implemented correct Bearer logic on all filters

Change-Id: I29166b72f3b7243056f00dc4ee405bdb63f0f531

implemented correct Bearer logic on all filters
4a7f88a1 · Félix Sidokhine · Adrien Béraud · 49da581e · 4a7f88a1 · 4a7f88a1
Commit 4a7f88a1 authored 4 years ago by Félix Sidokhine Committed by Adrien Béraud 4 years ago
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/filters/AdminApiFilter.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/AdminApiFilter.java
@@ -61,11 +61,11 @@ public class AdminApiFilter implements Filter {
            boolean authsuccess = false;
            boolean isLogin = false;
            if (request.getServletPath().contains("login")) isLogin = true;
-            if (request.getHeader("Bearer") != null){
+            if(request.getHeader("authorization").contains("bearer") || request.getHeader("authorization").contains("Bearer")){
                SignedJWT signedJWT = null;
                try {
                    JWSVerifier jwsVerifier = new RSASSAVerifier(userAuthenticationModule.getAuthModulePubKey());
-                    signedJWT = SignedJWT.parse(request.getHeader("Bearer"));
+                    signedJWT = SignedJWT.parse(request.getHeader("authorization").replace("bearer","").replace("Bearer",""));
                    HashSet<AccessLevel> permissionLevels = new HashSet<>();
                    permissionLevels.add(AccessLevel.ADMIN);
                    if(signedJWT.verify(jwsVerifier) && verifyValidity(signedJWT) && verifyLevel(signedJWT,permissionLevels)){

--- a/jams-server/src/main/java/net/jami/jams/server/servlets/filters/InstallFilter.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/InstallFilter.java
@@ -58,10 +58,10 @@ public class InstallFilter implements Filter {
            boolean isLogin = false;
            if(request.getServletPath().contains("start")) isLogin = true;
            SignedJWT signedJWT = null;
-            if(request.getHeader("Bearer") != null) {
+            if(request.getHeader("authorization").contains("bearer") || request.getHeader("authorization").contains("Bearer")){
                try {
                    JWSVerifier jwsVerifier = new RSASSAVerifier(userAuthenticationModule.getAuthModulePubKey());
-                    signedJWT = SignedJWT.parse(request.getHeader("Bearer"));
+                    signedJWT = SignedJWT.parse(request.getHeader("authorization").replace("bearer","").replace("Bearer",""));
                    if (signedJWT.verify(jwsVerifier) && signedJWT.getJWTClaimsSet().getExpirationTime().compareTo(new Date()) > 0) {
                        authsuccess = true;
                        request.setAttribute("username", signedJWT.getJWTClaimsSet().getSubject());