Browse Source

http transport does not use authentication fallback

Git servers supporting HTTP transport can send multiple WWW-Authenticate
challenges [1] for different authentication schemes the server supports.
If authentication fails now retry all authentication types proposed by
the server.

[1] https://tools.ietf.org/html/rfc2617#page-3

Bug: 492057
Change-Id: I01d438a5896f9b1008bd6b751ad9c7cbf780af1a
Signed-off-by: Christian Pontesegger <christian.pontesegger@web.de>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
stable-4.5
Christian Pontesegger 9 years ago committed by Matthias Sohn
parent
commit
ac3d3af632
  1. 2
      org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/HttpAuthTest.java
  2. 12
      org.eclipse.jgit/src/org/eclipse/jgit/transport/HttpAuthMethod.java
  3. 26
      org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java

2
org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/HttpAuthTest.java

@ -100,7 +100,7 @@ public class HttpAuthTest {
} catch (IOException e) { } catch (IOException e) {
fail("Couldn't instantiate AuthHeadersResponse: " + e.toString()); fail("Couldn't instantiate AuthHeadersResponse: " + e.toString());
} }
HttpAuthMethod authMethod = HttpAuthMethod.scanResponse(response); HttpAuthMethod authMethod = HttpAuthMethod.scanResponse(response, null);
if (!expectedAuthMethod.equals(getAuthMethodName(authMethod))) { if (!expectedAuthMethod.equals(getAuthMethodName(authMethod))) {
fail("Wrong authentication method: expected " + expectedAuthMethod fail("Wrong authentication method: expected " + expectedAuthMethod

12
org.eclipse.jgit/src/org/eclipse/jgit/transport/HttpAuthMethod.java

@ -51,6 +51,7 @@ import java.io.UnsupportedEncodingException;
import java.net.URL; import java.net.URL;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
@ -149,9 +150,12 @@ abstract class HttpAuthMethod {
* *
* @param conn * @param conn
* the connection that failed. * the connection that failed.
* @param ignoreTypes
* authentication types to be ignored.
* @return new authentication method to try. * @return new authentication method to try.
*/ */
static HttpAuthMethod scanResponse(final HttpConnection conn) { static HttpAuthMethod scanResponse(final HttpConnection conn,
Collection<Type> ignoreTypes) {
final Map<String, List<String>> headers = conn.getHeaderFields(); final Map<String, List<String>> headers = conn.getHeaderFields();
HttpAuthMethod authentication = Type.NONE.method(EMPTY_STRING); HttpAuthMethod authentication = Type.NONE.method(EMPTY_STRING);
@ -165,6 +169,12 @@ abstract class HttpAuthMethod {
try { try {
Type methodType = Type.valueOf(valuePart[0].toUpperCase()); Type methodType = Type.valueOf(valuePart[0].toUpperCase());
if ((ignoreTypes != null)
&& (ignoreTypes.contains(methodType))) {
continue;
}
if (authentication.getType().compareTo(methodType) >= 0) { if (authentication.getType().compareTo(methodType) >= 0) {
continue; continue;
} }

26
org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java

@ -73,6 +73,7 @@ import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.EnumSet; import java.util.EnumSet;
import java.util.HashSet;
import java.util.LinkedHashSet; import java.util.LinkedHashSet;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
@ -95,6 +96,7 @@ import org.eclipse.jgit.lib.ProgressMonitor;
import org.eclipse.jgit.lib.Ref; import org.eclipse.jgit.lib.Ref;
import org.eclipse.jgit.lib.Repository; import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.lib.SymbolicRef; import org.eclipse.jgit.lib.SymbolicRef;
import org.eclipse.jgit.transport.HttpAuthMethod.Type;
import org.eclipse.jgit.transport.http.HttpConnection; import org.eclipse.jgit.transport.http.HttpConnection;
import org.eclipse.jgit.util.HttpSupport; import org.eclipse.jgit.util.HttpSupport;
import org.eclipse.jgit.util.IO; import org.eclipse.jgit.util.IO;
@ -448,9 +450,11 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
throw new NotSupportedException(MessageFormat.format(JGitText.get().invalidURL, uri), e); throw new NotSupportedException(MessageFormat.format(JGitText.get().invalidURL, uri), e);
} }
try {
int authAttempts = 1; int authAttempts = 1;
Collection<Type> ignoreTypes = null;
for (;;) { for (;;) {
try {
final HttpConnection conn = httpOpen(u); final HttpConnection conn = httpOpen(u);
if (useSmartHttp) { if (useSmartHttp) {
String exp = "application/x-" + service + "-advertisement"; //$NON-NLS-1$ //$NON-NLS-2$ String exp = "application/x-" + service + "-advertisement"; //$NON-NLS-1$ //$NON-NLS-2$
@ -467,7 +471,7 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
// explicit authentication would be required // explicit authentication would be required
if (authMethod.getType() == HttpAuthMethod.Type.NONE if (authMethod.getType() == HttpAuthMethod.Type.NONE
&& conn.getHeaderField(HDR_WWW_AUTHENTICATE) != null) && conn.getHeaderField(HDR_WWW_AUTHENTICATE) != null)
authMethod = HttpAuthMethod.scanResponse(conn); authMethod = HttpAuthMethod.scanResponse(conn, ignoreTypes);
return conn; return conn;
case HttpConnection.HTTP_NOT_FOUND: case HttpConnection.HTTP_NOT_FOUND:
@ -475,7 +479,7 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
MessageFormat.format(JGitText.get().uriNotFound, u)); MessageFormat.format(JGitText.get().uriNotFound, u));
case HttpConnection.HTTP_UNAUTHORIZED: case HttpConnection.HTTP_UNAUTHORIZED:
authMethod = HttpAuthMethod.scanResponse(conn); authMethod = HttpAuthMethod.scanResponse(conn, ignoreTypes);
if (authMethod.getType() == HttpAuthMethod.Type.NONE) if (authMethod.getType() == HttpAuthMethod.Type.NONE)
throw new TransportException(uri, MessageFormat.format( throw new TransportException(uri, MessageFormat.format(
JGitText.get().authenticationNotSupported, uri)); JGitText.get().authenticationNotSupported, uri));
@ -501,15 +505,29 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
String err = status + " " + conn.getResponseMessage(); //$NON-NLS-1$ String err = status + " " + conn.getResponseMessage(); //$NON-NLS-1$
throw new TransportException(uri, err); throw new TransportException(uri, err);
} }
}
} catch (NotSupportedException e) { } catch (NotSupportedException e) {
throw e; throw e;
} catch (TransportException e) { } catch (TransportException e) {
throw e; throw e;
} catch (IOException e) { } catch (IOException e) {
if (authMethod.getType() != HttpAuthMethod.Type.NONE) {
if (ignoreTypes == null) {
ignoreTypes = new HashSet<Type>();
}
ignoreTypes.add(authMethod.getType());
// reset auth method & attempts for next authentication type
authMethod = HttpAuthMethod.Type.NONE.method(null);
authAttempts = 1;
continue;
}
throw new TransportException(uri, MessageFormat.format(JGitText.get().cannotOpenService, service), e); throw new TransportException(uri, MessageFormat.format(JGitText.get().cannotOpenService, service), e);
} }
} }
}
final HttpConnection httpOpen(URL u) throws IOException { final HttpConnection httpOpen(URL u) throws IOException {
return httpOpen(METHOD_GET, u); return httpOpen(METHOD_GET, u);

Loading…
Cancel
Save