diff --git a/src/main/scala/app/AccountController.scala b/src/main/scala/app/AccountController.scala index 0b21de4..d8e6362 100644 --- a/src/main/scala/app/AccountController.scala +++ b/src/main/scala/app/AccountController.scala @@ -70,7 +70,7 @@ val userName = params("userName") getAccountByUserName(userName).map { account => updateAccount(account.copy( - password = form.password.map(encrypt).getOrElse(account.password), + password = form.password.map(sha1).getOrElse(account.password), mailAddress = form.mailAddress, url = form.url)) @@ -93,7 +93,7 @@ post("/register", newForm){ form => if(loadSystemSettings().allowAccountRegistration){ - createAccount(form.userName, encrypt(form.password), form.mailAddress, false, form.url) + createAccount(form.userName, sha1(form.password), form.mailAddress, false, form.url) updateImage(form.userName, form.fileId, false) redirect("/signin") } else NotFound diff --git a/src/main/scala/app/SignInController.scala b/src/main/scala/app/SignInController.scala index 3e00963..becc3b2 100644 --- a/src/main/scala/app/SignInController.scala +++ b/src/main/scala/app/SignInController.scala @@ -25,7 +25,7 @@ post("/signin", form){ form => val account = getAccountByUserName(form.userName) - if(account.isEmpty || account.get.password != encrypt(form.password)){ + if(account.isEmpty || account.get.password != sha1(form.password)){ redirect("/signin") } else { session.setAttribute("LOGIN_ACCOUNT", account.get) diff --git a/src/main/scala/app/UserManagementController.scala b/src/main/scala/app/UserManagementController.scala index d21308a..e5673d4 100644 --- a/src/main/scala/app/UserManagementController.scala +++ b/src/main/scala/app/UserManagementController.scala @@ -47,7 +47,7 @@ }) post("/admin/users/_new", newForm)(adminOnly { form => - createAccount(form.userName, encrypt(form.password), form.mailAddress, form.isAdmin, form.url) + createAccount(form.userName, sha1(form.password), form.mailAddress, form.isAdmin, form.url) updateImage(form.userName, form.fileId, false) redirect("/admin/users") }) @@ -61,7 +61,7 @@ val userName = params("userName") getAccountByUserName(userName).map { account => updateAccount(getAccountByUserName(userName).get.copy( - password = form.password.map(encrypt).getOrElse(account.password), + password = form.password.map(sha1).getOrElse(account.password), mailAddress = form.mailAddress, isAdmin = form.isAdmin, url = form.url)) diff --git a/src/main/scala/servlet/BasicAuthenticationFilter.scala b/src/main/scala/servlet/BasicAuthenticationFilter.scala index 1f6e8f7..a69c237 100644 --- a/src/main/scala/servlet/BasicAuthenticationFilter.scala +++ b/src/main/scala/servlet/BasicAuthenticationFilter.scala @@ -59,7 +59,7 @@ private def isWritableUser(username: String, password: String, repository: RepositoryService.RepositoryInfo): Boolean = { getAccountByUserName(username).map { account => - account.password == encrypt(password) && hasWritePermission(repository.owner, repository.name, Some(account)) + account.password == sha1(password) && hasWritePermission(repository.owner, repository.name, Some(account)) } getOrElse false } diff --git a/src/main/scala/util/StringUtil.scala b/src/main/scala/util/StringUtil.scala index bc478c7..9cce293 100644 --- a/src/main/scala/util/StringUtil.scala +++ b/src/main/scala/util/StringUtil.scala @@ -2,7 +2,7 @@ object StringUtil { - def encrypt(value: String): String = { + def sha1(value: String): String = { val md = java.security.MessageDigest.getInstance("SHA-1") md.update(value.getBytes) md.digest.map(b => "%02x".format(b)).mkString