Encrypt password.

2025-11-09 06:55:54 +01:00 · 2013-06-29 15:13:20 +09:00
parent cd2486344f
commit 10f2cbbc3e
5 changed files with 39 additions and 23 deletions
--- a/src/main/scala/app/AccountController.scala
+++ b/src/main/scala/app/AccountController.scala
@@ -2,6 +2,7 @@ package app

 import service._
 import util.OwnerOnlyAuthenticator
+import util.StringUtil._
 import jp.sf.amateras.scalatra.forms._

 class AccountController extends AccountControllerBase
@@ -46,7 +47,7 @@ trait AccountControllerBase extends ControllerBase {
    val userName = params("userName")
    getAccountByUserName(userName).map { account =>
      updateAccount(account.copy(
-        password    = form.password.getOrElse(account.password),
+        password    = form.password.map(encrypt).getOrElse(account.password),
        mailAddress = form.mailAddress,
        url         = form.url))
      redirect("/%s".format(userName))
@@ -61,7 +62,7 @@ trait AccountControllerBase extends ControllerBase {

  post("/register", newForm){ newForm =>
    if(loadSystemSettings().allowAccountRegistration){
-      createAccount(newForm.userName, newForm.password, newForm.mailAddress, false, newForm.url)
+      createAccount(newForm.userName, encrypt(newForm.password), newForm.mailAddress, false, newForm.url)
      redirect("/signin")
    } else NotFound
  }
--- a/src/main/scala/app/SignInController.scala
+++ b/src/main/scala/app/SignInController.scala
@@ -1,6 +1,7 @@
 package app

 import service._
+import util.StringUtil._
 import jp.sf.amateras.scalatra.forms._

 class SignInController extends SignInControllerBase with SystemSettingsService with AccountService
@@ -16,7 +17,7 @@ trait SignInControllerBase extends ControllerBase { self: SystemSettingsService
  
  get("/signin"){
    val queryString = request.getQueryString
-    if(queryString.startsWith("/")){
+    if(queryString != null && queryString.startsWith("/")){
      session.setAttribute("REDIRECT", queryString)
    }
    html.signin(loadSystemSettings())
@@ -24,7 +25,7 @@ trait SignInControllerBase extends ControllerBase { self: SystemSettingsService

  post("/signin", form){ form =>
    val account = getAccountByUserName(form.userName)
-    if(account.isEmpty || account.get.password != form.password){
+    if(account.isEmpty || account.get.password != encrypt(form.password)){
      redirect("/signin")
    } else {
      session.setAttribute("LOGIN_ACCOUNT", account.get)
--- a/src/main/scala/app/UserManagementController.scala
+++ b/src/main/scala/app/UserManagementController.scala
@@ -1,31 +1,32 @@
 package app

-import model._
 import service._
 import util.AdminOnlyAuthenticator
+import util.StringUtil._
 import jp.sf.amateras.scalatra.forms._

 class UserManagementController extends UserManagementControllerBase with AccountService with AdminOnlyAuthenticator

 trait UserManagementControllerBase extends ControllerBase { self: AccountService with AdminOnlyAuthenticator =>
  
-  case class UserForm(userName: String, password: String, mailAddress: String, isAdmin: Boolean, url: Option[String])
-  
+  case class UserNewForm(userName: String, password: String, mailAddress: String, isAdmin: Boolean, url: Option[String])
+  case class UserEditForm(userName: String, password: Option[String], mailAddress: String, isAdmin: Boolean, url: Option[String])
+
  val newForm = mapping(
    "userName"    -> trim(label("Username"     , text(required, maxlength(100), identifier, unique))),
-    "password"    -> trim(label("Password"     , text(required, maxlength(100)))),
+    "password"    -> trim(label("Password"     , text(required, maxlength(20)))),
    "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100)))),
    "isAdmin"     -> trim(label("User Type"    , boolean())),
    "url"         -> trim(label("URL"          , optional(text(maxlength(200)))))
-  )(UserForm.apply)
+  )(UserNewForm.apply)

  val editForm = mapping(
    "userName"    -> trim(label("Username"     , text(required, maxlength(100), identifier))),
-    "password"    -> trim(label("Password"     , text(required, maxlength(100)))),
+    "password"    -> trim(label("Password"     , optional(text(maxlength(20))))),
    "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100)))),
    "isAdmin"     -> trim(label("User Type"    , boolean())),
    "url"         -> trim(label("URL"          , optional(text(maxlength(200)))))
-  )(UserForm.apply)
+  )(UserEditForm.apply)
  
  get("/admin/users")(adminOnly {
    admin.html.userlist(getAllUsers())
@@ -36,7 +37,7 @@ trait UserManagementControllerBase extends ControllerBase { self: AccountService
  })
  
  post("/admin/users/_new", newForm)(adminOnly { form =>
-    createAccount(form.userName, form.password, form.mailAddress, form.isAdmin, form.url)
+    createAccount(form.userName, encrypt(form.password), form.mailAddress, form.isAdmin, form.url)
    redirect("/admin/users")
  })
  
@@ -47,13 +48,15 @@ trait UserManagementControllerBase extends ControllerBase { self: AccountService
  
  post("/admin/users/:name/_edit", editForm)(adminOnly { form =>
    val userName = params("userName")
-    updateAccount(getAccountByUserName(userName).get.copy(
-        password     = form.password,
+    getAccountByUserName(userName).map { account =>
+      updateAccount(getAccountByUserName(userName).get.copy(
+        password     = form.password.map(encrypt).getOrElse(account.password),
        mailAddress  = form.mailAddress,
        isAdmin      = form.isAdmin,
        url          = form.url))
-    
-    redirect("/admin/users")
+
+      redirect("/admin/users")
+    } getOrElse NotFound
  })

  private def unique: Constraint = new Constraint(){
--- a/src/main/scala/util/StringUtil.scala
+++ b/src/main/scala/util/StringUtil.scala
@@ -0,0 +1,11 @@
+package util
+
+object StringUtil {
+
+  def encrypt(value: String): String = {
+    val md = java.security.MessageDigest.getInstance("SHA-1")
+    md.update(value.getBytes)
+    md.digest.map(b => "%02x".format(b)).mkString
+  }
+
+}