From 27ae9095639bb228a1b7ff86a3ebe4264abf05be Mon Sep 17 00:00:00 2001
From: mschaefers <mschaefers@scoop-gmbh.de>
Date: Thu, 29 Nov 2012 12:33:09 -0500
Subject: [PATCH] feature: when using LdapUserService one can configure Gitblit to fetch all users from ldap that can possibly login. This allows to see newly generated LDAP users instantly in Gitblit. By now an LDAP user had to log in once to appear in GitBlit.

---
 src/com/gitblit/AuthenticationFilter.java |   29 ++++++++++++++++++++++++++---
 1 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/src/com/gitblit/AuthenticationFilter.java b/src/com/gitblit/AuthenticationFilter.java
index 277b220..64aa441 100644
--- a/src/com/gitblit/AuthenticationFilter.java
+++ b/src/com/gitblit/AuthenticationFilter.java
@@ -69,6 +69,15 @@
 	@Override
 	public abstract void doFilter(final ServletRequest request, final ServletResponse response,
 			final FilterChain chain) throws IOException, ServletException;
+	
+	/**
+	 * Allow the filter to require a client certificate to continue processing.
+	 * 
+	 * @return true, if a client certificate is required
+	 */
+	protected boolean requiresClientCertificate() {
+		return false;
+	}
 
 	/**
 	 * Returns the full relative url of the request.
@@ -95,6 +104,16 @@
 	 */
 	protected UserModel getUser(HttpServletRequest httpRequest) {
 		UserModel user = null;
+		// try request authentication
+		user = GitBlit.self().authenticate(httpRequest);
+		if (user != null) {
+			return user;
+		} else if (requiresClientCertificate()) {
+			// http request does not have a valid certificate
+			// and the filter requires one
+			return null;
+		}
+		
 		// look for client authorization credentials in header
 		final String authorization = httpRequest.getHeader("Authorization");
 		if (authorization != null && authorization.startsWith(BASIC)) {
@@ -103,7 +122,7 @@
 			String credentials = new String(Base64.decode(base64Credentials),
 					Charset.forName("UTF-8"));
 			// credentials = username:password
-			final String[] values = credentials.split(":");
+			final String[] values = credentials.split(":",2);
 
 			if (values.length == 2) {
 				String username = values[0];
@@ -170,8 +189,9 @@
 		public AuthenticatedRequest(HttpServletRequest req) {
 			super(req);
 			user = new UserModel("anonymous");
+			user.isAuthenticated = false;
 		}
-		
+
 		UserModel getUser() {
 			return user;
 		}
@@ -188,8 +208,11 @@
 		@Override
 		public boolean isUserInRole(String role) {
 			if (role.equals(Constants.ADMIN_ROLE)) {
-				return user.canAdmin;
+				return user.canAdmin();
 			}
+			// Gitblit does not currently use actual roles in the traditional
+			// servlet container sense.  That is the reason this is marked
+			// deprecated, but I may want to revisit this.
 			return user.canAccessRepository(role);
 		}
 

--
Gitblit v1.9.1