v4l3n71n/covas-quarkus
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove array and add error http bad request

Browse Source
This commit is contained in:
Valentin CZERYBA 2022-05-13 20:33:49 +02:00
parent 24152ec239
commit 675c6a0d6b
2 changed files with 23 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/main/java/com/covas/Resources/TokenRessource.java
View File

@ -21,26 +21,33 @@ import io.smallrye.jwt.auth.principal.JWTParser;
import io.smallrye.jwt.auth.principal.ParseException; import io.smallrye.jwt.auth.principal.ParseException;
import io.smallrye.jwt.build.Jwt; import io.smallrye.jwt.build.Jwt;
import org.eclipse.microprofile.jwt.JsonWebToken; import org.eclipse.microprofile.jwt.JsonWebToken;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.jaxrs.HeaderParam; import org.jboss.resteasy.annotations.jaxrs.HeaderParam;
import org.postgresql.shaded.com.ongres.scram.common.bouncycastle.base64.Base64; import org.postgresql.shaded.com.ongres.scram.common.bouncycastle.base64.Base64;
@Path("/api") @Path("/token")
public class TokenRessource { public class TokenRessource {
@Inject @Inject
JsonWebToken jwt; JsonWebToken jwt;
private static final Logger LOGGER = Logger.getLogger(UsersRessources.class);
@Inject JWTParser parser; @Inject JWTParser parser;
@GET @GET
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Path("token")
public Response getUserName(@HeaderParam("Authorization") String auth, @CookieParam("jwt") String jwtCookie) { public Response getUserName(@HeaderParam("Authorization") String auth, @CookieParam("jwt") String jwtCookie) {
String name = "anonymous"; String name = "anonymous";
String password = ""; String password = "";
if (jwtCookie == null) { if (jwtCookie == null) {
if(auth == null){
return Response.status(Response.Status.BAD_REQUEST).build();
}
String[] hash = new String(Base64.decode(auth.split(" ")[1]), StandardCharsets.UTF_8).split(":"); String[] hash = new String(Base64.decode(auth.split(" ")[1]), StandardCharsets.UTF_8).split(":");
name = hash[0]; name = hash[0];
password = Hash.encryptSHA512(hash[1]); password = Hash.encryptSHA512(hash[1]);
@ -50,7 +57,7 @@ public class TokenRessource {
if(password.equals(users.password)){ if(password.equals(users.password)){
// Create a JWT token signed using the 'HS256' algorithm // Create a JWT token signed using the 'HS256' algorithm
String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(new HashSet<>(Arrays.asList(users.roles))).sign(); String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).sign();
// or create a JWT token encrypted using the 'A256KW' algorithm // or create a JWT token encrypted using the 'A256KW' algorithm
// Jwt.upn("alice").encryptWithSecret(secret); // Jwt.upn("alice").encryptWithSecret(secret);
return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie)).build(); return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie)).build();
@ -62,16 +69,16 @@ public class TokenRessource {
} }
return Response.status(Response.Status.NOT_FOUND).build(); return Response.status(Response.Status.NOT_FOUND).build();
} else { }
// All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized. // All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized.
try { try {
jwt = parser.parse(jwtCookie); jwt = parser.parse(jwtCookie);
} }
catch(ParseException p){ catch(ParseException p){
return Response.status(Response.Status.UNAUTHORIZED).build(); return Response.status(Response.Status.NOT_ACCEPTABLE).build();
} }
// or jwt = parser.decrypt(jwtCookie, secret); // or jwt = parser.decrypt(jwtCookie, secret);
return Response.status(Response.Status.OK).build(); return Response.status(Response.Status.OK).build();
} }
}
} }

6
src/main/java/com/covas/Resources/UsersRessources.java
View File

@ -20,13 +20,13 @@ import org.jboss.logging.Logger;
public class UsersRessources { public class UsersRessources {
private static final Logger LOGGER = Logger.getLogger(UsersRessources.class); private static final Logger LOGGER = Logger.getLogger(UsersRessources.class);
@GET @GET
@RolesAllowed({"Admin"}) @RolesAllowed("Admin")
public Response getUsers(){ public Response getUsers(){
return Response.ok(UsersEntity.listAll()).build(); return Response.ok(UsersEntity.listAll()).build();
} }
@GET @GET
@RolesAllowed({"Admin"}) @RolesAllowed("Admin")
@Path("{id}") @Path("{id}")
public Response getSingleUser(@PathParam("id") String id){ public Response getSingleUser(@PathParam("id") String id){
UUID uid = UUID.fromString(id); UUID uid = UUID.fromString(id);
@ -38,7 +38,7 @@ public class UsersRessources {
} }
@GET @GET
@RolesAllowed({"User"}) @RolesAllowed("User")
@Path("info") @Path("info")
public Response getInfoUser(){ public Response getInfoUser(){
return Response.ok().build(); return Response.ok().build();