From 7245aa031621c4c8d3fd9892ecbc9ded6f0e7283 Mon Sep 17 00:00:00 2001 From: David Pursehouse Date: Fri, 13 Jan 2017 10:08:29 +0900 Subject: [PATCH] Add support for refusing LFS request due to invalid authorization Add a new exception type that server implementations can throw when a client attempts to make an unauthorized LFS operation, which will result in HTTP 401 Unauthorized being returned to the client. An example of this is a Gerrit server that rejects a request to perform an LFS operation on a ref that is not visible to the caller. As defined in the LFS spec [1] the request may include authentication, and per RFC 2616 [2], "401 response indicates that authorization has been refused for those credentials". [1] https://github.com/git-lfs/git-lfs/blob/master/docs/api/batch.md [2] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html Change-Id: I2aa22e2144df5fb7972df0e3285b77b08ecc63f2 Signed-off-by: David Pursehouse --- .../jgit/lfs/server/LfsProtocolServlet.java | 4 ++ .../jgit/lfs/internal/LfsText.properties | 1 + .../jgit/lfs/errors/LfsUnauthorized.java | 68 +++++++++++++++++++ .../eclipse/jgit/lfs/internal/LfsText.java | 1 + 4 files changed, 74 insertions(+) create mode 100644 org.eclipse.jgit.lfs/src/org/eclipse/jgit/lfs/errors/LfsUnauthorized.java diff --git a/org.eclipse.jgit.lfs.server/src/org/eclipse/jgit/lfs/server/LfsProtocolServlet.java b/org.eclipse.jgit.lfs.server/src/org/eclipse/jgit/lfs/server/LfsProtocolServlet.java index 841074bee..0dffb8df0 100644 --- a/org.eclipse.jgit.lfs.server/src/org/eclipse/jgit/lfs/server/LfsProtocolServlet.java +++ b/org.eclipse.jgit.lfs.server/src/org/eclipse/jgit/lfs/server/LfsProtocolServlet.java @@ -49,6 +49,7 @@ import static org.apache.http.HttpStatus.SC_NOT_FOUND; import static org.apache.http.HttpStatus.SC_OK; import static org.apache.http.HttpStatus.SC_SERVICE_UNAVAILABLE; +import static org.apache.http.HttpStatus.SC_UNAUTHORIZED; import static org.apache.http.HttpStatus.SC_UNPROCESSABLE_ENTITY; import java.io.BufferedReader; @@ -71,6 +72,7 @@ import org.eclipse.jgit.lfs.errors.LfsRateLimitExceeded; import org.eclipse.jgit.lfs.errors.LfsRepositoryNotFound; import org.eclipse.jgit.lfs.errors.LfsRepositoryReadOnly; +import org.eclipse.jgit.lfs.errors.LfsUnauthorized; import org.eclipse.jgit.lfs.errors.LfsUnavailable; import org.eclipse.jgit.lfs.errors.LfsValidationError; @@ -201,6 +203,8 @@ protected void doPost(HttpServletRequest req, HttpServletResponse res) sendError(res, w, SC_INSUFFICIENT_STORAGE, e.getMessage()); } catch (LfsUnavailable e) { sendError(res, w, SC_SERVICE_UNAVAILABLE, e.getMessage()); + } catch (LfsUnauthorized e) { + sendError(res, w, SC_UNAUTHORIZED, e.getMessage()); } catch (LfsException e) { sendError(res, w, SC_INTERNAL_SERVER_ERROR, e.getMessage()); } finally { diff --git a/org.eclipse.jgit.lfs/resources/org/eclipse/jgit/lfs/internal/LfsText.properties b/org.eclipse.jgit.lfs/resources/org/eclipse/jgit/lfs/internal/LfsText.properties index 5e52a782f..aa089da11 100644 --- a/org.eclipse.jgit.lfs/resources/org/eclipse/jgit/lfs/internal/LfsText.properties +++ b/org.eclipse.jgit.lfs/resources/org/eclipse/jgit/lfs/internal/LfsText.properties @@ -7,3 +7,4 @@ requiredHashFunctionNotAvailable=Required hash function {0} not available. repositoryNotFound=Repository {0} not found repositoryReadOnly=Repository {0} is read-only lfsUnavailable=LFS is not available for repository {0} +lfsUnathorized=Not authorized to perform operation {0} on repository {1} diff --git a/org.eclipse.jgit.lfs/src/org/eclipse/jgit/lfs/errors/LfsUnauthorized.java b/org.eclipse.jgit.lfs/src/org/eclipse/jgit/lfs/errors/LfsUnauthorized.java new file mode 100644 index 000000000..62b0cde4c --- /dev/null +++ b/org.eclipse.jgit.lfs/src/org/eclipse/jgit/lfs/errors/LfsUnauthorized.java @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2017, David Pursehouse + * and other copyright owners as documented in the project's IP log. + * + * This program and the accompanying materials are made available + * under the terms of the Eclipse Distribution License v1.0 which + * accompanies this distribution, is reproduced below, and is + * available at http://www.eclipse.org/org/documents/edl-v10.php + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * - Neither the name of the Eclipse Foundation, Inc. nor the + * names of its contributors may be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +package org.eclipse.jgit.lfs.errors; + +import java.text.MessageFormat; + +import org.eclipse.jgit.lfs.internal.LfsText; + +/** + * Thrown when authorization was refused for an LFS operation. + * + * @since 4.7 + */ +public class LfsUnauthorized extends LfsException { + private static final long serialVersionUID = 1L; + + /** + * @param operation + * the operation that was attempted. + * @param name + * the repository name. + */ + public LfsUnauthorized(String operation, String name) { + super(MessageFormat.format(LfsText.get().lfsUnathorized, operation, + name)); + } +} diff --git a/org.eclipse.jgit.lfs/src/org/eclipse/jgit/lfs/internal/LfsText.java b/org.eclipse.jgit.lfs/src/org/eclipse/jgit/lfs/internal/LfsText.java index c76df3935..4260fcd0c 100644 --- a/org.eclipse.jgit.lfs/src/org/eclipse/jgit/lfs/internal/LfsText.java +++ b/org.eclipse.jgit.lfs/src/org/eclipse/jgit/lfs/internal/LfsText.java @@ -67,4 +67,5 @@ public static LfsText get() { /***/ public String repositoryNotFound; /***/ public String repositoryReadOnly; /***/ public String lfsUnavailable; + /***/ public String lfsUnathorized; }