diff --git a/src/main/resources/update/1_0.sql b/src/main/resources/update/1_0.sql index 65c4700..6b48ba8 100644 --- a/src/main/resources/update/1_0.sql +++ b/src/main/resources/update/1_0.sql @@ -1,7 +1,7 @@ CREATE TABLE ACCOUNT( USER_NAME VARCHAR(100) NOT NULL, MAIL_ADDRESS VARCHAR(100) NOT NULL, - PASSWORD VARCHAR(20) NOT NULL, + PASSWORD VARCHAR(40) NOT NULL, ADMINISTRATOR BOOLEAN NOT NULL, URL VARCHAR(200), REGISTERED_DATE TIMESTAMP NOT NULL, @@ -10,8 +10,8 @@ ); CREATE TABLE REPOSITORY( - REPOSITORY_NAME VARCHAR(100) NOT NULL, USER_NAME VARCHAR(100) NOT NULL, + REPOSITORY_NAME VARCHAR(100) NOT NULL, PRIVATE BOOLEAN NOT NULL, DESCRIPTION TEXT, DEFAULT_BRANCH VARCHAR(100), @@ -21,8 +21,8 @@ ); CREATE TABLE COLLABORATOR( - REPOSITORY_NAME VARCHAR(100) NOT NULL, USER_NAME VARCHAR(100) NOT NULL, + REPOSITORY_NAME VARCHAR(100) NOT NULL, COLLABORATOR_NAME VARCHAR(100) NOT NULL ); @@ -85,11 +85,11 @@ ALTER TABLE ACCOUNT ADD CONSTRAINT IDX_ACCOUNT_PK PRIMARY KEY (USER_NAME); ALTER TABLE ACCOUNT ADD CONSTRAINT IDX_ACCOUNT_1 UNIQUE (MAIL_ADDRESS); -ALTER TABLE REPOSITORY ADD CONSTRAINT IDX_REPOSITORY_PK PRIMARY KEY (REPOSITORY_NAME, USER_NAME); +ALTER TABLE REPOSITORY ADD CONSTRAINT IDX_REPOSITORY_PK PRIMARY KEY (USER_NAME, REPOSITORY_NAME); ALTER TABLE REPOSITORY ADD CONSTRAINT IDX_REPOSITORY_FK0 FOREIGN KEY (USER_NAME) REFERENCES ACCOUNT (USER_NAME); -ALTER TABLE COLLABORATOR ADD CONSTRAINT IDX_COLLABORATOR_PK PRIMARY KEY (REPOSITORY_NAME, USER_NAME); -ALTER TABLE COLLABORATOR ADD CONSTRAINT IDX_COLLABORATOR_FK0 FOREIGN KEY (REPOSITORY_NAME, USER_NAME) REFERENCES REPOSITORY (REPOSITORY_NAME, USER_NAME); +ALTER TABLE COLLABORATOR ADD CONSTRAINT IDX_COLLABORATOR_PK PRIMARY KEY (USER_NAME, REPOSITORY_NAME); +ALTER TABLE COLLABORATOR ADD CONSTRAINT IDX_COLLABORATOR_FK0 FOREIGN KEY (USER_NAME, REPOSITORY_NAME) REFERENCES REPOSITORY (USER_NAME, REPOSITORY_NAME); ALTER TABLE COLLABORATOR ADD CONSTRAINT IDX_COLLABORATOR_FK1 FOREIGN KEY (COLLABORATOR_NAME) REFERENCES ACCOUNT (USER_NAME); ALTER TABLE ISSUE ADD CONSTRAINT IDX_ISSUE_PK PRIMARY KEY (ISSUE_ID, USER_NAME, REPOSITORY_NAME); @@ -125,7 +125,7 @@ ) VALUES ( 'root', 'root@localhost', - 'root', + 'dc76e9f0c0006e8f919e0c515c66dbba3982f785', true, 'https://github.com/takezoe/gitbucket', SYSDATE, diff --git a/src/main/scala/app/AccountController.scala b/src/main/scala/app/AccountController.scala index 90d6530..90bbc70 100644 --- a/src/main/scala/app/AccountController.scala +++ b/src/main/scala/app/AccountController.scala @@ -2,6 +2,7 @@ import service._ import util.OwnerOnlyAuthenticator +import util.StringUtil._ import jp.sf.amateras.scalatra.forms._ class AccountController extends AccountControllerBase @@ -46,7 +47,7 @@ val userName = params("userName") getAccountByUserName(userName).map { account => updateAccount(account.copy( - password = form.password.getOrElse(account.password), + password = form.password.map(encrypt).getOrElse(account.password), mailAddress = form.mailAddress, url = form.url)) redirect("/%s".format(userName)) @@ -61,7 +62,7 @@ post("/register", newForm){ newForm => if(loadSystemSettings().allowAccountRegistration){ - createAccount(newForm.userName, newForm.password, newForm.mailAddress, false, newForm.url) + createAccount(newForm.userName, encrypt(newForm.password), newForm.mailAddress, false, newForm.url) redirect("/signin") } else NotFound } diff --git a/src/main/scala/app/SignInController.scala b/src/main/scala/app/SignInController.scala index c698ba1..ccea39b 100644 --- a/src/main/scala/app/SignInController.scala +++ b/src/main/scala/app/SignInController.scala @@ -1,6 +1,7 @@ package app import service._ +import util.StringUtil._ import jp.sf.amateras.scalatra.forms._ class SignInController extends SignInControllerBase with SystemSettingsService with AccountService @@ -16,7 +17,7 @@ get("/signin"){ val queryString = request.getQueryString - if(queryString.startsWith("/")){ + if(queryString != null && queryString.startsWith("/")){ session.setAttribute("REDIRECT", queryString) } html.signin(loadSystemSettings()) @@ -24,7 +25,7 @@ post("/signin", form){ form => val account = getAccountByUserName(form.userName) - if(account.isEmpty || account.get.password != form.password){ + if(account.isEmpty || account.get.password != encrypt(form.password)){ redirect("/signin") } else { session.setAttribute("LOGIN_ACCOUNT", account.get) diff --git a/src/main/scala/app/UserManagementController.scala b/src/main/scala/app/UserManagementController.scala index 9b30b2d..af98c5a 100644 --- a/src/main/scala/app/UserManagementController.scala +++ b/src/main/scala/app/UserManagementController.scala @@ -1,31 +1,32 @@ package app -import model._ import service._ import util.AdminOnlyAuthenticator +import util.StringUtil._ import jp.sf.amateras.scalatra.forms._ class UserManagementController extends UserManagementControllerBase with AccountService with AdminOnlyAuthenticator trait UserManagementControllerBase extends ControllerBase { self: AccountService with AdminOnlyAuthenticator => - case class UserForm(userName: String, password: String, mailAddress: String, isAdmin: Boolean, url: Option[String]) - + case class UserNewForm(userName: String, password: String, mailAddress: String, isAdmin: Boolean, url: Option[String]) + case class UserEditForm(userName: String, password: Option[String], mailAddress: String, isAdmin: Boolean, url: Option[String]) + val newForm = mapping( "userName" -> trim(label("Username" , text(required, maxlength(100), identifier, unique))), - "password" -> trim(label("Password" , text(required, maxlength(100)))), + "password" -> trim(label("Password" , text(required, maxlength(20)))), "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100)))), "isAdmin" -> trim(label("User Type" , boolean())), "url" -> trim(label("URL" , optional(text(maxlength(200))))) - )(UserForm.apply) + )(UserNewForm.apply) val editForm = mapping( "userName" -> trim(label("Username" , text(required, maxlength(100), identifier))), - "password" -> trim(label("Password" , text(required, maxlength(100)))), + "password" -> trim(label("Password" , optional(text(maxlength(20))))), "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100)))), "isAdmin" -> trim(label("User Type" , boolean())), "url" -> trim(label("URL" , optional(text(maxlength(200))))) - )(UserForm.apply) + )(UserEditForm.apply) get("/admin/users")(adminOnly { admin.html.userlist(getAllUsers()) @@ -36,7 +37,7 @@ }) post("/admin/users/_new", newForm)(adminOnly { form => - createAccount(form.userName, form.password, form.mailAddress, form.isAdmin, form.url) + createAccount(form.userName, encrypt(form.password), form.mailAddress, form.isAdmin, form.url) redirect("/admin/users") }) @@ -47,13 +48,15 @@ post("/admin/users/:name/_edit", editForm)(adminOnly { form => val userName = params("userName") - updateAccount(getAccountByUserName(userName).get.copy( - password = form.password, + getAccountByUserName(userName).map { account => + updateAccount(getAccountByUserName(userName).get.copy( + password = form.password.map(encrypt).getOrElse(account.password), mailAddress = form.mailAddress, isAdmin = form.isAdmin, url = form.url)) - - redirect("/admin/users") + + redirect("/admin/users") + } getOrElse NotFound }) private def unique: Constraint = new Constraint(){ diff --git a/src/main/scala/util/StringUtil.scala b/src/main/scala/util/StringUtil.scala new file mode 100644 index 0000000..bd42fb9 --- /dev/null +++ b/src/main/scala/util/StringUtil.scala @@ -0,0 +1,11 @@ +package util + +object StringUtil { + + def encrypt(value: String): String = { + val md = java.security.MessageDigest.getInstance("SHA-1") + md.update(value.getBytes) + md.digest.map(b => "%02x".format(b)).mkString + } + +}