From d1231c63669f4bc3643985b9032de7f998612e08 Mon Sep 17 00:00:00 2001
From: Jason Pyeron <jpyeron@pdinc.us>
Date: Sun, 19 Aug 2012 21:35:52 -0400
Subject: [PATCH] fixed build to allow builds where a proxy is needed for access to outside resources see: http://ant.apache.org/manual/proxy.html

---
 src/com/gitblit/wicket/pages/RootPage.java |   71 +++++++++++++++++++++++++----------
 1 files changed, 51 insertions(+), 20 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/RootPage.java b/src/com/gitblit/wicket/pages/RootPage.java
index 686fc72..eaa2542 100644
--- a/src/com/gitblit/wicket/pages/RootPage.java
+++ b/src/com/gitblit/wicket/pages/RootPage.java
@@ -32,7 +32,6 @@
 
 import org.apache.wicket.PageParameters;
 import org.apache.wicket.markup.html.form.PasswordTextField;
-import org.apache.wicket.markup.html.form.StatelessForm;
 import org.apache.wicket.markup.html.form.TextField;
 import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.Model;
@@ -48,6 +47,7 @@
 import com.gitblit.wicket.GitBlitWebSession;
 import com.gitblit.wicket.PageRegistration;
 import com.gitblit.wicket.PageRegistration.DropDownMenuItem;
+import com.gitblit.wicket.SessionlessForm;
 import com.gitblit.wicket.WicketUtils;
 import com.gitblit.wicket.panels.NavigationPanel;
 
@@ -64,6 +64,7 @@
 
 	IModel<String> username = new Model<String>("");
 	IModel<String> password = new Model<String>("");
+	List<RepositoryModel> repositoryModels = new ArrayList<RepositoryModel>();
 
 	public RootPage() {
 		super();
@@ -101,6 +102,9 @@
 		pages.add(new PageRegistration("gb.repositories", RepositoriesPage.class,
 				getRootPageParameters()));
 		pages.add(new PageRegistration("gb.activity", ActivityPage.class, getRootPageParameters()));
+		if (GitBlit.getBoolean(Keys.web.allowLuceneIndexing, true)) {
+			pages.add(new PageRegistration("gb.search", LuceneSearchPage.class));
+		}
 		if (showAdmin) {
 			pages.add(new PageRegistration("gb.users", UsersPage.class));
 		}
@@ -116,7 +120,7 @@
 		add(navPanel);
 
 		// login form
-		StatelessForm<Void> loginForm = new StatelessForm<Void>("loginForm") {
+		SessionlessForm<Void> loginForm = new SessionlessForm<Void>("loginForm", getClass(), getPageParameters()) {
 
 			private static final long serialVersionUID = 1L;
 
@@ -127,11 +131,11 @@
 
 				UserModel user = GitBlit.self().authenticate(username, password);
 				if (user == null) {
-					error("Invalid username or password!");
+					error(getString("gb.invalidUsernameOrPassword"));
 				} else if (user.username.equals(Constants.FEDERATION_USER)) {
 					// disallow the federation user from logging in via the
 					// web ui
-					error("Invalid username or password!");
+					error(getString("gb.invalidUsernameOrPassword"));
 					user = null;
 				} else {
 					loginUser(user);
@@ -159,9 +163,9 @@
 		} else if (showAdmin) {
 			int pendingProposals = GitBlit.self().getPendingFederationProposals().size();
 			if (pendingProposals == 1) {
-				info("There is 1 federation proposal awaiting review.");
+				info(getString("gb.OneProposalToReview"));
 			} else if (pendingProposals > 1) {
-				info(MessageFormat.format("There are {0} federation proposals awaiting review.",
+				info(MessageFormat.format(getString("gb.nFederationProposalsToReview"),
 						pendingProposals));
 			}
 		}
@@ -171,12 +175,19 @@
 
 	private PageParameters getRootPageParameters() {
 		if (reusePageParameters()) {
-			PageParameters params = getPageParameters();
-			if (params != null) {
+			PageParameters pp = getPageParameters();
+			if (pp != null) {
+				PageParameters params = new PageParameters(pp);
 				// remove named repository parameter
 				params.remove("r");
-			}
-			return params;
+
+				// remove days back parameter if it is the default value
+				if (params.containsKey("db")
+						&& params.getInt("db") == GitBlit.getInteger(Keys.web.activityDuration, 14)) {
+					params.remove("db");
+				}
+				return params;
+			}			
 		}
 		return null;
 	}
@@ -188,7 +199,10 @@
 	private void loginUser(UserModel user) {
 		if (user != null) {
 			// Set the user into the session
-			GitBlitWebSession.get().setUser(user);
+			GitBlitWebSession session = GitBlitWebSession.get();
+			// issue 62: fix session fixation vulnerability
+			session.replaceSession();
+			session.setUser(user);
 
 			// Set Cookie
 			if (GitBlit.getBoolean(Keys.web.allowCookieAuthentication, false)) {
@@ -197,10 +211,27 @@
 			}
 
 			if (!continueToOriginalDestination()) {
-				// Redirect to home page
-				setResponsePage(getApplication().getHomePage());
+				PageParameters params = getPageParameters();
+				if (params == null) {
+					// redirect to this page
+					setResponsePage(getClass());
+				} else {
+					// Strip username and password and redirect to this page
+					params.remove("username");
+					params.remove("password");
+					setResponsePage(getClass(), params);
+				}
 			}
 		}
+	}
+	
+	protected List<RepositoryModel> getRepositoryModels() {
+		if (repositoryModels.isEmpty()) {
+			final UserModel user = GitBlitWebSession.get().getUser();
+			List<RepositoryModel> repositories = GitBlit.self().getRepositoryModels(user);
+			repositoryModels.addAll(repositories);
+		}
+		return repositoryModels;
 	}
 
 	protected void addDropDownMenus(List<PageRegistration> pages) {
@@ -210,7 +241,7 @@
 	protected List<DropDownMenuItem> getRepositoryFilterItems(PageParameters params) {
 		final UserModel user = GitBlitWebSession.get().getUser();
 		Set<DropDownMenuItem> filters = new LinkedHashSet<DropDownMenuItem>();
-		List<RepositoryModel> repositories = GitBlit.self().getRepositoryModels(user);
+		List<RepositoryModel> repositories = getRepositoryModels();
 
 		// accessible repositories by federation set
 		Map<String, AtomicInteger> setMap = new HashMap<String, AtomicInteger>();
@@ -262,7 +293,7 @@
 			if (addedExpression) {
 				filters.add(new DropDownMenuItem());
 			}
-		}		
+		}
 		return new ArrayList<DropDownMenuItem>(filters);
 	}
 
@@ -276,8 +307,9 @@
 		Set<Integer> choicesSet = new HashSet<Integer>(Arrays.asList(daysBack, 14, 28, 60, 90, 180));
 		List<Integer> choices = new ArrayList<Integer>(choicesSet);
 		Collections.sort(choices);
+		String lastDaysPattern = getString("gb.lastNDays");
 		for (Integer db : choices) {
-			String txt = "last " + db + (db.intValue() > 1 ? " days" : "day");
+			String txt = MessageFormat.format(lastDaysPattern, db);
 			items.add(new DropDownMenuItem(txt, "db", db.toString(), params));
 		}
 		items.add(new DropDownMenuItem());
@@ -285,9 +317,8 @@
 	}
 
 	protected List<RepositoryModel> getRepositories(PageParameters params) {
-		final UserModel user = GitBlitWebSession.get().getUser();
 		if (params == null) {
-			return GitBlit.self().getRepositoryModels(user);
+			return getRepositoryModels();
 		}
 
 		boolean hasParameter = false;
@@ -297,7 +328,7 @@
 		String team = WicketUtils.getTeam(params);
 		int daysBack = params.getInt("db", 0);
 
-		List<RepositoryModel> availableModels = GitBlit.self().getRepositoryModels(user);
+		List<RepositoryModel> availableModels = getRepositoryModels();
 		Set<RepositoryModel> models = new HashSet<RepositoryModel>();
 
 		if (!StringUtils.isEmpty(repositoryName)) {
@@ -362,7 +393,7 @@
 		if (!hasParameter) {
 			models.addAll(availableModels);
 		}
-		
+
 		// time-filter the list
 		if (daysBack > 0) {
 			Calendar cal = Calendar.getInstance();

--
Gitblit v1.9.1