[New] Allow to pass password encoding in REST API Request

2019-03-13 19:54:24 +01:00 · 2019-03-13 19:54:24 +01:00 · 97bd81542a
parent 104add7035
commit 97bd81542a
2 changed files with 63 additions and 38 deletions
--- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
@ -62,38 +62,42 @@ public class AuthenticationService {

 		try {

-			StringBuilder sb = new StringBuilder();
-			JsonElement usernameE = login.get("username");
-			if (usernameE == null || usernameE.getAsString().length() < 2) {
-				sb.append("Username was not given or is too short!"); //$NON-NLS-1$
+			if (!login.has("username") || login.get("username").getAsString().length() < 2) {
+				logger.error("Authentication failed: Username was not given or is too short!");
+				loginResult.addProperty("msg", MessageFormat.format("Could not log in due to: {0}",
+						"Username was not given or is too short!")); //$NON-NLS-2$
+				return Response.status(Status.BAD_REQUEST).entity(loginResult.toString()).build();
 			}

-			JsonElement passwordE = login.get("password");
-			if (passwordE == null) {
-				if (sb.length() > 0)
-					sb.append("\n");
-				sb.append("Password was not given!"); //$NON-NLS-1$
+			if (!login.has("password") || login.get("password").getAsString().length() < 3) {
+				logger.error("Authentication failed: Password was not given or is too short!");
+				loginResult.addProperty("msg", MessageFormat.format("Could not log in due to: {0}",
+						"Password was not given or is too short!")); //$NON-NLS-2$
+				return Response.status(Status.BAD_REQUEST).entity(loginResult.toString()).build();
 			}

-			char[] password = passwordE == null ?
-					new char[] {} :
-					new String(Base64.getDecoder().decode(passwordE.getAsString())).toCharArray();
+			String username = login.get("username").getAsString();
+			String passwordEncoded = login.get("password").getAsString();
+
+			byte[] decode = Base64.getDecoder().decode(passwordEncoded);
+			String passwordString;
+			if (login.has("encoding") && !login.get("encoding").getAsString().isEmpty()) {
+				passwordString = new String(decode, login.get("encoding").getAsString());
+			} else {
+				passwordString = new String(decode);
+			}
+
+			char[] password = passwordString.toCharArray();
 			if (password.length < 3) {
-				if (sb.length() > 0)
-					sb.append("\n");
-				sb.append("Password not given or too short!"); //$NON-NLS-1$
-			}
-
-			if (sb.length() != 0) {
-				logger.error("Authentication failed due to: " + sb.toString());
-				loginResult.addProperty("msg",
-						MessageFormat.format("Could not log in due to: {0}", sb.toString())); //$NON-NLS-2$
+				logger.error("Authentication failed: Password was not given or is too short!");
+				loginResult.addProperty("msg", MessageFormat.format("Could not log in due to: {0}",
+						"Password was not given or is too short!")); //$NON-NLS-2$
 				return Response.status(Status.BAD_REQUEST).entity(loginResult.toString()).build();
 			}

 			StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
 			String source = getRemoteIp(request);
-			Certificate certificate = sessionHandler.authenticate(usernameE.getAsString(), password, source);
+			Certificate certificate = sessionHandler.authenticate(username, password, source);

 			return getAuthenticationResponse(request, loginResult, certificate, source);

--- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java
@ -48,6 +48,8 @@ import li.strolch.service.JsonServiceArgument;
 import li.strolch.service.api.ServiceHandler;
 import li.strolch.service.api.ServiceResult;
 import li.strolch.service.privilege.users.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;

 /**
 * @author Robert von Burg <eitch@eitchnet.ch>
@ -55,6 +57,8 @@ import li.strolch.service.privilege.users.*;
@Path("strolch/privilege/users")
 public class PrivilegeUsersService {

+	private static final Logger logger = LoggerFactory.getLogger(PrivilegeUsersService.class);
+
 	private PrivilegeHandler getPrivilegeHandler() {
 		ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
 		return container.getPrivilegeHandler().getPrivilegeHandler();
@ -270,26 +274,43 @@ public class PrivilegeUsersService {
 			@Context HttpServletRequest request) {
 		Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);

-		String password = new JsonParser().parse(data).getAsJsonObject().get("password").getAsString();
-		char[] passwordChars = new String(Base64.getDecoder().decode(password)).toCharArray();
+		try {

-		ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
-		PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService();
-		PrivilegeSetUserPasswordArgument arg = new PrivilegeSetUserPasswordArgument();
-		arg.username = username;
-		arg.password = passwordChars;
+			JsonObject jsonObject = new JsonParser().parse(data).getAsJsonObject();

-		ServiceResult svcResult = svcHandler.doService(cert, svc, arg);
-		if (svcResult.isNok())
-			return ResponseUtil.toResponse(svcResult);
+			String passwordEncoded = jsonObject.get("password").getAsString();
+			byte[] decode = Base64.getDecoder().decode(passwordEncoded);
+			String passwordString;
+			if (jsonObject.has("encoding") && !jsonObject.get("encoding").getAsString().isEmpty()) {
+				passwordString = new String(decode, jsonObject.get("encoding").getAsString());
+			} else {
+				passwordString = new String(decode);
+			}

-		// if user changes their own password, then invalidate the session
-		if (cert.getUsername().equals(username)) {
-			StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
-			sessionHandler.invalidate(cert);
+			ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
+			PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService();
+			PrivilegeSetUserPasswordArgument arg = new PrivilegeSetUserPasswordArgument();
+			arg.username = username;
+			arg.password = passwordString.toCharArray();
+
+			ServiceResult svcResult = svcHandler.doService(cert, svc, arg);
+			if (svcResult.isNok())
+				return ResponseUtil.toResponse(svcResult);
+
+			// if user changes their own password, then invalidate the session
+			if (cert.getUsername().equals(username)) {
+				StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
+				sessionHandler.invalidate(cert);
+			}
+
+			return ResponseUtil.toResponse();
+
+		} catch (Exception e) {
+			logger.error(e.getMessage(), e);
+			String msg = e.getMessage();
+			return ResponseUtil.toResponse("Failed to set password: ",
+					MessageFormat.format("{0}: {1}", e.getClass().getName(), msg));
 		}
-
-		return ResponseUtil.toResponse();
 	}

 	private Response handleServiceResult(PrivilegeUserResult svcResult) {