diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/filters/AdminApiFilter.java b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/AdminApiFilter.java
index 4168c5af31e1d67e4b1bfbae1f256267819dd8fa..0aa48f863c335a16930920c7cd996b034c279b09 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/filters/AdminApiFilter.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/AdminApiFilter.java
@@ -15,11 +15,15 @@ import java.io.IOException;
import java.util.Date;
import static net.jami.jams.server.Server.userAuthenticationModule;
+import static net.jami.jams.server.servlets.filters.JWTValidator.verifyLevel;
+import static net.jami.jams.server.servlets.filters.JWTValidator.verifyValidity;
@WebFilter(urlPatterns = {"/api/admin/*"})
@Slf4j
public class AdminApiFilter implements Filter {
+ private static final AccessLevel TARGET_LEVEL = AccessLevel.ADMIN;
+
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
@@ -35,8 +39,7 @@ public class AdminApiFilter implements Filter {
try {
JWSVerifier jwsVerifier = new RSASSAVerifier(userAuthenticationModule.getAuthModulePubKey());
signedJWT = SignedJWT.parse(request.getHeader("Bearer"));
- if(signedJWT.verify(jwsVerifier) && signedJWT.getJWTClaimsSet().getExpirationTime().compareTo(new Date()) > 0
- && AccessLevel.valueOf(signedJWT.getJWTClaimsSet().getClaim("scope").toString()).equals(AccessLevel.ADMIN)){
+ if(signedJWT.verify(jwsVerifier) && verifyValidity(signedJWT) && verifyLevel(signedJWT,TARGET_LEVEL)){
authsuccess = true;
request.setAttribute("username",signedJWT.getJWTClaimsSet().getSubject());
}
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/filters/ApiFilter.java b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/ApiFilter.java
index c58c7d73b6106a123dc276cff6279c3c89611cbf..e0fec4868ee33fd4d94a00546b1ba469baa10126 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/filters/ApiFilter.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/ApiFilter.java
@@ -14,6 +14,7 @@ import java.io.IOException;
import java.util.Date;
import static net.jami.jams.server.Server.userAuthenticationModule;
+import static net.jami.jams.server.servlets.filters.JWTValidator.verifyValidity;
@WebFilter(urlPatterns = {"/api/auth/*"})
@Slf4j
@@ -34,7 +35,7 @@ public class ApiFilter implements Filter {
try {
JWSVerifier jwsVerifier = new RSASSAVerifier(userAuthenticationModule.getAuthModulePubKey());
signedJWT = SignedJWT.parse(request.getHeader("Bearer"));
- if(signedJWT.verify(jwsVerifier) && signedJWT.getJWTClaimsSet().getExpirationTime().compareTo(new Date()) > 0){
+ if(signedJWT.verify(jwsVerifier) && verifyValidity(signedJWT)){
authsuccess = true;
request.setAttribute("username",signedJWT.getJWTClaimsSet().getSubject());
}
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/filters/JWTValidator.java b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/JWTValidator.java
new file mode 100644
index 0000000000000000000000000000000000000000..fecb65694fb0fd41bd3cd43a0620c1944d81af90
--- /dev/null
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/JWTValidator.java
@@ -0,0 +1,27 @@
+package net.jami.jams.server.servlets.filters;
+
+import com.nimbusds.jwt.SignedJWT;
+import net.jami.jams.common.objects.user.AccessLevel;
+
+import java.util.Date;
+
+public class JWTValidator {
+
+ public static boolean verifyLevel(SignedJWT signedJWT, AccessLevel TARGET_LEVEL){
+ try {
+ return AccessLevel.valueOf(signedJWT.getJWTClaimsSet().getClaim("scope").toString()).equals(TARGET_LEVEL);
+ }
+ catch (Exception e){
+ return false;
+ }
+ }
+
+ public static boolean verifyValidity(SignedJWT signedJWT){
+ try {
+ return signedJWT.getJWTClaimsSet().getExpirationTime().compareTo(new Date()) > 0;
+ }
+ catch (Exception e){
+ return false;
+ }
+ }
+}