added the svn_read_credential option

codepot/etc/codepot.ini.in

@@ -338,6 +338,15 @@ svn_tag_property = "codepot:tag"
 ;------------------------------------------------------------------------------
 svn_read_access = "member"
 
+;------------------------------------------------------------------------------
+; Grant subversin read access to public repository if the user id and the 
+; password match this special credential configured. The value must be
+; a userid and a password separated by a colon. For example,
+;    anonymous:aab08d13-942c-49bc-b6a7-5ca4408b08d6
+; This credentical takes precedence over non-anonymous svn_read_access mode.
+;------------------------------------------------------------------------------
+svn_read_credential = ""
+
 ;------------------------------------------------------------------------------
 ; The length of a commit message must be as long as this value.
 ;------------------------------------------------------------------------------

codepot/etc/perl/Codepot/AccessHandler.pm

@@ -76,7 +76,8 @@ sub get_config
 		database_driver => $cfg->param('database_driver'),
 		database_prefix => $cfg->param('database_prefix'),
 
-		svn_read_access => $cfg->param ('svn_read_access')
+		svn_read_access => $cfg->param('svn_read_access'),
+		svn_read_credential => $cfg->param('svn_read_credential')
 	};
 
 	return $config;
@@ -307,6 +308,7 @@ sub is_read_method
 	       $method eq "OPTIONS" || $method eq "REPORT" ||
 	       $method eq "PROPFIND";
 }
+
 sub __handler 
 {
 	my ($r, $cfg, $dbh) = @_;
@@ -375,6 +377,15 @@ sub __handler
 				}
 				return Apache2::Const::OK;
 			}
+			elsif (defined($cfg->{svn_read_credential}) && $cfg->{svn_read_credential} ne '')
+			{
+				# security loop hole here.
+				my ($c_user, $c_pass) = split(/:/, $cfg->{svn_read_credential});
+				if ($c_user ne '' && $c_pass ne '' && $c_user eq $userid && $c_pass eq $password)
+				{
+					return Apache2::Const::OK;
+				}
+			}
 		}
 	}
 	

codepot/src/codepot/models/dbloginmodel.php

@@ -53,8 +53,8 @@ class DbLoginModel extends LoginModel
 		$result = $query->result ();
 		if (empty($result))
 		{
-			$this->setErrorMessage ('invalid credential'); // no such user name
 			$this->db->trans_rollback ();
+			$this->setErrorMessage ('No such user');
 			return FALSE;
 		}
 

codepot/src/codepot/models/ldaploginmodel.php

@@ -10,8 +10,7 @@ class LdapLoginModel extends LoginModel
 
 	function authenticate ($userid, $password)
 	{
-		//$ldap = @ldap_connect (
-		//	CODEPOT_LDAP_SERVER_HOST, CODEPOT_LDAP_SERVER_PORT);
+		//$ldap = @ldap_connect (CODEPOT_LDAP_SERVER_HOST, CODEPOT_LDAP_SERVER_PORT);
 		$ldap = @ldap_connect(CODEPOT_LDAP_SERVER_URI);
 		if ($ldap === FALSE)
 		{
@@ -57,8 +56,8 @@ class LdapLoginModel extends LoginModel
 
 			if ($ec <= 0)
 			{
-				$this->setErrorMessage ('No such user');
 				ldap_close ($ldap);
+				$this->setErrorMessage ('No such user');
 				return FALSE;
 			}
 

codepot/src/codepot/models/loginmodel.php

@@ -82,6 +82,7 @@ class LoginModel extends Model
 			}
 		}
 
+		// big security loophole - implement a different way of session management
 		$this->session->set_userdata (
 			array (
 				'userid' => $userid,

codepot/src/config.php.in

@@ -34,6 +34,7 @@ function load_ini ($file)
 
 		array ('signin_compulsory',            'boolean',    FALSE),
 		array ('code_read_access',             'string',     'anonymous'),
+		array ('code_read_credential',         'string',     ''),
 		array ('file_read_access',             'string',     'anonymous'),
 
 		array ('https_compulsory',             'boolean',    FALSE),