removed a bunch of useless things

1ddba7f7 · Felix Sidokhine · 2e58f042 · 1ddba7f7 · 1ddba7f7 · 1ddba7f7
Commit 1ddba7f7 authored 4 years ago by Felix Sidokhine
--- a/authentication-module/src/main/java/net/jami/jams/authmodule/TokenController.java
+++ b/authentication-module/src/main/java/net/jami/jams/authmodule/TokenController.java
@@ -51,6 +51,7 @@ public class TokenController{
                .subject(user.getUsername())
                .audience("JAMS")
                .claim("scope",user.getAccessLevel())
+                .claim("oneTimePassword",user.getNeedsPasswordReset())
                .expirationTime(new Date(System.currentTimeMillis() + 30*60*1000))
                .notBeforeTime(new Date(System.currentTimeMillis()))
                .issueTime(new Date(System.currentTimeMillis()))

--- a/authentication-module/src/main/java/net/jami/jams/authmodule/UserAuthenticationModule.java
+++ b/authentication-module/src/main/java/net/jami/jams/authmodule/UserAuthenticationModule.java
@@ -196,7 +196,6 @@ public class UserAuthenticationModule implements AuthenticationModule {

    @Override
    public char[] getOTP(String username) {
-
        if(datastore.userExists(username)){
            StatementList statementList = new StatementList();
            StatementElement statementElement = new StatementElement("username","=",username,"");
@@ -204,7 +203,6 @@ public class UserAuthenticationModule implements AuthenticationModule {
            User user = datastore.getUserDao().getObjects(statementList).get(0);
            return (user.getPassword()).toCharArray();
        }
-
        return new char[0];
    }


--- a/jams-common/src/main/java/net/jami/jams/common/objects/user/User.java
+++ b/jams-common/src/main/java/net/jami/jams/common/objects/user/User.java
@@ -35,10 +35,11 @@ import net.jami.jams.common.utils.X509Utils;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;

-@Getter
-@Setter
+
 @AllArgsConstructor
 @NoArgsConstructor
+@Getter
+@Setter
 public class User extends X509Entity implements BlockchainEntity, DatabaseObject {

    private String username;
@@ -126,4 +127,12 @@ public class User extends X509Entity implements BlockchainEntity, DatabaseObject
    public PreparedStatement getUpdate(PreparedStatement ps) throws Exception {
        return null;
    }
+
+    public void setPassword(char[] password){
+        this.password = new String(password);
+    }
+
+    public void setPassword(String password){
+        this.password = password;
+    }
 }
--- a/jams-common/src/main/java/net/jami/jams/common/utils/PasswordGenerator.java
+++ b/jams-common/src/main/java/net/jami/jams/common/utils/PasswordGenerator.java
+package net.jami.jams.common.utils;
+
+import java.security.SecureRandom;
+
+public class PasswordGenerator {
+
+    //Assume all passwords are 12 chars long.
+    public static char[] generatePassword(){
+        char[] password = new char[12];
+        SecureRandom sc = new SecureRandom();
+        for(int i=0;i<password.length;i++){
+            int x = sc.nextInt(121);
+            while(x <= 52)  x = sc.nextInt(121);
+            password[i] = (char) x;
+        }
+        return password;
+    }
+}
--- a/jams-common/src/test/java/net/jami/jams/common/utils/PasswordGeneratorTest.java
+++ b/jams-common/src/test/java/net/jami/jams/common/utils/PasswordGeneratorTest.java
+package net.jami.jams.common.utils;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class PasswordGeneratorTest {
+
+    @Test
+    void testPasswordGeneration() {
+        char[] res = PasswordGenerator.generatePassword();
+        System.out.println(res);
+    }
+}
\ No newline at end of file
--- a/jams-server/src/main/java/module-info.java
+++ b/jams-server/src/main/java/module-info.java
@@ -38,20 +38,14 @@ module jams.server {
    requires jami.dht;
    requires nimbus.jose.jwt;
    requires java.desktop;
-    requires java.naming;
-    requires java.logging;
-    requires javax.servlet.api;
-    exports net.jami.jams.server.servlets.general to org.apache.tomcat.embed.core;

+    exports net.jami.jams.server.servlets.general to org.apache.tomcat.embed.core;
    exports net.jami.jams.server.servlets.filters to org.apache.tomcat.embed.core;
-
    exports net.jami.jams.server.servlets.api.auth.login to org.apache.tomcat.embed.core;
    exports net.jami.jams.server.servlets.api.auth.device to org.apache.tomcat.embed.core;
    exports net.jami.jams.server.servlets.api.auth.directory to org.apache.tomcat.embed.core;
    exports net.jami.jams.server.servlets.api.auth.user to org.apache.tomcat.embed.core;
-
    exports net.jami.jams.server.servlets.api.install to org.apache.tomcat.embed.core;
-
    exports net.jami.jams.server.servlets.api.jaminameserver to org.apache.tomcat.embed.core;
    exports net.jami.jams.server.servlets.x509 to org.apache.tomcat.embed.core;


--- a/jams-server/src/main/java/net/jami/jams/server/Server.java
+++ b/jams-server/src/main/java/net/jami/jams/server/Server.java
@@ -64,7 +64,7 @@ public class Server {
    public  static AppUpdater appUpdater;
    public  static NameServer nameServer;
    private static TomcatLauncher tomcatLauncher = null;
-    public static final LicenseService licenseService = null;
+    public static final LicenseService licenseService = new LicenseService();

    public static void main(String[] args) {
        //Start tomcat.

--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/update/NeedsUpdateServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/update/NeedsUpdateServlet.java
 package net.jami.jams.server.servlets.api.update;

 import com.jsoniter.output.JsonStream;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import net.jami.jams.ca.JamsCA;
 import net.jami.jams.server.Server;

-import javax.servlet.ServletException;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+
 import java.io.IOException;
-import java.util.HashMap;
-import java.util.logging.Logger;

 @WebServlet("/api/checkupdate")
 public class NeedsUpdateServlet extends HttpServlet {

-    private final static Logger logger = Logger.getLogger(NeedsUpdateServlet.class.getName());
-
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
        resp.setHeader("Access-Control-Allow-Origin", JamsCA.serverDomain);

--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/update/StartUpdateServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/update/StartUpdateServlet.java
-package net.jami.jams.server.servlets.api.update;
-
-import lombok.extern.slf4j.Slf4j;
-import net.jami.jams.ca.JamsCA;
-import net.jami.jams.server.Server;
-
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-@WebServlet("/api/startupdate")
-@Slf4j
-public class StartUpdateServlet extends HttpServlet {
-
-
-    @Override
-    protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
-        resp.setHeader("Access-Control-Allow-Origin", JamsCA.serverDomain);
-        resp.setContentType("application/json");
-    }
-}
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/user/LocalUserExistsServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/user/LocalUserExistsServlet.java
-package net.jami.jams.server.servlets.api.user;
-
-import com.jsoniter.JsonIterator;
-import com.jsoniter.any.Any;
-import com.jsoniter.output.JsonStream;
-import lombok.extern.slf4j.Slf4j;
-import net.jami.jams.ca.JamsCA;
-import net.jami.jams.common.authentication.AuthenticationSourceType;
-import net.jami.jams.common.dao.StatementElement;
-import net.jami.jams.common.dao.StatementList;
-import net.jami.jams.common.objects.user.User;
-import net.jami.jams.server.Server;
-
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.HashMap;
-
-@WebServlet("/api/user/exists")
-@Slf4j
-public class LocalUserExistsServlet extends HttpServlet {
-
-
-    @Override
-    protected void doPost(HttpServletRequest req, HttpServletResponse resp) {
-        resp.setHeader("Access-Control-Allow-Origin", JamsCA.serverDomain);
-        resp.setContentType("application/json");
-        StringBuilder stringBuilder = new StringBuilder();
-
-        try {
-            int x = 0;
-            while (true) {
-                x = req.getInputStream().read();
-                if(x == -1) break;
-                stringBuilder.append((char) x);
-            }
-        }
-        catch (Exception e) {
-            log.error("error decoding request body");
-        }
-
-
-        if(stringBuilder.toString() != null) {
-
-            Any userData = JsonIterator.deserialize(stringBuilder.toString());
-            String username = userData.get("username").toString();
-            try {
-                    if (Server.dataStore.userExists(username)) {
-
-                        StatementList statementList = new StatementList();
-                        StatementElement statementElement = new StatementElement("username", "=", username, "");
-                        statementList.addStatement(statementElement);
-                        User user = Server.dataStore.getUserDao().getObjects(statementList).get(0);
-
-                        if (user != null && user.getUserType() == AuthenticationSourceType.LOCAL) {
-                            resp.setStatus(200);
-                            HashMap<String, String> statusInfo = new HashMap<>();
-                            statusInfo.put("exists", "true");
-                            resp.getOutputStream().write(JsonStream.serialize(statusInfo).getBytes());
-                        } else {
-                            resp.setStatus(500);
-                            HashMap<String, String> statusInfo = new HashMap<>();
-                            statusInfo.put("exists", "false");
-                            resp.getOutputStream().write(JsonStream.serialize(statusInfo).getBytes());
-                        }
-                    }
-
-            } catch (Exception e) {
-                log.info(e.toString());
-                resp.setStatus(500);
-            }
-        }
-    }
-}
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/user/LocalUserNeedsResetServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/user/LocalUserNeedsResetServlet.java
-package net.jami.jams.server.servlets.api.user;
-
-
-import com.jsoniter.output.JsonStream;
-import lombok.extern.slf4j.Slf4j;
-import net.jami.jams.ca.JamsCA;
-import net.jami.jams.common.authentication.AuthenticationSourceType;
-import net.jami.jams.common.dao.StatementElement;
-import net.jami.jams.common.dao.StatementList;
-import net.jami.jams.common.objects.user.User;
-import net.jami.jams.server.Server;
-import net.jami.jams.server.servlets.api.install.CachedObjects;
-
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.security.SecureRandom;
-import java.util.HashMap;
-import java.util.stream.Collectors;
-
-@WebServlet("/api/user/needsreset")
-@Slf4j
-public class LocalUserNeedsResetServlet extends HttpServlet {
-
-    @Override
-    protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
-        resp.setHeader("Access-Control-Allow-Origin", JamsCA.serverDomain);
-        resp.setContentType("application/json");
-        StringBuilder stringBuilder = new StringBuilder();
-
-        try {
-            int x = 0;
-            while (true) {
-                x = req.getInputStream().read();
-                if(x == -1) break;
-                stringBuilder.append((char) x);
-            }
-        }
-        catch (Exception e){
-            log.error("error decoding request body");
-        }
-
-
-        if(stringBuilder.toString() != null) {
-
-            try {
-                if (CachedObjects.localAuthSettings != null && req.getParameterMap().containsKey("username")) {
-
-                    HashMap<String,String> statusInfo = new HashMap<>();
-                    String username = req.getParameter("username");
-
-                    if(Server.dataStore.userExists(username)){
-                        StatementList statementList = new StatementList();
-                        StatementElement statementElement = new StatementElement("username","=",username,"");
-                        statementList.addStatement(statementElement);
-                        User user = Server.dataStore.getUserDao().getObjects(statementList).get(0);
-
-                        if (user != null && user.getNeedsPasswordReset() && user.getUserType() ==  AuthenticationSourceType.LOCAL) {
-                            // show the OTP modal
-                            char[] otp = Server.userAuthenticationModule.getOTP(req.getParameter("username"));
-                            statusInfo.put("needsReset", "true");
-                            statusInfo.put("otp", new String(otp));
-                        } else {
-                            // change status for user, generate new password and update info
-                            // Server.userAuthenticationModule.updateReset(user, 1);
-                            user.setNeedsPasswordReset(false);
-                            String newPW = generateRandomPassword();
-                            user.setPassword(newPW);
-                            Server.dataStore.getUserDao().storeObject(user);
-                            statusInfo.put("needsReset", "false");
-                            statusInfo.put("newPW", newPW);
-                        }
-                    }
-
-                    resp.getOutputStream().write(JsonStream.serialize(statusInfo).getBytes());
-                    resp.setStatus(200);
-                }
-
-            } catch (Exception e) {
-                log.info(e.toString());
-                resp.setStatus(500);
-            }
-        }
-    }
-
-    // TODO : change to char array
-    public String generateRandomPassword() {
-        return new SecureRandom().ints(12, 48, 58).mapToObj(i -> String.valueOf((char)i)).collect(Collectors.joining());
-    }
-}
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/filters/ApiFilter.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/ApiFilter.java
@@ -57,6 +57,9 @@ public class ApiFilter implements Filter {
                    JWSVerifier jwsVerifier = new RSASSAVerifier(userAuthenticationModule.getAuthModulePubKey());
                    signedJWT = SignedJWT.parse(request.getHeader("Bearer"));
                    if(signedJWT.verify(jwsVerifier) && verifyValidity(signedJWT)){
+                        //TODO: Push this to the client because we know the password was one-time
+                        signedJWT.getJWTClaimsSet().getClaim("oneTimePassword");
+
                        authsuccess = true;
                        request.setAttribute("username",signedJWT.getJWTClaimsSet().getSubject());
                    }