From f76fee63ed9cb3a30d3c0c092d860b1cb93a481b Mon Sep 17 00:00:00 2001
From: Gerard Smyth <gerard.smyth@gmail.com>
Date: Thu, 08 May 2014 13:09:30 -0400
Subject: [PATCH] Updated the SyndicationServlet to provide an additional option to return details of the tags in the repository instead of the commits. This uses a new 'ot' request parameter to indicate the object type of the content to return, which can be ither TAG or COMMIT. If this is not provided, then COMMIT is assumed to maintain backwards compatability. If tags are returned, then the paging parameters, 'l' and 'pg' are still supported, but searching options are currently ignored.
---
src/main/java/com/gitblit/ConfigUserService.java | 252 ++++++++++---------------------------------------
1 files changed, 54 insertions(+), 198 deletions(-)
diff --git a/src/main/java/com/gitblit/ConfigUserService.java b/src/main/java/com/gitblit/ConfigUserService.java
index 6b721a8..9b4dd7f 100644
--- a/src/main/java/com/gitblit/ConfigUserService.java
+++ b/src/main/java/com/gitblit/ConfigUserService.java
@@ -35,6 +35,8 @@
import org.slf4j.LoggerFactory;
import com.gitblit.Constants.AccessPermission;
+import com.gitblit.Constants.AccountType;
+import com.gitblit.manager.IRuntimeManager;
import com.gitblit.models.TeamModel;
import com.gitblit.models.UserModel;
import com.gitblit.models.UserRepositoryPreferences;
@@ -94,6 +96,10 @@
private static final String LOCALE = "locale";
+ private static final String ACCOUNTTYPE = "accountType";
+
+ private static final String DISABLED = "disabled";
+
private final File realmFile;
private final Logger logger = LoggerFactory.getLogger(ConfigUserService.class);
@@ -115,65 +121,11 @@
/**
* Setup the user service.
*
- * @param settings
- * @since 0.7.0
+ * @param runtimeManager
+ * @since 1.4.0
*/
@Override
- public void setup(IStoredSettings settings) {
- }
-
- /**
- * Does the user service support changes to credentials?
- *
- * @return true or false
- * @since 1.0.0
- */
- @Override
- public boolean supportsCredentialChanges() {
- return true;
- }
-
- /**
- * Does the user service support changes to user display name?
- *
- * @return true or false
- * @since 1.0.0
- */
- @Override
- public boolean supportsDisplayNameChanges() {
- return true;
- }
-
- /**
- * Does the user service support changes to user email address?
- *
- * @return true or false
- * @since 1.0.0
- */
- @Override
- public boolean supportsEmailAddressChanges() {
- return true;
- }
-
- /**
- * Does the user service support changes to team memberships?
- *
- * @return true or false
- * @since 1.0.0
- */
- @Override
- public boolean supportsTeamMembershipChanges() {
- return true;
- }
-
- /**
- * Does the user service support cookie authentication?
- *
- * @return true or false
- */
- @Override
- public boolean supportsCookies() {
- return true;
+ public void setup(IRuntimeManager runtimeManager) {
}
/**
@@ -183,7 +135,7 @@
* @return cookie value
*/
@Override
- public String getCookie(UserModel model) {
+ public synchronized String getCookie(UserModel model) {
if (!StringUtils.isEmpty(model.cookie)) {
return model.cookie;
}
@@ -195,13 +147,13 @@
}
/**
- * Authenticate a user based on their cookie.
+ * Gets the user object for the specified cookie.
*
* @param cookie
* @return a user object or null
*/
@Override
- public synchronized UserModel authenticate(char[] cookie) {
+ public synchronized UserModel getUserModel(char[] cookie) {
String hash = new String(cookie);
if (StringUtils.isEmpty(hash)) {
return null;
@@ -218,49 +170,6 @@
model = DeepCopier.copy(model);
}
return model;
- }
-
- /**
- * Authenticate a user based on a username and password.
- *
- * @param username
- * @param password
- * @return a user object or null
- */
- @Override
- public UserModel authenticate(String username, char[] password) {
- UserModel returnedUser = null;
- UserModel user = getUserModel(username);
- if (user == null) {
- return null;
- }
- if (user.password.startsWith(StringUtils.MD5_TYPE)) {
- // password digest
- String md5 = StringUtils.MD5_TYPE + StringUtils.getMD5(new String(password));
- if (user.password.equalsIgnoreCase(md5)) {
- returnedUser = user;
- }
- } else if (user.password.startsWith(StringUtils.COMBINED_MD5_TYPE)) {
- // username+password digest
- String md5 = StringUtils.COMBINED_MD5_TYPE
- + StringUtils.getMD5(username.toLowerCase() + new String(password));
- if (user.password.equalsIgnoreCase(md5)) {
- returnedUser = user;
- }
- } else if (user.password.equals(new String(password))) {
- // plain-text password
- returnedUser = user;
- }
- return returnedUser;
- }
-
- /**
- * Logout a user.
- *
- * @param user
- */
- @Override
- public void logout(UserModel user) {
}
/**
@@ -288,7 +197,7 @@
* @return true if update is successful
*/
@Override
- public boolean updateUserModel(UserModel model) {
+ public synchronized boolean updateUserModel(UserModel model) {
return updateUserModel(model.username, model);
}
@@ -309,18 +218,22 @@
// null check on "final" teams because JSON-sourced UserModel
// can have a null teams object
if (model.teams != null) {
+ Set<TeamModel> userTeams = new HashSet<TeamModel>();
for (TeamModel team : model.teams) {
TeamModel t = teams.get(team.name.toLowerCase());
if (t == null) {
// new team
- team.addUser(model.username);
- teams.put(team.name.toLowerCase(), team);
- } else {
- // do not clobber existing team definition
- // maybe because this is a federated user
- t.addUser(model.username);
+ t = team;
+ teams.put(team.name.toLowerCase(), t);
}
+ // do not clobber existing team definition
+ // maybe because this is a federated user
+ t.addUser(model.username);
+ userTeams.add(t);
}
+ // replace Team-Models in users by new ones.
+ model.teams.clear();
+ model.teams.addAll(userTeams);
// check for implicit team removal
if (originalUser != null) {
@@ -355,8 +268,15 @@
public synchronized boolean updateUserModel(String username, UserModel model) {
UserModel originalUser = null;
try {
+ if (!model.isLocalAccount()) {
+ // do not persist password
+ model.password = Constants.EXTERNAL_ACCOUNT;
+ }
read();
originalUser = users.remove(username.toLowerCase());
+ if (originalUser != null) {
+ cookies.remove(originalUser.cookie);
+ }
users.put(model.username.toLowerCase(), model);
// null check on "final" teams because JSON-sourced UserModel
// can have a null teams object
@@ -407,7 +327,7 @@
* @return true if successful
*/
@Override
- public boolean deleteUserModel(UserModel model) {
+ public synchronized boolean deleteUserModel(UserModel model) {
return deleteUser(model.username);
}
@@ -454,7 +374,7 @@
* @since 0.8.0
*/
@Override
- public List<String> getAllTeamNames() {
+ public synchronized List<String> getAllTeamNames() {
read();
List<String> list = new ArrayList<String>(teams.keySet());
Collections.sort(list);
@@ -485,7 +405,7 @@
* @return list of all usernames that can bypass the access restriction
*/
@Override
- public synchronized List<String> getTeamnamesForRepositoryRole(String role) {
+ public synchronized List<String> getTeamNamesForRepositoryRole(String role) {
List<String> list = new ArrayList<String>();
try {
read();
@@ -500,45 +420,6 @@
}
Collections.sort(list);
return list;
- }
-
- /**
- * Sets the list of all teams who are allowed to bypass the access
- * restriction placed on the specified repository.
- *
- * @param role
- * the repository name
- * @param teamnames
- * @return true if successful
- */
- @Override
- public synchronized boolean setTeamnamesForRepositoryRole(String role, List<String> teamnames) {
- try {
- Set<String> specifiedTeams = new HashSet<String>();
- for (String teamname : teamnames) {
- specifiedTeams.add(teamname.toLowerCase());
- }
-
- read();
-
- // identify teams which require add or remove role
- for (TeamModel team : teams.values()) {
- // team has role, check against revised team list
- if (specifiedTeams.contains(team.name.toLowerCase())) {
- team.addRepositoryPermission(role);
- } else {
- // remove role from team
- team.removeRepositoryPermission(role);
- }
- }
-
- // persist changes
- write();
- return true;
- } catch (Throwable t) {
- logger.error(MessageFormat.format("Failed to set teams for role {0}!", role), t);
- }
- return false;
}
/**
@@ -568,7 +449,7 @@
* @since 0.8.0
*/
@Override
- public boolean updateTeamModel(TeamModel model) {
+ public synchronized boolean updateTeamModel(TeamModel model) {
return updateTeamModel(model.name, model);
}
@@ -580,7 +461,7 @@
* @since 1.2.0
*/
@Override
- public boolean updateTeamModels(Collection<TeamModel> models) {
+ public synchronized boolean updateTeamModels(Collection<TeamModel> models) {
try {
read();
for (TeamModel team : models) {
@@ -606,7 +487,7 @@
* @since 0.8.0
*/
@Override
- public boolean updateTeamModel(String teamname, TeamModel model) {
+ public synchronized boolean updateTeamModel(String teamname, TeamModel model) {
TeamModel original = null;
try {
read();
@@ -635,7 +516,7 @@
* @since 0.8.0
*/
@Override
- public boolean deleteTeamModel(TeamModel model) {
+ public synchronized boolean deleteTeamModel(TeamModel model) {
return deleteTeam(model.name);
}
@@ -647,7 +528,7 @@
* @since 0.8.0
*/
@Override
- public boolean deleteTeam(String teamname) {
+ public synchronized boolean deleteTeam(String teamname) {
try {
// Read realm file
read();
@@ -666,7 +547,7 @@
* @return list of all usernames
*/
@Override
- public List<String> getAllUsernames() {
+ public synchronized List<String> getAllUsernames() {
read();
List<String> list = new ArrayList<String>(users.keySet());
Collections.sort(list);
@@ -711,46 +592,6 @@
}
Collections.sort(list);
return list;
- }
-
- /**
- * Sets the list of all uses who are allowed to bypass the access
- * restriction placed on the specified repository.
- *
- * @param role
- * the repository name
- * @param usernames
- * @return true if successful
- */
- @Override
- @Deprecated
- public synchronized boolean setUsernamesForRepositoryRole(String role, List<String> usernames) {
- try {
- Set<String> specifiedUsers = new HashSet<String>();
- for (String username : usernames) {
- specifiedUsers.add(username.toLowerCase());
- }
-
- read();
-
- // identify users which require add or remove role
- for (UserModel user : users.values()) {
- // user has role, check against revised user list
- if (specifiedUsers.contains(user.username.toLowerCase())) {
- user.addRepositoryPermission(role);
- } else {
- // remove role from user
- user.removeRepositoryPermission(role);
- }
- }
-
- // persist changes
- write();
- return true;
- } catch (Throwable t) {
- logger.error(MessageFormat.format("Failed to set usernames for role {0}!", role), t);
- }
- return false;
}
/**
@@ -844,6 +685,9 @@
if (!StringUtils.isEmpty(model.emailAddress)) {
config.setString(USER, model.username, EMAILADDRESS, model.emailAddress);
}
+ if (model.accountType != null) {
+ config.setString(USER, model.username, ACCOUNTTYPE, model.accountType.name());
+ }
if (!StringUtils.isEmpty(model.organizationalUnit)) {
config.setString(USER, model.username, ORGANIZATIONALUNIT, model.organizationalUnit);
}
@@ -858,6 +702,9 @@
}
if (!StringUtils.isEmpty(model.countryCode)) {
config.setString(USER, model.username, COUNTRYCODE, model.countryCode);
+ }
+ if (model.disabled) {
+ config.setBoolean(USER, model.username, DISABLED, true);
}
if (model.getPreferences() != null) {
if (!StringUtils.isEmpty(model.getPreferences().locale)) {
@@ -926,6 +773,9 @@
roles.add(Constants.NO_ROLE);
}
config.setStringList(TEAM, model.name, ROLE, roles);
+ if (model.accountType != null) {
+ config.setString(TEAM, model.name, ACCOUNTTYPE, model.accountType.name());
+ }
if (!model.canAdmin) {
// write team permission for non-admin teams
@@ -1019,6 +869,11 @@
user.password = config.getString(USER, username, PASSWORD);
user.displayName = config.getString(USER, username, DISPLAYNAME);
user.emailAddress = config.getString(USER, username, EMAILADDRESS);
+ user.accountType = AccountType.fromString(config.getString(USER, username, ACCOUNTTYPE));
+ if (Constants.EXTERNAL_ACCOUNT.equals(user.password) && user.accountType.isLocal()) {
+ user.accountType = AccountType.EXTERNAL;
+ }
+ user.disabled = config.getBoolean(USER, username, DISABLED, false);
user.organizationalUnit = config.getString(USER, username, ORGANIZATIONALUNIT);
user.organization = config.getString(USER, username, ORGANIZATION);
user.locality = config.getString(USER, username, LOCALITY);
@@ -1072,6 +927,7 @@
team.canAdmin = roles.contains(Constants.ADMIN_ROLE);
team.canFork = roles.contains(Constants.FORK_ROLE);
team.canCreate = roles.contains(Constants.CREATE_ROLE);
+ team.accountType = AccountType.fromString(config.getString(TEAM, teamname, ACCOUNTTYPE));
if (!team.canAdmin) {
// non-admin team, read permissions
--
Gitblit v1.9.1