From 5bf0be607a6d373008bf1cce416b5a91e807b077 Mon Sep 17 00:00:00 2001 From: jingquan huang Date: Sat, 22 Jun 2019 10:52:08 +0800 Subject: [PATCH 1/5] git request --- app/controllers/gits_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/gits_controller.rb b/app/controllers/gits_controller.rb index 778963f6e..4351bf602 100644 --- a/app/controllers/gits_controller.rb +++ b/app/controllers/gits_controller.rb @@ -4,6 +4,7 @@ class GitsController < ApplicationController def auth # HTTP_AUTHORIZATION: "Basic 这里base64编码的的密码(user:passwd)" logger.info("11111112222223333#{request.env["HTTP_AUTHORIZATION"]}") + logger.info("11111112222223333: request is #{request}") #logger.info("#########-----request_env: #{request.env}") # {"service"=>"git-receive-pack", "controller"=>"gits", "action"=>"auth", # "url"=>"forge01/cermyt39.git/info/refs"} From d9001276227bc6ec184b5bb11eca9896b1ce6b93 Mon Sep 17 00:00:00 2001 From: jingquan huang Date: Sat, 22 Jun 2019 10:59:18 +0800 Subject: [PATCH 2/5] =?UTF-8?q?=E5=88=A0=E9=99=A4=E9=87=8D=E5=A4=8D?= =?UTF-8?q?=E7=9A=84=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/shixuns_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/shixuns_controller.rb b/app/controllers/shixuns_controller.rb index 165b570fc..6dfa94252 100644 --- a/app/controllers/shixuns_controller.rb +++ b/app/controllers/shixuns_controller.rb @@ -715,7 +715,7 @@ private return end - if !current_user.shixun_permission(@shixun) || (@shixun.status == -1 && !current_user.admin?) + if !current_user.shixun_permission(@shixun) tip_exception(403, "..") end end From 709fbcda0437a6c6086a579034f5bf5d63634d97 Mon Sep 17 00:00:00 2001 From: jingquan huang Date: Sat, 22 Jun 2019 11:03:35 +0800 Subject: [PATCH 3/5] http auth --- app/controllers/gits_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/gits_controller.rb b/app/controllers/gits_controller.rb index 4351bf602..92451d655 100644 --- a/app/controllers/gits_controller.rb +++ b/app/controllers/gits_controller.rb @@ -4,7 +4,7 @@ class GitsController < ApplicationController def auth # HTTP_AUTHORIZATION: "Basic 这里base64编码的的密码(user:passwd)" logger.info("11111112222223333#{request.env["HTTP_AUTHORIZATION"]}") - logger.info("11111112222223333: request is #{request}") + logger.info("11111112222223333: request is #{request.env}") #logger.info("#########-----request_env: #{request.env}") # {"service"=>"git-receive-pack", "controller"=>"gits", "action"=>"auth", # "url"=>"forge01/cermyt39.git/info/refs"} From eee76b604ee2a7a1a85351ce6527ef7f7910e943 Mon Sep 17 00:00:00 2001 From: jingquan huang Date: Sat, 22 Jun 2019 11:10:28 +0800 Subject: [PATCH 4/5] git passsword --- app/controllers/gits_controller.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/controllers/gits_controller.rb b/app/controllers/gits_controller.rb index 92451d655..e5d33acab 100644 --- a/app/controllers/gits_controller.rb +++ b/app/controllers/gits_controller.rb @@ -3,7 +3,7 @@ class GitsController < ApplicationController #供git-workhorse反向调用认证 def auth # HTTP_AUTHORIZATION: "Basic 这里base64编码的的密码(user:passwd)" - logger.info("11111112222223333#{request.env["HTTP_AUTHORIZATION"]}") + logger.info("11111112222223333 HTTP_AUTHORIZATION: #{request.env["HTTP_AUTHORIZATION"]}") logger.info("11111112222223333: request is #{request.env}") #logger.info("#########-----request_env: #{request.env}") # {"service"=>"git-receive-pack", "controller"=>"gits", "action"=>"auth", @@ -20,7 +20,9 @@ class GitsController < ApplicationController uid_logger("git start auth: input_username is #{input_username}") # Git 超级权限用户 + logger.info("666666666: a: #{input_username}, b: #{gituser}, c #{input_password} , d #{gitpassword}}") if input_username == gituser && input_password == gitpassword + result = true else # 用户是否对对象拥有权限 From 283ee9e5398c8bbb9bd3ad94027af6893bfa8a45 Mon Sep 17 00:00:00 2001 From: jingquan huang Date: Sat, 22 Jun 2019 11:13:38 +0800 Subject: [PATCH 5/5] git usrname strip --- app/controllers/gits_controller.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/app/controllers/gits_controller.rb b/app/controllers/gits_controller.rb index e5d33acab..4064f0f99 100644 --- a/app/controllers/gits_controller.rb +++ b/app/controllers/gits_controller.rb @@ -20,9 +20,7 @@ class GitsController < ApplicationController uid_logger("git start auth: input_username is #{input_username}") # Git 超级权限用户 - logger.info("666666666: a: #{input_username}, b: #{gituser}, c #{input_password} , d #{gitpassword}}") - if input_username == gituser && input_password == gitpassword - + if input_username.strip == gituser.strip && input_password.strip == gitpassword.strip result = true else # 用户是否对对象拥有权限