From b4a63aad7f56486c164a15ae2477bcd251b0bb1b Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 18 Mar 2014 21:10:48 -0400
Subject: [PATCH] Fix authentication security hole with external providers
---
src/main/java/com/gitblit/DaggerModule.java | 138 +++++++++++++++++++++++++++------------------
1 files changed, 83 insertions(+), 55 deletions(-)
diff --git a/src/main/java/com/gitblit/DaggerModule.java b/src/main/java/com/gitblit/DaggerModule.java
index 7ee8ecd..5ae8b25 100644
--- a/src/main/java/com/gitblit/DaggerModule.java
+++ b/src/main/java/com/gitblit/DaggerModule.java
@@ -17,19 +17,22 @@
import javax.inject.Singleton;
-import org.apache.wicket.protocol.http.WebApplication;
-
-import com.gitblit.git.GitServlet;
+import com.gitblit.manager.AuthenticationManager;
+import com.gitblit.manager.FederationManager;
+import com.gitblit.manager.IAuthenticationManager;
import com.gitblit.manager.IFederationManager;
-import com.gitblit.manager.IGitblitManager;
+import com.gitblit.manager.IGitblit;
import com.gitblit.manager.INotificationManager;
import com.gitblit.manager.IProjectManager;
import com.gitblit.manager.IRepositoryManager;
import com.gitblit.manager.IRuntimeManager;
-import com.gitblit.manager.ISessionManager;
import com.gitblit.manager.IUserManager;
+import com.gitblit.manager.NotificationManager;
+import com.gitblit.manager.ProjectManager;
+import com.gitblit.manager.RepositoryManager;
+import com.gitblit.manager.RuntimeManager;
+import com.gitblit.manager.UserManager;
import com.gitblit.wicket.GitBlitWebApp;
-import com.gitblit.wicket.GitblitWicketFilter;
import dagger.Module;
import dagger.Provides;
@@ -41,96 +44,121 @@
*
*/
@Module(
+ library = true,
injects = {
+ IStoredSettings.class,
+
// core managers
IRuntimeManager.class,
INotificationManager.class,
IUserManager.class,
- ISessionManager.class,
+ IAuthenticationManager.class,
IRepositoryManager.class,
IProjectManager.class,
- IGitblitManager.class,
IFederationManager.class,
- // filters & servlets
- GitServlet.class,
- GitFilter.class,
- PagesServlet.class,
- PagesFilter.class,
- RpcServlet.class,
- RpcFilter.class,
- DownloadZipServlet.class,
- DownloadZipFilter.class,
- SyndicationServlet.class,
- SyndicationFilter.class,
- FederationServlet.class,
- SparkleShareInviteServlet.class,
- BranchGraphServlet.class,
- RobotsTxtServlet.class,
- LogoServlet.class,
- EnforceAuthenticationFilter.class,
- GitblitWicketFilter.class
+ // the monolithic manager
+ IGitblit.class,
+
+ // the Gitblit Wicket app
+ GitBlitWebApp.class
}
)
public class DaggerModule {
- final GitBlit gitblit;
-
- // HACK but necessary for now
- public DaggerModule(GitBlit gitblit) {
- this.gitblit = gitblit;
+ @Provides @Singleton IStoredSettings provideSettings() {
+ return new FileSettings();
}
- @Provides @Singleton IRuntimeManager provideRuntimeManager() {
- return gitblit;
+ @Provides @Singleton IRuntimeManager provideRuntimeManager(IStoredSettings settings) {
+ return new RuntimeManager(settings);
}
- @Provides @Singleton INotificationManager provideNotificationManager() {
- return gitblit;
+ @Provides @Singleton INotificationManager provideNotificationManager(IStoredSettings settings) {
+ return new NotificationManager(settings);
}
- @Provides @Singleton IUserManager provideUserManager() {
- return gitblit;
+ @Provides @Singleton IUserManager provideUserManager(IRuntimeManager runtimeManager) {
+ return new UserManager(runtimeManager);
}
- @Provides @Singleton ISessionManager provideSessionManager() {
- return gitblit;
+ @Provides @Singleton IAuthenticationManager provideAuthenticationManager(
+ IRuntimeManager runtimeManager,
+ IUserManager userManager) {
+
+ return new AuthenticationManager(
+ runtimeManager,
+ userManager);
}
- @Provides @Singleton IRepositoryManager provideRepositoryManager() {
- return gitblit;
+ @Provides @Singleton IRepositoryManager provideRepositoryManager(
+ IRuntimeManager runtimeManager,
+ IUserManager userManager) {
+
+ return new RepositoryManager(
+ runtimeManager,
+ userManager);
}
- @Provides @Singleton IProjectManager provideProjectManager() {
- return gitblit;
+ @Provides @Singleton IProjectManager provideProjectManager(
+ IRuntimeManager runtimeManager,
+ IUserManager userManager,
+ IRepositoryManager repositoryManager) {
+
+ return new ProjectManager(
+ runtimeManager,
+ userManager,
+ repositoryManager);
}
- @Provides @Singleton IGitblitManager provideGitblitManager() {
- return gitblit;
+ @Provides @Singleton IFederationManager provideFederationManager(
+ IRuntimeManager runtimeManager,
+ INotificationManager notificationManager,
+ IRepositoryManager repositoryManager) {
+
+ return new FederationManager(
+ runtimeManager,
+ notificationManager,
+ repositoryManager);
}
- @Provides @Singleton IFederationManager provideFederationManager() {
- return gitblit;
- }
-
- @Provides @Singleton WebApplication provideWebApplication(
+ @Provides @Singleton IGitblit provideGitblit(
IRuntimeManager runtimeManager,
INotificationManager notificationManager,
IUserManager userManager,
- ISessionManager sessionManager,
+ IAuthenticationManager authenticationManager,
IRepositoryManager repositoryManager,
IProjectManager projectManager,
- IGitblitManager gitblitManager,
IFederationManager federationManager) {
+
+ return new GitBlit(
+ runtimeManager,
+ notificationManager,
+ userManager,
+ authenticationManager,
+ repositoryManager,
+ projectManager,
+ federationManager);
+ }
+
+ @Provides @Singleton GitBlitWebApp provideWebApplication(
+ IRuntimeManager runtimeManager,
+ INotificationManager notificationManager,
+ IUserManager userManager,
+ IAuthenticationManager authenticationManager,
+ IRepositoryManager repositoryManager,
+ IProjectManager projectManager,
+ IFederationManager federationManager,
+ IGitblit gitblit) {
return new GitBlitWebApp(
runtimeManager,
notificationManager,
userManager,
- sessionManager,
+ authenticationManager,
repositoryManager,
projectManager,
- gitblitManager,
- federationManager);
+ federationManager,
+ gitblit);
}
}
\ No newline at end of file
--
Gitblit v1.9.1