Gitblit devel
parent: 3e0c6ca8 | patch | commit | ignore whitespace
mereth
2014-08-18 2445d4b2b80671bdcefbd4ed81f394a5249ee13d 
fix misstyped passwords leaked in log files with redmine auth provider
1 files modified
5 ■■■■■ changed files
src/main/java/com/gitblit/auth/RedmineAuthProvider.java 5 ●●●●● patch | view | raw | blame | history 
 src/main/java/com/gitblit/auth/RedmineAuthProvider.java


@@ -153,15 +153,16 @@


        if (!url.endsWith("/")) {


            url = url.concat("/");


        }


        String apiUrl = url + "users/current.json";


        


        HttpURLConnection http;


        if (username == null) {


            // apikey authentication


            String apiKey = String.valueOf(password);


            String apiUrl = url + "users/current.json?key=" + apiKey;


            http = (HttpURLConnection) ConnectionUtils.openConnection(apiUrl, null, null);


            http.addRequestProperty("X-Redmine-API-Key", apiKey);


        } else {


            // username/password BASIC authentication


            String apiUrl = url + "users/current.json";


            http = (HttpURLConnection) ConnectionUtils.openConnection(apiUrl, username, password);


        }


        http.setRequestMethod("GET");