Add support for refusing LFS request due to invalid authorization
Add a new exception type that server implementations can throw when a client attempts to make an unauthorized LFS operation, which will result in HTTP 401 Unauthorized being returned to the client. An example of this is a Gerrit server that rejects a request to perform an LFS operation on a ref that is not visible to the caller. As defined in the LFS spec [1] the request may include authentication, and per RFC 2616 [2], "401 response indicates that authorization has been refused for those credentials". [1] https://github.com/git-lfs/git-lfs/blob/master/docs/api/batch.md [2] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html Change-Id: I2aa22e2144df5fb7972df0e3285b77b08ecc63f2 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
This commit is contained in:
parent
0e187f1484
commit
7245aa0316
|
@ -49,6 +49,7 @@
|
||||||
import static org.apache.http.HttpStatus.SC_NOT_FOUND;
|
import static org.apache.http.HttpStatus.SC_NOT_FOUND;
|
||||||
import static org.apache.http.HttpStatus.SC_OK;
|
import static org.apache.http.HttpStatus.SC_OK;
|
||||||
import static org.apache.http.HttpStatus.SC_SERVICE_UNAVAILABLE;
|
import static org.apache.http.HttpStatus.SC_SERVICE_UNAVAILABLE;
|
||||||
|
import static org.apache.http.HttpStatus.SC_UNAUTHORIZED;
|
||||||
import static org.apache.http.HttpStatus.SC_UNPROCESSABLE_ENTITY;
|
import static org.apache.http.HttpStatus.SC_UNPROCESSABLE_ENTITY;
|
||||||
|
|
||||||
import java.io.BufferedReader;
|
import java.io.BufferedReader;
|
||||||
|
@ -71,6 +72,7 @@
|
||||||
import org.eclipse.jgit.lfs.errors.LfsRateLimitExceeded;
|
import org.eclipse.jgit.lfs.errors.LfsRateLimitExceeded;
|
||||||
import org.eclipse.jgit.lfs.errors.LfsRepositoryNotFound;
|
import org.eclipse.jgit.lfs.errors.LfsRepositoryNotFound;
|
||||||
import org.eclipse.jgit.lfs.errors.LfsRepositoryReadOnly;
|
import org.eclipse.jgit.lfs.errors.LfsRepositoryReadOnly;
|
||||||
|
import org.eclipse.jgit.lfs.errors.LfsUnauthorized;
|
||||||
import org.eclipse.jgit.lfs.errors.LfsUnavailable;
|
import org.eclipse.jgit.lfs.errors.LfsUnavailable;
|
||||||
import org.eclipse.jgit.lfs.errors.LfsValidationError;
|
import org.eclipse.jgit.lfs.errors.LfsValidationError;
|
||||||
|
|
||||||
|
@ -201,6 +203,8 @@ protected void doPost(HttpServletRequest req, HttpServletResponse res)
|
||||||
sendError(res, w, SC_INSUFFICIENT_STORAGE, e.getMessage());
|
sendError(res, w, SC_INSUFFICIENT_STORAGE, e.getMessage());
|
||||||
} catch (LfsUnavailable e) {
|
} catch (LfsUnavailable e) {
|
||||||
sendError(res, w, SC_SERVICE_UNAVAILABLE, e.getMessage());
|
sendError(res, w, SC_SERVICE_UNAVAILABLE, e.getMessage());
|
||||||
|
} catch (LfsUnauthorized e) {
|
||||||
|
sendError(res, w, SC_UNAUTHORIZED, e.getMessage());
|
||||||
} catch (LfsException e) {
|
} catch (LfsException e) {
|
||||||
sendError(res, w, SC_INTERNAL_SERVER_ERROR, e.getMessage());
|
sendError(res, w, SC_INTERNAL_SERVER_ERROR, e.getMessage());
|
||||||
} finally {
|
} finally {
|
||||||
|
|
|
@ -7,3 +7,4 @@ requiredHashFunctionNotAvailable=Required hash function {0} not available.
|
||||||
repositoryNotFound=Repository {0} not found
|
repositoryNotFound=Repository {0} not found
|
||||||
repositoryReadOnly=Repository {0} is read-only
|
repositoryReadOnly=Repository {0} is read-only
|
||||||
lfsUnavailable=LFS is not available for repository {0}
|
lfsUnavailable=LFS is not available for repository {0}
|
||||||
|
lfsUnathorized=Not authorized to perform operation {0} on repository {1}
|
||||||
|
|
|
@ -0,0 +1,68 @@
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2017, David Pursehouse <david.pursehouse@gmail.com>
|
||||||
|
* and other copyright owners as documented in the project's IP log.
|
||||||
|
*
|
||||||
|
* This program and the accompanying materials are made available
|
||||||
|
* under the terms of the Eclipse Distribution License v1.0 which
|
||||||
|
* accompanies this distribution, is reproduced below, and is
|
||||||
|
* available at http://www.eclipse.org/org/documents/edl-v10.php
|
||||||
|
*
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or
|
||||||
|
* without modification, are permitted provided that the following
|
||||||
|
* conditions are met:
|
||||||
|
*
|
||||||
|
* - Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* - Redistributions in binary form must reproduce the above
|
||||||
|
* copyright notice, this list of conditions and the following
|
||||||
|
* disclaimer in the documentation and/or other materials provided
|
||||||
|
* with the distribution.
|
||||||
|
*
|
||||||
|
* - Neither the name of the Eclipse Foundation, Inc. nor the
|
||||||
|
* names of its contributors may be used to endorse or promote
|
||||||
|
* products derived from this software without specific prior
|
||||||
|
* written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
|
||||||
|
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||||
|
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||||
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||||
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||||
|
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||||
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||||
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||||
|
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||||
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||||
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||||
|
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.eclipse.jgit.lfs.errors;
|
||||||
|
|
||||||
|
import java.text.MessageFormat;
|
||||||
|
|
||||||
|
import org.eclipse.jgit.lfs.internal.LfsText;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Thrown when authorization was refused for an LFS operation.
|
||||||
|
*
|
||||||
|
* @since 4.7
|
||||||
|
*/
|
||||||
|
public class LfsUnauthorized extends LfsException {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param operation
|
||||||
|
* the operation that was attempted.
|
||||||
|
* @param name
|
||||||
|
* the repository name.
|
||||||
|
*/
|
||||||
|
public LfsUnauthorized(String operation, String name) {
|
||||||
|
super(MessageFormat.format(LfsText.get().lfsUnathorized, operation,
|
||||||
|
name));
|
||||||
|
}
|
||||||
|
}
|
|
@ -67,4 +67,5 @@ public static LfsText get() {
|
||||||
/***/ public String repositoryNotFound;
|
/***/ public String repositoryNotFound;
|
||||||
/***/ public String repositoryReadOnly;
|
/***/ public String repositoryReadOnly;
|
||||||
/***/ public String lfsUnavailable;
|
/***/ public String lfsUnavailable;
|
||||||
|
/***/ public String lfsUnathorized;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue