v4l3n71n/covas-quarkus
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add exception

Browse Source
This commit is contained in:
Valentin CZERYBA 2022-05-15 15:35:12 +02:00
parent a312ae4289
commit d800602681
2 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/com/covas/Resources/TokenRessource.java
View File

@ -56,8 +56,8 @@ public class TokenRessource {
return Response.status(Response.Status.NOT_FOUND).build(); return Response.status(Response.Status.NOT_FOUND).build();
} }
if (jwtCookie == null) { if (jwtCookie == null) {
if(!password.equals(users.password)){ if((!password.equals(users.password)) && (!users.status)) {
return Response.status(Response.Status.FORBIDDEN).build(); return Response.status(Response.Status.FORBIDDEN).build();
} }
// Create a JWT token signed using the 'HS256' algorithm // Create a JWT token signed using the 'HS256' algorithm
String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).claim(Claims.kid, users.id.toString()).expiresIn(Duration.ofMinutes(1)).sign(); String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).claim(Claims.kid, users.id.toString()).expiresIn(Duration.ofMinutes(1)).sign();

22
src/main/java/com/covas/Resources/UsersRessources.java
View File

@ -42,7 +42,15 @@ public class UsersRessources {
@GET @GET
@RolesAllowed("Admin") @RolesAllowed("Admin")
@Path("{id}") @Path("{id}")
public Response getSingleUser(@PathParam("id") String id){ public Response getSingleUser(@PathParam("id") String id, @CookieParam("user") String userCookie, @Context SecurityContext ctx){
if(!ctx.getUserPrincipal().getName().equals(jwt.getName())){
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
}
UUID kid = UUID.fromString(jwt.getClaim(Claims.kid));
UsersEntity user = UsersEntity.findById(kid);
if(!checkUserCookie(userCookie, user)){
return Response.status(Response.Status.FORBIDDEN).build();
}
UUID uid = UUID.fromString(id); UUID uid = UUID.fromString(id);
UsersEntity users = UsersEntity.findById(uid); UsersEntity users = UsersEntity.findById(uid);
if(users == null){ if(users == null){
@ -63,10 +71,16 @@ public class UsersRessources {
if (user == null){ if (user == null){
return Response.status(Response.Status.NOT_FOUND).build(); return Response.status(Response.Status.NOT_FOUND).build();
} }
String name = new String(Base64.decode(userCookie), StandardCharsets.UTF_8); if(!checkUserCookie(userCookie, user)){
if(!name.equals(user.pseudo)){
return Response.status(Response.Status.FORBIDDEN).build(); return Response.status(Response.Status.FORBIDDEN).build();
} }
return Response.ok(new UserSingle(user.name, user.pseudo, user.firstName)).build(); return Response.ok(new UserSingle(user.name, user.pseudo, user.firstName)).build();
} }
private Boolean checkUserCookie(String userCookie, UsersEntity users){
String name = new String(Base64.decode(userCookie), StandardCharsets.UTF_8);
if(!name.equals(users.pseudo) && (!users.status)){
return false;
}
return true;
}
} }