diff --git a/src/main/java/com/covas/Resources/TokenRessource.java b/src/main/java/com/covas/Resources/TokenRessource.java index f1864f4..84daf33 100644 --- a/src/main/java/com/covas/Resources/TokenRessource.java +++ b/src/main/java/com/covas/Resources/TokenRessource.java @@ -1,6 +1,7 @@ package com.covas.Resources; import java.nio.charset.StandardCharsets; +import java.time.Duration; import java.util.Arrays; import java.util.HashSet; @@ -21,57 +22,66 @@ import io.smallrye.jwt.auth.principal.JWTParser; import io.smallrye.jwt.auth.principal.ParseException; import io.smallrye.jwt.build.Jwt; +import org.eclipse.microprofile.jwt.Claims; import org.eclipse.microprofile.jwt.JsonWebToken; +import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.jaxrs.HeaderParam; import org.postgresql.shaded.com.ongres.scram.common.bouncycastle.base64.Base64; -@Path("/api") +@Path("/token") public class TokenRessource { @Inject JsonWebToken jwt; + private static final Logger LOGGER = Logger.getLogger(UsersRessources.class); + @Inject JWTParser parser; @GET @Produces(MediaType.APPLICATION_JSON) - @Path("token") - public Response getUserName(@HeaderParam("Authorization") String auth, @CookieParam("jwt") String jwtCookie) { + public Response tokenRefresh(@HeaderParam("Authorization") String auth, @CookieParam("user") String user, @CookieParam("jwt") String jwtCookie) { String name = "anonymous"; String password = ""; - - if (jwtCookie == null) { + if(auth == null){ + if(user == null){ + return Response.status(Response.Status.BAD_REQUEST).build(); + } else { + name = new String(Base64.decode(user), StandardCharsets.UTF_8); + } + } else { String[] hash = new String(Base64.decode(auth.split(" ")[1]), StandardCharsets.UTF_8).split(":"); name = hash[0]; password = Hash.encryptSHA512(hash[1]); - - UsersEntity users = UsersEntity.findByPseudo(name); - if(users != null){ - - if(password.equals(users.password)){ - // Create a JWT token signed using the 'HS256' algorithm - String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(new HashSet<>(Arrays.asList(users.roles))).sign(); - // or create a JWT token encrypted using the 'A256KW' algorithm - // Jwt.upn("alice").encryptWithSecret(secret); - return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie)).build(); - } else { - return Response.status(Response.Status.FORBIDDEN).build(); - } - - - } - return Response.status(Response.Status.NOT_FOUND).build(); - - } else { - // All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized. - try { - jwt = parser.parse(jwtCookie); - } - catch(ParseException p){ - return Response.status(Response.Status.UNAUTHORIZED).build(); - } - // or jwt = parser.decrypt(jwtCookie, secret); - return Response.status(Response.Status.OK).build(); } + UsersEntity users = UsersEntity.findByPseudo(name); + if (users == null){ + return Response.status(Response.Status.NOT_FOUND).build(); + } + if (jwtCookie == null) { + if(!password.equals(users.password)){ + return Response.status(Response.Status.FORBIDDEN).build(); + } + // Create a JWT token signed using the 'HS256' algorithm + String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).claim(Claims.kid, users.id.toString()).expiresIn(Duration.ofMinutes(1)).sign(); + // or create a JWT token encrypted using the 'A256KW' algorithm + // Jwt.upn("alice").encryptWithSecret(secret); + String nameEncoded = Base64.toBase64String(name.getBytes(StandardCharsets.UTF_8)); + return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie), new NewCookie("user", nameEncoded)).build(); + } + // All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized. + try { + jwt = parser.parse(jwtCookie); + } + catch(ParseException p){ + return Response.status(Response.Status.NOT_ACCEPTABLE).build(); + } + // or jwt = parser.decrypt(jwtCookie, secret); + String kid = jwt.getClaim(Claims.kid).toString(); + if(!kid.equals(users.id.toString())){ + return Response.status(Response.Status.UNAUTHORIZED).build(); + } + return Response.status(Response.Status.OK).build(); } + } diff --git a/src/main/java/com/covas/Resources/UsersRessources.java b/src/main/java/com/covas/Resources/UsersRessources.java index ade1086..1f193fe 100644 --- a/src/main/java/com/covas/Resources/UsersRessources.java +++ b/src/main/java/com/covas/Resources/UsersRessources.java @@ -20,13 +20,13 @@ import org.jboss.logging.Logger; public class UsersRessources { private static final Logger LOGGER = Logger.getLogger(UsersRessources.class); @GET - @RolesAllowed({"Admin"}) + @RolesAllowed("Admin") public Response getUsers(){ return Response.ok(UsersEntity.listAll()).build(); } @GET - @RolesAllowed({"Admin"}) + @RolesAllowed("Admin") @Path("{id}") public Response getSingleUser(@PathParam("id") String id){ UUID uid = UUID.fromString(id); @@ -38,7 +38,7 @@ public class UsersRessources { } @GET - @RolesAllowed({"User"}) + @RolesAllowed("User") @Path("info") public Response getInfoUser(){ return Response.ok().build();