public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
var repository = filterContext.Controller.ControllerContext.RouteData.Values["id"].ToString();
var user = filterContext.HttpContext.User.Identity.Name;
if (RequiresRepositoryAdministrator)
{
if (!RepositoryPermissionService.IsRepositoryAdministrator(user, repository))
{
filterContext.Result = new HttpUnauthorizedResult();
}
}
else
{
if (!RepositoryPermissionService.HasPermission(user, repository))
{
if (!RepositoryPermissionService.AllowsAnonymous(repository))
{
filterContext.Result = new HttpUnauthorizedResult();
}
}
}
}
public ActionResult SecureReceivePack(String project)
{
if (RepositoryPermissionService.HasPermission(User.Id(), project) ||
(RepositoryPermissionService.AllowsAnonymous(project) && UserConfiguration.Current.AllowAnonymousPush))
{
return(ExecuteReceivePack(project));
}
else
{
return(UnauthorizedResult());
}
}
public ActionResult SecureUploadPack(String project)
{
if (RepositoryPermissionService.HasPermission(User.Id(), project) ||
RepositoryPermissionService.AllowsAnonymous(project))
{
return(ExecuteUploadPack(project));
}
else
{
return(UnauthorizedResult());
}
}
public ActionResult SecureGetInfoRefs(String project, String service)
{
if (RepositoryPermissionService.HasPermission(User.Id(), project) ||
(RepositoryPermissionService.AllowsAnonymous(project) &&
(String.Equals("git-upload-pack", service, StringComparison.OrdinalIgnoreCase) ||
UserConfiguration.Current.AllowAnonymousPush)))
{
return(GetInfoRefs(project, service));
}
else
{
return(UnauthorizedResult());
}
}
public ActionResult SecureReceivePack(String repositoryName)
{
if (!RepositoryIsValid(repositoryName))
{
return(new HttpNotFoundResult());
}
if (RepositoryPermissionService.HasPermission(User.Id(), repositoryName) ||
(RepositoryPermissionService.AllowsAnonymous(repositoryName) && UserConfiguration.Current.AllowAnonymousPush))
{
return(ExecuteReceivePack(repositoryName));
}
else
{
return(UnauthorizedResult());
}
}
public ActionResult SecureUploadPack(String repositoryName)
{
if (!RepositoryIsValid(repositoryName))
{
return(new HttpNotFoundResult());
}
if (RepositoryPermissionService.HasPermission(User.Id(), repositoryName) ||
RepositoryPermissionService.AllowsAnonymous(repositoryName))
{
return(ExecuteUploadPack(repositoryName));
}
else
{
return(UnauthorizedResult());
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
var repository = filterContext.Controller.ControllerContext.RouteData.Values["id"].ToString();
var user = filterContext.HttpContext.User.Identity.Name;
if (RequiresRepositoryAdministrator)
{
if (RepositoryPermissionService.IsRepositoryAdministrator(user, repository))
{
return;
}
}
else
{
if (RepositoryPermissionService.HasPermission(user, repository))
{
return;
}
if (RepositoryPermissionService.AllowsAnonymous(repository))
{
return;
}
}
if (filterContext.HttpContext.User == null || !(filterContext.HttpContext.User.Identity is FormsIdentity) || !filterContext.HttpContext.User.Identity.IsAuthenticated)
{
filterContext.Result =
new RedirectToRouteResult(new RouteValueDictionary
{
{ "controller", "Home" },
{ "action", "LogOn" },
{ "returnUrl", filterContext.HttpContext.Request.Url.PathAndQuery }
});
}
else
{
filterContext.Result = new RedirectResult("~/Home/Unauthorized");
}
}
public ActionResult SecureGetInfoRefs(String repositoryName, String service)
{
if (!RepositoryIsValid(repositoryName))
{
return(new HttpNotFoundResult());
}
bool allowAnonClone = RepositoryPermissionService.AllowsAnonymous(repositoryName);
bool hasPermission = RepositoryPermissionService.HasPermission(User.Id(), repositoryName);
bool isClone = String.Equals("git-upload-pack", service, StringComparison.OrdinalIgnoreCase);
bool isPush = String.Equals("git-receive-pack", service, StringComparison.OrdinalIgnoreCase);
bool allowAnonPush = UserConfiguration.Current.AllowAnonymousPush;
if (hasPermission || (allowAnonClone && isClone) || (allowAnonPush && isPush))
{
return(GetInfoRefs(repositoryName, service));
}
else
{
return(UnauthorizedResult());
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
if (!(filterContext.Result is HttpUnauthorizedResult))
{
string repository = filterContext.Controller.ControllerContext.RouteData.Values["id"].ToString();
string user = filterContext.HttpContext.User.Id();
if (filterContext.HttpContext.User.IsInRole(Definitions.Roles.Administrator))
{
return;
}
if (RequiresRepositoryAdministrator)
{
if (RepositoryPermissionService.IsRepositoryAdministrator(user, repository))
{
return;
}
}
else
{
if (RepositoryPermissionService.HasPermission(user, repository))
{
return;
}
if (RepositoryPermissionService.AllowsAnonymous(repository))
{
return;
}
}
filterContext.Result = new RedirectResult("~/Home/Unauthorized");
}
}
public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
HttpContextBase httpContext = filterContext.HttpContext;
string incomingRepoName = GetRepoPath(httpContext.Request.Path, httpContext.Request.ApplicationPath);
string repo = Repository.NormalizeRepositoryName(incomingRepoName, RepositoryRepository);
// check if repo allows anonymous pulls
if (RepositoryPermissionService.AllowsAnonymous(repo))
{
return;
}
if (httpContext.Request.IsAuthenticated && httpContext.User != null && httpContext.User.Identity is System.Security.Claims.ClaimsIdentity)
{
return;
}
// Add header to prevent redirection to login page (see IAuthenticationProvider.Configure)
httpContext.Request.Headers.Add("AuthNoRedirect", "1");
string auth = httpContext.Request.Headers["Authorization"];
if (String.IsNullOrEmpty(auth))
{
httpContext.Response.Headers.Add("WWW-Authenticate", "Basic realm=\"Bonobo Git\"");
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
return;
}
byte[] encodedDataAsBytes = Convert.FromBase64String(auth.Replace("Basic ", String.Empty));
string value = Encoding.ASCII.GetString(encodedDataAsBytes);
string username = Uri.UnescapeDataString(value.Substring(0, value.IndexOf(':')));
string password = Uri.UnescapeDataString(value.Substring(value.IndexOf(':') + 1));
bool allowed = false;
if (!String.IsNullOrEmpty(username) && !String.IsNullOrEmpty(password))
{
if (AuthenticationProvider is WindowsAuthenticationProvider)
{
var domain = username.GetDomain();
username = username.StripDomain();
try
{
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain))
{
var adUser = UserPrincipal.FindByIdentity(pc, username);
if (adUser != null)
{
if (pc.ValidateCredentials(username, password))
{
httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username.Replace("\\", "!"))));
allowed = true;
}
}
}
}
catch (PrincipalException)
{
// let it fail
}
}
else
{
if (MembershipService.ValidateUser(username, password) == ValidationResult.Success)
{
httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username)));
allowed = true;
}
}
}
if (!allowed)
{
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
}
}
