(refs #78)Authentication moved to AccountService.

src/main/scala/app/SignInController.scala

@@ -1,10 +1,7 @@
 package app
 
 import service._
-import util.StringUtil._
 import jp.sf.amateras.scalatra.forms._
-import util.LDAPUtil
-import service.SystemSettingsService.SystemSettings
 
 class SignInController extends SignInControllerBase with SystemSettingsService with AccountService
 
@@ -27,10 +24,9 @@ trait SignInControllerBase extends ControllerBase { self: SystemSettingsService
 
   post("/signin", form){ form =>
     val settings = loadSystemSettings()
-    if(settings.ldapAuthentication){
+    authenticate(loadSystemSettings(), form.userName, form.password) match {
-      ldapAuthentication(form, settings)
+      case Some(account) => signin(account)
-    } else {
+      case None => redirect("/signin")
-      defaultAuthentication(form)
     }
   }
 
@@ -39,32 +35,6 @@ trait SignInControllerBase extends ControllerBase { self: SystemSettingsService
     redirect("/")
   }
 
-  /**
-   * Authenticate by internal database.
-   */
-  private def defaultAuthentication(form: SignInForm) = {
-    getAccountByUserName(form.userName).collect {
-      case account if(!account.isGroupAccount && account.password == sha1(form.password)) => signin(account)
-    } getOrElse redirect("/signin")
-  }
-
-  /**
-   * Authenticate by LDAP.
-   */
-  private def ldapAuthentication(form: SignInForm, settings: SystemSettings) = {
-    LDAPUtil.authenticate(settings.ldap.get, form.userName, form.password) match {
-      case Right(mailAddress) => {
-        // Create or update account by LDAP information
-        getAccountByUserName(form.userName) match {
-          case Some(x) => updateAccount(x.copy(mailAddress = mailAddress))
-          case None    => createAccount(form.userName, "", mailAddress, false, None)
-        }
-        signin(getAccountByUserName(form.userName).get)
-      }
-      case Left(errorMessage) => defaultAuthentication(form)
-    }
-  }
-
   /**
    * Set account information into HttpSession and redirect.
    */

src/main/scala/service/AccountService.scala

@@ -3,9 +3,48 @@ package service
 import model._
 import scala.slick.driver.H2Driver.simple._
 import Database.threadLocalSession
+import service.SystemSettingsService.SystemSettings
+import util.StringUtil._
+import model.GroupMember
+import scala.Some
+import model.Account
+import util.LDAPUtil
 
 trait AccountService {
 
+  def authenticate(settings: SystemSettings, userName: String, password: String): Option[Account] =
+    if(settings.ldapAuthentication){
+      ldapAuthentication(settings, userName, password)
+    } else {
+      defaultAuthentication(userName, password)
+    }
+
+  /**
+   * Authenticate by internal database.
+   */
+  private def defaultAuthentication(userName: String, password: String) = {
+    getAccountByUserName(userName).collect {
+      case account if(!account.isGroupAccount && account.password == sha1(password)) => Some(account)
+    } getOrElse None
+  }
+
+  /**
+   * Authenticate by LDAP.
+   */
+  private def ldapAuthentication(settings: SystemSettings, userName: String, password: String) = {
+    LDAPUtil.authenticate(settings.ldap.get, userName, password) match {
+      case Right(mailAddress) => {
+        // Create or update account by LDAP information
+        getAccountByUserName(userName) match {
+          case Some(x) => updateAccount(x.copy(mailAddress = mailAddress))
+          case None    => createAccount(userName, "", mailAddress, false, None)
+        }
+        getAccountByUserName(userName)
+      }
+      case Left(errorMessage) => defaultAuthentication(userName, password)
+    }
+  }
+
   def getAccountByUserName(userName: String): Option[Account] = 
     Query(Accounts) filter(_.userName is userName.bind) firstOption
 

src/main/scala/servlet/BasicAuthenticationFilter.scala

@@ -2,14 +2,13 @@ package servlet
 
 import javax.servlet._
 import javax.servlet.http._
-import util.StringUtil._
+import service.{SystemSettingsService, AccountService, RepositoryService}
-import service.{AccountService, RepositoryService}
 import org.slf4j.LoggerFactory
 
 /**
  * Provides BASIC Authentication for [[servlet.GitRepositoryServlet]].
  */
-class BasicAuthenticationFilter extends Filter with RepositoryService with AccountService {
+class BasicAuthenticationFilter extends Filter with RepositoryService with AccountService with SystemSettingsService {
 
   private val logger = LoggerFactory.getLogger(classOf[BasicAuthenticationFilter])
 
@@ -58,11 +57,11 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
     }
   }
 
-  private def isWritableUser(username: String, password: String, repository: RepositoryService.RepositoryInfo): Boolean = {
+  private def isWritableUser(username: String, password: String, repository: RepositoryService.RepositoryInfo): Boolean =
-    getAccountByUserName(username).map { account =>
+    authenticate(loadSystemSettings(), username, password) match {
-      account.password == sha1(password) && hasWritePermission(repository.owner, repository.name, Some(account))
+      case Some(account) => hasWritePermission(repository.owner, repository.name, Some(account))
-    } getOrElse false
+      case None => false
-  }
+    }
 
   private def requireAuth(response: HttpServletResponse): Unit = {
     response.setHeader("WWW-Authenticate", "BASIC realm=\"GitBucket\"")