(refs #78)Authentication moved to AccountService.

2025-11-05 21:15:49 +01:00 · 2013-08-17 11:05:11 +09:00
parent 7e26b4695d
commit b9aa6a234b
3 changed files with 50 additions and 42 deletions
--- a/src/main/scala/app/SignInController.scala
+++ b/src/main/scala/app/SignInController.scala
@@ -1,10 +1,7 @@
 package app

 import service._
-import util.StringUtil._
 import jp.sf.amateras.scalatra.forms._
-import util.LDAPUtil
-import service.SystemSettingsService.SystemSettings

 class SignInController extends SignInControllerBase with SystemSettingsService with AccountService

@@ -27,10 +24,9 @@ trait SignInControllerBase extends ControllerBase { self: SystemSettingsService

  post("/signin", form){ form =>
    val settings = loadSystemSettings()
-    if(settings.ldapAuthentication){
-      ldapAuthentication(form, settings)
-    } else {
-      defaultAuthentication(form)
+    authenticate(loadSystemSettings(), form.userName, form.password) match {
+      case Some(account) => signin(account)
+      case None => redirect("/signin")
    }
  }

@@ -39,32 +35,6 @@ trait SignInControllerBase extends ControllerBase { self: SystemSettingsService
    redirect("/")
  }

-  /**
-   * Authenticate by internal database.
-   */
-  private def defaultAuthentication(form: SignInForm) = {
-    getAccountByUserName(form.userName).collect {
-      case account if(!account.isGroupAccount && account.password == sha1(form.password)) => signin(account)
-    } getOrElse redirect("/signin")
-  }
-
-  /**
-   * Authenticate by LDAP.
-   */
-  private def ldapAuthentication(form: SignInForm, settings: SystemSettings) = {
-    LDAPUtil.authenticate(settings.ldap.get, form.userName, form.password) match {
-      case Right(mailAddress) => {
-        // Create or update account by LDAP information
-        getAccountByUserName(form.userName) match {
-          case Some(x) => updateAccount(x.copy(mailAddress = mailAddress))
-          case None    => createAccount(form.userName, "", mailAddress, false, None)
-        }
-        signin(getAccountByUserName(form.userName).get)
-      }
-      case Left(errorMessage) => defaultAuthentication(form)
-    }
-  }
-
  /**
   * Set account information into HttpSession and redirect.
   */
--- a/src/main/scala/service/AccountService.scala
+++ b/src/main/scala/service/AccountService.scala
@@ -3,9 +3,48 @@ package service
 import model._
 import scala.slick.driver.H2Driver.simple._
 import Database.threadLocalSession
+import service.SystemSettingsService.SystemSettings
+import util.StringUtil._
+import model.GroupMember
+import scala.Some
+import model.Account
+import util.LDAPUtil

 trait AccountService {

+  def authenticate(settings: SystemSettings, userName: String, password: String): Option[Account] =
+    if(settings.ldapAuthentication){
+      ldapAuthentication(settings, userName, password)
+    } else {
+      defaultAuthentication(userName, password)
+    }
+
+  /**
+   * Authenticate by internal database.
+   */
+  private def defaultAuthentication(userName: String, password: String) = {
+    getAccountByUserName(userName).collect {
+      case account if(!account.isGroupAccount && account.password == sha1(password)) => Some(account)
+    } getOrElse None
+  }
+
+  /**
+   * Authenticate by LDAP.
+   */
+  private def ldapAuthentication(settings: SystemSettings, userName: String, password: String) = {
+    LDAPUtil.authenticate(settings.ldap.get, userName, password) match {
+      case Right(mailAddress) => {
+        // Create or update account by LDAP information
+        getAccountByUserName(userName) match {
+          case Some(x) => updateAccount(x.copy(mailAddress = mailAddress))
+          case None    => createAccount(userName, "", mailAddress, false, None)
+        }
+        getAccountByUserName(userName)
+      }
+      case Left(errorMessage) => defaultAuthentication(userName, password)
+    }
+  }
+
  def getAccountByUserName(userName: String): Option[Account] = 
    Query(Accounts) filter(_.userName is userName.bind) firstOption

--- a/src/main/scala/servlet/BasicAuthenticationFilter.scala
+++ b/src/main/scala/servlet/BasicAuthenticationFilter.scala
@@ -2,14 +2,13 @@ package servlet

 import javax.servlet._
 import javax.servlet.http._
-import util.StringUtil._
-import service.{AccountService, RepositoryService}
+import service.{SystemSettingsService, AccountService, RepositoryService}
 import org.slf4j.LoggerFactory

 /**
 * Provides BASIC Authentication for [[servlet.GitRepositoryServlet]].
 */
-class BasicAuthenticationFilter extends Filter with RepositoryService with AccountService {
+class BasicAuthenticationFilter extends Filter with RepositoryService with AccountService with SystemSettingsService {

  private val logger = LoggerFactory.getLogger(classOf[BasicAuthenticationFilter])

@@ -58,10 +57,10 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
    }
  }

-  private def isWritableUser(username: String, password: String, repository: RepositoryService.RepositoryInfo): Boolean = {
-    getAccountByUserName(username).map { account =>
-      account.password == sha1(password) && hasWritePermission(repository.owner, repository.name, Some(account))
-    } getOrElse false
+  private def isWritableUser(username: String, password: String, repository: RepositoryService.RepositoryInfo): Boolean =
+    authenticate(loadSystemSettings(), username, password) match {
+      case Some(account) => hasWritePermission(repository.owner, repository.name, Some(account))
+      case None => false
    }

  private def requireAuth(response: HttpServletResponse): Unit = {