Google Git
Sign in
gerrit/gerrit/886db53b2d33fe842f86e306599e2c361d0320f4^1..886db53b2d33fe842f86e306599e2c361d0320f4/.
commit
886db53b2d33fe842f86e306599e2c361d0320f4
[log]
author
Edwin Kempin <edwin.kempin@gmail.com>
Mon Jun 23 08:18:13 2014 +0000
committer
Gerrit Code Review <noreply-gerritcodereview@google.com>
Fri Jun 20 04:20:42 2014 +0000
tree
01932dd05984e3dd696d28414bb12f6bc9bd2e7f
parent
0a6a19db6751a0bd642277148d73b3df79ae1d28 [diff]
parent
fd7df89ff9045fd5d5f87506c7d214653729cf4e [diff]
Merge "Make gitweb prompt for authorization"
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/gitweb/GitWebServlet.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/gitweb/GitWebServlet.java
index f831ab5..2902335 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/gitweb/GitWebServlet.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/gitweb/GitWebServlet.java

@@ -34,6 +34,7 @@
 import com.google.gerrit.httpd.GitWebConfig;
 import com.google.gerrit.reviewdb.client.Project;
 import com.google.gerrit.server.AnonymousUser;
+import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.config.SitePaths;
 import com.google.gerrit.server.git.LocalDiskRepositoryManager;
@@ -85,18 +86,21 @@
   private final LocalDiskRepositoryManager repoManager;
   private final ProjectControl.Factory projectControl;
   private final Provider<AnonymousUser> anonymousUserProvider;
+  private final Provider<CurrentUser> userProvider;
   private final EnvList _env;
 
   @Inject
   GitWebServlet(final LocalDiskRepositoryManager repoManager,
       final ProjectControl.Factory projectControl,
       final Provider<AnonymousUser> anonymousUserProvider,
+      final Provider<CurrentUser> userProvider,
       final SitePaths site,
       final GerritConfig gerritConfig, final GitWebConfig gitWebConfig)
       throws IOException {
     this.repoManager = repoManager;
     this.projectControl = projectControl;
     this.anonymousUserProvider = anonymousUserProvider;
+    this.userProvider = userProvider;
     this.gitwebCgi = gitWebConfig.getGitwebCGI();
     this.deniedActions = new HashSet<>();
 
@@ -377,7 +381,14 @@
         throw new NoSuchProjectException(nameKey);
       }
     } catch (NoSuchProjectException e) {
-      rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
+      if (userProvider.get().isIdentifiedUser()) {
+        rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
+      } else {
+        // Allow anonymous users a chance to login.
+        // Avoid leaking information by not distinguishing between
+        // project not existing and no access rights.
+        rsp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+      }
       return;
     }