From 87bd924e8d39e64df3f97009b62618ae613be36f Mon Sep 17 00:00:00 2001 From: Ziver Koc Date: Wed, 8 Aug 2018 20:32:26 +0200 Subject: [PATCH] Fixed login stuff --- src/zall/Zallery.java | 6 +++--- src/zall/ZalleryConstants.java | 12 +++++++++-- src/zall/ZalleryServlet.java | 2 +- src/zall/bean/User.java | 8 +++++++- src/zall/filter/AuthenticationFilter.java | 8 +++++--- src/zall/manager/AuthenticationManager.java | 22 ++++++++++----------- src/zall/page/LoginServlet.java | 5 ++--- 7 files changed, 39 insertions(+), 24 deletions(-) diff --git a/src/zall/Zallery.java b/src/zall/Zallery.java index faf7356..505d980 100755 --- a/src/zall/Zallery.java +++ b/src/zall/Zallery.java @@ -81,8 +81,8 @@ public class Zallery extends HttpServlet{ } public static UserMessageManager getUserMessage(HttpSession session) { - if (session.getAttribute(ZalleryConstants.KEY_USER_MSG) == null) - session.setAttribute(ZalleryConstants.KEY_USER_MSG, new UserMessageManager()); - return (UserMessageManager) session.getAttribute(ZalleryConstants.KEY_USER_MSG); + if (session.getAttribute(ZalleryConstants.SESSION_KEY_USER_MSG) == null) + session.setAttribute(ZalleryConstants.SESSION_KEY_USER_MSG, new UserMessageManager()); + return (UserMessageManager) session.getAttribute(ZalleryConstants.SESSION_KEY_USER_MSG); } } diff --git a/src/zall/ZalleryConstants.java b/src/zall/ZalleryConstants.java index 9fb0cfb..858bc7f 100644 --- a/src/zall/ZalleryConstants.java +++ b/src/zall/ZalleryConstants.java @@ -9,11 +9,19 @@ public interface ZalleryConstants { /** Session Constants **/ - public static final String KEY_USER_MSG = "zall_user_message"; + public static final String SESSION_KEY_USER_MSG = "zall_user_message"; + public static final String SESSION_KEY_USER = "zall_user"; + public static final String SESSION_KEY_AUTH_HASH = "zall_user_session_hash"; + public static final long SESSION_TIMEOUT = 3*24*60*60*1000; // 2 day + + /** Cookie Constants **/ + + public static final String COOKIE_KEY_USER_HASH = "zall_user_hash"; + public static final int COOKIE_TIMEOUT = 10*24*60*60; // 10 days /** Language Key Constants **/ String LANG_BASENAME = "zall.lang.zallery_lang"; - Locale LANG_DEFAULT = Locale.ENGLISH; + Locale LANG_DEFAULT = Locale.ENGLISH; } diff --git a/src/zall/ZalleryServlet.java b/src/zall/ZalleryServlet.java index a5df712..1a792c3 100644 --- a/src/zall/ZalleryServlet.java +++ b/src/zall/ZalleryServlet.java @@ -24,7 +24,7 @@ public abstract class ZalleryServlet extends HttpServlet { DBConnection db = null; try { UserMessageManager msgs = Zallery.getUserMessage(request.getSession()); - request.setAttribute(ZalleryConstants.KEY_USER_MSG, msgs); + request.setAttribute(ZalleryConstants.SESSION_KEY_USER_MSG, msgs); doGet(request, response, db = Zallery.getDB()); msgs.decrementViewCount(); } catch (ServletException e) { diff --git a/src/zall/bean/User.java b/src/zall/bean/User.java index ce0172b..d709c5c 100755 --- a/src/zall/bean/User.java +++ b/src/zall/bean/User.java @@ -5,6 +5,7 @@ import java.sql.SQLException; import java.sql.Timestamp; import java.util.List; +import zall.manager.AuthenticationManager; import zutil.Hasher; import zutil.db.DBConnection; import zutil.db.bean.DBBean; @@ -13,6 +14,7 @@ import zutil.db.bean.DBBean.*; @DBTable("User") public class User extends DBBean { + public enum AuthType { USER_INPUT, COOKIE } @@ -145,13 +147,17 @@ public class User extends DBBean { public void setPassword(String password) { String newPasswordSalt = Hasher.SHA1(Math.random()).substring(0, 5); - String newPasswordHash = Hasher.PBKDF2(password, newPasswordSalt, 1000); + String newPasswordHash = AuthenticationManager.generatePasswordHash(password, newPasswordSalt); // We wait with setting the actual fields if there is an exception this.passwordSalt = newPasswordSalt; this.passwordHash = newPasswordHash; } + public String getPasswordSalt() { + return passwordSalt; + } + public String getCookieHash() { return cookieHash; } diff --git a/src/zall/filter/AuthenticationFilter.java b/src/zall/filter/AuthenticationFilter.java index 4b43425..300aa3f 100755 --- a/src/zall/filter/AuthenticationFilter.java +++ b/src/zall/filter/AuthenticationFilter.java @@ -1,5 +1,6 @@ package zall.filter; +import zall.ZalleryServlet; import zall.bean.User; import zall.manager.AuthenticationManager; import zall.page.LoginServlet; @@ -10,6 +11,7 @@ import zutil.log.LogUtil; import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.logging.Logger; @@ -31,19 +33,19 @@ public class AuthenticationFilter implements Filter { @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { String requestURI = ((HttpServletRequest) request).getRequestURI(); - User user = null; + User user = AuthenticationManager.getUserSession(((HttpServletRequest) request).getSession()); // continue the request via the filter pipeline if it is login page or it is a isValid User if (AuthenticationManager.isValid(user, (HttpServletRequest) request)) { logger.finest("User already authenticated, continuing filter chain."); chain.doFilter(request, response); } else if (isWhitelisted(requestURI)){ - logger.fine("Continuing filtering chain for whitelisted page: " + requestURI); + logger.finer("Continuing filtering chain for whitelisted page: " + requestURI); chain.doFilter(request, response); } else { // do not continue the filter pipeline forward to login page logger.fine("User not authenticated, redirecting to login page."); - request.getRequestDispatcher(LoginServlet.URI).forward(request, response); + ZalleryServlet.redirect(LoginServlet.URI, (HttpServletRequest) request, (HttpServletResponse) response); } } diff --git a/src/zall/manager/AuthenticationManager.java b/src/zall/manager/AuthenticationManager.java index 1343b18..3ad8028 100755 --- a/src/zall/manager/AuthenticationManager.java +++ b/src/zall/manager/AuthenticationManager.java @@ -1,5 +1,6 @@ package zall.manager; +import zall.ZalleryConstants; import zall.bean.Folder; import zall.bean.Media; import zall.bean.User; @@ -13,6 +14,8 @@ import java.sql.SQLException; import java.sql.Timestamp; import java.util.logging.Logger; +import static zall.ZalleryConstants.*; + /** * @@ -20,12 +23,9 @@ import java.util.logging.Logger; public class AuthenticationManager { private static final Logger logger = LogUtil.getLogger(); - public static final String SESSION_KEY_USER = "zall_user"; - public static final String SESSION_KEY_AUTH_HASH = "zall_ueser_session_hash"; - public static final long SESSION_TIMEOUT = 3*24*60*60*1000; // 2 day - - public static final String COOKIE_KEY_USER_HASH = "zall_auth"; - public static final int COOKIE_TIMEOUT = 10*24*60*60; // 10 days + public static String generatePasswordHash(String password, String salt){ + return Hasher.PBKDF2(password, salt, 1000); + } /** * Authenticate a username and password and return the associated Uaer object @@ -35,14 +35,14 @@ public class AuthenticationManager { // Valid email? if( user != null ){ - if (user.getPasswordHash().equals(Hasher.MD5(password))) { + if (user.getPasswordHash().equals(generatePasswordHash(password, user.getPasswordSalt()))) { setUserAuthenticated(db, user, User.AuthType.USER_INPUT, request, response); return user; } else { - logger.info("Incorrect password for username: " + email); + logger.fine("Incorrect password for username: " + email); } } else { - logger.info("Incorrect username provided: " + email); + logger.fine("Incorrect username provided: " + email); } return null; } @@ -63,10 +63,10 @@ public class AuthenticationManager { setUserAuthenticated(db, user, User.AuthType.COOKIE, request, response); return user; } else { - logger.info("Cookie hash has expired or have incorrect ipHost: " + cookieHash); + logger.fine("Cookie hash has expired or have incorrect ipHost: " + cookieHash); } } else { - logger.info("Cookie hash not associated with any user: " + cookieHash); + logger.fine("Cookie hash not associated with any user: " + cookieHash); } } return null; diff --git a/src/zall/page/LoginServlet.java b/src/zall/page/LoginServlet.java index c784378..2d4779c 100755 --- a/src/zall/page/LoginServlet.java +++ b/src/zall/page/LoginServlet.java @@ -57,13 +57,12 @@ public class LoginServlet extends ZalleryServlet { // Successful login if (user != null) { logger.fine("Authenticated user(" + user.getEmail() + ") successfully, forwarding to gallery."); - forward(GalleryServlet.URI, request, response); + redirect(GalleryServlet.URI, request, response); } // Failed login else { msgs.add(new UserMessageManager.UserMessage(MessageLevel.ERROR, lang.getString("incorrect.user_or_pass"))); + doGet(request, response, db); } - - doGet(request, response, db); } }