From eecaad8b8e2c447429c31a01d49260ddd6b4ee03 Mon Sep 17 00:00:00 2001
From: Paul Martin <paul@paulsputer.com>
Date: Sat, 16 Apr 2016 17:35:32 -0400
Subject: [PATCH] Proof of concept #1026

---
 src/main/java/com/gitblit/wicket/pages/RootPage.java |  104 ++++++++++++++++++++++++++++------------------------
 1 files changed, 56 insertions(+), 48 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/RootPage.java b/src/main/java/com/gitblit/wicket/pages/RootPage.java
index 3003c70..12779ca 100644
--- a/src/main/java/com/gitblit/wicket/pages/RootPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/RootPage.java
@@ -31,13 +31,16 @@
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.regex.Pattern;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.wicket.MarkupContainer;
 import org.apache.wicket.PageParameters;
+import org.apache.wicket.RequestCycle;
 import org.apache.wicket.behavior.HeaderContributor;
 import org.apache.wicket.markup.html.IHeaderContributor;
 import org.apache.wicket.markup.html.IHeaderResponse;
 import org.apache.wicket.markup.html.basic.Label;
-import org.apache.wicket.markup.html.form.PasswordTextField;
 import org.apache.wicket.markup.html.form.TextField;
 import org.apache.wicket.markup.html.link.BookmarkablePageLink;
 import org.apache.wicket.markup.html.panel.Fragment;
@@ -46,10 +49,13 @@
 import org.apache.wicket.markup.repeater.data.ListDataProvider;
 import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.Model;
+import org.apache.wicket.protocol.http.WebRequest;
 import org.apache.wicket.protocol.http.WebResponse;
 
 import com.gitblit.Constants;
+import com.gitblit.Constants.AuthenticationType;
 import com.gitblit.Keys;
+import com.gitblit.extensions.NavLinkExtension;
 import com.gitblit.extensions.UserMenuExtension;
 import com.gitblit.models.Menu.ExternalLinkMenuItem;
 import com.gitblit.models.Menu.MenuDivider;
@@ -57,16 +63,18 @@
 import com.gitblit.models.Menu.PageLinkMenuItem;
 import com.gitblit.models.Menu.ParameterMenuItem;
 import com.gitblit.models.Menu.ToggleMenuItem;
+import com.gitblit.models.NavLink;
+import com.gitblit.models.NavLink.PageNavLink;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.TeamModel;
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.ModelUtils;
 import com.gitblit.utils.StringUtils;
 import com.gitblit.wicket.GitBlitWebSession;
-import com.gitblit.wicket.PageRegistration;
+import com.gitblit.wicket.NonTrimmedPasswordTextField;
 import com.gitblit.wicket.SessionlessForm;
 import com.gitblit.wicket.WicketUtils;
-import com.gitblit.wicket.panels.GravatarImage;
+import com.gitblit.wicket.panels.AvatarImage;
 import com.gitblit.wicket.panels.LinkPanel;
 import com.gitblit.wicket.panels.NavigationPanel;
 
@@ -144,6 +152,7 @@
 		boolean authenticateAdmin = app().settings().getBoolean(Keys.web.authenticateAdminPages, true);
 		boolean allowAdmin = app().settings().getBoolean(Keys.web.allowAdministration, true);
 		boolean allowLucene = app().settings().getBoolean(Keys.web.allowLuceneIndexing, true);
+		boolean displayUserPanel = app().settings().getBoolean(Keys.web.displayUserPanel, true);
 		boolean isLoggedIn = GitBlitWebSession.get().isLoggedIn();
 
 		if (authenticateAdmin) {
@@ -161,7 +170,7 @@
 			}
 		}
 
-		if (authenticateView || authenticateAdmin) {
+		if (displayUserPanel && (authenticateView || authenticateAdmin)) {
 			if (isLoggedIn) {
 				UserMenu userFragment = new UserMenu("userPanel", "userMenuFragment", RootPage.this);
 				add(userFragment);
@@ -174,50 +183,40 @@
 		}
 
 		// navigation links
-		List<PageRegistration> pages = new ArrayList<PageRegistration>();
+		List<NavLink> navLinks = new ArrayList<NavLink>();
 		if (!authenticateView || (authenticateView && isLoggedIn)) {
-			pages.add(new PageRegistration(isLoggedIn ? "gb.myDashboard" : "gb.dashboard", MyDashboardPage.class,
+			UserModel user = UserModel.ANONYMOUS;
+			if (isLoggedIn) {
+				user = GitBlitWebSession.get().getUser();
+			}
+
+			navLinks.add(new PageNavLink(isLoggedIn ? "gb.myDashboard" : "gb.dashboard", MyDashboardPage.class,
 					getRootPageParameters()));
 			if (isLoggedIn && app().tickets().isReady()) {
-				pages.add(new PageRegistration("gb.myTickets", MyTicketsPage.class));
+				navLinks.add(new PageNavLink("gb.myTickets", MyTicketsPage.class));
 			}
-			pages.add(new PageRegistration("gb.repositories", RepositoriesPage.class,
+			navLinks.add(new PageNavLink("gb.repositories", RepositoriesPage.class,
 					getRootPageParameters()));
-			pages.add(new PageRegistration("gb.activity", ActivityPage.class, getRootPageParameters()));
+			
+			navLinks.add(new PageNavLink("gb.filestore", FilestorePage.class, getRootPageParameters()));
+				
+			navLinks.add(new PageNavLink("gb.activity", ActivityPage.class, getRootPageParameters()));
 			if (allowLucene) {
-				pages.add(new PageRegistration("gb.search", LuceneSearchPage.class));
-			}
-
-			UserModel user = GitBlitWebSession.get().getUser();
-
-			if (showAdmin) {
-				// admin dropdown menu
-				DropDownMenuRegistration adminMenu = new DropDownMenuRegistration("gb.adminMenuItem", MyDashboardPage.class);
-
-				adminMenu.menuItems.add(new PageLinkMenuItem(getString("gb.users"), UsersPage.class));
-
-				boolean showRegistrations = app().federation().canFederate()
-						&& app().settings().getBoolean(Keys.web.showFederationRegistrations, false);
-				if (showRegistrations) {
-					adminMenu.menuItems.add(new PageLinkMenuItem(getString("gb.federation"), FederationPage.class));
-				}
-
-				// allow plugins to contribute admin menu items
-				List<AdminMenuExtension> extensions = app().plugins().getExtensions(AdminMenuExtension.class);
-				for (AdminMenuExtension ext : extensions) {
-					adminMenu.menuItems.add(new MenuDivider());
-					adminMenu.menuItems.addAll(ext.getMenuItems(user));
-				}
-
-				pages.add(adminMenu);
+				navLinks.add(new PageNavLink("gb.search", LuceneSearchPage.class));
 			}
 
 			if (!authenticateView || (authenticateView && isLoggedIn)) {
-				addDropDownMenus(pages);
+				addDropDownMenus(navLinks);
+			}
+
+			// add nav link extensions
+			List<NavLinkExtension> extensions = app().plugins().getExtensions(NavLinkExtension.class);
+			for (NavLinkExtension ext : extensions) {
+				navLinks.addAll(ext.getNavLinks(user));
 			}
 		}
 
-		NavigationPanel navPanel = new NavigationPanel("navPanel", getRootNavPageClass(), pages);
+		NavigationPanel navPanel = new NavigationPanel("navPanel", getRootNavPageClass(), navLinks);
 		add(navPanel);
 
 		// display an error message cached from a redirect
@@ -272,28 +271,33 @@
 
 	private void loginUser(UserModel user) {
 		if (user != null) {
+			HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
+			HttpServletResponse response = ((WebResponse) getResponse()).getHttpServletResponse();
+
 			// Set the user into the session
 			GitBlitWebSession session = GitBlitWebSession.get();
+
 			// issue 62: fix session fixation vulnerability
 			session.replaceSession();
 			session.setUser(user);
 
+			request = ((WebRequest) getRequest()).getHttpServletRequest();
+			response = ((WebResponse) getResponse()).getHttpServletResponse();
+			request.getSession().setAttribute(Constants.ATTRIB_AUTHTYPE, AuthenticationType.CREDENTIALS);
+
 			// Set Cookie
-			if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, false)) {
-				WebResponse response = (WebResponse) getRequestCycle().getResponse();
-				app().authentication().setCookie(response.getHttpServletResponse(), user);
-			}
+			app().authentication().setCookie(request, response, user);
 
 			if (!session.continueRequest()) {
 				PageParameters params = getPageParameters();
 				if (params == null) {
 					// redirect to this page
-					setResponsePage(getClass());
+					redirectTo(getClass());
 				} else {
 					// Strip username and password and redirect to this page
 					params.remove("username");
 					params.remove("password");
-					setResponsePage(getClass(), params);
+					redirectTo(getClass(), params);
 				}
 			}
 		}
@@ -309,7 +313,7 @@
 		return repositoryModels;
 	}
 
-	protected void addDropDownMenus(List<PageRegistration> pages) {
+	protected void addDropDownMenus(List<NavLink> navLinks) {
 
 	}
 
@@ -565,7 +569,9 @@
 					String username = RootPage.this.username.getObject();
 					char[] password = RootPage.this.password.getObject().toCharArray();
 
-					UserModel user = app().authentication().authenticate(username, password);
+					HttpServletRequest request = ((WebRequest)RequestCycle.get().getRequest()).getHttpServletRequest();
+
+					UserModel user = app().authentication().authenticate(username, password, request.getRemoteAddr());
 					if (user == null) {
 						error(getString("gb.invalidUsernameOrPassword"));
 					} else if (user.username.equals(Constants.FEDERATION_USER)) {
@@ -581,7 +587,7 @@
 			TextField<String> unameField = new TextField<String>("username", username);
 			WicketUtils.setInputPlaceholder(unameField, markupProvider.getString("gb.username"));
 			loginForm.add(unameField);
-			PasswordTextField pwField = new PasswordTextField("password", password);
+			NonTrimmedPasswordTextField pwField = new NonTrimmedPasswordTextField("password", password);
 			WicketUtils.setInputPlaceholder(pwField, markupProvider.getString("gb.password"));
 			loginForm.add(pwField);
 			add(loginForm);
@@ -607,10 +613,12 @@
 			GitBlitWebSession session = GitBlitWebSession.get();
 			UserModel user = session.getUser();
 			boolean editCredentials = app().authentication().supportsCredentialChanges(user);
-			boolean standardLogin = session.authenticationType.isStandard();
+			HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
+			AuthenticationType authenticationType = (AuthenticationType) request.getAttribute(Constants.ATTRIB_AUTHTYPE);
+			boolean standardLogin = (null != authenticationType) ? authenticationType.isStandard() : true;
 
 			if (app().settings().getBoolean(Keys.web.allowGravatar, true)) {
-				add(new GravatarImage("username", user, "navbarGravatar", 20, false));
+				add(new AvatarImage("username", user, "navbarGravatar", 20, false));
 			} else {
 				add(new Label("username", user.getDisplayName()));
 			}
@@ -618,7 +626,7 @@
 			List<MenuItem> standardItems = new ArrayList<MenuItem>();
 			standardItems.add(new MenuDivider());
 			if (user.canAdmin() || user.canCreate()) {
-				standardItems.add(new PageLinkMenuItem("gb.newRepository", EditRepositoryPage.class));
+				standardItems.add(new PageLinkMenuItem("gb.newRepository", app().getNewRepositoryPage()));
 			}
 			standardItems.add(new PageLinkMenuItem("gb.myProfile", UserPage.class,
 					WicketUtils.newUsernameParameter(user.username)));

--
Gitblit v1.9.1