summaryrefslogtreecommitdiffstats
path: root/gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectDigestFilter.java
diff options
context:
space:
mode:
Diffstat (limited to 'gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectDigestFilter.java')
-rw-r--r--gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectDigestFilter.java29
1 files changed, 23 insertions, 6 deletions
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectDigestFilter.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectDigestFilter.java
index 929d0340d1..c5b0e90cc7 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectDigestFilter.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectDigestFilter.java
@@ -23,18 +23,23 @@ import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
import com.google.gerrit.server.account.AccountCache;
import com.google.gerrit.server.account.AccountState;
import com.google.gerrit.server.config.CanonicalWebUrl;
+import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gwtjsonrpc.server.SignedToken;
import com.google.gwtjsonrpc.server.XsrfException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
+import org.eclipse.jgit.http.server.GitSmartHttpTools;
+import org.eclipse.jgit.lib.Config;
+
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashMap;
+import java.util.Locale;
import java.util.Map;
import javax.annotation.Nullable;
@@ -54,7 +59,7 @@ import javax.servlet.http.HttpServletResponseWrapper;
* <p>
* The current HTTP request is authenticated by looking up the username from the
* Authorization header and checking the digest response against the stored
- * password. This filter is intended only to protect the {@link ProjectServlet}
+ * password. This filter is intended only to protect the {@link GitOverHttpServlet}
* and its handled URLs, which provide remote repository access over HTTP.
*
* @see <a href="http://www.ietf.org/rfc/rfc2617.txt">RFC 2617</a>
@@ -67,16 +72,18 @@ class ProjectDigestFilter implements Filter {
private final Provider<String> urlProvider;
private final Provider<WebSession> session;
private final AccountCache accountCache;
+ private final Config config;
private final SignedToken tokens;
private ServletContext context;
@Inject
ProjectDigestFilter(@CanonicalWebUrl @Nullable Provider<String> urlProvider,
- Provider<WebSession> session, AccountCache accountCache)
- throws XsrfException {
+ Provider<WebSession> session, AccountCache accountCache,
+ @GerritServerConfig Config config) throws XsrfException {
this.urlProvider = urlProvider;
this.session = session;
this.accountCache = accountCache;
+ this.config = config;
this.tokens = new SignedToken((int) SECONDS.convert(1, HOURS));
}
@@ -93,6 +100,11 @@ class ProjectDigestFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
+ if (!GitSmartHttpTools.isGitClient(req)) {
+ chain.doFilter(request, response);
+ return;
+ }
+
Response rsp = new Response((HttpServletResponse) response);
if (verify(req, rsp)) {
@@ -111,7 +123,7 @@ class ProjectDigestFilter implements Filter {
}
final Map<String, String> p = parseAuthorization(hdr);
- final String username = p.get("username");
+ final String user = p.get("username");
final String realm = p.get("realm");
final String nonce = p.get("nonce");
final String uri = p.get("uri");
@@ -121,7 +133,7 @@ class ProjectDigestFilter implements Filter {
final String cnonce = p.get("cnonce");
final String method = req.getMethod();
- if (username == null //
+ if (user == null //
|| realm == null //
|| nonce == null //
|| uri == null //
@@ -133,6 +145,11 @@ class ProjectDigestFilter implements Filter {
return false;
}
+ String username = user;
+ if (config.getBoolean("auth", "userNameToLowerCase", false)) {
+ username = username.toLowerCase(Locale.US);
+ }
+
final AccountState who = accountCache.getByUsername(username);
if (who == null || ! who.getAccount().isActive()) {
rsp.sendError(SC_UNAUTHORIZED);
@@ -145,7 +162,7 @@ class ProjectDigestFilter implements Filter {
return false;
}
- final String A1 = username + ":" + realm + ":" + passwd;
+ final String A1 = user + ":" + realm + ":" + passwd;
final String A2 = method + ":" + uri;
final String expect =
KD(H(A1), nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + H(A2));
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 14:30:37 +0000