Skip to content
Snippets Groups Projects
Commit ffedb2b3 authored by Léo Banno-Cloutier's avatar Léo Banno-Cloutier
Browse files

fix: change User serialization

Change-Id: Iced4913e0739093f00718b579fc615111baabcc0
parent 827e46f3
No related branches found
No related tags found
No related merge requests found
...@@ -27,6 +27,8 @@ import lombok.Setter; ...@@ -27,6 +27,8 @@ import lombok.Setter;
import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import com.google.gson.annotations.Expose;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
...@@ -34,6 +36,7 @@ import java.security.cert.X509Certificate; ...@@ -34,6 +36,7 @@ import java.security.cert.X509Certificate;
@Setter @Setter
public class X509Entity { public class X509Entity {
private X509Certificate certificate; private X509Certificate certificate;
@Expose(serialize = false)
private PrivateKey privateKey; private PrivateKey privateKey;
// These can be null because they are only used if this is a request. // These can be null because they are only used if this is a request.
private X509Fields x509Fields; private X509Fields x509Fields;
......
...@@ -36,6 +36,8 @@ import net.jami.jams.common.utils.X509Utils; ...@@ -36,6 +36,8 @@ import net.jami.jams.common.utils.X509Utils;
import java.sql.PreparedStatement; import java.sql.PreparedStatement;
import java.sql.ResultSet; import java.sql.ResultSet;
import com.google.gson.annotations.Expose;
@AllArgsConstructor @AllArgsConstructor
@NoArgsConstructor @NoArgsConstructor
@Getter @Getter
...@@ -43,14 +45,17 @@ import java.sql.ResultSet; ...@@ -43,14 +45,17 @@ import java.sql.ResultSet;
public class User extends X509Entity implements BlockchainEntity, DatabaseObject { public class User extends X509Entity implements BlockchainEntity, DatabaseObject {
private String username; private String username;
@Expose(serialize = false)
private String password; private String password;
private AuthenticationSourceType userType; private AuthenticationSourceType userType;
private String realm; // sort of the domain. private String realm; // sort of the domain.
private AccessLevel accessLevel = AccessLevel.USER; private AccessLevel accessLevel = AccessLevel.USER;
private Boolean needsPasswordReset = false; private Boolean needsPasswordReset = false;
@Expose(serialize = false)
private String salt; private String salt;
private String ethAddress; private String ethAddress;
@Expose(serialize = false)
private String ethKey; private String ethKey;
private String jamiId; private String jamiId;
......
...@@ -76,7 +76,7 @@ public class VersioningUtils { ...@@ -76,7 +76,7 @@ public class VersioningUtils {
log.info("Found version {} of {}", version, fileName); log.info("Found version {} of {}", version, fileName);
} catch (Exception e1) { } catch (Exception e1) {
log.error( log.error(
"Could detect version for file with error {}", "Could not detect version for file with error {}",
e1.getMessage()); e1.getMessage());
} }
} }
......
...@@ -65,6 +65,7 @@ ...@@ -65,6 +65,7 @@
"devDependencies": { "devDependencies": {
"@babel/core": "^7.11.6", "@babel/core": "^7.11.6",
"@babel/plugin-proposal-private-property-in-object": "^7.21.11", "@babel/plugin-proposal-private-property-in-object": "^7.21.11",
"@types/react-router-dom": "^5.3.3",
"babel-core": "^7.0.0-bridge.0", "babel-core": "^7.0.0-bridge.0",
"babel-plugin-i18next-extract": "^0.8.0", "babel-plugin-i18next-extract": "^0.8.0",
"eslint-config-prettier": "6.11.0", "eslint-config-prettier": "6.11.0",
......
...@@ -85,13 +85,17 @@ public class UserServlet extends HttpServlet { ...@@ -85,13 +85,17 @@ public class UserServlet extends HttpServlet {
if (!user.getNeedsPasswordReset() && req.getParameter("needPW") != null) { if (!user.getNeedsPasswordReset() && req.getParameter("needPW") != null) {
String pw = req.getParameter("password"); String pw = req.getParameter("password");
if (pw == null || pw.isEmpty()) {
resp.sendError(400, "Password is empty!");
return;
}
String password = PasswordUtil.hashPassword(pw, Base64.decodeBase64(user.getSalt())); String password = PasswordUtil.hashPassword(pw, Base64.decodeBase64(user.getSalt()));
dataStore.getUserDao().updateObject(password, username); dataStore.getUserDao().updateObject(password, username);
user = dataStore.getUserDao().getByUsername(username).get(); user = dataStore.getUserDao().getByUsername(username).orElseThrow();
} }
user.setPassword("");
user.setSalt("");
resp.getOutputStream().write(gson.toJson(user).getBytes()); resp.getOutputStream().write(gson.toJson(user).getBytes());
resp.setStatus(200); resp.setStatus(200);
} }
......
...@@ -25,6 +25,7 @@ package net.jami.jams.server.servlets.api.auth.contacts; ...@@ -25,6 +25,7 @@ package net.jami.jams.server.servlets.api.auth.contacts;
import static net.jami.jams.server.Server.dataStore; import static net.jami.jams.server.Server.dataStore;
import com.google.gson.Gson; import com.google.gson.Gson;
import com.google.gson.JsonObject;
import jakarta.servlet.ServletException; import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet; import jakarta.servlet.annotation.WebServlet;
...@@ -37,16 +38,13 @@ import net.jami.jams.common.serialization.adapters.GsonFactory; ...@@ -37,16 +38,13 @@ import net.jami.jams.common.serialization.adapters.GsonFactory;
import net.jami.jams.common.serialization.tomcat.TomcatCustomErrorHandler; import net.jami.jams.common.serialization.tomcat.TomcatCustomErrorHandler;
import net.jami.jams.common.utils.ContactMerger; import net.jami.jams.common.utils.ContactMerger;
import org.json.JSONObject;
import java.io.IOException; import java.io.IOException;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Scanner;
@WebServlet("/api/auth/contacts") @WebServlet("/api/auth/contacts")
public class ContactServlet extends HttpServlet { public class ContactServlet extends HttpServlet {
private final Gson gson = GsonFactory.createGson(); private static final Gson gson = GsonFactory.createGson();
/** /**
* @apiVersion 1.0.0 * @apiVersion 1.0.0
...@@ -83,19 +81,22 @@ public class ContactServlet extends HttpServlet { ...@@ -83,19 +81,22 @@ public class ContactServlet extends HttpServlet {
@Override @Override
protected void doPut(HttpServletRequest req, HttpServletResponse resp) protected void doPut(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException { throws ServletException, IOException {
Scanner s = new Scanner(req.getInputStream()).useDelimiter("\\A"); String owner = req.getAttribute("username").toString();
String res = s.hasNext() ? s.next() : ""; addContact(req, resp, owner);
final JSONObject obj = new JSONObject(res); }
public static void addContact(HttpServletRequest req, HttpServletResponse resp, String owner)
throws IOException {
JsonObject obj = gson.fromJson(req.getReader(), JsonObject.class);
// TODO: Replace with mergetool. // TODO: Replace with mergetool.
Contact contact = new Contact(); Contact contact = new Contact();
contact.setDisplayName(obj.get("displayName").toString()); contact.setDisplayName(obj.get("displayName").toString());
contact.setTimestamp(System.currentTimeMillis() / 1000); contact.setTimestamp(System.currentTimeMillis() / 1000);
contact.setStatus('A'); contact.setStatus('A');
contact.setOwner(req.getAttribute("username").toString()); contact.setOwner(owner);
contact.setUri(obj.get("uri").toString()); contact.setUri(obj.get("uri").toString());
String owner = req.getAttribute("username").toString();
List<Contact> localList = dataStore.getContactDao().getByOwner(owner); List<Contact> localList = dataStore.getContactDao().getByOwner(owner);
List<Contact> remoteList = List.of(contact); List<Contact> remoteList = List.of(contact);
...@@ -148,6 +149,11 @@ public class ContactServlet extends HttpServlet { ...@@ -148,6 +149,11 @@ public class ContactServlet extends HttpServlet {
protected void doPost(HttpServletRequest req, HttpServletResponse resp) protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException { throws ServletException, IOException {
String owner = req.getAttribute("username").toString(); String owner = req.getAttribute("username").toString();
addContacts(req, resp, owner);
}
public static void addContacts(HttpServletRequest req, HttpServletResponse resp, String owner)
throws IOException {
List<Contact> localList = dataStore.getContactDao().getByOwner(owner); List<Contact> localList = dataStore.getContactDao().getByOwner(owner);
List<Contact> remoteList = Arrays.asList(gson.fromJson(req.getReader(), Contact[].class)); List<Contact> remoteList = Arrays.asList(gson.fromJson(req.getReader(), Contact[].class));
......
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
<maven.compiler.target>11</maven.compiler.target> <maven.compiler.target>11</maven.compiler.target>
<maven.compiler.version>3.8.1</maven.compiler.version> <maven.compiler.version>3.8.1</maven.compiler.version>
<java.version>11</java.version> <java.version>11</java.version>
<bouncy.castle.version>1.65</bouncy.castle.version> <bouncy.castle.version>1.70</bouncy.castle.version>
<lombok.version>1.18.28</lombok.version> <lombok.version>1.18.28</lombok.version>
<log4j.version>1.7.30</log4j.version> <log4j.version>1.7.30</log4j.version>
<jupiter.api.version>5.7.0-M1</jupiter.api.version> <jupiter.api.version>5.7.0-M1</jupiter.api.version>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment