Skip to content
Snippets Groups Projects
Commit 94b13f27 authored by William Enright's avatar William Enright
Browse files

moved login endpoint to avoid filtering, fixed parameter handling, changed...

moved login endpoint to avoid filtering, fixed parameter handling, changed python script to reflect file moving
parent 73bc66a2
Branches
Tags
No related merge requests found
...@@ -70,7 +70,7 @@ response = requests.post('http://localhost:8080/api/install/settings',data=json. ...@@ -70,7 +70,7 @@ response = requests.post('http://localhost:8080/api/install/settings',data=json.
#This completes the install, now we'll try to enroll. #This completes the install, now we'll try to enroll.
data = {} data = {}
response = requests.post('http://localhost:8080/api/auth/login',data={"username":"fsidokhine","password":"mes87hesm97daa"}) response = requests.post('http://localhost:8080/api/login',data={"username":"fsidokhine","password":"mes87hesm97daa"})
if response.status_code == 200: if response.status_code == 200:
token = json.loads(response.text)['access_token'] token = json.loads(response.text)['access_token']
......
...@@ -20,8 +20,9 @@ ...@@ -20,8 +20,9 @@
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>. * along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
package net.jami.jams.server.servlets.api.auth.login; package net.jami.jams.server.servlets;
import com.jsoniter.JsonIterator;
import com.jsoniter.output.JsonStream; import com.jsoniter.output.JsonStream;
import jakarta.servlet.ServletException; import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet; import jakarta.servlet.annotation.WebServlet;
...@@ -29,6 +30,8 @@ import jakarta.servlet.http.HttpServlet; ...@@ -29,6 +30,8 @@ import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import net.jami.jams.common.authmodule.AuthTokenResponse; import net.jami.jams.common.authmodule.AuthTokenResponse;
import net.jami.jams.common.objects.user.UserProfile;
import net.minidev.json.JSONObject;
import java.io.IOException; import java.io.IOException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
...@@ -36,17 +39,18 @@ import java.security.cert.X509Certificate; ...@@ -36,17 +39,18 @@ import java.security.cert.X509Certificate;
import static net.jami.jams.server.servlets.api.auth.login.AuthRequestProcessor.processUsernamePasswordAuth; import static net.jami.jams.server.servlets.api.auth.login.AuthRequestProcessor.processUsernamePasswordAuth;
import static net.jami.jams.server.servlets.api.auth.login.AuthRequestProcessor.processX509Auth; import static net.jami.jams.server.servlets.api.auth.login.AuthRequestProcessor.processX509Auth;
@WebServlet("/api/auth/login") @WebServlet("/api/login")
//This method returns the token which is used for all the next calls to the API. //This method returns the token which is used for all the next calls to the API.
public class LoginServlet extends HttpServlet { public class LoginServlet extends HttpServlet {
@Override @Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
//There are 3 possible cases here. //There are 3 possible cases here.
//Case 1: form submitted username/password //Case 1: form submitted username/password
AuthTokenResponse res = null; AuthTokenResponse res = null;
if(req.getParameter("username") != null && req.getParameter("password") != null){ JSONObject object = JsonIterator.deserialize(req.getInputStream().readAllBytes(), JSONObject.class);
res = processUsernamePasswordAuth(req.getParameter("username"),req.getParameter("password")); if(object.get("username") != null && object.get("password") != null){
res = processUsernamePasswordAuth(object.get("username").toString(), object.get("password").toString());
} }
//Case 2: Authorization header. //Case 2: Authorization header.
if(req.getHeader("authorization") != null){ if(req.getHeader("authorization") != null){
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment