githubFork/gitblit.git - Solinfo Gitblit

			@@ -24,10 +24,13 @@
			import java.lang.reflect.Field;
			import java.net.URI;
			import java.net.URISyntaxException;
			import java.nio.charset.Charset;
			import java.security.Principal;
			import java.text.MessageFormat;
			import java.text.SimpleDateFormat;
			import java.util.ArrayList;
			import java.util.Arrays;
			import java.util.Calendar;
			import java.util.Collection;
			import java.util.Collections;
			import java.util.Date;
			@@ -55,8 +58,12 @@
			import javax.servlet.ServletContextEvent;
			import javax.servlet.ServletContextListener;
			import javax.servlet.http.Cookie;
			import javax.servlet.http.HttpServletRequest;

			import org.apache.wicket.RequestCycle;
			import org.apache.wicket.protocol.http.WebResponse;
			import org.apache.wicket.resource.ContextRelativeResource;
			import org.apache.wicket.util.resource.ResourceStreamNotFoundException;
			import org.eclipse.jgit.lib.Repository;
			import org.eclipse.jgit.lib.RepositoryCache;
			import org.eclipse.jgit.lib.RepositoryCache.FileKey;
			@@ -69,17 +76,25 @@
			import org.slf4j.Logger;
			import org.slf4j.LoggerFactory;

			import com.gitblit.Constants.AccessPermission;
			import com.gitblit.Constants.AccessRestrictionType;
			import com.gitblit.Constants.AuthenticationType;
			import com.gitblit.Constants.AuthorizationControl;
			import com.gitblit.Constants.FederationRequest;
			import com.gitblit.Constants.FederationStrategy;
			import com.gitblit.Constants.FederationToken;
			import com.gitblit.Constants.PermissionType;
			import com.gitblit.Constants.RegistrantType;
			import com.gitblit.fanout.FanoutNioService;
			import com.gitblit.fanout.FanoutService;
			import com.gitblit.fanout.FanoutSocketService;
			import com.gitblit.models.FederationModel;
			import com.gitblit.models.FederationProposal;
			import com.gitblit.models.FederationSet;
			import com.gitblit.models.ForkModel;
			import com.gitblit.models.Metric;
			import com.gitblit.models.ProjectModel;
			import com.gitblit.models.RegistrantAccessPermission;
			import com.gitblit.models.RepositoryModel;
			import com.gitblit.models.SearchResult;
			import com.gitblit.models.ServerSettings;
			@@ -88,15 +103,21 @@
			import com.gitblit.models.TeamModel;
			import com.gitblit.models.UserModel;
			import com.gitblit.utils.ArrayUtils;
			import com.gitblit.utils.Base64;
			import com.gitblit.utils.ByteFormat;
			import com.gitblit.utils.ContainerUtils;
			import com.gitblit.utils.DeepCopier;
			import com.gitblit.utils.FederationUtils;
			import com.gitblit.utils.HttpUtils;
			import com.gitblit.utils.JGitUtils;
			import com.gitblit.utils.JsonUtils;
			import com.gitblit.utils.MetricUtils;
			import com.gitblit.utils.ObjectCache;
			import com.gitblit.utils.StringUtils;
			import com.gitblit.utils.TimeUtils;
			import com.gitblit.utils.X509Utils.X509Metadata;
			import com.gitblit.wicket.GitBlitWebSession;
			import com.gitblit.wicket.WicketUtils;

			/**
			* GitBlit is the servlet context listener singleton that acts as the core for
			@@ -136,6 +157,10 @@
			private final Map<String, ProjectModel> projectCache = new ConcurrentHashMap<String, ProjectModel>();

			private final AtomicReference<String> repositoryListSettingsChecksum = new AtomicReference<String>("");

			private final ObjectCache<String> projectMarkdownCache = new ObjectCache<String>();

			private final ObjectCache<String> projectRepositoriesMarkdownCache = new ObjectCache<String>();

			private ServletContext servletContext;

			@@ -153,15 +178,24 @@

			private LuceneExecutor luceneExecutor;

			private GCExecutor gcExecutor;

			private TimeZone timezone;

			private FileBasedConfig projectConfigs;

			private FanoutService fanoutService;

			public GitBlit() {
			if (gitblit == null) {
			// set the static singleton reference
			gitblit = this;
			}
			}

			public GitBlit(final IUserService userService) {
			this.userService = userService;
			gitblit = this;
			}

			/**
			@@ -238,6 +272,34 @@
			*/
			public static int getInteger(String key, int defaultValue) {
			return self().settings.getInteger(key, defaultValue);
			}

			/**
			* Returns the value in bytes for the specified key. If the key does not
			* exist or the value for the key can not be interpreted as an integer, the
			* defaultValue is returned.
			*
			* @see IStoredSettings.getFilesize(String key, int defaultValue)
			* @param key
			* @param defaultValue
			* @return key value or defaultValue
			*/
			public static int getFilesize(String key, int defaultValue) {
			return self().settings.getFilesize(key, defaultValue);
			}

			/**
			* Returns the value in bytes for the specified key. If the key does not
			* exist or the value for the key can not be interpreted as a long, the
			* defaultValue is returned.
			*
			* @see IStoredSettings.getFilesize(String key, long defaultValue)
			* @param key
			* @param defaultValue
			* @return key value or defaultValue
			*/
			public static long getFilesize(String key, long defaultValue) {
			return self().settings.getFilesize(key, defaultValue);
			}

			/**
			@@ -414,36 +476,48 @@
			this.userService.setup(settings);
			}

			public boolean supportsAddUser() {
			return supportsCredentialChanges(new UserModel(""));
			}

			/**
			* Returns true if the user's credentials can be changed.
			*
			* @param user
			* @return true if the user service supports credential changes
			*/
			public boolean supportsCredentialChanges() {
			return userService.supportsCredentialChanges();
			public boolean supportsCredentialChanges(UserModel user) {
			return (user != null && user.isLocalAccount()) \|\| userService.supportsCredentialChanges();
			}

			/**
			* Returns true if the user's display name can be changed.
			*
			* @param user
			* @return true if the user service supports display name changes
			*/
			public boolean supportsDisplayNameChanges() {
			return userService.supportsDisplayNameChanges();
			public boolean supportsDisplayNameChanges(UserModel user) {
			return (user != null && user.isLocalAccount()) \|\| userService.supportsDisplayNameChanges();
			}

			/**
			* Returns true if the user's email address can be changed.
			*
			* @param user
			* @return true if the user service supports email address changes
			*/
			public boolean supportsEmailAddressChanges() {
			return userService.supportsEmailAddressChanges();
			public boolean supportsEmailAddressChanges(UserModel user) {
			return (user != null && user.isLocalAccount()) \|\| userService.supportsEmailAddressChanges();
			}

			/**
			* Returns true if the user's team memberships can be changed.
			*
			* @param user
			* @return true if the user service supports team membership changes
			*/
			public boolean supportsTeamMembershipChanges() {
			return userService.supportsTeamMembershipChanges();
			public boolean supportsTeamMembershipChanges(UserModel user) {
			return (user != null && user.isLocalAccount()) \|\| userService.supportsTeamMembershipChanges();
			}

			/**
			@@ -491,7 +565,7 @@
			* @param cookies
			* @return a user object or null
			*/
			public UserModel authenticate(Cookie[] cookies) {
			protected UserModel authenticate(Cookie[] cookies) {
			if (userService == null) {
			return null;
			}
			@@ -506,6 +580,127 @@
			}
			}
			return null;
			}

			/**
			* Authenticate a user based on HTTP request parameters.
			*
			* Authentication by X509Certificate is tried first and then by cookie.
			*
			* @param httpRequest
			* @return a user object or null
			*/
			public UserModel authenticate(HttpServletRequest httpRequest) {
			return authenticate(httpRequest, false);
			}

			/**
			* Authenticate a user based on HTTP request parameters.
			*
			* Authentication by X509Certificate, servlet container principal, cookie,
			* and BASIC header.
			*
			* @param httpRequest
			* @param requiresCertificate
			* @return a user object or null
			*/
			public UserModel authenticate(HttpServletRequest httpRequest, boolean requiresCertificate) {
			// try to authenticate by certificate
			boolean checkValidity = settings.getBoolean(Keys.git.enforceCertificateValidity, true);
			String [] oids = getStrings(Keys.git.certificateUsernameOIDs).toArray(new String[0]);
			UserModel model = HttpUtils.getUserModelFromCertificate(httpRequest, checkValidity, oids);
			if (model != null) {
			// grab real user model and preserve certificate serial number
			UserModel user = getUserModel(model.username);
			X509Metadata metadata = HttpUtils.getCertificateMetadata(httpRequest);
			if (user != null) {
			flagWicketSession(AuthenticationType.CERTIFICATE);
			logger.info(MessageFormat.format("{0} authenticated by client certificate {1} from {2}",
			user.username, metadata.serialNumber, httpRequest.getRemoteAddr()));
			return user;
			} else {
			logger.warn(MessageFormat.format("Failed to find UserModel for {0}, attempted client certificate ({1}) authentication from {2}",
			model.username, metadata.serialNumber, httpRequest.getRemoteAddr()));
			}
			}

			if (requiresCertificate) {
			// caller requires client certificate authentication (e.g. git servlet)
			return null;
			}

			// try to authenticate by servlet container principal
			Principal principal = httpRequest.getUserPrincipal();
			if (principal != null) {
			UserModel user = getUserModel(principal.getName());
			if (user != null) {
			flagWicketSession(AuthenticationType.CONTAINER);
			logger.info(MessageFormat.format("{0} authenticated by servlet container principal from {1}",
			user.username, httpRequest.getRemoteAddr()));
			return user;
			} else {
			logger.warn(MessageFormat.format("Failed to find UserModel for {0}, attempted servlet container authentication from {1}",
			principal.getName(), httpRequest.getRemoteAddr()));
			}
			}

			// try to authenticate by cookie
			if (allowCookieAuthentication()) {
			UserModel user = authenticate(httpRequest.getCookies());
			if (user != null) {
			flagWicketSession(AuthenticationType.COOKIE);
			logger.info(MessageFormat.format("{0} authenticated by cookie from {1}",
			user.username, httpRequest.getRemoteAddr()));
			return user;
			}
			}

			// try to authenticate by BASIC
			final String authorization = httpRequest.getHeader("Authorization");
			if (authorization != null && authorization.startsWith("Basic")) {
			// Authorization: Basic base64credentials
			String base64Credentials = authorization.substring("Basic".length()).trim();
			String credentials = new String(Base64.decode(base64Credentials),
			Charset.forName("UTF-8"));
			// credentials = username:password
			final String[] values = credentials.split(":",2);

			if (values.length == 2) {
			String username = values[0];
			char[] password = values[1].toCharArray();
			UserModel user = authenticate(username, password);
			if (user != null) {
			flagWicketSession(AuthenticationType.CREDENTIALS);
			logger.info(MessageFormat.format("{0} authenticated by BASIC request header from {1}",
			user.username, httpRequest.getRemoteAddr()));
			return user;
			} else {
			logger.warn(MessageFormat.format("Failed login attempt for {0}, invalid credentials ({1}) from {2}",
			username, credentials, httpRequest.getRemoteAddr()));
			}
			}
			}
			return null;
			}

			protected void flagWicketSession(AuthenticationType authenticationType) {
			RequestCycle requestCycle = RequestCycle.get();
			if (requestCycle != null) {
			// flag the Wicket session, if this is a Wicket request
			GitBlitWebSession session = GitBlitWebSession.get();
			session.authenticationType = authenticationType;
			}
			}

			/**
			* Open a file resource using the Servlet container.
			* @param file to open
			* @return InputStream of the opened file
			* @throws ResourceStreamNotFoundException
			*/
			public InputStream getResourceAsStream(String file) throws ResourceStreamNotFoundException {
			ContextRelativeResource res = WicketUtils.getResource(file);
			return res.getResourceStream().getInputStream();
			}

			/**
			@@ -582,6 +777,9 @@
			* @return true if successful
			*/
			public boolean deleteUser(String username) {
			if (StringUtils.isEmpty(username)) {
			return false;
			}
			return userService.deleteUser(username);
			}

			@@ -593,17 +791,112 @@
			* @return a user object or null
			*/
			public UserModel getUserModel(String username) {
			UserModel user = userService.getUserModel(username);
			if (StringUtils.isEmpty(username)) {
			return null;
			}
			UserModel user = userService.getUserModel(username);
			return user;
			}

			/**
			* Returns the effective list of permissions for this user, taking into account
			* team memberships, ownerships.
			*
			* @param user
			* @return the effective list of permissions for the user
			*/
			public List<RegistrantAccessPermission> getUserAccessPermissions(UserModel user) {
			if (StringUtils.isEmpty(user.username)) {
			// new user
			return new ArrayList<RegistrantAccessPermission>();
			}
			Set<RegistrantAccessPermission> set = new LinkedHashSet<RegistrantAccessPermission>();
			set.addAll(user.getRepositoryPermissions());
			// Flag missing repositories
			for (RegistrantAccessPermission permission : set) {
			if (permission.mutable && PermissionType.EXPLICIT.equals(permission.permissionType)) {
			RepositoryModel rm = GitBlit.self().getRepositoryModel(permission.registrant);
			if (rm == null) {
			permission.permissionType = PermissionType.MISSING;
			permission.mutable = false;
			continue;
			}
			}
			}

			// TODO reconsider ownership as a user property
			// manually specify personal repository ownerships
			for (RepositoryModel rm : repositoryListCache.values()) {
			if (rm.isUsersPersonalRepository(user.username) \|\| rm.isOwner(user.username)) {
			RegistrantAccessPermission rp = new RegistrantAccessPermission(rm.name, AccessPermission.REWIND,
			PermissionType.OWNER, RegistrantType.REPOSITORY, null, false);
			// user may be owner of a repository to which they've inherited
			// a team permission, replace any existing perm with owner perm
			set.remove(rp);
			set.add(rp);
			}
			}

			List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>(set);
			Collections.sort(list);
			return list;
			}

			/**
			* Returns the list of all users who are allowed to bypass the access
			* restriction placed on the specified repository.
			* Returns the list of users and their access permissions for the specified
			* repository including permission source information such as the team or
			* regular expression which sets the permission.
			*
			* @param repository
			* @return a list of RegistrantAccessPermissions
			*/
			public List<RegistrantAccessPermission> getUserAccessPermissions(RepositoryModel repository) {
			List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>();
			if (AccessRestrictionType.NONE.equals(repository.accessRestriction)) {
			// no permissions needed, REWIND for everyone!
			return list;
			}
			if (AuthorizationControl.AUTHENTICATED.equals(repository.authorizationControl)) {
			// no permissions needed, REWIND for authenticated!
			return list;
			}
			// NAMED users and teams
			for (UserModel user : userService.getAllUsers()) {
			RegistrantAccessPermission ap = user.getRepositoryPermission(repository);
			if (ap.permission.exceeds(AccessPermission.NONE)) {
			list.add(ap);
			}
			}
			return list;
			}

			/**
			* Sets the access permissions to the specified repository for the specified users.
			*
			* @param repository
			* @param permissions
			* @return true if the user models have been updated
			*/
			public boolean setUserAccessPermissions(RepositoryModel repository, Collection<RegistrantAccessPermission> permissions) {
			List<UserModel> users = new ArrayList<UserModel>();
			for (RegistrantAccessPermission up : permissions) {
			if (up.mutable) {
			// only set editable defined permissions
			UserModel user = userService.getUserModel(up.registrant);
			user.setRepositoryPermission(repository.name, up.permission);
			users.add(user);
			}
			}
			return userService.updateUserModels(users);
			}

			/**
			* Returns the list of all users who have an explicit access permission
			* for the specified repository.
			*
			* @see IUserService.getUsernamesForRepositoryRole(String)
			* @param repository
			* @return list of all usernames that can bypass the access restriction
			* @return list of all usernames that have an access permission for the repository
			*/
			public List<String> getRepositoryUsers(RepositoryModel repository) {
			return userService.getUsernamesForRepositoryRole(repository.name);
			@@ -618,8 +911,11 @@
			* @param usernames
			* @return true if successful
			*/
			@Deprecated
			public boolean setRepositoryUsers(RepositoryModel repository, List<String> repositoryUsers) {
			return userService.setUsernamesForRepositoryRole(repository.name, repositoryUsers);
			// rejects all changes since 1.2.0 because this would elevate
			// all discrete access permissions to RW+
			return false;
			}

			/**
			@@ -639,6 +935,22 @@
			throw new GitBlitException(MessageFormat.format(
			"Failed to rename ''{0}'' because ''{1}'' already exists.", username,
			user.username));
			}

			// rename repositories and owner fields for all repositories
			for (RepositoryModel model : getRepositoryModels(user)) {
			if (model.isUsersPersonalRepository(username)) {
			// personal repository
			model.owner = user.username;
			String oldRepositoryName = model.name;
			model.name = "~" + user.username + model.name.substring(model.projectPath.length());
			model.projectPath = "~" + user.username;
			updateRepositoryModel(oldRepositoryName, model, false);
			} else if (model.isOwner(username)) {
			// common/shared repo
			model.owner = user.username;
			updateRepositoryModel(model.name, model, false);
			}
			}
			}
			if (!userService.updateUserModel(username, user)) {
			@@ -677,14 +989,54 @@
			public TeamModel getTeamModel(String teamname) {
			return userService.getTeamModel(teamname);
			}


			/**
			* Returns the list of all teams who are allowed to bypass the access
			* restriction placed on the specified repository.
			* Returns the list of teams and their access permissions for the specified
			* repository including the source of the permission such as the admin flag
			* or a regular expression.
			*
			* @param repository
			* @return a list of RegistrantAccessPermissions
			*/
			public List<RegistrantAccessPermission> getTeamAccessPermissions(RepositoryModel repository) {
			List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>();
			for (TeamModel team : userService.getAllTeams()) {
			RegistrantAccessPermission ap = team.getRepositoryPermission(repository);
			if (ap.permission.exceeds(AccessPermission.NONE)) {
			list.add(ap);
			}
			}
			Collections.sort(list);
			return list;
			}

			/**
			* Sets the access permissions to the specified repository for the specified teams.
			*
			* @param repository
			* @param permissions
			* @return true if the team models have been updated
			*/
			public boolean setTeamAccessPermissions(RepositoryModel repository, Collection<RegistrantAccessPermission> permissions) {
			List<TeamModel> teams = new ArrayList<TeamModel>();
			for (RegistrantAccessPermission tp : permissions) {
			if (tp.mutable) {
			// only set explicitly defined access permissions
			TeamModel team = userService.getTeamModel(tp.registrant);
			team.setRepositoryPermission(repository.name, tp.permission);
			teams.add(team);
			}
			}
			return userService.updateTeamModels(teams);
			}

			/**
			* Returns the list of all teams who have an explicit access permission for
			* the specified repository.
			*
			* @see IUserService.getTeamnamesForRepositoryRole(String)
			* @param repository
			* @return list of all teamnames that can bypass the access restriction
			* @return list of all teamnames with explicit access permissions to the repository
			*/
			public List<String> getRepositoryTeams(RepositoryModel repository) {
			return userService.getTeamnamesForRepositoryRole(repository.name);
			@@ -699,8 +1051,11 @@
			* @param teamnames
			* @return true if successful
			*/
			@Deprecated
			public boolean setRepositoryTeams(RepositoryModel repository, List<String> repositoryTeams) {
			return userService.setTeamnamesForRepositoryRole(repository.name, repositoryTeams);
			// rejects all changes since 1.2.0 because this would elevate
			// all discrete access permissions to RW+
			return false;
			}

			/**
			@@ -743,7 +1098,7 @@
			*/
			private void addToCachedRepositoryList(RepositoryModel model) {
			if (settings.getBoolean(Keys.git.cacheRepositoryList, true)) {
			repositoryListCache.put(model.name, model);
			repositoryListCache.put(model.name.toLowerCase(), model);

			// update the fork origin repository with this repository clone
			if (!StringUtils.isEmpty(model.originRepository)) {
			@@ -765,7 +1120,7 @@
			if (StringUtils.isEmpty(name)) {
			return null;
			}
			return repositoryListCache.remove(name);
			return repositoryListCache.remove(name.toLowerCase());
			}

			/**
			@@ -859,6 +1214,16 @@
			}
			}

			// rebuild fork networks
			for (RepositoryModel model : repositoryListCache.values()) {
			if (!StringUtils.isEmpty(model.originRepository)) {
			if (repositoryListCache.containsKey(model.originRepository)) {
			RepositoryModel origin = repositoryListCache.get(model.originRepository);
			origin.addFork(model.name);
			}
			}
			}

			long duration = System.currentTimeMillis() - startTime;
			logger.info(MessageFormat.format(msg, repositoryListCache.size(), duration));
			}
			@@ -888,10 +1253,15 @@
			* @return repository or null
			*/
			public Repository getRepository(String repositoryName, boolean logError) {
			if (isCollectingGarbage(repositoryName)) {
			logger.warn(MessageFormat.format("Rejecting request for {0}, busy collecting garbage!", repositoryName));
			return null;
			}

			File dir = FileKey.resolve(new File(repositoriesFolder, repositoryName), FS.DETECTED);
			if (dir == null)
			return null;


			Repository r = null;
			try {
			FileKey key = FileKey.exact(dir, FS.DETECTED);
			@@ -957,14 +1327,13 @@
			if (model == null) {
			return null;
			}
			if (model.accessRestriction.atLeast(AccessRestrictionType.VIEW)) {
			if (user != null && user.canAccessRepository(model)) {
			return model;
			}
			return null;
			} else {
			if (user == null) {
			user = UserModel.ANONYMOUS;
			}
			if (user.canView(model)) {
			return model;
			}
			return null;
			}

			/**
			@@ -985,10 +1354,17 @@
			}

			// cached model
			RepositoryModel model = repositoryListCache.get(repositoryName);

			RepositoryModel model = repositoryListCache.get(repositoryName.toLowerCase());

			if (gcExecutor.isCollectingGarbage(model.name)) {
			// Gitblit is busy collecting garbage, use our cached model
			RepositoryModel rm = DeepCopier.copy(model);
			rm.isCollectingGarbage = true;
			return rm;
			}

			// check for updates
			Repository r = getRepository(repositoryName);
			Repository r = getRepository(model.name);
			if (r == null) {
			// repository is missing
			removeFromCachedRepositoryList(repositoryName);
			@@ -1000,8 +1376,8 @@
			if (config.isOutdated()) {
			// reload model
			logger.info(MessageFormat.format("Config for \"{0}\" has changed. Reloading model and updating cache.", repositoryName));
			model = loadRepositoryModel(repositoryName);
			removeFromCachedRepositoryList(repositoryName);
			model = loadRepositoryModel(model.name);
			removeFromCachedRepositoryList(model.name);
			addToCachedRepositoryList(model);
			} else {
			// update a few repository parameters
			@@ -1051,13 +1427,30 @@
			}
			project.title = projectConfigs.getString("project", name, "title");
			project.description = projectConfigs.getString("project", name, "description");
			// TODO add more interesting metadata
			// project manager?
			// commit message regex?
			// RW+
			// RW
			// R
			configs.put(name.toLowerCase(), project);

			// project markdown
			File pmkd = new File(getRepositoriesFolder(), (project.isRoot ? "" : name) + "/project.mkd");
			if (pmkd.exists()) {
			Date lm = new Date(pmkd.lastModified());
			if (!projectMarkdownCache.hasCurrent(name, lm)) {
			String mkd = com.gitblit.utils.FileUtils.readContent(pmkd, "\n");
			projectMarkdownCache.updateObject(name, lm, mkd);
			}
			project.projectMarkdown = projectMarkdownCache.getObject(name);
			}

			// project repositories markdown
			File rmkd = new File(getRepositoriesFolder(), (project.isRoot ? "" : name) + "/repositories.mkd");
			if (rmkd.exists()) {
			Date lm = new Date(rmkd.lastModified());
			if (!projectRepositoriesMarkdownCache.hasCurrent(name, lm)) {
			String mkd = com.gitblit.utils.FileUtils.readContent(rmkd, "\n");
			projectRepositoriesMarkdownCache.updateObject(name, lm, mkd);
			}
			project.repositoriesMarkdown = projectRepositoriesMarkdownCache.getObject(name);
			}

			configs.put(name.toLowerCase(), project);
			}
			projectCache.clear();
			projectCache.putAll(configs);
			@@ -1181,6 +1574,49 @@
			}

			/**
			* Returns the list of project models that are referenced by the supplied
			* repository model list. This is an alternative method exists to ensure
			* Gitblit does not call getRepositoryModels(UserModel) twice in a request.
			*
			* @param repositoryModels
			* @param includeUsers
			* @return a list of project models
			*/
			public List<ProjectModel> getProjectModels(List<RepositoryModel> repositoryModels, boolean includeUsers) {
			Map<String, ProjectModel> projects = new LinkedHashMap<String, ProjectModel>();
			for (RepositoryModel repository : repositoryModels) {
			if (!includeUsers && repository.isPersonalRepository()) {
			// exclude personal repositories
			continue;
			}
			if (!projects.containsKey(repository.projectPath)) {
			ProjectModel project = getProjectModel(repository.projectPath);
			if (project == null) {
			logger.warn(MessageFormat.format("excluding project \"{0}\" from project list because it is empty!",
			repository.projectPath));
			continue;
			}
			projects.put(repository.projectPath, project);
			// clear the repo list in the project because that is the system
			// list, not the user-accessible list and start building the
			// user-accessible list
			project.repositories.clear();
			project.repositories.add(repository.name);
			project.lastChange = repository.lastChange;
			} else {
			// update the user-accessible list
			// this is used for repository count
			ProjectModel project = projects.get(repository.projectPath);
			project.repositories.add(repository.name);
			if (project.lastChange.before(repository.lastChange)) {
			project.lastChange = repository.lastChange;
			}
			}
			}
			return new ArrayList<ProjectModel>(projects.values());
			}

			/**
			* Workaround JGit. I need to access the raw config object directly in order
			* to see if the config is dirty so that I can reload a repository model.
			* If I use the stock JGit method to get the config it already reloads the
			@@ -1224,11 +1660,7 @@
			}
			model.hasCommits = JGitUtils.hasCommits(r);
			model.lastChange = JGitUtils.getLastChange(r);
			if (repositoryName.indexOf('/') == -1) {
			model.projectPath = "";
			} else {
			model.projectPath = repositoryName.substring(0, repositoryName.indexOf('/'));
			}
			model.projectPath = StringUtils.getFirstPathElement(repositoryName);

			StoredConfig config = r.getConfig();
			boolean hasOrigin = !StringUtils.isEmpty(config.getString("remote", "origin", "url"));
			@@ -1243,6 +1675,7 @@
			"accessRestriction", settings.getString(Keys.git.defaultAccessRestriction, null)));
			model.authorizationControl = AuthorizationControl.fromName(getConfig(config,
			"authorizationControl", settings.getString(Keys.git.defaultAuthorizationControl, null)));
			model.verifyCommitter = getConfig(config, "verifyCommitter", false);
			model.showRemoteBranches = getConfig(config, "showRemoteBranches", hasOrigin);
			model.isFrozen = getConfig(config, "isFrozen", false);
			model.showReadme = getConfig(config, "showReadme", false);
			@@ -1253,6 +1686,14 @@
			model.federationSets = new ArrayList<String>(Arrays.asList(config.getStringList(
			Constants.CONFIG_GITBLIT, null, "federationSets")));
			model.isFederated = getConfig(config, "isFederated", false);
			model.gcThreshold = getConfig(config, "gcThreshold", settings.getString(Keys.git.defaultGarbageCollectionThreshold, "500KB"));
			model.gcPeriod = getConfig(config, "gcPeriod", settings.getInteger(Keys.git.defaultGarbageCollectionPeriod, 7));
			try {
			model.lastGC = new SimpleDateFormat(Constants.ISO8601).parse(getConfig(config, "lastGC", "1970-01-01'T'00:00:00Z"));
			} catch (Exception e) {
			model.lastGC = new Date(0);
			}
			model.maxActivityCommits = getConfig(config, "maxActivityCommits", settings.getInteger(Keys.web.maxActivityCommits, 0));
			model.origin = config.getString("remote", "origin", "url");
			if (model.origin != null) {
			model.origin = model.origin.replace('\\', '/');
			@@ -1285,7 +1726,7 @@
			// ensure origin still exists
			File repoFolder = new File(getRepositoriesFolder(), originRepo);
			if (repoFolder.exists()) {
			model.originRepository = originRepo;
			model.originRepository = originRepo.toLowerCase();
			}
			}
			} catch (URISyntaxException e) {
			@@ -1302,10 +1743,21 @@
			* @return true if the repository exists
			*/
			public boolean hasRepository(String repositoryName) {
			if (settings.getBoolean(Keys.git.cacheRepositoryList, true)) {
			return hasRepository(repositoryName, false);
			}

			/**
			* Determines if this server has the requested repository.
			*
			* @param name
			* @param caseInsensitive
			* @return true if the repository exists
			*/
			public boolean hasRepository(String repositoryName, boolean caseSensitiveCheck) {
			if (!caseSensitiveCheck && settings.getBoolean(Keys.git.cacheRepositoryList, true)) {
			// if we are caching use the cache to determine availability
			// otherwise we end up adding a phantom repository to the cache
			return repositoryListCache.containsKey(repositoryName);
			return repositoryListCache.containsKey(repositoryName.toLowerCase());
			}
			Repository r = getRepository(repositoryName, false);
			if (r == null) {
			@@ -1363,7 +1815,7 @@
			}

			for (String repository : repositoryListCache.keySet()) {
			if (repository.toLowerCase().startsWith(userPath)) {
			if (repository.startsWith(userPath)) {
			RepositoryModel model = repositoryListCache.get(repository);
			if (!StringUtils.isEmpty(model.originRepository)) {
			if (roots.contains(model.originRepository)) {
			@@ -1377,8 +1829,8 @@
			// not caching
			ProjectModel project = getProjectModel(userProject);
			for (String repository : project.repositories) {
			if (repository.toLowerCase().startsWith(userProject)) {
			RepositoryModel model = repositoryListCache.get(repository);
			if (repository.startsWith(userProject)) {
			RepositoryModel model = getRepositoryModel(repository);
			if (model.originRepository.equalsIgnoreCase(origin)) {
			// user has a fork
			return model.name;
			@@ -1399,19 +1851,38 @@
			*/
			public ForkModel getForkNetwork(String repository) {
			if (settings.getBoolean(Keys.git.cacheRepositoryList, true)) {
			// find the root
			RepositoryModel model = repositoryListCache.get(repository);
			// find the root, cached
			RepositoryModel model = repositoryListCache.get(repository.toLowerCase());
			while (model.originRepository != null) {
			model = repositoryListCache.get(model.originRepository);
			}
			ForkModel root = getForkModelFromCache(model.name);
			return root;
			} else {
			// find the root, non-cached
			RepositoryModel model = getRepositoryModel(repository.toLowerCase());
			while (model.originRepository != null) {
			model = getRepositoryModel(model.originRepository);
			}
			ForkModel root = getForkModel(model.name);
			return root;
			}
			return null;
			}

			private ForkModel getForkModelFromCache(String repository) {
			RepositoryModel model = repositoryListCache.get(repository.toLowerCase());
			ForkModel fork = new ForkModel(model);
			if (!ArrayUtils.isEmpty(model.forks)) {
			for (String aFork : model.forks) {
			ForkModel fm = getForkModelFromCache(aFork);
			fork.forks.add(fm);
			}
			}
			return fork;
			}

			private ForkModel getForkModel(String repository) {
			RepositoryModel model = repositoryListCache.get(repository);
			RepositoryModel model = getRepositoryModel(repository.toLowerCase());
			ForkModel fork = new ForkModel(model);
			if (!ArrayUtils.isEmpty(model.forks)) {
			for (String aFork : model.forks) {
			@@ -1449,6 +1920,9 @@
			*/
			private void closeRepository(String repositoryName) {
			Repository repository = getRepository(repositoryName);
			if (repository == null) {
			return;
			}
			RepositoryCache.close(repository);

			// assume 2 uses in case reflection fails
			@@ -1529,6 +2003,27 @@
			private boolean getConfig(StoredConfig config, String field, boolean defaultValue) {
			return config.getBoolean(Constants.CONFIG_GITBLIT, field, defaultValue);
			}

			/**
			* Returns the gitblit string value for the specified key. If key is not
			* set, returns defaultValue.
			*
			* @param config
			* @param field
			* @param defaultValue
			* @return field value or defaultValue
			*/
			private int getConfig(StoredConfig config, String field, int defaultValue) {
			String value = config.getString(Constants.CONFIG_GITBLIT, null, field);
			if (StringUtils.isEmpty(value)) {
			return defaultValue;
			}
			try {
			return Integer.parseInt(value);
			} catch (Exception e) {
			}
			return defaultValue;
			}

			/**
			* Creates/updates the repository model keyed by reopsitoryName. Saves all
			@@ -1546,13 +2041,24 @@
			*/
			public void updateRepositoryModel(String repositoryName, RepositoryModel repository,
			boolean isCreate) throws GitBlitException {
			if (gcExecutor.isCollectingGarbage(repositoryName)) {
			throw new GitBlitException(MessageFormat.format("sorry, Gitblit is busy collecting garbage in {0}",
			repositoryName));
			}
			Repository r = null;
			String projectPath = StringUtils.getFirstPathElement(repository.name);
			if (!StringUtils.isEmpty(projectPath)) {
			if (projectPath.equalsIgnoreCase(getString(Keys.web.repositoryRootGroupName, "main"))) {
			// strip leading group name
			repository.name = repository.name.substring(projectPath.length() + 1);
			}
			}
			if (isCreate) {
			// ensure created repository name ends with .git
			if (!repository.name.toLowerCase().endsWith(org.eclipse.jgit.lib.Constants.DOT_GIT_EXT)) {
			repository.name += org.eclipse.jgit.lib.Constants.DOT_GIT_EXT;
			}
			if (new File(repositoriesFolder, repository.name).exists()) {
			if (hasRepository(repository.name)) {
			throw new GitBlitException(MessageFormat.format(
			"Can not create repository ''{0}'' because it already exists.",
			repository.name));
			@@ -1674,6 +2180,7 @@
			config.setBoolean(Constants.CONFIG_GITBLIT, null, "allowForks", repository.allowForks);
			config.setString(Constants.CONFIG_GITBLIT, null, "accessRestriction", repository.accessRestriction.name());
			config.setString(Constants.CONFIG_GITBLIT, null, "authorizationControl", repository.authorizationControl.name());
			config.setBoolean(Constants.CONFIG_GITBLIT, null, "verifyCommitter", repository.verifyCommitter);
			config.setBoolean(Constants.CONFIG_GITBLIT, null, "showRemoteBranches", repository.showRemoteBranches);
			config.setBoolean(Constants.CONFIG_GITBLIT, null, "isFrozen", repository.isFrozen);
			config.setBoolean(Constants.CONFIG_GITBLIT, null, "showReadme", repository.showReadme);
			@@ -1682,6 +2189,22 @@
			config.setString(Constants.CONFIG_GITBLIT, null, "federationStrategy",
			repository.federationStrategy.name());
			config.setBoolean(Constants.CONFIG_GITBLIT, null, "isFederated", repository.isFederated);
			config.setString(Constants.CONFIG_GITBLIT, null, "gcThreshold", repository.gcThreshold);
			if (repository.gcPeriod == settings.getInteger(Keys.git.defaultGarbageCollectionPeriod, 7)) {
			// use default from config
			config.unset(Constants.CONFIG_GITBLIT, null, "gcPeriod");
			} else {
			config.setInt(Constants.CONFIG_GITBLIT, null, "gcPeriod", repository.gcPeriod);
			}
			if (repository.lastGC != null) {
			config.setString(Constants.CONFIG_GITBLIT, null, "lastGC", new SimpleDateFormat(Constants.ISO8601).format(repository.lastGC));
			}
			if (repository.maxActivityCommits == settings.getInteger(Keys.web.maxActivityCommits, 0)) {
			// use default from config
			config.unset(Constants.CONFIG_GITBLIT, null, "maxActivityCommits");
			} else {
			config.setInt(Constants.CONFIG_GITBLIT, null, "maxActivityCommits", repository.maxActivityCommits);
			}

			updateList(config, "federationSets", repository.federationSets);
			updateList(config, "preReceiveScript", repository.preReceiveScripts);
			@@ -1749,7 +2272,7 @@
			clearRepositoryMetadataCache(repositoryName);

			RepositoryModel model = removeFromCachedRepositoryList(repositoryName);
			if (!ArrayUtils.isEmpty(model.forks)) {
			if (model != null && !ArrayUtils.isEmpty(model.forks)) {
			resetRepositoryListCache();
			}

			@@ -1977,6 +2500,8 @@
			case PULL_SETTINGS:
			case PULL_SCRIPTS:
			return token.equals(all);
			default:
			break;
			}
			return false;
			}
			@@ -2119,6 +2644,8 @@
			if (!StringUtils.isEmpty(model.origin)) {
			url = model.origin;
			}
			break;
			default:
			break;
			}

			@@ -2377,6 +2904,37 @@
			}

			/**
			* Notify users by email of something.
			*
			* @param subject
			* @param message
			* @param toAddresses
			*/
			public void sendHtmlMail(String subject, String message, Collection<String> toAddresses) {
			this.sendHtmlMail(subject, message, toAddresses.toArray(new String[0]));
			}

			/**
			* Notify users by email of something.
			*
			* @param subject
			* @param message
			* @param toAddresses
			*/
			public void sendHtmlMail(String subject, String message, String... toAddresses) {
			try {
			Message mail = mailExecutor.createMessage(toAddresses);
			if (mail != null) {
			mail.setSubject(subject);
			mail.setContent(message, "text/html");
			mailExecutor.queue(mail);
			}
			} catch (MessagingException e) {
			logger.error("Messaging error", e);
			}
			}

			/**
			* Returns the descriptions/comments of the Gitblit config settings.
			*
			* @return SettingsModel
			@@ -2401,10 +2959,11 @@
			* Parse the properties file and aggregate all the comments by the setting
			* key. A setting model tracks the current value, the default value, the
			* description of the setting and and directives about the setting.
			* @param referencePropertiesInputStream
			*
			* @return Map<String, SettingModel>
			*/
			private ServerSettings loadSettingModels() {
			private ServerSettings loadSettingModels(InputStream referencePropertiesInputStream) {
			ServerSettings settingsModel = new ServerSettings();
			settingsModel.supportsCredentialChanges = userService.supportsCredentialChanges();
			settingsModel.supportsDisplayNameChanges = userService.supportsDisplayNameChanges();
			@@ -2414,7 +2973,7 @@
			// Read bundled Gitblit properties to extract setting descriptions.
			// This copy is pristine and only used for populating the setting
			// models map.
			InputStream is = servletContext.getResourceAsStream("/WEB-INF/reference.properties");
			InputStream is = referencePropertiesInputStream;
			BufferedReader propertiesReader = new BufferedReader(new InputStreamReader(is));
			StringBuilder description = new StringBuilder();
			SettingModel setting = new SettingModel();
			@@ -2476,9 +3035,15 @@
			public void configureContext(IStoredSettings settings, boolean startFederation) {
			logger.info("Reading configuration from " + settings.toString());
			this.settings = settings;

			repositoriesFolder = getRepositoriesFolder();
			logger.info("Git repositories folder " + repositoriesFolder.getAbsolutePath());

			// prepare service executors
			mailExecutor = new MailExecutor(settings);
			luceneExecutor = new LuceneExecutor(settings, repositoriesFolder);
			gcExecutor = new GCExecutor(settings);

			// calculate repository list settings checksum for future config changes
			repositoryListSettingsChecksum.set(getRepositoryListSettingsChecksum());

			@@ -2492,31 +3057,60 @@
			logTimezone(Constants.NAME, getTimezone());

			serverStatus = new ServerStatus(isGO());
			String realm = settings.getString(Keys.realm.userService, "users.properties");
			IUserService loginService = null;
			try {
			// check to see if this "file" is a login service class
			Class<?> realmClass = Class.forName(realm);
			loginService = (IUserService) realmClass.newInstance();
			} catch (Throwable t) {
			loginService = new GitblitUserService();

			if (this.userService == null) {
			String realm = settings.getString(Keys.realm.userService, "users.properties");
			IUserService loginService = null;
			try {
			// check to see if this "file" is a login service class
			Class<?> realmClass = Class.forName(realm);
			loginService = (IUserService) realmClass.newInstance();
			} catch (Throwable t) {
			loginService = new GitblitUserService();
			}
			setUserService(loginService);
			}
			setUserService(loginService);

			// load and cache the project metadata
			projectConfigs = new FileBasedConfig(getFileOrFolder(Keys.web.projectsFile, "projects.conf"), FS.detect());
			getProjectConfigs();

			mailExecutor = new MailExecutor(settings);
			// schedule mail engine
			if (mailExecutor.isReady()) {
			logger.info("Mail executor is scheduled to process the message queue every 2 minutes.");
			scheduledExecutor.scheduleAtFixedRate(mailExecutor, 1, 2, TimeUnit.MINUTES);
			} else {
			logger.warn("Mail server is not properly configured. Mail services disabled.");
			}
			luceneExecutor = new LuceneExecutor(settings, repositoriesFolder);

			// schedule lucene engine
			logger.info("Lucene executor is scheduled to process indexed branches every 2 minutes.");
			scheduledExecutor.scheduleAtFixedRate(luceneExecutor, 1, 2, TimeUnit.MINUTES);

			// schedule gc engine
			if (gcExecutor.isReady()) {
			logger.info("GC executor is scheduled to scan repositories every 24 hours.");
			Calendar c = Calendar.getInstance();
			c.set(Calendar.HOUR_OF_DAY, settings.getInteger(Keys.git.garbageCollectionHour, 0));
			c.set(Calendar.MINUTE, 0);
			c.set(Calendar.SECOND, 0);
			c.set(Calendar.MILLISECOND, 0);
			Date cd = c.getTime();
			Date now = new Date();
			int delay = 0;
			if (cd.before(now)) {
			c.add(Calendar.DATE, 1);
			cd = c.getTime();
			}
			delay = (int) ((cd.getTime() - now.getTime())/TimeUtils.MIN);
			String when = delay + " mins";
			if (delay > 60) {
			when = MessageFormat.format("{0,number,0.0} hours", ((float)delay)/60f);
			}
			logger.info(MessageFormat.format("Next scheculed GC scan is in {0}", when));
			scheduledExecutor.scheduleAtFixedRate(gcExecutor, delay, 60*24, TimeUnit.MINUTES);
			}

			if (startFederation) {
			configureFederation();
			}
			@@ -2544,6 +3138,32 @@
			}

			ContainerUtils.CVE_2007_0450.test();

			// startup Fanout PubSub service
			if (settings.getInteger(Keys.fanout.port, 0) > 0) {
			String bindInterface = settings.getString(Keys.fanout.bindInterface, null);
			int port = settings.getInteger(Keys.fanout.port, FanoutService.DEFAULT_PORT);
			boolean useNio = settings.getBoolean(Keys.fanout.useNio, true);
			int limit = settings.getInteger(Keys.fanout.connectionLimit, 0);

			if (useNio) {
			if (StringUtils.isEmpty(bindInterface)) {
			fanoutService = new FanoutNioService(port);
			} else {
			fanoutService = new FanoutNioService(bindInterface, port);
			}
			} else {
			if (StringUtils.isEmpty(bindInterface)) {
			fanoutService = new FanoutSocketService(port);
			} else {
			fanoutService = new FanoutSocketService(bindInterface, port);
			}
			}

			fanoutService.setConcurrentConnectionLimit(limit);
			fanoutService.setAllowAllChannelAnnouncements(false);
			fanoutService.start();
			}
			}

			private void logTimezone(String type, TimeZone zone) {
			@@ -2561,28 +3181,30 @@
			*/
			@Override
			public void contextInitialized(ServletContextEvent contextEvent) {
			contextInitialized(contextEvent, contextEvent.getServletContext().getResourceAsStream("/WEB-INF/reference.properties"));
			}

			public void contextInitialized(ServletContextEvent contextEvent, InputStream referencePropertiesInputStream) {
			servletContext = contextEvent.getServletContext();
			if (settings == null) {
			// Gitblit WAR is running in a servlet container
			ServletContext context = contextEvent.getServletContext();
			WebXmlSettings webxmlSettings = new WebXmlSettings(context);

			// 0.7.0 web.properties in the deployed war folder
			String webProps = context.getRealPath("/WEB-INF/web.properties");
			// gitblit.properties file located within the webapp
			String webProps = context.getRealPath("/WEB-INF/gitblit.properties");
			if (!StringUtils.isEmpty(webProps)) {
			File overrideFile = new File(webProps);
			if (overrideFile.exists()) {
			webxmlSettings.applyOverrides(overrideFile);
			}
			webxmlSettings.applyOverrides(overrideFile);
			}


			// 0.8.0 gitblit.properties file located outside the deployed war
			// gitblit.properties file located outside the deployed war
			// folder lie, for example, on RedHat OpenShift.
			File overrideFile = getFileOrFolder("gitblit.properties");
			if (!overrideFile.getPath().equals("gitblit.properties")) {
			webxmlSettings.applyOverrides(overrideFile);
			}

			configureContext(webxmlSettings, true);

			// Copy the included scripts to the configured groovy folder
			@@ -2601,7 +3223,7 @@
			}
			}

			settingsModel = loadSettingModels();
			settingsModel = loadSettingModels(referencePropertiesInputStream);
			serverStatus.servletContainer = servletContext.getServerInfo();
			}

			@@ -2614,8 +3236,30 @@
			logger.info("Gitblit context destroyed by servlet container.");
			scheduledExecutor.shutdownNow();
			luceneExecutor.close();
			gcExecutor.close();
			if (fanoutService != null) {
			fanoutService.stop();
			}
			}

			/**
			*
			* @return true if we are running the gc executor
			*/
			public boolean isCollectingGarbage() {
			return gcExecutor.isRunning();
			}

			/**
			* Returns true if Gitblit is actively collecting garbage in this repository.
			*
			* @param repositoryName
			* @return true if actively collecting garbage
			*/
			public boolean isCollectingGarbage(String repositoryName) {
			return gcExecutor.isCollectingGarbage(repositoryName);
			}

			/**
			* Creates a personal fork of the specified repository. The clone is view
			* restricted by default and the owner of the source repository is given
			@@ -2639,29 +3283,59 @@

			// create a Gitblit repository model for the clone
			RepositoryModel cloneModel = repository.cloneAs(cloneName);
			// owner has REWIND/RW+ permissions
			cloneModel.owner = user.username;
			updateRepositoryModel(cloneName, cloneModel, false);

			if (AuthorizationControl.NAMED.equals(cloneModel.authorizationControl)) {
			// add the owner of the source repository to the clone's access list
			if (!StringUtils.isEmpty(repository.owner)) {
			UserModel owner = getUserModel(repository.owner);
			if (owner != null) {
			owner.repositories.add(cloneName);
			updateUserModel(owner.username, owner, false);
			}
			// add the owner of the source repository to the clone's access list
			if (!StringUtils.isEmpty(repository.owner)) {
			UserModel originOwner = getUserModel(repository.owner);
			if (originOwner != null) {
			originOwner.setRepositoryPermission(cloneName, AccessPermission.CLONE);
			updateUserModel(originOwner.username, originOwner, false);
			}

			// inherit origin's access lists
			List<String> users = getRepositoryUsers(repository);
			setRepositoryUsers(cloneModel, users);

			List<String> teams = getRepositoryTeams(repository);
			setRepositoryTeams(cloneModel, teams);
			}

			// grant origin's user list clone permission to fork
			List<String> users = getRepositoryUsers(repository);
			List<UserModel> cloneUsers = new ArrayList<UserModel>();
			for (String name : users) {
			if (!name.equalsIgnoreCase(user.username)) {
			UserModel cloneUser = getUserModel(name);
			if (cloneUser.canClone(repository)) {
			// origin user can clone origin, grant clone access to fork
			cloneUser.setRepositoryPermission(cloneName, AccessPermission.CLONE);
			}
			cloneUsers.add(cloneUser);
			}
			}
			userService.updateUserModels(cloneUsers);

			// grant origin's team list clone permission to fork
			List<String> teams = getRepositoryTeams(repository);
			List<TeamModel> cloneTeams = new ArrayList<TeamModel>();
			for (String name : teams) {
			TeamModel cloneTeam = getTeamModel(name);
			if (cloneTeam.canClone(repository)) {
			// origin team can clone origin, grant clone access to fork
			cloneTeam.setRepositoryPermission(cloneName, AccessPermission.CLONE);
			}
			cloneTeams.add(cloneTeam);
			}
			userService.updateTeamModels(cloneTeams);

			// add this clone to the cached model
			addToCachedRepositoryList(cloneModel);
			return cloneModel;
			}

			/**
			* Allow to understand if GitBlit supports and is configured to allow
			* cookie-based authentication.
			*
			* @return status of Cookie authentication enablement.
			*/
			public boolean allowCookieAuthentication() {
			return GitBlit.getBoolean(Keys.web.allowCookieAuthentication, true) && userService.supportsCookies();
			}
			}