githubFork/gitblit.git - Solinfo Gitblit

			@@ -31,6 +31,9 @@
			import java.util.concurrent.atomic.AtomicInteger;
			import java.util.regex.Pattern;

			import javax.servlet.http.HttpServletRequest;
			import javax.servlet.http.HttpServletResponse;

			import org.apache.wicket.MarkupContainer;
			import org.apache.wicket.PageParameters;
			import org.apache.wicket.behavior.HeaderContributor;
			@@ -46,9 +49,11 @@
			import org.apache.wicket.markup.repeater.data.ListDataProvider;
			import org.apache.wicket.model.IModel;
			import org.apache.wicket.model.Model;
			import org.apache.wicket.protocol.http.WebRequest;
			import org.apache.wicket.protocol.http.WebResponse;

			import com.gitblit.Constants;
			import com.gitblit.Constants.AuthenticationType;
			import com.gitblit.Keys;
			import com.gitblit.extensions.NavLinkExtension;
			import com.gitblit.extensions.UserMenuExtension;
			@@ -261,28 +266,33 @@

			private void loginUser(UserModel user) {
			if (user != null) {
			HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
			HttpServletResponse response = ((WebResponse) getResponse()).getHttpServletResponse();

			// Set the user into the session
			GitBlitWebSession session = GitBlitWebSession.get();

			// issue 62: fix session fixation vulnerability
			session.replaceSession();
			session.setUser(user);

			request = ((WebRequest) getRequest()).getHttpServletRequest();
			response = ((WebResponse) getResponse()).getHttpServletResponse();
			request.getSession().setAttribute(Constants.AUTHENTICATION_TYPE, AuthenticationType.CREDENTIALS);

			// Set Cookie
			if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, false)) {
			WebResponse response = (WebResponse) getRequestCycle().getResponse();
			app().authentication().setCookie(response.getHttpServletResponse(), user);
			}
			app().authentication().setCookie(request, response, user);

			if (!session.continueRequest()) {
			PageParameters params = getPageParameters();
			if (params == null) {
			// redirect to this page
			setResponsePage(getClass());
			redirectTo(getClass());
			} else {
			// Strip username and password and redirect to this page
			params.remove("username");
			params.remove("password");
			setResponsePage(getClass(), params);
			redirectTo(getClass(), params);
			}
			}
			}
			@@ -596,7 +606,9 @@
			GitBlitWebSession session = GitBlitWebSession.get();
			UserModel user = session.getUser();
			boolean editCredentials = app().authentication().supportsCredentialChanges(user);
			boolean standardLogin = session.authenticationType.isStandard();
			HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
			AuthenticationType authenticationType = (AuthenticationType) request.getSession().getAttribute(Constants.AUTHENTICATION_TYPE);
			boolean standardLogin = authenticationType.isStandard();

			if (app().settings().getBoolean(Keys.web.allowGravatar, true)) {
			add(new GravatarImage("username", user, "navbarGravatar", 20, false));
			@@ -607,7 +619,7 @@
			List<MenuItem> standardItems = new ArrayList<MenuItem>();
			standardItems.add(new MenuDivider());
			if (user.canAdmin() \|\| user.canCreate()) {
			standardItems.add(new PageLinkMenuItem("gb.newRepository", EditRepositoryPage.class));
			standardItems.add(new PageLinkMenuItem("gb.newRepository", app().getNewRepositoryPage()));
			}
			standardItems.add(new PageLinkMenuItem("gb.myProfile", UserPage.class,
			WicketUtils.newUsernameParameter(user.username)));