From cca55e4722fa1ceba8a0933dda974162635f3955 Mon Sep 17 00:00:00 2001
From: John Crygier <john.crygier@aon.com>
Date: Thu, 03 May 2012 12:48:16 -0400
Subject: [PATCH] Ability to get / set "custom" properties within a RepositoryModel. This makes getting specialized settings in hooks much easier.
---
src/com/gitblit/wicket/pages/BasePage.java | 49 +++++++++++++++++++++++++++++++++++++++++++++----
1 files changed, 45 insertions(+), 4 deletions(-)
diff --git a/src/com/gitblit/wicket/pages/BasePage.java b/src/com/gitblit/wicket/pages/BasePage.java
index d31979d..94ed633 100644
--- a/src/com/gitblit/wicket/pages/BasePage.java
+++ b/src/com/gitblit/wicket/pages/BasePage.java
@@ -22,6 +22,7 @@
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
+import org.apache.wicket.Application;
import org.apache.wicket.MarkupContainer;
import org.apache.wicket.PageParameters;
import org.apache.wicket.RestartResponseAtInterceptPageException;
@@ -43,6 +44,7 @@
import com.gitblit.Constants.FederationStrategy;
import com.gitblit.GitBlit;
import com.gitblit.Keys;
+import com.gitblit.models.RepositoryModel;
import com.gitblit.models.UserModel;
import com.gitblit.wicket.GitBlitWebSession;
import com.gitblit.wicket.WicketUtils;
@@ -63,6 +65,24 @@
logger = LoggerFactory.getLogger(getClass());
loginByCookie();
}
+
+ @Override
+ protected void onBeforeRender() {
+ if (GitBlit.isDebugMode()) {
+ // strip Wicket tags in debug mode for jQuery DOM traversal
+ Application.get().getMarkupSettings().setStripWicketTags(true);
+ }
+ super.onBeforeRender();
+ }
+
+ @Override
+ protected void onAfterRender() {
+ if (GitBlit.isDebugMode()) {
+ // restore Wicket debug tags
+ Application.get().getMarkupSettings().setStripWicketTags(false);
+ }
+ super.onAfterRender();
+ }
private void loginByCookie() {
if (!GitBlit.getBoolean(Keys.web.allowCookieAuthentication, false)) {
@@ -79,11 +99,15 @@
// Login the user
if (user != null) {
// Set the user into the session
- GitBlitWebSession.get().setUser(user);
+ GitBlitWebSession session = GitBlitWebSession.get();
+ // issue 62: fix session fixation vulnerability
+ session.replaceSession();
+ session.setUser(user);
// Set Cookie
WebResponse response = (WebResponse) getRequestCycle().getResponse();
GitBlit.self().setCookie(response, user);
+ continueToOriginalDestination();
}
}
@@ -157,13 +181,28 @@
protected TimeZone getTimeZone() {
return GitBlit.getBoolean(Keys.web.useClientTimezone, false) ? GitBlitWebSession.get()
- .getTimezone() : TimeZone.getDefault();
+ .getTimezone() : GitBlit.getTimezone();
}
protected String getServerName() {
ServletWebRequest servletWebRequest = (ServletWebRequest) getRequest();
HttpServletRequest req = servletWebRequest.getHttpServletRequest();
return req.getServerName();
+ }
+
+ protected String getRepositoryUrl(RepositoryModel repository) {
+ StringBuilder sb = new StringBuilder();
+ sb.append(WicketUtils.getGitblitURL(getRequestCycle().getRequest()));
+ sb.append(Constants.GIT_PATH);
+ sb.append(repository.name);
+
+ // inject username into repository url if authentication is required
+ if (repository.accessRestriction.exceeds(AccessRestrictionType.NONE)
+ && GitBlitWebSession.get().isLoggedIn()) {
+ String username = GitBlitWebSession.get().getUser().username;
+ sb.insert(sb.indexOf("://") + 3, username + "@");
+ }
+ return sb.toString();
}
public void warn(String message, Throwable t) {
@@ -215,9 +254,11 @@
add(new Label("username", GitBlitWebSession.get().getUser().toString() + ":"));
add(new LinkPanel("loginLink", null, markupProvider.getString("gb.logout"),
LogoutPage.class));
+ boolean editCredentials = GitBlit.self().supportsCredentialChanges();
// quick and dirty hack for showing a separator
- add(new Label("separator", "|"));
- add(new BookmarkablePageLink<Void>("changePasswordLink", ChangePasswordPage.class));
+ add(new Label("separator", "|").setVisible(editCredentials));
+ add(new BookmarkablePageLink<Void>("changePasswordLink",
+ ChangePasswordPage.class).setVisible(editCredentials));
} else {
// login
add(new Label("username").setVisible(false));
--
Gitblit v1.9.1