From 4e84166db5c5538e3984d9d2d6bb1f9902e65ee0 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 04 Nov 2014 17:38:17 -0500
Subject: [PATCH] Merged #217 "Exclude SSLv3 from Gitblit GO https protocols"
---
src/main/java/com/gitblit/manager/GitblitManager.java | 390 ++++++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 308 insertions(+), 82 deletions(-)
diff --git a/src/main/java/com/gitblit/manager/GitblitManager.java b/src/main/java/com/gitblit/manager/GitblitManager.java
index 08d6408..9692e65 100644
--- a/src/main/java/com/gitblit/manager/GitblitManager.java
+++ b/src/main/java/com/gitblit/manager/GitblitManager.java
@@ -27,24 +27,33 @@
import java.util.Collection;
import java.util.Date;
import java.util.List;
+import java.util.Locale;
import java.util.Map;
import java.util.TimeZone;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.eclipse.jgit.api.CloneCommand;
+import org.eclipse.jgit.api.FetchCommand;
+import org.eclipse.jgit.api.Git;
+import org.eclipse.jgit.lib.Ref;
import org.eclipse.jgit.lib.Repository;
+import org.eclipse.jgit.transport.RefSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import ro.fortsoft.pf4j.PluginState;
+import ro.fortsoft.pf4j.PluginWrapper;
+import ro.fortsoft.pf4j.Version;
+
import com.gitblit.Constants;
import com.gitblit.Constants.AccessPermission;
-import com.gitblit.Constants.AccessRestrictionType;
import com.gitblit.Constants.FederationRequest;
import com.gitblit.Constants.FederationToken;
+import com.gitblit.Constants.Role;
import com.gitblit.GitBlitException;
import com.gitblit.IStoredSettings;
-import com.gitblit.Keys;
import com.gitblit.models.FederationModel;
import com.gitblit.models.FederationProposal;
import com.gitblit.models.FederationSet;
@@ -52,26 +61,34 @@
import com.gitblit.models.GitClientApplication;
import com.gitblit.models.Mailing;
import com.gitblit.models.Metric;
+import com.gitblit.models.PluginRegistry.InstallState;
+import com.gitblit.models.PluginRegistry.PluginRegistration;
+import com.gitblit.models.PluginRegistry.PluginRelease;
import com.gitblit.models.ProjectModel;
import com.gitblit.models.RegistrantAccessPermission;
import com.gitblit.models.RepositoryModel;
-import com.gitblit.models.RepositoryUrl;
import com.gitblit.models.SearchResult;
import com.gitblit.models.ServerSettings;
import com.gitblit.models.ServerStatus;
import com.gitblit.models.SettingModel;
import com.gitblit.models.TeamModel;
import com.gitblit.models.UserModel;
+import com.gitblit.tickets.ITicketService;
+import com.gitblit.transport.ssh.IPublicKeyManager;
+import com.gitblit.transport.ssh.SshKey;
import com.gitblit.utils.ArrayUtils;
-import com.gitblit.utils.HttpUtils;
-import com.gitblit.utils.JGitUtils;
import com.gitblit.utils.JsonUtils;
import com.gitblit.utils.ObjectCache;
import com.gitblit.utils.StringUtils;
+import com.gitblit.utils.XssFilter;
import com.google.gson.Gson;
import com.google.gson.JsonIOException;
import com.google.gson.JsonSyntaxException;
import com.google.gson.reflect.TypeToken;
+import com.google.inject.Inject;
+import com.google.inject.Injector;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
/**
* GitblitManager is an aggregate interface delegate. It implements all the manager
@@ -85,15 +102,22 @@
* @author James Moger
*
*/
+@Singleton
public class GitblitManager implements IGitblit {
protected final Logger logger = LoggerFactory.getLogger(getClass());
protected final ObjectCache<Collection<GitClientApplication>> clientApplications = new ObjectCache<Collection<GitClientApplication>>();
+ protected final Provider<IPublicKeyManager> publicKeyManagerProvider;
+
+ protected final Provider<ITicketService> ticketServiceProvider;
+
protected final IStoredSettings settings;
protected final IRuntimeManager runtimeManager;
+
+ protected final IPluginManager pluginManager;
protected final INotificationManager notificationManager;
@@ -107,8 +131,12 @@
protected final IFederationManager federationManager;
+ @Inject
public GitblitManager(
+ Provider<IPublicKeyManager> publicKeyManagerProvider,
+ Provider<ITicketService> ticketServiceProvider,
IRuntimeManager runtimeManager,
+ IPluginManager pluginManager,
INotificationManager notificationManager,
IUserManager userManager,
IAuthenticationManager authenticationManager,
@@ -116,8 +144,12 @@
IProjectManager projectManager,
IFederationManager federationManager) {
+ this.publicKeyManagerProvider = publicKeyManagerProvider;
+ this.ticketServiceProvider = ticketServiceProvider;
+
this.settings = runtimeManager.getSettings();
this.runtimeManager = runtimeManager;
+ this.pluginManager = pluginManager;
this.notificationManager = notificationManager;
this.userManager = userManager;
this.authenticationManager = authenticationManager;
@@ -158,7 +190,33 @@
// clone the repository
try {
- JGitUtils.cloneRepository(repositoryManager.getRepositoriesFolder(), cloneName, fromUrl, true, null);
+ Repository canonical = getRepository(repository.name);
+ File folder = new File(repositoryManager.getRepositoriesFolder(), cloneName);
+ CloneCommand clone = new CloneCommand();
+ clone.setBare(true);
+
+ // fetch branches with exclusions
+ Collection<Ref> branches = canonical.getRefDatabase().getRefs(Constants.R_HEADS).values();
+ List<String> branchesToClone = new ArrayList<String>();
+ for (Ref branch : branches) {
+ String name = branch.getName();
+ if (name.startsWith(Constants.R_TICKET)) {
+ // exclude ticket branches
+ continue;
+ }
+ branchesToClone.add(name);
+ }
+ clone.setBranchesToClone(branchesToClone);
+ clone.setURI(fromUrl);
+ clone.setDirectory(folder);
+ Git git = clone.call();
+
+ // fetch tags
+ FetchCommand fetch = git.fetch();
+ fetch.setRefSpecs(new RefSpec("+refs/tags/*:refs/tags/*"));
+ fetch.call();
+
+ git.getRepository().close();
} catch (Exception e) {
throw new GitBlitException(e);
}
@@ -167,6 +225,13 @@
RepositoryModel cloneModel = repository.cloneAs(cloneName);
// owner has REWIND/RW+ permissions
cloneModel.addOwner(user.username);
+
+ // ensure initial access restriction of the fork
+ // is not lower than the source repository (issue-495/ticket-167)
+ if (repository.accessRestriction.exceeds(cloneModel.accessRestriction)) {
+ cloneModel.accessRestriction = repository.accessRestriction;
+ }
+
repositoryManager.updateRepositoryModel(cloneName, cloneModel, false);
// add the owner of the source repository to the clone's access list
@@ -291,71 +356,14 @@
repositoryManager.updateRepositoryModel(model.name, model, false);
}
}
+
+ // rename the user's ssh public keystore
+ getPublicKeyManager().renameUser(username, user.username);
}
if (!userManager.updateUserModel(username, user)) {
throw new GitBlitException("Failed to update user!");
}
}
-
- /**
- * Returns a list of repository URLs and the user access permission.
- *
- * @param request
- * @param user
- * @param repository
- * @return a list of repository urls
- */
- @Override
- public List<RepositoryUrl> getRepositoryUrls(HttpServletRequest request, UserModel user, RepositoryModel repository) {
- if (user == null) {
- user = UserModel.ANONYMOUS;
- }
- String username = StringUtils.encodeUsername(UserModel.ANONYMOUS.equals(user) ? "" : user.username);
-
- List<RepositoryUrl> list = new ArrayList<RepositoryUrl>();
- // http/https url
- if (settings.getBoolean(Keys.git.enableGitServlet, true)) {
- AccessPermission permission = user.getRepositoryPermission(repository).permission;
- if (permission.exceeds(AccessPermission.NONE)) {
- list.add(new RepositoryUrl(getRepositoryUrl(request, username, repository), permission));
- }
- }
-
- // add all other urls
- // {0} = repository
- // {1} = username
- for (String url : settings.getStrings(Keys.web.otherUrls)) {
- if (url.contains("{1}")) {
- // external url requires username, only add url IF we have one
- if (!StringUtils.isEmpty(username)) {
- list.add(new RepositoryUrl(MessageFormat.format(url, repository.name, username), null));
- }
- } else {
- // external url does not require username
- list.add(new RepositoryUrl(MessageFormat.format(url, repository.name), null));
- }
- }
- return list;
- }
-
- protected String getRepositoryUrl(HttpServletRequest request, String username, RepositoryModel repository) {
- String gitblitUrl = settings.getString(Keys.web.canonicalUrl, null);
- if (StringUtils.isEmpty(gitblitUrl)) {
- gitblitUrl = HttpUtils.getGitblitURL(request);
- }
- StringBuilder sb = new StringBuilder();
- sb.append(gitblitUrl);
- sb.append(Constants.R_PATH);
- sb.append(repository.name);
-
- // inject username into repository url if authentication is required
- if (repository.accessRestriction.exceeds(AccessRestrictionType.NONE)
- && !StringUtils.isEmpty(username)) {
- sb.insert(sb.indexOf("://") + 3, username + "@");
- }
- return sb.toString();
- }
-
/**
* Returns the list of custom client applications to be used for the
@@ -390,7 +398,7 @@
// no user definitions, use system definitions
if (!clientApplications.hasCurrent("system", new Date(0))) {
try {
- InputStream is = getClass().getResourceAsStream("/clientapps.json");
+ InputStream is = GitblitManager.class.getResourceAsStream("/clientapps.json");
Collection<GitClientApplication> clients = readClientApplications(is);
is.close();
if (clients != null) {
@@ -432,7 +440,7 @@
// Read bundled Gitblit properties to extract setting descriptions.
// This copy is pristine and only used for populating the setting
// models map.
- InputStream is = getClass().getResourceAsStream("/reference.properties");
+ InputStream is = GitblitManager.class.getResourceAsStream("/defaults.properties");
BufferedReader propertiesReader = new BufferedReader(new InputStreamReader(is));
StringBuilder description = new StringBuilder();
SettingModel setting = new SettingModel();
@@ -477,10 +485,20 @@
}
propertiesReader.close();
} catch (NullPointerException e) {
- logger.error("Failed to find resource copy of gitblit.properties");
+ logger.error("Failed to find classpath resource 'defaults.properties'");
} catch (IOException e) {
- logger.error("Failed to load resource copy of gitblit.properties");
+ logger.error("Failed to load classpath resource 'defaults.properties'");
}
+ }
+
+ @Override
+ public ITicketService getTicketService() {
+ return ticketServiceProvider.get();
+ }
+
+ @Override
+ public IPublicKeyManager getPublicKeyManager() {
+ return publicKeyManagerProvider.get();
}
/*
@@ -531,13 +549,13 @@
}
@Override
- public boolean isServingRepositories() {
- return runtimeManager.isServingRepositories();
+ public TimeZone getTimezone() {
+ return runtimeManager.getTimezone();
}
@Override
- public TimeZone getTimezone() {
- return runtimeManager.getTimezone();
+ public Locale getLocale() {
+ return runtimeManager.getLocale();
}
@Override
@@ -570,9 +588,24 @@
return runtimeManager.getStatus();
}
+ @Override
+ public Injector getInjector() {
+ return runtimeManager.getInjector();
+ }
+
+ @Override
+ public XssFilter getXssFilter() {
+ return runtimeManager.getXssFilter();
+ }
+
/*
* NOTIFICATION MANAGER
*/
+
+ @Override
+ public boolean isSendingMail() {
+ return notificationManager.isSendingMail();
+ }
@Override
public void sendMailToAdministrators(String subject, String message) {
@@ -611,6 +644,12 @@
}
return user;
}
+
+ @Override
+ public UserModel authenticate(String username, SshKey key) {
+ return authenticationManager.authenticate(username, key);
+ }
+
@Override
public UserModel authenticate(HttpServletRequest httpRequest, boolean requiresCertificate) {
UserModel user = authenticationManager.authenticate(httpRequest, requiresCertificate);
@@ -626,13 +665,25 @@
}
@Override
+ @Deprecated
public void setCookie(HttpServletResponse response, UserModel user) {
authenticationManager.setCookie(response, user);
}
@Override
+ public void setCookie(HttpServletRequest request, HttpServletResponse response, UserModel user) {
+ authenticationManager.setCookie(request, response, user);
+ }
+
+ @Override
+ @Deprecated
public void logout(HttpServletResponse response, UserModel user) {
authenticationManager.logout(response, user);
+ }
+
+ @Override
+ public void logout(HttpServletRequest request, HttpServletResponse response, UserModel user) {
+ authenticationManager.logout(request, response, user);
}
@Override
@@ -660,6 +711,16 @@
return authenticationManager.supportsTeamMembershipChanges(team);
}
+ @Override
+ public boolean supportsRoleChanges(UserModel user, Role role) {
+ return authenticationManager.supportsRoleChanges(user, role);
+ }
+
+ @Override
+ public boolean supportsRoleChanges(TeamModel team, Role role) {
+ return authenticationManager.supportsRoleChanges(team, role);
+ }
+
/*
* USER MANAGER
*/
@@ -681,11 +742,6 @@
@Override
public List<UserModel> getAllUsers() {
return userManager.getAllUsers();
- }
-
- @Override
- public boolean deleteUser(String username) {
- return userManager.deleteUser(username);
}
@Override
@@ -729,8 +785,22 @@
}
@Override
+ public boolean deleteUser(String username) {
+ // delegate to deleteUserModel() to delete public ssh keys
+ UserModel user = userManager.getUserModel(username);
+ return deleteUserModel(user);
+ }
+
+ /**
+ * Delete the user and all associated public ssh keys.
+ */
+ @Override
public boolean deleteUserModel(UserModel model) {
- return userManager.deleteUserModel(model);
+ boolean success = userManager.deleteUserModel(model);
+ if (success) {
+ getPublicKeyManager().removeAllKeys(model.username);
+ }
+ return success;
}
@Override
@@ -852,6 +922,11 @@
}
@Override
+ public void resetRepositoryCache(String repositoryName) {
+ repositoryManager.resetRepositoryCache(repositoryName);
+ }
+
+ @Override
public List<String> getRepositoryList() {
return repositoryManager.getRepositoryList();
}
@@ -864,6 +939,11 @@
@Override
public Repository getRepository(String repositoryName, boolean logError) {
return repositoryManager.getRepository(repositoryName, logError);
+ }
+
+ @Override
+ public List<RepositoryModel> getRepositoryModels() {
+ return repositoryManager.getRepositoryModels();
}
@Override
@@ -921,10 +1001,23 @@
return repositoryManager.getRepositoryDefaultMetrics(model, repository);
}
+ /**
+ * Detect renames and reindex as appropriate.
+ */
@Override
public void updateRepositoryModel(String repositoryName, RepositoryModel repository,
boolean isCreate) throws GitBlitException {
+ RepositoryModel oldModel = null;
+ boolean isRename = !isCreate && !repositoryName.equalsIgnoreCase(repository.name);
+ if (isRename) {
+ oldModel = repositoryManager.getRepositoryModel(repositoryName);
+ }
+
repositoryManager.updateRepositoryModel(repositoryName, repository, isCreate);
+
+ if (isRename && ticketServiceProvider.get() != null) {
+ ticketServiceProvider.get().rename(oldModel, repository);
+ }
}
@Override
@@ -933,13 +1026,27 @@
}
@Override
+ public boolean canDelete(RepositoryModel model) {
+ return repositoryManager.canDelete(model);
+ }
+
+ /**
+ * Delete the repository and all associated tickets.
+ */
+ @Override
public boolean deleteRepositoryModel(RepositoryModel model) {
- return repositoryManager.deleteRepositoryModel(model);
+ boolean success = repositoryManager.deleteRepositoryModel(model);
+ if (success && ticketServiceProvider.get() != null) {
+ ticketServiceProvider.get().deleteAll(model);
+ }
+ return success;
}
@Override
public boolean deleteRepository(String repositoryName) {
- return repositoryManager.deleteRepository(repositoryName);
+ // delegate to deleteRepositoryModel() to destroy indexed tickets
+ RepositoryModel repository = repositoryManager.getRepositoryModel(repositoryName);
+ return deleteRepositoryModel(repository);
}
@Override
@@ -1099,4 +1206,123 @@
public boolean deletePendingFederationProposal(FederationProposal proposal) {
return federationManager.deletePendingFederationProposal(proposal);
}
+
+ @Override
+ public void closeAll() {
+ repositoryManager.closeAll();
+ }
+
+ @Override
+ public void close(String repository) {
+ repositoryManager.close(repository);
+ }
+
+ @Override
+ public boolean isIdle(Repository repository) {
+ return repositoryManager.isIdle(repository);
+ }
+
+ /*
+ * PLUGIN MANAGER
+ */
+
+ @Override
+ public Version getSystemVersion() {
+ return pluginManager.getSystemVersion();
+ }
+
+ @Override
+ public void startPlugins() {
+ pluginManager.startPlugins();
+ }
+
+ @Override
+ public void stopPlugins() {
+ pluginManager.stopPlugins();
+ }
+
+ @Override
+ public List<PluginWrapper> getPlugins() {
+ return pluginManager.getPlugins();
+ }
+
+ @Override
+ public PluginWrapper getPlugin(String pluginId) {
+ return pluginManager.getPlugin(pluginId);
+ }
+
+ @Override
+ public List<Class<?>> getExtensionClasses(String pluginId) {
+ return pluginManager.getExtensionClasses(pluginId);
+ }
+
+ @Override
+ public <T> List<T> getExtensions(Class<T> clazz) {
+ return pluginManager.getExtensions(clazz);
+ }
+
+ @Override
+ public PluginWrapper whichPlugin(Class<?> clazz) {
+ return pluginManager.whichPlugin(clazz);
+ }
+
+ @Override
+ public PluginState startPlugin(String pluginId) {
+ return pluginManager.startPlugin(pluginId);
+ }
+
+ @Override
+ public PluginState stopPlugin(String pluginId) {
+ return pluginManager.stopPlugin(pluginId);
+ }
+
+ @Override
+ public boolean disablePlugin(String pluginId) {
+ return pluginManager.disablePlugin(pluginId);
+ }
+
+ @Override
+ public boolean enablePlugin(String pluginId) {
+ return pluginManager.enablePlugin(pluginId);
+ }
+
+ @Override
+ public boolean uninstallPlugin(String pluginId) {
+ return pluginManager.uninstallPlugin(pluginId);
+ }
+
+ @Override
+ public boolean refreshRegistry(boolean verifyChecksum) {
+ return pluginManager.refreshRegistry(verifyChecksum);
+ }
+
+ @Override
+ public boolean installPlugin(String url, boolean verifyChecksum) throws IOException {
+ return pluginManager.installPlugin(url, verifyChecksum);
+ }
+
+ @Override
+ public boolean upgradePlugin(String pluginId, String url, boolean verifyChecksum) throws IOException {
+ return pluginManager.upgradePlugin(pluginId, url, verifyChecksum);
+ }
+
+ @Override
+ public List<PluginRegistration> getRegisteredPlugins() {
+ return pluginManager.getRegisteredPlugins();
+ }
+
+ @Override
+ public List<PluginRegistration> getRegisteredPlugins(InstallState state) {
+ return pluginManager.getRegisteredPlugins(state);
+ }
+
+ @Override
+ public PluginRegistration lookupPlugin(String pluginId) {
+ return pluginManager.lookupPlugin(pluginId);
+ }
+
+ @Override
+ public PluginRelease lookupRelease(String pluginId, String version) {
+ return pluginManager.lookupRelease(pluginId, version);
+ }
}
--
Gitblit v1.9.1