fix 9

a05fb38a · Alina Habibulina · 687dfc70 · a05fb38a · a05fb38a · a05fb38a
Commit a05fb38a authored Jun 22, 2018 by Alina Habibulina
4 changed files
--- a/src/main/java/kz/arta/ext/sap/db/UserManager.java
+++ b/src/main/java/kz/arta/ext/sap/db/UserManager.java
@@ -23,8 +23,9 @@ import java.sql.ResultSet;

 public class UserManager {	
    private static final Logger LOGGER = LoggerFactory.getLogger(UserManager.class);
-    private static final String IS_ADMIN = "isadmin";
-    private static final String IS_AUTH = "isauth";
+    private static final String AUTH = "auth";
+    private static final String EXIST = "exist";
+    private static final String ISADMIN = "isadmin";
    
    /**
     * 
@@ -34,7 +35,7 @@ public class UserManager {
     */
    
    public static int setPass(String login, String new_pass) {
-    	if(UserManager.dbInteraction(login, null, "isExist").getisExist()) {
+    	if(UserManager.selectFromUsersQuery(login, null, "exist").isExist()) {
 	    		    	
 			Connection con = null;
 			PreparedStatement updatePassword = null;
@@ -66,13 +67,12 @@ public class UserManager {
 	/**
 	 * 
 	 * @param login           Логин пользователя
-	 * @param field           Поле для поиска записей в базе
 	 * @param value           Значение, по которому нужно искать
-	 * @param requestType     Может принимать значения "isadmin", "isauth", или любое другое для проверки существования пользователя; 
+	 * @param requestType     Может принимать значения "auth", или "exist"; 
 	 * @return                Объект класса SynergyUser
 	 */
    
-	public static SynergyUser dbInteraction(String login, String value, String requestType) {
+	public static SynergyUser selectFromUsersQuery(String login, String value, String requestType) {
 		Connection con = null;
 		PreparedStatement ps = null;
 		ResultSet rs = null;
@@ -81,33 +81,32 @@ public class UserManager {
        try {
            con = ConnectionPool.getConnection();
            
-        	if(requestType.equals(IS_AUTH)) {
+        	if(requestType.equals(AUTH)) {
+        		
        		ps = con.prepareStatement("SELECT * FROM users WHERE login = ? AND password = md5( ? )");
                ps.setString(2, value);
-        	} else if(requestType.equals(IS_ADMIN)){
-        		ps = con.prepareStatement("SELECT * FROM users WHERE login = ? AND isadmin = 1");
-        	} else ps = con.prepareStatement("SELECT * FROM users WHERE login = ? ");
+
+        	} else if(requestType.equals(EXIST)){
+        		ps = con.prepareStatement("SELECT * FROM users WHERE login = ?");
+        		ps.setString(1, login);
+        	}
        	
-            ps.setString(1, login);
-        
+    		ps.setString(1, login);
 			rs = ps.executeQuery();
-			
+        	
 			if(rs.next()) {
-				if(requestType.equals(IS_AUTH)){
-					user.setIsAuth(true);
-				} else if(requestType.equals(IS_ADMIN)) {
-					user.setIsAdmin(true);
-					user.setIsAuth(true);
-				} else {
-					user.setExist(true);
-				}
+				
+				user.setAdmin(rs.getBoolean(ISADMIN));
+				user.setAuth(true);
+				user.setExist(true);
+				
 			} 
 			
 			return user;

        } catch (SQLException | NamingException e) {
            LOGGER.error("", e);
-            user.setIsError(500);
+            user.setError(500);
 			return user; 
        } finally {
        	if(rs != null) {
@@ -131,16 +130,3 @@ public class UserManager {
 	
 }

-
-
-
-
-
-
-
-
-
-
-
-
-
--- a/src/main/java/kz/arta/ext/sap/service/PasswordSetService.java
+++ b/src/main/java/kz/arta/ext/sap/service/PasswordSetService.java
@@ -45,11 +45,11 @@ public class PasswordSetService {
 	@POST
 	@Path("/set_password")
 	@Produces(MediaType.APPLICATION_JSON + "; charset=utf-8")
-    public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("currentUserLogin") String currentUserLogin, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){
+    public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("currentUserLogin") String currentUserLogin, @QueryParam("currentUserPass") String currentUserPass, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){
 		try {
-			boolean su = UserManager.dbInteraction(currentUserLogin, null, "isadmin").getIsAdmin();
+			boolean su = UserManager.selectFromUsersQuery(currentUserLogin, currentUserPass, "auth").isAdmin();
 			
-			if (su) {
+			if(su) {
 				
 				return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
 			

--- a/src/main/java/kz/arta/ext/sap/service/SecurityInterceptor.java
+++ b/src/main/java/kz/arta/ext/sap/service/SecurityInterceptor.java
@@ -19,7 +19,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.ext.Provider;

 /**
@@ -68,15 +67,16 @@ public class SecurityInterceptor implements PreProcessInterceptor {
    		String currentUserLogin = authArray[0];
    		String currentUserPass = authArray[1];
    		
-    		SynergyUser su = UserManager.dbInteraction(currentUserLogin, currentUserPass, "isauth");
+    		SynergyUser su = UserManager.selectFromUsersQuery(currentUserLogin, currentUserPass, "auth");
    		
-    		if (su.getIsError() == 500) {
+    		if (su.getError() == 500) {
    			return DB_ERROR;
-    		} else if (!su.getIsAuth()){
+    		} else if (!su.isAuth()){
    			return ACCESS_DENIED;
    		}
 			
-    		httpRequest.getUri().getQueryParameters().add("currentUserLogin", currentUserLogin);  
+    		httpRequest.getUri().getQueryParameters().add("currentUserLogin", currentUserLogin);   
+    		httpRequest.getUri().getQueryParameters().add("currentUserPass", currentUserPass);   
    	}

    	return null;

--- a/src/main/java/kz/arta/ext/sap/service/SynergyUser.java
+++ b/src/main/java/kz/arta/ext/sap/service/SynergyUser.java
 package kz.arta.ext.sap.service;

 public class SynergyUser {
-	private boolean isAdmin;
-	private boolean isAuth;
-	private boolean isExist;
-	private int isError;
-
-	public SynergyUser() {
-		this.isAdmin = false;
-		this.isAuth = false;
-		this.isExist = false;
-		this.isError = 0;
-	}
+	private boolean admin;
+	private boolean auth;
+	private boolean exist;
+	private int error;
 	
-	public boolean getIsAdmin() {
-		return isAdmin;
+	public boolean isAdmin() {
+		return admin;
 	}

-	public void setIsAdmin(boolean isAdmin) {
-		this.isAdmin = isAdmin;
+	public void setAdmin(boolean isAdmin) {
+		this.admin = isAdmin;
 	}

-	public boolean getIsAuth() {
-		return isAuth;
+	public boolean isAuth() {
+		return auth;
 	}

-	public void setIsAuth(boolean isAuth) {
-		this.isAuth = isAuth;
+	public void setAuth(boolean isAuth) {
+		this.auth = isAuth;
 	}
 	
-	public int getIsError() {
-		return isError;
+	public int getError() {
+		return error;
 	}

-	public void setIsError(int isError) {
-		this.isError = isError;
+	public void setError(int isError) {
+		this.error = isError;
 	}
 	
-	public boolean getisExist() {
-		return isExist;
+	public boolean isExist() {
+		return exist;
 	}

 	public void setExist(boolean isExist) {
-		this.isExist = isExist;
+		this.exist = isExist;
 	}