public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); var repository = filterContext.Controller.ControllerContext.RouteData.Values["id"].ToString(); var user = filterContext.HttpContext.User.Identity.Name; if (RequiresRepositoryAdministrator) { if (!RepositoryPermissionService.IsRepositoryAdministrator(user, repository)) { filterContext.Result = new HttpUnauthorizedResult(); } } else { if (!RepositoryPermissionService.HasPermission(user, repository)) { if (!RepositoryPermissionService.AllowsAnonymous(repository)) { filterContext.Result = new HttpUnauthorizedResult(); } } } }
public ActionResult SecureReceivePack(String project) { if (RepositoryPermissionService.HasPermission(User.Id(), project) || (RepositoryPermissionService.AllowsAnonymous(project) && UserConfiguration.Current.AllowAnonymousPush)) { return(ExecuteReceivePack(project)); } else { return(UnauthorizedResult()); } }
public ActionResult SecureUploadPack(String project) { if (RepositoryPermissionService.HasPermission(User.Id(), project) || RepositoryPermissionService.AllowsAnonymous(project)) { return(ExecuteUploadPack(project)); } else { return(UnauthorizedResult()); } }
public ActionResult SecureGetInfoRefs(String project, String service) { if (RepositoryPermissionService.HasPermission(User.Id(), project) || (RepositoryPermissionService.AllowsAnonymous(project) && (String.Equals("git-upload-pack", service, StringComparison.OrdinalIgnoreCase) || UserConfiguration.Current.AllowAnonymousPush))) { return(GetInfoRefs(project, service)); } else { return(UnauthorizedResult()); } }
public ActionResult SecureReceivePack(String repositoryName) { if (!RepositoryIsValid(repositoryName)) { return(new HttpNotFoundResult()); } if (RepositoryPermissionService.HasPermission(User.Id(), repositoryName) || (RepositoryPermissionService.AllowsAnonymous(repositoryName) && UserConfiguration.Current.AllowAnonymousPush)) { return(ExecuteReceivePack(repositoryName)); } else { return(UnauthorizedResult()); } }
public ActionResult SecureUploadPack(String repositoryName) { if (!RepositoryIsValid(repositoryName)) { return(new HttpNotFoundResult()); } if (RepositoryPermissionService.HasPermission(User.Id(), repositoryName) || RepositoryPermissionService.AllowsAnonymous(repositoryName)) { return(ExecuteUploadPack(repositoryName)); } else { return(UnauthorizedResult()); } }
public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); var repository = filterContext.Controller.ControllerContext.RouteData.Values["id"].ToString(); var user = filterContext.HttpContext.User.Identity.Name; if (RequiresRepositoryAdministrator) { if (RepositoryPermissionService.IsRepositoryAdministrator(user, repository)) { return; } } else { if (RepositoryPermissionService.HasPermission(user, repository)) { return; } if (RepositoryPermissionService.AllowsAnonymous(repository)) { return; } } if (filterContext.HttpContext.User == null || !(filterContext.HttpContext.User.Identity is FormsIdentity) || !filterContext.HttpContext.User.Identity.IsAuthenticated) { filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Home" }, { "action", "LogOn" }, { "returnUrl", filterContext.HttpContext.Request.Url.PathAndQuery } }); } else { filterContext.Result = new RedirectResult("~/Home/Unauthorized"); } }
public ActionResult SecureGetInfoRefs(String repositoryName, String service) { if (!RepositoryIsValid(repositoryName)) { return(new HttpNotFoundResult()); } bool allowAnonClone = RepositoryPermissionService.AllowsAnonymous(repositoryName); bool hasPermission = RepositoryPermissionService.HasPermission(User.Id(), repositoryName); bool isClone = String.Equals("git-upload-pack", service, StringComparison.OrdinalIgnoreCase); bool isPush = String.Equals("git-receive-pack", service, StringComparison.OrdinalIgnoreCase); bool allowAnonPush = UserConfiguration.Current.AllowAnonymousPush; if (hasPermission || (allowAnonClone && isClone) || (allowAnonPush && isPush)) { return(GetInfoRefs(repositoryName, service)); } else { return(UnauthorizedResult()); } }
public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); if (!(filterContext.Result is HttpUnauthorizedResult)) { string repository = filterContext.Controller.ControllerContext.RouteData.Values["id"].ToString(); string user = filterContext.HttpContext.User.Id(); if (filterContext.HttpContext.User.IsInRole(Definitions.Roles.Administrator)) { return; } if (RequiresRepositoryAdministrator) { if (RepositoryPermissionService.IsRepositoryAdministrator(user, repository)) { return; } } else { if (RepositoryPermissionService.HasPermission(user, repository)) { return; } if (RepositoryPermissionService.AllowsAnonymous(repository)) { return; } } filterContext.Result = new RedirectResult("~/Home/Unauthorized"); } }
public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } HttpContextBase httpContext = filterContext.HttpContext; string incomingRepoName = GetRepoPath(httpContext.Request.Path, httpContext.Request.ApplicationPath); string repo = Repository.NormalizeRepositoryName(incomingRepoName, RepositoryRepository); // check if repo allows anonymous pulls if (RepositoryPermissionService.AllowsAnonymous(repo)) { return; } if (httpContext.Request.IsAuthenticated && httpContext.User != null && httpContext.User.Identity is System.Security.Claims.ClaimsIdentity) { return; } // Add header to prevent redirection to login page (see IAuthenticationProvider.Configure) httpContext.Request.Headers.Add("AuthNoRedirect", "1"); string auth = httpContext.Request.Headers["Authorization"]; if (String.IsNullOrEmpty(auth)) { httpContext.Response.Headers.Add("WWW-Authenticate", "Basic realm=\"Bonobo Git\""); filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized); return; } byte[] encodedDataAsBytes = Convert.FromBase64String(auth.Replace("Basic ", String.Empty)); string value = Encoding.ASCII.GetString(encodedDataAsBytes); string username = Uri.UnescapeDataString(value.Substring(0, value.IndexOf(':'))); string password = Uri.UnescapeDataString(value.Substring(value.IndexOf(':') + 1)); bool allowed = false; if (!String.IsNullOrEmpty(username) && !String.IsNullOrEmpty(password)) { if (AuthenticationProvider is WindowsAuthenticationProvider) { var domain = username.GetDomain(); username = username.StripDomain(); try { using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain)) { var adUser = UserPrincipal.FindByIdentity(pc, username); if (adUser != null) { if (pc.ValidateCredentials(username, password)) { httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username.Replace("\\", "!")))); allowed = true; } } } } catch (PrincipalException) { // let it fail } } else { if (MembershipService.ValidateUser(username, password) == ValidationResult.Success) { httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username))); allowed = true; } } } if (!allowed) { filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized); } }