diff options
Diffstat (limited to 'gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectDigestFilter.java')
-rw-r--r-- | gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectDigestFilter.java | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectDigestFilter.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectDigestFilter.java index 929d0340d1..c5b0e90cc7 100644 --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectDigestFilter.java +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/ProjectDigestFilter.java @@ -23,18 +23,23 @@ import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; import com.google.gerrit.server.account.AccountCache; import com.google.gerrit.server.account.AccountState; import com.google.gerrit.server.config.CanonicalWebUrl; +import com.google.gerrit.server.config.GerritServerConfig; import com.google.gwtjsonrpc.server.SignedToken; import com.google.gwtjsonrpc.server.XsrfException; import com.google.inject.Inject; import com.google.inject.Provider; import com.google.inject.Singleton; +import org.eclipse.jgit.http.server.GitSmartHttpTools; +import org.eclipse.jgit.lib.Config; + import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Collections; import java.util.HashMap; +import java.util.Locale; import java.util.Map; import javax.annotation.Nullable; @@ -54,7 +59,7 @@ import javax.servlet.http.HttpServletResponseWrapper; * <p> * The current HTTP request is authenticated by looking up the username from the * Authorization header and checking the digest response against the stored - * password. This filter is intended only to protect the {@link ProjectServlet} + * password. This filter is intended only to protect the {@link GitOverHttpServlet} * and its handled URLs, which provide remote repository access over HTTP. * * @see <a href="http://www.ietf.org/rfc/rfc2617.txt">RFC 2617</a> @@ -67,16 +72,18 @@ class ProjectDigestFilter implements Filter { private final Provider<String> urlProvider; private final Provider<WebSession> session; private final AccountCache accountCache; + private final Config config; private final SignedToken tokens; private ServletContext context; @Inject ProjectDigestFilter(@CanonicalWebUrl @Nullable Provider<String> urlProvider, - Provider<WebSession> session, AccountCache accountCache) - throws XsrfException { + Provider<WebSession> session, AccountCache accountCache, + @GerritServerConfig Config config) throws XsrfException { this.urlProvider = urlProvider; this.session = session; this.accountCache = accountCache; + this.config = config; this.tokens = new SignedToken((int) SECONDS.convert(1, HOURS)); } @@ -93,6 +100,11 @@ class ProjectDigestFilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; + if (!GitSmartHttpTools.isGitClient(req)) { + chain.doFilter(request, response); + return; + } + Response rsp = new Response((HttpServletResponse) response); if (verify(req, rsp)) { @@ -111,7 +123,7 @@ class ProjectDigestFilter implements Filter { } final Map<String, String> p = parseAuthorization(hdr); - final String username = p.get("username"); + final String user = p.get("username"); final String realm = p.get("realm"); final String nonce = p.get("nonce"); final String uri = p.get("uri"); @@ -121,7 +133,7 @@ class ProjectDigestFilter implements Filter { final String cnonce = p.get("cnonce"); final String method = req.getMethod(); - if (username == null // + if (user == null // || realm == null // || nonce == null // || uri == null // @@ -133,6 +145,11 @@ class ProjectDigestFilter implements Filter { return false; } + String username = user; + if (config.getBoolean("auth", "userNameToLowerCase", false)) { + username = username.toLowerCase(Locale.US); + } + final AccountState who = accountCache.getByUsername(username); if (who == null || ! who.getAccount().isActive()) { rsp.sendError(SC_UNAUTHORIZED); @@ -145,7 +162,7 @@ class ProjectDigestFilter implements Filter { return false; } - final String A1 = username + ":" + realm + ":" + passwd; + final String A1 = user + ":" + realm + ":" + passwd; final String A2 = method + ":" + uri; final String expect = KD(H(A1), nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + H(A2)); |