merge with branch 1.x

2025-11-17 10:41:06 +01:00 · 2017-01-12 19:50:39 +01:00
parent 5332ac2466 b5aaf1ca4e
commit bad99919f4
250 changed files with 16399 additions and 1573 deletions
--- a/scm-webapp/src/main/java/sonia/scm/web/BasicWebTokenGenerator.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/BasicWebTokenGenerator.java
@@ -33,6 +33,12 @@ package sonia.scm.web;

 //~--- non-JDK imports --------------------------------------------------------

+import com.google.common.base.Charsets;
+import com.google.inject.Inject;
+
+import java.io.UnsupportedEncodingException;
+import java.nio.charset.Charset;
+
 import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.codec.Base64;

@@ -59,15 +65,28 @@ public class BasicWebTokenGenerator extends SchemeBasedWebTokenGenerator
 {

  /** credential separator for basic authentication */
-  public static final String CREDENTIAL_SEPARATOR = ":";
+  private static final String CREDENTIAL_SEPARATOR = ":";

+  /** default encoding to decode basic authentication header */
+  private static final Charset DEFAULT_ENCODING = Charsets.ISO_8859_1;
+  
  /**
   * the logger for BasicWebTokenGenerator
   */
  private static final Logger logger =
    LoggerFactory.getLogger(BasicWebTokenGenerator.class);

-  //~--- methods --------------------------------------------------------------
+  private final UserAgentParser userAgentParser;
+
+  /**
+   * Constructs a new BasicWebTokenGenerator.
+   *
+   * @param userAgentParser parser for user-agent header
+   */
+  @Inject
+  public BasicWebTokenGenerator(UserAgentParser userAgentParser) {
+    this.userAgentParser = userAgentParser;
+  }

  /**
   * Creates a {@link UsernamePasswordToken} from an authorization header with
@@ -88,7 +107,7 @@ public class BasicWebTokenGenerator extends SchemeBasedWebTokenGenerator

    if (HttpUtil.AUTHORIZATION_SCHEME_BASIC.equalsIgnoreCase(scheme))
    {
-      String token = new String(Base64.decode(authorization.getBytes()));
+      String token = decodeAuthenticationHeader(request, authorization);

      int index = token.indexOf(CREDENTIAL_SEPARATOR);

@@ -115,4 +134,32 @@ public class BasicWebTokenGenerator extends SchemeBasedWebTokenGenerator

    return authToken;
  }
+  
+/**
+   * Decode base64 of the basic authentication header. The method will use
+   * the charset provided by the {@link UserAgent}, if the 
+   * {@link UserAgentParser} is not available the method will be fall back to 
+   * ISO-8859-1.
+   *
+   * @param request http request
+   * @param authentication base64 encoded basic authentication string
+   *
+   * @return decoded basic authentication header
+   *
+   * @see <a href="http://goo.gl/tZEBS3">issue 627</a>
+   * @see <a href="http://goo.gl/NhbZ2F">Stackoverflow Basic Authentication</a>
+   *
+   * @throws UnsupportedEncodingException
+   */
+  private String decodeAuthenticationHeader(HttpServletRequest request, String authentication)
+  {
+    Charset encoding = DEFAULT_ENCODING;
+
+    if (userAgentParser != null)
+    {
+      encoding = userAgentParser.parse(request).getBasicAuthenticationCharset();
+    }
+
+    return new String(Base64.decode(authentication), encoding);
+  }
 }
--- a/scm-webapp/src/main/java/sonia/scm/web/BrowserUserAgentProvider.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/BrowserUserAgentProvider.java
@@ -0,0 +1,128 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Charsets;
+
+import sonia.scm.plugin.Extension;
+
+/**
+ *
+ * @author Sebastian Sdorra <s.sdorra@gmail.com>
+ */
+@Extension
+public class BrowserUserAgentProvider implements UserAgentProvider
+{
+
+  /** Field description */
+  @VisibleForTesting
+  static final UserAgent CHROME = UserAgent.builder(
+                                    "Chrome").basicAuthenticationCharset(
+                                    Charsets.UTF_8).build();
+
+  /** Field description */
+  private static final String CHROME_PATTERN = "chrome";
+
+  /** Field description */
+  @VisibleForTesting
+  static final UserAgent FIREFOX = UserAgent.builder("Firefox").build();
+
+  /** Field description */
+  private static final String FIREFOX_PATTERN = "firefox";
+
+  /** Field description */
+  @VisibleForTesting
+  static final UserAgent MSIE = UserAgent.builder("Internet Explorer").build();
+
+  /** Field description */
+  private static final String MSIE_PATTERN = "msie";
+
+  /** Field description */
+  @VisibleForTesting    // todo check charset
+  static final UserAgent SAFARI = UserAgent.builder("Safari").build();
+
+  /** Field description */
+  private static final String OPERA_PATTERN = "opera";
+
+  /** Field description */
+  private static final String SAFARI_PATTERN = "safari";
+
+  /** Field description */
+  @VisibleForTesting    // todo check charset
+  static final UserAgent OPERA = UserAgent.builder(
+                                   "Opera").basicAuthenticationCharset(
+                                   Charsets.UTF_8).build();
+
+  //~--- methods --------------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param userAgentString
+   *
+   * @return
+   */
+  @Override
+  public UserAgent parseUserAgent(String userAgentString)
+  {
+    UserAgent ua = null;
+
+    if (userAgentString.contains(CHROME_PATTERN))
+    {
+      ua = CHROME;
+    }
+    else if (userAgentString.contains(FIREFOX_PATTERN))
+    {
+      ua = FIREFOX;
+    }
+    else if (userAgentString.contains(OPERA_PATTERN))
+    {
+      ua = OPERA;
+    }
+    else if (userAgentString.contains(MSIE_PATTERN))
+    {
+      ua = MSIE;
+    }
+    else if (userAgentString.contains(SAFARI_PATTERN))
+    {
+      ua = SAFARI;
+    }
+
+    return ua;
+  }
+}
--- a/scm-webapp/src/main/java/sonia/scm/web/cgi/DefaultCGIExecutor.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/cgi/DefaultCGIExecutor.java
@@ -58,6 +58,7 @@ import java.io.OutputStream;

 import java.util.Enumeration;
 import java.util.Map;
+import java.util.concurrent.ExecutorService;

 import javax.servlet.ServletContext;
 import javax.servlet.ServletInputStream;
@@ -94,15 +95,17 @@ public class DefaultCGIExecutor extends AbstractCGIExecutor
   * Constructs ...
   *
   *
+   * @param executor to handle error stream processing
   * @param configuration
   * @param context
   * @param request
   * @param response
   */
-  public DefaultCGIExecutor(ScmConfiguration configuration,
-    ServletContext context, HttpServletRequest request,
-    HttpServletResponse response)
+  public DefaultCGIExecutor(ExecutorService executor,
+    ScmConfiguration configuration, ServletContext context,
+    HttpServletRequest request, HttpServletResponse response)
  {
+    this.executor = executor;
    this.configuration = configuration;
    this.context = context;
    this.request = request;
@@ -190,7 +193,7 @@ public class DefaultCGIExecutor extends AbstractCGIExecutor
      p = Runtime.getRuntime().exec(execCmd, env.getEnvArray(), workDirectory);
      execute(p);
    }
-    catch (Throwable ex)
+    catch (IOException ex)
    {
      getExceptionHandler().handleException(request, response, ex);
    }
@@ -507,7 +510,7 @@ public class DefaultCGIExecutor extends AbstractCGIExecutor
   */
  private void processErrorStreamAsync(final Process process)
  {
-    new Thread(new Runnable()
+    executor.execute(new Runnable()
    {
      @Override
      public void run()
@@ -528,7 +531,7 @@ public class DefaultCGIExecutor extends AbstractCGIExecutor
          IOUtil.close(errorStream);
        }
      }
-    }).start();
+    });
  }

  /**
@@ -539,6 +542,8 @@ public class DefaultCGIExecutor extends AbstractCGIExecutor
   */
  private void processServletInput(Process process)
  {
+    logger.trace("process servlet input");
+
    OutputStream processOS = null;
    ServletInputStream servletIS = null;

@@ -637,6 +642,9 @@ public class DefaultCGIExecutor extends AbstractCGIExecutor

  //~--- fields ---------------------------------------------------------------

+  /** executor to handle error stream processing */
+  private final ExecutorService executor;
+
  /** Field description */
  private ScmConfiguration configuration;

--- a/scm-webapp/src/main/java/sonia/scm/web/cgi/DefaultCGIExecutorFactory.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/cgi/DefaultCGIExecutorFactory.java
@@ -35,10 +35,15 @@ package sonia.scm.web.cgi;

 //~--- non-JDK imports --------------------------------------------------------

+import com.google.common.util.concurrent.ThreadFactoryBuilder;
+
 import sonia.scm.config.ScmConfiguration;

 //~--- JDK imports ------------------------------------------------------------

+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -50,6 +55,21 @@ import javax.servlet.http.HttpServletResponse;
 public class DefaultCGIExecutorFactory implements CGIExecutorFactory
 {

+  /**
+   * Constructs ...
+   *
+   */
+  public DefaultCGIExecutorFactory()
+  {
+    //J-
+    this.executor = Executors.newCachedThreadPool(
+      new ThreadFactoryBuilder().setNameFormat("cgi-pool-%d").build()
+    );
+    //J+
+  }
+
+  //~--- methods --------------------------------------------------------------
+
  /**
   * Method description
   *
@@ -63,10 +83,15 @@ public class DefaultCGIExecutorFactory implements CGIExecutorFactory
   */
  @Override
  public CGIExecutor createExecutor(ScmConfiguration configuration,
-                                    ServletContext context,
-                                    HttpServletRequest request,
-                                    HttpServletResponse response)
+    ServletContext context, HttpServletRequest request,
+    HttpServletResponse response)
  {
-    return new DefaultCGIExecutor(configuration, context, request, response);
+    return new DefaultCGIExecutor(executor, configuration, context, request,
+      response);
  }
+
+  //~--- fields ---------------------------------------------------------------
+
+  /** Field description */
+  private final ExecutorService executor;
 }