simon/smeagol
1
0
Fork 0
mirror of https://github.com/journeyman-cc/smeagol.git synced 2026-04-12 18:05:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

#23, #29: Fix. Removed sensitive information from log file.

Browse source
This commit is contained in:
simon 2017-09-09 13:53:22 +01:00
parent 44703d5889
commit 85467c19ce
6 changed files with 91 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

8
resources/public/content/stylesheet.css
View file

@ -236,6 +236,14 @@ th {
color: white; color: white;
} }
.pseudo-input {
border: inset thin;
background-color: white;
display: inline-block;
min-width: 7.5em;
padding: 0 2em 0 0;
}
.vega-bindings, .vega-actions { .vega-bindings, .vega-actions {
font-size: 66%; font-size: 66%;
} }

7
resources/templates/edit-user.html
View file

@ -6,7 +6,12 @@
{% csrf-field %} {% csrf-field %}
<p class="widget"> <p class="widget">
<label for="target">{% i18n username-prompt %}</label> <label for="target">{% i18n username-prompt %}</label>
<input type="text" name="target" id="target" value="{{target}}" required {% ifunequal target "" %}disabled{% endifunequal %}/> {% ifequal target "" %}
<input type="text" name="target" id="target" value="{{target}}" required/>
{% else %}
<span class="pseudo-input">{{target}}</span>
<input type="hidden" name="target" id="target" value="{{target}}" required/>
{% endifequal %}
</p> </p>
<p class="widget"> <p class="widget">
<label for="pass1">{% i18n new-pass-prompt %}</label> <label for="pass1">{% i18n new-pass-prompt %}</label>

65
src/smeagol/authenticate.clj
View file

@ -74,10 +74,14 @@
(let [user ((keyword username) (get-users))] (let [user ((keyword username) (get-users))]
(:admin user)))) (:admin user))))
(defn evaluate-password (defn evaluate-password
"Evaluate whether this proposed password is suitable for use." "Evaluate whether this proposed password is suitable for use; return `true` is so, a keyword if not."
([pass1 pass2] ([pass1 pass2]
(and pass1 (>= (count pass1) 8) (.equals pass1 pass2))) (cond
(< (count pass1) 8) :chpass-too-short
(.equals pass1 pass2) true
true :chpass-bad-match))
([password] ([password]
(evaluate-password password password))) (evaluate-password password password)))
@ -129,34 +133,37 @@
(defn add-user (defn add-user
"Add a user to the passwd file with this username, initial password and email address and admin flag." "Add a user to the passwd file with this `username`, initial password and `email` address and `admin` flag."
[username newpass email admin] [username newpass email admin]
(let [users (get-users) (timbre/info "Trying to add user " username)
user ((keyword username) users) (cond
password (if (not (string? username)) (throw (Exception. "Username must be a string."))
(and newpass (evaluate-password newpass)) (= (count username) 0) (throw (Exception. "Username cannot be zero length"))
(password/encrypt newpass)) true (let [users (get-users)
details {:email email user ((keyword username) users)
:admin (if password (if
(and (string? admin) (> (count admin) 0)) (and newpass (evaluate-password newpass))
true (password/encrypt newpass))
false)} details {:email email
;; if we have a valid password we want to include it in the details to update. :admin (if
full-details (if password (and (string? admin) (> (count admin) 0))
(merge details {:password password}) true
details)] false)}
(try ;; if we have a valid password we want to include it in the details to update.
(locking password-file-path full-details (if password
(spit password-file-path (assoc details :password password)
(merge users details)]
{(keyword username) (merge user full-details)})) (try
(timbre/info (str "Successfully added user " username)) (locking password-file-path
true) (spit password-file-path
(catch Exception any (assoc users (keyword username) (merge user full-details)))
(timbre/error (timbre/info "Successfully added user " username)
(format "Adding user %s failed: %s (%s)" true)
username (.getName (.getClass any)) (.getMessage any))) (catch Exception any
false)))) (timbre/error
(format "Adding user %s failed: %s (%s)"
username (.getName (.getClass any)) (.getMessage any)))
false)))))
(defn delete-user (defn delete-user

1
src/smeagol/layout.clj
View file

@ -45,7 +45,6 @@
(fn [args context-map] (fn [args context-map]
(let [messages (:i18n context-map) (let [messages (:i18n context-map)
default (or (second args) (first args))] default (or (second args) (first args))]
(timbre/info (str "i18n: key is " (first args) " messages map is " messages))
(if (map? messages) (or (messages (keyword (first args))) default) default)))) (if (map? messages) (or (messages (keyword (first args))) default) default))))

61
src/smeagol/routes/admin.clj
View file

@ -61,26 +61,41 @@
(defn edit-user (defn edit-user
"Put an individual user's details on screen for editing." "Put an individual user's details on screen for editing."
[request] [request]
(let [params (keywordize-keys (:params request)) (let [params (keywordize-keys (:params request))]
target (or (:target params) "") (try
pass1 (:pass1 params) (let [target (or (:target params) "")
password (if (and pass1 (auth/evaluate-password pass1 (:pass2 params))) pass1) pass1 (:pass1 params)
stored (if (:email params) pass2 (:pass2 params)
(auth/add-user target password (:email params) (:admin params))) check-pass (auth/evaluate-password pass1 pass2)
message (if stored (str (:save-user-success (util/get-messages request)) " " target ".")) password (if (and pass1 (true? check-pass)) pass1)
error (if (and (:email params) (not stored)) stored (if
(str (:save-user-fail (util/get-messages request)) " " target ".")) (:email params)
page (if stored "edit-users.html" "edit-user.html") (auth/add-user target password (:email params) (:admin params)))
details (auth/fetch-user-details target)] message (if stored (str (:save-user-success (util/get-messages request)) " " target "."))
(if message error (if (and (:email params) (not stored))
(timbre/info message)) (str
(if error (:save-user-fail (util/get-messages request))
(timbre/warn error)) " " target ". "
(layout/render page (if (keyword? check-pass) (check-pass (util/get-messages request)))))
(merge (util/standard-params request) page (if stored "edit-users.html" "edit-user.html")
{:title (str (:edit-title-prefix (util/get-messages request)) " " target) details (auth/fetch-user-details target)]
:message message (if message
:error error (timbre/info message))
:target target (if error
:details details (timbre/warn error))
:users (auth/list-users)})))) (layout/render page
(merge (util/standard-params request)
{:title (str (:edit-title-prefix (util/get-messages request)) " " target)
:message message
:error error
:target target
:details details
:users (auth/list-users)})))
(catch Exception any
(timbre/error (.getMessage any))
(layout/render "edit-user.html"
(merge (util/standard-params request)
{:title (str (:edit-title-prefix (util/get-messages request)) " " (:target params))
:error (.getMessage any)
:target (:target params)
:details {:email (:email params) :admin (:admin params)}}))))))

6
src/smeagol/routes/wiki.clj
View file

@ -233,8 +233,9 @@
pass1 (:pass1 params) pass1 (:pass1 params)
pass2 (:pass2 params) pass2 (:pass2 params)
user (session/get :user) user (session/get :user)
check-pass (auth/evaluate-password pass1 pass2)
changed? (and changed? (and
(auth/evaluate-password pass1 pass2) (true? check-pass)
(auth/change-pass user oldpass pass2))] (auth/change-pass user oldpass pass2))]
(layout/render "passwd.html" (layout/render "passwd.html"
(merge (util/standard-params request) (merge (util/standard-params request)
@ -243,8 +244,7 @@
:error (cond :error (cond
(nil? oldpass) nil (nil? oldpass) nil
changed? nil changed? nil
(< (count pass1) 8) (util/get-message :chpass-too-short request) (keyword? check-pass) (util/get-message check-pass request)
(not (= pass1 pass2)) (util/get-message :chpass-bad-match request)
true (util/get-message :chpass-fail request))})))) true (util/get-message :chpass-fail request))}))))