PGL/Clyde
PGL/Clyde
3
2
Fork 3
Code Issues 13 Pull Requests Actions Projects 3 Releases 2 Wiki Activity

fixed a token encoding issue #70

Merged
tonitch merged 3 commits from Max/backend/loginFix into master 2024-03-09 09:57:54 +01:00
Conversation 1 Commits 3 Files Changed 2 +31 -9
2 changed files with 31 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java
View File

@ -1,4 +1,5 @@
package ovh.herisson.Clyde.EndPoints; package ovh.herisson.Clyde.EndPoints;
import com.fasterxml.jackson.annotation.JsonFormat;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
@ -11,13 +12,26 @@ import java.util.Date;
@CrossOrigin(origins = "http://localhost:5173") @CrossOrigin(origins = "http://localhost:5173")
public class LoginController { public class LoginController {
private final AuthenticatorService authServ; private final AuthenticatorService authServ;
static public class RequestLogin{
private final String identifier;
private final String password;
@JsonFormat(pattern="yyyy-MM-dd'T'HH:mm:ss")
private final Date expirationDate;
public RequestLogin(String identifier, String password, Date expirationDate){
this.identifier = identifier;
this.password = password;
this.expirationDate = expirationDate;
}
}
public LoginController(AuthenticatorService authServ){ public LoginController(AuthenticatorService authServ){
this.authServ = authServ; this.authServ = authServ;
} }
@PostMapping("/login") @PostMapping(value = "/login")
public ResponseEntity<String> login(@RequestParam String identifier, String password, Date expirationDate){ public ResponseEntity<String> login(@RequestBody RequestLogin requestLogin){
String sessionToken = authServ.login(identifier,password,expirationDate); String sessionToken = authServ.login(requestLogin.identifier,requestLogin.password,requestLogin.expirationDate);
if (sessionToken == null){ if (sessionToken == null){
return new UnauthorizedResponse<>("Identifier or Password incorrect"); return new UnauthorizedResponse<>("Identifier or Password incorrect");
} }

14
backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java
View File

@ -1,10 +1,12 @@
package ovh.herisson.Clyde.Services; package ovh.herisson.Clyde.Services;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import ovh.herisson.Clyde.Repositories.TokenRepository; import ovh.herisson.Clyde.Repositories.TokenRepository;
import ovh.herisson.Clyde.Tables.Token; import ovh.herisson.Clyde.Tables.Token;
import ovh.herisson.Clyde.Tables.User; import ovh.herisson.Clyde.Tables.User;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.util.Date; import java.util.Date;
@ -22,9 +24,15 @@ public class TokenService {
public String generateNewToken(){ public String generateNewToken(){
byte[] bytes = new byte[64]; byte[] bytes = new byte[64];
new SecureRandom().nextBytes(bytes); new SecureRandom().nextBytes(bytes);
Maxime marked this conversation as resolved
tonitch commented 2024-03-08 20:53:57 +01:00
Review
Copy Link

je suis un peu curieux de la différence avec Random()

je suis un peu curieux de la différence avec Random()
Maxime commented 2024-03-08 20:58:06 +01:00
Review
Copy Link

random est moins random et plus prévisible donc plus de conflits (on m'a juste conseillé SecureRandom donc sur un site donc voila
)

random est moins random et plus prévisible donc plus de conflits (on m'a juste conseillé SecureRandom donc sur un site donc voila )
String token = new String(bytes, StandardCharsets.US_ASCII); for (int i = 0; i < bytes.length; i++) {
System.out.println(token); bytes[i] = (byte) (((bytes[i]+256)%256 %95+ 32));
Maxime commented 2024-03-09 09:38:32 +01:00
Review
Copy Link

Permet d'avoir des caractères affichable

Permet d'avoir des caractères affichable
return token; }
// will never end up in the catch because of the way that SecureRandom.nextBytes is implemented
try {
return new String(bytes,"ISO_8859_1");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
} }
public User getUserFromToken(String token){ public User getUserFromToken(String token){