTestData.createHeartOfGold();
when(repositoryService.getRepository()).thenReturn(repository);
when(repositoryService.getProtocol(HttpScmProtocol.class)).thenThrow(
new AuthorizationException("failed")
);
servlet.service(request, response);
}
}
} }
} }