Google Git
Sign in
gerrit / plugins / github / 43bb3b702e5a85b1b2ba8b7ed3aa2ab0523a9c5e^! / .
commit43bb3b702e5a85b1b2ba8b7ed3aa2ab0523a9c5e[log] [tgz]
authorDariusz Luksza <dariusz.luksza@gmail.com>Tue Nov 21 10:58:55 2023 +0000
committerDariusz Luksza <dariusz.luksza@gmail.com>Tue Nov 21 15:19:47 2023 +0000
treef5ec708724eaf2f351d576a09b6a11e08c38b45e
parent488e479f9778af8666a5d0b57067ae0aa07256dc [diff]
Redirect to login on anonymous access to profile pages

When an unauthorized session tries to access any of the profile pages,
server will return status code 500 and a generic "Server Error" page
will be rendered. Instead, user should be redirected to the login page.

To fix this we simply check if user is authorized in
`VelocityViewServlet` and if not, redirect to the `auth.loginUrl`.

Bug: Issue 311627062
Change-Id: I3264f50500733e277ef10ca1a2ff36287f89fc99

diff --git a/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/velocity/VelocityViewServlet.java b/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/velocity/VelocityViewServlet.java
index b7dc08f..5e4498f 100644
--- a/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/velocity/VelocityViewServlet.java
+++ b/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/velocity/VelocityViewServlet.java

@@ -13,8 +13,11 @@
 // limitations under the License.
 package com.googlesource.gerrit.plugins.github.velocity;
 
+import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.GITHUB_PLUGIN_OAUTH_SCOPE;
+
 import com.google.common.base.MoreObjects;
 import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.config.AuthConfig;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
@@ -53,6 +56,7 @@
   private final GitHubConfig config;
   private final VirtualDomainConfig virtualDomainConfig;
   private final CanonicalWebUrls canonicalWebUrls;
+  private final AuthConfig authConfig;
 
   @Inject
   public VelocityViewServlet(
@@ -62,7 +66,8 @@
       Provider<CurrentUser> userProvider,
       GitHubConfig config,
       VirtualDomainConfig virutalDomainConfig,
-      CanonicalWebUrls canonicalWebUrls) {
+      CanonicalWebUrls canonicalWebUrls,
+      AuthConfig authConfig) {
 
     this.velocityRuntime = velocityRuntime;
     this.modelProvider = modelProvider;
@@ -71,6 +76,7 @@
     this.config = config;
     this.virtualDomainConfig = virutalDomainConfig;
     this.canonicalWebUrls = canonicalWebUrls;
+    this.authConfig = authConfig;
   }
 
   @Override
@@ -79,6 +85,12 @@
     HttpServletRequest req = (HttpServletRequest) request;
     HttpServletResponse resp = (HttpServletResponse) response;
 
+    if (!(req.getRequestURI().equals(GITHUB_PLUGIN_OAUTH_SCOPE)
+        || userProvider.get().isIdentifiedUser())) {
+      resp.sendRedirect(authConfig.getLoginUrl());
+      return;
+    }
+
     String pathInfo =
         STATIC_PREFIX
             + MoreObjects.firstNonNull((String) req.getAttribute("destUrl"), req.getPathInfo());