ziver/zallery
1
0
Fork 0
Code Pull requests Releases Activity

Fixed login stuff

Browse source
This commit is contained in:
Ziver Koc 2018-08-08 20:32:26 +02:00
parent cbf6ef31f2
commit 87bd924e8d
7 changed files with 39 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/zall/Zallery.java
View file

@ -81,8 +81,8 @@ public class Zallery extends HttpServlet{
}
public static UserMessageManager getUserMessage(HttpSession session) {
if (session.getAttribute(ZalleryConstants.KEY_USER_MSG) == null)
session.setAttribute(ZalleryConstants.KEY_USER_MSG, new UserMessageManager());
return (UserMessageManager) session.getAttribute(ZalleryConstants.KEY_USER_MSG);
if (session.getAttribute(ZalleryConstants.SESSION_KEY_USER_MSG) == null)
session.setAttribute(ZalleryConstants.SESSION_KEY_USER_MSG, new UserMessageManager());
return (UserMessageManager) session.getAttribute(ZalleryConstants.SESSION_KEY_USER_MSG);
}
}

10
src/zall/ZalleryConstants.java
View file

@ -9,7 +9,15 @@ public interface ZalleryConstants {
/** Session Constants **/
public static final String KEY_USER_MSG = "zall_user_message";
public static final String SESSION_KEY_USER_MSG = "zall_user_message";
public static final String SESSION_KEY_USER = "zall_user";
public static final String SESSION_KEY_AUTH_HASH = "zall_user_session_hash";
public static final long SESSION_TIMEOUT = 3*24*60*60*1000; // 2 day
/** Cookie Constants **/
public static final String COOKIE_KEY_USER_HASH = "zall_user_hash";
public static final int COOKIE_TIMEOUT = 10*24*60*60; // 10 days
/** Language Key Constants **/

2
src/zall/ZalleryServlet.java
View file

@ -24,7 +24,7 @@ public abstract class ZalleryServlet extends HttpServlet {
DBConnection db = null;
try {
UserMessageManager msgs = Zallery.getUserMessage(request.getSession());
request.setAttribute(ZalleryConstants.KEY_USER_MSG, msgs);
request.setAttribute(ZalleryConstants.SESSION_KEY_USER_MSG, msgs);
doGet(request, response, db = Zallery.getDB());
msgs.decrementViewCount();
} catch (ServletException e) {

8
src/zall/bean/User.java
View file

@ -5,6 +5,7 @@ import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.List;
import zall.manager.AuthenticationManager;
import zutil.Hasher;
import zutil.db.DBConnection;
import zutil.db.bean.DBBean;
@ -13,6 +14,7 @@ import zutil.db.bean.DBBean.*;
@DBTable("User")
public class User extends DBBean {
public enum AuthType {
USER_INPUT, COOKIE
}
@ -145,13 +147,17 @@ public class User extends DBBean {
public void setPassword(String password) {
String newPasswordSalt = Hasher.SHA1(Math.random()).substring(0, 5);
String newPasswordHash = Hasher.PBKDF2(password, newPasswordSalt, 1000);
String newPasswordHash = AuthenticationManager.generatePasswordHash(password, newPasswordSalt);
// We wait with setting the actual fields if there is an exception
this.passwordSalt = newPasswordSalt;
this.passwordHash = newPasswordHash;
}
public String getPasswordSalt() {
return passwordSalt;
}
public String getCookieHash() {
return cookieHash;
}

8
src/zall/filter/AuthenticationFilter.java
View file

@ -1,5 +1,6 @@
package zall.filter;
import zall.ZalleryServlet;
import zall.bean.User;
import zall.manager.AuthenticationManager;
import zall.page.LoginServlet;
@ -10,6 +11,7 @@ import zutil.log.LogUtil;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.logging.Logger;
@ -31,19 +33,19 @@ public class AuthenticationFilter implements Filter {
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
String requestURI = ((HttpServletRequest) request).getRequestURI();
User user = null;
User user = AuthenticationManager.getUserSession(((HttpServletRequest) request).getSession());
// continue the request via the filter pipeline if it is login page or it is a isValid User
if (AuthenticationManager.isValid(user, (HttpServletRequest) request)) {
logger.finest("User already authenticated, continuing filter chain.");
chain.doFilter(request, response);
} else if (isWhitelisted(requestURI)){
logger.fine("Continuing filtering chain for whitelisted page: " + requestURI);
logger.finer("Continuing filtering chain for whitelisted page: " + requestURI);
chain.doFilter(request, response);
} else {
// do not continue the filter pipeline forward to login page
logger.fine("User not authenticated, redirecting to login page.");
request.getRequestDispatcher(LoginServlet.URI).forward(request, response);
ZalleryServlet.redirect(LoginServlet.URI, (HttpServletRequest) request, (HttpServletResponse) response);
}
}

22
src/zall/manager/AuthenticationManager.java
View file

@ -1,5 +1,6 @@
package zall.manager;
import zall.ZalleryConstants;
import zall.bean.Folder;
import zall.bean.Media;
import zall.bean.User;
@ -13,6 +14,8 @@ import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.logging.Logger;
import static zall.ZalleryConstants.*;
/**
*
@ -20,12 +23,9 @@ import java.util.logging.Logger;
public class AuthenticationManager {
private static final Logger logger = LogUtil.getLogger();
public static final String SESSION_KEY_USER = "zall_user";
public static final String SESSION_KEY_AUTH_HASH = "zall_ueser_session_hash";
public static final long SESSION_TIMEOUT = 3*24*60*60*1000; // 2 day
public static final String COOKIE_KEY_USER_HASH = "zall_auth";
public static final int COOKIE_TIMEOUT = 10*24*60*60; // 10 days
public static String generatePasswordHash(String password, String salt){
return Hasher.PBKDF2(password, salt, 1000);
}
/**
* Authenticate a username and password and return the associated Uaer object
@ -35,14 +35,14 @@ public class AuthenticationManager {
// Valid email?
if( user != null ){
if (user.getPasswordHash().equals(Hasher.MD5(password))) {
if (user.getPasswordHash().equals(generatePasswordHash(password, user.getPasswordSalt()))) {
setUserAuthenticated(db, user, User.AuthType.USER_INPUT, request, response);
return user;
} else {
logger.info("Incorrect password for username: " + email);
logger.fine("Incorrect password for username: " + email);
}
} else {
logger.info("Incorrect username provided: " + email);
logger.fine("Incorrect username provided: " + email);
}
return null;
}
@ -63,10 +63,10 @@ public class AuthenticationManager {
setUserAuthenticated(db, user, User.AuthType.COOKIE, request, response);
return user;
} else {
logger.info("Cookie hash has expired or have incorrect ipHost: " + cookieHash);
logger.fine("Cookie hash has expired or have incorrect ipHost: " + cookieHash);
}
} else {
logger.info("Cookie hash not associated with any user: " + cookieHash);
logger.fine("Cookie hash not associated with any user: " + cookieHash);
}
}
return null;

5
src/zall/page/LoginServlet.java
View file

@ -57,13 +57,12 @@ public class LoginServlet extends ZalleryServlet {
// Successful login
if (user != null) {
logger.fine("Authenticated user(" + user.getEmail() + ") successfully, forwarding to gallery.");
forward(GalleryServlet.URI, request, response);
redirect(GalleryServlet.URI, request, response);
}
// Failed login
else {
msgs.add(new UserMessageManager.UserMessage(MessageLevel.ERROR, lang.getString("incorrect.user_or_pass")));
}
doGet(request, response, db);
}
}
}