diff options
-rw-r--r-- | java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java | 2 | ||||
-rw-r--r-- | javatests/com/google/gerrit/httpd/ProjectBasicAuthFilterTest.java | 22 |
2 files changed, 22 insertions, 2 deletions
diff --git a/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java b/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java index e75d8feada..55ffef797b 100644 --- a/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java +++ b/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java @@ -99,7 +99,7 @@ class ProjectBasicAuthFilter implements Filter { HttpServletRequest req = (HttpServletRequest) request; Response rsp = new Response((HttpServletResponse) response); - if (verify(req, rsp)) { + if (session.get().isSignedIn() || verify(req, rsp)) { chain.doFilter(req, rsp); } } diff --git a/javatests/com/google/gerrit/httpd/ProjectBasicAuthFilterTest.java b/javatests/com/google/gerrit/httpd/ProjectBasicAuthFilterTest.java index 1f06472f59..f7792ed2d3 100644 --- a/javatests/com/google/gerrit/httpd/ProjectBasicAuthFilterTest.java +++ b/javatests/com/google/gerrit/httpd/ProjectBasicAuthFilterTest.java @@ -142,6 +142,27 @@ public class ProjectBasicAuthFilterTest { } @Test + public void shouldNotReauthenticateIfAlreadySignedIn() throws Exception { + req.addHeader( + "Authorization", + "Basic " + + B64_ENC.encodeToString( + (AUTH_USER + ":" + AUTH_PASSWORD).getBytes(StandardCharsets.UTF_8))); + res.setStatus(HttpServletResponse.SC_OK); + + doReturn(true).when(webSession).isSignedIn(); + + ProjectBasicAuthFilter basicAuthFilter = + new ProjectBasicAuthFilter(webSessionItem, accountCache, accountManager, authConfig); + + basicAuthFilter.doFilter(req, res, chain); + + verify(accountManager, never()).authenticate(any()); + verify(chain).doFilter(eq(req), any()); + assertThat(res.getStatus()).isEqualTo(HttpServletResponse.SC_OK); + } + + @Test public void shouldFailedAuthenticationAgainstRealm() throws Exception { req.addHeader( "Authorization", @@ -157,7 +178,6 @@ public class ProjectBasicAuthFilterTest { new ProjectBasicAuthFilter(webSessionItem, accountCache, accountManager, authConfig); basicAuthFilter.doFilter(req, res, chain); - basicAuthFilter.destroy(); verify(accountManager).authenticate(any()); |