From 82a3b152f2f02997a7a174eaa953fa9f610e544c Mon Sep 17 00:00:00 2001 From: Bartha Maxime <231026@umons.ac.be> Date: Fri, 8 Mar 2024 20:54:23 +0100 Subject: [PATCH] put the params in the body and fixed token issue --- .../Clyde/EndPoints/LoginController.java | 36 ++++++++++++++----- .../herisson/Clyde/Services/TokenService.java | 7 ++++ 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java index be8d1df..8a0722d 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java @@ -1,8 +1,11 @@ package ovh.herisson.Clyde.EndPoints; +import com.fasterxml.jackson.annotation.JsonFormat; +import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import ovh.herisson.Clyde.Responses.UnauthorizedResponse; import ovh.herisson.Clyde.Services.AuthenticatorService; + import java.util.Date; @RestController @@ -10,16 +13,33 @@ import java.util.Date; public class LoginController { private final AuthenticatorService authServ; - public LoginController(AuthenticatorService authServ) { - this.authServ = authServ; + static public class RequestLogin{ + private final String identifier; + private final String password; + @JsonFormat(pattern="yyyy-MM-dd'T'HH:mm:ss") + private final Date expirationDate; + public RequestLogin(String identifier, String password, Date expirationDate){ + this.identifier = identifier; + this.password = password; + this.expirationDate = expirationDate; + } } - @PostMapping("/login") - public ResponseEntity login(@RequestParam String identifier, String password, Date expirationDate) { - String sessionToken = authServ.login(identifier, password, expirationDate); - if (sessionToken == null) { + public LoginController(AuthenticatorService authServ){ + this.authServ = authServ; + } + @PostMapping(value = "/login") + public ResponseEntity login(@RequestBody RequestLogin requestLogin){ + + String sessionToken = authServ.login(requestLogin.identifier,requestLogin.password,requestLogin.expirationDate); + if (sessionToken == null){ return new UnauthorizedResponse<>("Identifier or Password incorrect"); } - return ResponseEntity.ok().header("Set-Cookie", String.format("session_token=%s", sessionToken)).build(); + + HttpHeaders responseHeaders = new HttpHeaders(); + responseHeaders.set("Set-Cookie",String.format("session_token=%s",sessionToken)); + return ResponseEntity.ok().headers(responseHeaders).build(); } -} \ No newline at end of file +} + + diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java index 520d9fe..4f4e0ad 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java @@ -24,6 +24,13 @@ public class TokenService { public String generateNewToken(){ byte[] bytes = new byte[64]; new SecureRandom().nextBytes(bytes); + for (int i = 0; i < bytes.length; i++) { + while (bytes[i] == 0){ + byte[] temp = new byte[1]; + new SecureRandom().nextBytes(temp); + bytes[i] = temp[0]; + } + } // will never end up in the catch because of the way that SecureRandom.nextBytes is implemented try { return new String(bytes,"ISO_8859_1");