Commit @b1651ea4714150214f35e5c3b725cf5eedd4355f

doortts 2013-04-24

new feature: SignUp, pending to use and account locking

- new to hive sign-up user, pending to user until site admin confirm.
- site admin can lock user account at sites/settings menu
if you want to use sign-up confirm, uncomment below property in application.conf
#signup.require.confirm = true

see, HIVE-138

@b1651ea4714150214f35e5c3b725cf5eedd4355f

678d83b

b1651ea

app/controllers/SiteApp.java

--- app/controllers/SiteApp.java

+++ app/controllers/SiteApp.java

...	...	@@ -93,4 +93,19 @@
93	93	public static Result softwareMap() {
94	94	return TODO;
95	95	}
	96	+
	97	+ public static Result toggleAccountLock(String loginId){
	98	+ if( User.findByLoginId(session().get("loginId")).isSiteManager() ){
	99	+ User targetUser = User.findByLoginId(loginId);
	100	+ if (targetUser.isAnonymous()){
	101	+ flash(Constants.WARNING, "user.notExists.name");
	102	+ return redirect(routes.SiteApp.userList(0, null));
	103	+ }
	104	+ targetUser.isLocked = !targetUser.isLocked;
	105	+ targetUser.save();
	106	+ return ok(userList.render("title.siteSetting", User.findUsers(0, null)));
	107	+ }
	108	+ flash(Constants.WARNING, "auth.unauthorized.title");
	109	+ return redirect(routes.Application.index());
	110	+ }
96	111	}

678d83b

b1651ea

app/controllers/UserApp.java

--- app/controllers/UserApp.java

+++ app/controllers/UserApp.java


 import models.enumeration.ResourceType;
 
 import org.apache.commons.lang.StringUtils;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.IncorrectCredentialsException;
-import org.apache.shiro.authc.LockedAccountException;
-import org.apache.shiro.authc.UnknownAccountException;
-import org.apache.shiro.authc.UsernamePasswordToken;
-import org.apache.shiro.config.IniSecurityManagerFactory;
 import org.apache.shiro.crypto.RandomNumberGenerator;
 import org.apache.shiro.crypto.SecureRandomNumberGenerator;
 import org.apache.shiro.crypto.hash.Sha256Hash;
-import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ByteSource;
-import org.apache.shiro.util.Factory;
 
+import play.Configuration;
 import play.Logger;
 import play.data.Form;
 import play.mvc.*;

 		return redirect(routes.Application.index());
 	}
 
+    private static boolean isUseSignUpConfirm(){
+        Configuration config = play.Play.application().configuration();
+        String useSignUpConfirm = config.getString("signup.require.confirm");
+        if (useSignUpConfirm != null && useSignUpConfirm.equals("true")) {
+            return true;
+        } else {
+            return false;
+        }
+    }
 	public static Result login() {
 		Form<User> userForm = form(User.class).bindFromRequest();
 		if(userForm.hasErrors()) {
             return badRequest(login.render("title.login", userForm));
         }
         User sourceUser = form(User.class).bindFromRequest().get();
-		User authenticate = authenticateWithPlainPassword(sourceUser.loginId, sourceUser.password);
 
-		if(authenticate!=null) {
+        if (isUseSignUpConfirm()) {
+            if( User.findByLoginId(sourceUser.loginId).isLocked == true ){
+                flash(Constants.WARNING, "user.locked");
+                return redirect(routes.UserApp.loginForm());
+            }
+        }
+        User authenticate = authenticateWithPlainPassword(sourceUser.loginId, sourceUser.password);
+
+		if(authenticate != null) {
 			addUserInfoToSession(authenticate);
 			if (sourceUser.rememberMe) {
 				setupRememberMe(authenticate);

 		else {
 			User user = newUserForm.get();
 			user.avatarUrl = DEFAULT_AVATAR_URL;
-			User.create(hashedPassword(user));
-
-			addUserInfoToSession(user);
+            lockAccountIfSignUpConfirmModeIsUsed(user);
+            User.create(hashedPassword(user));
+            if(user.isLocked){
+                flash(Constants.INFO, "user.signup.requested");
+            } else {
+                addUserInfoToSession(user);
+            }
 			return redirect(routes.Application.index());
 		}
 	}
 
+    private static void lockAccountIfSignUpConfirmModeIsUsed(User user) {
+        Configuration config = play.Play.application().configuration();
+        String useSignUpConfirm = config.getString("signup.require.confirm");
+        if (useSignUpConfirm != null && useSignUpConfirm.equals("true")) {
+            user.isLocked = true;
+        }
+    }
+
     //Fixme user.password가 plain text 였다가 다시 덮여쓰여지는 식으로 동작한다. 혹시라도 패스워드 reset을 위해 이 메소드를 잘못 사용했다가는 자칫 로그인을 할 수 없게 되는 상황이 발생할 수 있다.
 	public static User hashedPassword(User user) {
 		RandomNumberGenerator rng = new SecureRandomNumberGenerator();

678d83b

b1651ea

app/models/User.java

--- app/models/User.java

+++ app/models/User.java


 import java.util.List;
 import java.util.Map;
 
-import javax.persistence.CascadeType;
-import javax.persistence.Entity;
-import javax.persistence.Id;
-import javax.persistence.OneToMany;
-import javax.persistence.Table;
-import javax.persistence.Transient;
+import javax.persistence.*;
 
 import models.enumeration.Direction;
 import models.enumeration.Matching;

 
     @Email(message = "user.wrongEmail.alert")
     public String email;
-
     public String avatarUrl;
-
     public boolean rememberMe;
+    public boolean isLocked = false;
 
     @Formats.DateTime(pattern = "yyyy-MM-dd")
     public Date createdDate;

678d83b

b1651ea

app/views/site/userList.scala.html

--- app/views/site/userList.scala.html

+++ app/views/site/userList.scala.html


 @(message: String, currentPage: com.avaje.ebean.Page[User])
 
 @siteMngMain(message) {
+  <h2>@Messages("site.sidebar.userList")</h2>
   <div class="row-fluid">
     <form class="form-search" action="@routes.SiteApp.searchUser()">
       <input type="text" class="input-medium search-query input-xlarge" name="loginId" placeholder="@Messages("site.userList.search")">
       <button type="submit" class="btn">검색</button>
     </form>
   </div>
-  
+
+  <h3> @Messages("site.userlist.locked")</h3>
   <div class="row-fluid">
     <table class="table table-striped table-condensed">
       <thead>
-        <tr>
-          <th>@Messages("user.loginId")</th>
-          <th>@Messages("user.name")</th>
-          <th>@Messages("user.email")</th>
-          <th></th>
-        </tr>
+          @userlistingHead
       </thead>
       <tbody>
         @for(user <- currentPage.getList()) {
-          <tr>
-            <td>@user.loginId</td>
-            <td>@user.name</td>
-            <td>@user.email</td>
-            <td>
-              <a class="btn"data-toggle="modal" href="@routes.UserApp.userInfo(user.loginId)">@Messages("button.detail")</a>
-              <a class="btn btn-danger" data-toggle="modal" href="#alertDeletion@user.loginId">@Messages("button.delete")</a>
-            </td> 
-          </tr>
-          
-          <div class="modal hide" id="alertDeletion@user.loginId">
-              <div class="modal-header">
-                  <button type="button" class="close" data-dismiss="modal">×</button>
-                  <h3>@Messages("site.user.delete")</h3>
-              </div>
-              <div class="modal-body">
-                  <p>@Messages("site.user.deleteConfirm")</p>
-              </div>
-              <div class="modal-footer">
-                  <a href="#" class="btn" data-dismiss="modal">@Messages("button.no")</a>
-                  <a href="@routes.SiteApp.deleteUser(user.id)" class="btn btn-danger">@Messages("button.yes")</a>
-              </div>
-          </div>
-          <div class="modal hide" id="alertEdit@user.loginId">
-              <div class="modal-header">
-                  <button type="button" class="close" data-dismiss="modal">×</button>
-                  <h3>@Messages("site.user.emailEdit")</h3>
-              </div>
-              <form method="post" action="#">
-                  <div class="modal-body">
-                      <p>@Messages("site.user.editConfirm")</p>
-                        <input/>
-                  </div>
-                  <div class="modal-footer">
-                      <a href="#" class="btn" data-dismiss="modal">@Messages("button.cancel")</a>
-                      <input type="submit" " class="btn btn-danger" value="@Messages("button.save")"/>
-                  </div>
-              </form>
-          </div>
+            @if( user.isLocked == true ){
+            @userlisting(user)
+            }
         }
       </tbody>
     </table>
   </div>
-  
+
+  <h3>@Messages("site.userlist.unlocked")</h3>
+  <div class="row-fluid">
+    <table class="table table-striped table-condensed">
+      <thead>
+          @userlistingHead
+      </thead>
+      <tbody>
+        @for(user <- currentPage.getList()) {
+            @if(user.isLocked == false){
+                @userlisting(user)
+            }
+        }
+      </tbody>
+    </table>
+  </div>
+
   <div class="row-fluid">
     <center>@paginationForUserList(currentPage, 5, "pagination")</center>
   </div>
+}
+@userlistingHead = {
+    <tr>
+        <th>@Messages("user.loginId")</th>
+        <th>@Messages("user.name")</th>
+        <th>@Messages("user.email")</th>
+        <th>@Messages("user.isLocked")</th>
+        <th></th>
+    </tr>
+}
+
+@userlisting(user: models.User) = {
+    <tr>
+        <td>@user.loginId</td>
+        <td>@user.name</td>
+        <td>@user.email</td>
+        <td>@user.isLocked</td>
+        <td>
+            <a class="btn"data-toggle="modal" href="@routes.UserApp.userInfo(user.loginId)">@Messages("button.detail")</a>
+            <a class="btn"data-toggle="modal" href="@routes.SiteApp.toggleAccountLock(user.loginId)">@Messages("button.user.makeAccountUnlock."+ user.isLocked)</a>
+            <a class="btn btn-danger" data-toggle="modal" href="#alertDeletion@user.loginId">@Messages("button.delete")</a>
+        </td>
+    </tr>
+
+    <div class="modal hide" id="alertDeletion@user.loginId">
+        <div class="modal-header">
+            <button type="button" class="close" data-dismiss="modal">×</button>
+            <h3>@Messages("site.user.delete")</h3>
+        </div>
+        <div class="modal-body">
+            <p>@Messages("site.user.deleteConfirm")</p>
+        </div>
+        <div class="modal-footer">
+            <a href="#" class="btn" data-dismiss="modal">@Messages("button.no")</a>
+            <a href="@routes.SiteApp.deleteUser(user.id)" class="btn btn-danger">@Messages("button.yes")</a>
+        </div>
+    </div>
+    <div class="modal hide" id="alertEdit@user.loginId">
+        <div class="modal-header">
+            <button type="button" class="close" data-dismiss="modal">×</button>
+            <h3>@Messages("site.user.emailEdit")</h3>
+        </div>
+        <form method="post" action="#">
+            <div class="modal-body">
+                <p>@Messages("site.user.editConfirm")</p>
+                <input/>
+            </div>
+            <div class="modal-footer">
+                <a href="#" class="btn" data-dismiss="modal">@Messages("button.cancel")</a>
+                <input type="submit" " class="btn btn-danger" value="@Messages("button.save")"/>
+            </div>
+        </form>
+    </div>
 }

678d83b

b1651ea

conf/application.conf

--- conf/application.conf

+++ conf/application.conf

...	...	@@ -111,3 +111,6 @@
111	111	%prod.http.port=80
112	112	%prod.application.log=INFO
113	113	%prod.application.mode=prod
	114	+
	115	+#if you want to use sign-up confirm, uncomment below
	116	+#signup.require.confirm = true

b1651ea

conf/evolutions/default/10.sql (added)

+++ conf/evolutions/default/10.sql

...	...	@@ -0,0 +1,6 @@
	1	+# --- !Ups
	2	+ALTER TABLE N4USER ADD COLUMN is_locked boolean default false;
	3	+
	4	+
	5	+# --- !Downs
	6	+ALTER TABLE N4USER DROP COLUMN is_locked;

678d83b

b1651ea

conf/messages.en

--- conf/messages.en

+++ conf/messages.en


 button.apply = Apply
 button.back = Back
 button.upload = Upload
+button.user.makeAccountUnlock.true = Unlock
+button.user.makeAccountUnlock.false = Lock
 
 checkbox.commented = Comment
 checkbox.fileAttached = File Attached

 site.user.deleteConfirm = Are you sure that his user leaves this site?
 site.project.delete = Delete an project
 site.project.deleteConfirm = Do you want to delete this project?
+site.userlist.unlocked = Active User List
+site.userlist.locked = Account Locked User List
 
 #User
 user.loginId = Login ID

 user.signupBtn = Sign Up
 user.loginWithNewPassword = Please, login with new password!
 user.notExists.name = User Doesn't Exists
+user.locked = User account is locked
+user.isLocked = is locked?
+user.signup.requested = Sign-up for hive is requested. Site admin will review your request. Thanks
 
 #Role
 role.manager = Manager

678d83b

b1651ea

conf/messages.ko

--- conf/messages.ko

+++ conf/messages.ko


 button.apply = 적용
 button.back = 돌아가기
 button.upload = 파일 올리기
+button.user.makeAccountUnlock.true = 잠김해제
+button.user.makeAccountUnlock.false = 계정잠그기
 
 checkbox.commented = 댓글
 checkbox.fileAttached = 첨부파일

 site.user.deleteConfirm = 정말로 해당 유저를 사이트에서 탈퇴시키겠습니까?
 site.project.delete = 프로젝트 삭제
 site.project.deleteConfirm = 정말로 해당 프로젝트를 사이트에서 삭제하겠습니까?
+site.userlist.unlocked = 활성화된 유저 목록
+site.userlist.locked = 계정이 잠긴 유저 목록
 
 #User
 user.loginId = 아이디

 user.signupBtn = 참여하기
 user.loginWithNewPassword = 새로 설정한 비밀번호로 로그인 하세요
 user.notExists.name = 존재하지 않는 유저입니다.
+user.locked = 잠긴 사용자 계정입니다.
+user.isLocked = 잠김여부
+user.signup.requested = 하이브 가입이 요청되었습니다. 사이트 관리자가 검토/승인 후 사용가능합니다. 감사합니다.
 
 #Role
 role.manager = 관리자

678d83b

b1651ea

conf/routes

--- conf/routes

+++ conf/routes


 GET     /sites/projectList                              controllers.SiteApp.projectList(filter:String ?= "")
 GET     /sites/project/delete/:projectId                controllers.SiteApp.deleteProject(projectId:Long)
 GET     /sites/softwareMap                              controllers.SiteApp.softwareMap()
+GET     /sites/toggleAccountLock/:loginId               controllers.SiteApp.toggleAccountLock(loginId: String)
 GET     /lostPassword                                   controllers.PasswordResetApp.lostPassword
 POST    /lostPassword                                   controllers.PasswordResetApp.requestResetPasswordEmail()
 GET     /resetPassword                                  controllers.PasswordResetApp.resetPasswordForm(s:String)

b1651ea

test/controllers/SiteAppTest.java (added)

+++ test/controllers/SiteAppTest.java

...	...	@@ -0,0 +1,66 @@
	1	+package controllers;
	2	+
	3	+import models.*;
	4	+import org.junit.After;
	5	+import org.junit.Before;
	6	+import org.junit.BeforeClass;
	7	+import org.junit.Test;
	8	+import play.test.FakeApplication;
	9	+import play.test.Helpers;
	10	+
	11	+import java.util.HashMap;
	12	+import java.util.Map;
	13	+
	14	+import static org.fest.assertions.Assertions.assertThat;
	15	+import static play.test.Helpers.callAction;
	16	+import static play.test.Helpers.fakeRequest;
	17	+
	18	+public class SiteAppTest {
	19	+ protected static FakeApplication app;
	20	+ private User admin;
	21	+ private User notAdmin;
	22	+
	23	+ @BeforeClass
	24	+ public static void beforeClass() {
	25	+ callAction(
	26	+ routes.ref.Application.init()
	27	+ );
	28	+ }
	29	+
	30	+ @Before
	31	+ public void before() {
	32	+ app = Helpers.fakeApplication(Helpers.inMemoryDatabase());
	33	+ Helpers.start(app);
	34	+
	35	+ admin = User.findByLoginId("admin");
	36	+ notAdmin = User.findByLoginId("doortts");
	37	+ }
	38	+
	39	+ @After
	40	+ public void after() {
	41	+ Helpers.stop(app);
	42	+ }
	43	+
	44	+ @Test
	45	+ public void testToggleUserAccountLock() {
	46	+ //Given
	47	+
	48	+ //Given
	49	+ Map<String,String> data = new HashMap<String,String>();
	50	+ final String loginId= "doortts";
	51	+ data.put("loginId", loginId);
	52	+
	53	+ User targetUser = User.findByLoginId(loginId);
	54	+ boolean currentIsLocked = targetUser.isLocked;
	55	+
	56	+ //When
	57	+ return callAction(
	58	+ controllers.routes.ref.SiteApp.toggleAccountLock(),
	59	+ fakeRequest()
	60	+ .withFormUrlEncodedBody(data)
	61	+ .withSession(UserApp.SESSION_USERID, targetUser.id)
	62	+ );
	63	+ //Then
	64	+ assertThat(User.findByLoginId(loginId).isLocked).isNotEqualTo(currentIsLocked);
	65	+ }
	66	+}

678d83b

b1651ea

test/controllers/UserAppTest.java

--- test/controllers/UserAppTest.java

+++ test/controllers/UserAppTest.java


 package controllers;
 
+import models.User;
 import org.junit.*;
 
 import java.util.*;
 
+import play.Configuration;
+import play.GlobalSettings;
+import play.i18n.Messages;
 import play.mvc.*;
 import play.test.Helpers;
+import utils.JodaDateUtil;
 
 import static play.test.Helpers.*;
 import static org.fest.assertions.Assertions.*;

             }
         });
     }
+
+    @Test
+    public void login_notComfirmedUser() {
+        Map<String, String> fakeConf = Helpers.inMemoryDatabase();
+
+        running(fakeApplication(fakeConf), new Runnable() {
+            public void run() {
+                //Given
+                User user = new User(-31l);
+                user.loginId = "fakeUser";
+                user.email = "fakeuser@fake.com";
+                user.name = "racoon";
+                user.createdDate = JodaDateUtil.now();
+                user.isLocked = true;
+                user.save();
+
+                Map<String, String> data = new HashMap<String,String>();
+                data.put("loginId", user.loginId);
+                data.put("password", user.password);
+
+                //When
+                Result result = callAction(
+                        controllers.routes.ref.UserApp.login(),
+                        fakeRequest().withFormUrlEncodedBody(data)
+                );
+
+                //Then
+                assertThat(status(result)).describedAs("result status should '303 see other'").isEqualTo(303);
+            }
+        });
+    }
+
+    @Test
+    public void newUser_confirmSignUpMode() {
+        Map<String, String> fakeConf = Helpers.inMemoryDatabase();
+
+        running(fakeApplication(fakeConf), new Runnable() {
+            public void run() {
+                //Given
+                final String loginId = "somefakeuserid";
+                Map<String, String> data = new HashMap<String,String>();
+                data.put("loginId", loginId);
+                data.put("password", "somefakepassword");
+                data.put("email", "fakeuser@fake.com");
+                data.put("name", "racoon");
+
+                //When
+                Result result = callAction(
+                        controllers.routes.ref.UserApp.newUser(),
+                        fakeRequest().withFormUrlEncodedBody(data)
+                );
+
+                //Then
+                assertThat(status(result)).describedAs("result status should '303 see other'").isEqualTo(303);
+            }
+        });
+    }
 }

Add a comment

Open 0
Closed 0

List

...	...	@@ -88,6 +88,8 @@
88	88	button.apply = Apply
89	89	button.back = Back
90	90	button.upload = Upload
	91	+button.user.makeAccountUnlock.true = Unlock
	92	+button.user.makeAccountUnlock.false = Lock
91	93
92	94	checkbox.commented = Comment
93	95	checkbox.fileAttached = File Attached
...	...	@@ -277,6 +279,8 @@
277	279	site.user.deleteConfirm = Are you sure that his user leaves this site?
278	280	site.project.delete = Delete an project
279	281	site.project.deleteConfirm = Do you want to delete this project?
	282	+site.userlist.unlocked = Active User List
	283	+site.userlist.locked = Account Locked User List
280	284
281	285	#User
282	286	user.loginId = Login ID
...	...	@@ -299,6 +303,9 @@
299	303	user.signupBtn = Sign Up
300	304	user.loginWithNewPassword = Please, login with new password!
301	305	user.notExists.name = User Doesn't Exists
	306	+user.locked = User account is locked
	307	+user.isLocked = is locked?
	308	+user.signup.requested = Sign-up for hive is requested. Site admin will review your request. Thanks
302	309
303	310	#Role
304	311	role.manager = Manager

...	...	@@ -5,21 +5,12 @@
5	5	import models.enumeration.ResourceType;
6	6
7	7	import org.apache.commons.lang.StringUtils;
8		-import org.apache.shiro.SecurityUtils;
9		-import org.apache.shiro.authc.AuthenticationException;
10		-import org.apache.shiro.authc.IncorrectCredentialsException;
11		-import org.apache.shiro.authc.LockedAccountException;
12		-import org.apache.shiro.authc.UnknownAccountException;
13		-import org.apache.shiro.authc.UsernamePasswordToken;
14		-import org.apache.shiro.config.IniSecurityManagerFactory;
15	8	import org.apache.shiro.crypto.RandomNumberGenerator;
16	9	import org.apache.shiro.crypto.SecureRandomNumberGenerator;
17	10	import org.apache.shiro.crypto.hash.Sha256Hash;
18		-import org.apache.shiro.mgt.SecurityManager;
19		-import org.apache.shiro.subject.Subject;
20	11	import org.apache.shiro.util.ByteSource;
21		-import org.apache.shiro.util.Factory;
22	12
	13	+import play.Configuration;
23	14	import play.Logger;
24	15	import play.data.Form;
25	16	import play.mvc.*;
...	...	@@ -81,15 +72,31 @@
81	72	return redirect(routes.Application.index());
82	73	}
83	74
	75	+ private static boolean isUseSignUpConfirm(){
	76	+ Configuration config = play.Play.application().configuration();
	77	+ String useSignUpConfirm = config.getString("signup.require.confirm");
	78	+ if (useSignUpConfirm != null && useSignUpConfirm.equals("true")) {
	79	+ return true;
	80	+ } else {
	81	+ return false;
	82	+ }
	83	+ }
84	84	public static Result login() {
85	85	Form<User> userForm = form(User.class).bindFromRequest();
86	86	if(userForm.hasErrors()) {
87	87	return badRequest(login.render("title.login", userForm));
88	88	}
89	89	User sourceUser = form(User.class).bindFromRequest().get();
90		- User authenticate = authenticateWithPlainPassword(sourceUser.loginId, sourceUser.password);
91	90
92		- if(authenticate!=null) {
	91	+ if (isUseSignUpConfirm()) {
	92	+ if( User.findByLoginId(sourceUser.loginId).isLocked == true ){
	93	+ flash(Constants.WARNING, "user.locked");
	94	+ return redirect(routes.UserApp.loginForm());
	95	+ }
	96	+ }
	97	+ User authenticate = authenticateWithPlainPassword(sourceUser.loginId, sourceUser.password);
	98	+
	99	+ if(authenticate != null) {
93	100	addUserInfoToSession(authenticate);
94	101	if (sourceUser.rememberMe) {
95	102	setupRememberMe(authenticate);
...	...	@@ -162,13 +169,25 @@
162	169	else {
163	170	User user = newUserForm.get();
164	171	user.avatarUrl = DEFAULT_AVATAR_URL;
165		- User.create(hashedPassword(user));
166		-
167		- addUserInfoToSession(user);
	172	+ lockAccountIfSignUpConfirmModeIsUsed(user);
	173	+ User.create(hashedPassword(user));
	174	+ if(user.isLocked){
	175	+ flash(Constants.INFO, "user.signup.requested");
	176	+ } else {
	177	+ addUserInfoToSession(user);
	178	+ }
168	179	return redirect(routes.Application.index());
169	180	}
170	181	}
171	182
	183	+ private static void lockAccountIfSignUpConfirmModeIsUsed(User user) {
	184	+ Configuration config = play.Play.application().configuration();
	185	+ String useSignUpConfirm = config.getString("signup.require.confirm");
	186	+ if (useSignUpConfirm != null && useSignUpConfirm.equals("true")) {
	187	+ user.isLocked = true;
	188	+ }
	189	+ }
	190	+
172	191	//Fixme user.password가 plain text 였다가 다시 덮여쓰여지는 식으로 동작한다. 혹시라도 패스워드 reset을 위해 이 메소드를 잘못 사용했다가는 자칫 로그인을 할 수 없게 되는 상황이 발생할 수 있다.
173	192	public static User hashedPassword(User user) {
174	193	RandomNumberGenerator rng = new SecureRandomNumberGenerator();

...	...	@@ -6,12 +6,7 @@
6	6	import java.util.List;
7	7	import java.util.Map;
8	8
9		-import javax.persistence.CascadeType;
10		-import javax.persistence.Entity;
11		-import javax.persistence.Id;
12		-import javax.persistence.OneToMany;
13		-import javax.persistence.Table;
14		-import javax.persistence.Transient;
	9	+import javax.persistence.*;
15	10
16	11	import models.enumeration.Direction;
17	12	import models.enumeration.Matching;
...	...	@@ -53,10 +48,9 @@
53	48
54	49	@Email(message = "user.wrongEmail.alert")
55	50	public String email;
56		-
57	51	public String avatarUrl;
58		-
59	52	public boolean rememberMe;
	53	+ public boolean isLocked = false;
60	54
61	55	@Formats.DateTime(pattern = "yyyy-MM-dd")
62	56	public Date createdDate;

...	...	@@ -1,70 +1,100 @@
1	1	@(message: String, currentPage: com.avaje.ebean.Page[User])
2	2
3	3	@siteMngMain(message) {
	4	+ <h2>@Messages("site.sidebar.userList")</h2>
4	5	<div class="row-fluid">
5	6	<form class="form-search" action="@routes.SiteApp.searchUser()">
6	7	<input type="text" class="input-medium search-query input-xlarge" name="loginId" placeholder="@Messages("site.userList.search")">
7	8	<button type="submit" class="btn">검색</button>
8	9	</form>
9	10	</div>
10		-
	11	+
	12	+ <h3> @Messages("site.userlist.locked")</h3>
11	13	<div class="row-fluid">
12	14	<table class="table table-striped table-condensed">
13	15	<thead>
14		- <tr>
15		- <th>@Messages("user.loginId")</th>
16		- <th>@Messages("user.name")</th>
17		- <th>@Messages("user.email")</th>
18		- <th></th>
19		- </tr>
	16	+ @userlistingHead
20	17	</thead>
21	18	<tbody>
22	19	@for(user <- currentPage.getList()) {
23		- <tr>
24		- <td>@user.loginId</td>
25		- <td>@user.name</td>
26		- <td>@user.email</td>
27		- <td>
28		- <a class="btn"data-toggle="modal" href="@routes.UserApp.userInfo(user.loginId)">@Messages("button.detail")</a>
29		- <a class="btn btn-danger" data-toggle="modal" href="#alertDeletion@user.loginId">@Messages("button.delete")</a>
30		- </td>
31		- </tr>
32		-
33		- <div class="modal hide" id="alertDeletion@user.loginId">
34		- <div class="modal-header">
35		- <button type="button" class="close" data-dismiss="modal">×</button>
36		- <h3>@Messages("site.user.delete")</h3>
37		- </div>
38		- <div class="modal-body">
39		- <p>@Messages("site.user.deleteConfirm")</p>
40		- </div>
41		- <div class="modal-footer">
42		- <a href="#" class="btn" data-dismiss="modal">@Messages("button.no")</a>
43		- <a href="@routes.SiteApp.deleteUser(user.id)" class="btn btn-danger">@Messages("button.yes")</a>
44		- </div>
45		- </div>
46		- <div class="modal hide" id="alertEdit@user.loginId">
47		- <div class="modal-header">
48		- <button type="button" class="close" data-dismiss="modal">×</button>
49		- <h3>@Messages("site.user.emailEdit")</h3>
50		- </div>
51		- <form method="post" action="#">
52		- <div class="modal-body">
53		- <p>@Messages("site.user.editConfirm")</p>
54		- <input/>
55		- </div>
56		- <div class="modal-footer">
57		- <a href="#" class="btn" data-dismiss="modal">@Messages("button.cancel")</a>
58		- <input type="submit" " class="btn btn-danger" value="@Messages("button.save")"/>
59		- </div>
60		- </form>
61		- </div>
	20	+ @if( user.isLocked == true ){
	21	+ @userlisting(user)
	22	+ }
62	23	}
63	24	</tbody>
64	25	</table>
65	26	</div>
66		-
	27	+
	28	+ <h3>@Messages("site.userlist.unlocked")</h3>
	29	+ <div class="row-fluid">
	30	+ <table class="table table-striped table-condensed">
	31	+ <thead>
	32	+ @userlistingHead
	33	+ </thead>
	34	+ <tbody>
	35	+ @for(user <- currentPage.getList()) {
	36	+ @if(user.isLocked == false){
	37	+ @userlisting(user)
	38	+ }
	39	+ }
	40	+ </tbody>
	41	+ </table>
	42	+ </div>
	43	+
67	44	<div class="row-fluid">
68	45	<center>@paginationForUserList(currentPage, 5, "pagination")</center>
69	46	</div>
	47	+}
	48	+@userlistingHead = {
	49	+ <tr>
	50	+ <th>@Messages("user.loginId")</th>
	51	+ <th>@Messages("user.name")</th>
	52	+ <th>@Messages("user.email")</th>
	53	+ <th>@Messages("user.isLocked")</th>
	54	+ <th></th>
	55	+ </tr>
	56	+}
	57	+
	58	+@userlisting(user: models.User) = {
	59	+ <tr>
	60	+ <td>@user.loginId</td>
	61	+ <td>@user.name</td>
	62	+ <td>@user.email</td>
	63	+ <td>@user.isLocked</td>
	64	+ <td>
	65	+ <a class="btn"data-toggle="modal" href="@routes.UserApp.userInfo(user.loginId)">@Messages("button.detail")</a>
	66	+ <a class="btn"data-toggle="modal" href="@routes.SiteApp.toggleAccountLock(user.loginId)">@Messages("button.user.makeAccountUnlock."+ user.isLocked)</a>
	67	+ <a class="btn btn-danger" data-toggle="modal" href="#alertDeletion@user.loginId">@Messages("button.delete")</a>
	68	+ </td>
	69	+ </tr>
	70	+
	71	+ <div class="modal hide" id="alertDeletion@user.loginId">
	72	+ <div class="modal-header">
	73	+ <button type="button" class="close" data-dismiss="modal">×</button>
	74	+ <h3>@Messages("site.user.delete")</h3>
	75	+ </div>
	76	+ <div class="modal-body">
	77	+ <p>@Messages("site.user.deleteConfirm")</p>
	78	+ </div>
	79	+ <div class="modal-footer">
	80	+ <a href="#" class="btn" data-dismiss="modal">@Messages("button.no")</a>
	81	+ <a href="@routes.SiteApp.deleteUser(user.id)" class="btn btn-danger">@Messages("button.yes")</a>
	82	+ </div>
	83	+ </div>
	84	+ <div class="modal hide" id="alertEdit@user.loginId">
	85	+ <div class="modal-header">
	86	+ <button type="button" class="close" data-dismiss="modal">×</button>
	87	+ <h3>@Messages("site.user.emailEdit")</h3>
	88	+ </div>
	89	+ <form method="post" action="#">
	90	+ <div class="modal-body">
	91	+ <p>@Messages("site.user.editConfirm")</p>
	92	+ <input/>
	93	+ </div>
	94	+ <div class="modal-footer">
	95	+ <a href="#" class="btn" data-dismiss="modal">@Messages("button.cancel")</a>
	96	+ <input type="submit" " class="btn btn-danger" value="@Messages("button.save")"/>
	97	+ </div>
	98	+ </form>
	99	+ </div>
70	100	} (No newline at end of file)

...	...	@@ -91,6 +91,8 @@
91	91	button.apply = 적용
92	92	button.back = 돌아가기
93	93	button.upload = 파일 올리기
	94	+button.user.makeAccountUnlock.true = 잠김해제
	95	+button.user.makeAccountUnlock.false = 계정잠그기
94	96
95	97	checkbox.commented = 댓글
96	98	checkbox.fileAttached = 첨부파일
...	...	@@ -283,6 +285,8 @@
283	285	site.user.deleteConfirm = 정말로 해당 유저를 사이트에서 탈퇴시키겠습니까?
284	286	site.project.delete = 프로젝트 삭제
285	287	site.project.deleteConfirm = 정말로 해당 프로젝트를 사이트에서 삭제하겠습니까?
	288	+site.userlist.unlocked = 활성화된 유저 목록
	289	+site.userlist.locked = 계정이 잠긴 유저 목록
286	290
287	291	#User
288	292	user.loginId = 아이디
...	...	@@ -305,6 +309,9 @@
305	309	user.signupBtn = 참여하기
306	310	user.loginWithNewPassword = 새로 설정한 비밀번호로 로그인 하세요
307	311	user.notExists.name = 존재하지 않는 유저입니다.
	312	+user.locked = 잠긴 사용자 계정입니다.
	313	+user.isLocked = 잠김여부
	314	+user.signup.requested = 하이브 가입이 요청되었습니다. 사이트 관리자가 검토/승인 후 사용가능합니다. 감사합니다.
308	315
309	316	#Role
310	317	role.manager = 관리자

...	...	@@ -39,6 +39,7 @@
39	39	GET /sites/projectList controllers.SiteApp.projectList(filter:String ?= "")
40	40	GET /sites/project/delete/:projectId controllers.SiteApp.deleteProject(projectId:Long)
41	41	GET /sites/softwareMap controllers.SiteApp.softwareMap()
	42	+GET /sites/toggleAccountLock/:loginId controllers.SiteApp.toggleAccountLock(loginId: String)
42	43	GET /lostPassword controllers.PasswordResetApp.lostPassword
43	44	POST /lostPassword controllers.PasswordResetApp.requestResetPasswordEmail()
44	45	GET /resetPassword controllers.PasswordResetApp.resetPasswordForm(s:String)

...	...	@@ -1,11 +1,16 @@
1	1	package controllers;
2	2
	3	+import models.User;
3	4	import org.junit.*;
4	5
5	6	import java.util.*;
6	7
	8	+import play.Configuration;
	9	+import play.GlobalSettings;
	10	+import play.i18n.Messages;
7	11	import play.mvc.*;
8	12	import play.test.Helpers;
	13	+import utils.JodaDateUtil;
9	14
10	15	import static play.test.Helpers.*;
11	16	import static org.fest.assertions.Assertions.*;
...	...	@@ -76,4 +81,61 @@
76	81	}
77	82	});
78	83	}
	84	+
	85	+ @Test
	86	+ public void login_notComfirmedUser() {
	87	+ Map<String, String> fakeConf = Helpers.inMemoryDatabase();
	88	+
	89	+ running(fakeApplication(fakeConf), new Runnable() {
	90	+ public void run() {
	91	+ //Given
	92	+ User user = new User(-31l);
	93	+ user.loginId = "fakeUser";
	94	+ user.email = "fakeuser@fake.com";
	95	+ user.name = "racoon";
	96	+ user.createdDate = JodaDateUtil.now();
	97	+ user.isLocked = true;
	98	+ user.save();
	99	+
	100	+ Map<String, String> data = new HashMap<String,String>();
	101	+ data.put("loginId", user.loginId);
	102	+ data.put("password", user.password);
	103	+
	104	+ //When
	105	+ Result result = callAction(
	106	+ controllers.routes.ref.UserApp.login(),
	107	+ fakeRequest().withFormUrlEncodedBody(data)
	108	+ );
	109	+
	110	+ //Then
	111	+ assertThat(status(result)).describedAs("result status should '303 see other'").isEqualTo(303);
	112	+ }
	113	+ });
	114	+ }
	115	+
	116	+ @Test
	117	+ public void newUser_confirmSignUpMode() {
	118	+ Map<String, String> fakeConf = Helpers.inMemoryDatabase();
	119	+
	120	+ running(fakeApplication(fakeConf), new Runnable() {
	121	+ public void run() {
	122	+ //Given
	123	+ final String loginId = "somefakeuserid";
	124	+ Map<String, String> data = new HashMap<String,String>();
	125	+ data.put("loginId", loginId);
	126	+ data.put("password", "somefakepassword");
	127	+ data.put("email", "fakeuser@fake.com");
	128	+ data.put("name", "racoon");
	129	+
	130	+ //When
	131	+ Result result = callAction(
	132	+ controllers.routes.ref.UserApp.newUser(),
	133	+ fakeRequest().withFormUrlEncodedBody(data)
	134	+ );
	135	+
	136	+ //Then
	137	+ assertThat(status(result)).describedAs("result status should '303 see other'").isEqualTo(303);
	138	+ }
	139	+ });
	140	+ }
79	141	}

Delete comment