Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
S
set_password_api
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Alina Habibulina
set_password_api
Commits
4bb4412d
Commit
4bb4412d
authored
Jun 21, 2018
by
Alina Habibulina
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
fix 7
parent
e0815b0d
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
117 additions
and
75 deletions
+117
-75
src/main/java/kz/arta/ext/sap/db/UserManager.java
src/main/java/kz/arta/ext/sap/db/UserManager.java
+67
-9
src/main/java/kz/arta/ext/sap/service/PasswordSetService.java
...main/java/kz/arta/ext/sap/service/PasswordSetService.java
+7
-5
src/main/java/kz/arta/ext/sap/util/Config.java
src/main/java/kz/arta/ext/sap/util/Config.java
+43
-5
src/main/java/kz/arta/ext/sap/util/ConnectionPool.java
src/main/java/kz/arta/ext/sap/util/ConnectionPool.java
+0
-2
src/main/java/kz/arta/ext/sap/util/SubsidiaryLib.java
src/main/java/kz/arta/ext/sap/util/SubsidiaryLib.java
+0
-54
No files found.
src/main/java/kz/arta/ext/sap/db/UserManager.java
View file @
4bb4412d
...
...
@@ -18,18 +18,21 @@ import java.sql.ResultSet;
* Modified: 06.2018
* работа с СУБД
* использует соединение, указанное в @{@link ConnectionPool}
*/
**/
public
class
UserManager
{
private
static
final
Logger
LOGGER
=
LoggerFactory
.
getLogger
(
UserManager
.
class
);
public
static
int
ifUserExist
(
String
login
)
{
Connection
con
=
null
;
ResultSet
res
=
null
;
PreparedStatement
chechExistance
=
null
;
try
{
con
=
ConnectionPool
.
getConnection
();
PreparedStatement
chechExistance
=
con
.
prepareStatement
(
"SELECT * FROM users WHERE login = ? "
);
chechExistance
=
con
.
prepareStatement
(
"SELECT * FROM users WHERE login = ? "
);
chechExistance
.
setString
(
1
,
login
);
ResultSet
res
=
chechExistance
.
executeQuery
();
res
=
chechExistance
.
executeQuery
();
if
(
res
.
next
())
{
return
200
;
...
...
@@ -40,6 +43,20 @@ public class UserManager {
LOGGER
.
error
(
""
,
e
);
return
500
;
}
finally
{
if
(
res
!=
null
)
{
try
{
res
.
close
();
}
catch
(
SQLException
e
)
{
e
.
printStackTrace
();
}
}
if
(
chechExistance
!=
null
)
{
try
{
chechExistance
.
close
();
}
catch
(
SQLException
e
)
{
e
.
printStackTrace
();
}
}
ConnectionPool
.
close
(
con
);
}
}
...
...
@@ -48,9 +65,10 @@ public class UserManager {
if
(
UserManager
.
ifUserExist
(
login
)
==
200
)
{
Connection
con
=
null
;
PreparedStatement
updatePassword
=
null
;
try
{
con
=
ConnectionPool
.
getConnection
();
PreparedStatement
updatePassword
=
con
.
prepareStatement
(
"UPDATE users SET password = MD5( ? ) WHERE login = ? "
);
updatePassword
=
con
.
prepareStatement
(
"UPDATE users SET password = MD5( ? ) WHERE login = ? "
);
updatePassword
.
setString
(
1
,
new_pass
);
updatePassword
.
setString
(
2
,
login
);
updatePassword
.
executeUpdate
();
...
...
@@ -60,6 +78,14 @@ public class UserManager {
LOGGER
.
error
(
""
,
e
);
return
500
;
}
finally
{
if
(
updatePassword
!=
null
)
{
try
{
updatePassword
.
close
();
}
catch
(
SQLException
e
)
{
LOGGER
.
error
(
""
,
e
);
return
500
;
}
}
ConnectionPool
.
close
(
con
);
}
}
else
return
404
;
...
...
@@ -67,12 +93,14 @@ public class UserManager {
public
static
int
checkAuth
(
String
login
,
String
password
)
{
Connection
con
=
null
;
PreparedStatement
searchUser
=
null
;
ResultSet
rs
=
null
;
try
{
con
=
ConnectionPool
.
getConnection
();
PreparedStatement
searchUser
=
con
.
prepareStatement
(
"SELECT * FROM users WHERE login = ? AND password = md5(?)"
);
searchUser
=
con
.
prepareStatement
(
"SELECT * FROM users WHERE login = ? AND password = md5(?)"
);
searchUser
.
setString
(
1
,
login
);
searchUser
.
setString
(
2
,
password
);
ResultSet
rs
=
searchUser
.
executeQuery
();
rs
=
searchUser
.
executeQuery
();
if
(
rs
.
next
())
{
return
200
;
...
...
@@ -84,17 +112,33 @@ public class UserManager {
LOGGER
.
error
(
""
,
e
);
return
500
;
}
finally
{
if
(
rs
!=
null
)
{
try
{
rs
.
close
();
}
catch
(
SQLException
e
)
{
LOGGER
.
error
(
""
,
e
);
}
}
if
(
searchUser
!=
null
)
{
try
{
searchUser
.
close
();
}
catch
(
SQLException
e
)
{
LOGGER
.
error
(
""
,
e
);
}
}
ConnectionPool
.
close
(
con
);
}
}
public
static
int
isAdmin
(
String
login
)
{
Connection
con
=
null
;
PreparedStatement
isAdminCheck
=
null
;
ResultSet
rs
=
null
;
try
{
con
=
ConnectionPool
.
getConnection
();
PreparedStatement
isAdminCheck
=
con
.
prepareStatement
(
"SELECT * FROM users WHERE login = ? AND isadmin = 1"
);
isAdminCheck
=
con
.
prepareStatement
(
"SELECT * FROM users WHERE login = ? AND isadmin = 1"
);
isAdminCheck
.
setString
(
1
,
login
);
ResultSet
rs
=
isAdminCheck
.
executeQuery
();
rs
=
isAdminCheck
.
executeQuery
();
if
(
rs
.
next
())
{
return
1
;
...
...
@@ -106,6 +150,20 @@ public class UserManager {
LOGGER
.
error
(
""
,
e
);
return
500
;
}
finally
{
if
(
rs
!=
null
)
{
try
{
rs
.
close
();
}
catch
(
SQLException
e
)
{
LOGGER
.
error
(
""
,
e
);
}
}
if
(
isAdminCheck
!=
null
)
{
try
{
isAdminCheck
.
close
();
}
catch
(
SQLException
e
)
{
LOGGER
.
error
(
""
,
e
);
}
}
ConnectionPool
.
close
(
con
);
}
}
...
...
src/main/java/kz/arta/ext/sap/service/PasswordSetService.java
View file @
4bb4412d
...
...
@@ -4,6 +4,7 @@ import kz.arta.ext.sap.db.UserManager;
import
sun.misc.BASE64Decoder
;
import
java.io.IOException
;
import
java.nio.charset.Charset
;
import
javax.enterprise.context.RequestScoped
;
import
javax.ws.rs.GET
;
...
...
@@ -15,7 +16,6 @@ import javax.ws.rs.QueryParam;
import
javax.ws.rs.core.MediaType
;
/**
* Created by val
* Date: 04.10.2015
...
...
@@ -43,16 +43,16 @@ public class PasswordSetService {
public
String
setPassword
(
@HeaderParam
(
"authorization"
)
String
authParam
,
@QueryParam
(
"login"
)
String
login
,
@QueryParam
(
"new_password"
)
String
new_pass
){
try
{
String
decodedAuth
=
""
;
String
[]
authParts
=
authParam
.
toString
().
split
(
" "
);
String
[]
authParts
=
authParam
.
split
(
" "
);
String
authInfo
=
authParts
[
1
];
byte
[]
bytes
=
null
;
try
{
bytes
=
new
BASE64Decoder
().
decodeBuffer
(
authInfo
);
decodedAuth
=
new
String
(
bytes
,
"UTF-8"
);
}
catch
(
IOException
e
)
{
e
.
printStackTrace
();
}
decodedAuth
=
new
String
(
bytes
);
String
[]
authArray
=
decodedAuth
.
split
(
":"
);
...
...
@@ -62,14 +62,14 @@ public class PasswordSetService {
int
authResult
=
UserManager
.
checkAuth
(
currentUserLogin
,
currentUserPass
);
if
(
authResult
==
200
){
int
isAdminResult
=
UserManager
.
isAdmin
(
currentUser
Pass
);
int
isAdminResult
=
UserManager
.
isAdmin
(
currentUser
Login
);
if
(
isAdminResult
==
1
)
{
return
PasswordSetService
.
errorMessagesHandler
(
UserManager
.
setPass
(
login
,
new_pass
));
}
else
if
(
isAdminResult
==
0
){
if
(
login
.
equals
(
l
ogin
))
return
PasswordSetService
.
errorMessagesHandler
(
UserManager
.
setPass
(
login
,
new_pass
));
if
(
login
.
equals
(
currentUserL
ogin
))
return
PasswordSetService
.
errorMessagesHandler
(
UserManager
.
setPass
(
login
,
new_pass
));
else
return
PasswordSetService
.
errorMessagesHandler
(
403
);
}
else
{
...
...
@@ -81,6 +81,8 @@ public class PasswordSetService {
}
else
{
return
PasswordSetService
.
errorMessagesHandler
(
500
);
}
}
catch
(
RuntimeException
e
)
{
throw
e
;
}
catch
(
Exception
e
)
{
return
"Error: "
+
e
;
}
...
...
src/main/java/kz/arta/ext/sap/util/Config.java
View file @
4bb4412d
...
...
@@ -5,8 +5,11 @@ import org.slf4j.LoggerFactory;
import
java.io.File
;
import
java.io.FileInputStream
;
import
java.io.FileNotFoundException
;
import
java.io.IOException
;
import
java.io.InputStreamReader
;
import
java.io.Reader
;
import
java.io.UnsupportedEncodingException
;
import
java.net.URL
;
import
java.util.*
;
...
...
@@ -25,11 +28,46 @@ public class Config {
static
{
File
confFile
=
new
File
(
getConfigDir
()
+
"/external/synergy-api-proxy.properties"
);
FileInputStream
fis
=
null
;
Reader
isr
=
null
;
try
{
fis
=
new
FileInputStream
(
confFile
);
isr
=
new
InputStreamReader
(
fis
,
"UTF-8"
);
if
(
confFile
.
exists
())
{
try
{
props
.
load
(
new
InputStreamReader
(
new
FileInputStream
(
confFile
),
"UTF8"
)
);
props
.
load
(
isr
);
}
catch
(
IOException
e
)
{
LOGGER
.
error
(
"Configuration file not found"
);
}
finally
{
}
}
}
catch
(
FileNotFoundException
err
)
{
LOGGER
.
error
(
"File not found"
);
}
catch
(
UnsupportedEncodingException
e1
)
{
LOGGER
.
error
(
"UnsupportedEncodingException"
);
}
finally
{
if
(
null
!=
fis
)
{
try
{
fis
.
close
();
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
}
}
if
(
null
!=
isr
)
{
try
{
isr
.
close
();
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
}
}
}
}
...
...
src/main/java/kz/arta/ext/sap/util/ConnectionPool.java
View file @
4bb4412d
...
...
@@ -8,8 +8,6 @@ import javax.naming.NamingException;
import
javax.sql.DataSource
;
import
java.sql.Connection
;
import
java.sql.SQLException
;
import
javax.sql.XAConnection
;
import
javax.sql.XADataSource
;
/**
* Created by val
...
...
src/main/java/kz/arta/ext/sap/util/SubsidiaryLib.java
deleted
100644 → 0
View file @
e0815b0d
package
kz.arta.ext.sap.util
;
import
kz.arta.ext.sap.db.UserManager
;
import
sun.misc.BASE64Decoder
;
import
java.io.IOException
;
import
java.lang.Exception
;
public
class
SubsidiaryLib
{
public
static
String
checkTheAccess
(
String
authParam
,
String
logingForChange
,
String
newPassword
){
try
{
String
decodedAuth
=
""
;
String
[]
authParts
=
authParam
.
toString
().
split
(
" "
);
String
authInfo
=
authParts
[
1
];
byte
[]
bytes
=
null
;
try
{
bytes
=
new
BASE64Decoder
().
decodeBuffer
(
authInfo
);
}
catch
(
IOException
e
)
{
e
.
printStackTrace
();
}
decodedAuth
=
new
String
(
bytes
);
String
[]
authArray
=
decodedAuth
.
split
(
":"
);
String
login
=
authArray
[
0
];
String
pass
=
authArray
[
1
];
String
authResult
=
UserManager
.
checkAuth
(
login
,
pass
);
if
(
authResult
==
"true"
){
String
isAdminResult
=
UserManager
.
isAdmin
(
login
);
if
(
isAdminResult
==
"true"
)
{
return
UserManager
.
setPass
(
logingForChange
,
newPassword
);
}
else
if
(
isAdminResult
==
"false"
){
if
(
login
.
equals
(
logingForChange
))
return
UserManager
.
setPass
(
logingForChange
,
newPassword
);
else
return
"{\"status\":\"403 Forbidden. "
+
login
+
" vs "
+
logingForChange
+
"\", \"error\":\"You don't have any access to the requested account\", \"errorCode\": \"403\"}"
;
}
else
{
return
isAdminResult
;
}
}
else
{
return
authResult
;
}
}
catch
(
Exception
e
)
{
return
"Error: "
+
e
;
}
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment