githubFork/gitblit.git - Solinfo Gitblit

Remove Wicket references from non-Wicket packages

James Moger

2014-07-03 efdb2b3d0c6f03a9aac9e65892cbc8ff755f246f

commit \| author \| age
efdb2b	1	/*
JM	2	* Copyright 2013 gitblit.com.
	3	*
	4	* Licensed under the Apache License, Version 2.0 (the "License");
	5	* you may not use this file except in compliance with the License.
	6	* You may obtain a copy of the License at
	7	*
	8	* http://www.apache.org/licenses/LICENSE-2.0
	9	*
	10	* Unless required by applicable law or agreed to in writing, software
	11	* distributed under the License is distributed on an "AS IS" BASIS,
	12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	13	* See the License for the specific language governing permissions and
	14	* limitations under the License.
	15	*/
	16	package com.gitblit.wicket.pages;
	17
	18	import javax.servlet.http.HttpServletRequest;
	19	import javax.servlet.http.HttpServletResponse;
	20
	21	import org.apache.wicket.PageParameters;
	22	import org.apache.wicket.markup.html.WebPage;
	23	import org.apache.wicket.protocol.http.WebRequest;
	24	import org.apache.wicket.protocol.http.WebResponse;
	25
	26	import com.gitblit.Constants;
	27	import com.gitblit.Constants.AuthenticationType;
	28	import com.gitblit.Keys;
	29	import com.gitblit.models.UserModel;
	30	import com.gitblit.utils.StringUtils;
	31	import com.gitblit.wicket.GitBlitWebApp;
	32	import com.gitblit.wicket.GitBlitWebSession;
	33
	34	public abstract class SessionPage extends WebPage {
	35
	36	public SessionPage() {
	37	super();
	38	login();
	39	}
	40
	41	public SessionPage(final PageParameters params) {
	42	super(params);
	43	login();
	44	}
	45
	46	protected String [] getEncodings() {
	47	return app().settings().getStrings(Keys.web.blobEncodings).toArray(new String[0]);
	48	}
	49
	50	protected GitBlitWebApp app() {
	51	return GitBlitWebApp.get();
	52	}
	53
	54	private void login() {
	55	GitBlitWebSession session = GitBlitWebSession.get();
	56	HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
	57	HttpServletResponse response = ((WebResponse) getResponse()).getHttpServletResponse();
	58
	59	if (session.isLoggedIn() && !session.isSessionInvalidated()) {
	60	// already have a session, refresh usermodel to pick up
	61	// any changes to permissions or roles (issue-186)
	62	UserModel user = app().users().getUserModel(session.getUser().username);
	63
	64	if (user == null \|\| user.disabled) {
	65	// user was deleted/disabled during session
	66	app().authentication().logout(request, response, user);
	67	session.setUser(null);
	68	session.invalidateNow();
	69	return;
	70	}
	71
	72	// validate cookie during session (issue-361)
	73	if (user != null && app().settings().getBoolean(Keys.web.allowCookieAuthentication, true)) {
	74	String requestCookie = app().authentication().getCookie(request);
	75	if (!StringUtils.isEmpty(requestCookie) && !StringUtils.isEmpty(user.cookie)) {
	76	if (!requestCookie.equals(user.cookie)) {
	77	// cookie was changed during our session
	78	app().authentication().logout(request, response, user);
	79	session.setUser(null);
	80	session.invalidateNow();
	81	return;
	82	}
	83	}
	84	}
	85	session.setUser(user);
	86	return;
	87	}
	88
	89	// try to authenticate by servlet request
	90	UserModel user = app().authentication().authenticate(request);
	91
	92	// Login the user
	93	if (user != null) {
	94	// preserve the authentication type across session replacement
	95	AuthenticationType authenticationType = (AuthenticationType) request.getSession()
	96	.getAttribute(Constants.AUTHENTICATION_TYPE);
	97
	98	// issue 62: fix session fixation vulnerability
	99	session.replaceSession();
	100	session.setUser(user);
	101
	102	request.getSession().setAttribute(Constants.AUTHENTICATION_TYPE, authenticationType);
	103
	104	// Set Cookie
	105	app().authentication().setCookie(request, response, user);
	106
	107	session.continueRequest();
	108	}
	109	}
	110	}