Merge branch 'master' into feature/config-security-mode

Conflicts:
	bower.json
	package.json

CHANGES.md

@@ -1,11 +1,13 @@
 CHANGES
 ========
 
-## 1.1.0
 
-* Feature: Basic auth restriction whole pages access.
+## 1.0.4
 
+* Feature: Basic auth restriction whole pages access.
+* Fix: Security registration whitelist is working now.
 
 ## 1.0.3
 
 * Initial Release.
+

README.md

@@ -41,9 +41,19 @@ Start Up on Local
 Crowi is designed setting up to Heroku or some PaaS, but you can start up Crowi with ENV parameter on your local.
 
 ```
-$ MONGOLAB_URI=mongodb://username:password@localhost/crowi node app.js
+$ PASSWORD_SEED=somesecretstring MONGOHQ_URL=mongodb://username:password@localhost/crowi node app.js
 ```
 
+### Environment
+
+
+* `PORT`: Server port. default: `3000`.
+* `NODE_ENV`: `production` OR `development`.
+* `MONGO_URI`: URI to connect MongoDB. This parameter is also by `MONGOHQ_URL` OR `MONGOLAB_URI`.
+* `PASSWORD_SEED`: A password seed is used by password hash generator.
+* `SECRET_TOKEN`: A secret key for verifying the integrity of signed cookies.
+
+
 License
 ---------
 

app.json

@@ -16,6 +16,10 @@
     "SECRET_TOKEN": {
       "description": "A secret key for verifying the integrity of signed cookies.",
       "generator": "secret"
+    },
+    "PASSWORD_SEED": {
+      "description": "A password seed is used by password hash generator. ",
+      "generator": "secret"
     }
   },
   "addons": [

form/admin/sec.js

@@ -1,12 +1,15 @@
 'use strict';
 
 var form = require('express-form')
-  , field = form.field;
+  , field = form.field
+  , stringToArray = require('../../lib/formUtil').stringToArrayFilter
+  , normalizeCRLF = require('../../lib/formUtil').normalizeCRLFFilter
+  ;
 
 module.exports = form(
   field('settingForm[security:basicName]'),
   field('settingForm[security:basicSecret]'),
   field('settingForm[security:registrationMode]').required(),
-  field('settingForm[security:registrationWhiteList]')
+  field('settingForm[security:registrationWhiteList]').custom(normalizeCRLF).custom(stringToArray)
 );
 

lib/formUtil.js

@@ -0,0 +1,18 @@
+'use strict';
+
+module.exports = {
+  normalizeCRLFFilter: function(value) {
+    return value
+      .replace(/\r\n/g, '\n')
+      .replace(/\r/g, '\n')
+      ;
+  },
+  stringToArrayFilter: function(value) {
+    if (!value || value === '') {
+      return [];
+    }
+
+    return value.split('\n');
+  },
+};
+

models/config.js

@@ -90,6 +90,7 @@ module.exports = function(app) {
       if (config[ns][key]) {
         defaultConfig[key] = config[ns][key];
       }
+
     });
     return defaultConfig;
   };
@@ -151,6 +152,7 @@ module.exports = function(app) {
           config[el.ns][el.key] = JSON.parse(el.value);
         });
 
+        debug('Config loaded', config);
         return callback(null, config);
       });
   };

routes/admin.js

@@ -157,9 +157,10 @@ module.exports = function(app) {
 
   actions.api = {};
   actions.api.appSetting = function(req, res) {
-    var form = req.body.settingForm;
+    var form = req.form.settingForm;
 
     if (req.form.isValid) {
+      debug('form content', form);
       Config.updateNamespaceByArray('crowi', form, function(err, config) {
         Config.updateConfigCache('crowi', config)
         return res.json({status: true});

routes/login.js

@@ -130,7 +130,7 @@ module.exports = function(app) {
   };
 
   actions.register = function(req, res) {
-    var registerForm = req.body.registerForm || {};
+    var registerForm = req.form.registerForm || {};
     var googleAuth = require('../lib/googleAuth')(app);
 
     // ログイン済みならさようなら

views/admin/app.html

@@ -100,7 +100,7 @@
         <div class="form-group">
           <label for="settingForm[security:registrationWhiteList]" class="col-xs-3 control-label">登録許可メールアドレスの<br>ホワイトリスト</label>
           <div class="col-xs-8">
-            <textarea class="form-control" type="textarea" name="settingForm[security:registrationWhiteList]" placeholder="例: @crowi.wiki">{{ settingForm['security:registrationWhiteList']|join('\n') }}</textarea>
+            <textarea class="form-control" type="textarea" name="settingForm[security:registrationWhiteList]" placeholder="例: @crowi.wiki">{{ settingForm['security:registrationWhiteList']|join('&#13')|raw }}</textarea>
             <p class="help-block">登録可能なメールアドレスを制限することができます。例えば、会社で使う場合、<code>@crowi.wiki</code> などと記載すると、その会社のメールアドレスを持っている人のみ登録可能になります。<br>
             1行に1メールアドレス入力してください。</p>
           </div>

views/layout/layout.html

@@ -18,7 +18,7 @@
   {% endif %}
 
   <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
-  <link href='http://fonts.googleapis.com/css?family=Maven+Pro:400,700' rel='stylesheet' type='text/css'>
+  <link href='//fonts.googleapis.com/css?family=Maven+Pro:400,700' rel='stylesheet' type='text/css'>
   {% if env  == 'development' %}
   <script src="/js/crowi.js"></script>
   {% else %}

views/widget/searcher.html

@@ -1,4 +1,4 @@
-{% if config.crowi['searcher.url'] %}
+{% if config.crowi['searcher:url'] %}
 
 <form id="headerSearch" class="navbar-form navbar-left form-inline" role="search">
   <div class="form-group">
@@ -10,7 +10,7 @@
       function Searcher () {
       };
       Searcher.prototype = {
-        baseUrl: "{{ config.crowi['searcher.url'] }}",
+        baseUrl: "{{ config.crowi['searcher:url'] }}",
         currentQuery: "",
         searchData: [],
         setData: function (data) {