Gitblit devel
blame | history | patch | commit | commitdiff | ignore whitespace
James Moger
2015-10-10 a3a18a0ebfeb65777ad5bd065e26fa9c00e8100c 
 src/main/java/com/gitblit/wicket/pages/RootPage.java


@@ -31,13 +31,15 @@


import java.util.concurrent.atomic.AtomicInteger;


import java.util.regex.Pattern;




import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;




import org.apache.wicket.MarkupContainer;


import org.apache.wicket.PageParameters;


import org.apache.wicket.behavior.HeaderContributor;


import org.apache.wicket.markup.html.IHeaderContributor;


import org.apache.wicket.markup.html.IHeaderResponse;


import org.apache.wicket.markup.html.basic.Label;


import org.apache.wicket.markup.html.form.PasswordTextField;


import org.apache.wicket.markup.html.form.TextField;


import org.apache.wicket.markup.html.link.BookmarkablePageLink;


import org.apache.wicket.markup.html.panel.Fragment;


@@ -50,6 +52,7 @@


import org.apache.wicket.protocol.http.WebResponse;




import com.gitblit.Constants;


import com.gitblit.Constants.AuthenticationType;


import com.gitblit.Keys;


import com.gitblit.extensions.NavLinkExtension;


import com.gitblit.extensions.UserMenuExtension;


@@ -67,9 +70,10 @@


import com.gitblit.utils.ModelUtils;


import com.gitblit.utils.StringUtils;


import com.gitblit.wicket.GitBlitWebSession;


import com.gitblit.wicket.NonTrimmedPasswordTextField;


import com.gitblit.wicket.SessionlessForm;


import com.gitblit.wicket.WicketUtils;


import com.gitblit.wicket.panels.GravatarImage;


import com.gitblit.wicket.panels.AvatarImage;


import com.gitblit.wicket.panels.LinkPanel;


import com.gitblit.wicket.panels.NavigationPanel;




@@ -147,6 +151,7 @@


      boolean authenticateAdmin = app().settings().getBoolean(Keys.web.authenticateAdminPages, true);


      boolean allowAdmin = app().settings().getBoolean(Keys.web.allowAdministration, true);


      boolean allowLucene = app().settings().getBoolean(Keys.web.allowLuceneIndexing, true);


      boolean displayUserPanel = app().settings().getBoolean(Keys.web.displayUserPanel, true);


      boolean isLoggedIn = GitBlitWebSession.get().isLoggedIn();




      if (authenticateAdmin) {


@@ -164,7 +169,7 @@


         }


      }




      if (authenticateView || authenticateAdmin) {


      if (displayUserPanel && (authenticateView || authenticateAdmin)) {


         if (isLoggedIn) {


            UserMenu userFragment = new UserMenu("userPanel", "userMenuFragment", RootPage.this);


            add(userFragment);


@@ -186,6 +191,7 @@


         }


         navLinks.add(new PageNavLink("gb.repositories", RepositoriesPage.class,


               getRootPageParameters()));


         navLinks.add(new PageNavLink("gb.filestore", FilestorePage.class, getRootPageParameters()));


         navLinks.add(new PageNavLink("gb.activity", ActivityPage.class, getRootPageParameters()));


         if (allowLucene) {


            navLinks.add(new PageNavLink("gb.search", LuceneSearchPage.class));


@@ -262,19 +268,22 @@




   private void loginUser(UserModel user) {


      if (user != null) {


         HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();


         HttpServletResponse response = ((WebResponse) getResponse()).getHttpServletResponse();




         // Set the user into the session


         GitBlitWebSession session = GitBlitWebSession.get();




         // issue 62: fix session fixation vulnerability


         session.replaceSession();


         session.setUser(user);




         request = ((WebRequest) getRequest()).getHttpServletRequest();


         response = ((WebResponse) getResponse()).getHttpServletResponse();


         request.getSession().setAttribute(Constants.ATTRIB_AUTHTYPE, AuthenticationType.CREDENTIALS);




         // Set Cookie


         if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, false)) {


            WebRequest request = (WebRequest) getRequestCycle().getRequest();


            WebResponse response = (WebResponse) getRequestCycle().getResponse();


            app().authentication().setCookie(request.getHttpServletRequest(),


                  response.getHttpServletResponse(), user);


         }


         app().authentication().setCookie(request, response, user);




         if (!session.continueRequest()) {


            PageParameters params = getPageParameters();


@@ -573,7 +582,7 @@


         TextField<String> unameField = new TextField<String>("username", username);


         WicketUtils.setInputPlaceholder(unameField, markupProvider.getString("gb.username"));


         loginForm.add(unameField);


         PasswordTextField pwField = new PasswordTextField("password", password);


         NonTrimmedPasswordTextField pwField = new NonTrimmedPasswordTextField("password", password);


         WicketUtils.setInputPlaceholder(pwField, markupProvider.getString("gb.password"));


         loginForm.add(pwField);


         add(loginForm);


@@ -599,10 +608,12 @@


         GitBlitWebSession session = GitBlitWebSession.get();


         UserModel user = session.getUser();


         boolean editCredentials = app().authentication().supportsCredentialChanges(user);


         boolean standardLogin = session.authenticationType.isStandard();


         HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();


         AuthenticationType authenticationType = (AuthenticationType) request.getAttribute(Constants.ATTRIB_AUTHTYPE);


         boolean standardLogin = (null != authenticationType) ? authenticationType.isStandard() : true;




         if (app().settings().getBoolean(Keys.web.allowGravatar, true)) {


            add(new GravatarImage("username", user, "navbarGravatar", 20, false));


            add(new AvatarImage("username", user, "navbarGravatar", 20, false));


         } else {


            add(new Label("username", user.getDisplayName()));


         }