From d3ffce4089c9eb41ab5a06b52eb339b4cdc8aa81 Mon Sep 17 00:00:00 2001 From: Robert von Burg Date: Tue, 12 Mar 2019 19:03:37 +0100 Subject: [PATCH 1/7] [Minor] Get remote IP earlier in WebSocketClient.java --- .../java/li/strolch/websocket/WebSocketClient.java | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/li.strolch.websocket/src/main/java/li/strolch/websocket/WebSocketClient.java b/li.strolch.websocket/src/main/java/li/strolch/websocket/WebSocketClient.java index c2cdf9134..aedb78811 100644 --- a/li.strolch.websocket/src/main/java/li/strolch/websocket/WebSocketClient.java +++ b/li.strolch.websocket/src/main/java/li/strolch/websocket/WebSocketClient.java @@ -34,6 +34,7 @@ public class WebSocketClient implements MessageHandler.Whole { private ComponentContainer container; private final Session session; private final EndpointConfig config; + private String remoteIp; private Certificate certificate; private Map observerHandlersByRealm; @@ -42,6 +43,7 @@ public class WebSocketClient implements MessageHandler.Whole { this.container = container; this.session = session; this.config = config; + this.remoteIp = WebSocketRemoteIp.get(); this.observerHandlersByRealm = new HashMap<>(1); } @@ -50,6 +52,7 @@ public class WebSocketClient implements MessageHandler.Whole { JsonObject jsonObject = new JsonParser().parse(message).getAsJsonObject(); String msgType = jsonObject.get(MSG_TYPE).getAsString(); + logger.info("Handling message " + msgType); switch (msgType) { @@ -75,13 +78,13 @@ public class WebSocketClient implements MessageHandler.Whole { if (this.certificate == null) { logger.error("Received " + type + " request, but not yet authed!"); - close(CloseReason.CloseCodes.UNEXPECTED_CONDITION, "Not yet authed!"); + close(CloseReason.CloseCodes.PROTOCOL_ERROR, "Not yet authed!"); return; } try { StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler(); - sessionHandler.validate(this.certificate); + sessionHandler.validate(this.certificate, this.remoteIp); } catch (RuntimeException e) { logger.error("Received " + type + " request, but authentication is not valid anymore: " + ExceptionHelper .getExceptionMessage(e)); @@ -144,13 +147,14 @@ public class WebSocketClient implements MessageHandler.Whole { try { StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler(); - this.certificate = sessionHandler.validate(authToken, WebSocketRemoteIp.get()); + this.certificate = sessionHandler.validate(authToken, this.remoteIp); if (!this.certificate.getUsername().equals(username)) { logger.error("Invalid authentication for " + username); close(CloseReason.CloseCodes.UNEXPECTED_CONDITION, "Invalid authentication"); return; } } catch (Exception e) { + logger.error("Failed to authenticate user " + username, e); close(CloseReason.CloseCodes.UNEXPECTED_CONDITION, "Invalid authentication"); return; } From dc9e1d09f1c6594205aacfdb68879ad3ac7a40d5 Mon Sep 17 00:00:00 2001 From: Robert von Burg Date: Wed, 13 Mar 2019 15:21:49 +0100 Subject: [PATCH 2/7] [Minor] Added JsonServiceArgument.objectType --- .../main/java/li/strolch/service/JsonServiceArgument.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/li.strolch.service/src/main/java/li/strolch/service/JsonServiceArgument.java b/li.strolch.service/src/main/java/li/strolch/service/JsonServiceArgument.java index 802ef8936..0bb1bbc4e 100644 --- a/li.strolch.service/src/main/java/li/strolch/service/JsonServiceArgument.java +++ b/li.strolch.service/src/main/java/li/strolch/service/JsonServiceArgument.java @@ -11,6 +11,12 @@ import li.strolch.service.api.ServiceArgument; * @author Robert von Burg */ public class JsonServiceArgument extends ServiceArgument { + + /** + * the objectType - its context is defined by the service + */ + public String objectType; + /** * the objectId - its context is defined by the service */ From 104add70351066f72939261e69ac83a5ffc665f0 Mon Sep 17 00:00:00 2001 From: Robert von Burg Date: Wed, 13 Mar 2019 15:26:56 +0100 Subject: [PATCH 3/7] [Minor] Fixed logger in SetActionTo* commands --- .../li/strolch/execution/command/SetActionToClosedCommand.java | 2 +- .../li/strolch/execution/command/SetActionToCreatedCommand.java | 2 +- .../li/strolch/execution/command/SetActionToErrorCommand.java | 2 +- .../strolch/execution/command/SetActionToExecutedCommand.java | 2 +- .../li/strolch/execution/command/SetActionToPlannedCommand.java | 2 +- .../strolch/execution/command/SetActionToPlanningCommand.java | 2 +- .../li/strolch/execution/command/SetActionToStoppedCommand.java | 2 +- .../li/strolch/execution/command/SetActionToWarningCommand.java | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToClosedCommand.java b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToClosedCommand.java index 76d0a82d1..7dede423d 100644 --- a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToClosedCommand.java +++ b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToClosedCommand.java @@ -43,7 +43,7 @@ public class SetActionToClosedCommand extends ExecutionCommand { tx().lock(getResourceLocator(this.action)); if (this.action.getState() == State.CLOSED) { - logger.warn("Action " + this.action.getLocator() + " is already in CLOSED! Not changing."); + logger.warn("Action " + this.action.getLocator() + " is already in state CLOSED! Not changing."); return; } diff --git a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToCreatedCommand.java b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToCreatedCommand.java index 7ddb90df4..ff619f847 100644 --- a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToCreatedCommand.java +++ b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToCreatedCommand.java @@ -43,7 +43,7 @@ public class SetActionToCreatedCommand extends ExecutionCommand { tx().lock(getResourceLocator(this.action)); if (this.action.getState() == State.CREATED) { - logger.warn("Action " + this.action.getLocator() + " is already in CREATED! Not changing."); + logger.warn("Action " + this.action.getLocator() + " is already in state CREATED! Not changing."); return; } diff --git a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToErrorCommand.java b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToErrorCommand.java index ac51c730c..f04a77148 100644 --- a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToErrorCommand.java +++ b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToErrorCommand.java @@ -43,7 +43,7 @@ public class SetActionToErrorCommand extends ExecutionCommand { tx().lock(getResourceLocator(this.action)); if (this.action.getState() == State.ERROR) { - logger.warn("Action " + this.action.getLocator() + " is already in ERROR! Not changing."); + logger.warn("Action " + this.action.getLocator() + " is already in state ERROR! Not changing."); return; } diff --git a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToExecutedCommand.java b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToExecutedCommand.java index fdb3f0330..9cae0dbc6 100644 --- a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToExecutedCommand.java +++ b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToExecutedCommand.java @@ -43,7 +43,7 @@ public class SetActionToExecutedCommand extends ExecutionCommand { tx().lock(getResourceLocator(this.action)); if (this.action.getState() == State.EXECUTED) { - logger.warn("Action " + this.action.getLocator() + " is already in EXECUTED! Not changing."); + logger.warn("Action " + this.action.getLocator() + " is already in state EXECUTED! Not changing."); return; } diff --git a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToPlannedCommand.java b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToPlannedCommand.java index 846f0095d..028bd8adf 100644 --- a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToPlannedCommand.java +++ b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToPlannedCommand.java @@ -43,7 +43,7 @@ public class SetActionToPlannedCommand extends ExecutionCommand { tx().lock(getResourceLocator(this.action)); if (this.action.getState() == State.PLANNED) { - logger.warn("Action " + this.action.getLocator() + " is already in PLANNED! Not changing."); + logger.warn("Action " + this.action.getLocator() + " is already in state PLANNED! Not changing."); return; } diff --git a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToPlanningCommand.java b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToPlanningCommand.java index 32cbfb88e..beff9b1af 100644 --- a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToPlanningCommand.java +++ b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToPlanningCommand.java @@ -43,7 +43,7 @@ public class SetActionToPlanningCommand extends ExecutionCommand { tx().lock(getResourceLocator(this.action)); if (this.action.getState() == State.PLANNING) { - logger.warn("Action " + this.action.getLocator() + " is already in PLANNING! Not changing."); + logger.warn("Action " + this.action.getLocator() + " is already in state PLANNING! Not changing."); return; } diff --git a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToStoppedCommand.java b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToStoppedCommand.java index f45b26780..277804f8b 100644 --- a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToStoppedCommand.java +++ b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToStoppedCommand.java @@ -43,7 +43,7 @@ public class SetActionToStoppedCommand extends ExecutionCommand { tx().lock(getResourceLocator(this.action)); if (this.action.getState() == State.STOPPED) { - logger.warn("Action " + this.action.getLocator() + " is already in STOPPED! Not changing."); + logger.warn("Action " + this.action.getLocator() + " is already in state STOPPED! Not changing."); return; } diff --git a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToWarningCommand.java b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToWarningCommand.java index 4cf980f82..3e1217560 100644 --- a/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToWarningCommand.java +++ b/li.strolch.service/src/main/java/li/strolch/execution/command/SetActionToWarningCommand.java @@ -43,7 +43,7 @@ public class SetActionToWarningCommand extends ExecutionCommand { tx().lock(getResourceLocator(this.action)); if (this.action.getState() == State.WARNING) { - logger.warn("Action " + this.action.getLocator() + " is already in WARNING! Not changing."); + logger.warn("Action " + this.action.getLocator() + " is already in state WARNING! Not changing."); return; } From 97bd81542a908b61a88ecaabe91b0d2f94943d33 Mon Sep 17 00:00:00 2001 From: Robert von Burg Date: Wed, 13 Mar 2019 19:54:24 +0100 Subject: [PATCH 4/7] [New] Allow to pass password encoding in REST API Request --- .../rest/endpoint/AuthenticationService.java | 48 +++++++++-------- .../rest/endpoint/PrivilegeUsersService.java | 53 +++++++++++++------ 2 files changed, 63 insertions(+), 38 deletions(-) diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java index 2b75daf57..ece69828e 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java @@ -62,38 +62,42 @@ public class AuthenticationService { try { - StringBuilder sb = new StringBuilder(); - JsonElement usernameE = login.get("username"); - if (usernameE == null || usernameE.getAsString().length() < 2) { - sb.append("Username was not given or is too short!"); //$NON-NLS-1$ + if (!login.has("username") || login.get("username").getAsString().length() < 2) { + logger.error("Authentication failed: Username was not given or is too short!"); + loginResult.addProperty("msg", MessageFormat.format("Could not log in due to: {0}", + "Username was not given or is too short!")); //$NON-NLS-2$ + return Response.status(Status.BAD_REQUEST).entity(loginResult.toString()).build(); } - JsonElement passwordE = login.get("password"); - if (passwordE == null) { - if (sb.length() > 0) - sb.append("\n"); - sb.append("Password was not given!"); //$NON-NLS-1$ + if (!login.has("password") || login.get("password").getAsString().length() < 3) { + logger.error("Authentication failed: Password was not given or is too short!"); + loginResult.addProperty("msg", MessageFormat.format("Could not log in due to: {0}", + "Password was not given or is too short!")); //$NON-NLS-2$ + return Response.status(Status.BAD_REQUEST).entity(loginResult.toString()).build(); } - char[] password = passwordE == null ? - new char[] {} : - new String(Base64.getDecoder().decode(passwordE.getAsString())).toCharArray(); + String username = login.get("username").getAsString(); + String passwordEncoded = login.get("password").getAsString(); + + byte[] decode = Base64.getDecoder().decode(passwordEncoded); + String passwordString; + if (login.has("encoding") && !login.get("encoding").getAsString().isEmpty()) { + passwordString = new String(decode, login.get("encoding").getAsString()); + } else { + passwordString = new String(decode); + } + + char[] password = passwordString.toCharArray(); if (password.length < 3) { - if (sb.length() > 0) - sb.append("\n"); - sb.append("Password not given or too short!"); //$NON-NLS-1$ - } - - if (sb.length() != 0) { - logger.error("Authentication failed due to: " + sb.toString()); - loginResult.addProperty("msg", - MessageFormat.format("Could not log in due to: {0}", sb.toString())); //$NON-NLS-2$ + logger.error("Authentication failed: Password was not given or is too short!"); + loginResult.addProperty("msg", MessageFormat.format("Could not log in due to: {0}", + "Password was not given or is too short!")); //$NON-NLS-2$ return Response.status(Status.BAD_REQUEST).entity(loginResult.toString()).build(); } StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler(); String source = getRemoteIp(request); - Certificate certificate = sessionHandler.authenticate(usernameE.getAsString(), password, source); + Certificate certificate = sessionHandler.authenticate(username, password, source); return getAuthenticationResponse(request, loginResult, certificate, source); diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java index 552d45661..dfa10fc5d 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java @@ -48,6 +48,8 @@ import li.strolch.service.JsonServiceArgument; import li.strolch.service.api.ServiceHandler; import li.strolch.service.api.ServiceResult; import li.strolch.service.privilege.users.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * @author Robert von Burg @@ -55,6 +57,8 @@ import li.strolch.service.privilege.users.*; @Path("strolch/privilege/users") public class PrivilegeUsersService { + private static final Logger logger = LoggerFactory.getLogger(PrivilegeUsersService.class); + private PrivilegeHandler getPrivilegeHandler() { ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer(); return container.getPrivilegeHandler().getPrivilegeHandler(); @@ -270,26 +274,43 @@ public class PrivilegeUsersService { @Context HttpServletRequest request) { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); - String password = new JsonParser().parse(data).getAsJsonObject().get("password").getAsString(); - char[] passwordChars = new String(Base64.getDecoder().decode(password)).toCharArray(); + try { - ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class); - PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService(); - PrivilegeSetUserPasswordArgument arg = new PrivilegeSetUserPasswordArgument(); - arg.username = username; - arg.password = passwordChars; + JsonObject jsonObject = new JsonParser().parse(data).getAsJsonObject(); - ServiceResult svcResult = svcHandler.doService(cert, svc, arg); - if (svcResult.isNok()) - return ResponseUtil.toResponse(svcResult); + String passwordEncoded = jsonObject.get("password").getAsString(); + byte[] decode = Base64.getDecoder().decode(passwordEncoded); + String passwordString; + if (jsonObject.has("encoding") && !jsonObject.get("encoding").getAsString().isEmpty()) { + passwordString = new String(decode, jsonObject.get("encoding").getAsString()); + } else { + passwordString = new String(decode); + } - // if user changes their own password, then invalidate the session - if (cert.getUsername().equals(username)) { - StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler(); - sessionHandler.invalidate(cert); + ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class); + PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService(); + PrivilegeSetUserPasswordArgument arg = new PrivilegeSetUserPasswordArgument(); + arg.username = username; + arg.password = passwordString.toCharArray(); + + ServiceResult svcResult = svcHandler.doService(cert, svc, arg); + if (svcResult.isNok()) + return ResponseUtil.toResponse(svcResult); + + // if user changes their own password, then invalidate the session + if (cert.getUsername().equals(username)) { + StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler(); + sessionHandler.invalidate(cert); + } + + return ResponseUtil.toResponse(); + + } catch (Exception e) { + logger.error(e.getMessage(), e); + String msg = e.getMessage(); + return ResponseUtil.toResponse("Failed to set password: ", + MessageFormat.format("{0}: {1}", e.getClass().getName(), msg)); } - - return ResponseUtil.toResponse(); } private Response handleServiceResult(PrivilegeUserResult svcResult) { From d15d351b702f902a279c968410e0824a50e7faab Mon Sep 17 00:00:00 2001 From: Robert von Burg Date: Wed, 13 Mar 2019 20:20:34 +0100 Subject: [PATCH 5/7] [Major] Remove password encoding, escape properly on client --- .../li/strolch/rest/endpoint/AuthenticationService.java | 8 +------- .../li/strolch/rest/endpoint/PrivilegeUsersService.java | 7 +------ 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java index ece69828e..27c9753bc 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java @@ -80,13 +80,7 @@ public class AuthenticationService { String passwordEncoded = login.get("password").getAsString(); byte[] decode = Base64.getDecoder().decode(passwordEncoded); - String passwordString; - if (login.has("encoding") && !login.get("encoding").getAsString().isEmpty()) { - passwordString = new String(decode, login.get("encoding").getAsString()); - } else { - passwordString = new String(decode); - } - + String passwordString = new String(decode); char[] password = passwordString.toCharArray(); if (password.length < 3) { logger.error("Authentication failed: Password was not given or is too short!"); diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java index dfa10fc5d..3d518a772 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java @@ -280,12 +280,7 @@ public class PrivilegeUsersService { String passwordEncoded = jsonObject.get("password").getAsString(); byte[] decode = Base64.getDecoder().decode(passwordEncoded); - String passwordString; - if (jsonObject.has("encoding") && !jsonObject.get("encoding").getAsString().isEmpty()) { - passwordString = new String(decode, jsonObject.get("encoding").getAsString()); - } else { - passwordString = new String(decode); - } + String passwordString = new String(decode); ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class); PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService(); From edac05f9d8a0e3cda2cf21dffb6af60e4397beee Mon Sep 17 00:00:00 2001 From: Robert von Burg Date: Thu, 14 Mar 2019 10:08:47 +0100 Subject: [PATCH 6/7] [New] Allow to pass password encoding in REST API Request --- .../li/strolch/rest/endpoint/AuthenticationService.java | 8 +++++++- .../li/strolch/rest/endpoint/PrivilegeUsersService.java | 7 ++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java index 27c9753bc..ece69828e 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java @@ -80,7 +80,13 @@ public class AuthenticationService { String passwordEncoded = login.get("password").getAsString(); byte[] decode = Base64.getDecoder().decode(passwordEncoded); - String passwordString = new String(decode); + String passwordString; + if (login.has("encoding") && !login.get("encoding").getAsString().isEmpty()) { + passwordString = new String(decode, login.get("encoding").getAsString()); + } else { + passwordString = new String(decode); + } + char[] password = passwordString.toCharArray(); if (password.length < 3) { logger.error("Authentication failed: Password was not given or is too short!"); diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java index 3d518a772..dfa10fc5d 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java @@ -280,7 +280,12 @@ public class PrivilegeUsersService { String passwordEncoded = jsonObject.get("password").getAsString(); byte[] decode = Base64.getDecoder().decode(passwordEncoded); - String passwordString = new String(decode); + String passwordString; + if (jsonObject.has("encoding") && !jsonObject.get("encoding").getAsString().isEmpty()) { + passwordString = new String(decode, jsonObject.get("encoding").getAsString()); + } else { + passwordString = new String(decode); + } ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class); PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService(); From b53a2d7009059547f9e5eb615adc41baf7f2f487 Mon Sep 17 00:00:00 2001 From: Robert von Burg Date: Fri, 22 Mar 2019 09:51:00 +0100 Subject: [PATCH 7/7] [Revert] Revert: Allow to pass password encoding in REST API Request --- .../li/strolch/rest/endpoint/AuthenticationService.java | 8 +------- .../li/strolch/rest/endpoint/PrivilegeUsersService.java | 7 +------ 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java index ece69828e..604a2f973 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java @@ -80,14 +80,8 @@ public class AuthenticationService { String passwordEncoded = login.get("password").getAsString(); byte[] decode = Base64.getDecoder().decode(passwordEncoded); - String passwordString; - if (login.has("encoding") && !login.get("encoding").getAsString().isEmpty()) { - passwordString = new String(decode, login.get("encoding").getAsString()); - } else { - passwordString = new String(decode); - } + char[] password = new String(decode).toCharArray(); - char[] password = passwordString.toCharArray(); if (password.length < 3) { logger.error("Authentication failed: Password was not given or is too short!"); loginResult.addProperty("msg", MessageFormat.format("Could not log in due to: {0}", diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java index dfa10fc5d..3d518a772 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java @@ -280,12 +280,7 @@ public class PrivilegeUsersService { String passwordEncoded = jsonObject.get("password").getAsString(); byte[] decode = Base64.getDecoder().decode(passwordEncoded); - String passwordString; - if (jsonObject.has("encoding") && !jsonObject.get("encoding").getAsString().isEmpty()) { - passwordString = new String(decode, jsonObject.get("encoding").getAsString()); - } else { - passwordString = new String(decode); - } + String passwordString = new String(decode); ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class); PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService();