Add support for refusing LFS request due to invalid authorization
Add a new exception type that server implementations can throw when a client attempts to make an unauthorized LFS operation, which will result in HTTP 401 Unauthorized being returned to the client. An example of this is a Gerrit server that rejects a request to perform an LFS operation on a ref that is not visible to the caller. As defined in the LFS spec [1] the request may include authentication, and per RFC 2616 [2], "401 response indicates that authorization has been refused for those credentials". [1] https://github.com/git-lfs/git-lfs/blob/master/docs/api/batch.md [2] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html Change-Id: I2aa22e2144df5fb7972df0e3285b77b08ecc63f2 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
This commit is contained in:
parent
0e187f1484
commit
7245aa0316
|
@ -49,6 +49,7 @@
|
|||
import static org.apache.http.HttpStatus.SC_NOT_FOUND;
|
||||
import static org.apache.http.HttpStatus.SC_OK;
|
||||
import static org.apache.http.HttpStatus.SC_SERVICE_UNAVAILABLE;
|
||||
import static org.apache.http.HttpStatus.SC_UNAUTHORIZED;
|
||||
import static org.apache.http.HttpStatus.SC_UNPROCESSABLE_ENTITY;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
|
@ -71,6 +72,7 @@
|
|||
import org.eclipse.jgit.lfs.errors.LfsRateLimitExceeded;
|
||||
import org.eclipse.jgit.lfs.errors.LfsRepositoryNotFound;
|
||||
import org.eclipse.jgit.lfs.errors.LfsRepositoryReadOnly;
|
||||
import org.eclipse.jgit.lfs.errors.LfsUnauthorized;
|
||||
import org.eclipse.jgit.lfs.errors.LfsUnavailable;
|
||||
import org.eclipse.jgit.lfs.errors.LfsValidationError;
|
||||
|
||||
|
@ -201,6 +203,8 @@ protected void doPost(HttpServletRequest req, HttpServletResponse res)
|
|||
sendError(res, w, SC_INSUFFICIENT_STORAGE, e.getMessage());
|
||||
} catch (LfsUnavailable e) {
|
||||
sendError(res, w, SC_SERVICE_UNAVAILABLE, e.getMessage());
|
||||
} catch (LfsUnauthorized e) {
|
||||
sendError(res, w, SC_UNAUTHORIZED, e.getMessage());
|
||||
} catch (LfsException e) {
|
||||
sendError(res, w, SC_INTERNAL_SERVER_ERROR, e.getMessage());
|
||||
} finally {
|
||||
|
|
|
@ -7,3 +7,4 @@ requiredHashFunctionNotAvailable=Required hash function {0} not available.
|
|||
repositoryNotFound=Repository {0} not found
|
||||
repositoryReadOnly=Repository {0} is read-only
|
||||
lfsUnavailable=LFS is not available for repository {0}
|
||||
lfsUnathorized=Not authorized to perform operation {0} on repository {1}
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
/*
|
||||
* Copyright (C) 2017, David Pursehouse <david.pursehouse@gmail.com>
|
||||
* and other copyright owners as documented in the project's IP log.
|
||||
*
|
||||
* This program and the accompanying materials are made available
|
||||
* under the terms of the Eclipse Distribution License v1.0 which
|
||||
* accompanies this distribution, is reproduced below, and is
|
||||
* available at http://www.eclipse.org/org/documents/edl-v10.php
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or
|
||||
* without modification, are permitted provided that the following
|
||||
* conditions are met:
|
||||
*
|
||||
* - Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* - Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* - Neither the name of the Eclipse Foundation, Inc. nor the
|
||||
* names of its contributors may be used to endorse or promote
|
||||
* products derived from this software without specific prior
|
||||
* written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
|
||||
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
package org.eclipse.jgit.lfs.errors;
|
||||
|
||||
import java.text.MessageFormat;
|
||||
|
||||
import org.eclipse.jgit.lfs.internal.LfsText;
|
||||
|
||||
/**
|
||||
* Thrown when authorization was refused for an LFS operation.
|
||||
*
|
||||
* @since 4.7
|
||||
*/
|
||||
public class LfsUnauthorized extends LfsException {
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
* @param operation
|
||||
* the operation that was attempted.
|
||||
* @param name
|
||||
* the repository name.
|
||||
*/
|
||||
public LfsUnauthorized(String operation, String name) {
|
||||
super(MessageFormat.format(LfsText.get().lfsUnathorized, operation,
|
||||
name));
|
||||
}
|
||||
}
|
|
@ -67,4 +67,5 @@ public static LfsText get() {
|
|||
/***/ public String repositoryNotFound;
|
||||
/***/ public String repositoryReadOnly;
|
||||
/***/ public String lfsUnavailable;
|
||||
/***/ public String lfsUnathorized;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue