From fba30cff9e829e31432a54514485cbace1c44692 Mon Sep 17 00:00:00 2001 From: Bartha Maxime <231026@umons.ac.be> Date: Fri, 8 Mar 2024 19:08:10 +0100 Subject: [PATCH 1/3] fixed a token encoding issue --- .../Clyde/EndPoints/LoginController.java | 26 +++++++------------ .../herisson/Clyde/Services/TokenService.java | 11 +++++--- 2 files changed, 18 insertions(+), 19 deletions(-) diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java index d47885f..be8d1df 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java @@ -1,31 +1,25 @@ package ovh.herisson.Clyde.EndPoints; -import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import ovh.herisson.Clyde.Responses.UnauthorizedResponse; import ovh.herisson.Clyde.Services.AuthenticatorService; - import java.util.Date; @RestController @CrossOrigin(origins = "http://localhost:5173") public class LoginController { private final AuthenticatorService authServ; - public LoginController(AuthenticatorService authServ){ - this.authServ = authServ; - } - @PostMapping("/login") - public ResponseEntity login(@RequestParam String identifier, String password, Date expirationDate){ - String sessionToken = authServ.login(identifier,password,expirationDate); - if (sessionToken == null){ + public LoginController(AuthenticatorService authServ) { + this.authServ = authServ; + } + + @PostMapping("/login") + public ResponseEntity login(@RequestParam String identifier, String password, Date expirationDate) { + String sessionToken = authServ.login(identifier, password, expirationDate); + if (sessionToken == null) { return new UnauthorizedResponse<>("Identifier or Password incorrect"); } - - HttpHeaders responseHeaders = new HttpHeaders(); - responseHeaders.set("Set-Cookie",String.format("session_token=%s",sessionToken)); - return ResponseEntity.ok().headers(responseHeaders).build(); + return ResponseEntity.ok().header("Set-Cookie", String.format("session_token=%s", sessionToken)).build(); } -} - - +} \ No newline at end of file diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java index e619fd8..520d9fe 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java @@ -1,10 +1,12 @@ package ovh.herisson.Clyde.Services; + import org.springframework.stereotype.Service; import ovh.herisson.Clyde.Repositories.TokenRepository; import ovh.herisson.Clyde.Tables.Token; import ovh.herisson.Clyde.Tables.User; +import java.io.UnsupportedEncodingException; import java.nio.charset.StandardCharsets; import java.security.SecureRandom; import java.util.Date; @@ -22,9 +24,12 @@ public class TokenService { public String generateNewToken(){ byte[] bytes = new byte[64]; new SecureRandom().nextBytes(bytes); - String token = new String(bytes, StandardCharsets.US_ASCII); - System.out.println(token); - return token; + // will never end up in the catch because of the way that SecureRandom.nextBytes is implemented + try { + return new String(bytes,"ISO_8859_1"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } } public User getUserFromToken(String token){ From 82a3b152f2f02997a7a174eaa953fa9f610e544c Mon Sep 17 00:00:00 2001 From: Bartha Maxime <231026@umons.ac.be> Date: Fri, 8 Mar 2024 20:54:23 +0100 Subject: [PATCH 2/3] put the params in the body and fixed token issue --- .../Clyde/EndPoints/LoginController.java | 36 ++++++++++++++----- .../herisson/Clyde/Services/TokenService.java | 7 ++++ 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java index be8d1df..8a0722d 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java @@ -1,8 +1,11 @@ package ovh.herisson.Clyde.EndPoints; +import com.fasterxml.jackson.annotation.JsonFormat; +import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import ovh.herisson.Clyde.Responses.UnauthorizedResponse; import ovh.herisson.Clyde.Services.AuthenticatorService; + import java.util.Date; @RestController @@ -10,16 +13,33 @@ import java.util.Date; public class LoginController { private final AuthenticatorService authServ; - public LoginController(AuthenticatorService authServ) { - this.authServ = authServ; + static public class RequestLogin{ + private final String identifier; + private final String password; + @JsonFormat(pattern="yyyy-MM-dd'T'HH:mm:ss") + private final Date expirationDate; + public RequestLogin(String identifier, String password, Date expirationDate){ + this.identifier = identifier; + this.password = password; + this.expirationDate = expirationDate; + } } - @PostMapping("/login") - public ResponseEntity login(@RequestParam String identifier, String password, Date expirationDate) { - String sessionToken = authServ.login(identifier, password, expirationDate); - if (sessionToken == null) { + public LoginController(AuthenticatorService authServ){ + this.authServ = authServ; + } + @PostMapping(value = "/login") + public ResponseEntity login(@RequestBody RequestLogin requestLogin){ + + String sessionToken = authServ.login(requestLogin.identifier,requestLogin.password,requestLogin.expirationDate); + if (sessionToken == null){ return new UnauthorizedResponse<>("Identifier or Password incorrect"); } - return ResponseEntity.ok().header("Set-Cookie", String.format("session_token=%s", sessionToken)).build(); + + HttpHeaders responseHeaders = new HttpHeaders(); + responseHeaders.set("Set-Cookie",String.format("session_token=%s",sessionToken)); + return ResponseEntity.ok().headers(responseHeaders).build(); } -} \ No newline at end of file +} + + diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java index 520d9fe..4f4e0ad 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java @@ -24,6 +24,13 @@ public class TokenService { public String generateNewToken(){ byte[] bytes = new byte[64]; new SecureRandom().nextBytes(bytes); + for (int i = 0; i < bytes.length; i++) { + while (bytes[i] == 0){ + byte[] temp = new byte[1]; + new SecureRandom().nextBytes(temp); + bytes[i] = temp[0]; + } + } // will never end up in the catch because of the way that SecureRandom.nextBytes is implemented try { return new String(bytes,"ISO_8859_1"); From 521c98fdc234298f25b7224c72637efd8ccd609c Mon Sep 17 00:00:00 2001 From: Bartha Maxime <231026@umons.ac.be> Date: Sat, 9 Mar 2024 00:46:40 +0100 Subject: [PATCH 3/3] token is now an writable char thanks to the modulos ! --- .../main/java/ovh/herisson/Clyde/Services/TokenService.java | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java index 4f4e0ad..a82951d 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java @@ -25,11 +25,7 @@ public class TokenService { byte[] bytes = new byte[64]; new SecureRandom().nextBytes(bytes); for (int i = 0; i < bytes.length; i++) { - while (bytes[i] == 0){ - byte[] temp = new byte[1]; - new SecureRandom().nextBytes(temp); - bytes[i] = temp[0]; - } + bytes[i] = (byte) (((bytes[i]+256)%256 %95+ 32)); } // will never end up in the catch because of the way that SecureRandom.nextBytes is implemented try {