Merge "Make gitweb prompt for authorization"
This commit is contained in:
commit
886db53b2d
@ -34,6 +34,7 @@ import com.google.gerrit.extensions.restapi.Url;
|
||||
import com.google.gerrit.httpd.GitWebConfig;
|
||||
import com.google.gerrit.reviewdb.client.Project;
|
||||
import com.google.gerrit.server.AnonymousUser;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.config.SitePaths;
|
||||
import com.google.gerrit.server.git.LocalDiskRepositoryManager;
|
||||
@ -85,18 +86,21 @@ class GitWebServlet extends HttpServlet {
|
||||
private final LocalDiskRepositoryManager repoManager;
|
||||
private final ProjectControl.Factory projectControl;
|
||||
private final Provider<AnonymousUser> anonymousUserProvider;
|
||||
private final Provider<CurrentUser> userProvider;
|
||||
private final EnvList _env;
|
||||
|
||||
@Inject
|
||||
GitWebServlet(final LocalDiskRepositoryManager repoManager,
|
||||
final ProjectControl.Factory projectControl,
|
||||
final Provider<AnonymousUser> anonymousUserProvider,
|
||||
final Provider<CurrentUser> userProvider,
|
||||
final SitePaths site,
|
||||
final GerritConfig gerritConfig, final GitWebConfig gitWebConfig)
|
||||
throws IOException {
|
||||
this.repoManager = repoManager;
|
||||
this.projectControl = projectControl;
|
||||
this.anonymousUserProvider = anonymousUserProvider;
|
||||
this.userProvider = userProvider;
|
||||
this.gitwebCgi = gitWebConfig.getGitwebCGI();
|
||||
this.deniedActions = new HashSet<>();
|
||||
|
||||
@ -377,7 +381,14 @@ class GitWebServlet extends HttpServlet {
|
||||
throw new NoSuchProjectException(nameKey);
|
||||
}
|
||||
} catch (NoSuchProjectException e) {
|
||||
rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
|
||||
if (userProvider.get().isIdentifiedUser()) {
|
||||
rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
|
||||
} else {
|
||||
// Allow anonymous users a chance to login.
|
||||
// Avoid leaking information by not distinguishing between
|
||||
// project not existing and no access rights.
|
||||
rsp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user