Commit a05fb38a authored by Alina Habibulina's avatar Alina Habibulina

fix 9

parent 687dfc70
...@@ -23,8 +23,9 @@ import java.sql.ResultSet; ...@@ -23,8 +23,9 @@ import java.sql.ResultSet;
public class UserManager { public class UserManager {
private static final Logger LOGGER = LoggerFactory.getLogger(UserManager.class); private static final Logger LOGGER = LoggerFactory.getLogger(UserManager.class);
private static final String IS_ADMIN = "isadmin"; private static final String AUTH = "auth";
private static final String IS_AUTH = "isauth"; private static final String EXIST = "exist";
private static final String ISADMIN = "isadmin";
/** /**
* *
...@@ -34,7 +35,7 @@ public class UserManager { ...@@ -34,7 +35,7 @@ public class UserManager {
*/ */
public static int setPass(String login, String new_pass) { public static int setPass(String login, String new_pass) {
if(UserManager.dbInteraction(login, null, "isExist").getisExist()) { if(UserManager.selectFromUsersQuery(login, null, "exist").isExist()) {
Connection con = null; Connection con = null;
PreparedStatement updatePassword = null; PreparedStatement updatePassword = null;
...@@ -66,13 +67,12 @@ public class UserManager { ...@@ -66,13 +67,12 @@ public class UserManager {
/** /**
* *
* @param login Логин пользователя * @param login Логин пользователя
* @param field Поле для поиска записей в базе
* @param value Значение, по которому нужно искать * @param value Значение, по которому нужно искать
* @param requestType Может принимать значения "isadmin", "isauth", или любое другое для проверки существования пользователя; * @param requestType Может принимать значения "auth", или "exist";
* @return Объект класса SynergyUser * @return Объект класса SynergyUser
*/ */
public static SynergyUser dbInteraction(String login, String value, String requestType) { public static SynergyUser selectFromUsersQuery(String login, String value, String requestType) {
Connection con = null; Connection con = null;
PreparedStatement ps = null; PreparedStatement ps = null;
ResultSet rs = null; ResultSet rs = null;
...@@ -81,33 +81,32 @@ public class UserManager { ...@@ -81,33 +81,32 @@ public class UserManager {
try { try {
con = ConnectionPool.getConnection(); con = ConnectionPool.getConnection();
if(requestType.equals(IS_AUTH)) { if(requestType.equals(AUTH)) {
ps = con.prepareStatement("SELECT * FROM users WHERE login = ? AND password = md5( ? )"); ps = con.prepareStatement("SELECT * FROM users WHERE login = ? AND password = md5( ? )");
ps.setString(2, value); ps.setString(2, value);
} else if(requestType.equals(IS_ADMIN)){
ps = con.prepareStatement("SELECT * FROM users WHERE login = ? AND isadmin = 1");
} else ps = con.prepareStatement("SELECT * FROM users WHERE login = ? ");
} else if(requestType.equals(EXIST)){
ps = con.prepareStatement("SELECT * FROM users WHERE login = ?");
ps.setString(1, login); ps.setString(1, login);
}
ps.setString(1, login);
rs = ps.executeQuery(); rs = ps.executeQuery();
if(rs.next()) { if(rs.next()) {
if(requestType.equals(IS_AUTH)){
user.setIsAuth(true); user.setAdmin(rs.getBoolean(ISADMIN));
} else if(requestType.equals(IS_ADMIN)) { user.setAuth(true);
user.setIsAdmin(true);
user.setIsAuth(true);
} else {
user.setExist(true); user.setExist(true);
}
} }
return user; return user;
} catch (SQLException | NamingException e) { } catch (SQLException | NamingException e) {
LOGGER.error("", e); LOGGER.error("", e);
user.setIsError(500); user.setError(500);
return user; return user;
} finally { } finally {
if(rs != null) { if(rs != null) {
...@@ -131,16 +130,3 @@ public class UserManager { ...@@ -131,16 +130,3 @@ public class UserManager {
} }
...@@ -45,11 +45,11 @@ public class PasswordSetService { ...@@ -45,11 +45,11 @@ public class PasswordSetService {
@POST @POST
@Path("/set_password") @Path("/set_password")
@Produces(MediaType.APPLICATION_JSON + "; charset=utf-8") @Produces(MediaType.APPLICATION_JSON + "; charset=utf-8")
public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("currentUserLogin") String currentUserLogin, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){ public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("currentUserLogin") String currentUserLogin, @QueryParam("currentUserPass") String currentUserPass, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){
try { try {
boolean su = UserManager.dbInteraction(currentUserLogin, null, "isadmin").getIsAdmin(); boolean su = UserManager.selectFromUsersQuery(currentUserLogin, currentUserPass, "auth").isAdmin();
if (su) { if(su) {
return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass)); return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
......
...@@ -19,7 +19,6 @@ import javax.servlet.http.HttpServletRequest; ...@@ -19,7 +19,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.WebApplicationException; import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context; import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.ext.Provider; import javax.ws.rs.ext.Provider;
/** /**
...@@ -68,15 +67,16 @@ public class SecurityInterceptor implements PreProcessInterceptor { ...@@ -68,15 +67,16 @@ public class SecurityInterceptor implements PreProcessInterceptor {
String currentUserLogin = authArray[0]; String currentUserLogin = authArray[0];
String currentUserPass = authArray[1]; String currentUserPass = authArray[1];
SynergyUser su = UserManager.dbInteraction(currentUserLogin, currentUserPass, "isauth"); SynergyUser su = UserManager.selectFromUsersQuery(currentUserLogin, currentUserPass, "auth");
if (su.getIsError() == 500) { if (su.getError() == 500) {
return DB_ERROR; return DB_ERROR;
} else if (!su.getIsAuth()){ } else if (!su.isAuth()){
return ACCESS_DENIED; return ACCESS_DENIED;
} }
httpRequest.getUri().getQueryParameters().add("currentUserLogin", currentUserLogin); httpRequest.getUri().getQueryParameters().add("currentUserLogin", currentUserLogin);
httpRequest.getUri().getQueryParameters().add("currentUserPass", currentUserPass);
} }
return null; return null;
......
package kz.arta.ext.sap.service; package kz.arta.ext.sap.service;
public class SynergyUser { public class SynergyUser {
private boolean isAdmin; private boolean admin;
private boolean isAuth; private boolean auth;
private boolean isExist; private boolean exist;
private int isError; private int error;
public SynergyUser() { public boolean isAdmin() {
this.isAdmin = false; return admin;
this.isAuth = false;
this.isExist = false;
this.isError = 0;
} }
public boolean getIsAdmin() { public void setAdmin(boolean isAdmin) {
return isAdmin; this.admin = isAdmin;
} }
public void setIsAdmin(boolean isAdmin) { public boolean isAuth() {
this.isAdmin = isAdmin; return auth;
} }
public boolean getIsAuth() { public void setAuth(boolean isAuth) {
return isAuth; this.auth = isAuth;
} }
public void setIsAuth(boolean isAuth) { public int getError() {
this.isAuth = isAuth; return error;
} }
public int getIsError() { public void setError(int isError) {
return isError; this.error = isError;
} }
public void setIsError(int isError) { public boolean isExist() {
this.isError = isError; return exist;
}
public boolean getisExist() {
return isExist;
} }
public void setExist(boolean isExist) { public void setExist(boolean isExist) {
this.isExist = isExist; this.exist = isExist;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment