Example 1 with RpcRequest
use of com.gitblit.Constants.RpcRequest in project gitblit by gitblit.
the class RpcFilter method doFilter.
/**
* doFilter does the actual work of preprocessing the request to ensure that
* the user may proceed.
*
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
* javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String fullUrl = getFullUrl(httpRequest);
RpcRequest requestType = RpcRequest.fromName(httpRequest.getParameter("req"));
if (requestType == null) {
httpResponse.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED);
return;
}
boolean adminRequest = requestType.exceeds(RpcRequest.LIST_SETTINGS);
// conditionally reject all rpc requests
if (!settings.getBoolean(Keys.web.enableRpcServlet, true)) {
logger.warn(Keys.web.enableRpcServlet + " must be set TRUE for rpc requests.");
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
boolean authenticateView = settings.getBoolean(Keys.web.authenticateViewPages, false);
boolean authenticateAdmin = settings.getBoolean(Keys.web.authenticateAdminPages, true);
// Wrap the HttpServletRequest with the RpcServletRequest which
// overrides the servlet container user principal methods.
AuthenticatedRequest authenticatedRequest = new AuthenticatedRequest(httpRequest);
UserModel user = getUser(httpRequest);
if (user != null) {
authenticatedRequest.setUser(user);
}
// conditionally reject rpc management/administration requests
if (adminRequest && !settings.getBoolean(Keys.web.enableRpcManagement, false)) {
logger.warn(MessageFormat.format("{0} must be set TRUE for {1} rpc requests.", Keys.web.enableRpcManagement, requestType.toString()));
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
// BASIC authentication challenge and response processing
if ((adminRequest && authenticateAdmin) || (!adminRequest && authenticateView)) {
if (user == null) {
// challenge client to provide credentials. send 401.
if (runtimeManager.isDebugMode()) {
logger.info(MessageFormat.format("RPC: CHALLENGE {0}", fullUrl));
}
httpResponse.setHeader("WWW-Authenticate", CHALLENGE);
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
} else {
// check user access for request
if (user.canAdmin() || !adminRequest) {
// authenticated request permitted.
// pass processing to the restricted servlet.
newSession(authenticatedRequest, httpResponse);
logger.info(MessageFormat.format("RPC: {0} ({1}) authenticated", fullUrl, HttpServletResponse.SC_CONTINUE));
chain.doFilter(authenticatedRequest, httpResponse);
return;
}
// valid user, but not for requested access. send 403.
logger.warn(MessageFormat.format("RPC: {0} forbidden to access {1}", user.username, fullUrl));
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
}
if (runtimeManager.isDebugMode()) {
logger.info(MessageFormat.format("RPC: {0} ({1}) unauthenticated", fullUrl, HttpServletResponse.SC_CONTINUE));
}
// unauthenticated request permitted.
// pass processing to the restricted servlet.
chain.doFilter(authenticatedRequest, httpResponse);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UserModel(com.gitblit.models.UserModel)
RpcRequest(com.gitblit.Constants.RpcRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Example 2 with RpcRequest
use of com.gitblit.Constants.RpcRequest in project gitblit by gitblit.
the class RpcServlet method processRequest.
/**
* Processes an rpc request.
*
* @param request
* @param response
* @throws javax.servlet.ServletException
* @throws java.io.IOException
*/
@Override
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
RpcRequest reqType = RpcRequest.fromName(request.getParameter("req"));
String objectName = request.getParameter("name");
logger.info(MessageFormat.format("Rpc {0} request from {1}", reqType, request.getRemoteAddr()));
UserModel user = (UserModel) request.getUserPrincipal();
boolean allowManagement = user != null && user.canAdmin() && settings.getBoolean(Keys.web.enableRpcManagement, false);
boolean allowAdmin = user != null && user.canAdmin() && settings.getBoolean(Keys.web.enableRpcAdministration, false);
Object result = null;
if (RpcRequest.GET_PROTOCOL.equals(reqType)) {
// Return the protocol version
result = PROTOCOL_VERSION;
} else if (RpcRequest.LIST_REPOSITORIES.equals(reqType)) {
// Determine the Gitblit clone url
String gitblitUrl = settings.getString(Keys.web.canonicalUrl, null);
if (StringUtils.isEmpty(gitblitUrl)) {
gitblitUrl = HttpUtils.getGitblitURL(request);
}
StringBuilder sb = new StringBuilder();
sb.append(gitblitUrl);
sb.append(Constants.R_PATH);
sb.append("{0}");
String cloneUrl = sb.toString();
// list repositories
List<RepositoryModel> list = gitblit.getRepositoryModels(user);
Map<String, RepositoryModel> repositories = new HashMap<String, RepositoryModel>();
for (RepositoryModel model : list) {
String url = MessageFormat.format(cloneUrl, model.name);
repositories.put(url, model);
}
result = repositories;
} else if (RpcRequest.LIST_BRANCHES.equals(reqType)) {
// list all local branches in all repositories accessible to user
Map<String, List<String>> localBranches = new HashMap<String, List<String>>();
List<RepositoryModel> models = gitblit.getRepositoryModels(user);
for (RepositoryModel model : models) {
if (!model.hasCommits) {
// skip empty repository
continue;
}
if (model.isCollectingGarbage) {
// skip garbage collecting repository
logger.warn(MessageFormat.format("Temporarily excluding {0} from RPC, busy collecting garbage", model.name));
continue;
}
if (!StringUtils.isEmpty(objectName) && !objectName.equals(model.name)) {
// skip repository if a name was submitted and it doesn't match
continue;
}
// get local branches
Repository repository = gitblit.getRepository(model.name);
List<RefModel> refs = JGitUtils.getLocalBranches(repository, false, -1);
if (model.showRemoteBranches) {
// add remote branches if repository displays them
refs.addAll(JGitUtils.getRemoteBranches(repository, false, -1));
}
if (refs.size() > 0) {
List<String> branches = new ArrayList<String>();
for (RefModel ref : refs) {
branches.add(ref.getName());
}
localBranches.put(model.name, branches);
}
repository.close();
}
result = localBranches;
} else if (RpcRequest.GET_USER.equals(reqType)) {
if (StringUtils.isEmpty(objectName)) {
if (UserModel.ANONYMOUS.equals(user)) {
response.sendError(forbiddenCode);
} else {
// return the current user, reset credentials
UserModel requestedUser = DeepCopier.copy(user);
result = requestedUser;
}
} else {
if (user.canAdmin() || objectName.equals(user.username)) {
// return the specified user
UserModel requestedUser = gitblit.getUserModel(objectName);
if (requestedUser == null) {
response.setStatus(failureCode);
} else {
result = requestedUser;
}
} else {
response.sendError(forbiddenCode);
}
}
} else if (RpcRequest.LIST_USERS.equals(reqType)) {
// list users
List<String> names = gitblit.getAllUsernames();
List<UserModel> users = new ArrayList<UserModel>();
for (String name : names) {
users.add(gitblit.getUserModel(name));
}
result = users;
} else if (RpcRequest.LIST_TEAMS.equals(reqType)) {
// list teams
List<String> names = gitblit.getAllTeamNames();
List<TeamModel> teams = new ArrayList<TeamModel>();
for (String name : names) {
teams.add(gitblit.getTeamModel(name));
}
result = teams;
} else if (RpcRequest.CREATE_REPOSITORY.equals(reqType)) {
// create repository
RepositoryModel model = deserialize(request, response, RepositoryModel.class);
try {
gitblit.updateRepositoryModel(model.name, model, true);
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
} else if (RpcRequest.FORK_REPOSITORY.equals(reqType)) {
// fork repository
RepositoryModel origin = gitblit.getRepositoryModel(objectName);
if (origin == null) {
// failed to find repository, error is logged by the repository
// manager
response.setStatus(failureCode);
} else {
if (user == null || !user.canFork(origin)) {
logger.error("User {} is not permitted to fork '{}'!", user == null ? "anonymous" : user.username, objectName);
response.setStatus(failureCode);
} else {
try {
// fork the origin
RepositoryModel fork = gitblit.fork(origin, user);
if (fork == null) {
logger.error("Failed to fork repository '{}'!", objectName);
response.setStatus(failureCode);
} else {
logger.info("User {} has forked '{}'!", user.username, objectName);
}
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
}
}
} else if (RpcRequest.EDIT_REPOSITORY.equals(reqType)) {
// edit repository
RepositoryModel model = deserialize(request, response, RepositoryModel.class);
// name specifies original repository name in event of rename
String repoName = objectName;
if (repoName == null) {
repoName = model.name;
}
try {
gitblit.updateRepositoryModel(repoName, model, false);
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
} else if (RpcRequest.DELETE_REPOSITORY.equals(reqType)) {
// delete repository
RepositoryModel model = deserialize(request, response, RepositoryModel.class);
gitblit.deleteRepositoryModel(model);
} else if (RpcRequest.CREATE_USER.equals(reqType)) {
// create user
UserModel model = deserialize(request, response, UserModel.class);
try {
gitblit.addUser(model);
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
} else if (RpcRequest.EDIT_USER.equals(reqType)) {
// edit user
UserModel model = deserialize(request, response, UserModel.class);
// name parameter specifies original user name in event of rename
String username = objectName;
if (username == null) {
username = model.username;
}
try {
gitblit.reviseUser(username, model);
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
} else if (RpcRequest.DELETE_USER.equals(reqType)) {
// delete user
UserModel model = deserialize(request, response, UserModel.class);
if (!gitblit.deleteUser(model.username)) {
response.setStatus(failureCode);
}
} else if (RpcRequest.CREATE_TEAM.equals(reqType)) {
// create team
TeamModel model = deserialize(request, response, TeamModel.class);
try {
gitblit.addTeam(model);
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
} else if (RpcRequest.EDIT_TEAM.equals(reqType)) {
// edit team
TeamModel model = deserialize(request, response, TeamModel.class);
// name parameter specifies original team name in event of rename
String teamname = objectName;
if (teamname == null) {
teamname = model.name;
}
try {
gitblit.reviseTeam(teamname, model);
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
} else if (RpcRequest.DELETE_TEAM.equals(reqType)) {
// delete team
TeamModel model = deserialize(request, response, TeamModel.class);
if (!gitblit.deleteTeam(model.name)) {
response.setStatus(failureCode);
}
} else if (RpcRequest.LIST_REPOSITORY_MEMBERS.equals(reqType)) {
// get repository members
RepositoryModel model = gitblit.getRepositoryModel(objectName);
result = gitblit.getRepositoryUsers(model);
} else if (RpcRequest.SET_REPOSITORY_MEMBERS.equals(reqType)) {
// rejected since 1.2.0
response.setStatus(failureCode);
} else if (RpcRequest.LIST_REPOSITORY_MEMBER_PERMISSIONS.equals(reqType)) {
// get repository member permissions
RepositoryModel model = gitblit.getRepositoryModel(objectName);
result = gitblit.getUserAccessPermissions(model);
} else if (RpcRequest.SET_REPOSITORY_MEMBER_PERMISSIONS.equals(reqType)) {
// set the repository permissions for the specified users
RepositoryModel model = gitblit.getRepositoryModel(objectName);
Collection<RegistrantAccessPermission> permissions = deserialize(request, response, RpcUtils.REGISTRANT_PERMISSIONS_TYPE);
result = gitblit.setUserAccessPermissions(model, permissions);
} else if (RpcRequest.LIST_REPOSITORY_TEAMS.equals(reqType)) {
// get repository teams
RepositoryModel model = gitblit.getRepositoryModel(objectName);
result = gitblit.getRepositoryTeams(model);
} else if (RpcRequest.SET_REPOSITORY_TEAMS.equals(reqType)) {
// rejected since 1.2.0
response.setStatus(failureCode);
} else if (RpcRequest.LIST_REPOSITORY_TEAM_PERMISSIONS.equals(reqType)) {
// get repository team permissions
RepositoryModel model = gitblit.getRepositoryModel(objectName);
result = gitblit.getTeamAccessPermissions(model);
} else if (RpcRequest.SET_REPOSITORY_TEAM_PERMISSIONS.equals(reqType)) {
// set the repository permissions for the specified teams
RepositoryModel model = gitblit.getRepositoryModel(objectName);
Collection<RegistrantAccessPermission> permissions = deserialize(request, response, RpcUtils.REGISTRANT_PERMISSIONS_TYPE);
result = gitblit.setTeamAccessPermissions(model, permissions);
} else if (RpcRequest.LIST_FEDERATION_REGISTRATIONS.equals(reqType)) {
// return the list of federation registrations
if (allowAdmin) {
result = gitblit.getFederationRegistrations();
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.LIST_FEDERATION_RESULTS.equals(reqType)) {
// return the list of federation result registrations
if (allowAdmin && gitblit.canFederate()) {
result = gitblit.getFederationResultRegistrations();
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.LIST_FEDERATION_PROPOSALS.equals(reqType)) {
// return the list of federation proposals
if (allowAdmin && gitblit.canFederate()) {
result = gitblit.getPendingFederationProposals();
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.LIST_FEDERATION_SETS.equals(reqType)) {
// return the list of federation sets
if (allowAdmin && gitblit.canFederate()) {
String gitblitUrl = settings.getString(Keys.web.canonicalUrl, null);
if (StringUtils.isEmpty(gitblitUrl)) {
gitblitUrl = HttpUtils.getGitblitURL(request);
}
result = gitblit.getFederationSets(gitblitUrl);
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.LIST_SETTINGS.equals(reqType)) {
// return the server's settings
ServerSettings serverSettings = gitblit.getSettingsModel();
if (allowAdmin) {
// return all settings
result = serverSettings;
} else {
// anonymous users get a few settings to allow browser launching
List<String> keys = new ArrayList<String>();
keys.add(Keys.web.siteName);
keys.add(Keys.web.mountParameters);
keys.add(Keys.web.syndicationEntries);
if (allowManagement) {
// keys necessary for repository and/or user management
keys.add(Keys.realm.minPasswordLength);
keys.add(Keys.realm.passwordStorage);
keys.add(Keys.federation.sets);
}
// build the settings
ServerSettings managementSettings = new ServerSettings();
for (String key : keys) {
managementSettings.add(serverSettings.get(key));
}
if (allowManagement) {
managementSettings.pushScripts = serverSettings.pushScripts;
}
result = managementSettings;
}
} else if (RpcRequest.EDIT_SETTINGS.equals(reqType)) {
// update settings on the server
if (allowAdmin) {
Map<String, String> map = deserialize(request, response, RpcUtils.SETTINGS_TYPE);
gitblit.updateSettings(map);
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.LIST_STATUS.equals(reqType)) {
// return the server's status information
if (allowAdmin) {
result = gitblit.getStatus();
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.CLEAR_REPOSITORY_CACHE.equals(reqType)) {
// clear the repository list cache
if (allowManagement) {
gitblit.resetRepositoryListCache();
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.REINDEX_TICKETS.equals(reqType)) {
if (allowManagement) {
if (StringUtils.isEmpty(objectName)) {
// reindex all tickets
gitblit.getTicketService().reindex();
} else {
// reindex tickets in a specific repository
RepositoryModel model = gitblit.getRepositoryModel(objectName);
gitblit.getTicketService().reindex(model);
}
} else {
response.sendError(notAllowedCode);
}
}
// send the result of the request
serialize(response, result);
}
Also used :
RefModel(com.gitblit.models.RefModel)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
GitBlitException(com.gitblit.GitBlitException)
RepositoryModel(com.gitblit.models.RepositoryModel)
UserModel(com.gitblit.models.UserModel)
Repository(org.eclipse.jgit.lib.Repository)
TeamModel(com.gitblit.models.TeamModel)
ServerSettings(com.gitblit.models.ServerSettings)
RpcRequest(com.gitblit.Constants.RpcRequest)
Collection(java.util.Collection)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
Aggregations
RpcRequest (com.gitblit.Constants.RpcRequest)2
UserModel (com.gitblit.models.UserModel)2
GitBlitException (com.gitblit.GitBlitException)1
RefModel (com.gitblit.models.RefModel)1
RepositoryModel (com.gitblit.models.RepositoryModel)1
ServerSettings (com.gitblit.models.ServerSettings)1
TeamModel (com.gitblit.models.TeamModel)1
ArrayList (java.util.ArrayList)1
Collection (java.util.Collection)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Map (java.util.Map)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
Repository (org.eclipse.jgit.lib.Repository)1
