fix: change User serialization

Change-Id: Iced4913e0739093f00718b579fc615111baabcc0

fix: change User serialization
ffedb2b3 · Léo Banno-Cloutier · 827e46f3 · ffedb2b3 · ffedb2b3 · ffedb2b3
Commit ffedb2b3 authored 1 year ago by Léo Banno-Cloutier
--- a/jams-common/src/main/java/net/jami/jams/common/objects/roots/X509Entity.java
+++ b/jams-common/src/main/java/net/jami/jams/common/objects/roots/X509Entity.java
@@ -27,6 +27,8 @@ import lombok.Setter;

 import org.bouncycastle.pkcs.PKCS10CertificationRequest;

+import com.google.gson.annotations.Expose;
+
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;

@@ -34,6 +36,7 @@ import java.security.cert.X509Certificate;
 @Setter
 public class X509Entity {
    private X509Certificate certificate;
+    @Expose(serialize = false)
    private PrivateKey privateKey;
    // These can be null because they are only used if this is a request.
    private X509Fields x509Fields;

--- a/jams-common/src/main/java/net/jami/jams/common/objects/user/User.java
+++ b/jams-common/src/main/java/net/jami/jams/common/objects/user/User.java
@@ -36,6 +36,8 @@ import net.jami.jams.common.utils.X509Utils;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;

+import com.google.gson.annotations.Expose;
+
 @AllArgsConstructor
 @NoArgsConstructor
 @Getter
@@ -43,14 +45,17 @@ import java.sql.ResultSet;
 public class User extends X509Entity implements BlockchainEntity, DatabaseObject {

    private String username;
+    @Expose(serialize = false)
    private String password;
    private AuthenticationSourceType userType;
    private String realm; // sort of the domain.
    private AccessLevel accessLevel = AccessLevel.USER;
    private Boolean needsPasswordReset = false;
+    @Expose(serialize = false)
    private String salt;

    private String ethAddress;
+    @Expose(serialize = false)
    private String ethKey;
    private String jamiId;


--- a/jams-common/src/main/java/net/jami/jams/common/utils/VersioningUtils.java
+++ b/jams-common/src/main/java/net/jami/jams/common/utils/VersioningUtils.java
@@ -76,7 +76,7 @@ public class VersioningUtils {
                                log.info("Found version {} of {}", version, fileName);
                            } catch (Exception e1) {
                                log.error(
-                                        "Could detect version for file with error {}",
+                                        "Could not detect version for file with error {}",
                                        e1.getMessage());
                            }
                        }

--- a/jams-react-client/package.json
+++ b/jams-react-client/package.json
@@ -65,6 +65,7 @@
  "devDependencies": {
    "@babel/core": "^7.11.6",
    "@babel/plugin-proposal-private-property-in-object": "^7.21.11",
+    "@types/react-router-dom": "^5.3.3",
    "babel-core": "^7.0.0-bridge.0",
    "babel-plugin-i18next-extract": "^0.8.0",
    "eslint-config-prettier": "6.11.0",

--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
@@ -85,13 +85,17 @@ public class UserServlet extends HttpServlet {

        if (!user.getNeedsPasswordReset() && req.getParameter("needPW") != null) {
            String pw = req.getParameter("password");
+
+            if (pw == null || pw.isEmpty()) {
+                resp.sendError(400, "Password is empty!");
+                return;
+            }
+
            String password = PasswordUtil.hashPassword(pw, Base64.decodeBase64(user.getSalt()));
            dataStore.getUserDao().updateObject(password, username);

-            user = dataStore.getUserDao().getByUsername(username).get();
+            user = dataStore.getUserDao().getByUsername(username).orElseThrow();
        }
-        user.setPassword("");
-        user.setSalt("");
        resp.getOutputStream().write(gson.toJson(user).getBytes());
        resp.setStatus(200);
    }

--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/contacts/ContactServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/contacts/ContactServlet.java
@@ -25,6 +25,7 @@ package net.jami.jams.server.servlets.api.auth.contacts;
 import static net.jami.jams.server.Server.dataStore;

 import com.google.gson.Gson;
+import com.google.gson.JsonObject;

 import jakarta.servlet.ServletException;
 import jakarta.servlet.annotation.WebServlet;
@@ -37,16 +38,13 @@ import net.jami.jams.common.serialization.adapters.GsonFactory;
 import net.jami.jams.common.serialization.tomcat.TomcatCustomErrorHandler;
 import net.jami.jams.common.utils.ContactMerger;

-import org.json.JSONObject;
-
 import java.io.IOException;
 import java.util.Arrays;
 import java.util.List;
-import java.util.Scanner;

 @WebServlet("/api/auth/contacts")
 public class ContactServlet extends HttpServlet {
-    private final Gson gson = GsonFactory.createGson();
+    private static final Gson gson = GsonFactory.createGson();

    /**
     * @apiVersion 1.0.0
@@ -83,19 +81,22 @@ public class ContactServlet extends HttpServlet {
    @Override
    protected void doPut(HttpServletRequest req, HttpServletResponse resp)
            throws ServletException, IOException {
-        Scanner s = new Scanner(req.getInputStream()).useDelimiter("\\A");
-        String res = s.hasNext() ? s.next() : "";
-        final JSONObject obj = new JSONObject(res);
+        String owner = req.getAttribute("username").toString();
+        addContact(req, resp, owner);
+    }
+
+    public static void addContact(HttpServletRequest req, HttpServletResponse resp, String owner)
+            throws IOException {
+        JsonObject obj = gson.fromJson(req.getReader(), JsonObject.class);

        // TODO: Replace with mergetool.
        Contact contact = new Contact();
        contact.setDisplayName(obj.get("displayName").toString());
        contact.setTimestamp(System.currentTimeMillis() / 1000);
        contact.setStatus('A');
-        contact.setOwner(req.getAttribute("username").toString());
+        contact.setOwner(owner);
        contact.setUri(obj.get("uri").toString());

-        String owner = req.getAttribute("username").toString();
        List<Contact> localList = dataStore.getContactDao().getByOwner(owner);

        List<Contact> remoteList = List.of(contact);
@@ -148,6 +149,11 @@ public class ContactServlet extends HttpServlet {
    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
            throws ServletException, IOException {
        String owner = req.getAttribute("username").toString();
+        addContacts(req, resp, owner);
+    }
+
+    public static void addContacts(HttpServletRequest req, HttpServletResponse resp, String owner)
+            throws IOException {
        List<Contact> localList = dataStore.getContactDao().getByOwner(owner);
        List<Contact> remoteList = Arrays.asList(gson.fromJson(req.getReader(), Contact[].class));


--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
        <maven.compiler.target>11</maven.compiler.target>
        <maven.compiler.version>3.8.1</maven.compiler.version>
        <java.version>11</java.version>
-        <bouncy.castle.version>1.65</bouncy.castle.version>
+        <bouncy.castle.version>1.70</bouncy.castle.version>
        <lombok.version>1.18.28</lombok.version>
        <log4j.version>1.7.30</log4j.version>
        <jupiter.api.version>5.7.0-M1</jupiter.api.version>