Google Git
Sign in
gerrit/plugins/gitiles/refs/heads/master^!/.
commit
8c220bff6dd6a9b14f7c96487b3a904433d4599a
[log] [tgz]
author
Wendy <wendy.wang10@sap.com>
Wed Dec 10 12:49:07 2025 -0500
committer
Wendy Wang <wendy.wang10@sap.com>
Fri Dec 12 08:57:17 2025 -0800
tree
2b1017486ef8e3717cac2203be6c29ea7f7063b9
parent
e3ecc5066a5710ffe06b370c3d284f6cdd363c2c [diff]
Redirect anonymous users without read access to login

Trigger login redirection for anonymous users who attempt to
access a project they cannot read, including requests for
non-existent projects to avoid leaking project existence.

Change-Id: I5b53ad4ee03882c122c8bf59ba8f6dd9c674d440

diff --git a/src/main/java/com/googlesource/gerrit/plugins/gitiles/FilteredRepository.java b/src/main/java/com/googlesource/gerrit/plugins/gitiles/FilteredRepository.java
index f1b8b36..6e320b3 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/gitiles/FilteredRepository.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/gitiles/FilteredRepository.java

@@ -69,17 +69,30 @@
     }
 
     FilteredRepository create(Project.NameKey name)
-        throws NoSuchProjectException, IOException, PermissionBackendException {
+        throws NoSuchProjectException,
+            LoginRedirectRequiredException,
+            IOException,
+            PermissionBackendException {
       Optional<ProjectState> projectState = projectCache.get(name);
-      if (!projectState.isPresent() || !projectState.get().statePermitsRead()) {
-        throw new NoSuchProjectException(name);
-      }
-      try {
-        permissionBackend.currentUser().project(name).check(ProjectPermission.ACCESS);
-      } catch (AuthException e) {
-        throw new NoSuchProjectException(name, e);
-      } catch (PermissionBackendException e) {
-        throw new ServiceMayNotContinueException(e);
+      if (userProvider.get() == null || !userProvider.get().isIdentifiedUser()) {
+        // If the user is an anonymous user and the project is not visible to anonymous
+        // users, redirect the user to login.
+        try {
+          permissionBackend.currentUser().project(name).check(ProjectPermission.ACCESS);
+        } catch (Exception e) {
+          throw new LoginRedirectRequiredException(e);
+        }
+      } else {
+        if (!projectState.isPresent() || !projectState.get().statePermitsRead()) {
+          throw new NoSuchProjectException(name);
+        }
+        try {
+          permissionBackend.currentUser().project(name).check(ProjectPermission.ACCESS);
+        } catch (AuthException e) {
+          throw new NoSuchProjectException(name, e);
+        } catch (PermissionBackendException e) {
+          throw new ServiceMayNotContinueException(e);
+        }
       }
       return new FilteredRepository(
           projectState.get(),

diff --git a/src/main/java/com/googlesource/gerrit/plugins/gitiles/HttpModule.java b/src/main/java/com/googlesource/gerrit/plugins/gitiles/HttpModule.java
index 3d8d8da..7e8ce3f 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/gitiles/HttpModule.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/gitiles/HttpModule.java

@@ -89,6 +89,9 @@
 
   @Override
   protected void configureServlets() {
+    // Filter unauthenticated users to login page as needed
+    filter("/*").through(LoginRedirectErrorHandler.class);
+
     // Filter all paths so we can decode escaped entities in the URI
     filter("/*").through(createPathFilter());
     filter("/*").through(new MenuFilter(userProvider, urls));

diff --git a/src/main/java/com/googlesource/gerrit/plugins/gitiles/LoginRedirectErrorHandler.java b/src/main/java/com/googlesource/gerrit/plugins/gitiles/LoginRedirectErrorHandler.java
new file mode 100644
index 0000000..b2bb99f
--- /dev/null
+++ b/src/main/java/com/googlesource/gerrit/plugins/gitiles/LoginRedirectErrorHandler.java

@@ -0,0 +1,58 @@
+// Copyright (C) 2025 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.plugins.gitiles;
+
+import com.google.gitiles.GitilesUrls;
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+import java.io.IOException;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@Singleton
+public class LoginRedirectErrorHandler implements Filter {
+  private final GitilesUrls urls;
+
+  @Inject
+  LoginRedirectErrorHandler(GitilesUrls urls) {
+    this.urls = urls;
+  }
+
+  @Override
+  public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+      throws IOException, ServletException {
+    HttpServletRequest httpReq = (HttpServletRequest) req;
+    HttpServletResponse httpRes = (HttpServletResponse) res;
+
+    try {
+      chain.doFilter(req, res);
+    } catch (LoginRedirectRequiredException e) {
+      String loginUrl = LoginRedirectUtil.getLoginRedirectUrl(httpReq, urls);
+      httpRes.sendRedirect(loginUrl);
+    }
+  }
+
+  @Override
+  public void init(FilterConfig cfg) throws ServletException {}
+
+  @Override
+  public void destroy() {}
+}

diff --git a/src/main/java/com/googlesource/gerrit/plugins/gitiles/LoginRedirectRequiredException.java b/src/main/java/com/googlesource/gerrit/plugins/gitiles/LoginRedirectRequiredException.java
new file mode 100644
index 0000000..0315eb6
--- /dev/null
+++ b/src/main/java/com/googlesource/gerrit/plugins/gitiles/LoginRedirectRequiredException.java

@@ -0,0 +1,23 @@
+// Copyright (C) 2025 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.plugins.gitiles;
+
+public class LoginRedirectRequiredException extends RuntimeException {
+  public LoginRedirectRequiredException() {}
+
+  public LoginRedirectRequiredException(Throwable cause) {
+    super(cause);
+  }
+}

diff --git a/src/main/java/com/googlesource/gerrit/plugins/gitiles/Resolver.java b/src/main/java/com/googlesource/gerrit/plugins/gitiles/Resolver.java
index 825cc60..cb49d10 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/gitiles/Resolver.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/gitiles/Resolver.java

@@ -66,9 +66,6 @@
       if (userProvider.get().isIdentifiedUser()) {
         throw new RepositoryNotFoundException(name, e);
       }
-      // Allow anonymous users a chance to login.
-      // Avoid leaking information by not distinguishing between
-      // project not existing and no access rights.
       throw new ServiceNotAuthorizedException();
     } catch (IOException | PermissionBackendException e) {
       ServiceMayNotContinueException err =

diff --git a/src/test/java/com/googlesource/gerrit/plugins/gitiles/RepositoryResolverAccessTest.java b/src/test/java/com/googlesource/gerrit/plugins/gitiles/RepositoryResolverAccessTest.java
index a1cf436..855ffb8 100644
--- a/src/test/java/com/googlesource/gerrit/plugins/gitiles/RepositoryResolverAccessTest.java
+++ b/src/test/java/com/googlesource/gerrit/plugins/gitiles/RepositoryResolverAccessTest.java

@@ -79,7 +79,6 @@
   public void resolveRepository_repositoryVisibilityIsRespected() throws Exception {
     projectOperations.allProjectsForUpdate().removeAllAccessSections().update();
     projectOperations.newProject().name("visible").create();
-    projectOperations.newProject().name("invisible").create();
     projectOperations
         .project(Project.nameKey("visible"))
         .forUpdate()
@@ -93,8 +92,19 @@
     RepositoryNotFoundException ex =
         assertThrows(
             RepositoryNotFoundException.class,
-            () -> resolver().open(new FakeHttpServletRequest(), "invisible"));
-    assertThat(ex).hasMessageThat().contains("repository not found: invisible");
+            () -> resolver().open(new FakeHttpServletRequest(), "nonexistent"));
+    assertThat(ex).hasMessageThat().contains("repository not found: nonexistent");
+  }
+
+  @Test
+  public void resolveRepository_anonymousUserRedirectedToLogin() throws Exception {
+    projectOperations.allProjectsForUpdate().removeAllAccessSections().update();
+    projectOperations.newProject().name("invisible").create();
+    requestScopeOperations.setApiUserAnonymous();
+
+    assertThrows(
+        LoginRedirectRequiredException.class,
+        () -> resolver().open(new FakeHttpServletRequest(), project.get()));
   }
 
   private Resolver resolver() {