Moved passwd out of resources/public, which was wantonly insecure, into

resources.
2026-04-12 18:05:06 +00:00 · 2015-01-10 08:18:25 +00:00 · 2015-01-10 08:18:25 +00:00 · eb5b82fbca
commit eb5b82fbca
parent 4444664bdf
4 changed files with 27 additions and 5 deletions
--- a/resources/public/passwd
+++ b/resources/public/passwd
--- a/src/smeagol/authenticate.clj
+++ b/src/smeagol/authenticate.clj
@ -1,4 +1,7 @@
-(ns smeagol.authenticate (:require [noir.io :as io]))
+(ns smeagol.authenticate 
+  (:use clojure.walk)
+  (:require [taoensso.timbre :as timbre]
+            [noir.io :as io]))

 ;; Smeagol: a very simple Wiki engine
 ;; Copyright (C) 2014 Simon Brooke
@ -20,9 +23,10 @@
 (defn authenticate
  "Return `true` if this `username`/`password` pair match, `false` otherwise"
  [username password]
-  (let [path (str (io/resource-path) "passwd")
+  (let [path (str (io/resource-path) "../passwd")
        users (read-string (slurp path))
        user (keyword username)]
+    (timbre/info (str "Authenticating " username " against " path))
    (.equals (:password (user users)) password)))

 (defn get-email
--- a/src/smeagol/history.clj
+++ b/src/smeagol/history.clj
@ -2,6 +2,23 @@
  (:require [clj-jgit.porcelain :as git]
            [clj-jgit.querying :as q]))

+;; Smeagol: a very simple Wiki engine
+;; Copyright (C) 2014 Simon Brooke
+
+;; This program is free software; you can redistribute it and/or
+;; modify it under the terms of the GNU General Public License
+;; as published by the Free Software Foundation; either version 2
+;; of the License, or (at your option) any later version.
+
+;; This program is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, write to the Free Software
+;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
 (defn entry-contains
  "If this `log-entry` contains a reference to this `file-path`, return the entry;
   else nil."
--- a/src/smeagol/routes/wiki.clj
+++ b/src/smeagol/routes/wiki.clj
@ -23,6 +23,7 @@
            [noir.response :as response]
            [noir.util.route :as route]
            [noir.session :as session]
+            [taoensso.timbre :as timbre]
            [smeagol.authenticate :as auth]
            [smeagol.layout :as layout]
            [smeagol.util :as util]
@ -49,6 +50,7 @@
        user (session/get :user)
        email (auth/get-email user)
        summary (:summary params)]
+    (timbre/info (str "Saving " user "'s changes (" summary ") to " file-name))
    (spit file-path source-text)
    (if (not exists?) (git/git-add git-repo file-name))
    (git/git-commit git-repo summary {:name user :email email})
@ -106,12 +108,10 @@
                    :header (local-links (util/md->html "/content/_header.md"))
                    :history (hist/find-history (io/resource-path) file-name)})))

-
-
 (defn auth-page
  "Render the auth page"
  [request]
-  (let [params (keywordize-keys (:params request))
+  (let [params (keywordize-keys (:form-params request))
        username (:username params)
        password (:password params)
        action (:action params)
@ -119,6 +119,7 @@
    (cond
      (= action "Logout!")
      (do
+        (timbre/info (str "User " user " logging out"))
        (session/remove! :user)
        (response/redirect "/wiki"))
      (and username password (auth/authenticate username password))