diff --git a/src/main/java/com/covas/Resources/TokenRessource.java b/src/main/java/com/covas/Resources/TokenRessource.java index 4c80581..b9a80a8 100644 --- a/src/main/java/com/covas/Resources/TokenRessource.java +++ b/src/main/java/com/covas/Resources/TokenRessource.java @@ -40,16 +40,20 @@ public class TokenRessource { @GET @Produces(MediaType.APPLICATION_JSON) - public Response getUserName(@HeaderParam("Authorization") String auth, @CookieParam("jwt") String jwtCookie) { + public Response getUserName(@HeaderParam("Authorization") String auth, @CookieParam("user") String user, @CookieParam("jwt") String jwtCookie) { String name = "anonymous"; String password = ""; - if(auth == null){ - return Response.status(Response.Status.BAD_REQUEST).build(); + if(user == null){ + return Response.status(Response.Status.BAD_REQUEST).build(); + } else { + name = new String(Base64.decode(user), StandardCharsets.UTF_8); + } + } else { + String[] hash = new String(Base64.decode(auth.split(" ")[1]), StandardCharsets.UTF_8).split(":"); + name = hash[0]; + password = Hash.encryptSHA512(hash[1]); } - String[] hash = new String(Base64.decode(auth.split(" ")[1]), StandardCharsets.UTF_8).split(":"); - name = hash[0]; - password = Hash.encryptSHA512(hash[1]); UsersEntity users = UsersEntity.findByPseudo(name); if (users == null){ return Response.status(Response.Status.NOT_FOUND).build(); @@ -62,7 +66,8 @@ public class TokenRessource { String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).claim(Claims.kid, users.id.toString()).expiresIn(Duration.ofMinutes(1)).sign(); // or create a JWT token encrypted using the 'A256KW' algorithm // Jwt.upn("alice").encryptWithSecret(secret); - return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie)).build(); + String nameEncoded = Base64.toBase64String(name.getBytes(StandardCharsets.UTF_8)); + return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie), new NewCookie("user", nameEncoded)).build(); } // All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized. try {