LCOV - code coverage report
Current view: top level - httpd - XsrfCookieFilter.java (source / functions) Hit Total Coverage
Test: _coverage_report.dat Lines: 0 24 0.0 %
Date: 2022-11-19 15:00:39 Functions: 0 6 0.0 % 

          Line data    Source code
       1             : // Copyright (C) 2015 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.httpd;
      16             : 
      17             : import static com.google.common.base.Strings.nullToEmpty;
      18             : 
      19             : import com.google.gerrit.extensions.registration.DynamicItem;
      20             : import com.google.gerrit.server.CurrentUser;
      21             : import com.google.gerrit.server.config.AuthConfig;
      22             : import com.google.inject.Inject;
      23             : import com.google.inject.Provider;
      24             : import com.google.inject.Singleton;
      25             : import java.io.IOException;
      26             : import javax.servlet.Filter;
      27             : import javax.servlet.FilterChain;
      28             : import javax.servlet.FilterConfig;
      29             : import javax.servlet.ServletException;
      30             : import javax.servlet.ServletRequest;
      31             : import javax.servlet.ServletResponse;
      32             : import javax.servlet.http.Cookie;
      33             : import javax.servlet.http.HttpServletRequest;
      34             : import javax.servlet.http.HttpServletResponse;
      35             : import org.eclipse.jgit.http.server.GitSmartHttpTools;
      36             : 
      37             : @Singleton
      38             : public class XsrfCookieFilter implements Filter {
      39             :   private final Provider<CurrentUser> user;
      40             :   private final DynamicItem<WebSession> session;
      41             :   private final AuthConfig authConfig;
      42             : 
      43             :   @Inject
      44             :   XsrfCookieFilter(
      45           0 :       Provider<CurrentUser> user, DynamicItem<WebSession> session, AuthConfig authConfig) {
      46           0 :     this.user = user;
      47           0 :     this.session = session;
      48           0 :     this.authConfig = authConfig;
      49           0 :   }
      50             : 
      51             :   @Override
      52             :   public void doFilter(ServletRequest req, ServletResponse rsp, FilterChain chain)
      53             :       throws IOException, ServletException {
      54           0 :     HttpServletRequest httpRequest = (HttpServletRequest) req;
      55           0 :     if (!GitSmartHttpTools.isGitClient(httpRequest)) {
      56           0 :       WebSession s = user.get().isIdentifiedUser() ? session.get() : null;
      57           0 :       setXsrfTokenCookie(httpRequest, (HttpServletResponse) rsp, s);
      58             :     }
      59           0 :     chain.doFilter(req, rsp);
      60           0 :   }
      61             : 
      62             :   private void setXsrfTokenCookie(
      63             :       HttpServletRequest req, HttpServletResponse rsp, WebSession session) {
      64           0 :     String v = session != null ? session.getXGerritAuth() : null;
      65           0 :     Cookie c = new Cookie(XsrfConstants.XSRF_COOKIE_NAME, nullToEmpty(v));
      66           0 :     c.setPath("/");
      67           0 :     c.setSecure(authConfig.getCookieSecure() && isSecure(req));
      68           0 :     c.setMaxAge(
      69           0 :         v != null
      70           0 :             ? -1 // Set the cookie for this browser session.
      71           0 :             : 0); // Remove the cookie (expire immediately).
      72           0 :     rsp.addCookie(c);
      73           0 :   }
      74             : 
      75             :   private boolean isSecure(HttpServletRequest req) {
      76           0 :     return req.isSecure() || "https".equals(req.getScheme());
      77             :   }
      78             : 
      79             :   @Override
      80           0 :   public void init(FilterConfig config) {}
      81             : 
      82             :   @Override
      83           0 :   public void destroy() {}
      84             : }

Generated by: LCOV version 1.16+git.20220603.dfeb750