Add an Apache htpasswd user service

Add a new class, HtpasswdUserService, which performs authentication
against a text file created with the Apache 'htpasswd' program.

Added dependency on commons-codec:1.7

.classpath

@@ -46,6 +46,7 @@
 	<classpathentry kind="lib" path="ext/jna-3.5.0.jar" sourcepath="ext/src/jna-3.5.0.jar" />
 	<classpathentry kind="lib" path="ext/guava-13.0.1.jar" sourcepath="ext/src/guava-13.0.1.jar" />
 	<classpathentry kind="lib" path="ext/libpam4j-1.7.jar" sourcepath="ext/src/libpam4j-1.7.jar" />
+	<classpathentry kind="lib" path="ext/commons-codec-1.7.jar" sourcepath="ext/src/commons-codec-1.7.jar" />
 	<classpathentry kind="lib" path="ext/junit-4.11.jar" sourcepath="ext/src/junit-4.11.jar" />
 	<classpathentry kind="lib" path="ext/hamcrest-core-1.3.jar" sourcepath="ext/src/hamcrest-core-1.3.jar" />
 	<classpathentry kind="lib" path="ext/selenium-java-2.28.0.jar" sourcepath="ext/src/selenium-java-2.28.0.jar" />
@@ -58,7 +59,6 @@
 	<classpathentry kind="lib" path="ext/httpclient-4.2.1.jar" sourcepath="ext/src/httpclient-4.2.1.jar" />
 	<classpathentry kind="lib" path="ext/httpcore-4.2.1.jar" sourcepath="ext/src/httpcore-4.2.1.jar" />
 	<classpathentry kind="lib" path="ext/commons-logging-1.1.1.jar" sourcepath="ext/src/commons-logging-1.1.1.jar" />
-	<classpathentry kind="lib" path="ext/commons-codec-1.6.jar" sourcepath="ext/src/commons-codec-1.6.jar" />
 	<classpathentry kind="lib" path="ext/commons-exec-1.1.jar" sourcepath="ext/src/commons-exec-1.1.jar" />
 	<classpathentry kind="lib" path="ext/commons-io-2.2.jar" sourcepath="ext/src/commons-io-2.2.jar" />
 	<classpathentry kind="output" path="bin/classes" />

NOTICE

@@ -310,4 +310,12 @@ libpam4j
    MIT license.
 
    https://github.com/kohsuke/libpam4j
-
+
+---------------------------------------------------------------------------
+commons-codec
+---------------------------------------------------------------------------
+   commons-codec, release under the
+   Apache License 2.0.
+
+   http://commons.apache.org/proper/commons-codec
+

build.moxie

@@ -152,6 +152,7 @@ dependencies:
 - compile 'org.freemarker:freemarker:2.3.19' :war
 - compile 'com.github.dblock.waffle:waffle-jna:1.5' :war
 - compile 'org.kohsuke:libpam4j:1.7' :war
+- compile 'commons-codec:commons-codec:1.7' :war
 - test 'junit'
 # Dependencies for Selenium web page testing
 - test 'org.seleniumhq.selenium:selenium-java:${selenium.version}' @jar

gitblit.iml

@@ -479,6 +479,17 @@
         </SOURCES>
       </library>
     </orderEntry>
+    <orderEntry type="module-library">
+      <library name="commons-codec-1.7.jar">
+        <CLASSES>
+          <root url="jar://$MODULE_DIR$/ext/commons-codec-1.7.jar!/" />
+        </CLASSES>
+        <JAVADOC />
+        <SOURCES>
+          <root url="jar://$MODULE_DIR$/ext/src/commons-codec-1.7.jar!/" />
+        </SOURCES>
+      </library>
+    </orderEntry>
     <orderEntry type="module-library" scope="TEST">
       <library name="junit-4.11.jar">
         <CLASSES>
@@ -611,17 +622,6 @@
         </SOURCES>
       </library>
     </orderEntry>
-    <orderEntry type="module-library" scope="TEST">
-      <library name="commons-codec-1.6.jar">
-        <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/commons-codec-1.6.jar!/" />
-        </CLASSES>
-        <JAVADOC />
-        <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/commons-codec-1.6.jar!/" />
-        </SOURCES>
-      </library>
-    </orderEntry>
     <orderEntry type="module-library" scope="TEST">
       <library name="commons-exec-1.1.jar">
         <CLASSES>

releases.moxie

@@ -20,13 +20,18 @@ r19: {
     changes: ~
     additions:
     - Add setting for maximum number of days of activity to that may be requested
-    dependencyChanges: ~
+    - Added HtpasswdUserService to authenticate users against an htpasswd file
+    dependencyChanges:
+    - Added commons-codec 1.7
     contributors:
     - github/guriguri
     - Doug Ayers
     - Ori Livneh
+    - Florian Zschocke
     settings:
     - { name: 'web.activityDurationMaximum', defaultValue: 30 }
+    - { name: 'realm.htpasswd.userFile', defaultValue: '${baseFolder}/htpasswd' }
+    - { name: 'realm.htpasswd.overrideLocalAuthentication', defaultValue: 'false' }
 }
 
 #

src/main/distrib/data/gitblit.properties

@@ -502,6 +502,7 @@ web.projectsFile = ${baseFolder}/projects.conf
 #    com.gitblit.SalesforceUserService
 #    com.gitblit.WindowsUserService
 #    com.gitblit.PAMUserService
+#    com.gitblit.HtpasswdUserService
 #
 # Any custom user service implementation must have a public default constructor.
 #
@@ -1233,6 +1234,38 @@ realm.pam.backingUserService = ${baseFolder}/users.conf
 # SINCE 1.3.1
 realm.pam.serviceName = system-auth
 
+# The HtpasswdUserService must be backed by another user service for standard user
+# and team management and attributes. This can be one of the local Gitblit user services.
+# default: users.conf
+#
+# RESTART REQUIRED
+# BASEFOLDER
+# SINCE 1.3.2
+realm.htpasswd.backingUserService = ${baseFolder}/users.conf
+
+# The Apache htpasswd file that contains the users and passwords.
+# default: ${baseFolder}/htpasswd
+#
+# RESTART REQUIRED
+# BASEFOLDER
+# SINCE 1.3.2
+realm.htpasswd.userfile = ${baseFolder}/htpasswd
+
+#  Determines how accounts are looked up upon login.
+#
+# If set to false, then authentication for local accounts is done against
+# the backing user service.
+# If set to true, then authentication will first be checked against the
+# htpasswd store, even if the account appears as a local account in the
+# backing user service. If the user is found in the htpasswd store, then
+# an already existing local account will be turned into an external account.
+# In this case an initial local password is never used and gets overwritten
+# by the externally stored password upon login.
+# default: false
+#
+# SINCE 1.3.2
+realm.htpasswd.overrideLocalAuthentication = false
+
 # The SalesforceUserService must be backed by another user service for standard user
 # and team management.
 # default: users.conf

src/main/java/com/gitblit/Constants.java

@@ -480,7 +480,7 @@ public boolean isStandard() {
 	}
 
 	public static enum AccountType {
-		LOCAL, EXTERNAL, LDAP, REDMINE, SALESFORCE, WINDOWS, PAM;
+		LOCAL, EXTERNAL, LDAP, REDMINE, SALESFORCE, WINDOWS, PAM, HTPASSWD;
 
 		public boolean isLocal() {
 			return this == LOCAL;