From 54cc7d7c2483d7ca100a5db47f4e1e98bd97c7fe Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 25 Sep 2014 09:27:04 -0400
Subject: [PATCH] Merged #187 "Restrict Gitblit cookie to the context path"

---
 src/main/java/com/gitblit/git/GitblitUploadPackFactory.java |   66 +++++++--------------------------
 1 files changed, 14 insertions(+), 52 deletions(-)

diff --git a/src/main/java/com/gitblit/git/GitblitUploadPackFactory.java b/src/main/java/com/gitblit/git/GitblitUploadPackFactory.java
index 85750f8..ec85628 100644
--- a/src/main/java/com/gitblit/git/GitblitUploadPackFactory.java
+++ b/src/main/java/com/gitblit/git/GitblitUploadPackFactory.java
@@ -15,85 +15,47 @@
  */
 package com.gitblit.git;
 
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.eclipse.jgit.lib.Ref;
 import org.eclipse.jgit.lib.Repository;
-import org.eclipse.jgit.transport.DaemonClient;
-import org.eclipse.jgit.transport.RefFilter;
 import org.eclipse.jgit.transport.UploadPack;
 import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
 import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
 import org.eclipse.jgit.transport.resolver.UploadPackFactory;
 
-import com.gitblit.GitBlit;
-import com.gitblit.models.UserModel;
-import com.gitblit.utils.IssueUtils;
-import com.gitblit.utils.PushLogUtils;
+import com.gitblit.manager.IAuthenticationManager;
+import com.gitblit.transport.git.GitDaemonClient;
 
 /**
  * The upload pack factory creates an upload pack which controls what refs are
  * advertised to cloning/pulling clients.
- * 
+ *
  * @author James Moger
- * 
+ *
  * @param <X> the connection type
  */
 public class GitblitUploadPackFactory<X> implements UploadPackFactory<X> {
+
+	private final IAuthenticationManager authenticationManager;
+
+	public GitblitUploadPackFactory(IAuthenticationManager authenticationManager) {
+		this.authenticationManager = authenticationManager;
+	}
 
 	@Override
 	public UploadPack create(X req, Repository db)
 			throws ServiceNotEnabledException, ServiceNotAuthorizedException {
 
-		UserModel user = UserModel.ANONYMOUS;
 		int timeout = 0;
 
-		if (req instanceof HttpServletRequest) {
-			// http/https request may or may not be authenticated 
-			user = GitBlit.self().authenticate((HttpServletRequest) req);
-			if (user == null) {
-				user = UserModel.ANONYMOUS;
-			}
-		} else if (req instanceof DaemonClient) {
+		if (req instanceof GitDaemonClient) {
 			// git daemon request is always anonymous
-			DaemonClient client = (DaemonClient) req;
+			GitDaemonClient client = (GitDaemonClient) req;
 			// set timeout from Git daemon
 			timeout = client.getDaemon().getTimeout();
 		}
 
-		RefFilter refFilter = new UserRefFilter(user);
 		UploadPack up = new UploadPack(db);
-		up.setRefFilter(refFilter);
 		up.setTimeout(timeout);
-		
+
 		return up;
 	}
-
-	/**
-	 * Restricts advertisement of certain refs based on the permission of the
-	 * requesting user.
-	 */
-	public static class UserRefFilter implements RefFilter {
-		
-		final UserModel user;
-		
-		public UserRefFilter(UserModel user) {
-			this.user = user;
-		}
-		
-		@Override
-		public Map<String, Ref> filter(Map<String, Ref> refs) {
-			if (user.canAdmin()) {
-				// admins can see all refs
-				return refs;
-			}
-
-			// normal users can not clone gitblit refs
-			refs.remove(IssueUtils.GB_ISSUES);
-			refs.remove(PushLogUtils.GB_PUSHES);
-			return refs;
-		}
-	}
-}
+}
\ No newline at end of file

--
Gitblit v1.9.1