From d5ee557ef1370b5b9953dca1c8d3b14d0bd68a98 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 02 May 2013 22:31:58 -0400
Subject: [PATCH] Do not use problematic WicketUtils fluid api

---
 src/main/java/com/gitblit/wicket/pages/BasePage.java |  102 ++++++++++++++++++++++++++++++++++----------------
 1 files changed, 69 insertions(+), 33 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/BasePage.java b/src/main/java/com/gitblit/wicket/pages/BasePage.java
index 5c73df3..b3b0767 100644
--- a/src/main/java/com/gitblit/wicket/pages/BasePage.java
+++ b/src/main/java/com/gitblit/wicket/pages/BasePage.java
@@ -32,13 +32,13 @@
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.wicket.Application;
+import org.apache.wicket.Component;
 import org.apache.wicket.MarkupContainer;
 import org.apache.wicket.PageParameters;
 import org.apache.wicket.RedirectToUrlException;
 import org.apache.wicket.RequestCycle;
 import org.apache.wicket.RestartResponseException;
 import org.apache.wicket.markup.html.CSSPackageResource;
-import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.markup.html.basic.Label;
 import org.apache.wicket.markup.html.link.BookmarkablePageLink;
 import org.apache.wicket.markup.html.link.ExternalLink;
@@ -46,7 +46,6 @@
 import org.apache.wicket.markup.html.panel.Fragment;
 import org.apache.wicket.protocol.http.RequestUtils;
 import org.apache.wicket.protocol.http.WebRequest;
-import org.apache.wicket.protocol.http.WebResponse;
 import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -58,6 +57,7 @@
 import com.gitblit.Constants.FederationStrategy;
 import com.gitblit.GitBlit;
 import com.gitblit.Keys;
+import com.gitblit.SparkleShareInviteServlet;
 import com.gitblit.models.ProjectModel;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.TeamModel;
@@ -66,9 +66,10 @@
 import com.gitblit.utils.TimeUtils;
 import com.gitblit.wicket.GitBlitWebSession;
 import com.gitblit.wicket.WicketUtils;
+import com.gitblit.wicket.panels.DetailedRepositoryUrlPanel;
 import com.gitblit.wicket.panels.LinkPanel;
 
-public abstract class BasePage extends WebPage {
+public abstract class BasePage extends SessionPage {
 
 	private final Logger logger;
 	
@@ -78,14 +79,12 @@
 		super();
 		logger = LoggerFactory.getLogger(getClass());
 		customizeHeader();
-		login();
 	}
 
 	public BasePage(PageParameters params) {
 		super(params);
 		logger = LoggerFactory.getLogger(getClass());
 		customizeHeader();
-		login();
 	}
 	
 	private void customizeHeader() {
@@ -132,34 +131,6 @@
 		}
 		super.onAfterRender();
 	}	
-
-	private void login() {
-		GitBlitWebSession session = GitBlitWebSession.get();
-		if (session.isLoggedIn() && !session.isSessionInvalidated()) {
-			// already have a session, refresh usermodel to pick up
-			// any changes to permissions or roles (issue-186)
-			UserModel user = GitBlit.self().getUserModel(session.getUser().username);
-			session.setUser(user);
-			return;
-		}
-		
-		// try to authenticate by servlet request
-		HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest();
-		UserModel user = GitBlit.self().authenticate(httpRequest);
-
-		// Login the user
-		if (user != null) {
-			// issue 62: fix session fixation vulnerability
-			session.replaceSession();
-			session.setUser(user);
-
-			// Set Cookie
-			WebResponse response = (WebResponse) getRequestCycle().getResponse();
-			GitBlit.self().setCookie(response, user);
-			
-			session.continueRequest();
-		}
-	}
 
 	protected void setupPage(String repositoryName, String pageName) {
 		if (repositoryName != null && repositoryName.trim().length() > 0) {
@@ -303,6 +274,71 @@
 		return sb.toString();
 	}
 	
+	protected Component createGitDaemonUrlPanel(String wicketId, UserModel user, RepositoryModel repository) {
+		int gitDaemonPort = GitBlit.getInteger(Keys.git.daemonPort, 0);
+		if (gitDaemonPort > 0 && user.canClone(repository)) {
+			String servername = ((WebRequest) getRequest()).getHttpServletRequest().getServerName();
+			String gitDaemonUrl;
+			if (gitDaemonPort == 9418) {
+				// standard port
+				gitDaemonUrl = MessageFormat.format("git://{0}/{1}", servername, repository.name);
+			} else {
+				// non-standard port
+				gitDaemonUrl = MessageFormat.format("git://{0}:{1,number,0}/{2}", servername, gitDaemonPort, repository.name);
+			}
+			
+			AccessPermission gitDaemonPermission = user.getRepositoryPermission(repository).permission;;
+			if (gitDaemonPermission.atLeast(AccessPermission.CLONE)) {
+				if (repository.accessRestriction.atLeast(AccessRestrictionType.CLONE)) {
+					// can not authenticate clone via anonymous git protocol
+					gitDaemonPermission = AccessPermission.NONE;
+				} else if (repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
+					// can not authenticate push via anonymous git protocol
+					gitDaemonPermission = AccessPermission.CLONE;
+				} else {
+					// normal user permission
+				}
+			}
+			
+			if (AccessPermission.NONE.equals(gitDaemonPermission)) {
+				// repository prohibits all anonymous access
+				return new Label(wicketId).setVisible(false);
+			} else {
+				// repository allows some form of anonymous access
+				return new DetailedRepositoryUrlPanel(wicketId, getLocalizer(), this, repository.name, gitDaemonUrl, gitDaemonPermission);
+			}
+		} else {
+			// git daemon is not running
+			return new Label(wicketId).setVisible(false);
+		}
+	}
+
+	protected String getSparkleShareInviteUrl(RepositoryModel repository) {
+		if (repository.isBare && repository.isSparkleshared()) {
+			UserModel user = GitBlitWebSession.get().getUser();
+			if (user == null) {
+				user = UserModel.ANONYMOUS;
+			}
+			String username = null;
+			if (UserModel.ANONYMOUS != user) {
+				username = user.username;
+			}
+			if (GitBlit.getBoolean(Keys.git.enableGitServlet, true) || (GitBlit.getInteger(Keys.git.daemonPort, 0) > 0)) {
+				// Gitblit as server
+				// ensure user can rewind
+				if (user.canRewindRef(repository)) {
+					String baseURL = WicketUtils.getGitblitURL(RequestCycle.get().getRequest());
+					return SparkleShareInviteServlet.asLink(baseURL, repository.name, username);
+				}
+			} else {
+				// Gitblit as viewer, assume RW+ permission
+				String baseURL = WicketUtils.getGitblitURL(RequestCycle.get().getRequest());
+				return SparkleShareInviteServlet.asLink(baseURL, repository.name, username);
+			}
+		}
+		return null;
+	}
+
 	protected List<ProjectModel> getProjectModels() {
 		final UserModel user = GitBlitWebSession.get().getUser();
 		List<ProjectModel> projects = GitBlit.self().getProjectModels(user, true);

--
Gitblit v1.9.1