PGL/Clyde
PGL/Clyde
3
2
Fork 3
Code Issues 13 Pull Requests Actions Projects 3 Releases 2 Wiki Activity

fixed a token encoding issue #70

Merged
tonitch merged 3 commits from Max/backend/loginFix into master 2024-03-09 09:57:54 +01:00
Conversation 1 Commits 3 Files Changed 2 +18 -19
2 changed files with 18 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit fba30cff9e - Show all commits

20
backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java
View File

@ -1,31 +1,25 @@
package ovh.herisson.Clyde.EndPoints; package ovh.herisson.Clyde.EndPoints;
import org.springframework.http.HttpHeaders;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import ovh.herisson.Clyde.Responses.UnauthorizedResponse; import ovh.herisson.Clyde.Responses.UnauthorizedResponse;
import ovh.herisson.Clyde.Services.AuthenticatorService; import ovh.herisson.Clyde.Services.AuthenticatorService;
import java.util.Date; import java.util.Date;
@RestController @RestController
@CrossOrigin(origins = "http://localhost:5173") @CrossOrigin(origins = "http://localhost:5173")
public class LoginController { public class LoginController {
private final AuthenticatorService authServ; private final AuthenticatorService authServ;
public LoginController(AuthenticatorService authServ){
public LoginController(AuthenticatorService authServ) {
this.authServ = authServ; this.authServ = authServ;
} }
@PostMapping("/login")
public ResponseEntity<String> login(@RequestParam String identifier, String password, Date expirationDate){
String sessionToken = authServ.login(identifier,password,expirationDate); @PostMapping("/login")
if (sessionToken == null){ public ResponseEntity<String> login(@RequestParam String identifier, String password, Date expirationDate) {
String sessionToken = authServ.login(identifier, password, expirationDate);
if (sessionToken == null) {
return new UnauthorizedResponse<>("Identifier or Password incorrect"); return new UnauthorizedResponse<>("Identifier or Password incorrect");
} }
return ResponseEntity.ok().header("Set-Cookie", String.format("session_token=%s", sessionToken)).build();
Maxime marked this conversation as resolved Outdated
tonitch commented 2024-03-08 20:51:17 +01:00
Outdated
Review
Copy Link

resembler pour mieux brainfuck ^^

resembler pour mieux brainfuck ^^
Maxime commented 2024-03-08 20:56:59 +01:00
Outdated
Review
Copy Link

osef

osef
HttpHeaders responseHeaders = new HttpHeaders();
responseHeaders.set("Set-Cookie",String.format("session_token=%s",sessionToken));
return ResponseEntity.ok().headers(responseHeaders).build();
} }
} }

11
backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java
View File

@ -1,10 +1,12 @@
package ovh.herisson.Clyde.Services; package ovh.herisson.Clyde.Services;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import ovh.herisson.Clyde.Repositories.TokenRepository; import ovh.herisson.Clyde.Repositories.TokenRepository;
import ovh.herisson.Clyde.Tables.Token; import ovh.herisson.Clyde.Tables.Token;
import ovh.herisson.Clyde.Tables.User; import ovh.herisson.Clyde.Tables.User;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.util.Date; import java.util.Date;
@ -22,9 +24,12 @@ public class TokenService {
public String generateNewToken(){ public String generateNewToken(){
byte[] bytes = new byte[64]; byte[] bytes = new byte[64];
new SecureRandom().nextBytes(bytes); new SecureRandom().nextBytes(bytes);
Maxime marked this conversation as resolved
tonitch commented 2024-03-08 20:53:57 +01:00
Review
Copy Link

je suis un peu curieux de la différence avec Random()

je suis un peu curieux de la différence avec Random()
Maxime commented 2024-03-08 20:58:06 +01:00
Review
Copy Link

random est moins random et plus prévisible donc plus de conflits (on m'a juste conseillé SecureRandom donc sur un site donc voila
)

random est moins random et plus prévisible donc plus de conflits (on m'a juste conseillé SecureRandom donc sur un site donc voila )
String token = new String(bytes, StandardCharsets.US_ASCII); // will never end up in the catch because of the way that SecureRandom.nextBytes is implemented
System.out.println(token); try {
tonitch commented 2024-03-08 21:14:51 +01:00
Outdated
Review
Copy Link

tu peux aussi ( x / 4 (division entière) + 64) et ainsi tu est dans une range affichable (lazy)

tu peux aussi ( x / 4 (division entière) + 64) et ainsi tu est dans une range affichable (lazy)
Maxime commented 2024-03-08 23:51:38 +01:00
Outdated
Review
Copy Link

smart je vais try

smart je vais try
Maxime commented 2024-03-09 09:38:32 +01:00
Review
Copy Link

Permet d'avoir des caractères affichable

Permet d'avoir des caractères affichable
return token; return new String(bytes,"ISO_8859_1");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
} }
tonitch marked this conversation as resolved Outdated
tonitch commented 2024-03-08 21:00:56 +01:00
Outdated
Review
Copy Link

tu viens pas de dupliquer le new SecureRandom().nextBytes(bytes); ?

tu viens pas de dupliquer le `new SecureRandom().nextBytes(bytes);` ?
tonitch commented 2024-03-08 21:02:23 +01:00
Outdated
Review
Copy Link

https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/security/SecureRandom.html

https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/security/SecureRandom.html
public User getUserFromToken(String token){ public User getUserFromToken(String token){