Bump gist-plugin to 4.15.0 which supports GitBucket 4.25.0

Count multiple comments on the same line

.scalafmt.conf

@@ -0,0 +1,11 @@
+project.git = true
+
+maxColumn = 120
+docstrings = JavaDoc
+
+align.tokens = ["%", "%%", {code = "=>", owner = "Case"}]
+align.openParenCallSite = false
+align.openParenDefnSite = false
+continuationIndent.callSite = 2
+continuationIndent.defnSite = 2
+danglingParentheses = true

.travis.yml

@@ -3,7 +3,7 @@ sudo: true
 jdk: 
   - oraclejdk8
 script:
-  - sbt test
+  - sbt scalafmtSbtCheck scalafmtCheck test:scalafmtCheck test
 before_script:
   - sudo /etc/init.d/mysql stop
   - sudo /etc/init.d/postgresql stop

CHANGELOG.md

@@ -1,6 +1,30 @@
 # Changelog
 All changes to the project will be documented in this file.
 
+### 4.25.0 - 29 May 2018
+- Security improvement
+- Show mail address at the profile page
+- Task list on commit comments
+- More detailed editing history of issues and pull requests
+- Expose user public keys
+- Download repository improvements
+
+### 4.24.1 - 1 May 2018
+- Fix bug in Web API authentication
+
+### 4.24.0 - 30 Apr 2018
+- Diff for each review comment on pull requests
+- Extra mail addresses support
+- Show tags at the commit list
+- Keep wrap mode of the online editor
+- Renew layout of gitbucket-gist-plugin
+- Web API of gitbucket-ci-plugin
+
+### 4.23.1 - 10 Apr 2018
+- Fix bug that the contents API doesn't work for the repository root
+- Fix shutdown problem in Tomcat deployment
+- Render by plugins at the blob view even if it's a binary file
+
 ### 4.23.0 - 31 Mar 2018
 - Allow tail slash in URL
 - Display commit message of tags at the releases page

README.md

@@ -1,4 +1,4 @@
-GitBucket [![Gitter chat](https://badges.gitter.im/gitbucket/gitbucket.png)](https://gitter.im/gitbucket/gitbucket) [![Build Status](https://travis-ci.org/gitbucket/gitbucket.svg?branch=master)](https://travis-ci.org/gitbucket/gitbucket)
+GitBucket [![Gitter chat](https://badges.gitter.im/gitbucket/gitbucket.svg)](https://gitter.im/gitbucket/gitbucket) [![Build Status](https://travis-ci.org/gitbucket/gitbucket.svg?branch=master)](https://travis-ci.org/gitbucket/gitbucket) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/io.github.gitbucket/gitbucket_2.12/badge.svg)](https://maven-badges.herokuapp.com/maven-central/io.github.gitbucket/gitbucket_2.12) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/gitbucket/gitbucket/blob/master/LICENSE)
 =========
 
 GitBucket is a Git web platform powered by Scala offering:
@@ -68,14 +68,14 @@ Support
 - If you can't find same question and report, send it to [gitter room](https://gitter.im/gitbucket/gitbucket) before raising an issue.
 - The highest priority of GitBucket is the ease of installation and API compatibility with GitHub, so your feature request might be rejected if they go against those principles.
 
-What's New in 4.23.x
+What's New in 4.25.x
 -------------
-### 4.23.0 - 31 Mar 2018
+### 4.25.0 - 29 May 2018
-- Allow tail slash in URL
+- Security improvement
-- Display commit message of tags at the releases page
+- Show mail address at the profile page
-- Add labels property to issues and pull requests API response
+- Task list on commit comments
-- Plugins list API
+- More detailed editing history of issues and pull requests
-- Git authentication with personal access token
+- Expose user public keys
-- Max parallel builds and max stored history in CI plugin became configurable
+- Download repository improvements
 
 See the [change log](CHANGELOG.md) for all of the updates.

build.sbt

@@ -3,19 +3,22 @@ import com.typesafe.sbt.pgp.PgpKeys._
 
 val Organization = "io.github.gitbucket"
 val Name = "gitbucket"
-val GitBucketVersion = "4.23.0"
+val GitBucketVersion = "4.25.0"
 val ScalatraVersion = "2.6.1"
 val JettyVersion = "9.4.7.v20170914"
 
-lazy val root = (project in file(".")).enablePlugins(SbtTwirl, ScalatraPlugin, JRebelPlugin).settings(
+lazy val root = (project in file("."))
-
+  .enablePlugins(SbtTwirl, ScalatraPlugin, JRebelPlugin)
-)
+  .settings(
+    )
 
 sourcesInBase := false
 organization := Organization
 name := Name
 version := GitBucketVersion
-scalaVersion := "2.12.5"
+scalaVersion := "2.12.6"
+
+scalafmtOnCompile := true
 
 // dependency settings
 resolvers ++= Seq(
@@ -25,57 +28,58 @@ resolvers ++= Seq(
   "sonatype-snapshot" at "https://oss.sonatype.org/content/repositories/snapshots/",
   "amateras-snapshot" at "http://amateras.sourceforge.jp/mvn-snapshot/"
 )
+
 libraryDependencies ++= Seq(
-  "org.eclipse.jgit"                %  "org.eclipse.jgit.http.server" % "4.11.0.201803080745-r",
+  "org.eclipse.jgit"                % "org.eclipse.jgit.http.server" % "4.11.0.201803080745-r",
-  "org.eclipse.jgit"                %  "org.eclipse.jgit.archive"     % "4.11.0.201803080745-r",
+  "org.eclipse.jgit"                % "org.eclipse.jgit.archive"     % "4.11.0.201803080745-r",
-  "org.scalatra"                    %% "scalatra"                     % ScalatraVersion,
+  "org.scalatra"                    %% "scalatra"                    % ScalatraVersion,
-  "org.scalatra"                    %% "scalatra-json"                % ScalatraVersion,
+  "org.scalatra"                    %% "scalatra-json"               % ScalatraVersion,
-  "org.scalatra"                    %% "scalatra-forms"               % ScalatraVersion,
+  "org.scalatra"                    %% "scalatra-forms"              % ScalatraVersion,
-  "org.json4s"                      %% "json4s-jackson"               % "3.5.3",
+  "org.json4s"                      %% "json4s-jackson"              % "3.5.3",
-  "commons-io"                      %  "commons-io"                   % "2.6",
+  "commons-io"                      % "commons-io"                   % "2.6",
-  "io.github.gitbucket"             %  "solidbase"                    % "1.0.2",
+  "io.github.gitbucket"             % "solidbase"                    % "1.0.2",
-  "io.github.gitbucket"             %  "markedj"                      % "1.0.15",
+  "io.github.gitbucket"             % "markedj"                      % "1.0.15",
-  "org.apache.commons"              %  "commons-compress"             % "1.15",
+  "org.apache.commons"              % "commons-compress"             % "1.15",
-  "org.apache.commons"              %  "commons-email"                % "1.5",
+  "org.apache.commons"              % "commons-email"                % "1.5",
-  "org.apache.httpcomponents"       %  "httpclient"                   % "4.5.4",
+  "org.apache.httpcomponents"       % "httpclient"                   % "4.5.4",
-  "org.apache.sshd"                 %  "apache-sshd"                  % "1.6.0" exclude("org.slf4j","slf4j-jdk14"),
+  "org.apache.sshd"                 % "apache-sshd"                  % "1.6.0" exclude ("org.slf4j", "slf4j-jdk14"),
-  "org.apache.tika"                 %  "tika-core"                    % "1.17",
+  "org.apache.tika"                 % "tika-core"                    % "1.17",
-  "com.github.takezoe"              %% "blocking-slick-32"            % "0.0.10",
+  "com.github.takezoe"              %% "blocking-slick-32"           % "0.0.10",
-  "com.novell.ldap"                 %  "jldap"                        % "2009-10-07",
+  "com.novell.ldap"                 % "jldap"                        % "2009-10-07",
-  "com.h2database"                  %  "h2"                           % "1.4.196",
+  "com.h2database"                  % "h2"                           % "1.4.196",
-  "org.mariadb.jdbc"                %  "mariadb-java-client"          % "2.2.3",
+  "org.mariadb.jdbc"                % "mariadb-java-client"          % "2.2.4",
-  "org.postgresql"                  %  "postgresql"                   % "42.1.4",
+  "org.postgresql"                  % "postgresql"                   % "42.1.4",
-  "ch.qos.logback"                  %  "logback-classic"              % "1.2.3",
+  "ch.qos.logback"                  % "logback-classic"              % "1.2.3",
-  "com.zaxxer"                      %  "HikariCP"                     % "2.7.4",
+  "com.zaxxer"                      % "HikariCP"                     % "2.7.4",
-  "com.typesafe"                    %  "config"                       % "1.3.2",
+  "com.typesafe"                    % "config"                       % "1.3.2",
-  "com.typesafe.akka"               %% "akka-actor"                   % "2.5.8",
+  "com.typesafe.akka"               %% "akka-actor"                  % "2.5.8",
-  "fr.brouillard.oss.security.xhub" %  "xhub4j-core"                  % "1.0.0",
+  "fr.brouillard.oss.security.xhub" % "xhub4j-core"                  % "1.0.0",
-  "com.github.bkromhout"            %  "java-diff-utils"              % "2.1.1",
+  "com.github.bkromhout"            % "java-diff-utils"              % "2.1.1",
-  "org.cache2k"                     %  "cache2k-all"                  % "1.0.1.Final",
+  "org.cache2k"                     % "cache2k-all"                  % "1.0.1.Final",
-  "com.enragedginger"               %% "akka-quartz-scheduler"        % "1.6.1-akka-2.5.x" exclude("c3p0","c3p0"),
+  "com.enragedginger"               %% "akka-quartz-scheduler"       % "1.6.1-akka-2.5.x" exclude ("c3p0", "c3p0"),
-  "net.coobird"                     %  "thumbnailator"                % "0.4.8",
+  "net.coobird"                     % "thumbnailator"                % "0.4.8",
-  "com.github.zafarkhaja"           %  "java-semver"                  % "0.9.0",
+  "com.github.zafarkhaja"           % "java-semver"                  % "0.9.0",
-  "com.nimbusds"                    %  "oauth2-oidc-sdk"              % "5.45",
+  "com.nimbusds"                    % "oauth2-oidc-sdk"              % "5.45",
-  "org.eclipse.jetty"               %  "jetty-webapp"                 % JettyVersion     % "provided",
+  "org.eclipse.jetty"               % "jetty-webapp"                 % JettyVersion % "provided",
-  "javax.servlet"                   %  "javax.servlet-api"            % "3.1.0"          % "provided",
+  "javax.servlet"                   % "javax.servlet-api"            % "3.1.0" % "provided",
-  "junit"                           %  "junit"                        % "4.12"           % "test",
+  "junit"                           % "junit"                        % "4.12" % "test",
-  "org.scalatra"                    %% "scalatra-scalatest"           % ScalatraVersion  % "test",
+  "org.scalatra"                    %% "scalatra-scalatest"          % ScalatraVersion % "test",
-  "org.mockito"                     %  "mockito-core"                 % "2.13.0"         % "test",
+  "org.mockito"                     % "mockito-core"                 % "2.13.0" % "test",
-  "com.wix"                         %  "wix-embedded-mysql"           % "3.0.0"          % "test",
+  "com.wix"                         % "wix-embedded-mysql"           % "3.0.0" % "test",
-  "ru.yandex.qatools.embed"         %  "postgresql-embedded"          % "2.6"            % "test",
+  "ru.yandex.qatools.embed"         % "postgresql-embedded"          % "2.6" % "test",
-  "net.i2p.crypto"                  % "eddsa"                         % "0.2.0",
+  "net.i2p.crypto"                  % "eddsa"                        % "0.2.0",
-  "is.tagomor.woothee"              % "woothee-java"                  % "1.7.0"
+  "is.tagomor.woothee"              % "woothee-java"                 % "1.7.0"
 )
 
 // Compiler settings
-scalacOptions := Seq("-deprecation", "-language:postfixOps", "-opt:l:method")
+scalacOptions := Seq("-deprecation", "-language:postfixOps", "-opt:l:method", "-Xfuture")
 javacOptions in compile ++= Seq("-target", "8", "-source", "8")
 javaOptions in Jetty += "-Dlogback.configurationFile=/logback-dev.xml"
 
 // Test settings
 //testOptions in Test += Tests.Argument("-l", "ExternalDBTest")
 javaOptions in Test += "-Dgitbucket.home=target/gitbucket_home_for_test"
-testOptions in Test += Tests.Setup( () => new java.io.File("target/gitbucket_home_for_test").mkdir() )
+testOptions in Test += Tests.Setup(() => new java.io.File("target/gitbucket_home_for_test").mkdir())
 fork in Test := true
 
 // Packaging options
@@ -85,9 +89,9 @@ packageOptions += Package.MainClass("JettyLauncher")
 test in assembly := {}
 assemblyMergeStrategy in assembly := {
   case PathList("META-INF", xs @ _*) =>
-    (xs map {_.toLowerCase}) match {
+    (xs map { _.toLowerCase }) match {
       case ("manifest.mf" :: Nil) => MergeStrategy.discard
-      case _ => MergeStrategy.discard
+      case _                      => MergeStrategy.discard
     }
   case x => MergeStrategy.first
 }
@@ -109,7 +113,9 @@ javaOptions in Jetty ++= Option(System.getenv().get("JREBEL")).toSeq.flatMap { p
 
 // Exclude a war file from published artifacts
 signedArtifacts := {
-  signedArtifacts.value.filterNot { case (_, file) => file.getName.endsWith(".war") || file.getName.endsWith(".war.asc") }
+  signedArtifacts.value.filterNot {
+    case (_, file) => file.getName.endsWith(".war") || file.getName.endsWith(".war.asc")
+  }
 }
 
 // Create executable war file
@@ -132,32 +138,31 @@ executableKey := {
   import java.util.jar.Attributes.{Name => AttrName}
   import java.util.jar.{Manifest => JarManifest}
 
-  val workDir   = Keys.target.value / "executable"
+  val workDir = Keys.target.value / "executable"
-  val warName   = Keys.name.value + ".war"
+  val warName = Keys.name.value + ".war"
 
-  val log       = streams.value.log
+  val log = streams.value.log
   log info s"building executable webapp in ${workDir}"
 
   // initialize temp directory
-  val temp  = workDir / "webapp"
+  val temp = workDir / "webapp"
   IO delete temp
 
   // include jetty classes
   val jettyJars = Keys.update.value select configurationFilter(name = ExecutableConfig.name)
   jettyJars foreach { jar =>
-    IO unzip (jar, temp, (name:String) =>
+    IO unzip (jar, temp, (name: String) =>
       (name startsWith "javax/") ||
-      (name startsWith "org/")
+        (name startsWith "org/"))
-    )
   }
 
   // include original war file
-  val warFile   = (Keys.`package`).value
+  val warFile = (Keys.`package`).value
   IO unzip (warFile, temp)
 
   // include launcher classes
-  val classDir      = (Keys.classDirectory in Compile).value
+  val classDir = (Keys.classDirectory in Compile).value
-  val launchClasses = Seq("JettyLauncher.class" /*, "HttpsSupportConnector.class" */)
+  val launchClasses = Seq("JettyLauncher.class" /*, "HttpsSupportConnector.class" */ )
   launchClasses foreach { name =>
     IO copyFile (classDir / name, temp / name)
   }
@@ -165,32 +170,34 @@ executableKey := {
   // include plugins
   val pluginsDir = temp / "WEB-INF" / "classes" / "plugins"
   IO createDirectory (pluginsDir)
-  IO copyFile(Keys.baseDirectory.value / "plugins.json", pluginsDir / "plugins.json")
+  IO copyFile (Keys.baseDirectory.value / "plugins.json", pluginsDir / "plugins.json")
 
-  val json = IO read(Keys.baseDirectory.value / "plugins.json")
+  val json = IO read (Keys.baseDirectory.value / "plugins.json")
   PluginsJson.getUrls(json).foreach { url =>
     log info s"Download: ${url}"
-    IO transfer(new java.net.URL(url).openStream, pluginsDir / url.substring(url.lastIndexOf("/") + 1))
+    IO transfer (new java.net.URL(url).openStream, pluginsDir / url.substring(url.lastIndexOf("/") + 1))
   }
 
   // zip it up
   IO delete (temp / "META-INF" / "MANIFEST.MF")
-  val contentMappings   = (temp.allPaths --- PathFinder(temp)).get pair { file => IO.relativizeFile(temp, file) }
+  val contentMappings = (temp.allPaths --- PathFinder(temp)).get pair { file =>
-  val manifest          = new JarManifest
+    IO.relativizeFile(temp, file)
+  }
+  val manifest = new JarManifest
   manifest.getMainAttributes put (AttrName.MANIFEST_VERSION, "1.0")
-  manifest.getMainAttributes put (AttrName.MAIN_CLASS,       "JettyLauncher")
+  manifest.getMainAttributes put (AttrName.MAIN_CLASS, "JettyLauncher")
-  val outputFile    = workDir / warName
+  val outputFile = workDir / warName
-  IO jar (contentMappings.map { case (file, path) => (file, path.toString) } , outputFile, manifest)
+  IO jar (contentMappings.map { case (file, path) => (file, path.toString) }, outputFile, manifest)
 
   // generate checksums
   Seq(
-    "md5"    -> "MD5",
+    "md5" -> "MD5",
-    "sha1"   -> "SHA-1",
+    "sha1" -> "SHA-1",
     "sha256" -> "SHA-256"
-  )
+  ).foreach {
-  .foreach { case (extension, algorithm) =>
+    case (extension, algorithm) =>
-    val checksumFile = workDir / (warName + "." + extension)
+      val checksumFile = workDir / (warName + "." + extension)
-    Checksums generate (outputFile, checksumFile, algorithm)
+      Checksums generate (outputFile, checksumFile, algorithm)
   }
 
   // done
@@ -200,10 +207,12 @@ executableKey := {
 publishTo := {
   val nexus = "https://oss.sonatype.org/"
   if (version.value.trim.endsWith("SNAPSHOT")) Some("snapshots" at nexus + "content/repositories/snapshots")
-  else                                         Some("releases"  at nexus + "service/local/staging/deploy/maven2")
+  else Some("releases" at nexus + "service/local/staging/deploy/maven2")
 }
 publishMavenStyle := true
-pomIncludeRepository := { _ => false }
+pomIncludeRepository := { _ =>
+  false
+}
 pomExtra := (
   <url>https://github.com/gitbucket/gitbucket</url>
   <licenses>

doc/comment_action.md

@@ -6,22 +6,26 @@ The details are saved at `ISSUE_COMMENT` table.
 To determine if it was any operation, you see the `ACTION` column.
 And in the case of some actions, `CONTENT` column value contains additional information.
 
-|ACTION          |CONTENT               |
+|ACTION          |CONTENT                   |
-|----------------|----------------------|
+|----------------|--------------------------|
-|comment         |comment               |
+|comment         |comment                   |
-|close_comment   |comment               |
+|close_comment   |comment                   |
-|reopen_comment  |comment               |
+|reopen_comment  |comment                   |
-|close           |"Close"               |
+|close           |"Close"                   |
-|reopen          |"Reopen"              |
+|reopen          |"Reopen"                  |
-|commit          |comment commitId      |
+|commit          |comment commitId          |
-|merge           |comment               |
+|merge           |comment                   |
-|delete_branch   |branchName            |
+|delete_branch   |branchName                |
-|refer           |issueId:title         |
+|refer           |issueId:title             |
-|add_label       |labelName             |
+|add_label       |labelName                 |
-|delete_label    |labelName             |
+|delete_label    |labelName                 |
-|change_priority |oldPriority:priority  |
+|change_priority |oldPriority:priority      |
-|change_milestone|oldMilestone:milestone|
+|change_milestone|oldMilestone:milestone    |
-|assign          |oldAssigned:assigned  |
+|assign          |oldAssigned:assigned      |
+|change_title    |oldTitle(CRLF)title \[1\] |
+
+\[1\]: (CRLF) is "\r\n"
+
 
 ### comment
 
@@ -79,3 +83,7 @@ This value is saved when users have changed the milestone.
 ### assign
 
 This value is saved when users have assign issue/PR to user or remove the assign.
+
+### change_title
+
+This value is saved when users have changed the title.

plugins.json

@@ -31,9 +31,9 @@
     "description": "Provides Gist feature on GitBucket.",
     "versions": [
       {
-        "version": "4.13.0",
+        "version": "4.15.0",
-        "range": ">=4.23.0",
+        "range": ">=4.25.0",
-        "url": "https://github.com/gitbucket/gitbucket-gist-plugin/releases/download/4.13.0/gitbucket-gist-plugin-assembly-4.13.0.jar"
+        "url": "https://github.com/gitbucket/gitbucket-gist-plugin/releases/download/4.15.0/gitbucket-gist-plugin-gitbucket_4.25.0-4.15.0.jar"
       }
     ],
     "default": false

project/Checksums.scala

@@ -6,29 +6,31 @@ import io._
 object Checksums {
   private val bufferSize = 2048
 
-  def generate(source:File, target:File, algorithm:String):Unit =
+  def generate(source: File, target: File, algorithm: String): Unit =
-      sbt.IO write (target, compute(source, algorithm))
+    sbt.IO write (target, compute(source, algorithm))
 
-  def compute(file:File, algorithm:String):String =
+  def compute(file: File, algorithm: String): String =
-      hex(raw(file, algorithm))
+    hex(raw(file, algorithm))
 
-  def raw(file:File, algorithm:String):Array[Byte]    =
+  def raw(file: File, algorithm: String): Array[Byte] =
-      (Using fileInputStream file) { is =>
+    (Using fileInputStream file) { is =>
-        val md  = MessageDigest getInstance algorithm
+      val md = MessageDigest getInstance algorithm
-        val buf = new Array[Byte](bufferSize)
+      val buf = new Array[Byte](bufferSize)
-        md.reset()
+      md.reset()
-        @tailrec
+      @tailrec
-        def loop() {
+      def loop(): Unit = {
-          val len = is read buf
+        val len = is read buf
-          if (len != -1) {
+        if (len != -1) {
-            md update (buf, 0, len)
+          md update (buf, 0, len)
-            loop()
+          loop()
-          }
         }
-        loop()
-        md.digest()
       }
+      loop()
+      md.digest()
+    }
 
-  def hex(bytes:Array[Byte]):String =
+  def hex(bytes: Array[Byte]): String =
-      bytes map { it => "%02x" format (it.toInt & 0xff) } mkString ""
+    bytes map { it =>
+      "%02x" format (it.toInt & 0xff)
+    } mkString ""
 }

project/PluginsJson.scala

@@ -13,4 +13,3 @@ object PluginsJson {
   }
 
 }
-

project/build.properties

@@ -1 +1 @@
-sbt.version=1.1.1
+sbt.version=1.1.5

project/plugins.sbt

@@ -1,10 +1,11 @@
 scalacOptions ++= Seq("-unchecked", "-deprecation", "-feature")
 
-addSbtPlugin("com.typesafe.sbt"     % "sbt-twirl"         % "1.3.13")
+addSbtPlugin("com.geirsson"     % "sbt-scalafmt" % "1.5.0")
-addSbtPlugin("com.eed3si9n"         % "sbt-assembly"      % "0.14.5")
+addSbtPlugin("com.typesafe.sbt" % "sbt-twirl"    % "1.3.13")
+addSbtPlugin("com.eed3si9n"     % "sbt-assembly" % "0.14.5")
 //addSbtPlugin("com.earldouglas"      % "xsbt-web-plugin"   % "4.0.0")
 //addSbtPlugin("fi.gekkio.sbtplugins" % "sbt-jrebel-plugin" % "0.10.0")
-addSbtPlugin("org.scalatra.sbt"     % "sbt-scalatra"      % "1.0.1")
+addSbtPlugin("org.scalatra.sbt" % "sbt-scalatra" % "1.0.1")
-addSbtPlugin("com.jsuereth"         % "sbt-pgp"           % "1.1.0")
+addSbtPlugin("com.jsuereth"     % "sbt-pgp"      % "1.1.0")
 addSbtCoursier
-addSbtPlugin("com.typesafe.sbt"     % "sbt-license-report" % "1.2.0")
+addSbtPlugin("com.typesafe.sbt" % "sbt-license-report" % "1.2.0")

src/main/resources/update/gitbucket-core_4.24.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<changeSet>
+  <createTable tableName="ACCOUNT_EXTRA_MAIL_ADDRESS">
+    <column name="USER_NAME" type="varchar(100)" nullable="false"/>
+    <column name="EXTRA_MAIL_ADDRESS" type="varchar(100)" nullable="false"/>
+  </createTable>
+
+  <addPrimaryKey constraintName="IDX_ACCOUNT_EXTRA_MAIL_ADDRESS_PK" tableName="ACCOUNT_EXTRA_MAIL_ADDRESS" columnNames="USER_NAME, EXTRA_MAIL_ADDRESS"/>
+  <addUniqueConstraint constraintName="IDX_ACCOUNT_EXTRA_MAIL_ADDRESS_1" tableName="ACCOUNT_EXTRA_MAIL_ADDRESS" columnNames="EXTRA_MAIL_ADDRESS"/>
+</changeSet>

src/main/resources/update/gitbucket-core_4.25.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<changeSet>
+  <modifyDataType columnName="PASSWORD" newDataType="varchar(200)" tableName="ACCOUNT"/>
+
+  <delete tableName="ACCOUNT_EXTRA_MAIL_ADDRESS">
+    <where>EXTRA_MAIL_ADDRESS = ''</where>
+  </delete>
+</changeSet>

src/main/scala/ScalatraBootstrap.scala

@@ -1,4 +1,3 @@
-
 import java.util.EnumSet
 import javax.servlet._
 
@@ -9,28 +8,35 @@ import gitbucket.core.servlet._
 import gitbucket.core.util.Directory
 import org.scalatra._
 
-
 class ScalatraBootstrap extends LifeCycle with SystemSettingsService {
-  override def init(context: ServletContext) {
+  override def init(context: ServletContext): Unit = {
 
     val settings = loadSystemSettings()
-    if(settings.baseUrl.exists(_.startsWith("https://"))) {
+    if (settings.baseUrl.exists(_.startsWith("https://"))) {
       context.getSessionCookieConfig.setSecure(true)
     }
 
     // Register TransactionFilter and BasicAuthenticationFilter at first
     context.addFilter("transactionFilter", new TransactionFilter)
-    context.getFilterRegistration("transactionFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
+    context
+      .getFilterRegistration("transactionFilter")
+      .addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
     context.addFilter("gitAuthenticationFilter", new GitAuthenticationFilter)
-    context.getFilterRegistration("gitAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/git/*")
+    context
+      .getFilterRegistration("gitAuthenticationFilter")
+      .addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/git/*")
     context.addFilter("apiAuthenticationFilter", new ApiAuthenticationFilter)
-    context.getFilterRegistration("apiAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/api/v3/*")
+    context
+      .getFilterRegistration("apiAuthenticationFilter")
+      .addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/api/*")
 
     // Register controllers
     context.mount(new PreProcessController, "/*")
 
     context.addFilter("pluginControllerFilter", new PluginControllerFilter)
-    context.getFilterRegistration("pluginControllerFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
+    context
+      .getFilterRegistration("pluginControllerFilter")
+      .addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
 
     context.mount(new FileUploadController, "/upload")
 
@@ -51,11 +57,13 @@ class ScalatraBootstrap extends LifeCycle with SystemSettingsService {
     filter.mount(new RepositorySettingsController, "/*")
 
     context.addFilter("compositeScalatraFilter", filter)
-    context.getFilterRegistration("compositeScalatraFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
+    context
+      .getFilterRegistration("compositeScalatraFilter")
+      .addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
 
     // Create GITBUCKET_HOME directory if it does not exist
     val dir = new java.io.File(Directory.GitBucketHome)
-    if(!dir.exists){
+    if (!dir.exists) {
       dir.mkdirs()
     }
   }

src/main/scala/gitbucket/core/GitBucketCoreModule.scala

@@ -3,61 +3,56 @@ package gitbucket.core
 import io.github.gitbucket.solidbase.migration.{SqlMigration, LiquibaseMigration}
 import io.github.gitbucket.solidbase.model.{Version, Module}
 
-object GitBucketCoreModule extends Module("gitbucket-core",
+object GitBucketCoreModule
-  new Version("4.0.0",
+    extends Module(
-    new LiquibaseMigration("update/gitbucket-core_4.0.xml"),
+      "gitbucket-core",
-    new SqlMigration("update/gitbucket-core_4.0.sql")
+      new Version(
-  ),
+        "4.0.0",
-  new Version("4.1.0"),
+        new LiquibaseMigration("update/gitbucket-core_4.0.xml"),
-  new Version("4.2.0",
+        new SqlMigration("update/gitbucket-core_4.0.sql")
-    new LiquibaseMigration("update/gitbucket-core_4.2.xml")
+      ),
-  ),
+      new Version("4.1.0"),
-  new Version("4.2.1"),
+      new Version("4.2.0", new LiquibaseMigration("update/gitbucket-core_4.2.xml")),
-  new Version("4.3.0"),
+      new Version("4.2.1"),
-  new Version("4.4.0"),
+      new Version("4.3.0"),
-  new Version("4.5.0"),
+      new Version("4.4.0"),
-  new Version("4.6.0",
+      new Version("4.5.0"),
-    new LiquibaseMigration("update/gitbucket-core_4.6.xml")
+      new Version("4.6.0", new LiquibaseMigration("update/gitbucket-core_4.6.xml")),
-  ),
+      new Version(
-  new Version("4.7.0",
+        "4.7.0",
-    new LiquibaseMigration("update/gitbucket-core_4.7.xml"),
+        new LiquibaseMigration("update/gitbucket-core_4.7.xml"),
-    new SqlMigration("update/gitbucket-core_4.7.sql")
+        new SqlMigration("update/gitbucket-core_4.7.sql")
-  ),
+      ),
-  new Version("4.7.1"),
+      new Version("4.7.1"),
-  new Version("4.8"),
+      new Version("4.8"),
-  new Version("4.9.0",
+      new Version("4.9.0", new LiquibaseMigration("update/gitbucket-core_4.9.xml")),
-    new LiquibaseMigration("update/gitbucket-core_4.9.xml")
+      new Version("4.10.0"),
-  ),
+      new Version("4.11.0", new LiquibaseMigration("update/gitbucket-core_4.11.xml")),
-  new Version("4.10.0"),
+      new Version("4.12.0"),
-  new Version("4.11.0",
+      new Version("4.12.1"),
-    new LiquibaseMigration("update/gitbucket-core_4.11.xml")
+      new Version("4.13.0"),
-  ),
+      new Version(
-  new Version("4.12.0"),
+        "4.14.0",
-  new Version("4.12.1"),
+        new LiquibaseMigration("update/gitbucket-core_4.14.xml"),
-  new Version("4.13.0"),
+        new SqlMigration("update/gitbucket-core_4.14.sql")
-  new Version("4.14.0",
+      ),
-    new LiquibaseMigration("update/gitbucket-core_4.14.xml"),
+      new Version("4.14.1"),
-    new SqlMigration("update/gitbucket-core_4.14.sql")
+      new Version("4.15.0"),
-  ),
+      new Version("4.16.0"),
-  new Version("4.14.1"),
+      new Version("4.17.0"),
-  new Version("4.15.0"),
+      new Version("4.18.0"),
-  new Version("4.16.0"),
+      new Version("4.19.0"),
-  new Version("4.17.0"),
+      new Version("4.19.1"),
-  new Version("4.18.0"),
+      new Version("4.19.2"),
-  new Version("4.19.0"),
+      new Version("4.19.3"),
-  new Version("4.19.1"),
+      new Version("4.20.0"),
-  new Version("4.19.2"),
+      new Version("4.21.0", new LiquibaseMigration("update/gitbucket-core_4.21.xml")),
-  new Version("4.19.3"),
+      new Version("4.21.1"),
-  new Version("4.20.0"),
+      new Version("4.21.2"),
-  new Version("4.21.0",
+      new Version("4.22.0", new LiquibaseMigration("update/gitbucket-core_4.22.xml")),
-    new LiquibaseMigration("update/gitbucket-core_4.21.xml")
+      new Version("4.23.0", new LiquibaseMigration("update/gitbucket-core_4.23.xml")),
-  ),
+      new Version("4.23.1"),
-  new Version("4.21.1"),
+      new Version("4.24.0", new LiquibaseMigration("update/gitbucket-core_4.24.xml")),
-  new Version("4.21.2"),
+      new Version("4.24.1"),
-  new Version("4.22.0",
+      new Version("4.25.0", new LiquibaseMigration("update/gitbucket-core_4.25.xml"))
-    new LiquibaseMigration("update/gitbucket-core_4.22.xml")
+    )
-  ),
-  new Version("4.23.0",
-    new LiquibaseMigration("update/gitbucket-core_4.23.xml")
-  )
-)

src/main/scala/gitbucket/core/api/ApiBranch.scala

@@ -6,13 +6,14 @@ import gitbucket.core.util.RepositoryName
  * https://developer.github.com/v3/repos/#get-branch
  * https://developer.github.com/v3/repos/#enabling-and-disabling-branch-protection
  */
-case class ApiBranch(
+case class ApiBranch(name: String, commit: ApiBranchCommit, protection: ApiBranchProtection)(
-  name: String,
+  repositoryName: RepositoryName
-  commit: ApiBranchCommit,
+) extends FieldSerializable {
-  protection: ApiBranchProtection)(repositoryName:RepositoryName) extends FieldSerializable {
+  def _links =
-  def _links = Map(
+    Map(
-   "self" -> ApiPath(s"/api/v3/repos/${repositoryName.fullName}/branches/${name}"),
+      "self" -> ApiPath(s"/api/v3/repos/${repositoryName.fullName}/branches/${name}"),
-   "html" -> ApiPath(s"/${repositoryName.fullName}/tree/${name}"))
+      "html" -> ApiPath(s"/${repositoryName.fullName}/tree/${name}")
+    )
 }
 
 case class ApiBranchCommit(sha: String)

src/main/scala/gitbucket/core/api/ApiBranchProtection.scala

@@ -4,17 +4,22 @@ import gitbucket.core.service.ProtectedBranchService
 import org.json4s._
 
 /** https://developer.github.com/v3/repos/#enabling-and-disabling-branch-protection */
-case class ApiBranchProtection(enabled: Boolean, required_status_checks: Option[ApiBranchProtection.Status]){
+case class ApiBranchProtection(enabled: Boolean, required_status_checks: Option[ApiBranchProtection.Status]) {
   def status: ApiBranchProtection.Status = required_status_checks.getOrElse(ApiBranchProtection.statusNone)
 }
 
-object ApiBranchProtection{
+object ApiBranchProtection {
+
   /** form for enabling-and-disabling-branch-protection */
   case class EnablingAndDisabling(protection: ApiBranchProtection)
 
-  def apply(info: ProtectedBranchService.ProtectedBranchInfo): ApiBranchProtection = ApiBranchProtection(
+  def apply(info: ProtectedBranchService.ProtectedBranchInfo): ApiBranchProtection =
-    enabled = info.enabled,
+    ApiBranchProtection(
-    required_status_checks = Some(Status(EnforcementLevel(info.enabled && info.contexts.nonEmpty, info.includeAdministrators), info.contexts)))
+      enabled = info.enabled,
+      required_status_checks = Some(
+        Status(EnforcementLevel(info.enabled && info.contexts.nonEmpty, info.includeAdministrators), info.contexts)
+      )
+    )
   val statusNone = Status(Off, Seq.empty)
   case class Status(enforcement_level: EnforcementLevel, contexts: Seq[String])
   sealed class EnforcementLevel(val name: String)
@@ -22,25 +27,28 @@ object ApiBranchProtection{
   case object NonAdmins extends EnforcementLevel("non_admins")
   case object Everyone extends EnforcementLevel("everyone")
   object EnforcementLevel {
-    def apply(enabled: Boolean, includeAdministrators: Boolean): EnforcementLevel = if(enabled){
+    def apply(enabled: Boolean, includeAdministrators: Boolean): EnforcementLevel =
-      if(includeAdministrators){
+      if (enabled) {
-        Everyone
+        if (includeAdministrators) {
-      }else{
+          Everyone
-        NonAdmins
+        } else {
+          NonAdmins
+        }
+      } else {
+        Off
       }
-    }else{
-      Off
-    }
   }
 
-  implicit val enforcementLevelSerializer = new CustomSerializer[EnforcementLevel](format => (
+  implicit val enforcementLevelSerializer = new CustomSerializer[EnforcementLevel](
-   {
+    format =>
-     case JString("off") => Off
+      (
-     case JString("non_admins") => NonAdmins
+        {
-     case JString("everyone") => Everyone
+          case JString("off")        => Off
-   },
+          case JString("non_admins") => NonAdmins
-   {
+          case JString("everyone")   => Everyone
-     case x: EnforcementLevel => JString(x.name)
+        }, {
-   }
+          case x: EnforcementLevel => JString(x.name)
- ))
+        }
+    )
+  )
 }

src/main/scala/gitbucket/core/api/ApiCombinedCommitStatus.scala

@@ -2,7 +2,6 @@ package gitbucket.core.api
 
 import gitbucket.core.model.{Account, CommitState, CommitStatus}
 
-
 /**
  * https://developer.github.com/v3/repos/statuses/#get-the-combined-status-for-a-specific-ref
  */
@@ -11,15 +10,22 @@ case class ApiCombinedCommitStatus(
   sha: String,
   total_count: Int,
   statuses: Iterable[ApiCommitStatus],
-  repository: ApiRepository){
+  repository: ApiRepository
+) {
   // val commit_url = ApiPath(s"/api/v3/repos/${repository.full_name}/${sha}")
   val url = ApiPath(s"/api/v3/repos/${repository.full_name}/commits/${sha}/status")
 }
 object ApiCombinedCommitStatus {
-  def apply(sha:String, statuses: Iterable[(CommitStatus, Account)], repository:ApiRepository): ApiCombinedCommitStatus = ApiCombinedCommitStatus(
+  def apply(
-    state      = CommitState.combine(statuses.map(_._1.state).toSet).name,
+    sha: String,
-    sha        = sha,
+    statuses: Iterable[(CommitStatus, Account)],
-    total_count= statuses.size,
+    repository: ApiRepository
-    statuses   = statuses.map{ case (s, a)=> ApiCommitStatus(s, ApiUser(a)) },
+  ): ApiCombinedCommitStatus =
-    repository = repository)
+    ApiCombinedCommitStatus(
+      state = CommitState.combine(statuses.map(_._1.state).toSet).name,
+      sha = sha,
+      total_count = statuses.size,
+      statuses = statuses.map { case (s, a) => ApiCommitStatus(s, ApiUser(a)) },
+      repository = repository
+    )
 }

src/main/scala/gitbucket/core/api/ApiComment.scala

@@ -5,25 +5,32 @@ import gitbucket.core.util.RepositoryName
 
 import java.util.Date
 
-
 /**
  * https://developer.github.com/v3/issues/comments/
  */
-case class ApiComment(
+case class ApiComment(id: Int, user: ApiUser, body: String, created_at: Date, updated_at: Date)(
-  id: Int,
+  repositoryName: RepositoryName,
-  user: ApiUser,
+  issueId: Int,
-  body: String,
+  isPullRequest: Boolean
-  created_at: Date,
+) {
-  updated_at: Date)(repositoryName: RepositoryName, issueId: Int, isPullRequest: Boolean){
+  val html_url = ApiPath(
-  val html_url = ApiPath(s"/${repositoryName.fullName}/${if(isPullRequest){ "pull" }else{ "issues" }}/${issueId}#comment-${id}")
+    s"/${repositoryName.fullName}/${if (isPullRequest) { "pull" } else { "issues" }}/${issueId}#comment-${id}"
+  )
 }
 
-object ApiComment{
+object ApiComment {
-  def apply(comment: IssueComment, repositoryName: RepositoryName, issueId: Int, user: ApiUser, isPullRequest: Boolean): ApiComment =
+  def apply(
+    comment: IssueComment,
+    repositoryName: RepositoryName,
+    issueId: Int,
+    user: ApiUser,
+    isPullRequest: Boolean
+  ): ApiComment =
     ApiComment(
       id = comment.commentId,
       user = user,
       body = comment.content,
       created_at = comment.registeredDate,
-      updated_at = comment.updatedDate)(repositoryName, issueId, isPullRequest)
+      updated_at = comment.updatedDate
+    )(repositoryName, issueId, isPullRequest)
 }

src/main/scala/gitbucket/core/api/ApiCommit.scala

@@ -20,38 +20,41 @@ case class ApiCommit(
   removed: List[String],
   modified: List[String],
   author: ApiPersonIdent,
-  committer: ApiPersonIdent)(repositoryName:RepositoryName, urlIsHtmlUrl: Boolean) extends FieldSerializable{
+  committer: ApiPersonIdent
-  val url = if(urlIsHtmlUrl){
+)(repositoryName: RepositoryName, urlIsHtmlUrl: Boolean)
+    extends FieldSerializable {
+  val url = if (urlIsHtmlUrl) {
     ApiPath(s"/${repositoryName.fullName}/commit/${id}")
-  }else{
+  } else {
     ApiPath(s"/api/v3/${repositoryName.fullName}/commits/${id}")
   }
-  val html_url = if(urlIsHtmlUrl){
+  val html_url = if (urlIsHtmlUrl) {
     None
-  }else{
+  } else {
     Some(ApiPath(s"/${repositoryName.fullName}/commit/${id}"))
   }
 }
 
-object ApiCommit{
+object ApiCommit {
   def apply(git: Git, repositoryName: RepositoryName, commit: CommitInfo, urlIsHtmlUrl: Boolean = false): ApiCommit = {
     val diffs = JGitUtil.getDiffs(git, None, commit.id, false, false)
     ApiCommit(
-      id        = commit.id,
+      id = commit.id,
-      message   = commit.fullMessage,
+      message = commit.fullMessage,
       timestamp = commit.commitTime,
-      added     = diffs.collect {
+      added = diffs.collect {
-        case x if x.changeType == DiffEntry.ChangeType.ADD    => x.newPath
+        case x if x.changeType == DiffEntry.ChangeType.ADD => x.newPath
       },
-      removed   = diffs.collect {
+      removed = diffs.collect {
         case x if x.changeType == DiffEntry.ChangeType.DELETE => x.oldPath
       },
-      modified  = diffs.collect {
+      modified = diffs.collect {
         case x if x.changeType != DiffEntry.ChangeType.ADD && x.changeType != DiffEntry.ChangeType.DELETE => x.newPath
       },
-      author    = ApiPersonIdent.author(commit),
+      author = ApiPersonIdent.author(commit),
       committer = ApiPersonIdent.committer(commit)
     )(repositoryName, urlIsHtmlUrl)
   }
-  def forWebhookPayload(git: Git, repositoryName: RepositoryName, commit: CommitInfo): ApiCommit = apply(git, repositoryName, commit, true)
+  def forWebhookPayload(git: Git, repositoryName: RepositoryName, commit: CommitInfo): ApiCommit =
+    apply(git, repositoryName, commit, true)
 }

src/main/scala/gitbucket/core/api/ApiCommitListItem.scala

@@ -4,7 +4,6 @@ import gitbucket.core.api.ApiCommitListItem._
 import gitbucket.core.util.JGitUtil.CommitInfo
 import gitbucket.core.util.RepositoryName
 
-
 /**
  * https://developer.github.com/v3/repos/commits/
  */
@@ -13,30 +12,33 @@ case class ApiCommitListItem(
   commit: Commit,
   author: Option[ApiUser],
   committer: Option[ApiUser],
-  parents: Seq[Parent])(repositoryName: RepositoryName) {
+  parents: Seq[Parent]
+)(repositoryName: RepositoryName) {
   val url = ApiPath(s"/api/v3/repos/${repositoryName.fullName}/commits/${sha}")
 }
 
 object ApiCommitListItem {
-  def apply(commit: CommitInfo, repositoryName: RepositoryName): ApiCommitListItem = ApiCommitListItem(
+  def apply(commit: CommitInfo, repositoryName: RepositoryName): ApiCommitListItem =
-    sha    = commit.id,
+    ApiCommitListItem(
-    commit = Commit(
+      sha = commit.id,
-      message   = commit.fullMessage,
+      commit = Commit(
-      author    = ApiPersonIdent.author(commit),
+        message = commit.fullMessage,
-      committer = ApiPersonIdent.committer(commit)
+        author = ApiPersonIdent.author(commit),
+        committer = ApiPersonIdent.committer(commit)
       )(commit.id, repositoryName),
-    author    = None,
+      author = None,
-    committer = None,
+      committer = None,
-    parents   = commit.parents.map(Parent(_)(repositoryName)))(repositoryName)
+      parents = commit.parents.map(Parent(_)(repositoryName))
+    )(repositoryName)
 
-  case class Parent(sha: String)(repositoryName: RepositoryName){
+  case class Parent(sha: String)(repositoryName: RepositoryName) {
     val url = ApiPath(s"/api/v3/repos/${repositoryName.fullName}/commits/${sha}")
   }
 
-  case class Commit(
+  case class Commit(message: String, author: ApiPersonIdent, committer: ApiPersonIdent)(
-    message: String,
+    sha: String,
-    author: ApiPersonIdent,
+    repositoryName: RepositoryName
-    committer: ApiPersonIdent)(sha:String, repositoryName: RepositoryName) {
+  ) {
     val url = ApiPath(s"/api/v3/repos/${repositoryName.fullName}/git/commits/${sha}")
   }
 }

src/main/scala/gitbucket/core/api/ApiCommitStatus.scala

@@ -5,7 +5,6 @@ import gitbucket.core.util.RepositoryName
 
 import java.util.Date
 
-
 /**
  * https://developer.github.com/v3/repos/statuses/#create-a-status
  * https://developer.github.com/v3/repos/statuses/#list-statuses-for-a-specific-ref
@@ -23,16 +22,16 @@ case class ApiCommitStatus(
   val url = ApiPath(s"/api/v3/repos/${repositoryName.fullName}/commits/${sha}/statuses")
 }
 
-
 object ApiCommitStatus {
-  def apply(status: CommitStatus, creator:ApiUser): ApiCommitStatus = ApiCommitStatus(
+  def apply(status: CommitStatus, creator: ApiUser): ApiCommitStatus =
-    created_at = status.registeredDate,
+    ApiCommitStatus(
-    updated_at = status.updatedDate,
+      created_at = status.registeredDate,
-    state      = status.state.name,
+      updated_at = status.updatedDate,
-    target_url = status.targetUrl,
+      state = status.state.name,
-    description= status.description,
+      target_url = status.targetUrl,
-    id         = status.commitStatusId,
+      description = status.description,
-    context    = status.context,
+      id = status.commitStatusId,
-    creator    = creator
+      context = status.context,
-  )(status.commitId, RepositoryName(status))
+      creator = creator
+    )(status.commitId, RepositoryName(status))
 }

src/main/scala/gitbucket/core/api/ApiCommits.scala

@@ -51,20 +51,25 @@ object ApiCommits {
     patch: String
   )
 
-
+  def apply(
-  def apply(repositoryName: RepositoryName, commitInfo: CommitInfo, diffs: Seq[DiffInfo], author: Account, committer: Account,
+    repositoryName: RepositoryName,
-            commentCount: Int): ApiCommits = {
+    commitInfo: CommitInfo,
+    diffs: Seq[DiffInfo],
+    author: Account,
+    committer: Account,
+    commentCount: Int
+  ): ApiCommits = {
     val files = diffs.map { diff =>
       var additions = 0
       var deletions = 0
 
       diff.patch.getOrElse("").split("\n").foreach { line =>
-        if(line.startsWith("+")) additions = additions + 1
+        if (line.startsWith("+")) additions = additions + 1
-        if(line.startsWith("-")) deletions = deletions + 1
+        if (line.startsWith("-")) deletions = deletions + 1
       }
 
       File(
-        filename = if(diff.changeType == ChangeType.DELETE){ diff.oldPath } else { diff.newPath },
+        filename = if (diff.changeType == ChangeType.DELETE) { diff.oldPath } else { diff.newPath },
         additions = additions,
         deletions = deletions,
         changes = additions + deletions,
@@ -75,12 +80,12 @@ object ApiCommits {
           case ChangeType.RENAME => "renamed"
           case ChangeType.COPY   => "copied"
         },
-        raw_url = if(diff.changeType == ChangeType.DELETE){
+        raw_url = if (diff.changeType == ChangeType.DELETE) {
           ApiPath(s"/${repositoryName.fullName}/raw/${commitInfo.parents.head}/${diff.oldPath}")
         } else {
           ApiPath(s"/${repositoryName.fullName}/raw/${commitInfo.id}/${diff.newPath}")
         },
-        blob_url = if(diff.changeType == ChangeType.DELETE){
+        blob_url = if (diff.changeType == ChangeType.DELETE) {
           ApiPath(s"/${repositoryName.fullName}/blob/${commitInfo.parents.head}/${diff.oldPath}")
         } else {
           ApiPath(s"/${repositoryName.fullName}/blob/${commitInfo.id}/${diff.newPath}")

src/main/scala/gitbucket/core/api/ApiContents.scala

@@ -11,18 +11,29 @@ case class ApiContents(
   path: String,
   sha: String,
   content: Option[String],
-  encoding: Option[String])(repositoryName: RepositoryName){
+  encoding: Option[String]
+)(repositoryName: RepositoryName) {
   val download_url = ApiPath(s"/api/v3/repos/${repositoryName.fullName}/raw/${sha}/${path}")
 }
 
-object ApiContents{
+object ApiContents {
   def apply(fileInfo: FileInfo, repositoryName: RepositoryName, content: Option[Array[Byte]]): ApiContents = {
-    if(fileInfo.isDirectory) {
+    if (fileInfo.isDirectory) {
       ApiContents("dir", fileInfo.name, fileInfo.path, fileInfo.commitId, None, None)(repositoryName)
     } else {
-      content.map(arr =>
+      content
-        ApiContents("file", fileInfo.name, fileInfo.path, fileInfo.commitId, Some(Base64.getEncoder.encodeToString(arr)), Some("base64"))(repositoryName)
+        .map(
-      ).getOrElse(ApiContents("file", fileInfo.name, fileInfo.path, fileInfo.commitId, None, None)(repositoryName))
+          arr =>
+            ApiContents(
+              "file",
+              fileInfo.name,
+              fileInfo.path,
+              fileInfo.commitId,
+              Some(Base64.getEncoder.encodeToString(arr)),
+              Some("base64")
+            )(repositoryName)
+        )
+        .getOrElse(ApiContents("file", fileInfo.name, fileInfo.path, fileInfo.commitId, None, None)(repositoryName))
     }
   }
 }

src/main/scala/gitbucket/core/api/ApiEndPoint.scala

@@ -1,3 +1,3 @@
 package gitbucket.core.api
 
-case class ApiEndPoint(rate_limit_url: ApiPath = ApiPath("/api/v3/rate_limit"))
+case class ApiEndPoint(rate_limit_url: ApiPath = ApiPath("/api/v3/rate_limit"))

src/main/scala/gitbucket/core/api/ApiError.scala

@@ -1,5 +1,3 @@
 package gitbucket.core.api
 
-case class ApiError(
+case class ApiError(message: String, documentation_url: Option[String] = None)
-  message: String,
-  documentation_url: Option[String] = None)

src/main/scala/gitbucket/core/api/ApiIssue.scala

@@ -5,7 +5,6 @@ import gitbucket.core.util.RepositoryName
 
 import java.util.Date
 
-
 /**
  * https://developer.github.com/v3/issues/
  */
@@ -17,30 +16,35 @@ case class ApiIssue(
   state: String,
   created_at: Date,
   updated_at: Date,
-  body: String)(repositoryName: RepositoryName, isPullRequest: Boolean){
+  body: String
+)(repositoryName: RepositoryName, isPullRequest: Boolean) {
+  val id = 0 // dummy id
   val comments_url = ApiPath(s"/api/v3/repos/${repositoryName.fullName}/issues/${number}/comments")
-  val html_url = ApiPath(s"/${repositoryName.fullName}/${if(isPullRequest){ "pull" }else{ "issues" }}/${number}")
+  val html_url = ApiPath(s"/${repositoryName.fullName}/${if (isPullRequest) { "pull" } else { "issues" }}/${number}")
   val pull_request = if (isPullRequest) {
-    Some(Map(
+    Some(
-      "url" -> ApiPath(s"/api/v3/repos/${repositoryName.fullName}/pulls/${number}"),
+      Map(
-      "html_url" -> ApiPath(s"/${repositoryName.fullName}/pull/${number}")
+        "url" -> ApiPath(s"/api/v3/repos/${repositoryName.fullName}/pulls/${number}"),
-      // "diff_url" -> ApiPath(s"/${repositoryName.fullName}/pull/${number}.diff"),
+        "html_url" -> ApiPath(s"/${repositoryName.fullName}/pull/${number}")
-      // "patch_url" -> ApiPath(s"/${repositoryName.fullName}/pull/${number}.patch")
+        // "diff_url" -> ApiPath(s"/${repositoryName.fullName}/pull/${number}.diff"),
-    ))
+        // "patch_url" -> ApiPath(s"/${repositoryName.fullName}/pull/${number}.patch")
+      )
+    )
   } else {
     None
   }
 }
 
-object ApiIssue{
+object ApiIssue {
   def apply(issue: Issue, repositoryName: RepositoryName, user: ApiUser, labels: List[ApiLabel]): ApiIssue =
     ApiIssue(
       number = issue.issueId,
-      title  = issue.title,
+      title = issue.title,
-      user   = user,
+      user = user,
       labels = labels,
-      state  = if(issue.closed){ "closed" }else{ "open" },
+      state = if (issue.closed) { "closed" } else { "open" },
-      body   = issue.content.getOrElse(""),
+      body = issue.content.getOrElse(""),
       created_at = issue.registeredDate,
-      updated_at = issue.updatedDate)(repositoryName, issue.isPullRequest)
+      updated_at = issue.updatedDate
+    )(repositoryName, issue.isPullRequest)
 }

src/main/scala/gitbucket/core/api/ApiLabel.scala

@@ -4,18 +4,16 @@ import gitbucket.core.model.Label
 import gitbucket.core.util.RepositoryName
 
 /**
-  * https://developer.github.com/v3/issues/labels/
+ * https://developer.github.com/v3/issues/labels/
-  */
+ */
-case class ApiLabel(
+case class ApiLabel(name: String, color: String)(repositoryName: RepositoryName) {
-  name: String,
-  color: String)(repositoryName: RepositoryName){
   var url = ApiPath(s"/api/v3/repos/${repositoryName.fullName}/labels/${name}")
 }
 
-object ApiLabel{
+object ApiLabel {
-  def apply(label:Label, repositoryName: RepositoryName): ApiLabel =
+  def apply(label: Label, repositoryName: RepositoryName): ApiLabel =
     ApiLabel(
       name = label.labelName,
       color = label.color
     )(repositoryName)
-}
+}

src/main/scala/gitbucket/core/api/ApiPersonIdent.scala

@@ -4,22 +4,11 @@ import gitbucket.core.util.JGitUtil.CommitInfo
 
 import java.util.Date
 
-
+case class ApiPersonIdent(name: String, email: String, date: Date)
-case class ApiPersonIdent(
-  name: String,
-  email: String,
-  date: Date)
-
 
 object ApiPersonIdent {
   def author(commit: CommitInfo): ApiPersonIdent =
-    ApiPersonIdent(
+    ApiPersonIdent(name = commit.authorName, email = commit.authorEmailAddress, date = commit.authorTime)
-      name  = commit.authorName,
-      email = commit.authorEmailAddress,
-      date  = commit.authorTime)
   def committer(commit: CommitInfo): ApiPersonIdent =
-    ApiPersonIdent(
+    ApiPersonIdent(name = commit.committerName, email = commit.committerEmailAddress, date = commit.commitTime)
-      name  = commit.committerName,
-      email = commit.committerEmailAddress,
-      date  = commit.commitTime)
 }

src/main/scala/gitbucket/core/api/ApiPlugin.scala

@@ -5,12 +5,12 @@ import gitbucket.core.plugin.{PluginRegistry, PluginInfo}
 case class ApiPlugin(
   id: String,
   name: String,
-  versino: String,
+  version: String,
   description: String,
   jarFileName: String
 )
 
-object ApiPlugin{
+object ApiPlugin {
   def apply(plugin: PluginInfo): ApiPlugin = {
     ApiPlugin(plugin.pluginId, plugin.pluginName, plugin.pluginVersion, plugin.description, plugin.pluginJar.getName)
   }

src/main/scala/gitbucket/core/api/ApiPullRequest.scala

@@ -21,20 +21,22 @@ case class ApiPullRequest(
   body: String,
   user: ApiUser,
   labels: List[ApiLabel],
-  assignee: Option[ApiUser]){
+  assignee: Option[ApiUser]
-  val html_url            = ApiPath(s"${base.repo.html_url.path}/pull/${number}")
+) {
+  val id = 0 // dummy id
+  val html_url = ApiPath(s"${base.repo.html_url.path}/pull/${number}")
   //val diff_url            = ApiPath(s"${base.repo.html_url.path}/pull/${number}.diff")
   //val patch_url           = ApiPath(s"${base.repo.html_url.path}/pull/${number}.patch")
-  val url                 = ApiPath(s"${base.repo.url.path}/pulls/${number}")
+  val url = ApiPath(s"${base.repo.url.path}/pulls/${number}")
   //val issue_url           = ApiPath(s"${base.repo.url.path}/issues/${number}")
-  val commits_url         = ApiPath(s"${base.repo.url.path}/pulls/${number}/commits")
+  val commits_url = ApiPath(s"${base.repo.url.path}/pulls/${number}/commits")
   val review_comments_url = ApiPath(s"${base.repo.url.path}/pulls/${number}/comments")
-  val review_comment_url  = ApiPath(s"${base.repo.url.path}/pulls/comments/{number}")
+  val review_comment_url = ApiPath(s"${base.repo.url.path}/pulls/comments/{number}")
-  val comments_url        = ApiPath(s"${base.repo.url.path}/issues/${number}/comments")
+  val comments_url = ApiPath(s"${base.repo.url.path}/issues/${number}/comments")
-  val statuses_url        = ApiPath(s"${base.repo.url.path}/statuses/${head.sha}")
+  val statuses_url = ApiPath(s"${base.repo.url.path}/statuses/${head.sha}")
 }
 
-object ApiPullRequest{
+object ApiPullRequest {
   def apply(
     issue: Issue,
     pullRequest: PullRequest,
@@ -46,34 +48,25 @@ object ApiPullRequest{
     mergedComment: Option[(IssueComment, Account)]
   ): ApiPullRequest =
     ApiPullRequest(
-      number     = issue.issueId,
+      number = issue.issueId,
-      state      = if (issue.closed) "closed" else "open",
+      state = if (issue.closed) "closed" else "open",
       updated_at = issue.updatedDate,
       created_at = issue.registeredDate,
-      head       = Commit(
+      head = Commit(sha = pullRequest.commitIdTo, ref = pullRequest.requestBranch, repo = headRepo)(issue.userName),
-                     sha  = pullRequest.commitIdTo,
+      base = Commit(sha = pullRequest.commitIdFrom, ref = pullRequest.branch, repo = baseRepo)(issue.userName),
-                     ref  = pullRequest.requestBranch,
+      mergeable = None, // TODO: need check mergeable.
-                     repo = headRepo)(issue.userName),
+      merged = mergedComment.isDefined,
-      base       = Commit(
+      merged_at = mergedComment.map { case (comment, _) => comment.registeredDate },
-                     sha  = pullRequest.commitIdFrom,
+      merged_by = mergedComment.map { case (_, account) => ApiUser(account) },
-                     ref  = pullRequest.branch,
+      title = issue.title,
-                     repo = baseRepo)(issue.userName),
+      body = issue.content.getOrElse(""),
-      mergeable  = None, // TODO: need check mergeable.
+      user = user,
-      merged     = mergedComment.isDefined,
+      labels = labels,
-      merged_at  = mergedComment.map { case (comment, _) => comment.registeredDate },
+      assignee = assignee
-      merged_by  = mergedComment.map { case (_, account) => ApiUser(account) },
-      title      = issue.title,
-      body       = issue.content.getOrElse(""),
-      user       = user,
-      labels     = labels,
-      assignee   = assignee
     )
 
-  case class Commit(
+  case class Commit(sha: String, ref: String, repo: ApiRepository)(baseOwner: String) {
-    sha: String,
+    val label = if (baseOwner == repo.owner.login) { ref } else { s"${repo.owner.login}:${ref}" }
-    ref: String,
-    repo: ApiRepository)(baseOwner:String){
-    val label = if( baseOwner == repo.owner.login ){ ref } else { s"${repo.owner.login}:${ref}" }
     val user = repo.owner
   }
 

src/main/scala/gitbucket/core/api/ApiPullRequestReviewComment.scala

@@ -18,9 +18,10 @@ case class ApiPullRequestReviewComment(
   // "original_commit_id": "0d1a26e67d8f5eaf1f6ba5c57fc3c7d91ac0fd1c",
   user: ApiUser,
   body: String, // "Maybe you should use more emojji on this line.",
-  created_at: Date,  // "2015-05-05T23:40:27Z",
+  created_at: Date, // "2015-05-05T23:40:27Z",
   updated_at: Date // "2015-05-05T23:40:27Z",
-)(repositoryName:RepositoryName, issueId: Int) extends FieldSerializable {
+)(repositoryName: RepositoryName, issueId: Int)
+    extends FieldSerializable {
   // "url": "https://api.github.com/repos/baxterthehacker/public-repo/pulls/comments/29724692",
   val url = ApiPath(s"/api/v3/repos/${repositoryName.fullName}/pulls/comments/${id}")
   // "html_url": "https://github.com/baxterthehacker/public-repo/pull/1#discussion_r29724692",
@@ -40,22 +41,28 @@ case class ApiPullRequestReviewComment(
         "href": "https://api.github.com/repos/baxterthehacker/public-repo/pulls/1"
       }
     }
-  */
+   */
   val _links = Map(
     "self" -> Map("href" -> url),
     "html" -> Map("href" -> html_url),
-    "pull_request" -> Map("href" -> pull_request_url))
+    "pull_request" -> Map("href" -> pull_request_url)
+  )
 }
 
-object ApiPullRequestReviewComment{
+object ApiPullRequestReviewComment {
-  def apply(comment: CommitComment, commentedUser: ApiUser, repositoryName: RepositoryName, issueId: Int): ApiPullRequestReviewComment =
+  def apply(
+    comment: CommitComment,
+    commentedUser: ApiUser,
+    repositoryName: RepositoryName,
+    issueId: Int
+  ): ApiPullRequestReviewComment =
     new ApiPullRequestReviewComment(
-     id = comment.commentId,
+      id = comment.commentId,
-     path = comment.fileName.getOrElse(""),
+      path = comment.fileName.getOrElse(""),
-     commit_id = comment.commitId,
+      commit_id = comment.commitId,
-     user = commentedUser,
+      user = commentedUser,
-     body = comment.content,
+      body = comment.content,
-     created_at = comment.registeredDate,
+      created_at = comment.registeredDate,
-     updated_at = comment.updatedDate
+      updated_at = comment.updatedDate
-  )(repositoryName, issueId)
+    )(repositoryName, issueId)
 }

src/main/scala/gitbucket/core/api/ApiPusher.scala

@@ -5,7 +5,5 @@ import gitbucket.core.model.Account
 case class ApiPusher(name: String, email: String)
 
 object ApiPusher {
-  def apply(user: Account): ApiPusher = ApiPusher(
+  def apply(user: Account): ApiPusher = ApiPusher(name = user.userName, email = user.mailAddress)
-    name  = user.userName,
+}
-    email = user.mailAddress)
-}

src/main/scala/gitbucket/core/api/ApiRepository.scala

@@ -3,7 +3,6 @@ package gitbucket.core.api
 import gitbucket.core.model.{Account, Repository}
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 
-
 // https://developer.github.com/v3/repos/
 case class ApiRepository(
   name: String,
@@ -13,56 +12,59 @@ case class ApiRepository(
   forks: Int,
   `private`: Boolean,
   default_branch: String,
-  owner: ApiUser)(urlIsHtmlUrl: Boolean) {
+  owner: ApiUser
+)(urlIsHtmlUrl: Boolean) {
+  val id = 0 // dummy id
   val forks_count = forks
   val watchers_count = watchers
-  val url = if(urlIsHtmlUrl){
+  val url = if (urlIsHtmlUrl) {
     ApiPath(s"/${full_name}")
   } else {
     ApiPath(s"/api/v3/repos/${full_name}")
   }
-  val http_url  = ApiPath(s"/git/${full_name}.git")
+  val http_url = ApiPath(s"/git/${full_name}.git")
   val clone_url = ApiPath(s"/git/${full_name}.git")
-  val html_url  = ApiPath(s"/${full_name}")
+  val html_url = ApiPath(s"/${full_name}")
-  val ssh_url   = Some(SshPath(s":${full_name}.git"))
+  val ssh_url = Some(SshPath(s":${full_name}.git"))
 }
 
-object ApiRepository{
+object ApiRepository {
   def apply(
-      repository: Repository,
+    repository: Repository,
-      owner: ApiUser,
+    owner: ApiUser,
-      forkedCount: Int =0,
+    forkedCount: Int = 0,
-      watchers: Int = 0,
+    watchers: Int = 0,
-      urlIsHtmlUrl: Boolean = false): ApiRepository =
+    urlIsHtmlUrl: Boolean = false
+  ): ApiRepository =
     ApiRepository(
-      name           = repository.repositoryName,
+      name = repository.repositoryName,
-      full_name      = s"${repository.userName}/${repository.repositoryName}",
+      full_name = s"${repository.userName}/${repository.repositoryName}",
-      description    = repository.description.getOrElse(""),
+      description = repository.description.getOrElse(""),
-      watchers       = watchers,
+      watchers = watchers,
-      forks          = forkedCount,
+      forks = forkedCount,
-      `private`      = repository.isPrivate,
+      `private` = repository.isPrivate,
       default_branch = repository.defaultBranch,
-      owner          = owner
+      owner = owner
     )(urlIsHtmlUrl)
 
   def apply(repositoryInfo: RepositoryInfo, owner: ApiUser): ApiRepository =
-    ApiRepository(repositoryInfo.repository, owner, forkedCount=repositoryInfo.forkedCount)
+    ApiRepository(repositoryInfo.repository, owner, forkedCount = repositoryInfo.forkedCount)
 
   def apply(repositoryInfo: RepositoryInfo, owner: Account): ApiRepository =
     this(repositoryInfo.repository, ApiUser(owner))
 
   def forWebhookPayload(repositoryInfo: RepositoryInfo, owner: ApiUser): ApiRepository =
-    ApiRepository(repositoryInfo.repository, owner, forkedCount=repositoryInfo.forkedCount, urlIsHtmlUrl=true)
+    ApiRepository(repositoryInfo.repository, owner, forkedCount = repositoryInfo.forkedCount, urlIsHtmlUrl = true)
 
   def forDummyPayload(owner: ApiUser): ApiRepository =
     ApiRepository(
-      name           = "dummy",
+      name = "dummy",
-      full_name      = s"${owner.login}/dummy",
+      full_name = s"${owner.login}/dummy",
-      description    = "",
+      description = "",
-      watchers       = 0,
+      watchers = 0,
-      forks          = 0,
+      forks = 0,
-      `private`      = false,
+      `private` = false,
       default_branch = "master",
-      owner          = owner
+      owner = owner
     )(true)
 }

src/main/scala/gitbucket/core/api/ApiUser.scala

@@ -4,16 +4,11 @@ import gitbucket.core.model.Account
 
 import java.util.Date
 
-
+case class ApiUser(login: String, email: String, `type`: String, site_admin: Boolean, created_at: Date) {
-case class ApiUser(
+  val id = 0 // dummy id
-  login: String,
+  val url = ApiPath(s"/api/v3/users/${login}")
-  email: String,
+  val html_url = ApiPath(s"/${login}")
-  `type`: String,
+  val avatar_url = ApiPath(s"/${login}/_avatar")
-  site_admin: Boolean,
-  created_at: Date) {
-  val url                 = ApiPath(s"/api/v3/users/${login}")
-  val html_url            = ApiPath(s"/${login}")
-  val avatar_url          = ApiPath(s"/${login}/_avatar")
   // val followers_url       = ApiPath(s"/api/v3/users/${login}/followers")
   // val following_url       = ApiPath(s"/api/v3/users/${login}/following{/other_user}")
   // val gists_url           = ApiPath(s"/api/v3/users/${login}/gists{/gist_id}")
@@ -25,12 +20,11 @@ case class ApiUser(
   // val received_events_url = ApiPath(s"/api/v3/users/${login}/received_events")
 }
 
-
+object ApiUser {
-object ApiUser{
   def apply(user: Account): ApiUser = ApiUser(
-    login      = user.userName,
+    login = user.userName,
-    email      = user.mailAddress,
+    email = user.mailAddress,
-    `type`     = if(user.isGroupAccount){ "Organization" } else { "User" },
+    `type` = if (user.isGroupAccount) { "Organization" } else { "User" },
     site_admin = user.isAdmin,
     created_at = user.registeredDate
   )

src/main/scala/gitbucket/core/api/CreateALabel.scala

@@ -1,18 +1,18 @@
 package gitbucket.core.api
 
 /**
-  * https://developer.github.com/v3/issues/labels/#create-a-label
+ * https://developer.github.com/v3/issues/labels/#create-a-label
-  * api form
+ * api form
-  */
+ */
 case class CreateALabel(
-    name: String,
+  name: String,
-    color: String
+  color: String
 ) {
   def isValid: Boolean = {
-    name.length<=100 &&
+    name.length <= 100 &&
-      !name.startsWith("_") &&
+    !name.startsWith("_") &&
-      !name.startsWith("-") &&
+    !name.startsWith("-") &&
-      color.length==6 &&
+    color.length == 6 &&
-      color.matches("[a-fA-F0-9+_.]+")
+    color.matches("[a-fA-F0-9+_.]+")
   }
-}
+}

src/main/scala/gitbucket/core/api/CreateARepository.scala

@@ -5,15 +5,15 @@ package gitbucket.core.api
  * api form
  */
 case class CreateARepository(
-    name: String,
+  name: String,
-    description: Option[String],
+  description: Option[String],
-    `private`: Boolean = false,
+  `private`: Boolean = false,
-    auto_init: Boolean = false
+  auto_init: Boolean = false
 ) {
   def isValid: Boolean = {
     name.length <= 100 &&
-        name.matches("[a-zA-Z0-9\\-\\+_.]+") &&
+    name.matches("[a-zA-Z0-9\\-\\+_.]+") &&
-        !name.startsWith("_") &&
+    !name.startsWith("_") &&
-        !name.startsWith("-")
+    !name.startsWith("-")
   }
 }

src/main/scala/gitbucket/core/api/CreateAStatus.scala

@@ -18,9 +18,9 @@ case class CreateAStatus(
 ) {
   def isValid: Boolean = {
     CommitState.valueOf(state).isDefined &&
-      // only http
+    // only http
-      target_url.forall(f => "\\Ahttps?://".r.findPrefixOf(f).isDefined && f.length < 255) &&
+    target_url.forall(f => "\\Ahttps?://".r.findPrefixOf(f).isDefined && f.length < 255) &&
-      context.forall(f => f.length < 255) &&
+    context.forall(f => f.length < 255) &&
-      description.forall(f => f.length < 1000)
+    description.forall(f => f.length < 1000)
   }
 }

src/main/scala/gitbucket/core/api/CreateAnIssue.scala

@@ -1,11 +1,12 @@
 package gitbucket.core.api
 
 /**
-  * https://developer.github.com/v3/issues/#create-an-issue
+ * https://developer.github.com/v3/issues/#create-an-issue
-  */
+ */
 case class CreateAnIssue(
-    title: String,
+  title: String,
-    body: Option[String],
+  body: Option[String],
-    assignees: List[String],
+  assignees: List[String],
-    milestone: Option[Int],
+  milestone: Option[Int],
-    labels: List[String])
+  labels: List[String]
+)

src/main/scala/gitbucket/core/api/JsonFormat.scala

@@ -15,10 +15,13 @@ object JsonFormat {
 
   val parserISO = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss'Z'")
 
-  val jsonFormats = Serialization.formats(NoTypeHints) + new CustomSerializer[Date](format =>
+  val jsonFormats = Serialization.formats(NoTypeHints) + new CustomSerializer[Date](
-    (
+    format =>
-      { case JString(s) => Try(Date.from(Instant.parse(s))).getOrElse(throw new MappingException("Can't convert " + s + " to Date")) },
+      (
-      { case x: Date => JString(OffsetDateTime.ofInstant(x.toInstant, ZoneId.of("UTC")).format(parserISO)) }
+        {
+          case JString(s) =>
+            Try(Date.from(Instant.parse(s))).getOrElse(throw new MappingException("Can't convert " + s + " to Date"))
+        }, { case x: Date => JString(OffsetDateTime.ofInstant(x.toInstant, ZoneId.of("UTC")).format(parserISO)) }
     )
   ) + FieldSerializer[ApiUser]() +
     FieldSerializer[ApiPullRequest]() +
@@ -41,19 +44,31 @@ object JsonFormat {
     FieldSerializer[ApiCommits.File]() +
     ApiBranchProtection.enforcementLevelSerializer
 
-  def apiPathSerializer(c: Context) = new CustomSerializer[ApiPath](_ => ({
+  def apiPathSerializer(c: Context) =
-    case JString(s) if s.startsWith(c.baseUrl) => ApiPath(s.substring(c.baseUrl.length))
+    new CustomSerializer[ApiPath](
-    case JString(s) => throw new MappingException("Can't convert " + s + " to ApiPath")
+      _ =>
-  }, {
+        ({
-    case ApiPath(path) => JString(c.baseUrl + path)
+          case JString(s) if s.startsWith(c.baseUrl) => ApiPath(s.substring(c.baseUrl.length))
-  }))
+          case JString(s)                            => throw new MappingException("Can't convert " + s + " to ApiPath")
+        }, {
+          case ApiPath(path) => JString(c.baseUrl + path)
+        })
+    )
 
-  def sshPathSerializer(c: Context) = new CustomSerializer[SshPath](_ => ({
+  def sshPathSerializer(c: Context) =
-    case JString(s) if c.sshUrl.exists(sshUrl => s.startsWith(sshUrl)) => SshPath(s.substring(c.sshUrl.get.length))
+    new CustomSerializer[SshPath](
-    case JString(s) => throw new MappingException("Can't convert " + s + " to ApiPath")
+      _ =>
-  }, {
+        ({
-    case SshPath(path) => c.sshUrl.map { sshUrl => JString(sshUrl + path) } getOrElse JNothing
+          case JString(s) if c.sshUrl.exists(sshUrl => s.startsWith(sshUrl)) =>
-  }))
+            SshPath(s.substring(c.sshUrl.get.length))
+          case JString(s) => throw new MappingException("Can't convert " + s + " to ApiPath")
+        }, {
+          case SshPath(path) =>
+            c.sshUrl.map { sshUrl =>
+              JString(sshUrl + path)
+            } getOrElse JNothing
+        })
+    )
 
   /**
    * convert object to json string

src/main/scala/gitbucket/core/controller/AccountController.scala

@@ -1,8 +1,10 @@
 package gitbucket.core.controller
 
+import java.io.File
+
 import gitbucket.core.account.html
 import gitbucket.core.helper
-import gitbucket.core.model.{AccountWebHook, GroupMember, RepositoryWebHook, Role, WebHook, WebHookContentType}
+import gitbucket.core.model._
 import gitbucket.core.plugin.PluginRegistry
 import gitbucket.core.service._
 import gitbucket.core.service.WebHookService._
@@ -16,77 +18,141 @@ import org.scalatra.i18n.Messages
 import org.scalatra.BadRequest
 import org.scalatra.forms._
 
-class AccountController extends AccountControllerBase
+class AccountController
-  with AccountService with RepositoryService with ActivityService with WikiService with LabelsService with SshKeyService
+    extends AccountControllerBase
-  with OneselfAuthenticator with UsersAuthenticator with GroupManagerAuthenticator with ReadableUsersAuthenticator
+    with AccountService
-  with AccessTokenService with WebHookService with PrioritiesService with RepositoryCreationService
+    with RepositoryService
-
+    with ActivityService
+    with WikiService
+    with LabelsService
+    with SshKeyService
+    with OneselfAuthenticator
+    with UsersAuthenticator
+    with GroupManagerAuthenticator
+    with ReadableUsersAuthenticator
+    with AccessTokenService
+    with WebHookService
+    with PrioritiesService
+    with RepositoryCreationService
 
 trait AccountControllerBase extends AccountManagementControllerBase {
-  self: AccountService with RepositoryService with ActivityService with WikiService with LabelsService with SshKeyService
+  self: AccountService
-    with OneselfAuthenticator with UsersAuthenticator with GroupManagerAuthenticator with ReadableUsersAuthenticator
+    with RepositoryService
-    with AccessTokenService with WebHookService with PrioritiesService with RepositoryCreationService =>
+    with ActivityService
+    with WikiService
+    with LabelsService
+    with SshKeyService
+    with OneselfAuthenticator
+    with UsersAuthenticator
+    with GroupManagerAuthenticator
+    with ReadableUsersAuthenticator
+    with AccessTokenService
+    with WebHookService
+    with PrioritiesService
+    with RepositoryCreationService =>
 
-  case class AccountNewForm(userName: String, password: String, fullName: String, mailAddress: String,
+  case class AccountNewForm(
-                            description: Option[String], url: Option[String], fileId: Option[String])
+    userName: String,
+    password: String,
+    fullName: String,
+    mailAddress: String,
+    extraMailAddresses: List[String],
+    description: Option[String],
+    url: Option[String],
+    fileId: Option[String]
+  )
 
-  case class AccountEditForm(password: Option[String], fullName: String, mailAddress: String,
+  case class AccountEditForm(
-                             description: Option[String], url: Option[String], fileId: Option[String], clearImage: Boolean)
+    password: Option[String],
+    fullName: String,
+    mailAddress: String,
+    extraMailAddresses: List[String],
+    description: Option[String],
+    url: Option[String],
+    fileId: Option[String],
+    clearImage: Boolean
+  )
 
   case class SshKeyForm(title: String, publicKey: String)
 
   case class PersonalTokenForm(note: String)
 
   val newForm = mapping(
-    "userName"    -> trim(label("User name"    , text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
+    "userName" -> trim(label("User name", text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
-    "password"    -> trim(label("Password"     , text(required, maxlength(20), password))),
+    "password" -> trim(label("Password", text(required, maxlength(20), password))),
-    "fullName"    -> trim(label("Full Name"    , text(required, maxlength(100)))),
+    "fullName" -> trim(label("Full Name", text(required, maxlength(100)))),
-    "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100), uniqueMailAddress()))),
+    "mailAddress" -> trim(label("Mail Address", text(required, maxlength(100), uniqueMailAddress()))),
-    "description" -> trim(label("bio"          , optional(text()))),
+    "extraMailAddresses" -> list(
-    "url"         -> trim(label("URL"          , optional(text(maxlength(200))))),
+      trim(label("Additional Mail Address", text(maxlength(100), uniqueExtraMailAddress())))
-    "fileId"      -> trim(label("File ID"      , optional(text())))
+    ),
+    "description" -> trim(label("bio", optional(text()))),
+    "url" -> trim(label("URL", optional(text(maxlength(200))))),
+    "fileId" -> trim(label("File ID", optional(text())))
   )(AccountNewForm.apply)
 
   val editForm = mapping(
-    "password"    -> trim(label("Password"     , optional(text(maxlength(20), password)))),
+    "password" -> trim(label("Password", optional(text(maxlength(20), password)))),
-    "fullName"    -> trim(label("Full Name"    , text(required, maxlength(100)))),
+    "fullName" -> trim(label("Full Name", text(required, maxlength(100)))),
-    "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100), uniqueMailAddress("userName")))),
+    "mailAddress" -> trim(label("Mail Address", text(required, maxlength(100), uniqueMailAddress("userName")))),
-    "description" -> trim(label("bio"          , optional(text()))),
+    "extraMailAddresses" -> list(
-    "url"         -> trim(label("URL"          , optional(text(maxlength(200))))),
+      trim(label("Additional Mail Address", text(maxlength(100), uniqueExtraMailAddress("userName"))))
-    "fileId"      -> trim(label("File ID"      , optional(text()))),
+    ),
-    "clearImage"  -> trim(label("Clear image"  , boolean()))
+    "description" -> trim(label("bio", optional(text()))),
+    "url" -> trim(label("URL", optional(text(maxlength(200))))),
+    "fileId" -> trim(label("File ID", optional(text()))),
+    "clearImage" -> trim(label("Clear image", boolean()))
   )(AccountEditForm.apply)
 
   val sshKeyForm = mapping(
-    "title"     -> trim(label("Title", text(required, maxlength(100)))),
+    "title" -> trim(label("Title", text(required, maxlength(100)))),
-    "publicKey" -> trim2(label("Key" , text(required, validPublicKey)))
+    "publicKey" -> trim2(label("Key", text(required, validPublicKey)))
   )(SshKeyForm.apply)
 
   val personalTokenForm = mapping(
     "note" -> trim(label("Token", text(required, maxlength(100))))
   )(PersonalTokenForm.apply)
 
-  case class NewGroupForm(groupName: String, description: Option[String], url: Option[String], fileId: Option[String], members: String)
+  case class NewGroupForm(
-  case class EditGroupForm(groupName: String, description: Option[String], url: Option[String], fileId: Option[String], members: String, clearImage: Boolean)
+    groupName: String,
+    description: Option[String],
+    url: Option[String],
+    fileId: Option[String],
+    members: String
+  )
+  case class EditGroupForm(
+    groupName: String,
+    description: Option[String],
+    url: Option[String],
+    fileId: Option[String],
+    members: String,
+    clearImage: Boolean
+  )
 
   val newGroupForm = mapping(
-    "groupName"   -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
+    "groupName" -> trim(label("Group name", text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
     "description" -> trim(label("Group description", optional(text()))),
-    "url"         -> trim(label("URL"        ,optional(text(maxlength(200))))),
+    "url" -> trim(label("URL", optional(text(maxlength(200))))),
-    "fileId"      -> trim(label("File ID"    ,optional(text()))),
+    "fileId" -> trim(label("File ID", optional(text()))),
-    "members"     -> trim(label("Members"    ,text(required, members)))
+    "members" -> trim(label("Members", text(required, members)))
   )(NewGroupForm.apply)
 
   val editGroupForm = mapping(
-    "groupName"   -> trim(label("Group name"  ,text(required, maxlength(100), identifier))),
+    "groupName" -> trim(label("Group name", text(required, maxlength(100), identifier))),
     "description" -> trim(label("Group description", optional(text()))),
-    "url"         -> trim(label("URL"         ,optional(text(maxlength(200))))),
+    "url" -> trim(label("URL", optional(text(maxlength(200))))),
-    "fileId"      -> trim(label("File ID"     ,optional(text()))),
+    "fileId" -> trim(label("File ID", optional(text()))),
-    "members"     -> trim(label("Members"     ,text(required, members))),
+    "members" -> trim(label("Members", text(required, members))),
-    "clearImage"  -> trim(label("Clear image" ,boolean()))
+    "clearImage" -> trim(label("Clear image", boolean()))
   )(EditGroupForm.apply)
 
-  case class RepositoryCreationForm(owner: String, name: String, description: Option[String], isPrivate: Boolean, initOption: String, sourceUrl: Option[String])
+  case class RepositoryCreationForm(
+    owner: String,
+    name: String,
+    description: Option[String],
+    isPrivate: Boolean,
+    initOption: String,
+    sourceUrl: Option[String]
+  )
   case class ForkRepositoryForm(owner: String, name: String)
 
   val newRepositoryForm = mapping(
@@ -100,7 +166,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 
   val forkRepositoryForm = mapping(
     "owner" -> trim(label("Repository owner", text(required))),
-    "name"  -> trim(label("Repository name",  text(required)))
+    "name" -> trim(label("Repository name", text(required)))
   )(ForkRepositoryForm.apply)
 
   case class AccountForm(accountName: String)
@@ -110,23 +176,30 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   )(AccountForm.apply)
 
   // for account web hook url addition.
-  case class AccountWebHookForm(url: String, events: Set[WebHook.Event], ctype: WebHookContentType, token: Option[String])
+  case class AccountWebHookForm(
-
+    url: String,
-  def accountWebHookForm(update:Boolean) = mapping(
+    events: Set[WebHook.Event],
-    "url"    -> trim(label("url", text(required, accountWebHook(update)))),
+    ctype: WebHookContentType,
-    "events" -> accountWebhookEvents,
+    token: Option[String]
-    "ctype" -> label("ctype", text()),
-    "token" -> optional(trim(label("token", text(maxlength(100)))))
-  )(
-    (url, events, ctype, token) => AccountWebHookForm(url, events, WebHookContentType.valueOf(ctype), token)
   )
+
+  def accountWebHookForm(update: Boolean) =
+    mapping(
+      "url" -> trim(label("url", text(required, accountWebHook(update)))),
+      "events" -> accountWebhookEvents,
+      "ctype" -> label("ctype", text()),
+      "token" -> optional(trim(label("token", text(maxlength(100)))))
+    )(
+      (url, events, ctype, token) => AccountWebHookForm(url, events, WebHookContentType.valueOf(ctype), token)
+    )
+
   /**
-    * Provides duplication check for web hook url. duplicated from RepositorySettingsController.scala
+   * Provides duplication check for web hook url. duplicated from RepositorySettingsController.scala
-    */
+   */
-  private def accountWebHook(needExists: Boolean): Constraint = new Constraint(){
+  private def accountWebHook(needExists: Boolean): Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] =
-      if(getAccountWebHook(params("userName"), value).isDefined != needExists){
+      if (getAccountWebHook(params("userName"), value).isDefined != needExists) {
-        Some(if(needExists){
+        Some(if (needExists) {
           "URL had not been registered yet."
         } else {
           "URL had been registered already."
@@ -136,48 +209,68 @@ trait AccountControllerBase extends AccountManagementControllerBase {
       }
   }
 
-  private def accountWebhookEvents = new ValueType[Set[WebHook.Event]]{
+  private def accountWebhookEvents = new ValueType[Set[WebHook.Event]] {
     def convert(name: String, params: Map[String, Seq[String]], messages: Messages): Set[WebHook.Event] = {
       WebHook.Event.values.flatMap { t =>
         params.optionValue(name + "." + t.name).map(_ => t)
       }.toSet
     }
     def validate(name: String, params: Map[String, Seq[String]], messages: Messages): Seq[(String, String)] =
-      if(convert(name, params, messages).isEmpty){
+      if (convert(name, params, messages).isEmpty) {
         Seq(name -> messages("error.required").format(name))
       } else {
         Nil
       }
   }
 
-
   /**
    * Displays user information.
    */
   get("/:userName") {
     val userName = params("userName")
     getAccountByUserName(userName).map { account =>
+      val extraMailAddresses = getAccountExtraMailAddresses(userName)
       params.getOrElse("tab", "repositories") match {
         // Public Activity
         case "activity" =>
-          gitbucket.core.account.html.activity(account,
+          gitbucket.core.account.html.activity(
-            if(account.isGroupAccount) Nil else getGroupsByUserName(userName),
+            account,
-            getActivitiesByUser(userName, true))
+            if (account.isGroupAccount) Nil else getGroupsByUserName(userName),
+            getActivitiesByUser(userName, true),
+            extraMailAddresses
+          )
 
         // Members
-        case "members" if(account.isGroupAccount) => {
+        case "members" if (account.isGroupAccount) => {
           val members = getGroupMembers(account.userName)
-          gitbucket.core.account.html.members(account, members,
+          gitbucket.core.account.html.members(
-            context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager }))
+            account,
+            members,
+            extraMailAddresses,
+            context.loginAccount.exists(
+              x =>
+                members.exists { member =>
+                  member.userName == x.userName && member.isManager
+              }
+            )
+          )
         }
 
         // Repositories
         case _ => {
           val members = getGroupMembers(account.userName)
-          gitbucket.core.account.html.repositories(account,
+          gitbucket.core.account.html.repositories(
-            if(account.isGroupAccount) Nil else getGroupsByUserName(userName),
+            account,
+            if (account.isGroupAccount) Nil else getGroupsByUserName(userName),
             getVisibleRepositories(context.loginAccount, Some(userName)),
-            context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager }))
+            extraMailAddresses,
+            context.loginAccount.exists(
+              x =>
+                members.exists { member =>
+                  member.userName == x.userName && member.isManager
+              }
+            )
+          )
         }
       }
     } getOrElse NotFound()
@@ -189,46 +282,64 @@ trait AccountControllerBase extends AccountManagementControllerBase {
     helper.xml.feed(getActivitiesByUser(userName, true))
   }
 
-  get("/:userName/_avatar"){
+  get("/:userName.keys") {
+    val keys = getPublicKeys(params("userName"))
+    contentType = "text/plain; charset=utf-8"
+    keys.map(_.publicKey).mkString("", "\n", "\n")
+  }
+
+  get("/:userName/_avatar") {
     val userName = params("userName")
     contentType = "image/png"
-    getAccountByUserName(userName).flatMap{ account =>
+    getAccountByUserName(userName)
-      response.setDateHeader("Last-Modified", account.updatedDate.getTime)
+      .flatMap { account =>
-      account.image.map{ image =>
+        response.setDateHeader("Last-Modified", account.updatedDate.getTime)
-        Some(RawData(FileUtil.getMimeType(image), new java.io.File(getUserUploadDir(userName), image)))
+        account.image
-      }.getOrElse{
+          .map { image =>
-        if (account.isGroupAccount) {
+            Some(
-          TextAvatarUtil.textGroupAvatar(account.fullName)
+              RawData(FileUtil.getMimeType(image), new File(getUserUploadDir(userName), FileUtil.checkFilename(image)))
-        } else {
+            )
-          TextAvatarUtil.textAvatar(account.fullName)
+          }
-        }
+          .getOrElse {
+            if (account.isGroupAccount) {
+              TextAvatarUtil.textGroupAvatar(account.fullName)
+            } else {
+              TextAvatarUtil.textAvatar(account.fullName)
+            }
+          }
+      }
+      .getOrElse {
+        response.setHeader("Cache-Control", "max-age=3600")
+        Thread.currentThread.getContextClassLoader.getResourceAsStream("noimage.png")
       }
-    }.getOrElse{
-      response.setHeader("Cache-Control", "max-age=3600")
-      Thread.currentThread.getContextClassLoader.getResourceAsStream("noimage.png")
-    }
   }
 
   get("/:userName/_edit")(oneselfOnly {
     val userName = params("userName")
     getAccountByUserName(userName).map { x =>
-      html.edit(x, flash.get("info"), flash.get("error"))
+      val extraMails = getAccountExtraMailAddresses(userName)
+      html.edit(x, extraMails, flash.get("info"), flash.get("error"))
     } getOrElse NotFound()
   })
 
   post("/:userName/_edit", editForm)(oneselfOnly { form =>
     val userName = params("userName")
-    getAccountByUserName(userName).map { account =>
+    getAccountByUserName(userName).map {
-      updateAccount(account.copy(
+      account =>
-        password    = form.password.map(sha1).getOrElse(account.password),
+        updateAccount(
-        fullName    = form.fullName,
+          account.copy(
-        mailAddress = form.mailAddress,
+            password = form.password.map(pbkdf2_sha256).getOrElse(account.password),
-        description = form.description,
+            fullName = form.fullName,
-        url         = form.url))
+            mailAddress = form.mailAddress,
+            description = form.description,
+            url = form.url
+          )
+        )
 
-      updateImage(userName, form.fileId, form.clearImage)
+        updateImage(userName, form.fileId, form.clearImage)
-      flash += "info" -> "Account information has been updated."
+        updateAccountExtraMailAddresses(userName, form.extraMailAddresses.filter(_ != ""))
-      redirect(s"/${userName}/_edit")
+        flash += "info" -> "Account information has been updated."
+        redirect(s"/${userName}/_edit")
 
     } getOrElse NotFound()
   })
@@ -236,11 +347,12 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   get("/:userName/_delete")(oneselfOnly {
     val userName = params("userName")
 
-    getAccountByUserName(userName, true).map { account =>
+    getAccountByUserName(userName, true).map {
-      if(isLastAdministrator(account)){
+      account =>
-        flash += "error" -> "Account can't be removed because this is last one administrator."
+        if (isLastAdministrator(account)) {
-        redirect(s"/${userName}/_edit")
+          flash += "error" -> "Account can't be removed because this is last one administrator."
-      } else {
+          redirect(s"/${userName}/_edit")
+        } else {
 //      // Remove repositories
 //      getRepositoryNamesOfUser(userName).foreach { repositoryName =>
 //        deleteRepository(userName, repositoryName)
@@ -248,16 +360,16 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 //        FileUtils.deleteDirectory(getWikiRepositoryDir(userName, repositoryName))
 //        FileUtils.deleteDirectory(getTemporaryDir(userName, repositoryName))
 //      }
-        // Remove from GROUP_MEMBER and COLLABORATOR
+          // Remove from GROUP_MEMBER and COLLABORATOR
-        removeUserRelatedData(userName)
+          removeUserRelatedData(userName)
-        updateAccount(account.copy(isRemoved = true))
+          updateAccount(account.copy(isRemoved = true))
 
-        // call hooks
+          // call hooks
-        PluginRegistry().getAccountHooks.foreach(_.deleted(userName))
+          PluginRegistry().getAccountHooks.foreach(_.deleted(userName))
 
-        session.invalidate
+          session.invalidate
-        redirect("/")
+          redirect("/")
-      }
+        }
     } getOrElse NotFound()
   })
 
@@ -286,9 +398,9 @@ trait AccountControllerBase extends AccountManagementControllerBase {
     getAccountByUserName(userName).map { x =>
       var tokens = getAccessTokens(x.userName)
       val generatedToken = flash.get("generatedToken") match {
-        case Some((tokenId:Int, token:String)) => {
+        case Some((tokenId: Int, token: String)) => {
           val gt = tokens.find(_.accessTokenId == tokenId)
-          gt.map{ t =>
+          gt.map { t =>
             tokens = tokens.filterNot(_ == t)
             (t, token)
           }
@@ -359,8 +471,9 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   get("/:userName/_hooks/edit")(oneselfOnly {
     val userName = params("userName")
     getAccountByUserName(userName).flatMap { account =>
-      getAccountWebHook(userName, params("url")).map { case (webhook, events) =>
+      getAccountWebHook(userName, params("url")).map {
-        html.edithook(webhook, events, account, false)
+        case (webhook, events) =>
+          html.edithook(webhook, events, account, false)
       }
     } getOrElse NotFound()
   })
@@ -386,7 +499,9 @@ trait AccountControllerBase extends AccountManagementControllerBase {
     import org.apache.http.util.EntityUtils
     import scala.concurrent.ExecutionContext.Implicits.global
 
-    def _headers(h: Array[org.apache.http.Header]): Array[Array[String]] = h.map { h => Array(h.getName, h.getValue) }
+    def _headers(h: Array[org.apache.http.Header]): Array[Array[String]] = h.map { h =>
+      Array(h.getName, h.getValue)
+    }
 
     val userName = params("userName")
     val url = params("url")
@@ -400,31 +515,49 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 
     val (webHook, json, reqFuture, resFuture) = callWebHook(WebHook.Push, List(dummyWebHookInfo), dummyPayload).head
 
-    val toErrorMap: PartialFunction[Throwable, Map[String,String]] = {
+    val toErrorMap: PartialFunction[Throwable, Map[String, String]] = {
-      case e: java.net.UnknownHostException => Map("error"-> ("Unknown host " + e.getMessage))
+      case e: java.net.UnknownHostException                  => Map("error" -> ("Unknown host " + e.getMessage))
-      case e: java.lang.IllegalArgumentException => Map("error"-> ("invalid url"))
+      case e: java.lang.IllegalArgumentException             => Map("error" -> ("invalid url"))
-      case e: org.apache.http.client.ClientProtocolException => Map("error"-> ("invalid url"))
+      case e: org.apache.http.client.ClientProtocolException => Map("error" -> ("invalid url"))
-      case NonFatal(e) => Map("error"-> (e.getClass + " "+ e.getMessage))
+      case NonFatal(e)                                       => Map("error" -> (e.getClass + " " + e.getMessage))
     }
 
     contentType = formats("json")
-    org.json4s.jackson.Serialization.write(Map(
+    org.json4s.jackson.Serialization.write(
-      "url" -> url,
+      Map(
-      "request" -> Await.result(reqFuture.map(req => Map(
+        "url" -> url,
-        "headers" -> _headers(req.getAllHeaders),
+        "request" -> Await.result(
-        "payload" -> json
+          reqFuture
-      )).recover(toErrorMap), 20 seconds),
+            .map(
-      "response" -> Await.result(resFuture.map(res => Map(
+              req =>
-        "status"  -> res.getStatusLine(),
+                Map(
-        "body"    -> EntityUtils.toString(res.getEntity()),
+                  "headers" -> _headers(req.getAllHeaders),
-        "headers" -> _headers(res.getAllHeaders())
+                  "payload" -> json
-      )).recover(toErrorMap), 20 seconds)
+              )
-    ))
+            )
+            .recover(toErrorMap),
+          20 seconds
+        ),
+        "response" -> Await.result(
+          resFuture
+            .map(
+              res =>
+                Map(
+                  "status" -> res.getStatusLine(),
+                  "body" -> EntityUtils.toString(res.getEntity()),
+                  "headers" -> _headers(res.getAllHeaders())
+              )
+            )
+            .recover(toErrorMap),
+          20 seconds
+        )
+      )
+    )
   })
 
-  get("/register"){
+  get("/register") {
-    if(context.settings.allowAccountRegistration){
+    if (context.settings.allowAccountRegistration) {
-      if(context.loginAccount.isDefined){
+      if (context.loginAccount.isDefined) {
         redirect("/")
       } else {
         html.register()
@@ -432,10 +565,19 @@ trait AccountControllerBase extends AccountManagementControllerBase {
     } else NotFound()
   }
 
-  post("/register", newForm){ form =>
+  post("/register", newForm) { form =>
-    if(context.settings.allowAccountRegistration){
+    if (context.settings.allowAccountRegistration) {
-      createAccount(form.userName, sha1(form.password), form.fullName, form.mailAddress, false, form.description, form.url)
+      createAccount(
+        form.userName,
+        pbkdf2_sha256(form.password),
+        form.fullName,
+        form.mailAddress,
+        false,
+        form.description,
+        form.url
+      )
       updateImage(form.userName, form.fileId, false)
+      updateAccountExtraMailAddresses(form.userName, form.extraMailAddresses.filter(_ != ""))
       redirect("/signin")
     } else NotFound()
   }
@@ -446,17 +588,23 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 
   post("/groups/new", newGroupForm)(usersOnly { form =>
     createGroup(form.groupName, form.description, form.url)
-    updateGroupMembers(form.groupName, form.members.split(",").map {
+    updateGroupMembers(
-      _.split(":") match {
+      form.groupName,
-        case Array(userName, isManager) => (userName, isManager.toBoolean)
+      form.members
-      }
+        .split(",")
-    }.toList)
+        .map {
+          _.split(":") match {
+            case Array(userName, isManager) => (userName, isManager.toBoolean)
+          }
+        }
+        .toList
+    )
     updateImage(form.groupName, form.fileId, false)
     redirect(s"/${form.groupName}")
   })
 
   get("/:groupName/_editgroup")(managersOnly {
-    defining(params("groupName")){ groupName =>
+    defining(params("groupName")) { groupName =>
       getAccountByUserName(groupName, true).map { account =>
         html.editgroup(account, getGroupMembers(groupName), flash.get("info"))
       } getOrElse NotFound()
@@ -464,13 +612,14 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   })
 
   get("/:groupName/_deletegroup")(managersOnly {
-    defining(params("groupName")){ groupName =>
+    defining(params("groupName")) {
-      // Remove from GROUP_MEMBER
+      groupName =>
-      updateGroupMembers(groupName, Nil)
+        // Remove from GROUP_MEMBER
-      // Disable group
+        updateGroupMembers(groupName, Nil)
-      getAccountByUserName(groupName, false).foreach { account =>
+        // Disable group
-        updateGroup(groupName, account.description, account.url, true)
+        getAccountByUserName(groupName, false).foreach { account =>
-      }
+          updateGroup(groupName, account.description, account.url, true)
+        }
 //      // Remove repositories
 //      getRepositoryNamesOfUser(groupName).foreach { repositoryName =>
 //        deleteRepository(groupName, repositoryName)
@@ -483,16 +632,23 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   })
 
   post("/:groupName/_editgroup", editGroupForm)(managersOnly { form =>
-    defining(params("groupName"), form.members.split(",").map {
+    defining(
-      _.split(":") match {
+      params("groupName"),
-        case Array(userName, isManager) => (userName, isManager.toBoolean)
+      form.members
-      }
+        .split(",")
-    }.toList){ case (groupName, members) =>
+        .map {
-      getAccountByUserName(groupName, true).map { account =>
+          _.split(":") match {
-        updateGroup(groupName, form.description, form.url, false)
+            case Array(userName, isManager) => (userName, isManager.toBoolean)
+          }
+        }
+        .toList
+    ) {
+      case (groupName, members) =>
+        getAccountByUserName(groupName, true).map { account =>
+          updateGroup(groupName, form.description, form.url, false)
 
-        // Update GROUP_MEMBER
+          // Update GROUP_MEMBER
-        updateGroupMembers(form.groupName, members)
+          updateGroupMembers(form.groupName, members)
 //        // Update COLLABORATOR for group repositories
 //        getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
 //          removeCollaborators(form.groupName, repositoryName)
@@ -501,12 +657,12 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 //          }
 //        }
 
-        updateImage(form.groupName, form.fileId, form.clearImage)
+          updateImage(form.groupName, form.fileId, form.clearImage)
 
-        flash += "info" -> "Account information has been updated."
+          flash += "info" -> "Account information has been updated."
-        redirect(s"/${groupName}/_editgroup")
+          redirect(s"/${groupName}/_editgroup")
 
-      } getOrElse NotFound()
+        } getOrElse NotFound()
     }
   })
 
@@ -521,9 +677,17 @@ trait AccountControllerBase extends AccountManagementControllerBase {
    * Create new repository.
    */
   post("/new", newRepositoryForm)(usersOnly { form =>
-    LockUtil.lock(s"${form.owner}/${form.name}"){
+    LockUtil.lock(s"${form.owner}/${form.name}") {
-      if(getRepository(form.owner, form.name).isEmpty){
+      if (getRepository(form.owner, form.name).isEmpty) {
-        createRepository(context.loginAccount.get, form.owner, form.name, form.description, form.isPrivate, form.initOption, form.sourceUrl)
+        createRepository(
+          context.loginAccount.get,
+          form.owner,
+          form.name,
+          form.description,
+          form.isPrivate,
+          form.initOption,
+          form.sourceUrl
+        )
       }
     }
 
@@ -532,15 +696,20 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   })
 
   get("/:owner/:repository/fork")(readableUsersOnly { repository =>
-    if(repository.repository.options.allowFork){
+    if (repository.repository.options.allowFork) {
-      val loginAccount   = context.loginAccount.get
+      val loginAccount = context.loginAccount.get
-      val loginUserName  = loginAccount.userName
+      val loginUserName = loginAccount.userName
-      val groups         = getGroupsByUserName(loginUserName)
+      val groups = getGroupsByUserName(loginUserName)
       groups match {
         case _: List[String] =>
           val managerPermissions = groups.map { group =>
             val members = getGroupMembers(group)
-            context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager })
+            context.loginAccount.exists(
+              x =>
+                members.exists { member =>
+                  member.userName == x.userName && member.isManager
+              }
+            )
           }
           helper.html.forkrepository(
             repository,
@@ -552,13 +721,13 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   })
 
   post("/:owner/:repository/fork", accountForm)(readableUsersOnly { (form, repository) =>
-    if(repository.repository.options.allowFork){
+    if (repository.repository.options.allowFork) {
-      val loginAccount  = context.loginAccount.get
+      val loginAccount = context.loginAccount.get
       val loginUserName = loginAccount.userName
-      val accountName   = form.accountName
+      val accountName = form.accountName
 
       if (getRepository(accountName, repository.name).isDefined ||
-        (accountName != loginUserName && !getGroupsByUserName(loginUserName).contains(accountName))) {
+          (accountName != loginUserName && !getGroupsByUserName(loginUserName).contains(accountName))) {
         // redirect to the repository if repository already exists
         redirect(s"/${accountName}/${repository.name}")
       } else {
@@ -570,42 +739,49 @@ trait AccountControllerBase extends AccountManagementControllerBase {
     } else BadRequest()
   })
 
-  private def existsAccount: Constraint = new Constraint(){
+  private def existsAccount: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] =
-      if(getAccountByUserName(value).isEmpty) Some("User or group does not exist.") else None
+      if (getAccountByUserNameIgnoreCase(value).isEmpty) Some("User or group does not exist.") else None
   }
 
-  private def uniqueRepository: Constraint = new Constraint(){
+  private def uniqueRepository: Constraint = new Constraint() {
-    override def validate(name: String, value: String, params: Map[String, Seq[String]], messages: Messages): Option[String] = {
+    override def validate(
+      name: String,
+      value: String,
+      params: Map[String, Seq[String]],
+      messages: Messages
+    ): Option[String] = {
       for {
         userName <- params.optionValue("owner")
-        _        <- getRepositoryNamesOfUser(userName).find(_ == value)
+        _ <- getRepositoryNamesOfUser(userName).find(_.equalsIgnoreCase(value))
       } yield {
         "Repository already exists."
       }
     }
   }
 
-  private def members: Constraint = new Constraint(){
+  private def members: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] = {
-      if(value.split(",").exists {
+      if (value.split(",").exists {
-        _.split(":") match { case Array(userName, isManager) => isManager.toBoolean }
+            _.split(":") match { case Array(userName, isManager) => isManager.toBoolean }
-      }) None else Some("Must select one manager at least.")
+          }) None
+      else Some("Must select one manager at least.")
     }
   }
 
-  private def validPublicKey: Constraint = new Constraint(){
+  private def validPublicKey: Constraint = new Constraint() {
-    override def validate(name: String, value: String, messages: Messages): Option[String] = SshUtil.str2PublicKey(value) match {
+    override def validate(name: String, value: String, messages: Messages): Option[String] =
-     case Some(_) if !getAllKeys().exists(_.publicKey == value) => None
+      SshUtil.str2PublicKey(value) match {
-     case _ => Some("Key is invalid.")
+        case Some(_) if !getAllKeys().exists(_.publicKey == value) => None
-    }
+        case _                                                     => Some("Key is invalid.")
+      }
   }
 
-  private def validAccountName: Constraint = new Constraint(){
+  private def validAccountName: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] = {
       getAccountByUserName(value) match {
         case Some(_) => None
-        case None => Some("Invalid Group/User Account.")
+        case None    => Some("Invalid Group/User Account.")
       }
     }
   }

src/main/scala/gitbucket/core/controller/ApiController.scala

@@ -11,6 +11,8 @@ import gitbucket.core.util.JGitUtil._
 import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util._
 import gitbucket.core.plugin.PluginRegistry
+import gitbucket.core.servlet.Database
+import gitbucket.core.model.Profile.profile.blockingApi._
 import gitbucket.core.view.helpers.{isRenderable, renderMarkup}
 import org.eclipse.jgit.api.Git
 import org.eclipse.jgit.revwalk.RevWalk
@@ -20,31 +22,32 @@ import scala.collection.JavaConverters._
 import scala.concurrent.Await
 import scala.concurrent.duration.Duration
 
-class ApiController extends ApiControllerBase
+class ApiController
-  with RepositoryService
+    extends ApiControllerBase
-  with AccountService
+    with RepositoryService
-  with ProtectedBranchService
+    with AccountService
-  with IssuesService
+    with ProtectedBranchService
-  with LabelsService
+    with IssuesService
-  with MilestonesService
+    with LabelsService
-  with PullRequestService
+    with MilestonesService
-  with CommitsService
+    with PullRequestService
-  with CommitStatusService
+    with CommitsService
-  with RepositoryCreationService
+    with CommitStatusService
-  with IssueCreationService
+    with RepositoryCreationService
-  with HandleCommentService
+    with IssueCreationService
-  with WebHookService
+    with HandleCommentService
-  with WebHookPullRequestService
+    with WebHookService
-  with WebHookIssueCommentService
+    with WebHookPullRequestService
-  with WikiService
+    with WebHookIssueCommentService
-  with ActivityService
+    with WikiService
-  with PrioritiesService
+    with ActivityService
-  with OwnerAuthenticator
+    with PrioritiesService
-  with UsersAuthenticator
+    with OwnerAuthenticator
-  with GroupManagerAuthenticator
+    with UsersAuthenticator
-  with ReferrerAuthenticator
+    with GroupManagerAuthenticator
-  with ReadableUsersAuthenticator
+    with ReferrerAuthenticator
-  with WritableUsersAuthenticator
+    with ReadableUsersAuthenticator
+    with WritableUsersAuthenticator
 
 trait ApiControllerBase extends ControllerBase {
   self: RepositoryService
@@ -68,22 +71,22 @@ trait ApiControllerBase extends ControllerBase {
     with WritableUsersAuthenticator =>
 
   /**
-    * 404 for non-implemented api
+   * 404 for non-implemented api
-    */
+   */
   get("/api/v3/*") {
     NotFound()
   }
 
   /**
-    * https://developer.github.com/v3/#root-endpoint
+   * https://developer.github.com/v3/#root-endpoint
-    */
+   */
   get("/api/v3") {
     JsonFormat(ApiEndPoint())
   }
 
   /**
-    * https://developer.github.com/v3/orgs/#get-an-organization
+   * https://developer.github.com/v3/orgs/#get-an-organization
-    */
+   */
   get("/api/v3/orgs/:groupName") {
     getAccountByUserName(params("groupName")).filter(account => account.isGroupAccount).map { account =>
       JsonFormat(ApiUser(account))
@@ -101,50 +104,77 @@ trait ApiControllerBase extends ControllerBase {
   }
 
   /**
-    * https://developer.github.com/v3/repos/#list-organization-repositories
+   * https://developer.github.com/v3/repos/#list-organization-repositories
-    */
+   */
   get("/api/v3/orgs/:orgName/repos") {
-    JsonFormat(getVisibleRepositories(context.loginAccount, Some(params("orgName"))).map{ r => ApiRepository(r, getAccountByUserName(r.owner).get)})
+    JsonFormat(getVisibleRepositories(context.loginAccount, Some(params("orgName"))).map { r =>
+      ApiRepository(r, getAccountByUserName(r.owner).get)
+    })
   }
+
   /**
    * https://developer.github.com/v3/repos/#list-user-repositories
    */
   get("/api/v3/users/:userName/repos") {
-    JsonFormat(getVisibleRepositories(context.loginAccount, Some(params("userName"))).map{ r => ApiRepository(r, getAccountByUserName(r.owner).get)})
+    JsonFormat(getVisibleRepositories(context.loginAccount, Some(params("userName"))).map { r =>
+      ApiRepository(r, getAccountByUserName(r.owner).get)
+    })
   }
 
   /*
    * https://developer.github.com/v3/repos/branches/#list-branches
    */
-  get ("/api/v3/repos/:owner/:repo/branches")(referrersOnly { repository =>
+  get("/api/v3/repos/:owner/:repository/branches")(referrersOnly { repository =>
-    JsonFormat(JGitUtil.getBranches(
+    JsonFormat(
-      owner         = repository.owner,
+      JGitUtil
-      name          = repository.name,
+        .getBranches(
-      defaultBranch = repository.repository.defaultBranch,
+          owner = repository.owner,
-      origin        = repository.repository.originUserName.isEmpty
+          name = repository.name,
-    ).map { br =>
+          defaultBranch = repository.repository.defaultBranch,
-      ApiBranchForList(br.name, ApiBranchCommit(br.commitId))
+          origin = repository.repository.originUserName.isEmpty
-    })
+        )
+        .map { br =>
+          ApiBranchForList(br.name, ApiBranchCommit(br.commitId))
+        }
+    )
   })
 
   /**
-    * https://developer.github.com/v3/repos/branches/#get-branch
+   * https://developer.github.com/v3/repos/branches/#get-branch
-    */
+   */
-  get ("/api/v3/repos/:owner/:repo/branches/*")(referrersOnly { repository =>
+  get("/api/v3/repos/:owner/:repository/branches/*")(referrersOnly { repository =>
     //import gitbucket.core.api._
-    (for{
+    (for {
       branch <- params.get("splat") if repository.branchList.contains(branch)
-      br <- getBranches(repository.owner, repository.name, repository.repository.defaultBranch, repository.repository.originUserName.isEmpty).find(_.name == branch)
+      br <- getBranches(
+        repository.owner,
+        repository.name,
+        repository.repository.defaultBranch,
+        repository.repository.originUserName.isEmpty
+      ).find(_.name == branch)
     } yield {
       val protection = getProtectedBranchInfo(repository.owner, repository.name, branch)
-      JsonFormat(ApiBranch(branch, ApiBranchCommit(br.commitId), ApiBranchProtection(protection))(RepositoryName(repository)))
+      JsonFormat(
+        ApiBranch(branch, ApiBranchCommit(br.commitId), ApiBranchProtection(protection))(RepositoryName(repository))
+      )
     }) getOrElse NotFound()
   })
 
   /*
    * https://developer.github.com/v3/repos/contents/#get-contents
    */
-  get("/api/v3/repos/:owner/:repo/contents/*")(referrersOnly { repository =>
+  get("/api/v3/repos/:owner/:repository/contents")(referrersOnly { repository =>
+    getContents(repository, ".", params.getOrElse("ref", repository.repository.defaultBranch))
+  })
+
+  /*
+   * https://developer.github.com/v3/repos/contents/#get-contents
+   */
+  get("/api/v3/repos/:owner/:repository/contents/*")(referrersOnly { repository =>
+    getContents(repository, multiParams("splat").head, params.getOrElse("ref", repository.repository.defaultBranch))
+  })
+
+  private def getContents(repository: RepositoryService.RepositoryInfo, path: String, refStr: String) = {
     def getFileInfo(git: Git, revision: String, pathStr: String): Option[FileInfo] = {
       val (dirName, fileName) = pathStr.lastIndexOf('/') match {
         case -1 =>
@@ -155,67 +185,79 @@ trait ApiControllerBase extends ControllerBase {
       getFileList(git, revision, dirName).find(f => f.name.equals(fileName))
     }
 
-    val path = multiParams("splat").head match {
+    using(Git.open(getRepositoryDir(params("owner"), params("repository")))) { git =>
-      case s if s.isEmpty => "."
-      case s => s
-    }
-    val refStr = params.getOrElse("ref", repository.repository.defaultBranch)
-
-    using(Git.open(getRepositoryDir(params("owner"), params("repo")))){ git =>
       val fileList = getFileList(git, refStr, path)
       if (fileList.isEmpty) { // file or NotFound
-        getFileInfo(git, refStr, path).flatMap(f => {
+        getFileInfo(git, refStr, path)
-          val largeFile = params.get("large_file").exists(s => s.equals("true"))
+          .flatMap { f =>
-          val content = getContentFromId(git, f.id, largeFile)
+            val largeFile = params.get("large_file").exists(s => s.equals("true"))
-          request.getHeader("Accept") match {
+            val content = getContentFromId(git, f.id, largeFile)
-            case "application/vnd.github.v3.raw" => {
+            request.getHeader("Accept") match {
-              contentType = "application/vnd.github.v3.raw"
+              case "application/vnd.github.v3.raw" => {
-              content
+                contentType = "application/vnd.github.v3.raw"
+                content
+              }
+              case "application/vnd.github.v3.html" if isRenderable(f.name) => {
+                contentType = "application/vnd.github.v3.html"
+                content.map { c =>
+                  List(
+                    "<div data-path=\"",
+                    path,
+                    "\" id=\"file\">",
+                    "<article>",
+                    renderMarkup(path.split("/").toList, new String(c), refStr, repository, false, false, true).body,
+                    "</article>",
+                    "</div>"
+                  ).mkString
+                }
+              }
+              case "application/vnd.github.v3.html" => {
+                contentType = "application/vnd.github.v3.html"
+                content.map { c =>
+                  List(
+                    "<div data-path=\"",
+                    path,
+                    "\" id=\"file\">",
+                    "<div class=\"plain\">",
+                    "<pre>",
+                    play.twirl.api.HtmlFormat.escape(new String(c)).body,
+                    "</pre>",
+                    "</div>",
+                    "</div>"
+                  ).mkString
+                }
+              }
+              case _ =>
+                Some(JsonFormat(ApiContents(f, RepositoryName(repository), content)))
             }
-            case "application/vnd.github.v3.html" if isRenderable(f.name) => {
-              contentType = "application/vnd.github.v3.html"
-              content.map(c =>
-                List(
-                  "<div data-path=\"", path, "\" id=\"file\">", "<article>",
-                  renderMarkup(path.split("/").toList, new String(c), refStr, repository, false, false, true).body,
-                  "</article>", "</div>"
-                ).mkString
-              )
-            }
-            case "application/vnd.github.v3.html" => {
-              contentType = "application/vnd.github.v3.html"
-              content.map(c =>
-                List(
-                  "<div data-path=\"", path, "\" id=\"file\">", "<div class=\"plain\">", "<pre>",
-                  play.twirl.api.HtmlFormat.escape(new String(c)).body,
-                  "</pre>", "</div>", "</div>"
-                ).mkString
-              )
-            }
-            case _ =>
-              Some(JsonFormat(ApiContents(f, RepositoryName(repository), content)))
           }
-        }).getOrElse(NotFound())
+          .getOrElse(NotFound())
+
       } else { // directory
-        JsonFormat(fileList.map{f => ApiContents(f, RepositoryName(repository), None)})
+        JsonFormat(fileList.map { f =>
+          ApiContents(f, RepositoryName(repository), None)
+        })
       }
     }
-  })
+  }
 
   /*
    * https://developer.github.com/v3/git/refs/#get-a-reference
    */
-  get("/api/v3/repos/:owner/:repo/git/refs/*") (referrersOnly { repository =>
+  get("/api/v3/repos/:owner/:repository/git/refs/*")(referrersOnly { repository =>
     val revstr = multiParams("splat").head
-    using(Git.open(getRepositoryDir(params("owner"), params("repo")))) { git =>
+    using(Git.open(getRepositoryDir(params("owner"), params("repository")))) { git =>
       val ref = git.getRepository().findRef(revstr)
 
-      if(ref != null){
+      if (ref != null) {
         val sha = ref.getObjectId().name()
         JsonFormat(ApiRef(revstr, ApiObject(sha)))
 
       } else {
-        val refs = git.getRepository().getAllRefs().asScala
+        val refs = git
+          .getRepository()
+          .getAllRefs()
+          .asScala
           .collect { case (str, ref) if str.startsWith("refs/" + revstr) => ref }
 
         JsonFormat(refs.map { ref =>
@@ -229,9 +271,11 @@ trait ApiControllerBase extends ControllerBase {
   /**
    * https://developer.github.com/v3/repos/collaborators/#list-collaborators
    */
-  get("/api/v3/repos/:owner/:repo/collaborators") (referrersOnly { repository =>
+  get("/api/v3/repos/:owner/:repository/collaborators")(referrersOnly { repository =>
     // TODO Should ApiUser take permission? getCollaboratorUserNames does not return owner group members.
-    JsonFormat(getCollaboratorUserNames(params("owner"), params("repo")).map(u => ApiUser(getAccountByUserName(u).get)))
+    JsonFormat(
+      getCollaboratorUserNames(params("owner"), params("repository")).map(u => ApiUser(getAccountByUserName(u).get))
+    )
   })
 
   /**
@@ -247,9 +291,9 @@ trait ApiControllerBase extends ControllerBase {
    * List user's own repository
    * https://developer.github.com/v3/repos/#list-your-repositories
    */
-  get("/api/v3/user/repos")(usersOnly{
+  get("/api/v3/user/repos")(usersOnly {
-    JsonFormat(getVisibleRepositories(context.loginAccount, Option(context.loginAccount.get.userName)).map{
+    JsonFormat(getVisibleRepositories(context.loginAccount, Option(context.loginAccount.get.userName)).map { r =>
-      r => ApiRepository(r, getAccountByUserName(r.owner).get)
+      ApiRepository(r, getAccountByUserName(r.owner).get)
     })
   })
 
@@ -263,10 +307,20 @@ trait ApiControllerBase extends ControllerBase {
       data <- extractFromJsonBody[CreateARepository] if data.isValid
     } yield {
       LockUtil.lock(s"${owner}/${data.name}") {
-        if(getRepository(owner, data.name).isEmpty){
+        if (getRepository(owner, data.name).isEmpty) {
-          val f = createRepository(context.loginAccount.get, owner, data.name, data.description, data.`private`, data.auto_init)
+          val f = createRepository(
+            context.loginAccount.get,
+            owner,
+            data.name,
+            data.description,
+            data.`private`,
+            data.auto_init
+          )
           Await.result(f, Duration.Inf)
-          val repository = getRepository(owner, data.name).get
+
+          val repository = Database() withTransaction { session =>
+            getRepository(owner, data.name)(session).get
+          }
           JsonFormat(ApiRepository(repository, ApiUser(getAccountByUserName(owner).get)))
         } else {
           ApiError(
@@ -288,8 +342,15 @@ trait ApiControllerBase extends ControllerBase {
       data <- extractFromJsonBody[CreateARepository] if data.isValid
     } yield {
       LockUtil.lock(s"${groupName}/${data.name}") {
-        if(getRepository(groupName, data.name).isEmpty){
+        if (getRepository(groupName, data.name).isEmpty) {
-          val f = createRepository(context.loginAccount.get, groupName, data.name, data.description, data.`private`, data.auto_init)
+          val f = createRepository(
+            context.loginAccount.get,
+            groupName,
+            data.name,
+            data.description,
+            data.`private`,
+            data.auto_init
+          )
           Await.result(f, Duration.Inf)
           val repository = getRepository(groupName, data.name).get
           JsonFormat(ApiRepository(repository, ApiUser(getAccountByUserName(groupName).get)))
@@ -306,15 +367,26 @@ trait ApiControllerBase extends ControllerBase {
   /**
    * https://developer.github.com/v3/repos/#enabling-and-disabling-branch-protection
    */
-  patch("/api/v3/repos/:owner/:repo/branches/*")(ownerOnly { repository =>
+  patch("/api/v3/repos/:owner/:repository/branches/*")(ownerOnly { repository =>
     import gitbucket.core.api._
-    (for{
+    (for {
-      branch     <- params.get("splat") if repository.branchList.contains(branch)
+      branch <- params.get("splat") if repository.branchList.contains(branch)
       protection <- extractFromJsonBody[ApiBranchProtection.EnablingAndDisabling].map(_.protection)
-      br <- getBranches(repository.owner, repository.name, repository.repository.defaultBranch, repository.repository.originUserName.isEmpty).find(_.name == branch)
+      br <- getBranches(
+        repository.owner,
+        repository.name,
+        repository.repository.defaultBranch,
+        repository.repository.originUserName.isEmpty
+      ).find(_.name == branch)
     } yield {
-      if(protection.enabled){
+      if (protection.enabled) {
-        enableBranchProtection(repository.owner, repository.name, branch, protection.status.enforcement_level == ApiBranchProtection.Everyone, protection.status.contexts)
+        enableBranchProtection(
+          repository.owner,
+          repository.name,
+          branch,
+          protection.status.enforcement_level == ApiBranchProtection.Everyone,
+          protection.status.contexts
+        )
       } else {
         disableBranchProtection(repository.owner, repository.name, branch)
       }
@@ -326,15 +398,15 @@ trait ApiControllerBase extends ControllerBase {
    * @see https://developer.github.com/v3/rate_limit/#get-your-current-rate-limit-status
    * but not enabled.
    */
-  get("/api/v3/rate_limit"){
+  get("/api/v3/rate_limit") {
     contentType = formats("json")
     // this message is same as github enterprise...
     org.scalatra.NotFound(ApiError("Rate limiting is not enabled."))
   }
 
   /**
-    * https://developer.github.com/v3/issues/#list-issues-for-a-repository
+   * https://developer.github.com/v3/issues/#list-issues-for-a-repository
-    */
+   */
   get("/api/v3/repos/:owner/:repository/issues")(referrersOnly { repository =>
     val page = IssueSearchCondition.page(request)
     // TODO: more api spec condition
@@ -344,18 +416,20 @@ trait ApiControllerBase extends ControllerBase {
     val issues: List[(Issue, Account)] =
       searchIssueByApi(
         condition = condition,
-        offset    = (page - 1) * PullRequestLimit,
+        offset = (page - 1) * PullRequestLimit,
-        limit     = PullRequestLimit,
+        limit = PullRequestLimit,
-        repos     = repository.owner -> repository.name
+        repos = repository.owner -> repository.name
       )
 
-    JsonFormat(issues.map { case (issue, issueUser) =>
+    JsonFormat(issues.map {
-      ApiIssue(
+      case (issue, issueUser) =>
-        issue          = issue,
+        ApiIssue(
-        repositoryName = RepositoryName(repository),
+          issue = issue,
-        user           = ApiUser(issueUser),
+          repositoryName = RepositoryName(repository),
-        labels         = getIssueLabels(repository.owner, repository.name, issue.issueId).map(ApiLabel(_, RepositoryName(repository)))
+          user = ApiUser(issueUser),
-      )
+          labels = getIssueLabels(repository.owner, repository.name, issue.issueId)
+            .map(ApiLabel(_, RepositoryName(repository)))
+        )
     })
   })
 
@@ -363,22 +437,28 @@ trait ApiControllerBase extends ControllerBase {
    * https://developer.github.com/v3/issues/#get-a-single-issue
    */
   get("/api/v3/repos/:owner/:repository/issues/:id")(referrersOnly { repository =>
-    (for{
+    (for {
-      issueId  <- params("id").toIntOpt
+      issueId <- params("id").toIntOpt
       issue <- getIssue(repository.owner, repository.name, issueId.toString)
       openedUser <- getAccountByUserName(issue.openedUserName)
     } yield {
-      JsonFormat(ApiIssue(issue, RepositoryName(repository), ApiUser(openedUser),
+      JsonFormat(
-        getIssueLabels(repository.owner, repository.name, issue.issueId).map(ApiLabel(_, RepositoryName(repository)))))
+        ApiIssue(
+          issue,
+          RepositoryName(repository),
+          ApiUser(openedUser),
+          getIssueLabels(repository.owner, repository.name, issue.issueId).map(ApiLabel(_, RepositoryName(repository)))
+        )
+      )
     }) getOrElse NotFound()
   })
 
   /**
-    * https://developer.github.com/v3/issues/#create-an-issue
+   * https://developer.github.com/v3/issues/#create-an-issue
-    */
+   */
   post("/api/v3/repos/:owner/:repository/issues")(readableUsersOnly { repository =>
-    if(isIssueEditable(repository)){ // TODO Should this check is provided by authenticator?
+    if (isIssueEditable(repository)) { // TODO Should this check is provided by authenticator?
-      (for{
+      (for {
         data <- extractFromJsonBody[CreateAnIssue]
         loginAccount <- context.loginAccount
       } yield {
@@ -391,9 +471,17 @@ trait ApiControllerBase extends ControllerBase {
           milestone.map(_.milestoneId),
           None,
           data.labels,
-          loginAccount)
+          loginAccount
-        JsonFormat(ApiIssue(issue, RepositoryName(repository), ApiUser(loginAccount),
+        )
-          getIssueLabels(repository.owner, repository.name, issue.issueId).map(ApiLabel(_, RepositoryName(repository)))))
+        JsonFormat(
+          ApiIssue(
+            issue,
+            RepositoryName(repository),
+            ApiUser(loginAccount),
+            getIssueLabels(repository.owner, repository.name, issue.issueId)
+              .map(ApiLabel(_, RepositoryName(repository)))
+          )
+        )
       }) getOrElse NotFound()
     } else Unauthorized()
   })
@@ -402,11 +490,14 @@ trait ApiControllerBase extends ControllerBase {
    * https://developer.github.com/v3/issues/comments/#list-comments-on-an-issue
    */
   get("/api/v3/repos/:owner/:repository/issues/:id/comments")(referrersOnly { repository =>
-    (for{
+    (for {
-      issueId  <- params("id").toIntOpt
+      issueId <- params("id").toIntOpt
-      comments =  getCommentsForApi(repository.owner, repository.name, issueId)
+      comments = getCommentsForApi(repository.owner, repository.name, issueId)
     } yield {
-      JsonFormat(comments.map{ case (issueComment, user, issue) => ApiComment(issueComment, RepositoryName(repository), issueId, ApiUser(user), issue.isPullRequest) })
+      JsonFormat(comments.map {
+        case (issueComment, user, issue) =>
+          ApiComment(issueComment, RepositoryName(repository), issueId, ApiUser(user), issue.isPullRequest)
+      })
     }) getOrElse NotFound()
   })
 
@@ -414,15 +505,23 @@ trait ApiControllerBase extends ControllerBase {
    * https://developer.github.com/v3/issues/comments/#create-a-comment
    */
   post("/api/v3/repos/:owner/:repository/issues/:id/comments")(readableUsersOnly { repository =>
-    (for{
+    (for {
-      issueId      <- params("id").toIntOpt
+      issueId <- params("id").toIntOpt
-      issue        <- getIssue(repository.owner, repository.name, issueId.toString)
+      issue <- getIssue(repository.owner, repository.name, issueId.toString)
-      body         <- extractFromJsonBody[CreateAComment].map(_.body) if ! body.isEmpty
+      body <- extractFromJsonBody[CreateAComment].map(_.body) if !body.isEmpty
-      action       =  params.get("action").filter(_ => isEditable(issue.userName, issue.repositoryName, issue.openedUserName))
+      action = params.get("action").filter(_ => isEditable(issue.userName, issue.repositoryName, issue.openedUserName))
-      (issue, id)  <- handleComment(issue, Some(body), repository, action)
+      (issue, id) <- handleComment(issue, Some(body), repository, action)
       issueComment <- getComment(repository.owner, repository.name, id.toString())
     } yield {
-      JsonFormat(ApiComment(issueComment, RepositoryName(repository), issueId, ApiUser(context.loginAccount.get), issue.isPullRequest))
+      JsonFormat(
+        ApiComment(
+          issueComment,
+          RepositoryName(repository),
+          issueId,
+          ApiUser(context.loginAccount.get),
+          issue.isPullRequest
+        )
+      )
     }) getOrElse NotFound()
   })
 
@@ -451,7 +550,7 @@ trait ApiControllerBase extends ControllerBase {
    * https://developer.github.com/v3/issues/labels/#create-a-label
    */
   post("/api/v3/repos/:owner/:repository/labels")(writableUsersOnly { repository =>
-    (for{
+    (for {
       data <- extractFromJsonBody[CreateALabel] if data.isValid
     } yield {
       LockUtil.lock(RepositoryName(repository).fullName) {
@@ -462,10 +561,12 @@ trait ApiControllerBase extends ControllerBase {
           } getOrElse NotFound()
         } else {
           // TODO ApiError should support errors field to enhance compatibility of GitHub API
-          UnprocessableEntity(ApiError(
+          UnprocessableEntity(
-            "Validation Failed",
+            ApiError(
-            Some("https://developer.github.com/v3/issues/labels/#create-a-label")
+              "Validation Failed",
-          ))
+              Some("https://developer.github.com/v3/issues/labels/#create-a-label")
+            )
+          )
         }
       }
     }) getOrElse NotFound()
@@ -476,24 +577,29 @@ trait ApiControllerBase extends ControllerBase {
    * https://developer.github.com/v3/issues/labels/#update-a-label
    */
   patch("/api/v3/repos/:owner/:repository/labels/:labelName")(writableUsersOnly { repository =>
-    (for{
+    (for {
       data <- extractFromJsonBody[CreateALabel] if data.isValid
     } yield {
       LockUtil.lock(RepositoryName(repository).fullName) {
-        getLabel(repository.owner, repository.name, params("labelName")).map { label =>
+        getLabel(repository.owner, repository.name, params("labelName")).map {
-          if (getLabel(repository.owner, repository.name, data.name).isEmpty) {
+          label =>
-            updateLabel(repository.owner, repository.name, label.labelId, data.name, data.color)
+            if (getLabel(repository.owner, repository.name, data.name).isEmpty) {
-            JsonFormat(ApiLabel(
+              updateLabel(repository.owner, repository.name, label.labelId, data.name, data.color)
-              getLabel(repository.owner, repository.name, label.labelId).get,
+              JsonFormat(
-              RepositoryName(repository)
+                ApiLabel(
-            ))
+                  getLabel(repository.owner, repository.name, label.labelId).get,
-          } else {
+                  RepositoryName(repository)
-            // TODO ApiError should support errors field to enhance compatibility of GitHub API
+                )
-            UnprocessableEntity(ApiError(
+              )
-              "Validation Failed",
+            } else {
-              Some("https://developer.github.com/v3/issues/labels/#create-a-label")
+              // TODO ApiError should support errors field to enhance compatibility of GitHub API
-            ))
+              UnprocessableEntity(
-          }
+                ApiError(
+                  "Validation Failed",
+                  Some("https://developer.github.com/v3/issues/labels/#create-a-label")
+                )
+              )
+            }
         } getOrElse NotFound()
       }
     }) getOrElse NotFound()
@@ -524,22 +630,24 @@ trait ApiControllerBase extends ControllerBase {
     val issues: List[(Issue, Account, Int, PullRequest, Repository, Account, Option[Account])] =
       searchPullRequestByApi(
         condition = condition,
-        offset    = (page - 1) * PullRequestLimit,
+        offset = (page - 1) * PullRequestLimit,
-        limit     = PullRequestLimit,
+        limit = PullRequestLimit,
-        repos     = repository.owner -> repository.name
+        repos = repository.owner -> repository.name
       )
 
-    JsonFormat(issues.map { case (issue, issueUser, commentCount, pullRequest, headRepo, headOwner, assignee) =>
+    JsonFormat(issues.map {
-      ApiPullRequest(
+      case (issue, issueUser, commentCount, pullRequest, headRepo, headOwner, assignee) =>
-        issue         = issue,
+        ApiPullRequest(
-        pullRequest   = pullRequest,
+          issue = issue,
-        headRepo      = ApiRepository(headRepo, ApiUser(headOwner)),
+          pullRequest = pullRequest,
-        baseRepo      = ApiRepository(repository, ApiUser(baseOwner)),
+          headRepo = ApiRepository(headRepo, ApiUser(headOwner)),
-        user          = ApiUser(issueUser),
+          baseRepo = ApiRepository(repository, ApiUser(baseOwner)),
-        labels        = getIssueLabels(repository.owner, repository.name, issue.issueId).map(ApiLabel(_, RepositoryName(repository))),
+          user = ApiUser(issueUser),
-        assignee      = assignee.map(ApiUser.apply),
+          labels = getIssueLabels(repository.owner, repository.name, issue.issueId)
-        mergedComment = getMergedComment(repository.owner, repository.name, issue.issueId)
+            .map(ApiLabel(_, RepositoryName(repository))),
-      )
+          assignee = assignee.map(ApiUser.apply),
+          mergedComment = getMergedComment(repository.owner, repository.name, issue.issueId)
+        )
     })
   })
 
@@ -547,26 +655,34 @@ trait ApiControllerBase extends ControllerBase {
    * https://developer.github.com/v3/pulls/#get-a-single-pull-request
    */
   get("/api/v3/repos/:owner/:repository/pulls/:id")(referrersOnly { repository =>
-    (for{
+    (for {
-      issueId   <- params("id").toIntOpt
+      issueId <- params("id").toIntOpt
       (issue, pullRequest) <- getPullRequest(repository.owner, repository.name, issueId)
-      users     =  getAccountsByUserNames(Set(repository.owner, pullRequest.requestUserName, issue.openedUserName), Set.empty)
+      users = getAccountsByUserNames(
+        Set(repository.owner, pullRequest.requestUserName, issue.openedUserName),
+        Set.empty
+      )
       baseOwner <- users.get(repository.owner)
       headOwner <- users.get(pullRequest.requestUserName)
       issueUser <- users.get(issue.openedUserName)
-      assignee  =  issue.assignedUserName.flatMap { userName => getAccountByUserName(userName, false) }
+      assignee = issue.assignedUserName.flatMap { userName =>
-      headRepo  <- getRepository(pullRequest.requestUserName, pullRequest.requestRepositoryName)
+        getAccountByUserName(userName, false)
+      }
+      headRepo <- getRepository(pullRequest.requestUserName, pullRequest.requestRepositoryName)
     } yield {
-      JsonFormat(ApiPullRequest(
+      JsonFormat(
-        issue         = issue,
+        ApiPullRequest(
-        pullRequest   = pullRequest,
+          issue = issue,
-        headRepo      = ApiRepository(headRepo, ApiUser(headOwner)),
+          pullRequest = pullRequest,
-        baseRepo      = ApiRepository(repository, ApiUser(baseOwner)),
+          headRepo = ApiRepository(headRepo, ApiUser(headOwner)),
-        user          = ApiUser(issueUser),
+          baseRepo = ApiRepository(repository, ApiUser(baseOwner)),
-        labels        = getIssueLabels(repository.owner, repository.name, issue.issueId).map(ApiLabel(_, RepositoryName(repository))),
+          user = ApiUser(issueUser),
-        assignee      = assignee.map(ApiUser.apply),
+          labels = getIssueLabels(repository.owner, repository.name, issue.issueId)
-        mergedComment = getMergedComment(repository.owner, repository.name, issue.issueId)
+            .map(ApiLabel(_, RepositoryName(repository))),
-      ))
+          assignee = assignee.map(ApiUser.apply),
+          mergedComment = getMergedComment(repository.owner, repository.name, issue.issueId)
+        )
+      )
     }) getOrElse NotFound()
   })
 
@@ -576,16 +692,26 @@ trait ApiControllerBase extends ControllerBase {
   get("/api/v3/repos/:owner/:repository/pulls/:id/commits")(referrersOnly { repository =>
     val owner = repository.owner
     val name = repository.name
-    params("id").toIntOpt.flatMap{ issueId =>
+    params("id").toIntOpt.flatMap {
-      getPullRequest(owner, name, issueId) map { case(issue, pullreq) =>
+      issueId =>
-        using(Git.open(getRepositoryDir(owner, name))){ git =>
+        getPullRequest(owner, name, issueId) map {
-          val oldId = git.getRepository.resolve(pullreq.commitIdFrom)
+          case (issue, pullreq) =>
-          val newId = git.getRepository.resolve(pullreq.commitIdTo)
+            using(Git.open(getRepositoryDir(owner, name))) { git =>
-          val repoFullName = RepositoryName(repository)
+              val oldId = git.getRepository.resolve(pullreq.commitIdFrom)
-          val commits = git.log.addRange(oldId, newId).call.iterator.asScala.map { c => ApiCommitListItem(new CommitInfo(c), repoFullName) }.toList
+              val newId = git.getRepository.resolve(pullreq.commitIdTo)
-          JsonFormat(commits)
+              val repoFullName = RepositoryName(repository)
+              val commits = git.log
+                .addRange(oldId, newId)
+                .call
+                .iterator
+                .asScala
+                .map { c =>
+                  ApiCommitListItem(new CommitInfo(c), repoFullName)
+                }
+                .toList
+              JsonFormat(commits)
+            }
         }
-      }
     } getOrElse NotFound()
   })
 
@@ -599,16 +725,25 @@ trait ApiControllerBase extends ControllerBase {
   /**
    * https://developer.github.com/v3/repos/statuses/#create-a-status
    */
-  post("/api/v3/repos/:owner/:repo/statuses/:sha")(writableUsersOnly { repository =>
+  post("/api/v3/repos/:owner/:repository/statuses/:sha")(writableUsersOnly { repository =>
-    (for{
+    (for {
-      ref      <- params.get("sha")
+      ref <- params.get("sha")
-      sha      <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
+      sha <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
-      data     <- extractFromJsonBody[CreateAStatus] if data.isValid
+      data <- extractFromJsonBody[CreateAStatus] if data.isValid
-      creator  <- context.loginAccount
+      creator <- context.loginAccount
-      state    <- CommitState.valueOf(data.state)
+      state <- CommitState.valueOf(data.state)
-      statusId =  createCommitStatus(repository.owner, repository.name, sha, data.context.getOrElse("default"),
+      statusId = createCommitStatus(
-                                     state, data.target_url, data.description, new java.util.Date(), creator)
+        repository.owner,
-      status   <- getCommitStatus(repository.owner, repository.name, statusId)
+        repository.name,
+        sha,
+        data.context.getOrElse("default"),
+        state,
+        data.target_url,
+        data.description,
+        new java.util.Date(),
+        creator
+      )
+      status <- getCommitStatus(repository.owner, repository.name, statusId)
     } yield {
       JsonFormat(ApiCommitStatus(status, ApiUser(creator)))
     }) getOrElse NotFound()
@@ -619,13 +754,14 @@ trait ApiControllerBase extends ControllerBase {
    *
    * ref is Ref to list the statuses from. It can be a SHA, a branch name, or a tag name.
    */
-  val listStatusesRoute = get("/api/v3/repos/:owner/:repo/commits/:ref/statuses")(referrersOnly { repository =>
+  val listStatusesRoute = get("/api/v3/repos/:owner/:repository/commits/:ref/statuses")(referrersOnly { repository =>
-    (for{
+    (for {
       ref <- params.get("ref")
       sha <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
     } yield {
-      JsonFormat(getCommitStatuesWithCreator(repository.owner, repository.name, sha).map{ case(status, creator) =>
+      JsonFormat(getCommitStatuesWithCreator(repository.owner, repository.name, sha).map {
-        ApiCommitStatus(status, ApiUser(creator))
+        case (status, creator) =>
+          ApiCommitStatus(status, ApiUser(creator))
       })
     }) getOrElse NotFound()
   })
@@ -635,7 +771,7 @@ trait ApiControllerBase extends ControllerBase {
    *
    * legacy route
    */
-  get("/api/v3/repos/:owner/:repo/statuses/:ref"){
+  get("/api/v3/repos/:owner/:repository/statuses/:ref") {
     listStatusesRoute.action()
   }
 
@@ -644,11 +780,11 @@ trait ApiControllerBase extends ControllerBase {
    *
    * ref is Ref to list the statuses from. It can be a SHA, a branch name, or a tag name.
    */
-  get("/api/v3/repos/:owner/:repo/commits/:ref/status")(referrersOnly { repository =>
+  get("/api/v3/repos/:owner/:repository/commits/:ref/status")(referrersOnly { repository =>
-    (for{
+    (for {
-      ref   <- params.get("ref")
+      ref <- params.get("ref")
       owner <- getAccountByUserName(repository.owner)
-      sha   <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
+      sha <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
     } yield {
       val statuses = getCommitStatuesWithCreator(repository.owner, repository.name, sha)
       JsonFormat(ApiCombinedCommitStatus(sha, statuses, ApiRepository(repository, owner)))
@@ -658,26 +794,29 @@ trait ApiControllerBase extends ControllerBase {
   /**
    * https://developer.github.com/v3/repos/commits/#get-a-single-commit
    */
-  get("/api/v3/repos/:owner/:repo/commits/:sha")(referrersOnly { repository =>
+  get("/api/v3/repos/:owner/:repository/commits/:sha")(referrersOnly { repository =>
     val owner = repository.owner
-    val name  = repository.name
+    val name = repository.name
-    val sha   = params("sha")
+    val sha = params("sha")
 
-    using(Git.open(getRepositoryDir(owner, name))){ git =>
+    using(Git.open(getRepositoryDir(owner, name))) {
-      val repo = git.getRepository
+      git =>
-      val objectId = repo.resolve(sha)
+        val repo = git.getRepository
-      val commitInfo = using(new RevWalk(repo)){ revWalk =>
+        val objectId = repo.resolve(sha)
-        new CommitInfo(revWalk.parseCommit(objectId))
+        val commitInfo = using(new RevWalk(repo)) { revWalk =>
-      }
+          new CommitInfo(revWalk.parseCommit(objectId))
+        }
 
-      JsonFormat(ApiCommits(
+        JsonFormat(
-        repositoryName = RepositoryName(repository),
+          ApiCommits(
-        commitInfo     = commitInfo,
+            repositoryName = RepositoryName(repository),
-        diffs          = JGitUtil.getDiffs(git, Some(commitInfo.parents.head), commitInfo.id, false, true),
+            commitInfo = commitInfo,
-        author         = getAccount(commitInfo.authorName, commitInfo.authorEmailAddress),
+            diffs = JGitUtil.getDiffs(git, Some(commitInfo.parents.head), commitInfo.id, false, true),
-        committer      = getAccount(commitInfo.committerName, commitInfo.committerEmailAddress),
+            author = getAccount(commitInfo.authorName, commitInfo.authorEmailAddress),
-        commentCount   = getCommitComment(repository.owner, repository.name, sha).size
+            committer = getAccount(commitInfo.committerName, commitInfo.committerEmailAddress),
-      ))
+            commentCount = getCommitComment(repository.owner, repository.name, sha).size
+          )
+        )
     }
   })
 
@@ -705,11 +844,11 @@ trait ApiControllerBase extends ControllerBase {
     hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
 
   /**
-    * non-GitHub compatible API for Jenkins-Plugin
+   * non-GitHub compatible API for Jenkins-Plugin
-    */
+   */
-  get("/api/v3/repos/:owner/:repo/raw/*")(referrersOnly { repository =>
+  get("/api/v3/repos/:owner/:repository/raw/*")(referrersOnly { repository =>
     val (id, path) = repository.splitPath(multiParams("splat").head)
-    using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
+    using(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
       val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(id))
 
       getPathObjectId(git, path, revCommit).map { objectId =>
@@ -719,10 +858,9 @@ trait ApiControllerBase extends ControllerBase {
   })
 
   /**
-    * non-GitHub compatible API for listing plugins
+   * non-GitHub compatible API for listing plugins
-    */
+   */
-  get("/api/v3/gitbucket/plugins"){
+  get("/api/v3/gitbucket/plugins") {
-    PluginRegistry().getPlugins().map{ApiPlugin(_)}
+    PluginRegistry().getPlugins().map { ApiPlugin(_) }
   }
 }
-

src/main/scala/gitbucket/core/controller/ControllerBase.scala

@@ -1,8 +1,8 @@
 package gitbucket.core.controller
 
-import java.io.FileInputStream
+import java.io.{File, FileInputStream}
 
-import gitbucket.core.api.ApiError
+import gitbucket.core.api.{ApiError, JsonFormat}
 import gitbucket.core.model.Account
 import gitbucket.core.service.{AccountService, RepositoryService, SystemSettingsService}
 import gitbucket.core.util.SyntaxSugars._
@@ -31,9 +31,14 @@ import org.slf4j.LoggerFactory
 /**
  * Provides generic features for controller implementations.
  */
-abstract class ControllerBase extends ScalatraFilter
+abstract class ControllerBase
-  with ValidationSupport with JacksonJsonSupport with I18nSupport with FlashMapSupport with Validations
+    extends ScalatraFilter
-  with SystemSettingsService {
+    with ValidationSupport
+    with JacksonJsonSupport
+    with I18nSupport
+    with FlashMapSupport
+    with Validations
+    with SystemSettingsService {
 
   private val logger = LoggerFactory.getLogger(getClass)
 
@@ -41,35 +46,34 @@ abstract class ControllerBase extends ScalatraFilter
 
   before("/api/v3/*") {
     contentType = formats("json")
+    request.setAttribute(Keys.Request.APIv3, true)
   }
 
   override def requestPath(uri: String, idx: Int): String = {
     val path = super.requestPath(uri, idx)
-    if(path != "/" && path.endsWith("/")){
+    if (path != "/" && path.endsWith("/")) {
       path.substring(0, path.length - 1)
     } else {
       path
     }
   }
 
-  override def doFilter(request: ServletRequest, response: ServletResponse, chain: FilterChain): Unit = try {
+  override def doFilter(request: ServletRequest, response: ServletResponse, chain: FilterChain): Unit =
-    val httpRequest = request.asInstanceOf[HttpServletRequest]
+    try {
-    val context     = request.getServletContext.getContextPath
+      val httpRequest = request.asInstanceOf[HttpServletRequest]
-    val path        = httpRequest.getRequestURI.substring(context.length)
+      val context = request.getServletContext.getContextPath
+      val path = httpRequest.getRequestURI.substring(context.length)
 
-    if(path.startsWith("/git/") || path.startsWith("/git-lfs/")){
+      if (path.startsWith("/git/") || path.startsWith("/git-lfs/")) {
-      // Git repository
+        // Git repository
-      chain.doFilter(request, response)
+        chain.doFilter(request, response)
-    } else {
+      } else {
-      if(path.startsWith("/api/v3/")){
+        // Scalatra actions
-        httpRequest.setAttribute(Keys.Request.APIv3, true)
+        super.doFilter(request, response, chain)
       }
-      // Scalatra actions
+    } finally {
-      super.doFilter(request, response, chain)
+      contextCache.remove();
     }
-  } finally {
-    contextCache.remove();
-  }
 
   private val contextCache = new java.lang.ThreadLocal[Context]()
 
@@ -87,44 +91,45 @@ abstract class ControllerBase extends ScalatraFilter
     }
   }
 
-  private def LoginAccount: Option[Account] = request.getAs[Account](Keys.Session.LoginAccount).orElse(session.getAs[Account](Keys.Session.LoginAccount))
+  private def LoginAccount: Option[Account] =
+    request.getAs[Account](Keys.Session.LoginAccount).orElse(session.getAs[Account](Keys.Session.LoginAccount))
 
-  def ajaxGet(path : String)(action : => Any) : Route =
+  def ajaxGet(path: String)(action: => Any): Route =
-    super.get(path){
+    super.get(path) {
       request.setAttribute(Keys.Request.Ajax, "true")
       action
     }
 
-  override def ajaxGet[T](path : String, form : ValueType[T])(action : T => Any) : Route =
+  override def ajaxGet[T](path: String, form: ValueType[T])(action: T => Any): Route =
-    super.ajaxGet(path, form){ form =>
+    super.ajaxGet(path, form) { form =>
       request.setAttribute(Keys.Request.Ajax, "true")
       action(form)
     }
 
-  def ajaxPost(path : String)(action : => Any) : Route =
+  def ajaxPost(path: String)(action: => Any): Route =
-    super.post(path){
+    super.post(path) {
       request.setAttribute(Keys.Request.Ajax, "true")
       action
     }
 
-  override def ajaxPost[T](path : String, form : ValueType[T])(action : T => Any) : Route =
+  override def ajaxPost[T](path: String, form: ValueType[T])(action: T => Any): Route =
-    super.ajaxPost(path, form){ form =>
+    super.ajaxPost(path, form) { form =>
       request.setAttribute(Keys.Request.Ajax, "true")
       action(form)
     }
 
   protected def NotFound() =
-    if(request.hasAttribute(Keys.Request.Ajax)){
+    if (request.hasAttribute(Keys.Request.Ajax)) {
       org.scalatra.NotFound()
-    } else if(request.hasAttribute(Keys.Request.APIv3)){
+    } else if (request.hasAttribute(Keys.Request.APIv3)) {
       contentType = formats("json")
-      org.scalatra.NotFound(ApiError("Not Found"))
+      org.scalatra.NotFound(JsonFormat(ApiError("Not Found")))
     } else {
       org.scalatra.NotFound(gitbucket.core.html.error("Not Found"))
     }
 
   private def isBrowser(userAgent: String): Boolean = {
-    if(userAgent == null || userAgent.isEmpty){
+    if (userAgent == null || userAgent.isEmpty) {
       false
     } else {
       val data = Classifier.parse(userAgent)
@@ -134,67 +139,82 @@ abstract class ControllerBase extends ScalatraFilter
   }
 
   protected def Unauthorized()(implicit context: Context) =
-    if(request.hasAttribute(Keys.Request.Ajax)){
+    if (request.hasAttribute(Keys.Request.Ajax)) {
       org.scalatra.Unauthorized()
-    } else if(request.hasAttribute(Keys.Request.APIv3)){
+    } else if (request.hasAttribute(Keys.Request.APIv3)) {
       contentType = formats("json")
-      org.scalatra.Unauthorized(ApiError("Requires authentication"))
+      org.scalatra.Unauthorized(JsonFormat(ApiError("Requires authentication")))
-    } else if(!isBrowser(request.getHeader("USER-AGENT"))){
+    } else if (!isBrowser(request.getHeader("USER-AGENT"))) {
       org.scalatra.Unauthorized()
     } else {
-      if(context.loginAccount.isDefined){
+      if (context.loginAccount.isDefined) {
         org.scalatra.Unauthorized(redirect("/"))
       } else {
-        if(request.getMethod.toUpperCase == "POST"){
+        if (request.getMethod.toUpperCase == "POST") {
           org.scalatra.Unauthorized(redirect("/signin"))
         } else {
-          org.scalatra.Unauthorized(redirect("/signin?redirect=" + StringUtil.urlEncode(
+          org.scalatra.Unauthorized(
-            defining(request.getQueryString){ queryString =>
+            redirect(
-              request.getRequestURI.substring(request.getContextPath.length) + (if(queryString != null) "?" + queryString else "")
+              "/signin?redirect=" + StringUtil.urlEncode(
-            }
+                defining(request.getQueryString) { queryString =>
-          )))
+                  request.getRequestURI.substring(request.getContextPath.length) + (if (queryString != null)
+                                                                                      "?" + queryString
+                                                                                    else "")
+                }
+              )
+            )
+          )
         }
       }
     }
 
-  error{
+  error {
     case e => {
       logger.error(s"Catch unhandled error in request: ${request}", e)
-      if(request.hasAttribute(Keys.Request.Ajax)){
+      if (request.hasAttribute(Keys.Request.Ajax)) {
         org.scalatra.InternalServerError()
-      } else if(request.hasAttribute(Keys.Request.APIv3)){
+      } else if (request.hasAttribute(Keys.Request.APIv3)) {
         contentType = formats("json")
-        org.scalatra.InternalServerError(ApiError("Internal Server Error"))
+        org.scalatra.InternalServerError(JsonFormat(ApiError("Internal Server Error")))
       } else {
         org.scalatra.InternalServerError(gitbucket.core.html.error("Internal Server Error", Some(e)))
       }
     }
   }
 
-  override def url(path: String, params: Iterable[(String, Any)] = Iterable.empty,
+  override def url(
-                   includeContextPath: Boolean = true, includeServletPath: Boolean = true,
+    path: String,
-                   absolutize: Boolean = true, withSessionId: Boolean = true)
+    params: Iterable[(String, Any)] = Iterable.empty,
-                  (implicit request: HttpServletRequest, response: HttpServletResponse): String =
+    includeContextPath: Boolean = true,
+    includeServletPath: Boolean = true,
+    absolutize: Boolean = true,
+    withSessionId: Boolean = true
+  )(implicit request: HttpServletRequest, response: HttpServletResponse): String =
     if (path.startsWith("http")) path
     else baseUrl + super.url(path, params, false, false, false)
 
   /**
    * Extends scalatra-form's trim rule to eliminate CR and LF.
    */
-  protected def trim2[T](valueType: SingleValueType[T]): SingleValueType[T] = new SingleValueType[T](){
+  protected def trim2[T](valueType: SingleValueType[T]): SingleValueType[T] = new SingleValueType[T]() {
     def convert(value: String, messages: Messages): T = valueType.convert(trim(value), messages)
 
-    override def validate(name: String, value: String, params: Map[String, Seq[String]], messages: Messages): Seq[(String, String)] =
+    override def validate(
+      name: String,
+      value: String,
+      params: Map[String, Seq[String]],
+      messages: Messages
+    ): Seq[(String, String)] =
       valueType.validate(name, trim(value), params, messages)
 
-    private def trim(value: String): String = if(value == null) null else value.replace("\r\n", "").trim
+    private def trim(value: String): String = if (value == null) null else value.replace("\r\n", "").trim
   }
 
   /**
    * Use this method to response the raw data against XSS.
    */
   protected def RawData[T](contentType: String, rawData: T): T = {
-    if(contentType.split(";").head.trim.toLowerCase.startsWith("text/html")){
+    if (contentType.split(";").head.trim.toLowerCase.startsWith("text/html")) {
       this.contentType = "text/plain"
     } else {
       this.contentType = contentType
@@ -204,35 +224,39 @@ abstract class ControllerBase extends ScalatraFilter
   }
 
   // jenkins send message as 'application/x-www-form-urlencoded' but scalatra already parsed as multi-part-request.
-  def extractFromJsonBody[A](implicit request:HttpServletRequest, mf:Manifest[A]): Option[A] = {
+  def extractFromJsonBody[A](implicit request: HttpServletRequest, mf: Manifest[A]): Option[A] = {
-    (request.contentType.map(_.split(";").head.toLowerCase) match{
+    (request.contentType.map(_.split(";").head.toLowerCase) match {
       case Some("application/x-www-form-urlencoded") => multiParams.keys.headOption.map(parse(_))
-      case Some("application/json") => Some(parsedBody)
+      case Some("application/json")                  => Some(parsedBody)
-      case _ => Some(parse(request.body))
+      case _                                         => Some(parse(request.body))
     }).filterNot(_ == JNothing).flatMap(j => Try(j.extract[A]).toOption)
   }
 
   protected def getPathObjectId(git: Git, path: String, revCommit: RevCommit): Option[ObjectId] = {
     @scala.annotation.tailrec
     def _getPathObjectId(path: String, walk: TreeWalk): Option[ObjectId] = walk.next match {
-      case true if(walk.getPathString == path) => Some(walk.getObjectId(0))
+      case true if (walk.getPathString == path) => Some(walk.getObjectId(0))
-      case true  => _getPathObjectId(path, walk)
+      case true                                 => _getPathObjectId(path, walk)
-      case false => None
+      case false                                => None
     }
 
-    using(new TreeWalk(git.getRepository)){ treeWalk =>
+    using(new TreeWalk(git.getRepository)) { treeWalk =>
       treeWalk.addTree(revCommit.getTree)
       treeWalk.setRecursive(true)
       _getPathObjectId(path, treeWalk)
     }
   }
 
-  protected def responseRawFile(git: Git, objectId: ObjectId, path: String,
+  protected def responseRawFile(
-                              repository: RepositoryService.RepositoryInfo): Unit = {
+    git: Git,
-    JGitUtil.getObjectLoaderFromId(git, objectId){ loader =>
+    objectId: ObjectId,
+    path: String,
+    repository: RepositoryService.RepositoryInfo
+  ): Unit = {
+    JGitUtil.getObjectLoaderFromId(git, objectId) { loader =>
       contentType = FileUtil.getMimeType(path)
 
-      if(loader.isLarge){
+      if (loader.isLarge) {
         response.setContentLength(loader.getSize.toInt)
         loader.copyTo(response.outputStream)
       } else {
@@ -240,11 +264,11 @@ abstract class ControllerBase extends ScalatraFilter
         val text = new String(bytes, "UTF-8")
 
         val attrs = JGitUtil.getLfsObjects(text)
-        if(attrs.nonEmpty) {
+        if (attrs.nonEmpty) {
           response.setContentLength(attrs("size").toInt)
           val oid = attrs("oid").split(":")(1)
 
-          using(new FileInputStream(FileUtil.getLfsFilePath(repository.owner, repository.name, oid))){ in =>
+          using(new FileInputStream(FileUtil.getLfsFilePath(repository.owner, repository.name, oid))) { in =>
             IOUtils.copy(in, response.getOutputStream)
           }
         } else {
@@ -259,17 +283,21 @@ abstract class ControllerBase extends ScalatraFilter
 /**
  * Context object for the current request.
  */
-case class Context(settings: SystemSettingsService.SystemSettings, loginAccount: Option[Account], request: HttpServletRequest){
+case class Context(
+  settings: SystemSettingsService.SystemSettings,
+  loginAccount: Option[Account],
+  request: HttpServletRequest
+) {
   val path = settings.baseUrl.getOrElse(request.getContextPath)
   val currentPath = request.getRequestURI.substring(request.getContextPath.length)
   val baseUrl = settings.baseUrl(request)
   val host = new java.net.URL(baseUrl).getHost
   val platform = request.getHeader("User-Agent") match {
-    case null => null
+    case null                             => null
-    case agent if agent.contains("Mac") => "mac"
+    case agent if agent.contains("Mac")   => "mac"
     case agent if agent.contains("Linux") => "linux"
-    case agent if agent.contains("Win") => "windows"
+    case agent if agent.contains("Win")   => "windows"
-    case _ => null
+    case _                                => null
   }
   val sidebarCollapse = request.getSession.getAttribute("sidebar-collapse") != null
 
@@ -280,7 +308,7 @@ case class Context(settings: SystemSettingsService.SystemSettings, loginAccount:
    * Cached object are available during a request.
    */
   def cache[A](key: String)(action: => A): A =
-    defining(Keys.Request.Cache(key)){ cacheKey =>
+    defining(Keys.Request.Cache(key)) { cacheKey =>
       Option(request.getAttribute(cacheKey).asInstanceOf[A]).getOrElse {
         val newObject = action
         request.setAttribute(cacheKey, newObject)
@@ -294,48 +322,105 @@ case class Context(settings: SystemSettingsService.SystemSettings, loginAccount:
  * Base trait for controllers which manages account information.
  */
 trait AccountManagementControllerBase extends ControllerBase {
-  self: AccountService  =>
+  self: AccountService =>
 
   protected def updateImage(userName: String, fileId: Option[String], clearImage: Boolean): Unit =
-    if(clearImage){
+    if (clearImage) {
       getAccountByUserName(userName).flatMap(_.image).map { image =>
-        new java.io.File(getUserUploadDir(userName), image).delete()
+        new File(getUserUploadDir(userName), FileUtil.checkFilename(image)).delete()
         updateAvatarImage(userName, None)
       }
     } else {
       fileId.map { fileId =>
         val filename = "avatar." + FileUtil.getExtension(session.getAndRemove(Keys.Session.Upload(fileId)).get)
         val uploadDir = getUserUploadDir(userName)
-        if(!uploadDir.exists){
+        if (!uploadDir.exists) {
           uploadDir.mkdirs()
         }
-        Thumbnails.of(new java.io.File(getTemporaryDir(session.getId), fileId))
+        Thumbnails
+          .of(new File(getTemporaryDir(session.getId), FileUtil.checkFilename(fileId)))
           .size(324, 324)
-          .toFile(new java.io.File(uploadDir, filename))
+          .toFile(new File(uploadDir, FileUtil.checkFilename(filename)))
         updateAvatarImage(userName, Some(filename))
       }
     }
 
-  protected def uniqueUserName: Constraint = new Constraint(){
+  protected def uniqueUserName: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] =
-      getAccountByUserName(value, true).map { _ => "User already exists." }
+      getAccountByUserNameIgnoreCase(value, true).map { _ =>
+        "User already exists."
+      }
   }
 
-  protected def uniqueMailAddress(paramName: String = ""): Constraint = new Constraint(){
+  protected def uniqueMailAddress(paramName: String = ""): Constraint = new Constraint() {
-    override def validate(name: String, value: String, params: Map[String, Seq[String]], messages: Messages): Option[String] = {
+    override def validate(
-      getAccountByMailAddress(value, true)
+      name: String,
-        .filter { x => if(paramName.isEmpty) true else Some(x.userName) != params.optionValue(paramName) }
+      value: String,
-        .map    { _ => "Mail address is already registered." }
+      params: Map[String, Seq[String]],
+      messages: Messages
+    ): Option[String] = {
+      val extraMailAddresses = params.filterKeys(k => k.startsWith("extraMailAddresses"))
+      if (extraMailAddresses.exists {
+            case (k, v) =>
+              v.contains(value)
+          }) {
+        Some("These mail addresses are duplicated.")
+      } else {
+        getAccountByMailAddress(value, true)
+          .collect {
+            case x if paramName.isEmpty || Some(x.userName) != params.optionValue(paramName) =>
+              "Mail address is already registered."
+          }
+      }
     }
   }
 
-  val allReservedNames = Set("git", "admin", "upload", "api", "assets", "plugin-assets", "signin", "signout", "register", "activities.atom", "sidebar-collapse", "groups", "new")
+  protected def uniqueExtraMailAddress(paramName: String = ""): Constraint = new Constraint() {
-  protected def reservedNames(): Constraint = new Constraint(){
+    override def validate(
-    override def validate(name: String, value: String, messages: Messages): Option[String] = if(allReservedNames.contains(value)){
+      name: String,
-      Some(s"${value} is reserved")
+      value: String,
-    } else {
+      params: Map[String, Seq[String]],
-      None
+      messages: Messages
+    ): Option[String] = {
+      val extraMailAddresses = params.filterKeys(k => k.startsWith("extraMailAddresses"))
+      if (Some(value) == params.optionValue("mailAddress") || extraMailAddresses.count {
+            case (k, v) =>
+              v.contains(value)
+          } > 1) {
+        Some("These mail addresses are duplicated.")
+      } else {
+        getAccountByMailAddress(value, true)
+          .collect {
+            case x if paramName.isEmpty || Some(x.userName) != params.optionValue(paramName) =>
+              "Mail address is already registered."
+          }
+      }
     }
   }
 
+  val allReservedNames = Set(
+    "git",
+    "admin",
+    "upload",
+    "api",
+    "assets",
+    "plugin-assets",
+    "signin",
+    "signout",
+    "register",
+    "activities.atom",
+    "sidebar-collapse",
+    "groups",
+    "new"
+  )
+
+  protected def reservedNames(): Constraint = new Constraint() {
+    override def validate(name: String, value: String, messages: Messages): Option[String] =
+      if (allReservedNames.contains(value.toLowerCase)) {
+        Some(s"${value} is reserved")
+      } else {
+        None
+      }
+  }
+
 }

src/main/scala/gitbucket/core/controller/DashboardController.scala

@@ -6,13 +6,20 @@ import gitbucket.core.util.{Keys, UsersAuthenticator}
 import gitbucket.core.util.Implicits._
 import gitbucket.core.service.IssuesService._
 
-class DashboardController extends DashboardControllerBase
+class DashboardController
-  with IssuesService with PullRequestService with RepositoryService with AccountService with CommitsService
+    extends DashboardControllerBase
-  with LabelsService with PrioritiesService with MilestonesService with UsersAuthenticator
+    with IssuesService
+    with PullRequestService
+    with RepositoryService
+    with AccountService
+    with CommitsService
+    with LabelsService
+    with PrioritiesService
+    with MilestonesService
+    with UsersAuthenticator
 
 trait DashboardControllerBase extends ControllerBase {
-  self: IssuesService with PullRequestService with RepositoryService with AccountService
+  self: IssuesService with PullRequestService with RepositoryService with AccountService with UsersAuthenticator =>
-    with UsersAuthenticator =>
 
   get("/dashboard/issues")(usersOnly {
     searchIssues("created_by")
@@ -59,51 +66,52 @@ trait DashboardControllerBase extends ControllerBase {
   private def searchIssues(filter: String) = {
     import IssuesService._
 
-    val userName  = context.loginAccount.get.userName
+    val userName = context.loginAccount.get.userName
     val condition = getOrCreateCondition(Keys.Session.DashboardIssues, filter, userName)
     val userRepos = getUserRepositories(userName, true).map(repo => repo.owner -> repo.name)
-    val page      = IssueSearchCondition.page(request)
+    val page = IssueSearchCondition.page(request)
 
     html.issues(
       searchIssue(condition, false, (page - 1) * IssueLimit, IssueLimit, userRepos: _*),
       page,
-      countIssue(condition.copy(state = "open"  ), false, userRepos: _*),
+      countIssue(condition.copy(state = "open"), false, userRepos: _*),
       countIssue(condition.copy(state = "closed"), false, userRepos: _*),
       filter match {
-        case "assigned"  => condition.copy(assigned  = Some(Some(userName)))
+        case "assigned"  => condition.copy(assigned = Some(Some(userName)))
         case "mentioned" => condition.copy(mentioned = Some(userName))
-        case _           => condition.copy(author    = Some(userName))
+        case _           => condition.copy(author = Some(userName))
       },
       filter,
       getGroupNames(userName),
       Nil,
-      getUserRepositories(userName, withoutPhysicalInfo = true))
+      getUserRepositories(userName, withoutPhysicalInfo = true)
+    )
   }
 
   private def searchPullRequests(filter: String) = {
     import IssuesService._
     import PullRequestService._
 
-    val userName  = context.loginAccount.get.userName
+    val userName = context.loginAccount.get.userName
     val condition = getOrCreateCondition(Keys.Session.DashboardPulls, filter, userName)
-    val allRepos  = getAllRepositories(userName)
+    val allRepos = getAllRepositories(userName)
-    val page      = IssueSearchCondition.page(request)
+    val page = IssueSearchCondition.page(request)
 
     html.pulls(
       searchIssue(condition, true, (page - 1) * PullRequestLimit, PullRequestLimit, allRepos: _*),
       page,
-      countIssue(condition.copy(state = "open"  ), true, allRepos: _*),
+      countIssue(condition.copy(state = "open"), true, allRepos: _*),
       countIssue(condition.copy(state = "closed"), true, allRepos: _*),
       filter match {
-        case "assigned"  => condition.copy(assigned  = Some(Some(userName)))
+        case "assigned"  => condition.copy(assigned = Some(Some(userName)))
         case "mentioned" => condition.copy(mentioned = Some(userName))
-        case _           => condition.copy(author    = Some(userName))
+        case _           => condition.copy(author = Some(userName))
       },
       filter,
       getGroupNames(userName),
       Nil,
-      getUserRepositories(userName, withoutPhysicalInfo = true))
+      getUserRepositories(userName, withoutPhysicalInfo = true)
+    )
   }
 
-
 }

src/main/scala/gitbucket/core/controller/FileUploadController.scala

@@ -1,7 +1,9 @@
 package gitbucket.core.controller
 
+import java.io.File
+
 import gitbucket.core.model.Account
-import gitbucket.core.service.{AccountService, RepositoryService, ReleaseService}
+import gitbucket.core.service.{AccountService, ReleaseService, RepositoryService}
 import gitbucket.core.servlet.Database
 import gitbucket.core.util._
 import gitbucket.core.util.SyntaxSugars._
@@ -19,95 +21,138 @@ import org.apache.commons.io.{FileUtils, IOUtils}
  *
  * This servlet saves uploaded file.
  */
-class FileUploadController extends ScalatraServlet
+class FileUploadController
-  with FileUploadSupport
+    extends ScalatraServlet
-  with RepositoryService
+    with FileUploadSupport
-  with AccountService
+    with RepositoryService
-  with ReleaseService{
+    with AccountService
+    with ReleaseService {
 
   configureMultipartHandling(MultipartConfig(maxFileSize = Some(FileUtil.MaxFileSize)))
 
-  post("/image"){
+  post("/image") {
-    execute({ (file, fileId) =>
+    execute(
-      FileUtils.writeByteArrayToFile(new java.io.File(getTemporaryDir(session.getId), fileId), file.get)
+      { (file, fileId) =>
-      session += Keys.Session.Upload(fileId) -> file.name
+        FileUtils
-    }, FileUtil.isImage)
+          .writeByteArrayToFile(new File(getTemporaryDir(session.getId), FileUtil.checkFilename(fileId)), file.get)
+        session += Keys.Session.Upload(fileId) -> file.name
+      },
+      FileUtil.isImage
+    )
   }
 
-  post("/tmp"){
+  post("/tmp") {
-    execute({ (file, fileId) =>
+    execute(
-      FileUtils.writeByteArrayToFile(new java.io.File(getTemporaryDir(session.getId), fileId), file.get)
+      { (file, fileId) =>
-      session += Keys.Session.Upload(fileId) -> file.name
+        FileUtils
-    }, _ => true)
+          .writeByteArrayToFile(new File(getTemporaryDir(session.getId), FileUtil.checkFilename(fileId)), file.get)
+        session += Keys.Session.Upload(fileId) -> file.name
+      },
+      _ => true
+    )
   }
 
-  post("/file/:owner/:repository"){
+  post("/file/:owner/:repository") {
-    execute({ (file, fileId) =>
+    execute(
-      FileUtils.writeByteArrayToFile(new java.io.File(
+      { (file, fileId) =>
-        getAttachedDir(params("owner"), params("repository")),
+        FileUtils.writeByteArrayToFile(
-        fileId + "." + FileUtil.getExtension(file.getName)), file.get)
+          new File(
-    }, _ => true)
+            getAttachedDir(params("owner"), params("repository")),
+            FileUtil.checkFilename(fileId + "." + FileUtil.getExtension(file.getName))
+          ),
+          file.get
+        )
+      },
+      _ => true
+    )
   }
 
-  post("/wiki/:owner/:repository"){
+  post("/wiki/:owner/:repository") {
     // Don't accept not logged-in users
-    session.get(Keys.Session.LoginAccount).collect { case loginAccount: Account =>
+    session.get(Keys.Session.LoginAccount).collect {
-      val owner      = params("owner")
+      case loginAccount: Account =>
-      val repository = params("repository")
+        val owner = params("owner")
+        val repository = params("repository")
 
-      // Check whether logged-in user is collaborator
+        // Check whether logged-in user is collaborator
-      onlyWikiEditable(owner, repository, loginAccount){
+        onlyWikiEditable(owner, repository, loginAccount) {
-        execute({ (file, fileId) =>
+          execute(
-          val fileName = file.getName
+            { (file, fileId) =>
-          LockUtil.lock(s"${owner}/${repository}/wiki") {
+              val fileName = file.getName
-            using(Git.open(Directory.getWikiRepositoryDir(owner, repository))) { git =>
+              LockUtil.lock(s"${owner}/${repository}/wiki") {
-              val builder  = DirCache.newInCore.builder()
+                using(Git.open(Directory.getWikiRepositoryDir(owner, repository))) {
-              val inserter = git.getRepository.newObjectInserter()
+                  git =>
-              val headId   = git.getRepository.resolve(Constants.HEAD + "^{commit}")
+                    val builder = DirCache.newInCore.builder()
+                    val inserter = git.getRepository.newObjectInserter()
+                    val headId = git.getRepository.resolve(Constants.HEAD + "^{commit}")
 
-              if(headId != null){
+                    if (headId != null) {
-                JGitUtil.processTree(git, headId){ (path, tree) =>
+                      JGitUtil.processTree(git, headId) { (path, tree) =>
-                  if(path != fileName){
+                        if (path != fileName) {
-                    builder.add(JGitUtil.createDirCacheEntry(path, tree.getEntryFileMode, tree.getEntryObjectId))
+                          builder.add(JGitUtil.createDirCacheEntry(path, tree.getEntryFileMode, tree.getEntryObjectId))
-                  }
+                        }
+                      }
+                    }
+
+                    val bytes = IOUtils.toByteArray(file.getInputStream)
+                    builder.add(
+                      JGitUtil.createDirCacheEntry(
+                        fileName,
+                        FileMode.REGULAR_FILE,
+                        inserter.insert(Constants.OBJ_BLOB, bytes)
+                      )
+                    )
+                    builder.finish()
+
+                    val newHeadId = JGitUtil.createNewCommit(
+                      git,
+                      inserter,
+                      headId,
+                      builder.getDirCache.writeTree(inserter),
+                      Constants.HEAD,
+                      loginAccount.fullName,
+                      loginAccount.mailAddress,
+                      s"Uploaded ${fileName}"
+                    )
+
+                    fileName
                 }
               }
-
+            },
-              val bytes = IOUtils.toByteArray(file.getInputStream)
+            _ => true
-              builder.add(JGitUtil.createDirCacheEntry(fileName, FileMode.REGULAR_FILE, inserter.insert(Constants.OBJ_BLOB, bytes)))
+          )
-              builder.finish()
+        }
-
-              val newHeadId = JGitUtil.createNewCommit(git, inserter, headId, builder.getDirCache.writeTree(inserter),
-                Constants.HEAD, loginAccount.fullName, loginAccount.mailAddress, s"Uploaded ${fileName}")
-
-              fileName
-            }
-          }
-        }, _ => true)
-      }
     } getOrElse BadRequest()
   }
 
-  post("/release/:owner/:repository/:tag"){
+  post("/release/:owner/:repository/:tag") {
-    session.get(Keys.Session.LoginAccount).collect { case _: Account =>
+    session
-      val owner = params("owner")
+      .get(Keys.Session.LoginAccount)
-      val repository = params("repository")
+      .collect {
-      val tag = params("tag")
+        case _: Account =>
-      execute({ (file, fileId) =>
+          val owner = params("owner")
-        FileUtils.writeByteArrayToFile(
+          val repository = params("repository")
-          new java.io.File(getReleaseFilesDir(owner, repository), tag + "/" + fileId),
+          val tag = params("tag")
-          file.get
+          execute(
-        )
+            { (file, fileId) =>
-      }, _ => true)
+              FileUtils.writeByteArrayToFile(
-    }.getOrElse(BadRequest())
+                new File(getReleaseFilesDir(owner, repository), FileUtil.checkFilename(tag + "/" + fileId)),
+                file.get
+              )
+            },
+            _ => true
+          )
+      }
+      .getOrElse(BadRequest())
   }
 
   post("/import") {
     import JDBCUtil._
-    session.get(Keys.Session.LoginAccount).collect { case loginAccount: Account if loginAccount.isAdmin =>
+    session.get(Keys.Session.LoginAccount).collect {
-      execute({ (file, fileId) =>
+      case loginAccount: Account if loginAccount.isAdmin =>
-        request2Session(request).conn.importAsSQL(file.getInputStream)
+        execute({ (file, fileId) =>
-      }, _ => true)
+          request2Session(request).conn.importAsSQL(file.getInputStream)
+        }, _ => true)
     }
     redirect("/admin/data")
   }
@@ -115,24 +160,26 @@ class FileUploadController extends ScalatraServlet
   private def onlyWikiEditable(owner: String, repository: String, loginAccount: Account)(action: => Any): Any = {
     implicit val session = Database.getSession(request)
     getRepository(owner, repository) match {
-      case Some(x) => x.repository.options.wikiOption match {
+      case Some(x) =>
-        case "ALL"     if !x.repository.isPrivate => action
+        x.repository.options.wikiOption match {
-        case "PUBLIC"  if hasGuestRole(owner, repository, Some(loginAccount)) => action
+          case "ALL" if !x.repository.isPrivate                                     => action
-        case "PRIVATE" if hasDeveloperRole(owner, repository, Some(loginAccount)) => action
+          case "PUBLIC" if hasGuestRole(owner, repository, Some(loginAccount))      => action
-        case _  => BadRequest()
+          case "PRIVATE" if hasDeveloperRole(owner, repository, Some(loginAccount)) => action
-      }
+          case _                                                                    => BadRequest()
+        }
       case None => BadRequest()
     }
   }
 
-  private def execute(f: (FileItem, String) => Unit , mimeTypeChcker: (String) => Boolean) = fileParams.get("file") match {
+  private def execute(f: (FileItem, String) => Unit, mimeTypeChcker: (String) => Boolean) =
-    case Some(file) if(mimeTypeChcker(file.name)) =>
+    fileParams.get("file") match {
-      defining(FileUtil.generateFileId){ fileId =>
+      case Some(file) if (mimeTypeChcker(file.name)) =>
-        f(file, fileId)
+        defining(FileUtil.generateFileId) { fileId =>
-        contentType = "text/plain"
+          f(file, fileId)
-        Ok(fileId)
+          contentType = "text/plain"
-      }
+          Ok(fileId)
-    case _ => BadRequest()
+        }
-  }
+      case _ => BadRequest()
+    }
 
 }

src/main/scala/gitbucket/core/controller/IndexController.scala

@@ -9,26 +9,25 @@ import gitbucket.core.model.Account
 import gitbucket.core.service._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.SyntaxSugars._
-import gitbucket.core.util.{Keys, LDAPUtil, ReferrerAuthenticator, UsersAuthenticator}
+import gitbucket.core.util._
 import org.scalatra.Ok
 import org.scalatra.forms._
 
-
+class IndexController
-class IndexController extends IndexControllerBase
+    extends IndexControllerBase
-  with RepositoryService
+    with RepositoryService
-  with ActivityService
+    with ActivityService
-  with AccountService
+    with AccountService
-  with RepositorySearchService
+    with RepositorySearchService
-  with IssuesService
+    with IssuesService
-  with LabelsService
+    with LabelsService
-  with MilestonesService
+    with MilestonesService
-  with PrioritiesService
+    with PrioritiesService
-  with UsersAuthenticator
+    with UsersAuthenticator
-  with ReferrerAuthenticator
+    with ReferrerAuthenticator
-  with AccessTokenService
+    with AccessTokenService
-  with AccountFederationService
+    with AccountFederationService
-  with OpenIDConnectService
+    with OpenIDConnectService
-
 
 trait IndexControllerBase extends ControllerBase {
   self: RepositoryService
@@ -59,37 +58,43 @@ trait IndexControllerBase extends ControllerBase {
 
   case class OidcContext(state: State, nonce: Nonce, redirectBackURI: String)
 
-  get("/"){
+  get("/") {
-    context.loginAccount.map { account =>
+    context.loginAccount
-      val visibleOwnerSet: Set[String] = Set(account.userName) ++ getGroupsByUserName(account.userName)
+      .map { account =>
-      gitbucket.core.html.index(
+        val visibleOwnerSet: Set[String] = Set(account.userName) ++ getGroupsByUserName(account.userName)
-        getRecentActivitiesByOwners(visibleOwnerSet),
+        gitbucket.core.html.index(
-        Nil,
+          getRecentActivitiesByOwners(visibleOwnerSet),
-        getUserRepositories(account.userName, withoutPhysicalInfo = true),
+          Nil,
-        showBannerToCreatePersonalAccessToken = hasAccountFederation(account.userName) && !hasAccessToken(account.userName))
+          getUserRepositories(account.userName, withoutPhysicalInfo = true),
-    }.getOrElse {
+          showBannerToCreatePersonalAccessToken = hasAccountFederation(account.userName) && !hasAccessToken(
-      gitbucket.core.html.index(
+            account.userName
-        getRecentActivities(),
+          )
-        getVisibleRepositories(None, withoutPhysicalInfo = true),
+        )
-        Nil,
+      }
-        showBannerToCreatePersonalAccessToken = false)
+      .getOrElse {
-    }
+        gitbucket.core.html.index(
+          getRecentActivities(),
+          getVisibleRepositories(None, withoutPhysicalInfo = true),
+          Nil,
+          showBannerToCreatePersonalAccessToken = false
+        )
+      }
   }
 
-  get("/signin"){
+  get("/signin") {
     val redirect = params.get("redirect")
-    if(redirect.isDefined && redirect.get.startsWith("/")){
+    if (redirect.isDefined && redirect.get.startsWith("/")) {
       flash += Keys.Flash.Redirect -> redirect.get
     }
     gitbucket.core.html.signin(flash.get("userName"), flash.get("password"), flash.get("error"))
   }
 
-  post("/signin", signinForm){ form =>
+  post("/signin", signinForm) { form =>
     authenticate(context.settings, form.userName, form.password) match {
       case Some(account) =>
         flash.get(Keys.Flash.Redirect) match {
           case Some(redirectUrl: String) => signin(account, redirectUrl + form.hash.getOrElse(""))
-          case _ => signin(account)
+          case _                         => signin(account)
         }
       case None =>
         flash += "userName" -> form.userName
@@ -100,17 +105,20 @@ trait IndexControllerBase extends ControllerBase {
   }
 
   /**
-    * Initiate an OpenID Connect authentication request.
+   * Initiate an OpenID Connect authentication request.
-    */
+   */
   post("/signin/oidc") {
     context.settings.oidc.map { oidc =>
       val redirectURI = new URI(s"$baseUrl/signin/oidc")
       val authenticationRequest = createOIDCAuthenticationRequest(oidc.issuer, oidc.clientID, redirectURI)
       val redirectBackURI = flash.get(Keys.Flash.Redirect) match {
         case Some(redirectBackURI: String) => redirectBackURI + params.getOrElse("hash", "")
-        case _ => "/"
+        case _                             => "/"
       }
-      session.setAttribute(Keys.Session.OidcContext, OidcContext(authenticationRequest.getState, authenticationRequest.getNonce, redirectBackURI))
+      session.setAttribute(
+        Keys.Session.OidcContext,
+        OidcContext(authenticationRequest.getState, authenticationRequest.getNonce, redirectBackURI)
+      )
       redirect(authenticationRequest.toURI.toString)
     } getOrElse {
       NotFound()
@@ -118,8 +126,8 @@ trait IndexControllerBase extends ControllerBase {
   }
 
   /**
-    * Handle an OpenID Connect authentication response.
+   * Handle an OpenID Connect authentication response.
-    */
+   */
   get("/signin/oidc") {
     context.settings.oidc.map { oidc =>
       val redirectURI = new URI(s"$baseUrl/signin/oidc")
@@ -142,33 +150,33 @@ trait IndexControllerBase extends ControllerBase {
     }
   }
 
-  get("/signout"){
+  get("/signout") {
     session.invalidate
     redirect("/")
   }
 
-  get("/activities.atom"){
+  get("/activities.atom") {
     contentType = "application/atom+xml; type=feed"
     xml.feed(getRecentActivities())
   }
 
-  post("/sidebar-collapse"){
+  post("/sidebar-collapse") {
-    if(params("collapse") == "true"){
+    if (params("collapse") == "true") {
       session.setAttribute("sidebar-collapse", "true")
-    }  else {
+    } else {
       session.setAttribute("sidebar-collapse", null)
     }
     Ok()
   }
 
   /**
-    * Set account information into HttpSession and redirect.
+   * Set account information into HttpSession and redirect.
-    */
+   */
   private def signin(account: Account, redirectUrl: String = "/") = {
     session.setAttribute(Keys.Session.LoginAccount, account)
     updateLastLoginDate(account.userName)
 
-    if(LDAPUtil.isDummyMailAddress(account)) {
+    if (LDAPUtil.isDummyMailAddress(account)) {
       redirect("/" + account.userName + "/_edit")
     }
 
@@ -184,23 +192,28 @@ trait IndexControllerBase extends ControllerBase {
    */
   get("/_user/proposals")(usersOnly {
     contentType = formats("json")
-    val user  = params("user").toBoolean
+    val user = params("user").toBoolean
     val group = params("group").toBoolean
     org.json4s.jackson.Serialization.write(
-      Map("options" -> (
+      Map(
-        getAllUsers(false)
+        "options" -> (
-          .withFilter { t => (user, group) match {
+          getAllUsers(false)
-            case (true, true) => true
+            .withFilter { t =>
-            case (true, false) => !t.isGroupAccount
+              (user, group) match {
-            case (false, true) => t.isGroupAccount
+                case (true, true)   => true
-            case (false, false) => false
+                case (true, false)  => !t.isGroupAccount
-          }}.map { t =>
+                case (false, true)  => t.isGroupAccount
-            Map(
+                case (false, false) => false
-              "label" -> s"<b>@${t.userName}</b> ${t.fullName}",
+              }
-              "value" -> t.userName
+            }
-            )
+            .map { t =>
-          }
+              Map(
-      ))
+                "label" -> s"<b>@${StringUtil.escapeHtml(t.userName)}</b> ${StringUtil.escapeHtml(t.fullName)}",
+                "value" -> t.userName
+              )
+            }
+        )
+      )
     )
   })
 
@@ -209,48 +222,69 @@ trait IndexControllerBase extends ControllerBase {
    * Returns a single string which is any of "group", "user" or "".
    */
   post("/_user/existence")(usersOnly {
-    getAccountByUserName(params("userName")).map { account =>
+    getAccountByUserNameIgnoreCase(params("userName")).map { account =>
-      if(account.isGroupAccount) "group" else "user"
+      if (account.isGroupAccount) "group" else "user"
     } getOrElse ""
   })
 
   // TODO Move to RepositoryViwerController?
   get("/:owner/:repository/search")(referrersOnly { repository =>
-    defining(params.getOrElse("q", "").trim, params.getOrElse("type", "code")){ case (query, target) =>
+    defining(params.getOrElse("q", "").trim, params.getOrElse("type", "code")) {
-      val page = try {
+      case (query, target) =>
-        val i = params.getOrElse("page", "1").toInt
+        val page = try {
-        if(i <= 0) 1 else i
+          val i = params.getOrElse("page", "1").toInt
-      } catch {
+          if (i <= 0) 1 else i
-        case e: NumberFormatException => 1
+        } catch {
-      }
+          case e: NumberFormatException => 1
+        }
 
-      target.toLowerCase match {
+        target.toLowerCase match {
-        case "issue" => gitbucket.core.search.html.issues(
+          case "issue" =>
-          if(query.nonEmpty) searchIssues(repository.owner, repository.name, query) else Nil,
+            gitbucket.core.search.html.issues(
-          query, page, repository)
+              if (query.nonEmpty) searchIssues(repository.owner, repository.name, query) else Nil,
+              query,
+              page,
+              repository
+            )
 
-        case "wiki" => gitbucket.core.search.html.wiki(
+          case "wiki" =>
-          if(query.nonEmpty) searchWikiPages(repository.owner, repository.name, query) else Nil,
+            gitbucket.core.search.html.wiki(
-          query, page, repository)
+              if (query.nonEmpty) searchWikiPages(repository.owner, repository.name, query) else Nil,
+              query,
+              page,
+              repository
+            )
 
-        case _ => gitbucket.core.search.html.code(
+          case _ =>
-          if(query.nonEmpty) searchFiles(repository.owner, repository.name, query) else Nil,
+            gitbucket.core.search.html.code(
-          query, page, repository)
+              if (query.nonEmpty) searchFiles(repository.owner, repository.name, query) else Nil,
-      }
+              query,
+              page,
+              repository
+            )
+        }
     }
   })
 
-  get("/search"){
+  get("/search") {
     val query = params.getOrElse("query", "").trim.toLowerCase
-    val visibleRepositories = getVisibleRepositories(context.loginAccount, repositoryUserName = None, withoutPhysicalInfo = true)
+    val visibleRepositories =
+      getVisibleRepositories(context.loginAccount, repositoryUserName = None, withoutPhysicalInfo = true)
     val repositories = visibleRepositories.filter { repository =>
       repository.name.toLowerCase.indexOf(query) >= 0 || repository.owner.toLowerCase.indexOf(query) >= 0
     }
-    context.loginAccount.map { account =>
+    context.loginAccount
-      gitbucket.core.search.html.repositories(query, repositories, Nil, getUserRepositories(account.userName, withoutPhysicalInfo = true))
+      .map { account =>
-    }.getOrElse {
+        gitbucket.core.search.html.repositories(
-      gitbucket.core.search.html.repositories(query, repositories, visibleRepositories, Nil)
+          query,
-    }
+          repositories,
+          Nil,
+          getUserRepositories(account.userName, withoutPhysicalInfo = true)
+        )
+      }
+      .getOrElse {
+        gitbucket.core.search.html.repositories(query, repositories, visibleRepositories, Nil)
+      }
   }
 
 }

src/main/scala/gitbucket/core/controller/IssuesController.scala

@@ -11,23 +11,23 @@ import gitbucket.core.view.Markdown
 import org.scalatra.forms._
 import org.scalatra.{BadRequest, Ok}
 
-
+class IssuesController
-class IssuesController extends IssuesControllerBase
+    extends IssuesControllerBase
-  with IssuesService
+    with IssuesService
-  with RepositoryService
+    with RepositoryService
-  with AccountService
+    with AccountService
-  with LabelsService
+    with LabelsService
-  with MilestonesService
+    with MilestonesService
-  with ActivityService
+    with ActivityService
-  with HandleCommentService
+    with HandleCommentService
-  with IssueCreationService
+    with IssueCreationService
-  with ReadableUsersAuthenticator
+    with ReadableUsersAuthenticator
-  with ReferrerAuthenticator
+    with ReferrerAuthenticator
-  with WritableUsersAuthenticator
+    with WritableUsersAuthenticator
-  with PullRequestService
+    with PullRequestService
-  with WebHookIssueCommentService
+    with WebHookIssueCommentService
-  with CommitsService
+    with CommitsService
-  with PrioritiesService
+    with PrioritiesService
 
 trait IssuesControllerBase extends ControllerBase {
   self: IssuesService
@@ -45,40 +45,46 @@ trait IssuesControllerBase extends ControllerBase {
     with WebHookIssueCommentService
     with PrioritiesService =>
 
-  case class IssueCreateForm(title: String, content: Option[String],
+  case class IssueCreateForm(
-    assignedUserName: Option[String], milestoneId: Option[Int], priorityId: Option[Int], labelNames: Option[String])
+    title: String,
+    content: Option[String],
+    assignedUserName: Option[String],
+    milestoneId: Option[Int],
+    priorityId: Option[Int],
+    labelNames: Option[String]
+  )
   case class CommentForm(issueId: Int, content: String)
   case class IssueStateForm(issueId: Int, content: Option[String])
 
   val issueCreateForm = mapping(
-      "title"            -> trim(label("Title", text(required))),
+    "title" -> trim(label("Title", text(required))),
-      "content"          -> trim(optional(text())),
+    "content" -> trim(optional(text())),
-      "assignedUserName" -> trim(optional(text())),
+    "assignedUserName" -> trim(optional(text())),
-      "milestoneId"      -> trim(optional(number())),
+    "milestoneId" -> trim(optional(number())),
-      "priorityId"       -> trim(optional(number())),
+    "priorityId" -> trim(optional(number())),
-      "labelNames"       -> trim(optional(text()))
+    "labelNames" -> trim(optional(text()))
-    )(IssueCreateForm.apply)
+  )(IssueCreateForm.apply)
 
   val issueTitleEditForm = mapping(
     "title" -> trim(label("Title", text(required)))
-    )(x => x)
+  )(x => x)
   val issueEditForm = mapping(
     "content" -> trim(optional(text()))
-    )(x => x)
+  )(x => x)
 
   val commentForm = mapping(
-      "issueId" -> label("Issue Id", number()),
+    "issueId" -> label("Issue Id", number()),
-      "content" -> trim(label("Comment", text(required)))
+    "content" -> trim(label("Comment", text(required)))
-    )(CommentForm.apply)
+  )(CommentForm.apply)
 
   val issueStateForm = mapping(
-      "issueId" -> label("Issue Id", number()),
+    "issueId" -> label("Issue Id", number()),
-      "content" -> trim(optional(text()))
+    "content" -> trim(optional(text()))
-    )(IssueStateForm.apply)
+  )(IssueStateForm.apply)
 
   get("/:owner/:repository/issues")(referrersOnly { repository =>
     val q = request.getParameter("q")
-    if(Option(q).exists(_.contains("is:pr"))){
+    if (Option(q).exists(_.contains("is:pr"))) {
       redirect(s"/${repository.owner}/${repository.name}/pulls?q=${StringUtil.urlEncode(q)}")
     } else {
       searchIssues(repository)
@@ -86,45 +92,50 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/issues/:id")(referrersOnly { repository =>
-    defining(repository.owner, repository.name, params("id")){ case (owner, name, issueId) =>
+    defining(repository.owner, repository.name, params("id")) {
-      getIssue(owner, name, issueId) map { issue =>
+      case (owner, name, issueId) =>
-        if(issue.isPullRequest){
+        getIssue(owner, name, issueId) map {
-          redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
+          issue =>
-        } else {
+            if (issue.isPullRequest) {
-          html.issue(
+              redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
-            issue,
+            } else {
-            getComments(owner, name, issueId.toInt),
+              html.issue(
-            getIssueLabels(owner, name, issueId.toInt),
+                issue,
-            getAssignableUserNames(owner, name),
+                getComments(owner, name, issueId.toInt),
-            getMilestonesWithIssueCount(owner, name),
+                getIssueLabels(owner, name, issueId.toInt),
-            getPriorities(owner, name),
+                getAssignableUserNames(owner, name),
-            getLabels(owner, name),
+                getMilestonesWithIssueCount(owner, name),
-            isIssueEditable(repository),
+                getPriorities(owner, name),
-            isIssueManageable(repository),
+                getLabels(owner, name),
-            repository)
+                isIssueEditable(repository),
-        }
+                isIssueManageable(repository),
-      } getOrElse NotFound()
+                repository
+              )
+            }
+        } getOrElse NotFound()
     }
   })
 
   get("/:owner/:repository/issues/new")(readableUsersOnly { repository =>
-    if(isIssueEditable(repository)){ // TODO Should this check is provided by authenticator?
+    if (isIssueEditable(repository)) { // TODO Should this check is provided by authenticator?
-      defining(repository.owner, repository.name){ case (owner, name) =>
+      defining(repository.owner, repository.name) {
-        html.create(
+        case (owner, name) =>
-          getAssignableUserNames(owner, name),
+          html.create(
-          getMilestones(owner, name),
+            getAssignableUserNames(owner, name),
-          getPriorities(owner, name),
+            getMilestones(owner, name),
-          getDefaultPriority(owner, name),
+            getPriorities(owner, name),
-          getLabels(owner, name),
+            getDefaultPriority(owner, name),
-          isIssueManageable(repository),
+            getLabels(owner, name),
-          getContentTemplate(repository, "ISSUE_TEMPLATE"),
+            isIssueManageable(repository),
-          repository)
+            getContentTemplate(repository, "ISSUE_TEMPLATE"),
+            repository
+          )
       }
     } else Unauthorized()
   })
 
   post("/:owner/:repository/issues/new", issueCreateForm)(readableUsersOnly { (form, repository) =>
-    if(isIssueEditable(repository)){ // TODO Should this check is provided by authenticator?
+    if (isIssueEditable(repository)) { // TODO Should this check is provided by authenticator?
       val issue = createIssue(
         repository,
         form.title,
@@ -133,133 +144,156 @@ trait IssuesControllerBase extends ControllerBase {
         form.milestoneId,
         form.priorityId,
         form.labelNames.toArray.flatMap(_.split(",")),
-        context.loginAccount.get)
+        context.loginAccount.get
+      )
 
       redirect(s"/${issue.userName}/${issue.repositoryName}/issues/${issue.issueId}")
     } else Unauthorized()
   })
 
   ajaxPost("/:owner/:repository/issues/edit_title/:id", issueTitleEditForm)(readableUsersOnly { (title, repository) =>
-    defining(repository.owner, repository.name){ case (owner, name) =>
+    defining(repository.owner, repository.name) {
-      getIssue(owner, name, params("id")).map { issue =>
+      case (owner, name) =>
-        if(isEditableContent(owner, name, issue.openedUserName)){
+        getIssue(owner, name, params("id")).map {
-          // update issue
+          issue =>
-          updateIssue(owner, name, issue.issueId, title, issue.content)
+            if (isEditableContent(owner, name, issue.openedUserName)) {
-          // extract references and create refer comment
+              if (issue.title != title) {
-          createReferComment(owner, name, issue.copy(title = title), title, context.loginAccount.get)
+                // update issue
-
+                updateIssue(owner, name, issue.issueId, title, issue.content)
-          redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
+                // extract references and create refer comment
-        } else Unauthorized()
+                createReferComment(owner, name, issue.copy(title = title), title, context.loginAccount.get)
-      } getOrElse NotFound()
+                createComment(
+                  owner,
+                  name,
+                  context.loginAccount.get.userName,
+                  issue.issueId,
+                  issue.title + "\r\n" + title,
+                  "change_title"
+                )
+              }
+              redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
+            } else Unauthorized()
+        } getOrElse NotFound()
     }
   })
 
   ajaxPost("/:owner/:repository/issues/edit/:id", issueEditForm)(readableUsersOnly { (content, repository) =>
-    defining(repository.owner, repository.name){ case (owner, name) =>
+    defining(repository.owner, repository.name) {
-      getIssue(owner, name, params("id")).map { issue =>
+      case (owner, name) =>
-        if(isEditableContent(owner, name, issue.openedUserName)){
+        getIssue(owner, name, params("id")).map { issue =>
-          // update issue
+          if (isEditableContent(owner, name, issue.openedUserName)) {
-          updateIssue(owner, name, issue.issueId, issue.title, content)
+            // update issue
-          // extract references and create refer comment
+            updateIssue(owner, name, issue.issueId, issue.title, content)
-          createReferComment(owner, name, issue, content.getOrElse(""), context.loginAccount.get)
+            // extract references and create refer comment
+            createReferComment(owner, name, issue, content.getOrElse(""), context.loginAccount.get)
 
-          redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
+            redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
-        } else Unauthorized()
+          } else Unauthorized()
-      } getOrElse NotFound()
+        } getOrElse NotFound()
     }
   })
 
   post("/:owner/:repository/issue_comments/new", commentForm)(readableUsersOnly { (form, repository) =>
     getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
-      val actionOpt = params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
+      val actionOpt =
-      handleComment(issue, Some(form.content), repository, actionOpt) map { case (issue, id) =>
+        params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
-        redirect(s"/${repository.owner}/${repository.name}/${
+      handleComment(issue, Some(form.content), repository, actionOpt) map {
-          if(issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}")
+        case (issue, id) =>
+          redirect(
+            s"/${repository.owner}/${repository.name}/${if (issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}"
+          )
       }
     } getOrElse NotFound()
   })
 
   post("/:owner/:repository/issue_comments/state", issueStateForm)(readableUsersOnly { (form, repository) =>
     getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
-      val actionOpt = params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
+      val actionOpt =
-      handleComment(issue, form.content, repository, actionOpt) map { case (issue, id) =>
+        params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
-        redirect(s"/${repository.owner}/${repository.name}/${
+      handleComment(issue, form.content, repository, actionOpt) map {
-          if(issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}")
+        case (issue, id) =>
+          redirect(
+            s"/${repository.owner}/${repository.name}/${if (issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}"
+          )
       }
     } getOrElse NotFound()
   })
 
   ajaxPost("/:owner/:repository/issue_comments/edit/:id", commentForm)(readableUsersOnly { (form, repository) =>
-    defining(repository.owner, repository.name){ case (owner, name) =>
+    defining(repository.owner, repository.name) {
-      getComment(owner, name, params("id")).map { comment =>
+      case (owner, name) =>
-        if(isEditableContent(owner, name, comment.commentedUserName)){
+        getComment(owner, name, params("id")).map { comment =>
-          updateComment(comment.issueId, comment.commentId, form.content)
+          if (isEditableContent(owner, name, comment.commentedUserName)) {
-          redirect(s"/${owner}/${name}/issue_comments/_data/${comment.commentId}")
+            updateComment(comment.issueId, comment.commentId, form.content)
-        } else Unauthorized()
+            redirect(s"/${owner}/${name}/issue_comments/_data/${comment.commentId}")
-      } getOrElse NotFound()
+          } else Unauthorized()
+        } getOrElse NotFound()
     }
   })
 
   ajaxPost("/:owner/:repository/issue_comments/delete/:id")(readableUsersOnly { repository =>
-    defining(repository.owner, repository.name){ case (owner, name) =>
+    defining(repository.owner, repository.name) {
-      getComment(owner, name, params("id")).map { comment =>
+      case (owner, name) =>
-        if(isEditableContent(owner, name, comment.commentedUserName)){
+        getComment(owner, name, params("id")).map { comment =>
-          Ok(deleteComment(comment.issueId, comment.commentId))
+          if (isEditableContent(owner, name, comment.commentedUserName)) {
-        } else Unauthorized()
+            Ok(deleteComment(comment.issueId, comment.commentId))
-      } getOrElse NotFound()
+          } else Unauthorized()
+        } getOrElse NotFound()
     }
   })
 
   ajaxGet("/:owner/:repository/issues/_data/:id")(readableUsersOnly { repository =>
-    getIssue(repository.owner, repository.name, params("id")) map { x =>
+    getIssue(repository.owner, repository.name, params("id")) map {
-      if(isEditableContent(x.userName, x.repositoryName, x.openedUserName)){
+      x =>
-        params.get("dataType") collect {
+        if (isEditableContent(x.userName, x.repositoryName, x.openedUserName)) {
-          case t if t == "html" => html.editissue(x.content, x.issueId, repository)
+          params.get("dataType") collect {
-        } getOrElse {
+            case t if t == "html" => html.editissue(x.content, x.issueId, repository)
-          contentType = formats("json")
+          } getOrElse {
-          org.json4s.jackson.Serialization.write(
+            contentType = formats("json")
-            Map(
+            org.json4s.jackson.Serialization.write(
-              "title"   -> x.title,
+              Map(
-              "content" -> Markdown.toHtml(
+                "title" -> x.title,
-                markdown = x.content getOrElse "No description given.",
+                "content" -> Markdown.toHtml(
-                repository = repository,
+                  markdown = x.content getOrElse "No description given.",
-                enableWikiLink = false,
+                  repository = repository,
-                enableRefsLink = true,
+                  enableWikiLink = false,
-                enableAnchor = true,
+                  enableRefsLink = true,
-                enableLineBreaks = true,
+                  enableAnchor = true,
-                enableTaskList = true,
+                  enableLineBreaks = true,
-                hasWritePermission = true
+                  enableTaskList = true,
+                  hasWritePermission = true
+                )
               )
             )
-          )
+          }
-        }
+        } else Unauthorized()
-      } else Unauthorized()
     } getOrElse NotFound()
   })
 
   ajaxGet("/:owner/:repository/issue_comments/_data/:id")(readableUsersOnly { repository =>
-    getComment(repository.owner, repository.name, params("id")) map { x =>
+    getComment(repository.owner, repository.name, params("id")) map {
-      if(isEditableContent(x.userName, x.repositoryName, x.commentedUserName)){
+      x =>
-        params.get("dataType") collect {
+        if (isEditableContent(x.userName, x.repositoryName, x.commentedUserName)) {
-          case t if t == "html" => html.editcomment(x.content, x.commentId, repository)
+          params.get("dataType") collect {
-        } getOrElse {
+            case t if t == "html" => html.editcomment(x.content, x.commentId, repository)
-          contentType = formats("json")
+          } getOrElse {
-          org.json4s.jackson.Serialization.write(
+            contentType = formats("json")
-            Map(
+            org.json4s.jackson.Serialization.write(
-              "content" -> view.Markdown.toHtml(
+              Map(
-                markdown = x.content,
+                "content" -> view.Markdown.toHtml(
-                repository = repository,
+                  markdown = x.content,
-                enableWikiLink = false,
+                  repository = repository,
-                enableRefsLink = true,
+                  enableWikiLink = false,
-                enableAnchor = true,
+                  enableRefsLink = true,
-                enableLineBreaks = true,
+                  enableAnchor = true,
-                enableTaskList = true,
+                  enableLineBreaks = true,
-                hasWritePermission = true
+                  enableTaskList = true,
+                  hasWritePermission = true
+                )
               )
             )
-          )
+          }
-        }
+        } else Unauthorized()
-      } else Unauthorized()
     } getOrElse NotFound()
   })
 
@@ -270,21 +304,27 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   ajaxPost("/:owner/:repository/issues/:id/label/new")(writableUsersOnly { repository =>
-    defining(params("id").toInt){ issueId =>
+    defining(params("id").toInt) { issueId =>
       registerIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt, true)
       html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
     }
   })
 
   ajaxPost("/:owner/:repository/issues/:id/label/delete")(writableUsersOnly { repository =>
-    defining(params("id").toInt){ issueId =>
+    defining(params("id").toInt) { issueId =>
       deleteIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt, true)
       html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
     }
   })
 
   ajaxPost("/:owner/:repository/issues/:id/assign")(writableUsersOnly { repository =>
-    updateAssignedUserName(repository.owner, repository.name, params("id").toInt, assignedUserName("assignedUserName"), true)
+    updateAssignedUserName(
+      repository.owner,
+      repository.name,
+      params("id").toInt,
+      assignedUserName("assignedUserName"),
+      true
+    )
     Ok("updated")
   })
 
@@ -292,9 +332,11 @@ trait IssuesControllerBase extends ControllerBase {
     updateMilestoneId(repository.owner, repository.name, params("id").toInt, milestoneId("milestoneId"), true)
     milestoneId("milestoneId").map { milestoneId =>
       getMilestonesWithIssueCount(repository.owner, repository.name)
-          .find(_._1.milestoneId == milestoneId).map { case (_, openCount, closeCount) =>
+        .find(_._1.milestoneId == milestoneId)
-        gitbucket.core.issues.milestones.html.progress(openCount + closeCount, closeCount)
+        .map {
-      } getOrElse NotFound()
+          case (_, openCount, closeCount) =>
+            gitbucket.core.issues.milestones.html.progress(openCount + closeCount, closeCount)
+        } getOrElse NotFound()
     } getOrElse Ok()
   })
 
@@ -305,25 +347,28 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/issues/batchedit/state")(writableUsersOnly { repository =>
-    defining(params.get("value")){ action =>
+    defining(params.get("value")) {
-      action match {
+      action =>
-        case Some("open")  => executeBatch(repository) { issueId =>
+        action match {
-          getIssue(repository.owner, repository.name, issueId.toString).foreach { issue =>
+          case Some("open") =>
-            handleComment(issue, None, repository, Some("reopen"))
+            executeBatch(repository) { issueId =>
-          }
+              getIssue(repository.owner, repository.name, issueId.toString).foreach { issue =>
+                handleComment(issue, None, repository, Some("reopen"))
+              }
+            }
+          case Some("close") =>
+            executeBatch(repository) { issueId =>
+              getIssue(repository.owner, repository.name, issueId.toString).foreach { issue =>
+                handleComment(issue, None, repository, Some("close"))
+              }
+            }
+          case _ => BadRequest()
         }
-        case Some("close") => executeBatch(repository) { issueId =>
-          getIssue(repository.owner, repository.name, issueId.toString).foreach { issue =>
-            handleComment(issue, None, repository, Some("close"))
-          }
-        }
-        case _ => BadRequest()
-      }
     }
   })
 
   post("/:owner/:repository/issues/batchedit/label")(writableUsersOnly { repository =>
-    params("value").toIntOpt.map{ labelId =>
+    params("value").toIntOpt.map { labelId =>
       executeBatch(repository) { issueId =>
         getIssueLabel(repository.owner, repository.name, issueId, labelId) getOrElse {
           registerIssueLabel(repository.owner, repository.name, issueId, labelId, true)
@@ -333,7 +378,7 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/issues/batchedit/assign")(writableUsersOnly { repository =>
-    defining(assignedUserName("value")){ value =>
+    defining(assignedUserName("value")) { value =>
       executeBatch(repository) {
         updateAssignedUserName(repository.owner, repository.name, _, value, true)
       }
@@ -341,7 +386,7 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/issues/batchedit/milestone")(writableUsersOnly { repository =>
-    defining(milestoneId("value")){ value =>
+    defining(milestoneId("value")) { value =>
       executeBatch(repository) {
         updateMilestoneId(repository.owner, repository.name, _, value, true)
       }
@@ -349,7 +394,7 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/issues/batchedit/priority")(writableUsersOnly { repository =>
-    defining(priorityId("value")){ value =>
+    defining(priorityId("value")) { value =>
       executeBatch(repository) {
         updatePriorityId(repository.owner, repository.name, _, value, true)
       }
@@ -358,7 +403,7 @@ trait IssuesControllerBase extends ControllerBase {
 
   get("/:owner/:repository/_attached/:file")(referrersOnly { repository =>
     (Directory.getAttachedDir(repository.owner, repository.name) match {
-      case dir if(dir.exists && dir.isDirectory) =>
+      case dir if (dir.exists && dir.isDirectory) =>
         dir.listFiles.find(_.getName.startsWith(params("file") + ".")).map { file =>
           response.setHeader("Content-Disposition", f"""inline; filename=${file.getName}""")
           RawData(FileUtil.getMimeType(file.getName), file)
@@ -372,7 +417,7 @@ trait IssuesControllerBase extends ControllerBase {
   val priorityId: String => Option[Int] = (key: String) => params.get(key).flatMap(_.toIntOpt)
 
   private def executeBatch(repository: RepositoryService.RepositoryInfo)(execute: Int => Unit) = {
-    params("checked").split(',') map(_.toInt) foreach execute
+    params("checked").split(',') map (_.toInt) foreach execute
     params("from") match {
       case "issues" => redirect(s"/${repository.owner}/${repository.name}/issues")
       case "pulls"  => redirect(s"/${repository.owner}/${repository.name}/pulls")
@@ -380,13 +425,14 @@ trait IssuesControllerBase extends ControllerBase {
   }
 
   private def searchIssues(repository: RepositoryService.RepositoryInfo) = {
-    defining(repository.owner, repository.name){ case (owner, repoName) =>
+    defining(repository.owner, repository.name) {
-      val page = IssueSearchCondition.page(request)
+      case (owner, repoName) =>
+        val page = IssueSearchCondition.page(request)
 
-      // retrieve search condition
+        // retrieve search condition
-      val condition = IssueSearchCondition(request)
+        val condition = IssueSearchCondition(request)
 
-      html.list(
+        html.list(
           "issues",
           searchIssue(condition, false, (page - 1) * IssueLimit, IssueLimit, owner -> repoName),
           page,
@@ -394,19 +440,22 @@ trait IssuesControllerBase extends ControllerBase {
           getMilestones(owner, repoName),
           getPriorities(owner, repoName),
           getLabels(owner, repoName),
-          countIssue(condition.copy(state = "open"  ), false, owner -> repoName),
+          countIssue(condition.copy(state = "open"), false, owner -> repoName),
           countIssue(condition.copy(state = "closed"), false, owner -> repoName),
           condition,
           repository,
           isIssueEditable(repository),
-          isIssueManageable(repository))
+          isIssueManageable(repository)
+        )
     }
   }
 
   /**
    * Tests whether an issue or a comment is editable by a logged-in user.
    */
-  private def isEditableContent(owner: String, repository: String, author: String)(implicit context: Context): Boolean = {
+  private def isEditableContent(owner: String, repository: String, author: String)(
+    implicit context: Context
+  ): Boolean = {
     hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
   }
 }

src/main/scala/gitbucket/core/controller/LabelsController.scala

@@ -1,7 +1,14 @@
 package gitbucket.core.controller
 
 import gitbucket.core.issues.labels.html
-import gitbucket.core.service.{RepositoryService, AccountService, IssuesService, LabelsService, MilestonesService, PrioritiesService}
+import gitbucket.core.service.{
+  RepositoryService,
+  AccountService,
+  IssuesService,
+  LabelsService,
+  MilestonesService,
+  PrioritiesService
+}
 import gitbucket.core.util.{ReferrerAuthenticator, WritableUsersAuthenticator}
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.SyntaxSugars._
@@ -9,29 +16,38 @@ import org.scalatra.forms._
 import org.scalatra.i18n.Messages
 import org.scalatra.Ok
 
-class LabelsController extends LabelsControllerBase
+class LabelsController
-  with IssuesService with RepositoryService with AccountService
+    extends LabelsControllerBase
-  with LabelsService with PrioritiesService with MilestonesService
+    with IssuesService
-  with ReferrerAuthenticator with WritableUsersAuthenticator
+    with RepositoryService
+    with AccountService
+    with LabelsService
+    with PrioritiesService
+    with MilestonesService
+    with ReferrerAuthenticator
+    with WritableUsersAuthenticator
 
 trait LabelsControllerBase extends ControllerBase {
-  self: LabelsService with IssuesService with RepositoryService
+  self: LabelsService
-    with ReferrerAuthenticator with WritableUsersAuthenticator =>
+    with IssuesService
+    with RepositoryService
+    with ReferrerAuthenticator
+    with WritableUsersAuthenticator =>
 
   case class LabelForm(labelName: String, color: String)
 
   val labelForm = mapping(
-    "labelName"  -> trim(label("Label name", text(required, labelName, uniqueLabelName, maxlength(100)))),
+    "labelName" -> trim(label("Label name", text(required, labelName, uniqueLabelName, maxlength(100)))),
-    "labelColor" -> trim(label("Color",      text(required, color)))
+    "labelColor" -> trim(label("Color", text(required, color)))
   )(LabelForm.apply)
 
-
   get("/:owner/:repository/issues/labels")(referrersOnly { repository =>
     html.list(
       getLabels(repository.owner, repository.name),
       countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
       repository,
-      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+    )
   })
 
   ajaxGet("/:owner/:repository/issues/labels/new")(writableUsersOnly { repository =>
@@ -45,7 +61,8 @@ trait LabelsControllerBase extends ControllerBase {
       // TODO futility
       countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
       repository,
-      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+    )
   })
 
   ajaxGet("/:owner/:repository/issues/labels/:labelId/edit")(writableUsersOnly { repository =>
@@ -61,7 +78,8 @@ trait LabelsControllerBase extends ControllerBase {
       // TODO futility
       countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
       repository,
-      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+    )
   })
 
   ajaxPost("/:owner/:repository/issues/labels/:labelId/delete")(writableUsersOnly { repository =>
@@ -72,26 +90,34 @@ trait LabelsControllerBase extends ControllerBase {
   /**
    * Constraint for the identifier such as user name, repository name or page name.
    */
-  private def labelName: Constraint = new Constraint(){
+  private def labelName: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] =
-      if(value.contains(',')){
+      if (value.contains(',')) {
         Some(s"${name} contains invalid character.")
-      } else if(value.startsWith("_") || value.startsWith("-")){
+      } else if (value.startsWith("_") || value.startsWith("-")) {
         Some(s"${name} starts with invalid character.")
       } else {
         None
       }
   }
 
-  private def uniqueLabelName: Constraint = new Constraint(){
+  private def uniqueLabelName: Constraint = new Constraint() {
-    override def validate(name: String, value: String, params: Map[String, Seq[String]], messages: Messages): Option[String] = {
+    override def validate(
-      val owner      = params.value("owner")
+      name: String,
+      value: String,
+      params: Map[String, Seq[String]],
+      messages: Messages
+    ): Option[String] = {
+      val owner = params.value("owner")
       val repository = params.value("repository")
-      params.optionValue("labelId").map { labelId =>
+      params
-        getLabel(owner, repository, value).filter(_.labelId != labelId.toInt).map(_ => "Name has already been taken.")
+        .optionValue("labelId")
-      }.getOrElse {
+        .map { labelId =>
-        getLabel(owner, repository, value).map(_ => "Name has already been taken.")
+          getLabel(owner, repository, value).filter(_.labelId != labelId.toInt).map(_ => "Name has already been taken.")
-      }
+        }
+        .getOrElse {
+          getLabel(owner, repository, value).map(_ => "Name has already been taken.")
+        }
     }
   }
 

src/main/scala/gitbucket/core/controller/MilestonesController.scala

@@ -6,20 +6,23 @@ import gitbucket.core.util.{ReferrerAuthenticator, WritableUsersAuthenticator}
 import gitbucket.core.util.Implicits._
 import org.scalatra.forms._
 
-class MilestonesController extends MilestonesControllerBase
+class MilestonesController
-  with MilestonesService with RepositoryService with AccountService
+    extends MilestonesControllerBase
-  with ReferrerAuthenticator with WritableUsersAuthenticator
+    with MilestonesService
+    with RepositoryService
+    with AccountService
+    with ReferrerAuthenticator
+    with WritableUsersAuthenticator
 
 trait MilestonesControllerBase extends ControllerBase {
-  self: MilestonesService with RepositoryService
+  self: MilestonesService with RepositoryService with ReferrerAuthenticator with WritableUsersAuthenticator =>
-    with ReferrerAuthenticator with WritableUsersAuthenticator  =>
 
   case class MilestoneForm(title: String, description: Option[String], dueDate: Option[java.util.Date])
 
   val milestoneForm = mapping(
-    "title"       -> trim(label("Title", text(required, maxlength(100)))),
+    "title" -> trim(label("Title", text(required, maxlength(100)))),
     "description" -> trim(label("Description", optional(text()))),
-    "dueDate"     -> trim(label("Due Date", optional(date())))
+    "dueDate" -> trim(label("Due Date", optional(date())))
   )(MilestoneForm.apply)
 
   get("/:owner/:repository/issues/milestones")(referrersOnly { repository =>
@@ -27,7 +30,8 @@ trait MilestonesControllerBase extends ControllerBase {
       params.getOrElse("state", "open"),
       getMilestonesWithIssueCount(repository.owner, repository.name),
       repository,
-      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+    )
   })
 
   get("/:owner/:repository/issues/milestones/new")(writableUsersOnly {
@@ -40,22 +44,23 @@ trait MilestonesControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/issues/milestones/:milestoneId/edit")(writableUsersOnly { repository =>
-    params("milestoneId").toIntOpt.map{ milestoneId =>
+    params("milestoneId").toIntOpt.map { milestoneId =>
       html.edit(getMilestone(repository.owner, repository.name, milestoneId), repository)
     } getOrElse NotFound()
   })
 
-  post("/:owner/:repository/issues/milestones/:milestoneId/edit", milestoneForm)(writableUsersOnly { (form, repository) =>
+  post("/:owner/:repository/issues/milestones/:milestoneId/edit", milestoneForm)(writableUsersOnly {
-    params("milestoneId").toIntOpt.flatMap{ milestoneId =>
+    (form, repository) =>
-      getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
+      params("milestoneId").toIntOpt.flatMap { milestoneId =>
-        updateMilestone(milestone.copy(title = form.title, description = form.description, dueDate = form.dueDate))
+        getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
-        redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
+          updateMilestone(milestone.copy(title = form.title, description = form.description, dueDate = form.dueDate))
-      }
+          redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
-    } getOrElse NotFound()
+        }
+      } getOrElse NotFound()
   })
 
   get("/:owner/:repository/issues/milestones/:milestoneId/close")(writableUsersOnly { repository =>
-    params("milestoneId").toIntOpt.flatMap{ milestoneId =>
+    params("milestoneId").toIntOpt.flatMap { milestoneId =>
       getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
         closeMilestone(milestone)
         redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
@@ -64,7 +69,7 @@ trait MilestonesControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/issues/milestones/:milestoneId/open")(writableUsersOnly { repository =>
-    params("milestoneId").toIntOpt.flatMap{ milestoneId =>
+    params("milestoneId").toIntOpt.flatMap { milestoneId =>
       getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
         openMilestone(milestone)
         redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
@@ -73,7 +78,7 @@ trait MilestonesControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/issues/milestones/:milestoneId/delete")(writableUsersOnly { repository =>
-    params("milestoneId").toIntOpt.flatMap{ milestoneId =>
+    params("milestoneId").toIntOpt.flatMap { milestoneId =>
       getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
         deleteMilestone(repository.owner, repository.name, milestone.milestoneId)
         redirect(s"/${repository.owner}/${repository.name}/issues/milestones")

src/main/scala/gitbucket/core/controller/PreProcessController.scala

@@ -28,13 +28,12 @@ trait PreProcessControllerBase extends ControllerBase {
    * But if it's not allowed, demands authentication except some paths.
    */
   get(!context.settings.allowAnonymousAccess, context.loginAccount.isEmpty) {
-    if(!context.currentPath.startsWith("/assets") && !context.currentPath.startsWith("/signin") &&
+    if (!context.currentPath.startsWith("/assets") && !context.currentPath.startsWith("/signin") &&
-      !context.currentPath.startsWith("/register") && !context.currentPath.endsWith("/info/refs")) {
+        !context.currentPath.startsWith("/register") && !context.currentPath.endsWith("/info/refs")) {
       Unauthorized()
     } else {
       pass()
     }
   }
 
-
 }

src/main/scala/gitbucket/core/controller/PrioritiesController.scala

@@ -1,7 +1,14 @@
 package gitbucket.core.controller
 
 import gitbucket.core.issues.priorities.html
-import gitbucket.core.service.{RepositoryService, AccountService, IssuesService, LabelsService, MilestonesService, PrioritiesService}
+import gitbucket.core.service.{
+  RepositoryService,
+  AccountService,
+  IssuesService,
+  LabelsService,
+  MilestonesService,
+  PrioritiesService
+}
 import gitbucket.core.util.{ReferrerAuthenticator, WritableUsersAuthenticator}
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.SyntaxSugars._
@@ -9,30 +16,39 @@ import org.scalatra.forms._
 import org.scalatra.i18n.Messages
 import org.scalatra.Ok
 
-class PrioritiesController extends PrioritiesControllerBase
+class PrioritiesController
-  with IssuesService with RepositoryService with AccountService
+    extends PrioritiesControllerBase
-  with LabelsService with PrioritiesService with MilestonesService
+    with IssuesService
-  with ReferrerAuthenticator with WritableUsersAuthenticator
+    with RepositoryService
+    with AccountService
+    with LabelsService
+    with PrioritiesService
+    with MilestonesService
+    with ReferrerAuthenticator
+    with WritableUsersAuthenticator
 
 trait PrioritiesControllerBase extends ControllerBase {
-  self: PrioritiesService with IssuesService with RepositoryService
+  self: PrioritiesService
-    with ReferrerAuthenticator with WritableUsersAuthenticator =>
+    with IssuesService
+    with RepositoryService
+    with ReferrerAuthenticator
+    with WritableUsersAuthenticator =>
 
   case class PriorityForm(priorityName: String, description: Option[String], color: String)
 
   val priorityForm = mapping(
-    "priorityName"  -> trim(label("Priority name", text(required, priorityName, uniquePriorityName, maxlength(100)))),
+    "priorityName" -> trim(label("Priority name", text(required, priorityName, uniquePriorityName, maxlength(100)))),
-    "description"   -> trim(label("Description", optional(text(maxlength(255))))),
+    "description" -> trim(label("Description", optional(text(maxlength(255))))),
     "priorityColor" -> trim(label("Color", text(required, color)))
   )(PriorityForm.apply)
 
-
   get("/:owner/:repository/issues/priorities")(referrersOnly { repository =>
     html.list(
       getPriorities(repository.owner, repository.name),
       countIssueGroupByPriorities(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
       repository,
-      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+    )
   })
 
   ajaxGet("/:owner/:repository/issues/priorities/new")(writableUsersOnly { repository =>
@@ -40,12 +56,14 @@ trait PrioritiesControllerBase extends ControllerBase {
   })
 
   ajaxPost("/:owner/:repository/issues/priorities/new", priorityForm)(writableUsersOnly { (form, repository) =>
-    val priorityId = createPriority(repository.owner, repository.name, form.priorityName, form.description, form.color.substring(1))
+    val priorityId =
+      createPriority(repository.owner, repository.name, form.priorityName, form.description, form.color.substring(1))
     html.priority(
       getPriority(repository.owner, repository.name, priorityId).get,
       countIssueGroupByPriorities(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
       repository,
-      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+    )
   })
 
   ajaxGet("/:owner/:repository/issues/priorities/:priorityId/edit")(writableUsersOnly { repository =>
@@ -54,21 +72,34 @@ trait PrioritiesControllerBase extends ControllerBase {
     } getOrElse NotFound()
   })
 
-  ajaxPost("/:owner/:repository/issues/priorities/:priorityId/edit", priorityForm)(writableUsersOnly { (form, repository) =>
+  ajaxPost("/:owner/:repository/issues/priorities/:priorityId/edit", priorityForm)(writableUsersOnly {
-    updatePriority(repository.owner, repository.name, params("priorityId").toInt, form.priorityName, form.description, form.color.substring(1))
+    (form, repository) =>
-    html.priority(
+      updatePriority(
-      getPriority(repository.owner, repository.name, params("priorityId").toInt).get,
+        repository.owner,
-      countIssueGroupByPriorities(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
+        repository.name,
-      repository,
+        params("priorityId").toInt,
-      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
+        form.priorityName,
+        form.description,
+        form.color.substring(1)
+      )
+      html.priority(
+        getPriority(repository.owner, repository.name, params("priorityId").toInt).get,
+        countIssueGroupByPriorities(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
+        repository,
+        hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+      )
   })
 
   ajaxPost("/:owner/:repository/issues/priorities/reorder")(writableUsersOnly { (repository) =>
-    reorderPriorities(repository.owner, repository.name, params("order")
+    reorderPriorities(
-      .split(",")
+      repository.owner,
-      .map(id => id.toInt)
+      repository.name,
-      .zipWithIndex
+      params("order")
-      .toMap)
+        .split(",")
+        .map(id => id.toInt)
+        .zipWithIndex
+        .toMap
+    )
 
     Ok()
   })
@@ -88,26 +119,36 @@ trait PrioritiesControllerBase extends ControllerBase {
   /**
    * Constraint for the identifier such as user name, repository name or page name.
    */
-  private def priorityName: Constraint = new Constraint(){
+  private def priorityName: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] =
-      if(value.contains(',')){
+      if (value.contains(',')) {
         Some(s"${name} contains invalid character.")
-      } else if(value.startsWith("_") || value.startsWith("-")){
+      } else if (value.startsWith("_") || value.startsWith("-")) {
         Some(s"${name} starts with invalid character.")
       } else {
         None
       }
   }
 
-  private def uniquePriorityName: Constraint = new Constraint(){
+  private def uniquePriorityName: Constraint = new Constraint() {
-    override def validate(name: String, value: String, params: Map[String, Seq[String]], messages: Messages): Option[String] = {
+    override def validate(
-      val owner      = params.value("owner")
+      name: String,
+      value: String,
+      params: Map[String, Seq[String]],
+      messages: Messages
+    ): Option[String] = {
+      val owner = params.value("owner")
       val repository = params.value("repository")
-      params.optionValue("priorityId").map { priorityId =>
+      params
-        getPriority(owner, repository, value).filter(_.priorityId != priorityId.toInt).map(_ => "Name has already been taken.")
+        .optionValue("priorityId")
-      }.getOrElse {
+        .map { priorityId =>
-        getPriority(owner, repository, value).map(_ => "Name has already been taken.")
+          getPriority(owner, repository, value)
-      }
+            .filter(_.priorityId != priorityId.toInt)
+            .map(_ => "Name has already been taken.")
+        }
+        .getOrElse {
+          getPriority(owner, repository, value).map(_ => "Name has already been taken.")
+        }
     }
   }
 }

src/main/scala/gitbucket/core/controller/ReleasesController.scala

@@ -11,14 +11,15 @@ import gitbucket.core.releases.html
 import org.apache.commons.io.FileUtils
 import scala.collection.JavaConverters._
 
-class ReleaseController extends ReleaseControllerBase
+class ReleaseController
-  with RepositoryService
+    extends ReleaseControllerBase
-  with AccountService
+    with RepositoryService
-  with ReleaseService
+    with AccountService
-  with ActivityService
+    with ReleaseService
-  with ReadableUsersAuthenticator
+    with ActivityService
-  with ReferrerAuthenticator
+    with ReadableUsersAuthenticator
-  with WritableUsersAuthenticator
+    with ReferrerAuthenticator
+    with WritableUsersAuthenticator
 
 trait ReleaseControllerBase extends ControllerBase {
   self: RepositoryService
@@ -35,51 +36,63 @@ trait ReleaseControllerBase extends ControllerBase {
   )
 
   val releaseForm = mapping(
-    "name"    -> trim(text(required)),
+    "name" -> trim(text(required)),
     "content" -> trim(optional(text()))
   )(ReleaseForm.apply)
 
-  get("/:owner/:repository/releases")(referrersOnly {repository =>
+  get("/:owner/:repository/releases")(referrersOnly { repository =>
     val releases = getReleases(repository.owner, repository.name)
     val assets = getReleaseAssetsMap(repository.owner, repository.name)
 
     html.list(
       repository,
       repository.tags.reverse.map { tag =>
-        (tag, releases.find(_.tag == tag.name).map { release => (release, assets(release)) })
+        (tag, releases.find(_.tag == tag.name).map { release =>
+          (release, assets(release))
+        })
       },
-      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+    )
   })
 
   get("/:owner/:repository/releases/:tag")(referrersOnly { repository =>
     val tagName = params("tag")
-    getRelease(repository.owner, repository.name, tagName).map { release =>
+    getRelease(repository.owner, repository.name, tagName)
-      html.release(release, getReleaseAssets(repository.owner, repository.name, tagName),
+      .map { release =>
-        hasDeveloperRole(repository.owner, repository.name, context.loginAccount), repository)
+        html.release(
-    }.getOrElse(NotFound())
+          release,
+          getReleaseAssets(repository.owner, repository.name, tagName),
+          hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
+          repository
+        )
+      }
+      .getOrElse(NotFound())
   })
 
-  get("/:owner/:repository/releases/:tag/assets/:fileId")(referrersOnly {repository =>
+  get("/:owner/:repository/releases/:tag/assets/:fileId")(referrersOnly { repository =>
     val tagName = params("tag")
     val fileId = params("fileId")
     (for {
-      _     <- repository.tags.find(_.name == tagName)
+      _ <- repository.tags.find(_.name == tagName)
-      _     <- getRelease(repository.owner, repository.name, tagName)
+      _ <- getRelease(repository.owner, repository.name, tagName)
       asset <- getReleaseAsset(repository.owner, repository.name, tagName, fileId)
     } yield {
       response.setHeader("Content-Disposition", s"attachment; filename=${asset.label}")
       RawData(
         FileUtil.getMimeType(asset.label),
-        new File(getReleaseFilesDir(repository.owner, repository.name), tagName + "/" + fileId)
+        new File(getReleaseFilesDir(repository.owner, repository.name), FileUtil.checkFilename(tagName + "/" + fileId))
       )
     }).getOrElse(NotFound())
   })
 
-  get("/:owner/:repository/releases/:tag/create")(writableUsersOnly {repository =>
+  get("/:owner/:repository/releases/:tag/create")(writableUsersOnly { repository =>
     val tagName = params("tag")
-    repository.tags.find(_.name == tagName).map { tag =>
+    repository.tags
-      html.form(repository, tag, None)
+      .find(_.name == tagName)
-    }.getOrElse(NotFound())
+      .map { tag =>
+        html.form(repository, tag, None)
+      }
+      .getOrElse(NotFound())
   })
 
   post("/:owner/:repository/releases/:tag/create", releaseForm)(writableUsersOnly { (form, repository) =>
@@ -90,12 +103,19 @@ trait ReleaseControllerBase extends ControllerBase {
     createRelease(repository.owner, repository.name, form.name, form.content, tagName, loginAccount)
 
     // Insert into RELEASE_ASSET
-    request.getParameterNames.asScala.filter(_.startsWith("file:")).foreach { paramName =>
+    val files = params.collect {
-      val Array(_, fileId) = paramName.split(":")
+      case (name, value) if name.startsWith("file:") =>
-      val fileName = params(paramName)
+        val Array(_, fileId) = name.split(":")
-      val size = new java.io.File(getReleaseFilesDir(repository.owner, repository.name), tagName + "/" + fileId).length
+        (fileId, value)
-
+    }
-      createReleaseAsset(repository.owner, repository.name, tagName, fileId, fileName, size, loginAccount)
+    files.foreach {
+      case (fileId, fileName) =>
+        val size =
+          new File(
+            getReleaseFilesDir(repository.owner, repository.name),
+            FileUtil.checkFilename(tagName + "/" + fileId)
+          ).length
+        createReleaseAsset(repository.owner, repository.name, tagName, fileId, fileName, size, loginAccount)
     }
 
     recordReleaseActivity(repository.owner, repository.name, loginAccount.userName, form.name)
@@ -103,53 +123,67 @@ trait ReleaseControllerBase extends ControllerBase {
     redirect(s"/${repository.owner}/${repository.name}/releases/${tagName}")
   })
 
-  get("/:owner/:repository/releases/:tag/edit")(writableUsersOnly {repository =>
+  get("/:owner/:repository/releases/:tag/edit")(writableUsersOnly { repository =>
     val tagName = params("tag")
 
     (for {
       release <- getRelease(repository.owner, repository.name, tagName)
-      tag     <- repository.tags.find(_.name == tagName)
+      tag <- repository.tags.find(_.name == tagName)
     } yield {
       html.form(repository, tag, Some(release, getReleaseAssets(repository.owner, repository.name, tagName)))
     }).getOrElse(NotFound())
   })
 
-  post("/:owner/:repository/releases/:tag/edit", releaseForm)(writableUsersOnly { (form, repository) =>
+  post("/:owner/:repository/releases/:tag/edit", releaseForm)(writableUsersOnly {
-    val tagName = params("tag")
+    (form, repository) =>
-    val loginAccount = context.loginAccount.get
+      val tagName = params("tag")
+      val loginAccount = context.loginAccount.get
 
-    getRelease(repository.owner, repository.name, tagName).map { release =>
+      getRelease(repository.owner, repository.name, tagName)
-      // Update RELEASE
+        .map { release =>
-      updateRelease(repository.owner, repository.name, tagName, form.name, form.content)
+          // Update RELEASE
+          updateRelease(repository.owner, repository.name, tagName, form.name, form.content)
 
-      // Delete and Insert RELEASE_ASSET
+          // Delete and Insert RELEASE_ASSET
-      val assets = getReleaseAssets(repository.owner, repository.name, tagName)
+          val assets = getReleaseAssets(repository.owner, repository.name, tagName)
-      deleteReleaseAssets(repository.owner, repository.name, tagName)
+          deleteReleaseAssets(repository.owner, repository.name, tagName)
 
-      val fileIds = request.getParameterNames.asScala.filter(_.startsWith("file:")).map { paramName =>
+          val files = params.collect {
-        val Array(_, fileId) = paramName.split(":")
+            case (name, value) if name.startsWith("file:") =>
-        val fileName = params(paramName)
+              val Array(_, fileId) = name.split(":")
-        val size = new java.io.File(getReleaseFilesDir(repository.owner, repository.name), release.tag + "/" + fileId).length
+              (fileId, value)
+          }
+          files.foreach {
+            case (fileId, fileName) =>
+              val size =
+                new File(
+                  getReleaseFilesDir(repository.owner, repository.name),
+                  FileUtil.checkFilename(tagName + "/" + fileId)
+                ).length
+              createReleaseAsset(repository.owner, repository.name, tagName, fileId, fileName, size, loginAccount)
+          }
 
-        createReleaseAsset(repository.owner, repository.name, tagName, fileId, fileName, size, loginAccount)
+          assets.foreach { asset =>
-        fileId
+            if (!files.exists { case (fileId, _) => fileId == asset.fileName }) {
-      }
+              val file = new File(
+                getReleaseFilesDir(repository.owner, repository.name),
+                FileUtil.checkFilename(release.tag + "/" + asset.fileName)
+              )
+              FileUtils.forceDelete(file)
+            }
+          }
 
-      assets.foreach { asset =>
+          redirect(s"/${release.userName}/${release.repositoryName}/releases/${tagName}")
-        if(!fileIds.contains(asset.fileName)){
-          val file = new java.io.File(getReleaseFilesDir(repository.owner, repository.name), release.tag + "/" + asset.fileName)
-          FileUtils.forceDelete(file)
         }
-      }
+        .getOrElse(NotFound())
-
-      redirect(s"/${release.userName}/${release.repositoryName}/releases/${tagName}")
-    }.getOrElse(NotFound())
   })
 
   post("/:owner/:repository/releases/:tag/delete")(writableUsersOnly { repository =>
     val tagName = params("tag")
     getRelease(repository.owner, repository.name, tagName).foreach { release =>
-      FileUtils.deleteDirectory(new File(getReleaseFilesDir(repository.owner, repository.name), release.tag))
+      FileUtils.deleteDirectory(
+        new File(getReleaseFilesDir(repository.owner, repository.name), FileUtil.checkFilename(release.tag))
+      )
     }
     deleteRelease(repository.owner, repository.name, tagName)
     redirect(s"/${repository.owner}/${repository.name}/releases")

src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala

@@ -21,14 +21,26 @@ import org.eclipse.jgit.lib.ObjectId
 import gitbucket.core.model.WebHookContentType
 import gitbucket.core.plugin.PluginRegistry
 
-
+class RepositorySettingsController
-class RepositorySettingsController extends RepositorySettingsControllerBase
+    extends RepositorySettingsControllerBase
-  with RepositoryService with AccountService with WebHookService with ProtectedBranchService with CommitStatusService with DeployKeyService
+    with RepositoryService
-  with OwnerAuthenticator with UsersAuthenticator
+    with AccountService
+    with WebHookService
+    with ProtectedBranchService
+    with CommitStatusService
+    with DeployKeyService
+    with OwnerAuthenticator
+    with UsersAuthenticator
 
 trait RepositorySettingsControllerBase extends ControllerBase {
-  self: RepositoryService with AccountService with WebHookService with ProtectedBranchService with CommitStatusService with DeployKeyService
+  self: RepositoryService
-    with OwnerAuthenticator with UsersAuthenticator =>
+    with AccountService
+    with WebHookService
+    with ProtectedBranchService
+    with CommitStatusService
+    with DeployKeyService
+    with OwnerAuthenticator
+    with UsersAuthenticator =>
 
   // for repository options
   case class OptionsForm(
@@ -45,18 +57,20 @@ trait RepositorySettingsControllerBase extends ControllerBase {
   )
 
   val optionsForm = mapping(
-    "repositoryName"     -> trim(label("Repository Name"    , text(required, maxlength(100), repository, renameRepositoryName))),
+    "repositoryName" -> trim(
-    "description"        -> trim(label("Description"        , optional(text()))),
+      label("Repository Name", text(required, maxlength(100), repository, renameRepositoryName))
-    "isPrivate"          -> trim(label("Repository Type"    , boolean())),
+    ),
-    "issuesOption"       -> trim(label("Issues Option"      , text(required, featureOption))),
+    "description" -> trim(label("Description", optional(text()))),
-    "externalIssuesUrl"  -> trim(label("External Issues URL", optional(text(maxlength(200))))),
+    "isPrivate" -> trim(label("Repository Type", boolean())),
-    "wikiOption"         -> trim(label("Wiki Option"        , text(required, featureOption))),
+    "issuesOption" -> trim(label("Issues Option", text(required, featureOption))),
-    "externalWikiUrl"    -> trim(label("External Wiki URL"  , optional(text(maxlength(200))))),
+    "externalIssuesUrl" -> trim(label("External Issues URL", optional(text(maxlength(200))))),
-    "allowFork"          -> trim(label("Allow Forking"      , boolean())),
+    "wikiOption" -> trim(label("Wiki Option", text(required, featureOption))),
-    "mergeOptions"       -> mergeOptions,
+    "externalWikiUrl" -> trim(label("External Wiki URL", optional(text(maxlength(200))))),
+    "allowFork" -> trim(label("Allow Forking", boolean())),
+    "mergeOptions" -> mergeOptions,
     "defaultMergeOption" -> trim(label("Default merge strategy", text(required)))
   )(OptionsForm.apply).verifying { form =>
-    if(!form.mergeOptions.contains(form.defaultMergeOption)){
+    if (!form.mergeOptions.contains(form.defaultMergeOption)) {
       Seq("defaultMergeOption" -> s"This merge strategy isn't enabled.")
     } else Nil
   }
@@ -65,30 +79,30 @@ trait RepositorySettingsControllerBase extends ControllerBase {
   case class DefaultBranchForm(defaultBranch: String)
 
   val defaultBranchForm = mapping(
-    "defaultBranch"  -> trim(label("Default Branch" , text(required, maxlength(100))))
+    "defaultBranch" -> trim(label("Default Branch", text(required, maxlength(100))))
   )(DefaultBranchForm.apply)
 
-
   // for deploy key
   case class DeployKeyForm(title: String, publicKey: String, allowWrite: Boolean)
 
   val deployKeyForm = mapping(
-    "title"      -> trim(label("Title", text(required, maxlength(100)))),
+    "title" -> trim(label("Title", text(required, maxlength(100)))),
-    "publicKey"  -> trim2(label("Key" , text(required))), // TODO duplication check in the repository?
+    "publicKey" -> trim2(label("Key", text(required))), // TODO duplication check in the repository?
-    "allowWrite" -> trim(label("Key"  , boolean()))
+    "allowWrite" -> trim(label("Key", boolean()))
   )(DeployKeyForm.apply)
 
   // for web hook url addition
   case class WebHookForm(url: String, events: Set[WebHook.Event], ctype: WebHookContentType, token: Option[String])
 
-  def webHookForm(update:Boolean) = mapping(
+  def webHookForm(update: Boolean) =
-    "url"    -> trim(label("url", text(required, webHook(update)))),
+    mapping(
-    "events" -> webhookEvents,
+      "url" -> trim(label("url", text(required, webHook(update)))),
-    "ctype" -> label("ctype", text()),
+      "events" -> webhookEvents,
-    "token" -> optional(trim(label("token", text(maxlength(100)))))
+      "ctype" -> label("ctype", text()),
-  )(
+      "token" -> optional(trim(label("token", text(maxlength(100)))))
-    (url, events, ctype, token) => WebHookForm(url, events, WebHookContentType.valueOf(ctype), token)
+    )(
-  )
+      (url, events, ctype, token) => WebHookForm(url, events, WebHookContentType.valueOf(ctype), token)
+    )
 
   // for transfer ownership
   case class TransferOwnerShipForm(newOwner: String)
@@ -131,24 +145,24 @@ trait RepositorySettingsControllerBase extends ControllerBase {
       form.defaultMergeOption
     )
     // Change repository name
-    if(repository.name != form.repositoryName){
+    if (repository.name != form.repositoryName) {
       // Update database
       renameRepository(repository.owner, repository.name, repository.owner, form.repositoryName)
       // Move git repository
-      defining(getRepositoryDir(repository.owner, repository.name)){ dir =>
+      defining(getRepositoryDir(repository.owner, repository.name)) { dir =>
-        if(dir.isDirectory){
+        if (dir.isDirectory) {
           FileUtils.moveDirectory(dir, getRepositoryDir(repository.owner, form.repositoryName))
         }
       }
       // Move wiki repository
-      defining(getWikiRepositoryDir(repository.owner, repository.name)){ dir =>
+      defining(getWikiRepositoryDir(repository.owner, repository.name)) { dir =>
-        if(dir.isDirectory) {
+        if (dir.isDirectory) {
           FileUtils.moveDirectory(dir, getWikiRepositoryDir(repository.owner, form.repositoryName))
         }
       }
       // Move files directory
-      defining(getRepositoryFilesDir(repository.owner, repository.name)){ dir =>
+      defining(getRepositoryFilesDir(repository.owner, repository.name)) { dir =>
-        if(dir.isDirectory) {
+        if (dir.isDirectory) {
           FileUtils.moveDirectory(dir, getRepositoryFilesDir(repository.owner, form.repositoryName))
         }
       }
@@ -170,7 +184,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
 
   /** Update default branch */
   post("/:owner/:repository/settings/update_default_branch", defaultBranchForm)(ownerOnly { (form, repository) =>
-    if(!repository.branchList.contains(form.defaultBranch)){
+    if (!repository.branchList.contains(form.defaultBranch)) {
       redirect(s"/${repository.owner}/${repository.name}/settings/options")
     } else {
       saveRepositoryDefaultBranch(repository.owner, repository.name, form.defaultBranch)
@@ -187,12 +201,15 @@ trait RepositorySettingsControllerBase extends ControllerBase {
   get("/:owner/:repository/settings/branches/:branch")(ownerOnly { repository =>
     import gitbucket.core.api._
     val branch = params("branch")
-    if(!repository.branchList.contains(branch)){
+    if (!repository.branchList.contains(branch)) {
       redirect(s"/${repository.owner}/${repository.name}/settings/branches")
     } else {
       val protection = ApiBranchProtection(getProtectedBranchInfo(repository.owner, repository.name, branch))
-      val lastWeeks = getRecentStatuesContexts(repository.owner, repository.name,
+      val lastWeeks = getRecentStatuesContexts(
-        Date.from(LocalDateTime.now.minusWeeks(1).toInstant(ZoneOffset.UTC))).toSet
+        repository.owner,
+        repository.name,
+        Date.from(LocalDateTime.now.minusWeeks(1).toInstant(ZoneOffset.UTC))
+      ).toSet
       val knownContexts = (lastWeeks ++ protection.status.contexts).toSeq.sortBy(identity)
       html.branchprotection(repository, branch, protection, knownContexts, flash.get("info"))
     }
@@ -205,7 +222,8 @@ trait RepositorySettingsControllerBase extends ControllerBase {
     html.collaborators(
       getCollaborators(repository.owner, repository.name),
       getAccountByUserName(repository.owner).get.isGroupAccount,
-      repository)
+      repository
+    )
   })
 
   post("/:owner/:repository/settings/collaborators")(ownerOnly { repository =>
@@ -255,62 +273,90 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    * Send the test request to registered web hook URLs.
    */
   ajaxPost("/:owner/:repository/settings/hooks/test")(ownerOnly { repository =>
-    def _headers(h: Array[org.apache.http.Header]): Array[Array[String]] = h.map { h => Array(h.getName, h.getValue) }
+    def _headers(h: Array[org.apache.http.Header]): Array[Array[String]] = h.map { h =>
+      Array(h.getName, h.getValue)
+    }
 
-    using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
+    using(Git.open(getRepositoryDir(repository.owner, repository.name))) {
-      import scala.collection.JavaConverters._
+      git =>
-      import scala.concurrent.duration._
+        import scala.collection.JavaConverters._
-      import scala.concurrent._
+        import scala.concurrent.duration._
-      import scala.util.control.NonFatal
+        import scala.concurrent._
-      import org.apache.http.util.EntityUtils
+        import scala.util.control.NonFatal
-      import scala.concurrent.ExecutionContext.Implicits.global
+        import org.apache.http.util.EntityUtils
+        import scala.concurrent.ExecutionContext.Implicits.global
 
-      val url = params("url")
+        val url = params("url")
-      val token = Some(params("token"))
+        val token = Some(params("token"))
-      val ctype = WebHookContentType.valueOf(params("ctype"))
+        val ctype = WebHookContentType.valueOf(params("ctype"))
-      val dummyWebHookInfo = RepositoryWebHook(repository.owner, repository.name, url, ctype, token)
+        val dummyWebHookInfo = RepositoryWebHook(repository.owner, repository.name, url, ctype, token)
-      val dummyPayload = {
+        val dummyPayload = {
-        val ownerAccount = getAccountByUserName(repository.owner).get
+          val ownerAccount = getAccountByUserName(repository.owner).get
-        val commits = if(JGitUtil.isEmpty(git)) List.empty else git.log
+          val commits =
-          .add(git.getRepository.resolve(repository.repository.defaultBranch))
+            if (JGitUtil.isEmpty(git)) List.empty
-          .setMaxCount(4)
+            else
-          .call.iterator.asScala.map(new CommitInfo(_)).toList
+              git.log
-        val pushedCommit = commits.drop(1)
+                .add(git.getRepository.resolve(repository.repository.defaultBranch))
+                .setMaxCount(4)
+                .call
+                .iterator
+                .asScala
+                .map(new CommitInfo(_))
+                .toList
+          val pushedCommit = commits.drop(1)
 
-        WebHookPushPayload(
+          WebHookPushPayload(
-          git = git,
+            git = git,
-          sender = ownerAccount,
+            sender = ownerAccount,
-          refName = "refs/heads/" + repository.repository.defaultBranch,
+            refName = "refs/heads/" + repository.repository.defaultBranch,
-          repositoryInfo = repository,
+            repositoryInfo = repository,
-          commits = pushedCommit,
+            commits = pushedCommit,
-          repositoryOwner = ownerAccount,
+            repositoryOwner = ownerAccount,
-          oldId = commits.lastOption.map(_.id).map(ObjectId.fromString).getOrElse(ObjectId.zeroId()),
+            oldId = commits.lastOption.map(_.id).map(ObjectId.fromString).getOrElse(ObjectId.zeroId()),
-          newId = commits.headOption.map(_.id).map(ObjectId.fromString).getOrElse(ObjectId.zeroId())
+            newId = commits.headOption.map(_.id).map(ObjectId.fromString).getOrElse(ObjectId.zeroId())
+          )
+        }
+
+        val (webHook, json, reqFuture, resFuture) = callWebHook(WebHook.Push, List(dummyWebHookInfo), dummyPayload).head
+
+        val toErrorMap: PartialFunction[Throwable, Map[String, String]] = {
+          case e: java.net.UnknownHostException                  => Map("error" -> ("Unknown host " + e.getMessage))
+          case e: java.lang.IllegalArgumentException             => Map("error" -> ("invalid url"))
+          case e: org.apache.http.client.ClientProtocolException => Map("error" -> ("invalid url"))
+          case NonFatal(e)                                       => Map("error" -> (e.getClass + " " + e.getMessage))
+        }
+
+        contentType = formats("json")
+        org.json4s.jackson.Serialization.write(
+          Map(
+            "url" -> url,
+            "request" -> Await.result(
+              reqFuture
+                .map(
+                  req =>
+                    Map(
+                      "headers" -> _headers(req.getAllHeaders),
+                      "payload" -> json
+                  )
+                )
+                .recover(toErrorMap),
+              20 seconds
+            ),
+            "response" -> Await.result(
+              resFuture
+                .map(
+                  res =>
+                    Map(
+                      "status" -> res.getStatusLine(),
+                      "body" -> EntityUtils.toString(res.getEntity()),
+                      "headers" -> _headers(res.getAllHeaders())
+                  )
+                )
+                .recover(toErrorMap),
+              20 seconds
+            )
+          )
         )
-      }
-
-      val (webHook, json, reqFuture, resFuture) = callWebHook(WebHook.Push, List(dummyWebHookInfo), dummyPayload).head
-
-      val toErrorMap: PartialFunction[Throwable, Map[String,String]] = {
-        case e: java.net.UnknownHostException => Map("error"-> ("Unknown host " + e.getMessage))
-        case e: java.lang.IllegalArgumentException => Map("error"-> ("invalid url"))
-        case e: org.apache.http.client.ClientProtocolException => Map("error"-> ("invalid url"))
-        case NonFatal(e) => Map("error"-> (e.getClass + " "+ e.getMessage))
-      }
-
-      contentType = formats("json")
-      org.json4s.jackson.Serialization.write(Map(
-        "url" -> url,
-        "request" -> Await.result(reqFuture.map(req => Map(
-          "headers" -> _headers(req.getAllHeaders),
-          "payload" -> json
-        )).recover(toErrorMap), 20 seconds),
-        "response" -> Await.result(resFuture.map(res => Map(
-          "status"  -> res.getStatusLine(),
-          "body"    -> EntityUtils.toString(res.getEntity()),
-          "headers" -> _headers(res.getAllHeaders())
-        )).recover(toErrorMap), 20 seconds)
-      ))
     }
   })
 
@@ -318,8 +364,9 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    * Display the web hook edit page.
    */
   get("/:owner/:repository/settings/hooks/edit")(ownerOnly { repository =>
-    getWebHook(repository.owner, repository.name, params("url")).map{ case (webhook, events) =>
+    getWebHook(repository.owner, repository.name, params("url")).map {
-      html.edithook(webhook, events, repository, false)
+      case (webhook, events) =>
+        html.edithook(webhook, events, repository, false)
     } getOrElse NotFound()
   })
 
@@ -344,25 +391,25 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    */
   post("/:owner/:repository/settings/transfer", transferForm)(ownerOnly { (form, repository) =>
     // Change repository owner
-    if(repository.owner != form.newOwner){
+    if (repository.owner != form.newOwner) {
-      LockUtil.lock(s"${repository.owner}/${repository.name}"){
+      LockUtil.lock(s"${repository.owner}/${repository.name}") {
         // Update database
         renameRepository(repository.owner, repository.name, form.newOwner, repository.name)
         // Move git repository
-        defining(getRepositoryDir(repository.owner, repository.name)){ dir =>
+        defining(getRepositoryDir(repository.owner, repository.name)) { dir =>
-          if(dir.isDirectory){
+          if (dir.isDirectory) {
             FileUtils.moveDirectory(dir, getRepositoryDir(form.newOwner, repository.name))
           }
         }
         // Move wiki repository
-        defining(getWikiRepositoryDir(repository.owner, repository.name)){ dir =>
+        defining(getWikiRepositoryDir(repository.owner, repository.name)) { dir =>
-          if(dir.isDirectory) {
+          if (dir.isDirectory) {
             FileUtils.moveDirectory(dir, getWikiRepositoryDir(form.newOwner, repository.name))
           }
         }
         // Move files directory
-        defining(getRepositoryFilesDir(repository.owner, repository.name)){ dir =>
+        defining(getRepositoryFilesDir(repository.owner, repository.name)) { dir =>
-          if(dir.isDirectory) {
+          if (dir.isDirectory) {
             FileUtils.moveDirectory(dir, getRepositoryFilesDir(form.newOwner, repository.name))
           }
         }
@@ -378,7 +425,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    * Delete the repository.
    */
   post("/:owner/:repository/settings/delete")(ownerOnly { repository =>
-    LockUtil.lock(s"${repository.owner}/${repository.name}"){
+    LockUtil.lock(s"${repository.owner}/${repository.name}") {
       // Delete the repository and related files
       deleteRepository(repository.owner, repository.name)
 
@@ -428,10 +475,10 @@ trait RepositorySettingsControllerBase extends ControllerBase {
   /**
    * Provides duplication check for web hook url.
    */
-  private def webHook(needExists: Boolean): Constraint = new Constraint(){
+  private def webHook(needExists: Boolean): Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] =
-      if(getWebHook(params("owner"), params("repository"), value).isDefined != needExists){
+      if (getWebHook(params("owner"), params("repository"), value).isDefined != needExists) {
-        Some(if(needExists){
+        Some(if (needExists) {
           "URL had not been registered yet."
         } else {
           "URL had been registered already."
@@ -441,17 +488,18 @@ trait RepositorySettingsControllerBase extends ControllerBase {
       }
   }
 
-  private def webhookEvents = new ValueType[Set[WebHook.Event]]{
+  private def webhookEvents = new ValueType[Set[WebHook.Event]] {
     def convert(name: String, params: Map[String, Seq[String]], messages: Messages): Set[WebHook.Event] = {
       WebHook.Event.values.flatMap { t =>
         params.get(name + "." + t.name).map(_ => t)
       }.toSet
     }
-    def validate(name: String, params: Map[String, Seq[String]], messages: Messages): Seq[(String, String)] = if(convert(name,params,messages).isEmpty){
+    def validate(name: String, params: Map[String, Seq[String]], messages: Messages): Seq[(String, String)] =
-      Seq(name -> messages("error.required").format(name))
+      if (convert(name, params, messages).isEmpty) {
-    } else {
+        Seq(name -> messages("error.required").format(name))
-      Nil
+      } else {
-    }
+        Nil
+      }
   }
 
 //  /**
@@ -472,12 +520,17 @@ trait RepositorySettingsControllerBase extends ControllerBase {
   /**
    * Duplicate check for the rename repository name.
    */
-  private def renameRepositoryName: Constraint = new Constraint(){
+  private def renameRepositoryName: Constraint = new Constraint() {
-    override def validate(name: String, value: String, params: Map[String, Seq[String]], messages: Messages): Option[String] = {
+    override def validate(
+      name: String,
+      value: String,
+      params: Map[String, Seq[String]],
+      messages: Messages
+    ): Option[String] = {
       for {
         repoName <- params.optionValue("repository") if repoName != value
         userName <- params.optionValue("owner")
-        _        <- getRepositoryNamesOfUser(userName).find(_ == value)
+        _ <- getRepositoryNamesOfUser(userName).find(_ == value)
       } yield {
         "Repository already exists."
       }
@@ -487,38 +540,45 @@ trait RepositorySettingsControllerBase extends ControllerBase {
   /**
    *
    */
-  private def featureOption: Constraint = new Constraint(){
+  private def featureOption: Constraint = new Constraint() {
-    override def validate(name: String, value: String, params: Map[String, Seq[String]], messages: Messages): Option[String] =
+    override def validate(
-      if(Seq("DISABLE", "PRIVATE", "PUBLIC", "ALL").contains(value)) None else Some("Option is invalid.")
+      name: String,
+      value: String,
+      params: Map[String, Seq[String]],
+      messages: Messages
+    ): Option[String] =
+      if (Seq("DISABLE", "PRIVATE", "PUBLIC", "ALL").contains(value)) None else Some("Option is invalid.")
   }
 
-
   /**
    * Provides Constraint to validate the repository transfer user.
    */
-  private def transferUser: Constraint = new Constraint(){
+  private def transferUser: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] =
       getAccountByUserName(value) match {
-        case None    => Some("User does not exist.")
+        case None => Some("User does not exist.")
-        case Some(x) => if(x.userName == params("owner")){
+        case Some(x) =>
-          Some("This is current repository owner.")
+          if (x.userName == params("owner")) {
-        } else {
+            Some("This is current repository owner.")
-          params.get("repository").flatMap { repositoryName =>
+          } else {
-            getRepositoryNamesOfUser(x.userName).find(_ == repositoryName).map{ _ => "User already has same repository." }
+            params.get("repository").flatMap { repositoryName =>
+              getRepositoryNamesOfUser(x.userName).find(_ == repositoryName).map { _ =>
+                "User already has same repository."
+              }
+            }
           }
-        }
       }
   }
 
-  private def mergeOptions = new ValueType[Seq[String]]{
+  private def mergeOptions = new ValueType[Seq[String]] {
     override def convert(name: String, params: Map[String, Seq[String]], messages: Messages): Seq[String] = {
       params.get("mergeOptions").getOrElse(Nil)
     }
     override def validate(name: String, params: Map[String, Seq[String]], messages: Messages): Seq[(String, String)] = {
       val mergeOptions = params.get("mergeOptions").getOrElse(Nil)
-      if(mergeOptions.isEmpty){
+      if (mergeOptions.isEmpty) {
         Seq("mergeOptions" -> "At least one option must be enabled.")
-      } else if(!mergeOptions.forall(x => Seq("merge-commit", "squash", "rebase").contains(x))){
+      } else if (!mergeOptions.forall(x => Seq("merge-commit", "squash", "rebase").contains(x))) {
         Seq("mergeOptions" -> "mergeOptions are invalid.")
       } else {
         Nil

src/main/scala/gitbucket/core/controller/SystemSettingsController.scala

@@ -15,6 +15,7 @@ import gitbucket.core.util.StringUtil._
 import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.{AdminAuthenticator, Mailer}
 import org.apache.commons.io.IOUtils
+import org.apache.commons.mail.EmailException
 import org.json4s.jackson.Serialization
 import org.scalatra._
 import org.scalatra.forms._
@@ -23,8 +24,11 @@ import org.scalatra.i18n.Messages
 import scala.collection.JavaConverters._
 import scala.collection.mutable.ListBuffer
 
-class SystemSettingsController extends SystemSettingsControllerBase
+class SystemSettingsController
-  with AccountService with RepositoryService with AdminAuthenticator
+    extends SystemSettingsControllerBase
+    with AccountService
+    with RepositoryService
+    with AdminAuthenticator
 
 case class Table(name: String, columns: Seq[Column])
 case class Column(name: String, primaryKey: Boolean)
@@ -33,72 +37,82 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
   self: AccountService with RepositoryService with AdminAuthenticator =>
 
   private val form = mapping(
-    "baseUrl"                  -> trim(label("Base URL", optional(text()))),
+    "baseUrl" -> trim(label("Base URL", optional(text()))),
-    "information"              -> trim(label("Information", optional(text()))),
+    "information" -> trim(label("Information", optional(text()))),
     "allowAccountRegistration" -> trim(label("Account registration", boolean())),
-    "allowAnonymousAccess"     -> trim(label("Anonymous access", boolean())),
+    "allowAnonymousAccess" -> trim(label("Anonymous access", boolean())),
     "isCreateRepoOptionPublic" -> trim(label("Default option to create a new repository", boolean())),
-    "gravatar"                 -> trim(label("Gravatar", boolean())),
+    "gravatar" -> trim(label("Gravatar", boolean())),
-    "notification"             -> trim(label("Notification", boolean())),
+    "notification" -> trim(label("Notification", boolean())),
-    "activityLogLimit"         -> trim(label("Limit of activity logs", optional(number()))),
+    "activityLogLimit" -> trim(label("Limit of activity logs", optional(number()))),
-    "ssh"                      -> trim(label("SSH access", boolean())),
+    "ssh" -> trim(label("SSH access", boolean())),
-    "sshHost"                  -> trim(label("SSH host", optional(text()))),
+    "sshHost" -> trim(label("SSH host", optional(text()))),
-    "sshPort"                  -> trim(label("SSH port", optional(number()))),
+    "sshPort" -> trim(label("SSH port", optional(number()))),
-    "useSMTP"                  -> trim(label("SMTP", boolean())),
+    "useSMTP" -> trim(label("SMTP", boolean())),
-    "smtp"                     -> optionalIfNotChecked("useSMTP", mapping(
+    "smtp" -> optionalIfNotChecked(
-        "host"                     -> trim(label("SMTP Host", text(required))),
+      "useSMTP",
-        "port"                     -> trim(label("SMTP Port", optional(number()))),
+      mapping(
-        "user"                     -> trim(label("SMTP User", optional(text()))),
+        "host" -> trim(label("SMTP Host", text(required))),
-        "password"                 -> trim(label("SMTP Password", optional(text()))),
+        "port" -> trim(label("SMTP Port", optional(number()))),
-        "ssl"                      -> trim(label("Enable SSL", optional(boolean()))),
+        "user" -> trim(label("SMTP User", optional(text()))),
-        "starttls"                 -> trim(label("Enable STARTTLS", optional(boolean()))),
+        "password" -> trim(label("SMTP Password", optional(text()))),
-        "fromAddress"              -> trim(label("FROM Address", optional(text()))),
+        "ssl" -> trim(label("Enable SSL", optional(boolean()))),
-        "fromName"                 -> trim(label("FROM Name", optional(text())))
+        "starttls" -> trim(label("Enable STARTTLS", optional(boolean()))),
-    )(Smtp.apply)),
+        "fromAddress" -> trim(label("FROM Address", optional(text()))),
-    "ldapAuthentication"       -> trim(label("LDAP", boolean())),
+        "fromName" -> trim(label("FROM Name", optional(text())))
-    "ldap"                     -> optionalIfNotChecked("ldapAuthentication", mapping(
+      )(Smtp.apply)
-        "host"                     -> trim(label("LDAP host", text(required))),
+    ),
-        "port"                     -> trim(label("LDAP port", optional(number()))),
+    "ldapAuthentication" -> trim(label("LDAP", boolean())),
-        "bindDN"                   -> trim(label("Bind DN", optional(text()))),
+    "ldap" -> optionalIfNotChecked(
-        "bindPassword"             -> trim(label("Bind Password", optional(text()))),
+      "ldapAuthentication",
-        "baseDN"                   -> trim(label("Base DN", text(required))),
+      mapping(
-        "userNameAttribute"        -> trim(label("User name attribute", text(required))),
+        "host" -> trim(label("LDAP host", text(required))),
-        "additionalFilterCondition"-> trim(label("Additional filter condition", optional(text()))),
+        "port" -> trim(label("LDAP port", optional(number()))),
-        "fullNameAttribute"        -> trim(label("Full name attribute", optional(text()))),
+        "bindDN" -> trim(label("Bind DN", optional(text()))),
-        "mailAttribute"            -> trim(label("Mail address attribute", optional(text()))),
+        "bindPassword" -> trim(label("Bind Password", optional(text()))),
-        "tls"                      -> trim(label("Enable TLS", optional(boolean()))),
+        "baseDN" -> trim(label("Base DN", text(required))),
-        "ssl"                      -> trim(label("Enable SSL", optional(boolean()))),
+        "userNameAttribute" -> trim(label("User name attribute", text(required))),
-        "keystore"                 -> trim(label("Keystore", optional(text())))
+        "additionalFilterCondition" -> trim(label("Additional filter condition", optional(text()))),
-    )(Ldap.apply)),
+        "fullNameAttribute" -> trim(label("Full name attribute", optional(text()))),
-    "oidcAuthentication"       -> trim(label("OIDC", boolean())),
+        "mailAttribute" -> trim(label("Mail address attribute", optional(text()))),
-    "oidc"                     -> optionalIfNotChecked("oidcAuthentication", mapping(
+        "tls" -> trim(label("Enable TLS", optional(boolean()))),
-        "issuer"                   -> trim(label("Issuer", text(required))),
+        "ssl" -> trim(label("Enable SSL", optional(boolean()))),
-        "clientID"                 -> trim(label("Client ID", text(required))),
+        "keystore" -> trim(label("Keystore", optional(text())))
-        "clientSecret"             -> trim(label("Client secret", text(required))),
+      )(Ldap.apply)
-        "jwsAlgorithm"             -> trim(label("Signature algorithm", optional(text())))
+    ),
-    )(OIDC.apply)),
+    "oidcAuthentication" -> trim(label("OIDC", boolean())),
-    "skinName" -> trim(label("AdminLTE skin name", text(required)))
+    "oidc" -> optionalIfNotChecked(
+      "oidcAuthentication",
+      mapping(
+        "issuer" -> trim(label("Issuer", text(required))),
+        "clientID" -> trim(label("Client ID", text(required))),
+        "clientSecret" -> trim(label("Client secret", text(required))),
+        "jwsAlgorithm" -> trim(label("Signature algorithm", optional(text())))
+      )(OIDC.apply)
+    ),
+    "skinName" -> trim(label("AdminLTE skin name", text(required))),
+    "showMailAddress" -> trim(label("Show mail address", boolean()))
   )(SystemSettings.apply).verifying { settings =>
     Vector(
-      if(settings.ssh && settings.baseUrl.isEmpty){
+      if (settings.ssh && settings.baseUrl.isEmpty) {
         Some("baseUrl" -> "Base URL is required if SSH access is enabled.")
       } else None,
-      if(settings.ssh && settings.sshHost.isEmpty){
+      if (settings.ssh && settings.sshHost.isEmpty) {
         Some("sshHost" -> "SSH host is required if SSH access is enabled.")
       } else None
     ).flatten
   }
 
   private val sendMailForm = mapping(
-    "smtp"        -> mapping(
+    "smtp" -> mapping(
-      "host"        -> trim(label("SMTP Host", text(required))),
+      "host" -> trim(label("SMTP Host", text(required))),
-      "port"        -> trim(label("SMTP Port", optional(number()))),
+      "port" -> trim(label("SMTP Port", optional(number()))),
-      "user"        -> trim(label("SMTP User", optional(text()))),
+      "user" -> trim(label("SMTP User", optional(text()))),
-      "password"    -> trim(label("SMTP Password", optional(text()))),
+      "password" -> trim(label("SMTP Password", optional(text()))),
-      "ssl"         -> trim(label("Enable SSL", optional(boolean()))),
+      "ssl" -> trim(label("Enable SSL", optional(boolean()))),
-      "starttls"    -> trim(label("Enable STARTTLS", optional(boolean()))),
+      "starttls" -> trim(label("Enable STARTTLS", optional(boolean()))),
       "fromAddress" -> trim(label("FROM Address", optional(text()))),
-      "fromName"    -> trim(label("FROM Name", optional(text())))
+      "fromName" -> trim(label("FROM Name", optional(text())))
     )(Smtp.apply),
     "testAddress" -> trim(label("", text(required)))
   )(SendMailForm.apply)
@@ -107,126 +121,164 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
   case class DataExportForm(tableNames: List[String])
 
-  case class NewUserForm(userName: String, password: String, fullName: String,
+  case class NewUserForm(
-                         mailAddress: String, isAdmin: Boolean,
+    userName: String,
-                         description: Option[String], url: Option[String], fileId: Option[String])
+    password: String,
+    fullName: String,
+    mailAddress: String,
+    extraMailAddresses: List[String],
+    isAdmin: Boolean,
+    description: Option[String],
+    url: Option[String],
+    fileId: Option[String]
+  )
 
-  case class EditUserForm(userName: String, password: Option[String], fullName: String,
+  case class EditUserForm(
-                          mailAddress: String, isAdmin: Boolean, description: Option[String], url: Option[String],
+    userName: String,
-                          fileId: Option[String], clearImage: Boolean, isRemoved: Boolean)
+    password: Option[String],
+    fullName: String,
+    mailAddress: String,
+    extraMailAddresses: List[String],
+    isAdmin: Boolean,
+    description: Option[String],
+    url: Option[String],
+    fileId: Option[String],
+    clearImage: Boolean,
+    isRemoved: Boolean
+  )
 
-  case class NewGroupForm(groupName: String, description: Option[String], url: Option[String], fileId: Option[String],
+  case class NewGroupForm(
-                          members: String)
+    groupName: String,
-
+    description: Option[String],
-  case class EditGroupForm(groupName: String, description: Option[String], url: Option[String], fileId: Option[String],
+    url: Option[String],
-                           members: String, clearImage: Boolean, isRemoved: Boolean)
+    fileId: Option[String],
+    members: String
+  )
 
+  case class EditGroupForm(
+    groupName: String,
+    description: Option[String],
+    url: Option[String],
+    fileId: Option[String],
+    members: String,
+    clearImage: Boolean,
+    isRemoved: Boolean
+  )
 
   val newUserForm = mapping(
-    "userName"    -> trim(label("Username"     ,text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
+    "userName" -> trim(label("Username", text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
-    "password"    -> trim(label("Password"     ,text(required, maxlength(20), password))),
+    "password" -> trim(label("Password", text(required, maxlength(20), password))),
-    "fullName"    -> trim(label("Full Name"    ,text(required, maxlength(100)))),
+    "fullName" -> trim(label("Full Name", text(required, maxlength(100)))),
-    "mailAddress" -> trim(label("Mail Address" ,text(required, maxlength(100), uniqueMailAddress()))),
+    "mailAddress" -> trim(label("Mail Address", text(required, maxlength(100), uniqueMailAddress()))),
-    "isAdmin"     -> trim(label("User Type"    ,boolean())),
+    "extraMailAddresses" -> list(
-    "description" -> trim(label("bio"          ,optional(text()))),
+      trim(label("Additional Mail Address", text(maxlength(100), uniqueExtraMailAddress("userName"))))
-    "url"         -> trim(label("URL"          ,optional(text(maxlength(200))))),
+    ),
-    "fileId"      -> trim(label("File ID"      ,optional(text())))
+    "isAdmin" -> trim(label("User Type", boolean())),
+    "description" -> trim(label("bio", optional(text()))),
+    "url" -> trim(label("URL", optional(text(maxlength(200))))),
+    "fileId" -> trim(label("File ID", optional(text())))
   )(NewUserForm.apply)
 
   val editUserForm = mapping(
-    "userName"    -> trim(label("Username"     ,text(required, maxlength(100), identifier))),
+    "userName" -> trim(label("Username", text(required, maxlength(100), identifier))),
-    "password"    -> trim(label("Password"     ,optional(text(maxlength(20), password)))),
+    "password" -> trim(label("Password", optional(text(maxlength(20), password)))),
-    "fullName"    -> trim(label("Full Name"    ,text(required, maxlength(100)))),
+    "fullName" -> trim(label("Full Name", text(required, maxlength(100)))),
-    "mailAddress" -> trim(label("Mail Address" ,text(required, maxlength(100), uniqueMailAddress("userName")))),
+    "mailAddress" -> trim(label("Mail Address", text(required, maxlength(100), uniqueMailAddress("userName")))),
-    "isAdmin"     -> trim(label("User Type"    ,boolean())),
+    "extraMailAddresses" -> list(
-    "description" -> trim(label("bio"          ,optional(text()))),
+      trim(label("Additional Mail Address", text(maxlength(100), uniqueExtraMailAddress("userName"))))
-    "url"         -> trim(label("URL"          ,optional(text(maxlength(200))))),
+    ),
-    "fileId"      -> trim(label("File ID"      ,optional(text()))),
+    "isAdmin" -> trim(label("User Type", boolean())),
-    "clearImage"  -> trim(label("Clear image"  ,boolean())),
+    "description" -> trim(label("bio", optional(text()))),
-    "removed"     -> trim(label("Disable"      ,boolean(disableByNotYourself("userName"))))
+    "url" -> trim(label("URL", optional(text(maxlength(200))))),
+    "fileId" -> trim(label("File ID", optional(text()))),
+    "clearImage" -> trim(label("Clear image", boolean())),
+    "removed" -> trim(label("Disable", boolean(disableByNotYourself("userName"))))
   )(EditUserForm.apply)
 
   val newGroupForm = mapping(
-    "groupName" -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
+    "groupName" -> trim(label("Group name", text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
     "description" -> trim(label("Group description", optional(text()))),
-    "url"       -> trim(label("URL"        ,optional(text(maxlength(200))))),
+    "url" -> trim(label("URL", optional(text(maxlength(200))))),
-    "fileId"    -> trim(label("File ID"    ,optional(text()))),
+    "fileId" -> trim(label("File ID", optional(text()))),
-    "members"   -> trim(label("Members"    ,text(required, members)))
+    "members" -> trim(label("Members", text(required, members)))
   )(NewGroupForm.apply)
 
   val editGroupForm = mapping(
-    "groupName"  -> trim(label("Group name"  ,text(required, maxlength(100), identifier))),
+    "groupName" -> trim(label("Group name", text(required, maxlength(100), identifier))),
     "description" -> trim(label("Group description", optional(text()))),
-    "url"        -> trim(label("URL"         ,optional(text(maxlength(200))))),
+    "url" -> trim(label("URL", optional(text(maxlength(200))))),
-    "fileId"     -> trim(label("File ID"     ,optional(text()))),
+    "fileId" -> trim(label("File ID", optional(text()))),
-    "members"    -> trim(label("Members"     ,text(required, members))),
+    "members" -> trim(label("Members", text(required, members))),
-    "clearImage" -> trim(label("Clear image" ,boolean())),
+    "clearImage" -> trim(label("Clear image", boolean())),
-    "removed"    -> trim(label("Disable"     ,boolean()))
+    "removed" -> trim(label("Disable", boolean()))
   )(EditGroupForm.apply)
 
-
   get("/admin/dbviewer")(adminOnly {
     val conn = request2Session(request).conn
     val meta = conn.getMetaData
     val tables = ListBuffer[Table]()
-    using(meta.getTables(null, "%", "%", Array("TABLE", "VIEW"))){ rs =>
+    using(meta.getTables(null, "%", "%", Array("TABLE", "VIEW"))) {
-      while(rs.next()){
+      rs =>
-        val tableName = rs.getString("TABLE_NAME")
+        while (rs.next()) {
+          val tableName = rs.getString("TABLE_NAME")
 
-        val pkColumns = ListBuffer[String]()
+          val pkColumns = ListBuffer[String]()
-        using(meta.getPrimaryKeys(null, null, tableName)){ rs =>
+          using(meta.getPrimaryKeys(null, null, tableName)) { rs =>
-          while(rs.next()){
+            while (rs.next()) {
-            pkColumns += rs.getString("COLUMN_NAME").toUpperCase
+              pkColumns += rs.getString("COLUMN_NAME").toUpperCase
+            }
           }
-        }
 
-        val columns = ListBuffer[Column]()
+          val columns = ListBuffer[Column]()
-        using(meta.getColumns(null, "%", tableName, "%")){ rs =>
+          using(meta.getColumns(null, "%", tableName, "%")) { rs =>
-          while(rs.next()){
+            while (rs.next()) {
-            val columnName = rs.getString("COLUMN_NAME").toUpperCase
+              val columnName = rs.getString("COLUMN_NAME").toUpperCase
-            columns += Column(columnName, pkColumns.contains(columnName))
+              columns += Column(columnName, pkColumns.contains(columnName))
+            }
           }
-        }
 
-        tables += Table(tableName.toUpperCase, columns)
+          tables += Table(tableName.toUpperCase, columns)
-      }
+        }
     }
     html.dbviewer(tables)
   })
 
   post("/admin/dbviewer/_query")(adminOnly {
     contentType = formats("json")
-    params.get("query").collectFirst { case query if query.trim.nonEmpty =>
+    params.get("query").collectFirst {
-      val trimmedQuery = query.trim
+      case query if query.trim.nonEmpty =>
-      if(trimmedQuery.nonEmpty){
+        val trimmedQuery = query.trim
-        try {
+        if (trimmedQuery.nonEmpty) {
-          val conn = request2Session(request).conn
+          try {
-          using(conn.prepareStatement(query)){ stmt =>
+            val conn = request2Session(request).conn
-            if(trimmedQuery.toUpperCase.startsWith("SELECT")){
+            using(conn.prepareStatement(query)) {
-              using(stmt.executeQuery()){ rs =>
+              stmt =>
-                val meta = rs.getMetaData
+                if (trimmedQuery.toUpperCase.startsWith("SELECT")) {
-                val columns = for(i <- 1 to meta.getColumnCount) yield {
+                  using(stmt.executeQuery()) {
-                  meta.getColumnName(i)
+                    rs =>
+                      val meta = rs.getMetaData
+                      val columns = for (i <- 1 to meta.getColumnCount) yield {
+                        meta.getColumnName(i)
+                      }
+                      val result = ListBuffer[Map[String, String]]()
+                      while (rs.next()) {
+                        val row = columns.map { columnName =>
+                          columnName -> Option(rs.getObject(columnName)).map(_.toString).getOrElse("<NULL>")
+                        }.toMap
+                        result += row
+                      }
+                      Ok(Serialization.write(Map("type" -> "query", "columns" -> columns, "rows" -> result)))
+                  }
+                } else {
+                  val rows = stmt.executeUpdate()
+                  Ok(Serialization.write(Map("type" -> "update", "rows" -> rows)))
                 }
-                val result = ListBuffer[Map[String, String]]()
-                while(rs.next()){
-                  val row = columns.map { columnName =>
-                    columnName -> Option(rs.getObject(columnName)).map(_.toString).getOrElse("<NULL>")
-                  }.toMap
-                  result += row
-                }
-                Ok(Serialization.write(Map("type" -> "query", "columns" -> columns, "rows" -> result)))
-              }
-            } else {
-              val rows = stmt.executeUpdate()
-              Ok(Serialization.write(Map("type" -> "update", "rows" -> rows)))
             }
+          } catch {
+            case e: Exception =>
+              Ok(Serialization.write(Map("type" -> "error", "message" -> e.toString)))
           }
-        } catch {
-          case e: Exception =>
-            Ok(Serialization.write(Map("type" -> "error", "message" -> e.toString)))
         }
-      }
     } getOrElse Ok(Serialization.write(Map("type" -> "error", "message" -> "query is empty")))
   })
 
@@ -239,11 +291,10 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
     if (form.sshAddress != context.settings.sshAddress) {
       SshServer.stop()
-       for {
+      for {
-         sshAddress <- form.sshAddress
+        sshAddress <- form.sshAddress
-         baseUrl    <- form.baseUrl
+        baseUrl <- form.baseUrl
-       }
+      } SshServer.start(sshAddress, baseUrl)
-       SshServer.start(sshAddress, baseUrl)
     }
 
     flash += "info" -> "System settings has been updated."
@@ -253,17 +304,18 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
   post("/admin/system/sendmail", sendMailForm)(adminOnly { form =>
     try {
       new Mailer(context.settings.copy(smtp = Some(form.smtp), notification = true)).send(
-        to           = form.testAddress,
+        to = form.testAddress,
-        subject      = "Test message from GitBucket",
+        subject = "Test message from GitBucket",
-        textMsg      = "This is a test message from GitBucket.",
+        textMsg = "This is a test message from GitBucket.",
-        htmlMsg      = None,
+        htmlMsg = None,
         loginAccount = context.loginAccount
       )
 
       "Test mail has been sent to: " + form.testAddress
 
     } catch {
-      case e: Exception => "[Error] " + e.toString
+      case e: EmailException => s"[Error] ${e.getCause}"
+      case e: Exception      => "[Error] " + e.toString
     }
   })
 
@@ -274,20 +326,27 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
     val gitbucketVersion = Semver.valueOf(GitBucketCoreModule.getVersions.asScala.last.getVersion)
 
     // Plugins in the local repository
-    val repositoryPlugins = PluginRepository.getPlugins()
+    val repositoryPlugins = PluginRepository
+      .getPlugins()
       .filterNot { meta =>
-        enabledPlugins.exists { plugin => plugin.pluginId == meta.id &&
+        enabledPlugins.exists { plugin =>
+          plugin.pluginId == meta.id &&
           Semver.valueOf(plugin.pluginVersion).greaterThanOrEqualTo(Semver.valueOf(meta.latestVersion.version))
         }
-      }.map { meta =>
+      }
-        (meta, meta.versions.reverse.find { version => gitbucketVersion.satisfies(version.range) })
+      .map { meta =>
-      }.collect { case (meta, Some(version)) =>
+        (meta, meta.versions.reverse.find { version =>
-        new PluginInfoBase(
+          gitbucketVersion.satisfies(version.range)
-          pluginId      = meta.id,
+        })
-          pluginName    = meta.name,
+      }
-          pluginVersion = version.version,
+      .collect {
-          description   = meta.description
+        case (meta, Some(version)) =>
-        )
+          new PluginInfoBase(
+            pluginId = meta.id,
+            pluginName = meta.name,
+            pluginVersion = version.version,
+            description = meta.description
+          )
       }
 
     // Merge
@@ -304,11 +363,13 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
   post("/admin/plugins/:pluginId/:version/_uninstall")(adminOnly {
     val pluginId = params("pluginId")
-    val version  = params("version")
+    val version = params("version")
-    PluginRegistry().getPlugins()
+    PluginRegistry()
+      .getPlugins()
       .collect { case plugin if (plugin.pluginId == pluginId && plugin.pluginVersion == version) => plugin }
       .foreach { _ =>
-        PluginRegistry.uninstall(pluginId, request.getServletContext, loadSystemSettings(), request2Session(request).conn)
+        PluginRegistry
+          .uninstall(pluginId, request.getServletContext, loadSystemSettings(), request2Session(request).conn)
         flash += "info" -> s"${pluginId} was uninstalled."
       }
     redirect("/admin/plugins")
@@ -316,87 +377,104 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
   post("/admin/plugins/:pluginId/:version/_install")(adminOnly {
     val pluginId = params("pluginId")
-    val version  = params("version")
+    val version = params("version")
     /// TODO!!!!
-    PluginRepository.getPlugins()
+    PluginRepository
-      .collect { case meta if meta.id == pluginId => (meta, meta.versions.find(_.version == version) )}
+      .getPlugins()
-      .foreach { case (meta, version) =>
+      .collect { case meta if meta.id == pluginId => (meta, meta.versions.find(_.version == version)) }
-        version.foreach { version =>
+      .foreach {
-          // TODO Install version!
+        case (meta, version) =>
-          PluginRegistry.install(
+          version.foreach { version =>
-            new java.io.File(PluginHome, s".repository/${version.file}"),
+            // TODO Install version!
-            request.getServletContext,
+            PluginRegistry.install(
-            loadSystemSettings(),
+              new java.io.File(PluginHome, s".repository/${version.file}"),
-            request2Session(request).conn
+              request.getServletContext,
-          )
+              loadSystemSettings(),
-          flash += "info" -> s"${pluginId} was installed."
+              request2Session(request).conn
-        }
+            )
+            flash += "info" -> s"${pluginId} was installed."
+          }
       }
     redirect("/admin/plugins")
   })
 
-
   get("/admin/users")(adminOnly {
     val includeRemoved = params.get("includeRemoved").map(_.toBoolean).getOrElse(false)
     val includeGroups = params.get("includeGroups").map(_.toBoolean).getOrElse(false)
-    val users          = getAllUsers(includeRemoved, includeGroups)
+    val users = getAllUsers(includeRemoved, includeGroups)
-    val members        = users.collect { case account if(account.isGroupAccount) =>
+    val members = users.collect {
-      account.userName -> getGroupMembers(account.userName).map(_.userName)
+      case account if (account.isGroupAccount) =>
+        account.userName -> getGroupMembers(account.userName).map(_.userName)
     }.toMap
 
     html.userlist(users, members, includeRemoved, includeGroups)
   })
 
   get("/admin/users/_newuser")(adminOnly {
-    html.user(None)
+    html.user(None, Nil)
   })
 
   post("/admin/users/_newuser", newUserForm)(adminOnly { form =>
-    createAccount(form.userName, sha1(form.password), form.fullName, form.mailAddress, form.isAdmin, form.description, form.url)
+    createAccount(
+      form.userName,
+      pbkdf2_sha256(form.password),
+      form.fullName,
+      form.mailAddress,
+      form.isAdmin,
+      form.description,
+      form.url
+    )
     updateImage(form.userName, form.fileId, false)
+    updateAccountExtraMailAddresses(form.userName, form.extraMailAddresses.filter(_ != ""))
     redirect("/admin/users")
   })
 
   get("/admin/users/:userName/_edituser")(adminOnly {
     val userName = params("userName")
-    html.user(getAccountByUserName(userName, true), flash.get("error"))
+    val extraMails = getAccountExtraMailAddresses(userName)
+    html.user(getAccountByUserName(userName, true), extraMails, flash.get("error"))
   })
 
   post("/admin/users/:name/_edituser", editUserForm)(adminOnly { form =>
     val userName = params("userName")
-    getAccountByUserName(userName, true).map { account =>
+    getAccountByUserName(userName, true).map {
-      if(account.isAdmin && (form.isRemoved || !form.isAdmin) && isLastAdministrator(account)){
+      account =>
-        flash += "error" -> "Account can't be turned off because this is last one administrator."
+        if (account.isAdmin && (form.isRemoved || !form.isAdmin) && isLastAdministrator(account)) {
-        redirect(s"/admin/users/${userName}/_edituser")
+          flash += "error" -> "Account can't be turned off because this is last one administrator."
-      } else {
+          redirect(s"/admin/users/${userName}/_edituser")
-        if(form.isRemoved){
+        } else {
-          // Remove repositories
+          if (form.isRemoved) {
-          //        getRepositoryNamesOfUser(userName).foreach { repositoryName =>
+            // Remove repositories
-          //          deleteRepository(userName, repositoryName)
+            //        getRepositoryNamesOfUser(userName).foreach { repositoryName =>
-          //          FileUtils.deleteDirectory(getRepositoryDir(userName, repositoryName))
+            //          deleteRepository(userName, repositoryName)
-          //          FileUtils.deleteDirectory(getWikiRepositoryDir(userName, repositoryName))
+            //          FileUtils.deleteDirectory(getRepositoryDir(userName, repositoryName))
-          //          FileUtils.deleteDirectory(getTemporaryDir(userName, repositoryName))
+            //          FileUtils.deleteDirectory(getWikiRepositoryDir(userName, repositoryName))
-          //        }
+            //          FileUtils.deleteDirectory(getTemporaryDir(userName, repositoryName))
-          // Remove from GROUP_MEMBER and COLLABORATOR
+            //        }
-          removeUserRelatedData(userName)
+            // Remove from GROUP_MEMBER and COLLABORATOR
+            removeUserRelatedData(userName)
+          }
+
+          updateAccount(
+            account.copy(
+              password = form.password.map(pbkdf2_sha256).getOrElse(account.password),
+              fullName = form.fullName,
+              mailAddress = form.mailAddress,
+              isAdmin = form.isAdmin,
+              description = form.description,
+              url = form.url,
+              isRemoved = form.isRemoved
+            )
+          )
+
+          updateImage(userName, form.fileId, form.clearImage)
+          updateAccountExtraMailAddresses(userName, form.extraMailAddresses.filter(_ != ""))
+
+          // call hooks
+          if (form.isRemoved) PluginRegistry().getAccountHooks.foreach(_.deleted(userName))
+
+          redirect("/admin/users")
         }
-
-        updateAccount(account.copy(
-          password     = form.password.map(sha1).getOrElse(account.password),
-          fullName     = form.fullName,
-          mailAddress  = form.mailAddress,
-          isAdmin      = form.isAdmin,
-          description  = form.description,
-          url          = form.url,
-          isRemoved    = form.isRemoved))
-
-        updateImage(userName, form.fileId, form.clearImage)
-
-        // call hooks
-        if(form.isRemoved) PluginRegistry().getAccountHooks.foreach(_.deleted(userName))
-
-        redirect("/admin/users")
-      }
     } getOrElse NotFound()
   })
 
@@ -406,33 +484,47 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
   post("/admin/users/_newgroup", newGroupForm)(adminOnly { form =>
     createGroup(form.groupName, form.description, form.url)
-    updateGroupMembers(form.groupName, form.members.split(",").map {
+    updateGroupMembers(
-      _.split(":") match {
+      form.groupName,
-        case Array(userName, isManager) => (userName, isManager.toBoolean)
+      form.members
-      }
+        .split(",")
-    }.toList)
+        .map {
+          _.split(":") match {
+            case Array(userName, isManager) => (userName, isManager.toBoolean)
+          }
+        }
+        .toList
+    )
     updateImage(form.groupName, form.fileId, false)
     redirect("/admin/users")
   })
 
   get("/admin/users/:groupName/_editgroup")(adminOnly {
-    defining(params("groupName")){ groupName =>
+    defining(params("groupName")) { groupName =>
       html.usergroup(getAccountByUserName(groupName, true), getGroupMembers(groupName))
     }
   })
 
   post("/admin/users/:groupName/_editgroup", editGroupForm)(adminOnly { form =>
-    defining(params("groupName"), form.members.split(",").map {
+    defining(
-      _.split(":") match {
+      params("groupName"),
-        case Array(userName, isManager) => (userName, isManager.toBoolean)
+      form.members
-      }
+        .split(",")
-    }.toList){ case (groupName, members) =>
+        .map {
-      getAccountByUserName(groupName, true).map { account =>
+          _.split(":") match {
-        updateGroup(groupName, form.description, form.url, form.isRemoved)
+            case Array(userName, isManager) => (userName, isManager.toBoolean)
+          }
+        }
+        .toList
+    ) {
+      case (groupName, members) =>
+        getAccountByUserName(groupName, true).map {
+          account =>
+            updateGroup(groupName, form.description, form.url, form.isRemoved)
 
-        if(form.isRemoved){
+            if (form.isRemoved) {
-          // Remove from GROUP_MEMBER
+              // Remove from GROUP_MEMBER
-          updateGroupMembers(form.groupName, Nil)
+              updateGroupMembers(form.groupName, Nil)
 //          // Remove repositories
 //          getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
 //            deleteRepository(groupName, repositoryName)
@@ -440,9 +532,9 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 //            FileUtils.deleteDirectory(getWikiRepositoryDir(groupName, repositoryName))
 //            FileUtils.deleteDirectory(getTemporaryDir(groupName, repositoryName))
 //          }
-        } else {
+            } else {
-          // Update GROUP_MEMBER
+              // Update GROUP_MEMBER
-          updateGroupMembers(form.groupName, members)
+              updateGroupMembers(form.groupName, members)
 //          // Update COLLABORATOR for group repositories
 //          getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
 //            removeCollaborators(form.groupName, repositoryName)
@@ -450,12 +542,12 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 //              addCollaborator(form.groupName, repositoryName, userName)
 //            }
 //          }
-        }
+            }
 
-        updateImage(form.groupName, form.fileId, form.clearImage)
+            updateImage(form.groupName, form.fileId, form.clearImage)
-        redirect("/admin/users")
+            redirect("/admin/users")
 
-      } getOrElse NotFound()
+        } getOrElse NotFound()
     }
   })
 
@@ -473,25 +565,26 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
     response.setHeader("Content-Disposition", "attachment; filename=" + file.getName)
     response.setContentLength(file.length.toInt)
 
-    using(new FileInputStream(file)){ in =>
+    using(new FileInputStream(file)) { in =>
       IOUtils.copy(in, response.outputStream)
     }
 
     ()
   })
 
-  private def members: Constraint = new Constraint(){
+  private def members: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] = {
-      if(value.split(",").exists {
+      if (value.split(",").exists {
-        _.split(":") match { case Array(userName, isManager) => isManager.toBoolean }
+            _.split(":") match { case Array(userName, isManager) => isManager.toBoolean }
-      }) None else Some("Must select one manager at least.")
+          }) None
+      else Some("Must select one manager at least.")
     }
   }
 
   protected def disableByNotYourself(paramName: String): Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] = {
       params.get(paramName).flatMap { userName =>
-        if(userName == context.loginAccount.get.userName && params.get("removed") == Some("true"))
+        if (userName == context.loginAccount.get.userName && params.get("removed") == Some("true"))
           Some("You can't disable your account yourself")
         else
           None

src/main/scala/gitbucket/core/controller/ValidationSupport.scala

@@ -14,58 +14,58 @@ trait ValidationSupport extends FormSupport { self: ServletBase with JacksonJson
 
   def get[T](path: String, form: ValueType[T])(action: T => Any): Route = {
     registerValidate(path, form)
-    get(path){
+    get(path) {
       validate(form)(errors => BadRequest(), form => action(form))
     }
   }
 
   def post[T](path: String, form: ValueType[T])(action: T => Any): Route = {
     registerValidate(path, form)
-    post(path){
+    post(path) {
       validate(form)(errors => BadRequest(), form => action(form))
     }
   }
 
   def put[T](path: String, form: ValueType[T])(action: T => Any): Route = {
     registerValidate(path, form)
-    put(path){
+    put(path) {
       validate(form)(errors => BadRequest(), form => action(form))
     }
   }
 
   def delete[T](path: String, form: ValueType[T])(action: T => Any): Route = {
     registerValidate(path, form)
-    delete(path){
+    delete(path) {
       validate(form)(errors => BadRequest(), form => action(form))
     }
   }
 
   def ajaxGet[T](path: String, form: ValueType[T])(action: T => Any): Route = {
-    get(path){
+    get(path) {
       validate(form)(errors => ajaxError(errors), form => action(form))
     }
   }
 
   def ajaxPost[T](path: String, form: ValueType[T])(action: T => Any): Route = {
-    post(path){
+    post(path) {
       validate(form)(errors => ajaxError(errors), form => action(form))
     }
   }
 
   def ajaxDelete[T](path: String, form: ValueType[T])(action: T => Any): Route = {
-    delete(path){
+    delete(path) {
       validate(form)(errors => ajaxError(errors), form => action(form))
     }
   }
 
   def ajaxPut[T](path: String, form: ValueType[T])(action: T => Any): Route = {
-    put(path){
+    put(path) {
       validate(form)(errors => ajaxError(errors), form => action(form))
     }
   }
 
   private def registerValidate[T](path: String, form: ValueType[T]) = {
-    post(path.replaceFirst("/$", "") + "/validate"){
+    post(path.replaceFirst("/$", "") + "/validate") {
       contentType = "application/json"
       toJson(form.validate("", multiParams, messages))
     }
@@ -84,8 +84,9 @@ trait ValidationSupport extends FormSupport { self: ServletBase with JacksonJson
    * Converts errors to JSON.
    */
   private def toJson(errors: Seq[(String, String)]): JObject =
-    JObject(errors.map { case (key, value) =>
+    JObject(errors.map {
-      JField(key, JString(value))
+      case (key, value) =>
+        JField(key, JString(value))
     }.toList)
 
 }

src/main/scala/gitbucket/core/controller/WikiController.scala

@@ -14,38 +14,60 @@ import org.scalatra.forms._
 import org.eclipse.jgit.api.Git
 import org.scalatra.i18n.Messages
 
-class WikiController extends WikiControllerBase
+class WikiController
-  with WikiService with RepositoryService with AccountService with ActivityService with WebHookService
+    extends WikiControllerBase
-  with ReadableUsersAuthenticator with ReferrerAuthenticator
+    with WikiService
+    with RepositoryService
+    with AccountService
+    with ActivityService
+    with WebHookService
+    with ReadableUsersAuthenticator
+    with ReferrerAuthenticator
 
 trait WikiControllerBase extends ControllerBase {
-  self: WikiService with RepositoryService with AccountService with ActivityService with WebHookService
+  self: WikiService
-    with ReadableUsersAuthenticator with ReferrerAuthenticator =>
+    with RepositoryService
+    with AccountService
+    with ActivityService
+    with WebHookService
+    with ReadableUsersAuthenticator
+    with ReferrerAuthenticator =>
 
-  case class WikiPageEditForm(pageName: String, content: String, message: Option[String], currentPageName: String, id: String)
+  case class WikiPageEditForm(
+    pageName: String,
+    content: String,
+    message: Option[String],
+    currentPageName: String,
+    id: String
+  )
 
   val newForm = mapping(
-    "pageName"        -> trim(label("Page name"         , text(required, maxlength(40), pagename, unique))),
+    "pageName" -> trim(label("Page name", text(required, maxlength(40), pagename, unique))),
-    "content"         -> trim(label("Content"           , text(required, conflictForNew))),
+    "content" -> trim(label("Content", text(required, conflictForNew))),
-    "message"         -> trim(label("Message"           , optional(text()))),
+    "message" -> trim(label("Message", optional(text()))),
-    "currentPageName" -> trim(label("Current page name" , text())),
+    "currentPageName" -> trim(label("Current page name", text())),
-    "id"              -> trim(label("Latest commit id"  , text()))
+    "id" -> trim(label("Latest commit id", text()))
   )(WikiPageEditForm.apply)
 
   val editForm = mapping(
-    "pageName"        -> trim(label("Page name"         , text(required, maxlength(40), pagename))),
+    "pageName" -> trim(label("Page name", text(required, maxlength(40), pagename))),
-    "content"         -> trim(label("Content"           , text(required, conflictForEdit))),
+    "content" -> trim(label("Content", text(required, conflictForEdit))),
-    "message"         -> trim(label("Message"           , optional(text()))),
+    "message" -> trim(label("Message", optional(text()))),
-    "currentPageName" -> trim(label("Current page name" , text(required))),
+    "currentPageName" -> trim(label("Current page name", text(required))),
-    "id"              -> trim(label("Latest commit id"  , text(required)))
+    "id" -> trim(label("Latest commit id", text(required)))
   )(WikiPageEditForm.apply)
 
   get("/:owner/:repository/wiki")(referrersOnly { repository =>
     getWikiPage(repository.owner, repository.name, "Home").map { page =>
-      html.page("Home", page, getWikiPageList(repository.owner, repository.name),
+      html.page(
-        repository, isEditable(repository),
+        "Home",
+        page,
+        getWikiPageList(repository.owner, repository.name),
+        repository,
+        isEditable(repository),
         getWikiPage(repository.owner, repository.name, "_Sidebar"),
-        getWikiPage(repository.owner, repository.name, "_Footer"))
+        getWikiPage(repository.owner, repository.name, "_Footer")
+      )
     } getOrElse redirect(s"/${repository.owner}/${repository.name}/wiki/Home/_edit")
   })
 
@@ -53,20 +75,25 @@ trait WikiControllerBase extends ControllerBase {
     val pageName = StringUtil.urlDecode(params("page"))
 
     getWikiPage(repository.owner, repository.name, pageName).map { page =>
-      html.page(pageName, page, getWikiPageList(repository.owner, repository.name),
+      html.page(
-        repository, isEditable(repository),
+        pageName,
+        page,
+        getWikiPageList(repository.owner, repository.name),
+        repository,
+        isEditable(repository),
         getWikiPage(repository.owner, repository.name, "_Sidebar"),
-        getWikiPage(repository.owner, repository.name, "_Footer"))
+        getWikiPage(repository.owner, repository.name, "_Footer")
+      )
     } getOrElse redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}/_edit")
   })
 
   get("/:owner/:repository/wiki/:page/_history")(referrersOnly { repository =>
     val pageName = StringUtil.urlDecode(params("page"))
 
-    using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
+    using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))) { git =>
       JGitUtil.getCommitLog(git, "master", path = pageName + ".md") match {
         case Right((logs, hasNext)) => html.history(Some(pageName), logs, repository, isEditable(repository))
-        case Left(_) => NotFound()
+        case Left(_)                => NotFound()
       }
     }
   })
@@ -75,40 +102,56 @@ trait WikiControllerBase extends ControllerBase {
     val pageName = StringUtil.urlDecode(params("page"))
     val Array(from, to) = params("commitId").split("\\.\\.\\.")
 
-    using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
+    using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))) { git =>
-      html.compare(Some(pageName), from, to, JGitUtil.getDiffs(git, Some(from), to, true, false).filter(_.newPath == pageName + ".md"), repository,
+      html.compare(
-        isEditable(repository), flash.get("info"))
+        Some(pageName),
+        from,
+        to,
+        JGitUtil.getDiffs(git, Some(from), to, true, false).filter(_.newPath == pageName + ".md"),
+        repository,
+        isEditable(repository),
+        flash.get("info")
+      )
     }
   })
 
   get("/:owner/:repository/wiki/_compare/:commitId")(referrersOnly { repository =>
     val Array(from, to) = params("commitId").split("\\.\\.\\.")
 
-    using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
+    using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))) { git =>
-      html.compare(None, from, to, JGitUtil.getDiffs(git, Some(from), to, true, false), repository,
+      html.compare(
-        isEditable(repository), flash.get("info"))
+        None,
+        from,
+        to,
+        JGitUtil.getDiffs(git, Some(from), to, true, false),
+        repository,
+        isEditable(repository),
+        flash.get("info")
+      )
     }
   })
 
   get("/:owner/:repository/wiki/:page/_revert/:commitId")(readableUsersOnly { repository =>
-    if(isEditable(repository)){
+    if (isEditable(repository)) {
       val pageName = StringUtil.urlDecode(params("page"))
       val Array(from, to) = params("commitId").split("\\.\\.\\.")
 
-      if(revertWikiPage(repository.owner, repository.name, from, to, context.loginAccount.get, Some(pageName))){
+      if (revertWikiPage(repository.owner, repository.name, from, to, context.loginAccount.get, Some(pageName))) {
         redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}")
       } else {
         flash += "info" -> "This patch was not able to be reversed."
-        redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}/_compare/${from}...${to}")
+        redirect(
+          s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}/_compare/${from}...${to}"
+        )
       }
     } else Unauthorized()
   })
 
   get("/:owner/:repository/wiki/_revert/:commitId")(readableUsersOnly { repository =>
-    if(isEditable(repository)){
+    if (isEditable(repository)) {
       val Array(from, to) = params("commitId").split("\\.\\.\\.")
 
-      if(revertWikiPage(repository.owner, repository.name, from, to, context.loginAccount.get, None)){
+      if (revertWikiPage(repository.owner, repository.name, from, to, context.loginAccount.get, None)) {
         redirect(s"/${repository.owner}/${repository.name}/wiki")
       } else {
         flash += "info" -> "This patch was not able to be reversed."
@@ -118,85 +161,102 @@ trait WikiControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/wiki/:page/_edit")(readableUsersOnly { repository =>
-    if(isEditable(repository)){
+    if (isEditable(repository)) {
       val pageName = StringUtil.urlDecode(params("page"))
       html.edit(pageName, getWikiPage(repository.owner, repository.name, pageName), repository)
     } else Unauthorized()
   })
 
   post("/:owner/:repository/wiki/_edit", editForm)(readableUsersOnly { (form, repository) =>
-    if(isEditable(repository)){
+    if (isEditable(repository)) {
-      defining(context.loginAccount.get){ loginAccount =>
+      defining(context.loginAccount.get) {
-        saveWikiPage(
+        loginAccount =>
-          repository.owner,
+          saveWikiPage(
-          repository.name,
+            repository.owner,
-          form.currentPageName,
+            repository.name,
-          form.pageName,
+            form.currentPageName,
-          appendNewLine(convertLineSeparator(form.content, "LF"), "LF"),
+            form.pageName,
-          loginAccount,
+            appendNewLine(convertLineSeparator(form.content, "LF"), "LF"),
-          form.message.getOrElse(""),
+            loginAccount,
-          Some(form.id)
+            form.message.getOrElse(""),
-        ).map { commitId =>
+            Some(form.id)
-          updateLastActivityDate(repository.owner, repository.name)
+          ).map {
-          recordEditWikiPageActivity(repository.owner, repository.name, loginAccount.userName, form.pageName, commitId)
+            commitId =>
-          callWebHookOf(repository.owner, repository.name, WebHook.Gollum){
+              updateLastActivityDate(repository.owner, repository.name)
-            getAccountByUserName(repository.owner).map { repositoryUser =>
+              recordEditWikiPageActivity(
-              WebHookGollumPayload("edited", form.pageName, commitId, repository, repositoryUser, loginAccount)
+                repository.owner,
-            }
+                repository.name,
+                loginAccount.userName,
+                form.pageName,
+                commitId
+              )
+              callWebHookOf(repository.owner, repository.name, WebHook.Gollum) {
+                getAccountByUserName(repository.owner).map { repositoryUser =>
+                  WebHookGollumPayload("edited", form.pageName, commitId, repository, repositoryUser, loginAccount)
+                }
+              }
+          }
+          if (notReservedPageName(form.pageName)) {
+            redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(form.pageName)}")
+          } else {
+            redirect(s"/${repository.owner}/${repository.name}/wiki")
           }
-        }
-        if(notReservedPageName(form.pageName)) {
-          redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(form.pageName)}")
-        } else {
-          redirect(s"/${repository.owner}/${repository.name}/wiki")
-        }
       }
     } else Unauthorized()
   })
 
   get("/:owner/:repository/wiki/_new")(readableUsersOnly { repository =>
-    if(isEditable(repository)){
+    if (isEditable(repository)) {
       html.edit("", None, repository)
     } else Unauthorized()
   })
 
   post("/:owner/:repository/wiki/_new", newForm)(readableUsersOnly { (form, repository) =>
-    if(isEditable(repository)){
+    if (isEditable(repository)) {
-      defining(context.loginAccount.get){ loginAccount =>
+      defining(context.loginAccount.get) {
-        saveWikiPage(
+        loginAccount =>
-          repository.owner,
+          saveWikiPage(
-          repository.name,
+            repository.owner,
-          form.currentPageName,
+            repository.name,
-          form.pageName,
+            form.currentPageName,
-          form.content,
+            form.pageName,
-          loginAccount,
+            form.content,
-          form.message.getOrElse(""),
+            loginAccount,
-          None
+            form.message.getOrElse(""),
-        ).map { commitId =>
+            None
-          updateLastActivityDate(repository.owner, repository.name)
+          ).map {
-          recordCreateWikiPageActivity(repository.owner, repository.name, loginAccount.userName, form.pageName)
+            commitId =>
-          callWebHookOf(repository.owner, repository.name, WebHook.Gollum){
+              updateLastActivityDate(repository.owner, repository.name)
-            getAccountByUserName(repository.owner).map { repositoryUser =>
+              recordCreateWikiPageActivity(repository.owner, repository.name, loginAccount.userName, form.pageName)
-              WebHookGollumPayload("created", form.pageName, commitId, repository, repositoryUser, loginAccount)
+              callWebHookOf(repository.owner, repository.name, WebHook.Gollum) {
-            }
+                getAccountByUserName(repository.owner).map { repositoryUser =>
+                  WebHookGollumPayload("created", form.pageName, commitId, repository, repositoryUser, loginAccount)
+                }
+              }
           }
-        }
 
-        if(notReservedPageName(form.pageName)) {
+          if (notReservedPageName(form.pageName)) {
-          redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(form.pageName)}")
+            redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(form.pageName)}")
-        } else {
+          } else {
-          redirect(s"/${repository.owner}/${repository.name}/wiki")
+            redirect(s"/${repository.owner}/${repository.name}/wiki")
-        }
+          }
       }
     } else Unauthorized()
   })
 
   get("/:owner/:repository/wiki/:page/_delete")(readableUsersOnly { repository =>
-    if(isEditable(repository)){
+    if (isEditable(repository)) {
       val pageName = StringUtil.urlDecode(params("page"))
 
-      defining(context.loginAccount.get){ loginAccount =>
+      defining(context.loginAccount.get) { loginAccount =>
-        deleteWikiPage(repository.owner, repository.name, pageName, loginAccount.fullName, loginAccount.mailAddress, s"Destroyed ${pageName}")
+        deleteWikiPage(
+          repository.owner,
+          repository.name,
+          pageName,
+          loginAccount.fullName,
+          loginAccount.mailAddress,
+          s"Destroyed ${pageName}"
+        )
         updateLastActivityDate(repository.owner, repository.name)
 
         redirect(s"/${repository.owner}/${repository.name}/wiki")
@@ -209,17 +269,17 @@ trait WikiControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/wiki/_history")(referrersOnly { repository =>
-    using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
+    using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))) { git =>
       JGitUtil.getCommitLog(git, "master") match {
         case Right((logs, hasNext)) => html.history(None, logs, repository, isEditable(repository))
-        case Left(_) => NotFound()
+        case Left(_)                => NotFound()
       }
     }
   })
 
   get("/:owner/:repository/wiki/_blob/*")(referrersOnly { repository =>
     val path = multiParams("splat").head
-    using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
+    using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))) { git =>
       val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve("master"))
 
       getPathObjectId(git, path, revCommit).map { objectId =>
@@ -228,25 +288,32 @@ trait WikiControllerBase extends ControllerBase {
     }
   })
 
-  private def unique: Constraint = new Constraint(){
+  private def unique: Constraint = new Constraint() {
-    override def validate(name: String, value: String, params: Map[String, Seq[String]], messages: Messages): Option[String] =
+    override def validate(
-      getWikiPageList(params.value("owner"), params.value("repository")).find(_ == value).map(_ => "Page already exists.")
+      name: String,
+      value: String,
+      params: Map[String, Seq[String]],
+      messages: Messages
+    ): Option[String] =
+      getWikiPageList(params.value("owner"), params.value("repository"))
+        .find(_ == value)
+        .map(_ => "Page already exists.")
   }
 
-  private def pagename: Constraint = new Constraint(){
+  private def pagename: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] =
-      if(value.exists("\\/:*?\"<>|".contains(_))){
+      if (value.exists("\\/:*?\"<>|".contains(_))) {
         Some(s"${name} contains invalid character.")
-      } else if(notReservedPageName(value) && (value.startsWith("_") || value.startsWith("-"))){
+      } else if (notReservedPageName(value) && (value.startsWith("_") || value.startsWith("-"))) {
         Some(s"${name} starts with invalid character.")
       } else {
         None
       }
   }
 
-  private def notReservedPageName(value: String) = ! (Array[String]("_Sidebar","_Footer") contains value)
+  private def notReservedPageName(value: String) = !(Array[String]("_Sidebar", "_Footer") contains value)
 
-  private def conflictForNew: Constraint = new Constraint(){
+  private def conflictForNew: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] = {
       targetWikiPage.map { _ =>
         "Someone has created the wiki since you started. Please reload this page and re-apply your changes."
@@ -254,9 +321,9 @@ trait WikiControllerBase extends ControllerBase {
     }
   }
 
-  private def conflictForEdit: Constraint = new Constraint(){
+  private def conflictForEdit: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] = {
-      targetWikiPage.filter(_.id != params("id")).map{ _ =>
+      targetWikiPage.filter(_.id != params("id")).map { _ =>
         "Someone has edited the wiki since you started. Please reload this page and re-apply your changes."
       }
     }

src/main/scala/gitbucket/core/model/AccessToken.scala

@@ -1,6 +1,5 @@
 package gitbucket.core.model
 
-
 trait AccessTokenComponent { self: Profile =>
   import profile.api._
 

src/main/scala/gitbucket/core/model/Account.scala

@@ -20,7 +20,22 @@ trait AccountComponent { self: Profile =>
     val groupAccount = column[Boolean]("GROUP_ACCOUNT")
     val removed = column[Boolean]("REMOVED")
     val description = column[String]("DESCRIPTION")
-    def * = (userName, fullName, mailAddress, password, isAdmin, url.?, registeredDate, updatedDate, lastLoginDate.?, image.?, groupAccount, removed, description.?) <> (Account.tupled, Account.unapply)
+    def * =
+      (
+        userName,
+        fullName,
+        mailAddress,
+        password,
+        isAdmin,
+        url.?,
+        registeredDate,
+        updatedDate,
+        lastLoginDate.?,
+        image.?,
+        groupAccount,
+        removed,
+        description.?
+      ) <> (Account.tupled, Account.unapply)
   }
 }
 

src/main/scala/gitbucket/core/model/AccountExtraMailAddress.scala

@@ -0,0 +1,19 @@
+package gitbucket.core.model
+
+trait AccountExtraMailAddressComponent { self: Profile =>
+  import profile.api._
+
+  lazy val AccountExtraMailAddresses = TableQuery[AccountExtraMailAddresses]
+
+  class AccountExtraMailAddresses(tag: Tag) extends Table[AccountExtraMailAddress](tag, "ACCOUNT_EXTRA_MAIL_ADDRESS") {
+    val userName = column[String]("USER_NAME", O PrimaryKey)
+    val extraMailAddress = column[String]("EXTRA_MAIL_ADDRESS", O PrimaryKey)
+    def * =
+      (userName, extraMailAddress) <> (AccountExtraMailAddress.tupled, AccountExtraMailAddress.unapply)
+  }
+}
+
+case class AccountExtraMailAddress(
+  userName: String,
+  extraMailAddress: String
+)

src/main/scala/gitbucket/core/model/AccountWebHook.scala

@@ -3,7 +3,8 @@ package gitbucket.core.model
 trait AccountWebHookComponent extends TemplateComponent { self: Profile =>
   import profile.api._
 
-  private implicit val whContentTypeColumnType = MappedColumnType.base[WebHookContentType, String](whct => whct.code , code => WebHookContentType.valueOf(code))
+  private implicit val whContentTypeColumnType =
+    MappedColumnType.base[WebHookContentType, String](whct => whct.code, code => WebHookContentType.valueOf(code))
 
   lazy val AccountWebHooks = TableQuery[AccountWebHooks]
 

src/main/scala/gitbucket/core/model/AccountWebHookEvent.scala

@@ -8,11 +8,13 @@ trait AccountWebHookEventComponent extends TemplateComponent {
 
   lazy val AccountWebHookEvents = TableQuery[AccountWebHookEvents]
 
-  class AccountWebHookEvents(tag: Tag) extends Table[AccountWebHookEvent](tag, "ACCOUNT_WEB_HOOK_EVENT") with BasicTemplate {
+  class AccountWebHookEvents(tag: Tag)
+      extends Table[AccountWebHookEvent](tag, "ACCOUNT_WEB_HOOK_EVENT")
+      with BasicTemplate {
     val url = column[String]("URL")
     val event = column[WebHook.Event]("EVENT")
 
-    def * = (userName, url, event)  <> ((AccountWebHookEvent.apply _).tupled, AccountWebHookEvent.unapply)
+    def * = (userName, url, event) <> ((AccountWebHookEvent.apply _).tupled, AccountWebHookEvent.unapply)
 
     def byAccountWebHook(userName: String, url: String) = (this.userName === userName.bind) && (this.url === url.bind)
 
@@ -28,7 +30,7 @@ trait AccountWebHookEventComponent extends TemplateComponent {
 }
 
 case class AccountWebHookEvent(
-                         userName: String,
+  userName: String,
-                         url: String,
+  url: String,
-                         event: WebHook.Event
+  event: WebHook.Event
-                       )
+)

src/main/scala/gitbucket/core/model/Activity.scala

@@ -13,7 +13,8 @@ trait ActivityComponent extends TemplateComponent { self: Profile =>
     val message = column[String]("MESSAGE")
     val additionalInfo = column[String]("ADDITIONAL_INFO")
     val activityDate = column[java.util.Date]("ACTIVITY_DATE")
-    def * = (userName, repositoryName, activityUserName, activityType, message, additionalInfo.?, activityDate, activityId) <> (Activity.tupled, Activity.unapply)
+    def * =
+      (userName, repositoryName, activityUserName, activityType, message, additionalInfo.?, activityDate, activityId) <> (Activity.tupled, Activity.unapply)
   }
 }
 

src/main/scala/gitbucket/core/model/BasicTemplate.scala

@@ -76,9 +76,11 @@ protected[model] trait TemplateComponent { self: Profile =>
       byRepository(userName, repositoryName) && (this.commitId === commitId)
   }
 
-  trait BranchTemplate extends BasicTemplate{ self: Table[_] =>
+  trait BranchTemplate extends BasicTemplate { self: Table[_] =>
     val branch = column[String]("BRANCH")
-    def byBranch(owner: String, repository: String, branchName: String) = byRepository(owner, repository) && (branch === branchName.bind)
+    def byBranch(owner: String, repository: String, branchName: String) =
-    def byBranch(owner: Rep[String], repository: Rep[String], branchName: Rep[String]) = byRepository(owner, repository) && (this.branch === branchName)
+      byRepository(owner, repository) && (branch === branchName.bind)
+    def byBranch(owner: Rep[String], repository: Rep[String], branchName: Rep[String]) =
+      byRepository(owner, repository) && (this.branch === branchName)
   }
 }

src/main/scala/gitbucket/core/model/Comment.scala

@@ -1,6 +1,7 @@
 package gitbucket.core.model
+import java.util.Date
 
-trait Comment {
+sealed trait Comment {
   val commentedUserName: String
   val registeredDate: java.util.Date
 }
@@ -18,13 +19,14 @@ trait IssueCommentComponent extends TemplateComponent { self: Profile =>
     val content = column[String]("CONTENT")
     val registeredDate = column[java.util.Date]("REGISTERED_DATE")
     val updatedDate = column[java.util.Date]("UPDATED_DATE")
-    def * = (userName, repositoryName, issueId, commentId, action, commentedUserName, content, registeredDate, updatedDate) <> (IssueComment.tupled, IssueComment.unapply)
+    def * =
+      (userName, repositoryName, issueId, commentId, action, commentedUserName, content, registeredDate, updatedDate) <> (IssueComment.tupled, IssueComment.unapply)
 
     def byPrimaryKey(commentId: Int) = this.commentId === commentId.bind
   }
 }
 
-case class IssueComment (
+case class IssueComment(
   userName: String,
   repositoryName: String,
   issueId: Int,
@@ -52,7 +54,21 @@ trait CommitCommentComponent extends TemplateComponent { self: Profile =>
     val registeredDate = column[java.util.Date]("REGISTERED_DATE")
     val updatedDate = column[java.util.Date]("UPDATED_DATE")
     val issueId = column[Option[Int]]("ISSUE_ID")
-    def * = (userName, repositoryName, commitId, commentId, commentedUserName, content, fileName, oldLine, newLine, registeredDate, updatedDate, issueId) <> (CommitComment.tupled, CommitComment.unapply)
+    def * =
+      (
+        userName,
+        repositoryName,
+        commitId,
+        commentId,
+        commentedUserName,
+        content,
+        fileName,
+        oldLine,
+        newLine,
+        registeredDate,
+        updatedDate,
+        issueId
+      ) <> (CommitComment.tupled, CommitComment.unapply)
 
     def byPrimaryKey(commentId: Int) = this.commentId === commentId.bind
   }
@@ -71,4 +87,12 @@ case class CommitComment(
   registeredDate: java.util.Date,
   updatedDate: java.util.Date,
   issueId: Option[Int]
- ) extends Comment
+) extends Comment
+
+case class CommitComments(
+  fileName: String,
+  commentedUserName: String,
+  registeredDate: Date,
+  comments: Seq[CommitComment],
+  diff: Option[String]
+) extends Comment

src/main/scala/gitbucket/core/model/CommitStatus.scala

@@ -4,7 +4,7 @@ trait CommitStatusComponent extends TemplateComponent { self: Profile =>
   import profile.api._
   import self._
 
-  implicit val commitStateColumnType = MappedColumnType.base[CommitState, String](b => b.name , i => CommitState(i))
+  implicit val commitStateColumnType = MappedColumnType.base[CommitState, String](b => b.name, i => CommitState(i))
 
   lazy val CommitStatuses = TableQuery[CommitStatuses]
   class CommitStatuses(tag: Tag) extends Table[CommitStatus](tag, "COMMIT_STATUS") with CommitTemplate {
@@ -16,12 +16,24 @@ trait CommitStatusComponent extends TemplateComponent { self: Profile =>
     val creator = column[String]("CREATOR")
     val registeredDate = column[java.util.Date]("REGISTERED_DATE")
     val updatedDate = column[java.util.Date]("UPDATED_DATE")
-    def * = (commitStatusId, userName, repositoryName, commitId, context, state, targetUrl, description, creator, registeredDate, updatedDate) <> ((CommitStatus.apply _).tupled, CommitStatus.unapply)
+    def * =
+      (
+        commitStatusId,
+        userName,
+        repositoryName,
+        commitId,
+        context,
+        state,
+        targetUrl,
+        description,
+        creator,
+        registeredDate,
+        updatedDate
+      ) <> ((CommitStatus.apply _).tupled, CommitStatus.unapply)
     def byPrimaryKey(id: Int) = commitStatusId === id.bind
   }
 }
 
-
 case class CommitStatus(
   commitStatusId: Int = 0,
   userName: String,
@@ -36,23 +48,24 @@ case class CommitStatus(
   updatedDate: java.util.Date
 )
 object CommitStatus {
-  def pending(owner: String, repository: String, context: String) = CommitStatus(
+  def pending(owner: String, repository: String, context: String) =
-    commitStatusId = 0,
+    CommitStatus(
-    userName = owner,
+      commitStatusId = 0,
-    repositoryName = repository,
+      userName = owner,
-    commitId = "",
+      repositoryName = repository,
-    context = context,
+      commitId = "",
-    state = CommitState.PENDING,
+      context = context,
-    targetUrl = None,
+      state = CommitState.PENDING,
-    description = Some("Waiting for status to be reported"),
+      targetUrl = None,
-    creator = "",
+      description = Some("Waiting for status to be reported"),
-    registeredDate = new java.util.Date(),
+      creator = "",
-    updatedDate = new java.util.Date())
+      registeredDate = new java.util.Date(),
+      updatedDate = new java.util.Date()
+    )
 }
 
 sealed abstract class CommitState(val name: String)
 
-
 object CommitState {
   object ERROR extends CommitState("error")
 
@@ -76,11 +89,11 @@ object CommitState {
    * success if the latest status for all contexts is success
    */
   def combine(statuses: Set[CommitState]): CommitState = {
-    if(statuses.isEmpty){
+    if (statuses.isEmpty) {
       PENDING
-    } else if(statuses.contains(CommitState.ERROR) || statuses.contains(CommitState.FAILURE)) {
+    } else if (statuses.contains(CommitState.ERROR) || statuses.contains(CommitState.FAILURE)) {
       FAILURE
-    } else if(statuses.contains(CommitState.PENDING)) {
+    } else if (statuses.contains(CommitState.PENDING)) {
       PENDING
     } else {
       SUCCESS
@@ -88,4 +101,3 @@ object CommitState {
   }
 
 }
-

src/main/scala/gitbucket/core/model/DeployKey.scala

@@ -10,7 +10,8 @@ trait DeployKeyComponent extends TemplateComponent { self: Profile =>
     val title = column[String]("TITLE")
     val publicKey = column[String]("PUBLIC_KEY")
     val allowWrite = column[Boolean]("ALLOW_WRITE")
-    def * = (userName, repositoryName, deployKeyId, title, publicKey, allowWrite) <> (DeployKey.tupled, DeployKey.unapply)
+    def * =
+      (userName, repositoryName, deployKeyId, title, publicKey, allowWrite) <> (DeployKey.tupled, DeployKey.unapply)
 
     def byPrimaryKey(userName: String, repositoryName: String, deployKeyId: Int) =
       (this.userName === userName.bind) && (this.repositoryName === repositoryName.bind) && (this.deployKeyId === deployKeyId.bind)

src/main/scala/gitbucket/core/model/Issue.scala

@@ -13,13 +13,19 @@ trait IssueComponent extends TemplateComponent { self: Profile =>
     def byPrimaryKey(owner: String, repository: String) = byRepository(owner, repository)
   }
 
-  class IssueOutline(tag: Tag) extends Table[(String, String, Int, Int, Int)](tag, "ISSUE_OUTLINE_VIEW") with IssueTemplate {
+  class IssueOutline(tag: Tag)
+      extends Table[(String, String, Int, Int, Int)](tag, "ISSUE_OUTLINE_VIEW")
+      with IssueTemplate {
     val commentCount = column[Int]("COMMENT_COUNT")
     val priority = column[Int]("PRIORITY")
     def * = (userName, repositoryName, issueId, commentCount, priority)
   }
 
-  class Issues(tag: Tag) extends Table[Issue](tag, "ISSUE") with IssueTemplate with MilestoneTemplate with PriorityTemplate {
+  class Issues(tag: Tag)
+      extends Table[Issue](tag, "ISSUE")
+      with IssueTemplate
+      with MilestoneTemplate
+      with PriorityTemplate {
     val openedUserName = column[String]("OPENED_USER_NAME")
     val assignedUserName = column[String]("ASSIGNED_USER_NAME")
     val title = column[String]("TITLE")
@@ -28,7 +34,22 @@ trait IssueComponent extends TemplateComponent { self: Profile =>
     val registeredDate = column[java.util.Date]("REGISTERED_DATE")
     val updatedDate = column[java.util.Date]("UPDATED_DATE")
     val pullRequest = column[Boolean]("PULL_REQUEST")
-    def * = (userName, repositoryName, issueId, openedUserName, milestoneId.?, priorityId.?, assignedUserName.?, title, content.?, closed, registeredDate, updatedDate, pullRequest) <> (Issue.tupled, Issue.unapply)
+    def * =
+      (
+        userName,
+        repositoryName,
+        issueId,
+        openedUserName,
+        milestoneId.?,
+        priorityId.?,
+        assignedUserName.?,
+        title,
+        content.?,
+        closed,
+        registeredDate,
+        updatedDate,
+        pullRequest
+      ) <> (Issue.tupled, Issue.unapply)
 
     def byPrimaryKey(owner: String, repository: String, issueId: Int) = byIssue(owner, repository, issueId)
   }

src/main/scala/gitbucket/core/model/Labels.scala

@@ -12,23 +12,19 @@ trait LabelComponent extends TemplateComponent { self: Profile =>
     def * = (userName, repositoryName, labelId, labelName, color) <> (Label.tupled, Label.unapply)
 
     def byPrimaryKey(owner: String, repository: String, labelId: Int) = byLabel(owner, repository, labelId)
-    def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], labelId: Rep[Int]) = byLabel(userName, repositoryName, labelId)
+    def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], labelId: Rep[Int]) =
+      byLabel(userName, repositoryName, labelId)
   }
 }
 
-case class Label(
+case class Label(userName: String, repositoryName: String, labelId: Int = 0, labelName: String, color: String) {
-  userName: String,
-  repositoryName: String,
-  labelId: Int = 0,
-  labelName: String,
-  color: String){
 
   val fontColor = {
     val r = color.substring(0, 2)
     val g = color.substring(2, 4)
     val b = color.substring(4, 6)
 
-    if(Integer.parseInt(r, 16) + Integer.parseInt(g, 16) + Integer.parseInt(b, 16) > 408){
+    if (Integer.parseInt(r, 16) + Integer.parseInt(g, 16) + Integer.parseInt(b, 16) > 408) {
       "000000"
     } else {
       "ffffff"

src/main/scala/gitbucket/core/model/Milestone.scala

@@ -12,10 +12,12 @@ trait MilestoneComponent extends TemplateComponent { self: Profile =>
     val description = column[Option[String]]("DESCRIPTION")
     val dueDate = column[Option[java.util.Date]]("DUE_DATE")
     val closedDate = column[Option[java.util.Date]]("CLOSED_DATE")
-    def * = (userName, repositoryName, milestoneId, title, description, dueDate, closedDate) <> (Milestone.tupled, Milestone.unapply)
+    def * =
+      (userName, repositoryName, milestoneId, title, description, dueDate, closedDate) <> (Milestone.tupled, Milestone.unapply)
 
     def byPrimaryKey(owner: String, repository: String, milestoneId: Int) = byMilestone(owner, repository, milestoneId)
-    def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], milestoneId: Rep[Int]) = byMilestone(userName, repositoryName, milestoneId)
+    def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], milestoneId: Rep[Int]) =
+      byMilestone(userName, repositoryName, milestoneId)
   }
 }
 

src/main/scala/gitbucket/core/model/Priorities.scala

@@ -12,14 +12,16 @@ trait PriorityComponent extends TemplateComponent { self: Profile =>
     val ordering = column[Int]("ORDERING")
     val isDefault = column[Boolean]("IS_DEFAULT")
     val color = column[String]("COLOR")
-    def * = (userName, repositoryName, priorityId, priorityName, description.?, isDefault, ordering, color) <> (Priority.tupled, Priority.unapply)
+    def * =
+      (userName, repositoryName, priorityId, priorityName, description.?, isDefault, ordering, color) <> (Priority.tupled, Priority.unapply)
 
     def byPrimaryKey(owner: String, repository: String, priorityId: Int) = byPriority(owner, repository, priorityId)
-    def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], priorityId: Rep[Int]) = byPriority(userName, repositoryName, priorityId)
+    def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], priorityId: Rep[Int]) =
+      byPriority(userName, repositoryName, priorityId)
   }
 }
 
-case class Priority (
+case class Priority(
   userName: String,
   repositoryName: String,
   priorityId: Int = 0,
@@ -27,14 +29,15 @@ case class Priority (
   description: Option[String],
   isDefault: Boolean,
   ordering: Int = 0,
-  color: String){
+  color: String
+) {
 
   val fontColor = {
     val r = color.substring(0, 2)
     val g = color.substring(2, 4)
     val b = color.substring(4, 6)
 
-    if(Integer.parseInt(r, 16) + Integer.parseInt(g, 16) + Integer.parseInt(b, 16) > 408){
+    if (Integer.parseInt(r, 16) + Integer.parseInt(g, 16) + Integer.parseInt(b, 16) > 408) {
       "000000"
     } else {
       "ffffff"

src/main/scala/gitbucket/core/model/Profile.scala

@@ -16,15 +16,15 @@ trait Profile {
   )
 
   /**
-    * WebHookBase.Event Column Types
+   * WebHookBase.Event Column Types
-    */
+   */
   implicit val eventColumnType = MappedColumnType.base[WebHook.Event, String](_.name, WebHook.Event.valueOf(_))
 
   /**
    * Extends Column to add conditional condition
    */
-  implicit class RichColumn(c1: Rep[Boolean]){
+  implicit class RichColumn(c1: Rep[Boolean]) {
-    def &&(c2: => Rep[Boolean], guard: => Boolean): Rep[Boolean] = if(guard) c1 && c2 else c1
+    def &&(c2: => Rep[Boolean], guard: => Boolean): Rep[Boolean] = if (guard) c1 && c2 else c1
   }
 
   /**
@@ -40,31 +40,34 @@ trait ProfileProvider { self: Profile =>
 
 }
 
-trait CoreProfile extends ProfileProvider with Profile
+trait CoreProfile
-  with AccessTokenComponent
+    extends ProfileProvider
-  with AccountComponent
+    with Profile
-  with ActivityComponent
+    with AccessTokenComponent
-  with CollaboratorComponent
+    with AccountComponent
-  with CommitCommentComponent
+    with ActivityComponent
-  with CommitStatusComponent
+    with CollaboratorComponent
-  with GroupMemberComponent
+    with CommitCommentComponent
-  with IssueComponent
+    with CommitStatusComponent
-  with IssueCommentComponent
+    with GroupMemberComponent
-  with IssueLabelComponent
+    with IssueComponent
-  with LabelComponent
+    with IssueCommentComponent
-  with PriorityComponent
+    with IssueLabelComponent
-  with MilestoneComponent
+    with LabelComponent
-  with PullRequestComponent
+    with PriorityComponent
-  with RepositoryComponent
+    with MilestoneComponent
-  with SshKeyComponent
+    with PullRequestComponent
-  with RepositoryWebHookComponent
+    with RepositoryComponent
-  with RepositoryWebHookEventComponent
+    with SshKeyComponent
-  with AccountWebHookComponent
+    with RepositoryWebHookComponent
-  with AccountWebHookEventComponent
+    with RepositoryWebHookEventComponent
-  with AccountFederationComponent
+    with AccountWebHookComponent
-  with ProtectedBranchComponent
+    with AccountWebHookEventComponent
-  with DeployKeyComponent
+    with AccountFederationComponent
-  with ReleaseTagComponent
+    with ProtectedBranchComponent
-  with ReleaseAssetComponent
+    with DeployKeyComponent
+    with ReleaseTagComponent
+    with ReleaseAssetComponent
+    with AccountExtraMailAddressComponent
 
 object Profile extends CoreProfile

src/main/scala/gitbucket/core/model/ProtectedBranch.scala

@@ -8,27 +8,22 @@ trait ProtectedBranchComponent extends TemplateComponent { self: Profile =>
   class ProtectedBranches(tag: Tag) extends Table[ProtectedBranch](tag, "PROTECTED_BRANCH") with BranchTemplate {
     val statusCheckAdmin = column[Boolean]("STATUS_CHECK_ADMIN")
     def * = (userName, repositoryName, branch, statusCheckAdmin) <> (ProtectedBranch.tupled, ProtectedBranch.unapply)
-    def byPrimaryKey(userName: String, repositoryName: String, branch: String) = byBranch(userName, repositoryName, branch)
+    def byPrimaryKey(userName: String, repositoryName: String, branch: String) =
-    def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], branch: Rep[String]) = byBranch(userName, repositoryName, branch)
+      byBranch(userName, repositoryName, branch)
+    def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], branch: Rep[String]) =
+      byBranch(userName, repositoryName, branch)
   }
 
   lazy val ProtectedBranchContexts = TableQuery[ProtectedBranchContexts]
-  class ProtectedBranchContexts(tag: Tag) extends Table[ProtectedBranchContext](tag, "PROTECTED_BRANCH_REQUIRE_CONTEXT") with BranchTemplate {
+  class ProtectedBranchContexts(tag: Tag)
+      extends Table[ProtectedBranchContext](tag, "PROTECTED_BRANCH_REQUIRE_CONTEXT")
+      with BranchTemplate {
     val context = column[String]("CONTEXT")
-    def * = (userName, repositoryName, branch, context) <> (ProtectedBranchContext.tupled, ProtectedBranchContext.unapply)
+    def * =
+      (userName, repositoryName, branch, context) <> (ProtectedBranchContext.tupled, ProtectedBranchContext.unapply)
   }
 }
 
+case class ProtectedBranch(userName: String, repositoryName: String, branch: String, statusCheckAdmin: Boolean)
 
-case class ProtectedBranch(
+case class ProtectedBranchContext(userName: String, repositoryName: String, branch: String, context: String)
-  userName: String,
-  repositoryName: String,
-  branch: String,
-  statusCheckAdmin: Boolean)
-
-
-case class ProtectedBranchContext(
-  userName: String,
-  repositoryName: String,
-  branch: String,
-  context: String)

src/main/scala/gitbucket/core/model/PullRequest.scala

@@ -12,10 +12,23 @@ trait PullRequestComponent extends TemplateComponent { self: Profile =>
     val requestBranch = column[String]("REQUEST_BRANCH")
     val commitIdFrom = column[String]("COMMIT_ID_FROM")
     val commitIdTo = column[String]("COMMIT_ID_TO")
-    def * = (userName, repositoryName, issueId, branch, requestUserName, requestRepositoryName, requestBranch, commitIdFrom, commitIdTo) <> (PullRequest.tupled, PullRequest.unapply)
+    def * =
+      (
+        userName,
+        repositoryName,
+        issueId,
+        branch,
+        requestUserName,
+        requestRepositoryName,
+        requestBranch,
+        commitIdFrom,
+        commitIdTo
+      ) <> (PullRequest.tupled, PullRequest.unapply)
 
-    def byPrimaryKey(userName: String, repositoryName: String, issueId: Int) = byIssue(userName, repositoryName, issueId)
+    def byPrimaryKey(userName: String, repositoryName: String, issueId: Int) =
-    def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], issueId: Rep[Int]) = byIssue(userName, repositoryName, issueId)
+      byIssue(userName, repositoryName, issueId)
+    def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], issueId: Rep[Int]) =
+      byIssue(userName, repositoryName, issueId)
   }
 }
 

src/main/scala/gitbucket/core/model/ReleaseAsset.scala

@@ -20,9 +20,12 @@ trait ReleaseAssetComponent extends TemplateComponent {
     val registeredDate = column[Date]("REGISTERED_DATE")
     val updatedDate = column[Date]("UPDATED_DATE")
 
-    def * = (userName, repositoryName, tag, releaseAssetId, fileName, label, size, uploader, registeredDate, updatedDate) <> (ReleaseAsset.tupled, ReleaseAsset.unapply)
+    def * =
-    def byPrimaryKey(owner: String, repository: String, tag: String, fileName: String) = byTag(owner, repository, tag) && (this.fileName === fileName.bind)
+      (userName, repositoryName, tag, releaseAssetId, fileName, label, size, uploader, registeredDate, updatedDate) <> (ReleaseAsset.tupled, ReleaseAsset.unapply)
-    def byTag(owner: String, repository: String, tag: String) = byRepository(owner, repository) && (this.tag === tag.bind)
+    def byPrimaryKey(owner: String, repository: String, tag: String, fileName: String) =
+      byTag(owner, repository, tag) && (this.fileName === fileName.bind)
+    def byTag(owner: String, repository: String, tag: String) =
+      byRepository(owner, repository) && (this.tag === tag.bind)
   }
 }
 

src/main/scala/gitbucket/core/model/ReleaseTag.scala

@@ -16,9 +16,11 @@ trait ReleaseTagComponent extends TemplateComponent {
     val registeredDate = column[java.util.Date]("REGISTERED_DATE")
     val updatedDate = column[java.util.Date]("UPDATED_DATE")
 
-    def * = (userName, repositoryName, name, tag, author, content, registeredDate, updatedDate) <> (ReleaseTag.tupled, ReleaseTag.unapply)
+    def * =
+      (userName, repositoryName, name, tag, author, content, registeredDate, updatedDate) <> (ReleaseTag.tupled, ReleaseTag.unapply)
     def byPrimaryKey(owner: String, repository: String, tag: String) = byTag(owner, repository, tag)
-    def byTag(owner: String, repository: String, tag: String) = byRepository(owner, repository) && (this.tag === tag.bind)
+    def byTag(owner: String, repository: String, tag: String) =
+      byRepository(owner, repository) && (this.tag === tag.bind)
   }
 }
 

src/main/scala/gitbucket/core/model/Repository.scala

@@ -7,62 +7,80 @@ trait RepositoryComponent extends TemplateComponent { self: Profile =>
   lazy val Repositories = TableQuery[Repositories]
 
   class Repositories(tag: Tag) extends Table[Repository](tag, "REPOSITORY") with BasicTemplate {
-    val isPrivate            = column[Boolean]("PRIVATE")
+    val isPrivate = column[Boolean]("PRIVATE")
-    val description          = column[String]("DESCRIPTION")
+    val description = column[String]("DESCRIPTION")
-    val defaultBranch        = column[String]("DEFAULT_BRANCH")
+    val defaultBranch = column[String]("DEFAULT_BRANCH")
-    val registeredDate       = column[java.util.Date]("REGISTERED_DATE")
+    val registeredDate = column[java.util.Date]("REGISTERED_DATE")
-    val updatedDate          = column[java.util.Date]("UPDATED_DATE")
+    val updatedDate = column[java.util.Date]("UPDATED_DATE")
-    val lastActivityDate     = column[java.util.Date]("LAST_ACTIVITY_DATE")
+    val lastActivityDate = column[java.util.Date]("LAST_ACTIVITY_DATE")
-    val originUserName       = column[String]("ORIGIN_USER_NAME")
+    val originUserName = column[String]("ORIGIN_USER_NAME")
     val originRepositoryName = column[String]("ORIGIN_REPOSITORY_NAME")
-    val parentUserName       = column[String]("PARENT_USER_NAME")
+    val parentUserName = column[String]("PARENT_USER_NAME")
     val parentRepositoryName = column[String]("PARENT_REPOSITORY_NAME")
-    val issuesOption         = column[String]("ISSUES_OPTION")
+    val issuesOption = column[String]("ISSUES_OPTION")
-    val externalIssuesUrl    = column[String]("EXTERNAL_ISSUES_URL")
+    val externalIssuesUrl = column[String]("EXTERNAL_ISSUES_URL")
-    val wikiOption           = column[String]("WIKI_OPTION")
+    val wikiOption = column[String]("WIKI_OPTION")
-    val externalWikiUrl      = column[String]("EXTERNAL_WIKI_URL")
+    val externalWikiUrl = column[String]("EXTERNAL_WIKI_URL")
-    val allowFork            = column[Boolean]("ALLOW_FORK")
+    val allowFork = column[Boolean]("ALLOW_FORK")
-    val mergeOptions         = column[String]("MERGE_OPTIONS")
+    val mergeOptions = column[String]("MERGE_OPTIONS")
-    val defaultMergeOption   = column[String]("DEFAULT_MERGE_OPTION")
+    val defaultMergeOption = column[String]("DEFAULT_MERGE_OPTION")
 
-    def * = (
+    def * =
-      (userName, repositoryName, isPrivate, description.?, defaultBranch,
+      (
-      registeredDate, updatedDate, lastActivityDate, originUserName.?, originRepositoryName.?, parentUserName.?, parentRepositoryName.?),
+        (
-      (issuesOption, externalIssuesUrl.?, wikiOption, externalWikiUrl.?, allowFork, mergeOptions, defaultMergeOption)
+          userName,
-    ).shaped <> (
+          repositoryName,
-      { case (repository, options) =>
+          isPrivate,
-        Repository(
+          description.?,
-          repository._1,
+          defaultBranch,
-          repository._2,
+          registeredDate,
-          repository._3,
+          updatedDate,
-          repository._4,
+          lastActivityDate,
-          repository._5,
+          originUserName.?,
-          repository._6,
+          originRepositoryName.?,
-          repository._7,
+          parentUserName.?,
-          repository._8,
+          parentRepositoryName.?
-          repository._9,
+        ),
-          repository._10,
+        (issuesOption, externalIssuesUrl.?, wikiOption, externalWikiUrl.?, allowFork, mergeOptions, defaultMergeOption)
-          repository._11,
+      ).shaped <> ({
-          repository._12,
+        case (repository, options) =>
-          RepositoryOptions.tupled.apply(options)
+          Repository(
-        )
+            repository._1,
+            repository._2,
+            repository._3,
+            repository._4,
+            repository._5,
+            repository._6,
+            repository._7,
+            repository._8,
+            repository._9,
+            repository._10,
+            repository._11,
+            repository._12,
+            RepositoryOptions.tupled.apply(options)
+          )
       }, { (r: Repository) =>
-        Some(((
+        Some(
-          r.userName,
+          (
-          r.repositoryName,
+            (
-          r.isPrivate,
+              r.userName,
-          r.description,
+              r.repositoryName,
-          r.defaultBranch,
+              r.isPrivate,
-          r.registeredDate,
+              r.description,
-          r.updatedDate,
+              r.defaultBranch,
-          r.lastActivityDate,
+              r.registeredDate,
-          r.originUserName,
+              r.updatedDate,
-          r.originRepositoryName,
+              r.lastActivityDate,
-          r.parentUserName,
+              r.originUserName,
-          r.parentRepositoryName
+              r.originRepositoryName,
-        ),(
+              r.parentUserName,
-          RepositoryOptions.unapply(r.options).get
+              r.parentRepositoryName
-        )))
+            ),
+            (
+              RepositoryOptions.unapply(r.options).get
+            )
+          )
+        )
       })
 
     def byPrimaryKey(owner: String, repository: String) = byRepository(owner, repository)

src/main/scala/gitbucket/core/model/RepositoryWebHook.scala

@@ -3,7 +3,8 @@ package gitbucket.core.model
 trait RepositoryWebHookComponent extends TemplateComponent { self: Profile =>
   import profile.api._
 
-  implicit val whContentTypeColumnType = MappedColumnType.base[WebHookContentType, String](whct => whct.code , code => WebHookContentType.valueOf(code))
+  implicit val whContentTypeColumnType =
+    MappedColumnType.base[WebHookContentType, String](whct => whct.code, code => WebHookContentType.valueOf(code))
 
   lazy val RepositoryWebHooks = TableQuery[RepositoryWebHooks]
 
@@ -11,13 +12,14 @@ trait RepositoryWebHookComponent extends TemplateComponent { self: Profile =>
     val url = column[String]("URL")
     val token = column[Option[String]]("TOKEN")
     val ctype = column[WebHookContentType]("CTYPE")
-    def * = (userName, repositoryName, url, ctype, token) <> ((RepositoryWebHook.apply _).tupled, RepositoryWebHook.unapply)
+    def * =
+      (userName, repositoryName, url, ctype, token) <> ((RepositoryWebHook.apply _).tupled, RepositoryWebHook.unapply)
 
-    def byPrimaryKey(owner: String, repository: String, url: String) = byRepository(owner, repository) && (this.url === url.bind)
+    def byPrimaryKey(owner: String, repository: String, url: String) =
+      byRepository(owner, repository) && (this.url === url.bind)
   }
 }
 
-
 case class RepositoryWebHook(
   userName: String,
   repositoryName: String,

src/main/scala/gitbucket/core/model/RepositoryWebHookEvent.scala

@@ -6,17 +6,22 @@ trait RepositoryWebHookEventComponent extends TemplateComponent { self: Profile
 
   lazy val RepositoryWebHookEvents = TableQuery[RepositoryWebHookEvents]
 
-  class RepositoryWebHookEvents(tag: Tag) extends Table[RepositoryWebHookEvent](tag, "WEB_HOOK_EVENT") with BasicTemplate {
+  class RepositoryWebHookEvents(tag: Tag)
+      extends Table[RepositoryWebHookEvent](tag, "WEB_HOOK_EVENT")
+      with BasicTemplate {
     val url = column[String]("URL")
     val event = column[WebHook.Event]("EVENT")
-    def * = (userName, repositoryName, url, event) <> ((RepositoryWebHookEvent.apply _).tupled, RepositoryWebHookEvent.unapply)
+    def * =
+      (userName, repositoryName, url, event) <> ((RepositoryWebHookEvent.apply _).tupled, RepositoryWebHookEvent.unapply)
 
-    def byRepositoryWebHook(owner: String, repository: String, url: String) = byRepository(owner, repository) && (this.url === url.bind)
+    def byRepositoryWebHook(owner: String, repository: String, url: String) =
+      byRepository(owner, repository) && (this.url === url.bind)
     def byRepositoryWebHook(owner: Rep[String], repository: Rep[String], url: Rep[String]) =
       byRepository(userName, repositoryName) && (this.url === url)
     def byRepositoryWebHook(webhook: RepositoryWebHooks) =
       byRepository(webhook.userName, webhook.repositoryName) && (this.url === webhook.url)
-    def byPrimaryKey(owner: String, repository: String, url: String, event: WebHook.Event) = byRepositoryWebHook(owner, repository, url) && (this.event === event.bind)
+    def byPrimaryKey(owner: String, repository: String, url: String, event: WebHook.Event) =
+      byRepositoryWebHook(owner, repository, url) && (this.event === event.bind)
   }
 }
 

src/main/scala/gitbucket/core/model/SshKey.scala

@@ -12,7 +12,8 @@ trait SshKeyComponent { self: Profile =>
     val publicKey = column[String]("PUBLIC_KEY")
     def * = (userName, sshKeyId, title, publicKey) <> (SshKey.tupled, SshKey.unapply)
 
-    def byPrimaryKey(userName: String, sshKeyId: Int) = (this.userName === userName.bind) && (this.sshKeyId === sshKeyId.bind)
+    def byPrimaryKey(userName: String, sshKeyId: Int) =
+      (this.userName === userName.bind) && (this.sshKeyId === sshKeyId.bind)
   }
 }
 

src/main/scala/gitbucket/core/model/WebHook.scala

@@ -16,7 +16,7 @@ object WebHookContentType {
   def valueOpt(code: String): Option[WebHookContentType] = map.get(code)
 }
 
-trait WebHook{
+trait WebHook {
   val url: String
   val ctype: WebHookContentType
   val token: Option[String]
@@ -45,7 +45,7 @@ object WebHook {
   case object TeamAdd extends Event("team_add")
   case object Watch extends Event("watch")
 
-  object Event{
+  object Event {
     val values = List(
       CommitComment,
       Create,
@@ -68,7 +68,7 @@ object WebHook {
       Watch
     )
 
-    private val map: Map[String,Event] = values.map(e => e.name -> e).toMap
+    private val map: Map[String, Event] = values.map(e => e.name -> e).toMap
     def valueOf(name: String): Event = map(name)
     def valueOpt(name: String): Option[Event] = map.get(name)
   }

src/main/scala/gitbucket/core/plugin/GitRepositoryRouting.scala

@@ -10,13 +10,18 @@ import gitbucket.core.service.SystemSettingsService.SystemSettings
  * @param localPath the string to assemble local file path of repository (e.g. "gist/$1/$2")
  * @param filter the filter for request to the Git repository which is defined by this routing
  */
-case class GitRepositoryRouting(urlPattern: String, localPath: String, filter: GitRepositoryFilter){
+case class GitRepositoryRouting(urlPattern: String, localPath: String, filter: GitRepositoryFilter) {
 
   def this(urlPattern: String, localPath: String) = {
-    this(urlPattern, localPath, new GitRepositoryFilter(){
+    this(
-      def filter(repositoryName: String, userName: Option[String], settings: SystemSettings, isUpdating: Boolean)
+      urlPattern,
-                (implicit session: Session): Boolean = true
+      localPath,
-    })
+      new GitRepositoryFilter() {
+        def filter(repositoryName: String, userName: Option[String], settings: SystemSettings, isUpdating: Boolean)(
+          implicit session: Session
+        ): Boolean = true
+      }
+    )
   }
 
 }
@@ -36,7 +41,8 @@ trait GitRepositoryFilter {
    * @param session the database session
    * @return true if allow accessing to repository, otherwise false.
    */
-  def filter(path: String, userName: Option[String], settings: SystemSettings, isUpdating: Boolean)
+  def filter(path: String, userName: Option[String], settings: SystemSettings, isUpdating: Boolean)(
-            (implicit session: Session): Boolean
+    implicit session: Session
+  ): Boolean
 
-}
+}

src/main/scala/gitbucket/core/plugin/IssueHook.scala

@@ -9,7 +9,10 @@ import profile.api._
 trait IssueHook {
 
   def created(issue: Issue, repository: RepositoryInfo)(implicit session: Session, context: Context): Unit = ()
-  def addedComment(commentId: Int, content: String, issue: Issue, repository: RepositoryInfo)(implicit session: Session, context: Context): Unit = ()
+  def addedComment(commentId: Int, content: String, issue: Issue, repository: RepositoryInfo)(
+    implicit session: Session,
+    context: Context
+  ): Unit = ()
   def closed(issue: Issue, repository: RepositoryInfo)(implicit session: Session, context: Context): Unit = ()
   def reopened(issue: Issue, repository: RepositoryInfo)(implicit session: Session, context: Context): Unit = ()
 

src/main/scala/gitbucket/core/plugin/Plugin.scala

@@ -30,7 +30,8 @@ abstract class Plugin {
   /**
    * Override to declare this plug-in provides images.
    */
-  def images(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(String, Array[Byte])] = Nil
+  def images(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(String, Array[Byte])] =
+    Nil
 
   /**
    * Override to declare this plug-in provides controllers.
@@ -40,7 +41,11 @@ abstract class Plugin {
   /**
    * Override to declare this plug-in provides controllers.
    */
-  def controllers(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(String, ControllerBase)] = Nil
+  def controllers(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[(String, ControllerBase)] = Nil
 
   /**
    * Override to declare this plug-in provides JavaScript.
@@ -50,7 +55,8 @@ abstract class Plugin {
   /**
    * Override to declare this plug-in provides JavaScript.
    */
-  def javaScripts(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(String, String)] = Nil
+  def javaScripts(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(String, String)] =
+    Nil
 
   /**
    * Override to declare this plug-in provides renderers.
@@ -60,7 +66,8 @@ abstract class Plugin {
   /**
    * Override to declare this plug-in provides renderers.
    */
-  def renderers(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(String, Renderer)] = Nil
+  def renderers(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(String, Renderer)] =
+    Nil
 
   /**
    * Override to add git repository routings.
@@ -70,7 +77,11 @@ abstract class Plugin {
   /**
    * Override to add git repository routings.
    */
-  def repositoryRoutings(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[GitRepositoryRouting] = Nil
+  def repositoryRoutings(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[GitRepositoryRouting] = Nil
 
   /**
    * Override to add account hooks.
@@ -100,7 +111,11 @@ abstract class Plugin {
   /**
    * Override to add repository hooks.
    */
-  def repositoryHooks(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[RepositoryHook] = Nil
+  def repositoryHooks(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[RepositoryHook] = Nil
 
   /**
    * Override to add issue hooks.
@@ -120,7 +135,11 @@ abstract class Plugin {
   /**
    * Override to add pull request hooks.
    */
-  def pullRequestHooks(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[PullRequestHook] = Nil
+  def pullRequestHooks(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[PullRequestHook] = Nil
 
   /**
    * Override to add repository headers.
@@ -130,7 +149,11 @@ abstract class Plugin {
   /**
    * Override to add repository headers.
    */
-  def repositoryHeaders(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(RepositoryInfo, Context) => Option[Html]] = Nil
+  def repositoryHeaders(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[(RepositoryInfo, Context) => Option[Html]] = Nil
 
   /**
    * Override to add global menus.
@@ -140,7 +163,11 @@ abstract class Plugin {
   /**
    * Override to add global menus.
    */
-  def globalMenus(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(Context) => Option[Link]] = Nil
+  def globalMenus(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[(Context) => Option[Link]] = Nil
 
   /**
    * Override to add repository menus.
@@ -150,7 +177,11 @@ abstract class Plugin {
   /**
    * Override to add repository menus.
    */
-  def repositoryMenus(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(RepositoryInfo, Context) => Option[Link]] = Nil
+  def repositoryMenus(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[(RepositoryInfo, Context) => Option[Link]] = Nil
 
   /**
    * Override to add repository setting tabs.
@@ -160,7 +191,11 @@ abstract class Plugin {
   /**
    * Override to add repository setting tabs.
    */
-  def repositorySettingTabs(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(RepositoryInfo, Context) => Option[Link]] = Nil
+  def repositorySettingTabs(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[(RepositoryInfo, Context) => Option[Link]] = Nil
 
   /**
    * Override to add profile tabs.
@@ -170,7 +205,11 @@ abstract class Plugin {
   /**
    * Override to add profile tabs.
    */
-  def profileTabs(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(Account, Context) => Option[Link]] = Nil
+  def profileTabs(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[(Account, Context) => Option[Link]] = Nil
 
   /**
    * Override to add system setting menus.
@@ -180,7 +219,11 @@ abstract class Plugin {
   /**
    * Override to add system setting menus.
    */
-  def systemSettingMenus(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(Context) => Option[Link]] = Nil
+  def systemSettingMenus(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[(Context) => Option[Link]] = Nil
 
   /**
    * Override to add account setting menus.
@@ -190,7 +233,11 @@ abstract class Plugin {
   /**
    * Override to add account setting menus.
    */
-  def accountSettingMenus(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(Context) => Option[Link]] = Nil
+  def accountSettingMenus(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[(Context) => Option[Link]] = Nil
 
   /**
    * Override to add dashboard tabs.
@@ -200,7 +247,11 @@ abstract class Plugin {
   /**
    * Override to add dashboard tabs.
    */
-  def dashboardTabs(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(Context) => Option[Link]] = Nil
+  def dashboardTabs(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[(Context) => Option[Link]] = Nil
 
   /**
    * Override to add issue sidebars.
@@ -210,7 +261,11 @@ abstract class Plugin {
   /**
    * Override to add issue sidebars.
    */
-  def issueSidebars(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(Issue, RepositoryInfo, Context) => Option[Html]] = Nil
+  def issueSidebars(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[(Issue, RepositoryInfo, Context) => Option[Html]] = Nil
 
   /**
    * Override to add assets mappings.
@@ -220,7 +275,11 @@ abstract class Plugin {
   /**
    * Override to add assets mappings.
    */
-  def assetsMappings(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(String, String)] = Nil
+  def assetsMappings(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[(String, String)] = Nil
 
   /**
    * Override to add text decorators.
@@ -230,7 +289,8 @@ abstract class Plugin {
   /**
    * Override to add text decorators.
    */
-  def textDecorators(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[TextDecorator] = Nil
+  def textDecorators(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[TextDecorator] =
+    Nil
 
   /**
    * Override to add suggestion provider.
@@ -240,7 +300,11 @@ abstract class Plugin {
   /**
    * Override to add suggestion provider.
    */
-  def suggestionProviders(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[SuggestionProvider] = Nil
+  def suggestionProviders(
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[SuggestionProvider] = Nil
 
   /**
    * Override to add ssh command providers.
@@ -250,25 +314,32 @@ abstract class Plugin {
   /**
    * Override to add ssh command providers.
    */
-  def sshCommandProviders(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[PartialFunction[String, Command]] = Nil
+  def sshCommandProviders(
-
+    registry: PluginRegistry,
+    context: ServletContext,
+    settings: SystemSettings
+  ): Seq[PartialFunction[String, Command]] = Nil
 
   /**
    * This method is invoked in initialization of plugin system.
    * Register plugin functionality to PluginRegistry.
    */
   def initialize(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Unit = {
-    (images ++ images(registry, context, settings)).foreach { case (id, in) =>
+    (images ++ images(registry, context, settings)).foreach {
-      registry.addImage(id, in)
+      case (id, in) =>
+        registry.addImage(id, in)
     }
-    (controllers ++ controllers(registry, context, settings)).foreach { case (path, controller) =>
+    (controllers ++ controllers(registry, context, settings)).foreach {
-      registry.addController(path, controller)
+      case (path, controller) =>
+        registry.addController(path, controller)
     }
-    (javaScripts ++ javaScripts(registry, context, settings)).foreach { case (path, script) =>
+    (javaScripts ++ javaScripts(registry, context, settings)).foreach {
-      registry.addJavaScript(path, script)
+      case (path, script) =>
+        registry.addJavaScript(path, script)
     }
-    (renderers ++ renderers(registry, context, settings)).foreach { case (extension, renderer) =>
+    (renderers ++ renderers(registry, context, settings)).foreach {
-      registry.addRenderer(extension, renderer)
+      case (extension, renderer) =>
+        registry.addRenderer(extension, renderer)
     }
     (repositoryRoutings ++ repositoryRoutings(registry, context, settings)).foreach { routing =>
       registry.addRepositoryRouting(routing)
@@ -345,7 +416,7 @@ abstract class Plugin {
    * Helper method to get a resource from classpath.
    */
   protected def fromClassPath(path: String): Array[Byte] =
-    using(getClass.getClassLoader.getResourceAsStream(path)){ in =>
+    using(getClass.getClassLoader.getResourceAsStream(path)) { in =>
       val bytes = new Array[Byte](in.available)
       in.read(bytes)
       bytes

src/main/scala/gitbucket/core/plugin/PluginRegistry.scala

@@ -70,7 +70,7 @@ class PluginRegistry {
 
   @deprecated("Use addImage(id: String, bytes: Array[Byte]) instead", "3.4.0")
   def addImage(id: String, in: InputStream): Unit = {
-    val bytes = using(in){ in =>
+    val bytes = using(in) { in =>
       val bytes = new Array[Byte](in.available)
       in.read(bytes)
       bytes
@@ -87,9 +87,11 @@ class PluginRegistry {
 
   def getControllers(): Seq[(ControllerBase, String)] = controllers.asScala.toSeq
 
-  def addJavaScript(path: String, script: String): Unit = javaScripts.add((path, script)) //javaScripts += ((path, script))
+  def addJavaScript(path: String, script: String): Unit =
+    javaScripts.add((path, script)) //javaScripts += ((path, script))
 
-  def getJavaScript(currentPath: String): List[String] = javaScripts.asScala.filter(x => currentPath.matches(x._1)).toList.map(_._2)
+  def getJavaScript(currentPath: String): List[String] =
+    javaScripts.asScala.filter(x => currentPath.matches(x._1)).toList.map(_._2)
 
   def addRenderer(extension: String, renderer: Renderer): Unit = renderers.put(extension, renderer)
 
@@ -129,7 +131,8 @@ class PluginRegistry {
 
   def getPullRequestHooks: Seq[PullRequestHook] = pullRequestHooks.asScala.toSeq
 
-  def addRepositoryHeader(repositoryHeader: (RepositoryInfo, Context) => Option[Html]): Unit = repositoryHeaders.add(repositoryHeader)
+  def addRepositoryHeader(repositoryHeader: (RepositoryInfo, Context) => Option[Html]): Unit =
+    repositoryHeaders.add(repositoryHeader)
 
   def getRepositoryHeaders: Seq[(RepositoryInfo, Context) => Option[Html]] = repositoryHeaders.asScala.toSeq
 
@@ -137,11 +140,13 @@ class PluginRegistry {
 
   def getGlobalMenus: Seq[(Context) => Option[Link]] = globalMenus.asScala.toSeq
 
-  def addRepositoryMenu(repositoryMenu: (RepositoryInfo, Context) => Option[Link]): Unit = repositoryMenus.add(repositoryMenu)
+  def addRepositoryMenu(repositoryMenu: (RepositoryInfo, Context) => Option[Link]): Unit =
+    repositoryMenus.add(repositoryMenu)
 
   def getRepositoryMenus: Seq[(RepositoryInfo, Context) => Option[Link]] = repositoryMenus.asScala.toSeq
 
-  def addRepositorySettingTab(repositorySettingTab: (RepositoryInfo, Context) => Option[Link]): Unit = repositorySettingTabs.add(repositorySettingTab)
+  def addRepositorySettingTab(repositorySettingTab: (RepositoryInfo, Context) => Option[Link]): Unit =
+    repositorySettingTabs.add(repositorySettingTab)
 
   def getRepositorySettingTabs: Seq[(RepositoryInfo, Context) => Option[Link]] = repositorySettingTabs.asScala.toSeq
 
@@ -149,11 +154,13 @@ class PluginRegistry {
 
   def getProfileTabs: Seq[(Account, Context) => Option[Link]] = profileTabs.asScala.toSeq
 
-  def addSystemSettingMenu(systemSettingMenu: (Context) => Option[Link]): Unit = systemSettingMenus.add(systemSettingMenu)
+  def addSystemSettingMenu(systemSettingMenu: (Context) => Option[Link]): Unit =
+    systemSettingMenus.add(systemSettingMenu)
 
   def getSystemSettingMenus: Seq[(Context) => Option[Link]] = systemSettingMenus.asScala.toSeq
 
-  def addAccountSettingMenu(accountSettingMenu: (Context) => Option[Link]): Unit = accountSettingMenus.add(accountSettingMenu)
+  def addAccountSettingMenu(accountSettingMenu: (Context) => Option[Link]): Unit =
+    accountSettingMenus.add(accountSettingMenu)
 
   def getAccountSettingMenus: Seq[(Context) => Option[Link]] = accountSettingMenus.asScala.toSeq
 
@@ -161,7 +168,8 @@ class PluginRegistry {
 
   def getDashboardTabs: Seq[(Context) => Option[Link]] = dashboardTabs.asScala.toSeq
 
-  def addIssueSidebar(issueSidebar: (Issue, RepositoryInfo, Context) => Option[Html]): Unit = issueSidebars.add(issueSidebar)
+  def addIssueSidebar(issueSidebar: (Issue, RepositoryInfo, Context) => Option[Html]): Unit =
+    issueSidebars.add(issueSidebar)
 
   def getIssueSidebars: Seq[(Issue, RepositoryInfo, Context) => Option[Html]] = issueSidebars.asScala.toSeq
 
@@ -177,7 +185,8 @@ class PluginRegistry {
 
   def getSuggestionProviders: Seq[SuggestionProvider] = suggestionProviders.asScala.toSeq
 
-  def addSshCommandProvider(sshCommandProvider: PartialFunction[String, Command]): Unit = sshCommandProviders.add(sshCommandProvider)
+  def addSshCommandProvider(sshCommandProvider: PartialFunction[String, Command]): Unit =
+    sshCommandProviders.add(sshCommandProvider)
 
   def getSshCommandProviders: Seq[PartialFunction[String, Command]] = sshCommandProviders.asScala.toSeq
 }
@@ -212,37 +221,44 @@ object PluginRegistry {
   /**
    * Uninstall a specified plugin.
    */
-  def uninstall(pluginId: String, context: ServletContext, settings: SystemSettings, conn: java.sql.Connection): Unit = synchronized {
+  def uninstall(pluginId: String, context: ServletContext, settings: SystemSettings, conn: java.sql.Connection): Unit =
-    instance.getPlugins()
+    synchronized {
-      .collect { case plugin if plugin.pluginId == pluginId => plugin }
+      instance
-      .foreach { plugin =>
+        .getPlugins()
+        .collect { case plugin if plugin.pluginId == pluginId => plugin }
+        .foreach { plugin =>
 //      try {
 //        plugin.pluginClass.uninstall(instance, context, settings)
 //      } catch {
 //        case e: Exception =>
 //          logger.error(s"Error during uninstalling plugin: ${plugin.pluginJar.getName}", e)
 //      }
-        shutdown(context, settings)
+          shutdown(context, settings)
-        plugin.pluginJar.delete()
+          plugin.pluginJar.delete()
-        instance = new PluginRegistry()
+          instance = new PluginRegistry()
-        initialize(context, settings, conn)
+          initialize(context, settings, conn)
-      }
+        }
-  }
+    }
 
   /**
    * Install a plugin from a specified jar file.
    */
-  def install(file: File, context: ServletContext, settings: SystemSettings, conn: java.sql.Connection): Unit = synchronized {
+  def install(file: File, context: ServletContext, settings: SystemSettings, conn: java.sql.Connection): Unit =
-    shutdown(context, settings)
+    synchronized {
-    FileUtils.copyFile(file, new File(PluginHome, file.getName))
+      shutdown(context, settings)
-    instance = new PluginRegistry()
+      FileUtils.copyFile(file, new File(PluginHome, file.getName))
-    initialize(context, settings, conn)
+      instance = new PluginRegistry()
-  }
+      initialize(context, settings, conn)
+    }
 
   private def listPluginJars(dir: File): Seq[File] = {
-    dir.listFiles(new FilenameFilter {
+    dir
-      override def accept(dir: File, name: String): Boolean = name.endsWith(".jar")
+      .listFiles(new FilenameFilter {
-    }).toSeq.sortBy(_.getName).reverse
+        override def accept(dir: File, name: String): Boolean = name.endsWith(".jar")
+      })
+      .toSeq
+      .sortBy(_.getName)
+      .reverse
   }
 
   lazy val extraPluginDir: Option[String] = Option(System.getProperty("gitbucket.pluginDir"))
@@ -256,13 +272,17 @@ object PluginRegistry {
 
     // Clean installed directory
     val installedDir = new File(PluginHome, ".installed")
-    if(installedDir.exists){
+    if (installedDir.exists) {
       FileUtils.deleteDirectory(installedDir)
     }
     installedDir.mkdirs()
 
     val pluginJars = listPluginJars(pluginDir)
-    val extraJars = extraPluginDir.map { extraDir => listPluginJars(new File(extraDir)) }.getOrElse(Nil)
+    val extraJars = extraPluginDir
+      .map { extraDir =>
+        listPluginJars(new File(extraDir))
+      }
+      .getOrElse(Nil)
 
     (extraJars ++ pluginJars).foreach { pluginJar =>
       val installedJar = new File(installedDir, pluginJar.getName)
@@ -283,27 +303,32 @@ object PluginRegistry {
           case None => {
             // Migration
             val solidbase = new Solidbase()
-            solidbase.migrate(conn, classLoader, DatabaseConfig.liquiDriver, new Module(plugin.pluginId, plugin.versions: _*))
+            solidbase
+              .migrate(conn, classLoader, DatabaseConfig.liquiDriver, new Module(plugin.pluginId, plugin.versions: _*))
             conn.commit()
 
             // Check database version
             val databaseVersion = manager.getCurrentVersion(plugin.pluginId)
             val pluginVersion = plugin.versions.last.getVersion
             if (databaseVersion != pluginVersion) {
-              throw new IllegalStateException(s"Plugin version is ${pluginVersion}, but database version is ${databaseVersion}")
+              throw new IllegalStateException(
+                s"Plugin version is ${pluginVersion}, but database version is ${databaseVersion}"
+              )
             }
 
             // Initialize
             plugin.initialize(instance, context, settings)
-            instance.addPlugin(PluginInfo(
+            instance.addPlugin(
-              pluginId      = plugin.pluginId,
+              PluginInfo(
-              pluginName    = plugin.pluginName,
+                pluginId = plugin.pluginId,
-              pluginVersion = plugin.versions.last.getVersion,
+                pluginName = plugin.pluginName,
-              description   = plugin.description,
+                pluginVersion = plugin.versions.last.getVersion,
-              pluginClass   = plugin,
+                description = plugin.description,
-              pluginJar     = pluginJar,
+                pluginClass = plugin,
-              classLoader   = classLoader
+                pluginJar = pluginJar,
-            ))
+                classLoader = classLoader
+              )
+            )
           }
         }
       } catch {
@@ -311,13 +336,13 @@ object PluginRegistry {
       }
     }
 
-    if(watcher == null){
+    if (watcher == null) {
       watcher = new PluginWatchThread(context, PluginHome)
       watcher.start()
     }
 
     extraPluginDir.foreach { extraDir =>
-      if(extraWatcher == null){
+      if (extraWatcher == null) {
         extraWatcher = new PluginWatchThread(context, extraDir)
         extraWatcher.start()
       }
@@ -328,11 +353,11 @@ object PluginRegistry {
     instance.getPlugins().foreach { plugin =>
       try {
         plugin.pluginClass.shutdown(instance, context, settings)
-        if(watcher != null){
+        if (watcher != null) {
           watcher.interrupt()
           watcher = null
         }
-        if(extraWatcher != null){
+        if (extraWatcher != null) {
           extraWatcher.interrupt()
           extraWatcher = null
         }
@@ -380,17 +405,19 @@ class PluginWatchThread(context: ServletContext, dir: String) extends Thread wit
 
   override def run(): Unit = {
     val path = Paths.get(dir)
-    if(!Files.exists(path)){
+    if (!Files.exists(path)) {
       Files.createDirectories(path)
     }
     val fs = path.getFileSystem
     val watcher = fs.newWatchService
 
-    val watchKey = path.register(watcher,
+    val watchKey = path.register(
+      watcher,
       StandardWatchEventKinds.ENTRY_CREATE,
       StandardWatchEventKinds.ENTRY_MODIFY,
       StandardWatchEventKinds.ENTRY_DELETE,
-      StandardWatchEventKinds.OVERFLOW)
+      StandardWatchEventKinds.OVERFLOW
+    )
 
     logger.info("Start PluginWatchThread: " + path)
 
@@ -400,13 +427,13 @@ class PluginWatchThread(context: ServletContext, dir: String) extends Thread wit
         val events = detectedWatchKey.pollEvents.asScala.filter { e =>
           e.context.toString != ".installed" && !e.context.toString.endsWith(".bak")
         }
-        if(events.nonEmpty){
+        if (events.nonEmpty) {
           events.foreach { event =>
             logger.info(event.kind + ": " + event.context)
           }
           new Thread {
             override def run(): Unit = {
-                gitbucket.core.servlet.Database() withTransaction { session =>
+              gitbucket.core.servlet.Database() withTransaction { session =>
                 logger.info("Reloading plugins...")
                 PluginRegistry.reload(context, loadSystemSettings(), session.conn)
                 logger.info("Reloading finished.")

src/main/scala/gitbucket/core/plugin/PluginRepository.scala

@@ -15,7 +15,7 @@ object PluginRepository {
   lazy val LocalRepositoryIndexFile = new java.io.File(LocalRepositoryDir, "plugins.json")
 
   def getPlugins(): Seq[PluginMetadata] = {
-    if(LocalRepositoryIndexFile.exists){
+    if (LocalRepositoryIndexFile.exists) {
       parsePluginJson(FileUtils.readFileToString(LocalRepositoryIndexFile, "UTF-8"))
     } else Nil
   }
@@ -29,7 +29,7 @@ case class PluginMetadata(
   description: String,
   versions: Seq[VersionDef],
   default: Boolean = false
-){
+) {
   lazy val latestVersion: VersionDef = versions.last
 }
 
@@ -37,7 +37,6 @@ case class VersionDef(
   version: String,
   url: String,
   range: String
-){
+) {
   lazy val file = url.substring(url.lastIndexOf("/") + 1)
 }
-

src/main/scala/gitbucket/core/plugin/ReceiveHook.scala

@@ -6,10 +6,12 @@ import profile.api._
 
 trait ReceiveHook {
 
-  def preReceive(owner: String, repository: String, receivePack: ReceivePack, command: ReceiveCommand, pusher: String)
+  def preReceive(owner: String, repository: String, receivePack: ReceivePack, command: ReceiveCommand, pusher: String)(
-                (implicit session: Session): Option[String] = None
+    implicit session: Session
+  ): Option[String] = None
 
-  def postReceive(owner: String, repository: String, receivePack: ReceivePack, command: ReceiveCommand, pusher: String)
+  def postReceive(owner: String, repository: String, receivePack: ReceivePack, command: ReceiveCommand, pusher: String)(
-                 (implicit session: Session): Unit = ()
+    implicit session: Session
+  ): Unit = ()
 
 }

src/main/scala/gitbucket/core/plugin/Renderer.scala

@@ -21,14 +21,16 @@ trait Renderer {
 object MarkdownRenderer extends Renderer {
   override def render(request: RenderRequest): Html = {
     import request._
-    Html(Markdown.toHtml(
+    Html(
-      markdown         = fileContent,
+      Markdown.toHtml(
-      repository       = repository,
+        markdown = fileContent,
-      enableWikiLink   = enableWikiLink,
+        repository = repository,
-      enableRefsLink   = enableRefsLink,
+        enableWikiLink = enableWikiLink,
-      enableAnchor     = enableAnchor,
+        enableRefsLink = enableRefsLink,
-      enableLineBreaks = false
+        enableAnchor = enableAnchor,
-    )(context))
+        enableLineBreaks = false
+      )(context)
+    )
   }
 }
 

src/main/scala/gitbucket/core/plugin/SuggestionProvider.scala

@@ -73,7 +73,9 @@ trait SuggestionProvider {
    *
    * Each element can be accessed as `option` in `template()` or `replace()` method.
    */
-  def options(repository: RepositoryInfo): Seq[(String, String)] = values(repository).map { value => (value, value) }
+  def options(repository: RepositoryInfo): Seq[(String, String)] = values(repository).map { value =>
+    (value, value)
+  }
 
   /**
    * JavaScript fragment to generate a label of completion proposal. The default is: `option.label`.

src/main/scala/gitbucket/core/service/AccessTokenService.scala

@@ -5,14 +5,13 @@ import gitbucket.core.model.Profile.profile.blockingApi._
 import gitbucket.core.model.{AccessToken, Account}
 import gitbucket.core.util.StringUtil
 
-import scala.util.Random
+import java.security.SecureRandom
-
 
 trait AccessTokenService {
 
   def makeAccessTokenString: String = {
     val bytes = new Array[Byte](20)
-    Random.nextBytes(bytes)
+    AccessTokenService.secureRandom.nextBytes(bytes)
     bytes.map("%02x".format(_)).mkString
   }
 
@@ -27,13 +26,10 @@ trait AccessTokenService {
 
     do {
       token = makeAccessTokenString
-      hash  = tokenToHash(token)
+      hash = tokenToHash(token)
     } while (AccessTokens.filter(_.tokenHash === hash.bind).exists.run)
 
-    val newToken = AccessToken(
+    val newToken = AccessToken(userName = userName, note = note, tokenHash = hash)
-        userName = userName,
-        note = note,
-        tokenHash = hash)
     val tokenId = (AccessTokens returning AccessTokens.map(_.accessTokenId)) insert newToken
     (tokenId, token)
   }
@@ -41,8 +37,11 @@ trait AccessTokenService {
   def getAccountByAccessToken(token: String)(implicit s: Session): Option[Account] =
     Accounts
       .join(AccessTokens)
-      .filter { case (ac, t) => (ac.userName === t.userName) && (t.tokenHash === tokenToHash(token).bind) && (ac.removed === false.bind) }
+      .filter {
-      .map    { case (ac, t) => ac }
+        case (ac, t) =>
+          (ac.userName === t.userName) && (t.tokenHash === tokenToHash(token).bind) && (ac.removed === false.bind)
+      }
+      .map { case (ac, t) => ac }
       .firstOption
 
   def getAccessTokens(userName: String)(implicit s: Session): List[AccessToken] =
@@ -56,4 +55,6 @@ trait AccessTokenService {
 
 }
 
-object AccessTokenService extends AccessTokenService
+object AccessTokenService extends AccessTokenService {
+  private val secureRandom = new SecureRandom()
+}

src/main/scala/gitbucket/core/service/AccountFederationService.scala

@@ -12,20 +12,22 @@ trait AccountFederationService {
   private val logger = LoggerFactory.getLogger(classOf[AccountFederationService])
 
   /**
-    * Get or create a user account federated with OIDC or SAML IdP.
+   * Get or create a user account federated with OIDC or SAML IdP.
-    *
+   *
-    * @param issuer            Issuer
+   * @param issuer            Issuer
-    * @param subject           Subject
+   * @param subject           Subject
-    * @param mailAddress       Mail address
+   * @param mailAddress       Mail address
-    * @param preferredUserName Username (if this is none, username will be generated from the mail address)
+   * @param preferredUserName Username (if this is none, username will be generated from the mail address)
-    * @param fullName          Fullname (defaults to username)
+   * @param fullName          Fullname (defaults to username)
-    * @return Account
+   * @return Account
-    */
+   */
-  def getOrCreateFederatedUser(issuer: String,
+  def getOrCreateFederatedUser(
-                               subject: String,
+    issuer: String,
-                               mailAddress: String,
+    subject: String,
-                               preferredUserName: Option[String],
+    mailAddress: String,
-                               fullName: Option[String])(implicit s: Session): Option[Account] =
+    preferredUserName: Option[String],
+    fullName: Option[String]
+  )(implicit s: Session): Option[Account] =
     getAccountByFederation(issuer, subject) match {
       case Some(account) if !account.isRemoved =>
         Some(account)
@@ -43,19 +45,25 @@ trait AccountFederationService {
   private def extractSafeStringForUserName(s: String) = """^[a-zA-Z0-9][a-zA-Z0-9\-_.]*""".r.findPrefixOf(s)
 
   /**
-    * Find an available username from the preferred username or mail address.
+   * Find an available username from the preferred username or mail address.
-    *
+   *
-    * @param mailAddress       Mail address
+   * @param mailAddress       Mail address
-    * @param preferredUserName Username
+   * @param preferredUserName Username
-    * @return Available username
+   * @return Available username
-    */
+   */
-  def findAvailableUserName(preferredUserName: Option[String], mailAddress: String)(implicit s: Session): Option[String] = {
+  def findAvailableUserName(preferredUserName: Option[String], mailAddress: String)(
-    preferredUserName.flatMap(n => extractSafeStringForUserName(n)).orElse(extractSafeStringForUserName(mailAddress)) match {
+    implicit s: Session
+  ): Option[String] = {
+    preferredUserName
+      .flatMap(n => extractSafeStringForUserName(n))
+      .orElse(extractSafeStringForUserName(mailAddress)) match {
       case Some(safeUserName) =>
         getAccountByUserName(safeUserName, includeRemoved = true) match {
           case None => Some(safeUserName)
           case Some(_) =>
-            logger.info(s"User ($safeUserName) already exists. preferredUserName=$preferredUserName, mailAddress=$mailAddress")
+            logger.info(
+              s"User ($safeUserName) already exists. preferredUserName=$preferredUserName, mailAddress=$mailAddress"
+            )
             None
         }
       case None =>
@@ -65,8 +73,10 @@ trait AccountFederationService {
   }
 
   def getAccountByFederation(issuer: String, subject: String)(implicit s: Session): Option[Account] =
-    AccountFederations.filter(_.byPrimaryKey(issuer, subject))
+    AccountFederations
-      .join(Accounts).on { case af ~ ac => af.userName === ac.userName }
+      .filter(_.byPrimaryKey(issuer, subject))
+      .join(Accounts)
+      .on { case af ~ ac => af.userName === ac.userName }
       .map { case _ ~ ac => ac }
       .firstOption
 

src/main/scala/gitbucket/core/service/AccountService.scala

@@ -1,11 +1,11 @@
 package gitbucket.core.service
 
 import org.slf4j.LoggerFactory
-import gitbucket.core.model.{GroupMember, Account}
+import gitbucket.core.model.{Account, AccountExtraMailAddress, GroupMember}
 import gitbucket.core.model.Profile._
 import gitbucket.core.model.Profile.profile.blockingApi._
 import gitbucket.core.model.Profile.dateColumnType
-import gitbucket.core.util.{StringUtil, LDAPUtil}
+import gitbucket.core.util.{LDAPUtil, StringUtil}
 import StringUtil._
 import gitbucket.core.service.SystemSettingsService.SystemSettings
 
@@ -13,14 +13,16 @@ trait AccountService {
 
   private val logger = LoggerFactory.getLogger(classOf[AccountService])
 
-  def authenticate(settings: SystemSettings, userName: String, password: String)(implicit s: Session): Option[Account] = {
+  def authenticate(settings: SystemSettings, userName: String, password: String)(
+    implicit s: Session
+  ): Option[Account] = {
     val account = if (settings.ldapAuthentication) {
       ldapAuthentication(settings, userName, password)
     } else {
       defaultAuthentication(userName, password)
     }
 
-    if(account.isEmpty){
+    if (account.isEmpty) {
       logger.info(s"Failed to authenticate: $userName")
     }
 
@@ -31,46 +33,65 @@ trait AccountService {
    * Authenticate by internal database.
    */
   private def defaultAuthentication(userName: String, password: String)(implicit s: Session) = {
+    val pbkdf2re = """^\$pbkdf2-sha256\$(\d+)\$([0-9a-zA-Z+/=]+)\$([0-9a-zA-Z+/=]+)$""".r
     getAccountByUserName(userName).collect {
-      case account if(!account.isGroupAccount && account.password == sha1(password)) => Some(account)
+      case account if !account.isGroupAccount =>
+        account.password match {
+          case pbkdf2re(iter, salt, hash) if (pbkdf2_sha256(iter.toInt, salt, password) == hash) => Some(account)
+          case p if p == sha1(password) =>
+            updateAccount(account.copy(password = pbkdf2_sha256(password)))
+            Some(account)
+          case _ => None
+        }
+      case account if (!account.isGroupAccount && account.password == sha1(password)) => Some(account)
     } getOrElse None
   }
 
   /**
    * Authenticate by LDAP.
    */
-  private def ldapAuthentication(settings: SystemSettings, userName: String, password: String)
+  private def ldapAuthentication(settings: SystemSettings, userName: String, password: String)(
-                                (implicit s: Session): Option[Account] = {
+    implicit s: Session
+  ): Option[Account] = {
     LDAPUtil.authenticate(settings.ldap.get, userName, password) match {
       case Right(ldapUserInfo) => {
         // Create or update account by LDAP information
         getAccountByUserName(ldapUserInfo.userName, true) match {
-          case Some(x) if(!x.isRemoved) => {
+          case Some(x) if (!x.isRemoved) => {
-            if(settings.ldap.get.mailAttribute.getOrElse("").isEmpty) {
+            if (settings.ldap.get.mailAttribute.getOrElse("").isEmpty) {
               updateAccount(x.copy(fullName = ldapUserInfo.fullName))
             } else {
               updateAccount(x.copy(mailAddress = ldapUserInfo.mailAddress, fullName = ldapUserInfo.fullName))
             }
             getAccountByUserName(ldapUserInfo.userName)
           }
-          case Some(x) if(x.isRemoved)  => {
+          case Some(x) if (x.isRemoved) => {
             logger.info("LDAP Authentication Failed: Account is already registered but disabled.")
             defaultAuthentication(userName, password)
           }
-          case None => getAccountByMailAddress(ldapUserInfo.mailAddress, true) match {
+          case None =>
-            case Some(x) if(!x.isRemoved) => {
+            getAccountByMailAddress(ldapUserInfo.mailAddress, true) match {
-              updateAccount(x.copy(fullName = ldapUserInfo.fullName))
+              case Some(x) if (!x.isRemoved) => {
-              getAccountByUserName(ldapUserInfo.userName)
+                updateAccount(x.copy(fullName = ldapUserInfo.fullName))
+                getAccountByUserName(ldapUserInfo.userName)
+              }
+              case Some(x) if (x.isRemoved) => {
+                logger.info("LDAP Authentication Failed: Account is already registered but disabled.")
+                defaultAuthentication(userName, password)
+              }
+              case None => {
+                createAccount(
+                  ldapUserInfo.userName,
+                  "",
+                  ldapUserInfo.fullName,
+                  ldapUserInfo.mailAddress,
+                  false,
+                  None,
+                  None
+                )
+                getAccountByUserName(ldapUserInfo.userName)
+              }
             }
-            case Some(x) if(x.isRemoved)  => {
-              logger.info("LDAP Authentication Failed: Account is already registered but disabled.")
-              defaultAuthentication(userName, password)
-            }
-            case None => {
-              createAccount(ldapUserInfo.userName, "", ldapUserInfo.fullName, ldapUserInfo.mailAddress, false, None, None)
-              getAccountByUserName(ldapUserInfo.userName)
-            }
-          }
         }
       }
       case Left(errorMessage) => {
@@ -81,58 +102,104 @@ trait AccountService {
   }
 
   def getAccountByUserName(userName: String, includeRemoved: Boolean = false)(implicit s: Session): Option[Account] =
-    Accounts filter(t => (t.userName === userName.bind) && (t.removed === false.bind, !includeRemoved)) firstOption
+    Accounts filter (t => (t.userName === userName.bind) && (t.removed === false.bind, !includeRemoved)) firstOption
 
-  def getAccountsByUserNames(userNames: Set[String], knowns:Set[Account], includeRemoved: Boolean = false)(implicit s: Session): Map[String, Account] = {
+  def getAccountByUserNameIgnoreCase(userName: String, includeRemoved: Boolean = false)(
+    implicit s: Session
+  ): Option[Account] =
+    Accounts filter (
+      t => (t.userName.toLowerCase === userName.toLowerCase.bind) && (t.removed === false.bind, !includeRemoved)
+    ) firstOption
+
+  def getAccountsByUserNames(userNames: Set[String], knowns: Set[Account], includeRemoved: Boolean = false)(
+    implicit s: Session
+  ): Map[String, Account] = {
     val map = knowns.map(a => a.userName -> a).toMap
     val needs = userNames -- map.keySet
-    if(needs.isEmpty){
+    if (needs.isEmpty) {
       map
-    }else{
+    } else {
-      map ++ Accounts.filter(t => (t.userName inSetBind needs) && (t.removed === false.bind, !includeRemoved)).list.map(a => a.userName -> a).toMap
+      map ++ Accounts
+        .filter(t => (t.userName inSetBind needs) && (t.removed === false.bind, !includeRemoved))
+        .list
+        .map(a => a.userName -> a)
+        .toMap
     }
   }
 
-  def getAccountByMailAddress(mailAddress: String, includeRemoved: Boolean = false)(implicit s: Session): Option[Account] =
+  def getAccountByMailAddress(mailAddress: String, includeRemoved: Boolean = false)(
-    Accounts filter(t => (t.mailAddress.toLowerCase === mailAddress.toLowerCase.bind) && (t.removed === false.bind, !includeRemoved)) firstOption
+    implicit s: Session
+  ): Option[Account] =
+    (Accounts joinLeft AccountExtraMailAddresses on { case (a, e) => a.userName === e.userName })
+      .filter {
+        case (a, x) =>
+          ((a.mailAddress.toLowerCase === mailAddress.toLowerCase.bind) ||
+            (x.map { e =>
+                e.extraMailAddress.toLowerCase === mailAddress.toLowerCase.bind
+              }
+              .getOrElse(false.bind))) && (a.removed === false.bind, !includeRemoved)
+      }
+      .map { case (a, e) => a } firstOption
 
-  def getAllUsers(includeRemoved: Boolean = true, includeGroups: Boolean = true)(implicit s: Session): List[Account] =
+  def getAllUsers(includeRemoved: Boolean = true, includeGroups: Boolean = true)(implicit s: Session): List[Account] = {
-  {
     Accounts filter { t =>
       (1.bind === 1.bind) &&
-        (t.groupAccount === false.bind, !includeGroups) &&
+      (t.groupAccount === false.bind, !includeGroups) &&
-        (t.removed === false.bind, !includeRemoved)
+      (t.removed === false.bind, !includeRemoved)
-    } sortBy(_.userName) list
+    } sortBy (_.userName) list
   }
 
   def isLastAdministrator(account: Account)(implicit s: Session): Boolean = {
-    if(account.isAdmin){
+    if (account.isAdmin) {
       (Accounts filter (_.removed === false.bind) filter (_.isAdmin === true.bind) map (_.userName.length)).first == 1
     } else false
   }
 
-  def createAccount(userName: String, password: String, fullName: String, mailAddress: String, isAdmin: Boolean, description: Option[String], url: Option[String])
+  def createAccount(
-                   (implicit s: Session): Unit =
+    userName: String,
+    password: String,
+    fullName: String,
+    mailAddress: String,
+    isAdmin: Boolean,
+    description: Option[String],
+    url: Option[String]
+  )(implicit s: Session): Unit =
     Accounts insert Account(
-      userName       = userName,
+      userName = userName,
-      password       = password,
+      password = password,
-      fullName       = fullName,
+      fullName = fullName,
-      mailAddress    = mailAddress,
+      mailAddress = mailAddress,
-      isAdmin        = isAdmin,
+      isAdmin = isAdmin,
-      url            = url,
+      url = url,
       registeredDate = currentDate,
-      updatedDate    = currentDate,
+      updatedDate = currentDate,
-      lastLoginDate  = None,
+      lastLoginDate = None,
-      image          = None,
+      image = None,
       isGroupAccount = false,
-      isRemoved      = false,
+      isRemoved = false,
-      description    = description)
+      description = description
+    )
 
   def updateAccount(account: Account)(implicit s: Session): Unit =
     Accounts
-      .filter { a =>  a.userName === account.userName.bind }
+      .filter { a =>
-      .map    { a => (a.password, a.fullName, a.mailAddress, a.isAdmin, a.url.?, a.registeredDate, a.updatedDate, a.lastLoginDate.?, a.removed, a.description.?) }
+        a.userName === account.userName.bind
-      .update (
+      }
+      .map { a =>
+        (
+          a.password,
+          a.fullName,
+          a.mailAddress,
+          a.isAdmin,
+          a.url.?,
+          a.registeredDate,
+          a.updatedDate,
+          a.lastLoginDate.?,
+          a.removed,
+          a.description.?
+        )
+      }
+      .update(
         account.password,
         account.fullName,
         account.mailAddress,
@@ -142,39 +209,54 @@ trait AccountService {
         currentDate,
         account.lastLoginDate,
         account.isRemoved,
-        account.description)
+        account.description
+      )
 
   def updateAvatarImage(userName: String, image: Option[String])(implicit s: Session): Unit =
     Accounts.filter(_.userName === userName.bind).map(_.image.?).update(image)
 
+  def getAccountExtraMailAddresses(userName: String)(implicit s: Session): List[String] = {
+    AccountExtraMailAddresses.filter(_.userName === userName.bind).map(_.extraMailAddress) list
+  }
+
+  def updateAccountExtraMailAddresses(userName: String, mails: List[String])(implicit s: Session): Unit = {
+    AccountExtraMailAddresses.filter(_.userName === userName.bind).delete
+    mails.map(AccountExtraMailAddresses insert AccountExtraMailAddress(userName, _))
+  }
+
   def updateLastLoginDate(userName: String)(implicit s: Session): Unit =
     Accounts.filter(_.userName === userName.bind).map(_.lastLoginDate).update(currentDate)
 
   def createGroup(groupName: String, description: Option[String], url: Option[String])(implicit s: Session): Unit =
     Accounts insert Account(
-      userName       = groupName,
+      userName = groupName,
-      password       = "",
+      password = "",
-      fullName       = groupName,
+      fullName = groupName,
-      mailAddress    = groupName + "@devnull",
+      mailAddress = groupName + "@devnull",
-      isAdmin        = false,
+      isAdmin = false,
-      url            = url,
+      url = url,
       registeredDate = currentDate,
-      updatedDate    = currentDate,
+      updatedDate = currentDate,
-      lastLoginDate  = None,
+      lastLoginDate = None,
-      image          = None,
+      image = None,
       isGroupAccount = true,
-      isRemoved      = false,
+      isRemoved = false,
-      description    = description)
+      description = description
+    )
 
-  def updateGroup(groupName: String, description: Option[String], url: Option[String], removed: Boolean)(implicit s: Session): Unit =
+  def updateGroup(groupName: String, description: Option[String], url: Option[String], removed: Boolean)(
-    Accounts.filter(_.userName === groupName.bind)
+    implicit s: Session
+  ): Unit =
+    Accounts
+      .filter(_.userName === groupName.bind)
       .map(t => (t.url.?, t.description.?, t.updatedDate, t.removed))
       .update(url, description, currentDate, removed)
 
   def updateGroupMembers(groupName: String, members: List[(String, Boolean)])(implicit s: Session): Unit = {
     GroupMembers.filter(_.groupName === groupName.bind).delete
-    members.foreach { case (userName, isManager) =>
+    members.foreach {
-      GroupMembers insert GroupMember (groupName, userName, isManager)
+      case (userName, isManager) =>
+        GroupMembers insert GroupMember(groupName, userName, isManager)
     }
   }
 

src/main/scala/gitbucket/core/service/ActivityService.scala

@@ -15,188 +15,356 @@ trait ActivityService {
 
   def getActivitiesByUser(activityUserName: String, isPublic: Boolean)(implicit s: Session): List[Activity] =
     Activities
-      .join(Repositories).on((t1, t2) => t1.byRepository(t2.userName, t2.repositoryName))
+      .join(Repositories)
-      .filter { case (t1, t2) =>
+      .on((t1, t2) => t1.byRepository(t2.userName, t2.repositoryName))
-        if(isPublic){
+      .filter {
-          (t1.activityUserName === activityUserName.bind) && (t2.isPrivate === false.bind)
+        case (t1, t2) =>
-        } else {
+          if (isPublic) {
-          (t1.activityUserName === activityUserName.bind)
+            (t1.activityUserName === activityUserName.bind) && (t2.isPrivate === false.bind)
-        }
+          } else {
+            (t1.activityUserName === activityUserName.bind)
+          }
       }
       .sortBy { case (t1, t2) => t1.activityId desc }
-      .map    { case (t1, t2) => t1 }
+      .map { case (t1, t2) => t1 }
       .take(30)
       .list
 
   def getRecentActivities()(implicit s: Session): List[Activity] =
     Activities
-      .join(Repositories).on((t1, t2) => t1.byRepository(t2.userName, t2.repositoryName))
+      .join(Repositories)
-      .filter { case (t1, t2) =>  t2.isPrivate === false.bind }
+      .on((t1, t2) => t1.byRepository(t2.userName, t2.repositoryName))
+      .filter { case (t1, t2) => t2.isPrivate === false.bind }
       .sortBy { case (t1, t2) => t1.activityId desc }
-      .map    { case (t1, t2) => t1 }
+      .map { case (t1, t2) => t1 }
       .take(30)
       .list
 
-  def getRecentActivitiesByOwners(owners : Set[String])(implicit s: Session): List[Activity] =
+  def getRecentActivitiesByOwners(owners: Set[String])(implicit s: Session): List[Activity] =
     Activities
-      .join(Repositories).on((t1, t2) => t1.byRepository(t2.userName, t2.repositoryName))
+      .join(Repositories)
+      .on((t1, t2) => t1.byRepository(t2.userName, t2.repositoryName))
       .filter { case (t1, t2) => (t2.isPrivate === false.bind) || (t2.userName inSetBind owners) }
       .sortBy { case (t1, t2) => t1.activityId desc }
-      .map    { case (t1, t2) => t1 }
+      .map { case (t1, t2) => t1 }
       .take(30)
       .list
 
-  def recordCreateRepositoryActivity(userName: String, repositoryName: String, activityUserName: String)
+  def recordCreateRepositoryActivity(userName: String, repositoryName: String, activityUserName: String)(
-                                    (implicit s: Session): Unit =
+    implicit s: Session
-    Activities insert Activity(userName, repositoryName, activityUserName,
+  ): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "create_repository",
       s"[user:${activityUserName}] created [repo:${userName}/${repositoryName}]",
       None,
-      currentDate)
+      currentDate
+    )
 
-  def recordCreateIssueActivity(userName: String, repositoryName: String, activityUserName: String, issueId: Int, title: String)
+  def recordCreateIssueActivity(
-                               (implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    issueId: Int,
+    title: String
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "open_issue",
       s"[user:${activityUserName}] opened issue [issue:${userName}/${repositoryName}#${issueId}]",
       Some(title),
-      currentDate)
+      currentDate
+    )
 
-  def recordCloseIssueActivity(userName: String, repositoryName: String, activityUserName: String, issueId: Int, title: String)
+  def recordCloseIssueActivity(
-                              (implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    issueId: Int,
+    title: String
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "close_issue",
       s"[user:${activityUserName}] closed issue [issue:${userName}/${repositoryName}#${issueId}]",
       Some(title),
-      currentDate)
+      currentDate
+    )
 
-  def recordClosePullRequestActivity(userName: String, repositoryName: String, activityUserName: String, issueId: Int, title: String)
+  def recordClosePullRequestActivity(
-                                    (implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    issueId: Int,
+    title: String
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "close_issue",
       s"[user:${activityUserName}] closed pull request [pullreq:${userName}/${repositoryName}#${issueId}]",
       Some(title),
-      currentDate)
+      currentDate
+    )
 
-  def recordReopenIssueActivity(userName: String, repositoryName: String, activityUserName: String, issueId: Int, title: String)
+  def recordReopenIssueActivity(
-                               (implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    issueId: Int,
+    title: String
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "reopen_issue",
       s"[user:${activityUserName}] reopened issue [issue:${userName}/${repositoryName}#${issueId}]",
       Some(title),
-      currentDate)
+      currentDate
+    )
 
-  def recordCommentIssueActivity(userName: String, repositoryName: String, activityUserName: String, issueId: Int, comment: String)
+  def recordCommentIssueActivity(
-                                (implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    issueId: Int,
+    comment: String
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "comment_issue",
       s"[user:${activityUserName}] commented on issue [issue:${userName}/${repositoryName}#${issueId}]",
       Some(cut(comment, 200)),
-      currentDate)
+      currentDate
+    )
 
-  def recordCommentPullRequestActivity(userName: String, repositoryName: String, activityUserName: String, issueId: Int, comment: String)
+  def recordCommentPullRequestActivity(
-                                      (implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    issueId: Int,
+    comment: String
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "comment_issue",
       s"[user:${activityUserName}] commented on pull request [pullreq:${userName}/${repositoryName}#${issueId}]",
       Some(cut(comment, 200)),
-      currentDate)
+      currentDate
+    )
 
-  def recordCommentCommitActivity(userName: String, repositoryName: String, activityUserName: String, commitId: String, comment: String)
+  def recordCommentCommitActivity(
-                                 (implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    commitId: String,
+    comment: String
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "comment_commit",
       s"[user:${activityUserName}] commented on commit [commit:${userName}/${repositoryName}@${commitId}]",
       Some(cut(comment, 200)),
       currentDate
     )
 
-  def recordCreateWikiPageActivity(userName: String, repositoryName: String, activityUserName: String, pageName: String)
+  def recordCreateWikiPageActivity(
-                                  (implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    pageName: String
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "create_wiki",
       s"[user:${activityUserName}] created the [repo:${userName}/${repositoryName}] wiki",
       Some(pageName),
-      currentDate)
+      currentDate
+    )
 
-  def recordEditWikiPageActivity(userName: String, repositoryName: String, activityUserName: String, pageName: String, commitId: String)
+  def recordEditWikiPageActivity(
-                                (implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    pageName: String,
+    commitId: String
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "edit_wiki",
       s"[user:${activityUserName}] edited the [repo:${userName}/${repositoryName}] wiki",
       Some(pageName + ":" + commitId),
-      currentDate)
+      currentDate
+    )
 
-  def recordPushActivity(userName: String, repositoryName: String, activityUserName: String,
+  def recordPushActivity(
-      branchName: String, commits: List[JGitUtil.CommitInfo])(implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    branchName: String,
+    commits: List[JGitUtil.CommitInfo]
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "push",
       s"[user:${activityUserName}] pushed to [branch:${userName}/${repositoryName}#${branchName}] at [repo:${userName}/${repositoryName}]",
-      Some(commits.take(5).map { commit => commit.id + ":" + commit.shortMessage }.mkString("\n")),
+      Some(
-      currentDate)
+        commits
+          .take(5)
+          .map { commit =>
+            commit.id + ":" + commit.shortMessage
+          }
+          .mkString("\n")
+      ),
+      currentDate
+    )
 
-  def recordCreateTagActivity(userName: String, repositoryName: String, activityUserName: String,
+  def recordCreateTagActivity(
-      tagName: String, commits: List[JGitUtil.CommitInfo])(implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    tagName: String,
+    commits: List[JGitUtil.CommitInfo]
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "create_tag",
       s"[user:${activityUserName}] created tag [tag:${userName}/${repositoryName}#${tagName}] at [repo:${userName}/${repositoryName}]",
       None,
-      currentDate)
+      currentDate
+    )
 
-  def recordDeleteTagActivity(userName: String, repositoryName: String, activityUserName: String,
+  def recordDeleteTagActivity(
-                              tagName: String, commits: List[JGitUtil.CommitInfo])(implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    tagName: String,
+    commits: List[JGitUtil.CommitInfo]
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "delete_tag",
       s"[user:${activityUserName}] deleted tag ${tagName} at [repo:${userName}/${repositoryName}]",
       None,
-      currentDate)
+      currentDate
+    )
 
-  def recordCreateBranchActivity(userName: String, repositoryName: String, activityUserName: String, branchName: String)
+  def recordCreateBranchActivity(
-                                (implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    branchName: String
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "create_branch",
       s"[user:${activityUserName}] created branch [branch:${userName}/${repositoryName}#${branchName}] at [repo:${userName}/${repositoryName}]",
       None,
-      currentDate)
+      currentDate
+    )
 
-  def recordDeleteBranchActivity(userName: String, repositoryName: String, activityUserName: String, branchName: String)
+  def recordDeleteBranchActivity(
-                                (implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    branchName: String
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "delete_branch",
       s"[user:${activityUserName}] deleted branch ${branchName} at [repo:${userName}/${repositoryName}]",
       None,
-      currentDate)
+      currentDate
+    )
 
-  def recordForkActivity(userName: String, repositoryName: String, activityUserName: String, forkedUserName: String)(implicit s: Session): Unit =
+  def recordForkActivity(userName: String, repositoryName: String, activityUserName: String, forkedUserName: String)(
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    implicit s: Session
+  ): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "fork",
       s"[user:${activityUserName}] forked [repo:${userName}/${repositoryName}] to [repo:${forkedUserName}/${repositoryName}]",
       None,
-      currentDate)
+      currentDate
+    )
 
-  def recordPullRequestActivity(userName: String, repositoryName: String, activityUserName: String, issueId: Int, title: String)
+  def recordPullRequestActivity(
-                               (implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    issueId: Int,
+    title: String
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "open_pullreq",
       s"[user:${activityUserName}] opened pull request [pullreq:${userName}/${repositoryName}#${issueId}]",
       Some(title),
-      currentDate)
+      currentDate
+    )
 
-  def recordMergeActivity(userName: String, repositoryName: String, activityUserName: String, issueId: Int, message: String)
+  def recordMergeActivity(
-                         (implicit s: Session): Unit =
+    userName: String,
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    repositoryName: String,
+    activityUserName: String,
+    issueId: Int,
+    message: String
+  )(implicit s: Session): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "merge_pullreq",
       s"[user:${activityUserName}] merged pull request [pullreq:${userName}/${repositoryName}#${issueId}]",
       Some(message),
-      currentDate)
+      currentDate
+    )
 
-  def recordReleaseActivity(userName: String, repositoryName: String, activityUserName: String, name: String)(implicit s: Session): Unit =
+  def recordReleaseActivity(userName: String, repositoryName: String, activityUserName: String, name: String)(
-    Activities insert Activity(userName, repositoryName, activityUserName,
+    implicit s: Session
+  ): Unit =
+    Activities insert Activity(
+      userName,
+      repositoryName,
+      activityUserName,
       "release",
       s"[user:${activityUserName}] released ${name} at [repo:${userName}/${repositoryName}]",
       None,
-      currentDate)
+      currentDate
+    )
 
   private def cut(value: String, length: Int): String =
-    if(value.length > length) value.substring(0, length) + "..." else value
+    if (value.length > length) value.substring(0, length) + "..." else value
 }

src/main/scala/gitbucket/core/service/CommitStatusService.scala

@@ -6,47 +6,77 @@ import gitbucket.core.model.Profile.dateColumnType
 import gitbucket.core.model.{CommitState, CommitStatus, Account}
 
 trait CommitStatusService {
-  /** insert or update */
-  def createCommitStatus(userName: String, repositoryName: String, sha: String, context: String, state: CommitState,
-                         targetUrl: Option[String], description: Option[String], now: java.util.Date, creator: Account)(implicit s: Session): Int =
-    CommitStatuses
-      .filter(t => t.byCommit(userName, repositoryName, sha) && t.context === context.bind )
-      .map(_.commitStatusId).firstOption match {
-        case Some(id: Int) => {
-          CommitStatuses.filter(_.byPrimaryKey(id)).map { t =>
-            (t.state , t.targetUrl , t.updatedDate , t.creator, t.description)
-          }.update((state, targetUrl, now, creator.userName, description))
-          id
-        }
-        case None => (CommitStatuses returning CommitStatuses.map(_.commitStatusId)) insert CommitStatus(
-            userName       = userName,
-            repositoryName = repositoryName,
-            commitId       = sha,
-            context        = context,
-            state          = state,
-            targetUrl      = targetUrl,
-            description    = description,
-            creator        = creator.userName,
-            registeredDate = now,
-            updatedDate    = now)
-      }
 
-  def getCommitStatus(userName: String, repositoryName: String, id: Int)(implicit s: Session) :Option[CommitStatus] =
+  /** insert or update */
+  def createCommitStatus(
+    userName: String,
+    repositoryName: String,
+    sha: String,
+    context: String,
+    state: CommitState,
+    targetUrl: Option[String],
+    description: Option[String],
+    now: java.util.Date,
+    creator: Account
+  )(implicit s: Session): Int =
+    CommitStatuses
+      .filter(t => t.byCommit(userName, repositoryName, sha) && t.context === context.bind)
+      .map(_.commitStatusId)
+      .firstOption match {
+      case Some(id: Int) => {
+        CommitStatuses
+          .filter(_.byPrimaryKey(id))
+          .map { t =>
+            (t.state, t.targetUrl, t.updatedDate, t.creator, t.description)
+          }
+          .update((state, targetUrl, now, creator.userName, description))
+        id
+      }
+      case None =>
+        (CommitStatuses returning CommitStatuses.map(_.commitStatusId)) insert CommitStatus(
+          userName = userName,
+          repositoryName = repositoryName,
+          commitId = sha,
+          context = context,
+          state = state,
+          targetUrl = targetUrl,
+          description = description,
+          creator = creator.userName,
+          registeredDate = now,
+          updatedDate = now
+        )
+    }
+
+  def getCommitStatus(userName: String, repositoryName: String, id: Int)(implicit s: Session): Option[CommitStatus] =
     CommitStatuses.filter(t => t.byPrimaryKey(id) && t.byRepository(userName, repositoryName)).firstOption
 
-  def getCommitStatus(userName: String, repositoryName: String, sha: String, context: String)(implicit s: Session) :Option[CommitStatus] =
+  def getCommitStatus(userName: String, repositoryName: String, sha: String, context: String)(
+    implicit s: Session
+  ): Option[CommitStatus] =
     CommitStatuses.filter(t => t.byCommit(userName, repositoryName, sha) && t.context === context.bind).firstOption
 
-  def getCommitStatues(userName: String, repositoryName: String, sha: String)(implicit s: Session) :List[CommitStatus] =
+  def getCommitStatues(userName: String, repositoryName: String, sha: String)(implicit s: Session): List[CommitStatus] =
     byCommitStatues(userName, repositoryName, sha).list
 
-  def getRecentStatuesContexts(userName: String, repositoryName: String, time: java.util.Date)(implicit s: Session) :List[String] =
+  def getRecentStatuesContexts(userName: String, repositoryName: String, time: java.util.Date)(
-    CommitStatuses.filter(t => t.byRepository(userName, repositoryName)).filter(t => t.updatedDate > time.bind).groupBy(_.context).map(_._1).list
+    implicit s: Session
+  ): List[String] =
+    CommitStatuses
+      .filter(t => t.byRepository(userName, repositoryName))
+      .filter(t => t.updatedDate > time.bind)
+      .groupBy(_.context)
+      .map(_._1)
+      .list
 
-  def getCommitStatuesWithCreator(userName: String, repositoryName: String, sha: String)(implicit s: Session) :List[(CommitStatus, Account)] =
+  def getCommitStatuesWithCreator(userName: String, repositoryName: String, sha: String)(
-    byCommitStatues(userName, repositoryName, sha).join(Accounts).filter { case (t, a) => t.creator === a.userName }.list
+    implicit s: Session
+  ): List[(CommitStatus, Account)] =
+    byCommitStatues(userName, repositoryName, sha)
+      .join(Accounts)
+      .filter { case (t, a) => t.creator === a.userName }
+      .list
 
-  protected def byCommitStatues(userName: String, repositoryName: String, sha: String)(implicit s: Session) = 
+  protected def byCommitStatues(userName: String, repositoryName: String, sha: String)(implicit s: Session) =
     CommitStatuses.filter(t => t.byCommit(userName, repositoryName, sha)).sortBy(_.updatedDate desc)
 
 }

src/main/scala/gitbucket/core/service/CommitsService.scala

@@ -1,15 +1,22 @@
 package gitbucket.core.service
 
+import java.io.File
+
 import gitbucket.core.model.CommitComment
 import gitbucket.core.model.Profile._
 import gitbucket.core.model.Profile.profile.blockingApi._
 import gitbucket.core.model.Profile.dateColumnType
+import gitbucket.core.util.Directory._
+import gitbucket.core.util.{FileUtil, StringUtil}
+import org.apache.commons.io.FileUtils
 
 trait CommitsService {
 
-  def getCommitComments(owner: String, repository: String, commitId: String, includePullRequest: Boolean)(implicit s: Session) =
+  def getCommitComments(owner: String, repository: String, commitId: String, includePullRequest: Boolean)(
-    CommitComments filter {
+    implicit s: Session
-      t => t.byCommit(owner, repository, commitId) && (t.issueId.isEmpty || includePullRequest)
+  ) =
+    CommitComments filter { t =>
+      t.byCommit(owner, repository, commitId) && (t.issueId.isEmpty || includePullRequest)
     } list
 
   def getCommitComment(owner: String, repository: String, commentId: String)(implicit s: Session) =
@@ -20,35 +27,94 @@ trait CommitsService {
     else
       None
 
-  def createCommitComment(owner: String, repository: String, commitId: String, loginUser: String,
+  def createCommitComment(
-                          content: String, fileName: Option[String], oldLine: Option[Int], newLine: Option[Int],
+    owner: String,
-                          issueId: Option[Int])(implicit s: Session): Int =
+    repository: String,
+    commitId: String,
+    loginUser: String,
+    content: String,
+    fileName: Option[String],
+    oldLine: Option[Int],
+    newLine: Option[Int],
+    issueId: Option[Int]
+  )(implicit s: Session): Int =
     CommitComments returning CommitComments.map(_.commentId) insert CommitComment(
-      userName          = owner,
+      userName = owner,
-      repositoryName    = repository,
+      repositoryName = repository,
-      commitId          = commitId,
+      commitId = commitId,
       commentedUserName = loginUser,
-      content           = content,
+      content = content,
-      fileName          = fileName,
+      fileName = fileName,
-      oldLine           = oldLine,
+      oldLine = oldLine,
-      newLine           = newLine,
+      newLine = newLine,
-      registeredDate    = currentDate,
+      registeredDate = currentDate,
-      updatedDate       = currentDate,
+      updatedDate = currentDate,
-      issueId           = issueId)
+      issueId = issueId
+    )
 
-  def updateCommitCommentPosition(commentId: Int, commitId: String, oldLine: Option[Int], newLine: Option[Int])(implicit s: Session): Unit =
+  def updateCommitCommentPosition(commentId: Int, commitId: String, oldLine: Option[Int], newLine: Option[Int])(
-    CommitComments.filter(_.byPrimaryKey(commentId))
+    implicit s: Session
+  ): Unit =
+    CommitComments
+      .filter(_.byPrimaryKey(commentId))
       .map { t =>
         (t.commitId, t.oldLine, t.newLine)
-      }.update(commitId, oldLine, newLine)
+      }
+      .update(commitId, oldLine, newLine)
 
   def updateCommitComment(commentId: Int, content: String)(implicit s: Session) = {
     CommitComments
-      .filter (_.byPrimaryKey(commentId))
+      .filter(_.byPrimaryKey(commentId))
-      .map { t => (t.content, t.updatedDate) }
+      .map { t =>
-      .update (content, currentDate)
+        (t.content, t.updatedDate)
+      }
+      .update(content, currentDate)
   }
 
   def deleteCommitComment(commentId: Int)(implicit s: Session) =
     CommitComments filter (_.byPrimaryKey(commentId)) delete
+
+  def saveCommitCommentDiff(
+    owner: String,
+    repository: String,
+    commitId: String,
+    fileName: String,
+    oldLine: Option[Int],
+    newLine: Option[Int],
+    diffJson: String
+  ): Unit = {
+    val dir = new File(getDiffDir(owner, repository), FileUtil.checkFilename(commitId))
+    if (!dir.exists) {
+      dir.mkdirs()
+    }
+    val file = diffFile(dir, fileName, oldLine, newLine)
+    FileUtils.write(file, diffJson, "UTF-8")
+  }
+
+  def loadCommitCommentDiff(
+    owner: String,
+    repository: String,
+    commitId: String,
+    fileName: String,
+    oldLine: Option[Int],
+    newLine: Option[Int]
+  ): Option[String] = {
+    val dir = new File(getDiffDir(owner, repository), FileUtil.checkFilename(commitId))
+    val file = diffFile(dir, fileName, oldLine, newLine)
+    if (file.exists) {
+      Option(FileUtils.readFileToString(file, "UTF-8"))
+    } else None
+  }
+
+  private def diffFile(dir: java.io.File, fileName: String, oldLine: Option[Int], newLine: Option[Int]): File = {
+    new File(
+      dir,
+      StringUtil.sha1(
+        fileName +
+          "_oldLine:" + oldLine.map(_.toString).getOrElse("") +
+          "_newLine:" + newLine.map(_.toString).getOrElse("")
+      )
+    )
+  }
+
 }

src/main/scala/gitbucket/core/service/DeployKeyService.scala

@@ -6,20 +6,24 @@ import gitbucket.core.model.Profile.profile.blockingApi._
 
 trait DeployKeyService {
 
-  def addDeployKey(userName: String, repositoryName: String, title: String, publicKey: String, allowWrite: Boolean)
+  def addDeployKey(userName: String, repositoryName: String, title: String, publicKey: String, allowWrite: Boolean)(
-                  (implicit s: Session): Unit =
+    implicit s: Session
-    DeployKeys.insert(DeployKey(
+  ): Unit =
-      userName       = userName,
+    DeployKeys.insert(
-      repositoryName = repositoryName,
+      DeployKey(
-      title          = title,
+        userName = userName,
-      publicKey      = publicKey,
+        repositoryName = repositoryName,
-      allowWrite     = allowWrite
+        title = title,
-    ))
+        publicKey = publicKey,
+        allowWrite = allowWrite
+      )
+    )
 
   def getDeployKeys(userName: String, repositoryName: String)(implicit s: Session): List[DeployKey] =
     DeployKeys
       .filter(x => (x.userName === userName.bind) && (x.repositoryName === repositoryName.bind))
-      .sortBy(_.deployKeyId).list
+      .sortBy(_.deployKeyId)
+      .list
 
   def getAllDeployKeys()(implicit s: Session): List[DeployKey] =
     DeployKeys.filter(_.publicKey.trim =!= "").list
@@ -27,5 +31,4 @@ trait DeployKeyService {
   def deleteDeployKey(userName: String, repositoryName: String, deployKeyId: Int)(implicit s: Session): Unit =
     DeployKeys.filter(_.byPrimaryKey(userName, repositoryName, deployKeyId)).delete
 
-
 }

src/main/scala/gitbucket/core/service/HandleCommentService.scala

@@ -8,85 +8,111 @@ import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Implicits._
 
 trait HandleCommentService {
-  self: RepositoryService with IssuesService with ActivityService
+  self: RepositoryService
-    with WebHookService with WebHookIssueCommentService with WebHookPullRequestService =>
+    with IssuesService
+    with ActivityService
+    with WebHookService
+    with WebHookIssueCommentService
+    with WebHookPullRequestService =>
 
   /**
    * @see [[https://github.com/gitbucket/gitbucket/wiki/CommentAction]]
    */
-  def handleComment(issue: Issue, content: Option[String], repository: RepositoryService.RepositoryInfo, actionOpt: Option[String])
+  def handleComment(
-                   (implicit context: Context, s: Session) = {
+    issue: Issue,
+    content: Option[String],
+    repository: RepositoryService.RepositoryInfo,
+    actionOpt: Option[String]
+  )(implicit context: Context, s: Session) = {
     context.loginAccount.flatMap { loginAccount =>
-      defining(repository.owner, repository.name){ case (owner, name) =>
+      defining(repository.owner, repository.name) {
-        val userName = loginAccount.userName
+        case (owner, name) =>
+          val userName = loginAccount.userName
 
-        val (action, actionActivity) = actionOpt
+          val (action, actionActivity) = actionOpt
-          .collect {
+            .collect {
-            case "close" if(!issue.closed) => true  ->
+              case "close" if (!issue.closed) =>
-              (Some("close")  -> Some(if(issue.isPullRequest) recordClosePullRequestActivity _ else recordCloseIssueActivity _))
+                true ->
-            case "reopen" if(issue.closed) => false ->
+                  (Some("close") -> Some(
-              (Some("reopen") -> Some(recordReopenIssueActivity _))
+                    if (issue.isPullRequest) recordClosePullRequestActivity _
-          }
+                    else recordCloseIssueActivity _
-          .map { case (closed, t) =>
+                  ))
-            updateClosed(owner, name, issue.issueId, closed)
+              case "reopen" if (issue.closed) =>
-            t
+                false ->
-          }
+                  (Some("reopen") -> Some(recordReopenIssueActivity _))
-          .getOrElse(None -> None)
-
-        val commentId = (content, action) match {
-          case (None, None) => None
-          case (None, Some(action)) =>
-            Some(createComment(owner, name, userName, issue.issueId, action.capitalize, action))
-          case (Some(content), _) =>
-            val id = Some(createComment(owner, name, userName, issue.issueId, content, action.map(_+ "_comment").getOrElse("comment")))
-
-            // record comment activity
-            if(issue.isPullRequest) recordCommentPullRequestActivity(owner, name, userName, issue.issueId, content)
-            else recordCommentIssueActivity(owner, name, userName, issue.issueId, content)
-
-            // extract references and create refer comment
-            createReferComment(owner, name, issue, content, loginAccount)
-
-            id
-        }
-
-        actionActivity.foreach { f => f(owner, name, userName, issue.issueId, issue.title) }
-
-        // call web hooks
-        action match {
-          case None => commentId foreach (callIssueCommentWebHook(repository, issue, _, loginAccount))
-          case Some(act) =>
-            val webHookAction = act match {
-              case "close"  => "closed"
-              case "reopen" => "reopened"
             }
-            if(issue.isPullRequest)
+            .map {
-              callPullRequestWebHook(webHookAction, repository, issue.issueId, context.baseUrl, loginAccount)
+              case (closed, t) =>
-            else
+                updateClosed(owner, name, issue.issueId, closed)
-              callIssuesWebHook(webHookAction, repository, issue, context.baseUrl, loginAccount)
+                t
-        }
+            }
+            .getOrElse(None -> None)
 
-        // call hooks
+          val commentId = (content, action) match {
-        content foreach { x =>
+            case (None, None) => None
-          if(issue.isPullRequest)
+            case (None, Some(action)) =>
-            PluginRegistry().getPullRequestHooks.foreach(_.addedComment(commentId.get, x, issue, repository))
+              Some(createComment(owner, name, userName, issue.issueId, action.capitalize, action))
-          else
+            case (Some(content), _) =>
-            PluginRegistry().getIssueHooks.foreach(_.addedComment(commentId.get, x, issue, repository))
+              val id = Some(
-        }
+                createComment(
-        action foreach {
+                  owner,
-          case "close" =>
+                  name,
-            if(issue.isPullRequest)
+                  userName,
-              PluginRegistry().getPullRequestHooks.foreach(_.closed(issue, repository))
+                  issue.issueId,
-            else
+                  content,
-              PluginRegistry().getIssueHooks.foreach(_.closed(issue, repository))
+                  action.map(_ + "_comment").getOrElse("comment")
-          case "reopen" =>
+                )
-            if(issue.isPullRequest)
+              )
-              PluginRegistry().getPullRequestHooks.foreach(_.reopened(issue, repository))
-            else
-              PluginRegistry().getIssueHooks.foreach(_.reopened(issue, repository))
-        }
 
-        commentId.map( issue -> _ )
+              // record comment activity
+              if (issue.isPullRequest) recordCommentPullRequestActivity(owner, name, userName, issue.issueId, content)
+              else recordCommentIssueActivity(owner, name, userName, issue.issueId, content)
+
+              // extract references and create refer comment
+              createReferComment(owner, name, issue, content, loginAccount)
+
+              id
+          }
+
+          actionActivity.foreach { f =>
+            f(owner, name, userName, issue.issueId, issue.title)
+          }
+
+          // call web hooks
+          action match {
+            case None => commentId foreach (callIssueCommentWebHook(repository, issue, _, loginAccount))
+            case Some(act) =>
+              val webHookAction = act match {
+                case "close"  => "closed"
+                case "reopen" => "reopened"
+              }
+              if (issue.isPullRequest)
+                callPullRequestWebHook(webHookAction, repository, issue.issueId, context.baseUrl, loginAccount)
+              else
+                callIssuesWebHook(webHookAction, repository, issue, context.baseUrl, loginAccount)
+          }
+
+          // call hooks
+          content foreach { x =>
+            if (issue.isPullRequest)
+              PluginRegistry().getPullRequestHooks.foreach(_.addedComment(commentId.get, x, issue, repository))
+            else
+              PluginRegistry().getIssueHooks.foreach(_.addedComment(commentId.get, x, issue, repository))
+          }
+          action foreach {
+            case "close" =>
+              if (issue.isPullRequest)
+                PluginRegistry().getPullRequestHooks.foreach(_.closed(issue, repository))
+              else
+                PluginRegistry().getIssueHooks.foreach(_.closed(issue, repository))
+            case "reopen" =>
+              if (issue.isPullRequest)
+                PluginRegistry().getPullRequestHooks.foreach(_.reopened(issue, repository))
+              else
+                PluginRegistry().getIssueHooks.foreach(_.reopened(issue, repository))
+          }
+
+          commentId.map(issue -> _)
       }
     }
   }

src/main/scala/gitbucket/core/service/IssueCreationService.scala

@@ -11,20 +11,33 @@ trait IssueCreationService {
 
   self: RepositoryService with WebHookIssueCommentService with LabelsService with IssuesService with ActivityService =>
 
-  def createIssue(repository: RepositoryInfo, title:String, body:Option[String],
+  def createIssue(
-                  assignee: Option[String], milestoneId: Option[Int], priorityId: Option[Int], labelNames: Seq[String],
+    repository: RepositoryInfo,
-                  loginAccount: Account)(implicit context: Context, s: Session) : Issue = {
+    title: String,
+    body: Option[String],
+    assignee: Option[String],
+    milestoneId: Option[Int],
+    priorityId: Option[Int],
+    labelNames: Seq[String],
+    loginAccount: Account
+  )(implicit context: Context, s: Session): Issue = {
 
     val owner = repository.owner
-    val name  = repository.name
+    val name = repository.name
-    val userName   = loginAccount.userName
+    val userName = loginAccount.userName
     val manageable = isIssueManageable(repository)
 
     // insert issue
-    val issueId = insertIssue(owner, name, userName, title, body,
+    val issueId = insertIssue(
+      owner,
+      name,
+      userName,
+      title,
+      body,
       if (manageable) assignee else None,
       if (manageable) milestoneId else None,
-      if (manageable) priorityId else None)
+      if (manageable) priorityId else None
+    )
     val issue: Issue = getIssue(owner, name, issueId.toString).get
 
     // insert labels