Encrypt password.

2025-11-05 04:56:02 +01:00 · 2013-06-29 15:13:20 +09:00
parent cd2486344f
commit 10f2cbbc3e
5 changed files with 39 additions and 23 deletions
--- a/src/main/scala/app/UserManagementController.scala
+++ b/src/main/scala/app/UserManagementController.scala
@@ -1,31 +1,32 @@
 package app

-import model._
 import service._
 import util.AdminOnlyAuthenticator
+import util.StringUtil._
 import jp.sf.amateras.scalatra.forms._

 class UserManagementController extends UserManagementControllerBase with AccountService with AdminOnlyAuthenticator

 trait UserManagementControllerBase extends ControllerBase { self: AccountService with AdminOnlyAuthenticator =>
  
-  case class UserForm(userName: String, password: String, mailAddress: String, isAdmin: Boolean, url: Option[String])
-  
+  case class UserNewForm(userName: String, password: String, mailAddress: String, isAdmin: Boolean, url: Option[String])
+  case class UserEditForm(userName: String, password: Option[String], mailAddress: String, isAdmin: Boolean, url: Option[String])
+
  val newForm = mapping(
    "userName"    -> trim(label("Username"     , text(required, maxlength(100), identifier, unique))),
-    "password"    -> trim(label("Password"     , text(required, maxlength(100)))),
+    "password"    -> trim(label("Password"     , text(required, maxlength(20)))),
    "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100)))),
    "isAdmin"     -> trim(label("User Type"    , boolean())),
    "url"         -> trim(label("URL"          , optional(text(maxlength(200)))))
-  )(UserForm.apply)
+  )(UserNewForm.apply)

  val editForm = mapping(
    "userName"    -> trim(label("Username"     , text(required, maxlength(100), identifier))),
-    "password"    -> trim(label("Password"     , text(required, maxlength(100)))),
+    "password"    -> trim(label("Password"     , optional(text(maxlength(20))))),
    "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100)))),
    "isAdmin"     -> trim(label("User Type"    , boolean())),
    "url"         -> trim(label("URL"          , optional(text(maxlength(200)))))
-  )(UserForm.apply)
+  )(UserEditForm.apply)
  
  get("/admin/users")(adminOnly {
    admin.html.userlist(getAllUsers())
@@ -36,7 +37,7 @@ trait UserManagementControllerBase extends ControllerBase { self: AccountService
  })
  
  post("/admin/users/_new", newForm)(adminOnly { form =>
-    createAccount(form.userName, form.password, form.mailAddress, form.isAdmin, form.url)
+    createAccount(form.userName, encrypt(form.password), form.mailAddress, form.isAdmin, form.url)
    redirect("/admin/users")
  })
  
@@ -47,13 +48,15 @@ trait UserManagementControllerBase extends ControllerBase { self: AccountService
  
  post("/admin/users/:name/_edit", editForm)(adminOnly { form =>
    val userName = params("userName")
-    updateAccount(getAccountByUserName(userName).get.copy(
-        password     = form.password,
+    getAccountByUserName(userName).map { account =>
+      updateAccount(getAccountByUserName(userName).get.copy(
+        password     = form.password.map(encrypt).getOrElse(account.password),
        mailAddress  = form.mailAddress,
        isAdmin      = form.isAdmin,
        url          = form.url))
-    
-    redirect("/admin/users")
+
+      redirect("/admin/users")
+    } getOrElse NotFound
  })

  private def unique: Constraint = new Constraint(){