Commit c33568c5 authored by Alina Habibulina's avatar Alina Habibulina

fix 5

parent ad765f46
...@@ -23,7 +23,7 @@ public class UserManager { ...@@ -23,7 +23,7 @@ public class UserManager {
private static final Logger LOGGER = LoggerFactory.getLogger(UserManager.class); private static final Logger LOGGER = LoggerFactory.getLogger(UserManager.class);
public static String ifUserExist(String login) { public static int ifUserExist(String login) {
Connection con = null; Connection con = null;
try { try {
con = ConnectionPool.getConnection(); con = ConnectionPool.getConnection();
...@@ -40,19 +40,19 @@ public class UserManager { ...@@ -40,19 +40,19 @@ public class UserManager {
} }
} }
if(message.toString().length() > 0) return "true"; if(message.toString().length() > 0) return 200;
else return "{\"status\":\"User is not exist!\", \"errorCode\": \"404\"}"; else return 404;
} catch (SQLException | NamingException e) { } catch (SQLException | NamingException e) {
LOGGER.error("", e); LOGGER.error("", e);
return "{\"status\":\"something gone wrong\", \"error\":\"" + e + "\", \"errorCode\": \"500\"}"; return 500;
} finally { } finally {
ConnectionPool.close(con); ConnectionPool.close(con);
} }
} }
public static String setPass(String login, String new_pass) { public static int setPass(String login, String new_pass) {
if(UserManager.ifUserExist(login) == "true") { if(UserManager.ifUserExist(login) == 200) {
Connection con = null; Connection con = null;
try { try {
...@@ -61,18 +61,18 @@ public class UserManager { ...@@ -61,18 +61,18 @@ public class UserManager {
updatePassword.setString(1, new_pass); updatePassword.setString(1, new_pass);
updatePassword.setString(2, login); updatePassword.setString(2, login);
updatePassword.executeUpdate(); updatePassword.executeUpdate();
return "{\"result\":\"success\", \"errorCode\":\"0\"}"; return 200;
} catch (SQLException | NamingException e) { } catch (SQLException | NamingException e) {
LOGGER.error("", e); LOGGER.error("", e);
return "{\"status\":\"something has gone wrong\", \"error\":\"" + e + "\", \"errorCode\": \"500\"}"; return 500;
} finally { } finally {
ConnectionPool.close(con); ConnectionPool.close(con);
} }
} else return "{\"status\":\"There is no user with such login!\", \"errorCode\": \"404\"}"; } else return 404;
} }
public static String checkAuth(String login, String password) { public static int checkAuth(String login, String password) {
Connection con = null; Connection con = null;
try { try {
con = ConnectionPool.getConnection(); con = ConnectionPool.getConnection();
...@@ -87,22 +87,21 @@ public class UserManager { ...@@ -87,22 +87,21 @@ public class UserManager {
for (int i = 1; i <= columns; i++){ for (int i = 1; i <= columns; i++){
message.append(rs.getString(i) + " "); message.append(rs.getString(i) + " ");
} }
} }
if(message.toString().length() > 0) return "true"; if(message.toString().length() > 0) return 200;
return "{\"status\":\"Not authorized\", \"errorCode\": \"404\"}"; return 401;
} catch (SQLException | NamingException e) { } catch (SQLException | NamingException e) {
LOGGER.error("", e); LOGGER.error("", e);
return "{\"status\":\"Something has gone wrong\", \"error\":\"" + e + "\", \"errorCode\": \"500\"}"; return 500;
} finally { } finally {
ConnectionPool.close(con); ConnectionPool.close(con);
} }
} }
public static String isAdmin(String login) { public static int isAdmin(String login) {
Connection con = null; Connection con = null;
try { try {
con = ConnectionPool.getConnection(); con = ConnectionPool.getConnection();
...@@ -118,13 +117,13 @@ public class UserManager { ...@@ -118,13 +117,13 @@ public class UserManager {
} }
} }
if(message.toString().length() > 0) return "true"; if(message.toString().length() > 0) return 1;
return "false"; return 0;
} catch (SQLException | NamingException e) { } catch (SQLException | NamingException e) {
LOGGER.error("", e); LOGGER.error("", e);
return "{\"status\":\"Something has gone wrong\", \"error\":\"" + e + "\", \"errorCode\": \"500\"}"; return 500;
} finally { } finally {
ConnectionPool.close(con); ConnectionPool.close(con);
} }
......
...@@ -12,11 +12,4 @@ import javax.ws.rs.core.Application; ...@@ -12,11 +12,4 @@ import javax.ws.rs.core.Application;
*/ */
@ApplicationPath("proxy") @ApplicationPath("proxy")
public class Activator extends Application { public class Activator extends Application {
@Override
public Set<Class<?>> getClasses() {
// TODO Auto-generated method stub
return null;
}
} }
package kz.arta.ext.sap.service; package kz.arta.ext.sap.service;
import kz.arta.ext.sap.util.SubsidiaryLib; import kz.arta.ext.sap.db.UserManager;
import sun.misc.BASE64Decoder;
import java.io.IOException;
import javax.enterprise.context.RequestScoped; import javax.enterprise.context.RequestScoped;
import javax.ws.rs.GET; import javax.ws.rs.GET;
...@@ -25,7 +28,7 @@ import javax.ws.rs.core.MediaType; ...@@ -25,7 +28,7 @@ import javax.ws.rs.core.MediaType;
@Path("/uservice") @Path("/uservice")
@RequestScoped @RequestScoped
public class UnsecuredProxyService { public class PasswordSetService {
@GET @GET
@Path("/test") @Path("/test")
...@@ -38,7 +41,58 @@ public class UnsecuredProxyService { ...@@ -38,7 +41,58 @@ public class UnsecuredProxyService {
@Path("/set_password") @Path("/set_password")
@Produces(MediaType.APPLICATION_JSON + "; charset=utf-8") @Produces(MediaType.APPLICATION_JSON + "; charset=utf-8")
public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){ public String setPassword(@HeaderParam("authorization") String authParam, @QueryParam("login") String login, @QueryParam("new_password") String new_pass){
return SubsidiaryLib.checkTheAccess(authParam, login, new_pass); try {
String decodedAuth = "";
String[] authParts = authParam.toString().split(" ");
String authInfo = authParts[1];
byte[] bytes = null;
try {
bytes = new BASE64Decoder().decodeBuffer(authInfo);
} catch (IOException e) {
e.printStackTrace();
} }
decodedAuth = new String(bytes);
String[] authArray = decodedAuth.split(":");
String currentUserLogin = authArray[0];
String currentUserPass = authArray[1];
int authResult = UserManager.checkAuth(currentUserLogin, currentUserPass);
if (authResult == 200){
int isAdminResult = UserManager.isAdmin(currentUserPass);
if (isAdminResult == 1) {
return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
} else if (isAdminResult == 0){
if(login.equals(login)) return PasswordSetService.errorMessagesHandler(UserManager.setPass(login, new_pass));
else return PasswordSetService.errorMessagesHandler(403);
} else {
return PasswordSetService.errorMessagesHandler(500);
}
} else if(authResult == 401) {
return PasswordSetService.errorMessagesHandler(401);
} else {
return PasswordSetService.errorMessagesHandler(500);
}
} catch (Exception e) {
return "Error: " + e;
}
}
public static String errorMessagesHandler(int code) {
switch(code) {
case 200: return "{\"result\":\"success\", \"errorCode\":\"0\"}";
case 401: return "{\"status\":\"401 Unauthorized!\", \"errorCode\": \"401\"}";
case 403: return "{\"status\":\"403 Forbidden.\", \"error\":\"You don't have any access to the requested account\", \"errorCode\": \"403\"}";
case 404: return "{\"status\":\"There is no user with such login!\", \"errorCode\": \"404\"}";
default: return "{\"status\":\"Something has gone wrong on serve/db\", \"errorCode\": \"500\"}";
}
}
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment