Moved passwd out of resources/public, which was wantonly insecure, into

resources.

src/smeagol/authenticate.clj

@@ -1,4 +1,7 @@
-(ns smeagol.authenticate (:require [noir.io :as io]))
+(ns smeagol.authenticate 
+  (:use clojure.walk)
+  (:require [taoensso.timbre :as timbre]
+            [noir.io :as io]))
 
 ;; Smeagol: a very simple Wiki engine
 ;; Copyright (C) 2014 Simon Brooke
@@ -20,9 +23,10 @@
 (defn authenticate
   "Return `true` if this `username`/`password` pair match, `false` otherwise"
   [username password]
-  (let [path (str (io/resource-path) "passwd")
+  (let [path (str (io/resource-path) "../passwd")
         users (read-string (slurp path))
         user (keyword username)]
+    (timbre/info (str "Authenticating " username " against " path))
     (.equals (:password (user users)) password)))
 
 (defn get-email

src/smeagol/history.clj

@@ -2,6 +2,23 @@
   (:require [clj-jgit.porcelain :as git]
             [clj-jgit.querying :as q]))
 
+;; Smeagol: a very simple Wiki engine
+;; Copyright (C) 2014 Simon Brooke
+
+;; This program is free software; you can redistribute it and/or
+;; modify it under the terms of the GNU General Public License
+;; as published by the Free Software Foundation; either version 2
+;; of the License, or (at your option) any later version.
+
+;; This program is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, write to the Free Software
+;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
 (defn entry-contains
   "If this `log-entry` contains a reference to this `file-path`, return the entry;
    else nil."

src/smeagol/routes/wiki.clj

@@ -23,6 +23,7 @@
             [noir.response :as response]
             [noir.util.route :as route]
             [noir.session :as session]
+            [taoensso.timbre :as timbre]
             [smeagol.authenticate :as auth]
             [smeagol.layout :as layout]
             [smeagol.util :as util]
@@ -49,6 +50,7 @@
         user (session/get :user)
         email (auth/get-email user)
         summary (:summary params)]
+    (timbre/info (str "Saving " user "'s changes (" summary ") to " file-name))
     (spit file-path source-text)
     (if (not exists?) (git/git-add git-repo file-name))
     (git/git-commit git-repo summary {:name user :email email})
@@ -106,12 +108,10 @@
                     :header (local-links (util/md->html "/content/_header.md"))
                     :history (hist/find-history (io/resource-path) file-name)})))
 
-
-
 (defn auth-page
   "Render the auth page"
   [request]
-  (let [params (keywordize-keys (:params request))
+  (let [params (keywordize-keys (:form-params request))
         username (:username params)
         password (:password params)
         action (:action params)
@@ -119,6 +119,7 @@
     (cond
       (= action "Logout!")
       (do
+        (timbre/info (str "User " user " logging out"))
         (session/remove! :user)
         (response/redirect "/wiki"))
       (and username password (auth/authenticate username password))