From cf9bb2699fa146514b219e1fd3dce6e367f274ce Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 20 Dec 2009 09:44:28 +0000
Subject: [PATCH] Adds on optional API key to repositories management
 controller and reposman.rb.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3201 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/sys_controller.rb      |  4 ++--
 app/views/settings/_repositories.rhtml | 10 +++++++++-
 config/settings.yml                    |  2 ++
 extra/svn/reposman.rb                  | 27 ++++++++++++++++----------
 test/functional/sys_controller_test.rb | 21 ++++++++++++++++++++
 5 files changed, 51 insertions(+), 13 deletions(-)

diff --git a/app/controllers/sys_controller.rb b/app/controllers/sys_controller.rb
index 5e74192a9..be88eb232 100644
--- a/app/controllers/sys_controller.rb
+++ b/app/controllers/sys_controller.rb
@@ -59,8 +59,8 @@ class SysController < ActionController::Base
 
   def check_enabled
     User.current = nil
-    unless Setting.sys_api_enabled?
-      render :nothing => 'Access denied. Repository management WS is disabled.', :status => 403
+    unless Setting.sys_api_enabled? && params[:key].to_s == Setting.sys_api_key
+      render :text => 'Access denied. Repository management WS is disabled or key is invalid.', :status => 403
       return false
     end
   end
diff --git a/app/views/settings/_repositories.rhtml b/app/views/settings/_repositories.rhtml
index 83a3846ce..581ebf5fd 100644
--- a/app/views/settings/_repositories.rhtml
+++ b/app/views/settings/_repositories.rhtml
@@ -3,7 +3,15 @@
 <div class="box tabular settings">
 <p><%= setting_check_box :autofetch_changesets %></p>
 
-<p><%= setting_check_box :sys_api_enabled %></p>
+<p><%= setting_check_box :sys_api_enabled, 
+				 :onclick => "if (this.checked) { Form.Element.enable('settings_sys_api_key'); } else { Form.Element.disable('settings_sys_api_key'); }" %></p>
+
+<p><%= setting_text_field :sys_api_key, :size => 30,
+																				:id => 'settings_sys_api_key',
+																				:disabled => !Setting.sys_api_enabled?,
+																				:label => :setting_mail_handler_api_key %>
+  <%= link_to_function l(:label_generate_key), "if ($('settings_sys_api_key').disabled == false) { $('settings_sys_api_key').value = randomKey(20) }" %>
+</p>
 
 <p><%= setting_multiselect(:enabled_scm, REDMINE_SUPPORTED_SCM) %></p>
 
diff --git a/config/settings.yml b/config/settings.yml
index 1cbcba523..d5943ebdb 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -85,6 +85,8 @@ autofetch_changesets:
   default: 1
 sys_api_enabled:
   default: 0
+sys_api_key:
+  default: ''
 commit_ref_keywords:
   default: 'refs,references,IssueID'
 commit_fix_keywords:
diff --git a/extra/svn/reposman.rb b/extra/svn/reposman.rb
index f4238ab22..e897a4f4f 100755
--- a/extra/svn/reposman.rb
+++ b/extra/svn/reposman.rb
@@ -19,18 +19,21 @@
 #                             -r redmine.example.net
 #                             -r http://redmine.example.net
 #                             -r https://example.net/redmine
+#   -k, --key=KEY             use KEY as the Redmine API key
 #
 # == Options
 #
 #   -o, --owner=OWNER         owner of the repository. using the rails login
 #                             allow user to browse the repository within
-#                             Redmine even for private project. If you want to share repositories
-#                             through Redmine.pm, you need to use the apache owner.
+#                             Redmine even for private project. If you want to
+#                             share repositories through Redmine.pm, you need
+#                             to use the apache owner.
 #   -g, --group=GROUP         group of the repository. (default: root)
-#   --scm=SCM                 the kind of SCM repository you want to create (and register) in
-#                             Redmine (default: Subversion). reposman is able to create Git 
-#                             and Subversion repositories. For all other kind (Bazaar,
-#                             Darcs, Filesystem, Mercurial) you must specify a --command option
+#   --scm=SCM                 the kind of SCM repository you want to create (and
+#                             register) in Redmine (default: Subversion).
+#                             reposman is able to create Git and Subversion
+#                             repositories. For all other kind, you must specify
+#                             a --command option
 #   -u, --url=URL             the base url Redmine will use to access your
 #                             repositories. This option is used to automatically
 #                             register the repositories in Redmine. The project
@@ -41,8 +44,10 @@
 #                             the repositories in Redmine
 #   -c, --command=COMMAND     use this command instead of "svnadmin create" to
 #                             create a repository. This option can be used to
-#                             create repositories other than subversion and git kind.
-#                             This command override the default creation for git and subversion.
+#                             create repositories other than subversion and git
+#                             kind.
+#                             This command override the default creation for git
+#                             and subversion.
 #   -f, --force               force repository creation even if the project
 #                             repository is already declared in Redmine
 #   -t, --test                only show what should be done
@@ -67,6 +72,7 @@ SUPPORTED_SCM = %w( Subversion Darcs Mercurial Bazaar Git Filesystem )
 opts = GetoptLong.new(
                       ['--svn-dir',      '-s', GetoptLong::REQUIRED_ARGUMENT],
                       ['--redmine-host', '-r', GetoptLong::REQUIRED_ARGUMENT],
+                      ['--key',          '-k', GetoptLong::REQUIRED_ARGUMENT],
                       ['--owner',        '-o', GetoptLong::REQUIRED_ARGUMENT],
                       ['--group',        '-g', GetoptLong::REQUIRED_ARGUMENT],
                       ['--url',          '-u', GetoptLong::REQUIRED_ARGUMENT],
@@ -127,6 +133,7 @@ begin
     case opt
     when '--svn-dir';        $repos_base   = arg.dup
     when '--redmine-host';   $redmine_host = arg.dup
+    when '--key';            $api_key      = arg.dup
     when '--owner';          $svn_owner    = arg.dup; $use_groupid = false;
     when '--group';          $svn_group    = arg.dup; $use_groupid = false;
     when '--url';            $svn_url      = arg.dup
@@ -184,7 +191,7 @@ Project.site = "#{$redmine_host}/sys";
 
 begin
   # Get all active projects that have the Repository module enabled
-  projects = Project.find(:all)
+  projects = Project.find(:all, :params => {:key => $api_key})
 rescue => e
   log("Unable to connect to #{Project.site}: #{e}", :exit => true)
 end
@@ -285,7 +292,7 @@ projects.each do |project|
 
     if $svn_url
       begin
-        project.post(:repository, :vendor => $scm, :repository => {:url => "#{$svn_url}#{project.identifier}"})
+        project.post(:repository, :vendor => $scm, :repository => {:url => "#{$svn_url}#{project.identifier}"}, :key => $api_key)
         log("\trepository #{repos_path} registered in Redmine with url #{$svn_url}#{project.identifier}");
       rescue => e
         log("\trepository #{repos_path} not registered in Redmine: #{e.message}");
diff --git a/test/functional/sys_controller_test.rb b/test/functional/sys_controller_test.rb
index 187fbe410..179740190 100644
--- a/test/functional/sys_controller_test.rb
+++ b/test/functional/sys_controller_test.rb
@@ -68,4 +68,25 @@ class SysControllerTest < ActionController::TestCase
     get :fetch_changesets, :id => 'unknown'
     assert_response 404
   end
+  
+  def test_disabled_ws_should_respond_with_403_error
+    with_settings :sys_api_enabled => '0' do
+      get :projects
+      assert_response 403
+    end
+  end
+  
+  def test_api_key
+    with_settings :sys_api_key => 'my_secret_key' do
+      get :projects, :key => 'my_secret_key'
+      assert_response :success
+    end
+  end
+  
+  def test_wrong_key_should_respond_with_403_error
+    with_settings :sys_api_enabled => 'my_secret_key' do
+      get :projects, :key => 'wrong_key'
+      assert_response 403
+    end
+  end
 end