Commit 4bb4412d authored by Alina Habibulina's avatar Alina Habibulina

fix 7

parent e0815b0d
...@@ -18,18 +18,21 @@ import java.sql.ResultSet; ...@@ -18,18 +18,21 @@ import java.sql.ResultSet;
* Modified: 06.2018 * Modified: 06.2018
* работа с СУБД * работа с СУБД
* использует соединение, указанное в @{@link ConnectionPool} * использует соединение, указанное в @{@link ConnectionPool}
*/ **/
public class UserManager { public class UserManager {
private static final Logger LOGGER = LoggerFactory.getLogger(UserManager.class); private static final Logger LOGGER = LoggerFactory.getLogger(UserManager.class);
public static int ifUserExist(String login) { public static int ifUserExist(String login) {
Connection con = null; Connection con = null;
ResultSet res = null;
PreparedStatement chechExistance = null;
try { try {
con = ConnectionPool.getConnection(); con = ConnectionPool.getConnection();
PreparedStatement chechExistance = con.prepareStatement("SELECT * FROM users WHERE login = ? "); chechExistance = con.prepareStatement("SELECT * FROM users WHERE login = ? ");
chechExistance.setString(1, login); chechExistance.setString(1, login);
ResultSet res = chechExistance.executeQuery(); res = chechExistance.executeQuery();
if(res.next()) { if(res.next()) {
return 200; return 200;
...@@ -40,6 +43,20 @@ public class UserManager { ...@@ -40,6 +43,20 @@ public class UserManager {
LOGGER.error("", e); LOGGER.error("", e);
return 500; return 500;
} finally { } finally {
if (res != null) {
try {
res.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (chechExistance != null) {
try {
chechExistance.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
ConnectionPool.close(con); ConnectionPool.close(con);
} }
} }
...@@ -48,9 +65,10 @@ public class UserManager { ...@@ -48,9 +65,10 @@ public class UserManager {
if(UserManager.ifUserExist(login) == 200) { if(UserManager.ifUserExist(login) == 200) {
Connection con = null; Connection con = null;
PreparedStatement updatePassword = null;
try { try {
con = ConnectionPool.getConnection(); con = ConnectionPool.getConnection();
PreparedStatement updatePassword = con.prepareStatement("UPDATE users SET password = MD5( ? ) WHERE login = ? "); updatePassword = con.prepareStatement("UPDATE users SET password = MD5( ? ) WHERE login = ? ");
updatePassword.setString(1, new_pass); updatePassword.setString(1, new_pass);
updatePassword.setString(2, login); updatePassword.setString(2, login);
updatePassword.executeUpdate(); updatePassword.executeUpdate();
...@@ -60,6 +78,14 @@ public class UserManager { ...@@ -60,6 +78,14 @@ public class UserManager {
LOGGER.error("", e); LOGGER.error("", e);
return 500; return 500;
} finally { } finally {
if(updatePassword != null) {
try {
updatePassword.close();
} catch (SQLException e) {
LOGGER.error("", e);
return 500;
}
}
ConnectionPool.close(con); ConnectionPool.close(con);
} }
} else return 404; } else return 404;
...@@ -67,12 +93,14 @@ public class UserManager { ...@@ -67,12 +93,14 @@ public class UserManager {
public static int checkAuth(String login, String password) { public static int checkAuth(String login, String password) {
Connection con = null; Connection con = null;
PreparedStatement searchUser = null;
ResultSet rs = null;
try { try {
con = ConnectionPool.getConnection(); con = ConnectionPool.getConnection();
PreparedStatement searchUser = con.prepareStatement("SELECT * FROM users WHERE login = ? AND password = md5(?)"); searchUser = con.prepareStatement("SELECT * FROM users WHERE login = ? AND password = md5(?)");
searchUser.setString(1, login); searchUser.setString(1, login);
searchUser.setString(2, password); searchUser.setString(2, password);
ResultSet rs = searchUser.executeQuery(); rs = searchUser.executeQuery();
if(rs.next()) { if(rs.next()) {
return 200; return 200;
...@@ -84,17 +112,33 @@ public class UserManager { ...@@ -84,17 +112,33 @@ public class UserManager {
LOGGER.error("", e); LOGGER.error("", e);
return 500; return 500;
} finally { } finally {
if(rs != null) {
try {
rs.close();
} catch (SQLException e) {
LOGGER.error("", e);
}
}
if(searchUser != null) {
try {
searchUser.close();
} catch (SQLException e) {
LOGGER.error("", e);
}
}
ConnectionPool.close(con); ConnectionPool.close(con);
} }
} }
public static int isAdmin(String login) { public static int isAdmin(String login) {
Connection con = null; Connection con = null;
PreparedStatement isAdminCheck = null;
ResultSet rs = null;
try { try {
con = ConnectionPool.getConnection(); con = ConnectionPool.getConnection();
PreparedStatement isAdminCheck = con.prepareStatement("SELECT * FROM users WHERE login = ? AND isadmin = 1"); isAdminCheck = con.prepareStatement("SELECT * FROM users WHERE login = ? AND isadmin = 1");
isAdminCheck.setString(1, login); isAdminCheck.setString(1, login);
ResultSet rs = isAdminCheck.executeQuery(); rs = isAdminCheck.executeQuery();
if(rs.next()) { if(rs.next()) {
return 1; return 1;
...@@ -106,6 +150,20 @@ public class UserManager { ...@@ -106,6 +150,20 @@ public class UserManager {
LOGGER.error("", e); LOGGER.error("", e);
return 500; return 500;
} finally { } finally {
if(rs != null) {
try {
rs.close();
} catch (SQLException e) {
LOGGER.error("", e);
}
}
if(isAdminCheck != null) {
try {
isAdminCheck.close();
} catch (SQLException e) {
LOGGER.error("", e);
}
}
ConnectionPool.close(con); ConnectionPool.close(con);
} }
} }
......
...@@ -4,6 +4,7 @@ import kz.arta.ext.sap.db.UserManager; ...@@ -4,6 +4,7 @@ import kz.arta.ext.sap.db.UserManager;
import sun.misc.BASE64Decoder; import sun.misc.BASE64Decoder;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.Charset;
import javax.enterprise.context.RequestScoped; import javax.enterprise.context.RequestScoped;
import javax.ws.rs.GET; import javax.ws.rs.GET;
...@@ -15,7 +16,6 @@ import javax.ws.rs.QueryParam; ...@@ -15,7 +16,6 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
/** /**
* Created by val * Created by val
* Date: 04.10.2015 * Date: 04.10.2015
...@@ -43,16 +43,16 @@ public class PasswordSetService { ...@@ -43,16 +43,16 @@ public class PasswordSetService {
public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){ public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){
try { try {
String decodedAuth = ""; String decodedAuth = "";
String[] authParts = authParam.toString().split(" "); String[] authParts = authParam.split(" ");
String authInfo = authParts[1]; String authInfo = authParts[1];
byte[] bytes = null; byte[] bytes = null;
try { try {
bytes = new BASE64Decoder().decodeBuffer(authInfo); bytes = new BASE64Decoder().decodeBuffer(authInfo);
decodedAuth = new String(bytes, "UTF-8");
} catch (IOException e) { } catch (IOException e) {
e.printStackTrace(); e.printStackTrace();
} }
decodedAuth = new String(bytes);
String[] authArray = decodedAuth.split(":"); String[] authArray = decodedAuth.split(":");
...@@ -62,14 +62,14 @@ public class PasswordSetService { ...@@ -62,14 +62,14 @@ public class PasswordSetService {
int authResult = UserManager.checkAuth(currentUserLogin, currentUserPass); int authResult = UserManager.checkAuth(currentUserLogin, currentUserPass);
if (authResult == 200){ if (authResult == 200){
int isAdminResult = UserManager.isAdmin(currentUserPass); int isAdminResult = UserManager.isAdmin(currentUserLogin);
if (isAdminResult == 1) { if (isAdminResult == 1) {
return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass)); return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
} else if (isAdminResult == 0){ } else if (isAdminResult == 0){
if(login.equals(login)) return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass)); if( login.equals(currentUserLogin)) return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
else return PasswordSetService.errorMessagesHandler(403); else return PasswordSetService.errorMessagesHandler(403);
} else { } else {
...@@ -81,6 +81,8 @@ public class PasswordSetService { ...@@ -81,6 +81,8 @@ public class PasswordSetService {
} else { } else {
return PasswordSetService.errorMessagesHandler(500); return PasswordSetService.errorMessagesHandler(500);
} }
} catch (RuntimeException e) {
throw e;
} catch (Exception e) { } catch (Exception e) {
return "Error: " + e; return "Error: " + e;
} }
......
...@@ -5,8 +5,11 @@ import org.slf4j.LoggerFactory; ...@@ -5,8 +5,11 @@ import org.slf4j.LoggerFactory;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.InputStreamReader; import java.io.InputStreamReader;
import java.io.Reader;
import java.io.UnsupportedEncodingException;
import java.net.URL; import java.net.URL;
import java.util.*; import java.util.*;
...@@ -25,11 +28,46 @@ public class Config { ...@@ -25,11 +28,46 @@ public class Config {
static { static {
File confFile = new File(getConfigDir() + "/external/synergy-api-proxy.properties"); File confFile = new File(getConfigDir() + "/external/synergy-api-proxy.properties");
FileInputStream fis = null;
Reader isr = null;
try {
fis = new FileInputStream(confFile);
isr = new InputStreamReader(fis, "UTF-8");
if (confFile.exists()) { if (confFile.exists()) {
try { try {
props.load(new InputStreamReader(new FileInputStream(confFile), "UTF8")); props.load(isr);
} catch (IOException e) { } catch (IOException e) {
LOGGER.error("Configuration file not found"); LOGGER.error("Configuration file not found");
} finally {
}
}
} catch(FileNotFoundException err) {
LOGGER.error("File not found");
} catch (UnsupportedEncodingException e1) {
LOGGER.error("UnsupportedEncodingException");
} finally {
if (null != fis)
{
try
{
fis.close();
}
catch (Exception e)
{
e.printStackTrace();
}
}
if (null != isr)
{
try
{
isr.close();
}
catch (Exception e)
{
e.printStackTrace();
}
} }
} }
} }
......
...@@ -8,8 +8,6 @@ import javax.naming.NamingException; ...@@ -8,8 +8,6 @@ import javax.naming.NamingException;
import javax.sql.DataSource; import javax.sql.DataSource;
import java.sql.Connection; import java.sql.Connection;
import java.sql.SQLException; import java.sql.SQLException;
import javax.sql.XAConnection;
import javax.sql.XADataSource;
/** /**
* Created by val * Created by val
......
package kz.arta.ext.sap.util;
import kz.arta.ext.sap.db.UserManager;
import sun.misc.BASE64Decoder;
import java.io.IOException;
import java.lang.Exception;
public class SubsidiaryLib {
public static String checkTheAccess(String authParam, String logingForChange, String newPassword){
try {
String decodedAuth = "";
String[] authParts = authParam.toString().split(" ");
String authInfo = authParts[1];
byte[] bytes = null;
try {
bytes = new BASE64Decoder().decodeBuffer(authInfo);
} catch (IOException e) {
e.printStackTrace();
}
decodedAuth = new String(bytes);
String[] authArray = decodedAuth.split(":");
String login = authArray[0];
String pass = authArray[1];
String authResult = UserManager.checkAuth(login, pass);
if (authResult == "true"){
String isAdminResult = UserManager.isAdmin(login);
if (isAdminResult == "true") {
return UserManager.setPass(logingForChange, newPassword);
} else if (isAdminResult == "false"){
if(login.equals(logingForChange)) return UserManager.setPass(logingForChange, newPassword);
else return "{\"status\":\"403 Forbidden. " + login + " vs " + logingForChange + "\", \"error\":\"You don't have any access to the requested account\", \"errorCode\": \"403\"}";
} else {
return isAdminResult;
}
} else {
return authResult;
}
} catch (Exception e) {
return "Error: " + e;
}
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment