Commit 4bb4412d authored by Alina Habibulina's avatar Alina Habibulina

fix 7

parent e0815b0d
......@@ -18,18 +18,21 @@ import java.sql.ResultSet;
* Modified: 06.2018
* работа с СУБД
* использует соединение, указанное в @{@link ConnectionPool}
*/
**/
public class UserManager {
private static final Logger LOGGER = LoggerFactory.getLogger(UserManager.class);
public static int ifUserExist(String login) {
Connection con = null;
ResultSet res = null;
PreparedStatement chechExistance = null;
try {
con = ConnectionPool.getConnection();
PreparedStatement chechExistance = con.prepareStatement("SELECT * FROM users WHERE login = ? ");
chechExistance = con.prepareStatement("SELECT * FROM users WHERE login = ? ");
chechExistance.setString(1, login);
ResultSet res = chechExistance.executeQuery();
res = chechExistance.executeQuery();
if(res.next()) {
return 200;
......@@ -40,6 +43,20 @@ public class UserManager {
LOGGER.error("", e);
return 500;
} finally {
if (res != null) {
try {
res.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (chechExistance != null) {
try {
chechExistance.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
ConnectionPool.close(con);
}
}
......@@ -48,9 +65,10 @@ public class UserManager {
if(UserManager.ifUserExist(login) == 200) {
Connection con = null;
PreparedStatement updatePassword = null;
try {
con = ConnectionPool.getConnection();
PreparedStatement updatePassword = con.prepareStatement("UPDATE users SET password = MD5( ? ) WHERE login = ? ");
updatePassword = con.prepareStatement("UPDATE users SET password = MD5( ? ) WHERE login = ? ");
updatePassword.setString(1, new_pass);
updatePassword.setString(2, login);
updatePassword.executeUpdate();
......@@ -60,6 +78,14 @@ public class UserManager {
LOGGER.error("", e);
return 500;
} finally {
if(updatePassword != null) {
try {
updatePassword.close();
} catch (SQLException e) {
LOGGER.error("", e);
return 500;
}
}
ConnectionPool.close(con);
}
} else return 404;
......@@ -67,12 +93,14 @@ public class UserManager {
public static int checkAuth(String login, String password) {
Connection con = null;
PreparedStatement searchUser = null;
ResultSet rs = null;
try {
con = ConnectionPool.getConnection();
PreparedStatement searchUser = con.prepareStatement("SELECT * FROM users WHERE login = ? AND password = md5(?)");
searchUser = con.prepareStatement("SELECT * FROM users WHERE login = ? AND password = md5(?)");
searchUser.setString(1, login);
searchUser.setString(2, password);
ResultSet rs = searchUser.executeQuery();
rs = searchUser.executeQuery();
if(rs.next()) {
return 200;
......@@ -84,17 +112,33 @@ public class UserManager {
LOGGER.error("", e);
return 500;
} finally {
if(rs != null) {
try {
rs.close();
} catch (SQLException e) {
LOGGER.error("", e);
}
}
if(searchUser != null) {
try {
searchUser.close();
} catch (SQLException e) {
LOGGER.error("", e);
}
}
ConnectionPool.close(con);
}
}
public static int isAdmin(String login) {
Connection con = null;
PreparedStatement isAdminCheck = null;
ResultSet rs = null;
try {
con = ConnectionPool.getConnection();
PreparedStatement isAdminCheck = con.prepareStatement("SELECT * FROM users WHERE login = ? AND isadmin = 1");
isAdminCheck = con.prepareStatement("SELECT * FROM users WHERE login = ? AND isadmin = 1");
isAdminCheck.setString(1, login);
ResultSet rs = isAdminCheck.executeQuery();
rs = isAdminCheck.executeQuery();
if(rs.next()) {
return 1;
......@@ -106,6 +150,20 @@ public class UserManager {
LOGGER.error("", e);
return 500;
} finally {
if(rs != null) {
try {
rs.close();
} catch (SQLException e) {
LOGGER.error("", e);
}
}
if(isAdminCheck != null) {
try {
isAdminCheck.close();
} catch (SQLException e) {
LOGGER.error("", e);
}
}
ConnectionPool.close(con);
}
}
......
......@@ -4,6 +4,7 @@ import kz.arta.ext.sap.db.UserManager;
import sun.misc.BASE64Decoder;
import java.io.IOException;
import java.nio.charset.Charset;
import javax.enterprise.context.RequestScoped;
import javax.ws.rs.GET;
......@@ -15,7 +16,6 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
/**
* Created by val
* Date: 04.10.2015
......@@ -43,16 +43,16 @@ public class PasswordSetService {
public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){
try {
String decodedAuth = "";
String[] authParts = authParam.toString().split(" ");
String[] authParts = authParam.split(" ");
String authInfo = authParts[1];
byte[] bytes = null;
try {
bytes = new BASE64Decoder().decodeBuffer(authInfo);
decodedAuth = new String(bytes, "UTF-8");
} catch (IOException e) {
e.printStackTrace();
}
decodedAuth = new String(bytes);
String[] authArray = decodedAuth.split(":");
......@@ -62,14 +62,14 @@ public class PasswordSetService {
int authResult = UserManager.checkAuth(currentUserLogin, currentUserPass);
if (authResult == 200){
int isAdminResult = UserManager.isAdmin(currentUserPass);
int isAdminResult = UserManager.isAdmin(currentUserLogin);
if (isAdminResult == 1) {
return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
} else if (isAdminResult == 0){
if(login.equals(login)) return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
if( login.equals(currentUserLogin)) return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
else return PasswordSetService.errorMessagesHandler(403);
} else {
......@@ -81,6 +81,8 @@ public class PasswordSetService {
} else {
return PasswordSetService.errorMessagesHandler(500);
}
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
return "Error: " + e;
}
......
......@@ -5,8 +5,11 @@ import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.util.*;
......@@ -25,11 +28,46 @@ public class Config {
static {
File confFile = new File(getConfigDir() + "/external/synergy-api-proxy.properties");
FileInputStream fis = null;
Reader isr = null;
try {
fis = new FileInputStream(confFile);
isr = new InputStreamReader(fis, "UTF-8");
if (confFile.exists()) {
try {
props.load(new InputStreamReader(new FileInputStream(confFile), "UTF8"));
props.load(isr);
} catch (IOException e) {
LOGGER.error("Configuration file not found");
} finally {
}
}
} catch(FileNotFoundException err) {
LOGGER.error("File not found");
} catch (UnsupportedEncodingException e1) {
LOGGER.error("UnsupportedEncodingException");
} finally {
if (null != fis)
{
try
{
fis.close();
}
catch (Exception e)
{
e.printStackTrace();
}
}
if (null != isr)
{
try
{
isr.close();
}
catch (Exception e)
{
e.printStackTrace();
}
}
}
}
......
......@@ -8,8 +8,6 @@ import javax.naming.NamingException;
import javax.sql.DataSource;
import java.sql.Connection;
import java.sql.SQLException;
import javax.sql.XAConnection;
import javax.sql.XADataSource;
/**
* Created by val
......
package kz.arta.ext.sap.util;
import kz.arta.ext.sap.db.UserManager;
import sun.misc.BASE64Decoder;
import java.io.IOException;
import java.lang.Exception;
public class SubsidiaryLib {
public static String checkTheAccess(String authParam, String logingForChange, String newPassword){
try {
String decodedAuth = "";
String[] authParts = authParam.toString().split(" ");
String authInfo = authParts[1];
byte[] bytes = null;
try {
bytes = new BASE64Decoder().decodeBuffer(authInfo);
} catch (IOException e) {
e.printStackTrace();
}
decodedAuth = new String(bytes);
String[] authArray = decodedAuth.split(":");
String login = authArray[0];
String pass = authArray[1];
String authResult = UserManager.checkAuth(login, pass);
if (authResult == "true"){
String isAdminResult = UserManager.isAdmin(login);
if (isAdminResult == "true") {
return UserManager.setPass(logingForChange, newPassword);
} else if (isAdminResult == "false"){
if(login.equals(logingForChange)) return UserManager.setPass(logingForChange, newPassword);
else return "{\"status\":\"403 Forbidden. " + login + " vs " + logingForChange + "\", \"error\":\"You don't have any access to the requested account\", \"errorCode\": \"403\"}";
} else {
return isAdminResult;
}
} else {
return authResult;
}
} catch (Exception e) {
return "Error: " + e;
}
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment