diff --git a/src/main/scala/app/SignInController.scala b/src/main/scala/app/SignInController.scala index e238ccf..dea995a 100644 --- a/src/main/scala/app/SignInController.scala +++ b/src/main/scala/app/SignInController.scala @@ -1,10 +1,7 @@ package app import service._ -import util.StringUtil._ import jp.sf.amateras.scalatra.forms._ -import util.LDAPUtil -import service.SystemSettingsService.SystemSettings class SignInController extends SignInControllerBase with SystemSettingsService with AccountService @@ -27,10 +24,9 @@ post("/signin", form){ form => val settings = loadSystemSettings() - if(settings.ldapAuthentication){ - ldapAuthentication(form, settings) - } else { - defaultAuthentication(form) + authenticate(loadSystemSettings(), form.userName, form.password) match { + case Some(account) => signin(account) + case None => redirect("/signin") } } @@ -40,32 +36,6 @@ } /** - * Authenticate by internal database. - */ - private def defaultAuthentication(form: SignInForm) = { - getAccountByUserName(form.userName).collect { - case account if(!account.isGroupAccount && account.password == sha1(form.password)) => signin(account) - } getOrElse redirect("/signin") - } - - /** - * Authenticate by LDAP. - */ - private def ldapAuthentication(form: SignInForm, settings: SystemSettings) = { - LDAPUtil.authenticate(settings.ldap.get, form.userName, form.password) match { - case Right(mailAddress) => { - // Create or update account by LDAP information - getAccountByUserName(form.userName) match { - case Some(x) => updateAccount(x.copy(mailAddress = mailAddress)) - case None => createAccount(form.userName, "", mailAddress, false, None) - } - signin(getAccountByUserName(form.userName).get) - } - case Left(errorMessage) => defaultAuthentication(form) - } - } - - /** * Set account information into HttpSession and redirect. */ private def signin(account: model.Account) = { diff --git a/src/main/scala/service/AccountService.scala b/src/main/scala/service/AccountService.scala index 3f828e3..39ddf6b 100644 --- a/src/main/scala/service/AccountService.scala +++ b/src/main/scala/service/AccountService.scala @@ -3,9 +3,48 @@ import model._ import scala.slick.driver.H2Driver.simple._ import Database.threadLocalSession +import service.SystemSettingsService.SystemSettings +import util.StringUtil._ +import model.GroupMember +import scala.Some +import model.Account +import util.LDAPUtil trait AccountService { + def authenticate(settings: SystemSettings, userName: String, password: String): Option[Account] = + if(settings.ldapAuthentication){ + ldapAuthentication(settings, userName, password) + } else { + defaultAuthentication(userName, password) + } + + /** + * Authenticate by internal database. + */ + private def defaultAuthentication(userName: String, password: String) = { + getAccountByUserName(userName).collect { + case account if(!account.isGroupAccount && account.password == sha1(password)) => Some(account) + } getOrElse None + } + + /** + * Authenticate by LDAP. + */ + private def ldapAuthentication(settings: SystemSettings, userName: String, password: String) = { + LDAPUtil.authenticate(settings.ldap.get, userName, password) match { + case Right(mailAddress) => { + // Create or update account by LDAP information + getAccountByUserName(userName) match { + case Some(x) => updateAccount(x.copy(mailAddress = mailAddress)) + case None => createAccount(userName, "", mailAddress, false, None) + } + getAccountByUserName(userName) + } + case Left(errorMessage) => defaultAuthentication(userName, password) + } + } + def getAccountByUserName(userName: String): Option[Account] = Query(Accounts) filter(_.userName is userName.bind) firstOption diff --git a/src/main/scala/servlet/BasicAuthenticationFilter.scala b/src/main/scala/servlet/BasicAuthenticationFilter.scala index 51d6618..6dda923 100644 --- a/src/main/scala/servlet/BasicAuthenticationFilter.scala +++ b/src/main/scala/servlet/BasicAuthenticationFilter.scala @@ -2,14 +2,13 @@ import javax.servlet._ import javax.servlet.http._ -import util.StringUtil._ -import service.{AccountService, RepositoryService} +import service.{SystemSettingsService, AccountService, RepositoryService} import org.slf4j.LoggerFactory /** * Provides BASIC Authentication for [[servlet.GitRepositoryServlet]]. */ -class BasicAuthenticationFilter extends Filter with RepositoryService with AccountService { +class BasicAuthenticationFilter extends Filter with RepositoryService with AccountService with SystemSettingsService { private val logger = LoggerFactory.getLogger(classOf[BasicAuthenticationFilter]) @@ -58,12 +57,12 @@ } } - private def isWritableUser(username: String, password: String, repository: RepositoryService.RepositoryInfo): Boolean = { - getAccountByUserName(username).map { account => - account.password == sha1(password) && hasWritePermission(repository.owner, repository.name, Some(account)) - } getOrElse false - } - + private def isWritableUser(username: String, password: String, repository: RepositoryService.RepositoryInfo): Boolean = + authenticate(loadSystemSettings(), username, password) match { + case Some(account) => hasWritePermission(repository.owner, repository.name, Some(account)) + case None => false + } + private def requireAuth(response: HttpServletResponse): Unit = { response.setHeader("WWW-Authenticate", "BASIC realm=\"GitBucket\"") response.sendError(HttpServletResponse.SC_UNAUTHORIZED)