From f988253399ee475aa4f4e60adb95a220f8f88d21 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 12 May 2011 17:33:31 -0400
Subject: [PATCH] Moved distribution files. Revised build script. Security revisions.

---
 src/com/gitblit/wicket/pages/EditUserPage.java |   52 ++++++++++++++++++++++++++++++++++++++++++----------
 1 files changed, 42 insertions(+), 10 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/EditUserPage.java b/src/com/gitblit/wicket/pages/EditUserPage.java
index 250d1fd..d1faa78 100644
--- a/src/com/gitblit/wicket/pages/EditUserPage.java
+++ b/src/com/gitblit/wicket/pages/EditUserPage.java
@@ -15,13 +15,18 @@
 import org.apache.wicket.model.Model;
 import org.apache.wicket.model.util.CollectionModel;
 import org.apache.wicket.model.util.ListModel;
+import org.eclipse.jetty.http.security.Credential.Crypt;
 import org.eclipse.jetty.http.security.Credential.MD5;
 
+import com.gitblit.Constants.AccessRestrictionType;
 import com.gitblit.GitBlit;
 import com.gitblit.GitBlitException;
+import com.gitblit.Keys;
+import com.gitblit.utils.StringUtils;
 import com.gitblit.wicket.AdminPage;
 import com.gitblit.wicket.BasePage;
 import com.gitblit.wicket.WicketUtils;
+import com.gitblit.wicket.models.RepositoryModel;
 import com.gitblit.wicket.models.UserModel;
 
 @AdminPage
@@ -41,7 +46,7 @@
 		super(params);
 		isCreate = false;
 		String name = WicketUtils.getUsername(params);
-		UserModel model = GitBlit.self().getUser(name);
+		UserModel model = GitBlit.self().getUserModel(name);
 		setupPage(model);
 	}
 
@@ -51,12 +56,17 @@
 		} else {
 			super.setupPage("", getString("gb.edit"));
 		}
-		final Model<String> confirmPassword = new Model<String>();
+		final Model<String> confirmPassword = new Model<String>(StringUtils.isEmpty(userModel.getPassword()) ? "" : userModel.getPassword());
 		CompoundPropertyModel<UserModel> model = new CompoundPropertyModel<UserModel>(userModel);
 
-		List<String> repos = GitBlit.self().getRepositoryList();
-		repos.add(0, "*"); // all repositories wildcard
-		final Palette<String> repositories = new Palette<String>("repositories", new ListModel<String>(userModel.getRepositories()), new CollectionModel<String>(repos), new ChoiceRenderer<String>("", ""), 10, false);		
+		List<String> repos = new ArrayList<String>();
+		for (String repo : GitBlit.self().getRepositoryList()) {
+			RepositoryModel repositoryModel = GitBlit.self().getRepositoryModel(repo);
+			if (repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE)) {
+				repos.add(repo);
+			}
+		}
+		final Palette<String> repositories = new Palette<String>("repositories", new ListModel<String>(userModel.getRepositories()), new CollectionModel<String>(repos), new ChoiceRenderer<String>("", ""), 10, false);
 		Form<UserModel> form = new Form<UserModel>("editForm", model) {
 
 			private static final long serialVersionUID = 1L;
@@ -67,8 +77,20 @@
 					error("Passwords do not match!");
 					return;
 				}
-				userModel.setPassword(MD5.digest(userModel.getPassword()));
-				
+				String password = userModel.getPassword();
+				if (!password.toUpperCase().startsWith(Crypt.__TYPE) && !password.toUpperCase().startsWith(MD5.__TYPE)) {
+					// This is a plain text password.
+					// Optionally encrypt/obfuscate the password.
+					String type = GitBlit.self().settings().getString(Keys.realm.passwordStorage, "md5");
+					if (type.equalsIgnoreCase("md5")) {
+						// store MD5 checksum of password
+						userModel.setPassword(MD5.digest(userModel.getPassword()));
+					} else if (type.equalsIgnoreCase("crypt")) {
+						// simple unix encryption
+						userModel.setPassword(Crypt.crypt(userModel.getUsername(), userModel.getPassword()));
+					}
+				}
+
 				Iterator<String> selectedRepositories = repositories.getSelectedChoices();
 				List<String> repos = new ArrayList<String>();
 				while (selectedRepositories.hasNext()) {
@@ -82,14 +104,24 @@
 					return;
 				}
 				setRedirect(true);
-				setResponsePage(EditUserPage.class);
+				if (isCreate) {
+					// create another user
+					setResponsePage(EditUserPage.class);
+				} else {
+					// back to home
+					setResponsePage(RepositoriesPage.class);
+				}
 			}
 		};
 
 		// field names reflective match UserModel fields
 		form.add(new TextField<String>("username").setEnabled(isCreate));
-		form.add(new PasswordTextField("password"));
-		form.add(new PasswordTextField("confirmPassword", confirmPassword));
+		PasswordTextField passwordField = new PasswordTextField("password");
+		passwordField.setResetPassword(false);
+		form.add(passwordField);
+		PasswordTextField confirmPasswordField = new PasswordTextField("confirmPassword", confirmPassword);
+		confirmPasswordField.setResetPassword(false);
+		form.add(confirmPasswordField);
 		form.add(new CheckBox("canAdmin"));
 		form.add(repositories);
 		add(form);

--
Gitblit v1.9.1