From 78753bc22f140f863aa3fe56b1c59699ca3e2fa8 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 26 Sep 2011 22:29:07 -0400
Subject: [PATCH] Protect DownloadZipServlet with an AccessRestrictionFilter.

---
 src/com/gitblit/wicket/pages/LoginPage.java |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/LoginPage.java b/src/com/gitblit/wicket/pages/LoginPage.java
index b13a1c8..45e1e2d 100644
--- a/src/com/gitblit/wicket/pages/LoginPage.java
+++ b/src/com/gitblit/wicket/pages/LoginPage.java
@@ -69,6 +69,11 @@
 				UserModel user = GitBlit.self().authenticate(username, password);
 				if (user == null) {
 					error("Invalid username or password!");
+				} else if (user.username.equals(Constants.FEDERATION_USER)) {
+					// disallow the federation user from logging in via the
+					// web ui
+					error("Invalid username or password!");
+					user = null;
 				} else {
 					loginUser(user);
 				}

--
Gitblit v1.9.1