diff options
9 files changed, 45 insertions, 80 deletions
diff --git a/juick-common/src/main/java/com/juick/User.java b/juick-common/src/main/java/com/juick/User.java index b81739a2..7aa92469 100644 --- a/juick-common/src/main/java/com/juick/User.java +++ b/juick-common/src/main/java/com/juick/User.java @@ -44,7 +44,6 @@ public class User { private String authHash; private boolean banned; private String credentials; - private String lang; private List<ExternalToken> tokens; private List<User> read; private List<User> readers; @@ -72,7 +71,6 @@ public class User { .append("name", name) .append("fullName", fullName) .append("messagesCount", messagesCount) - .append("lang", lang) .append("banned", banned) .toString(); } @@ -154,14 +152,6 @@ public class User { this.credentials = credentials; } - public String getLang() { - return lang; - } - - public void setLang(String lang) { - this.lang = lang; - } - @XmlTransient public int getMessagesCount() { return messagesCount; diff --git a/juick-common/src/main/java/com/juick/server/helpers/AnonymousUser.java b/juick-common/src/main/java/com/juick/server/helpers/AnonymousUser.java index 122bbe29..9a201552 100644 --- a/juick-common/src/main/java/com/juick/server/helpers/AnonymousUser.java +++ b/juick-common/src/main/java/com/juick/server/helpers/AnonymousUser.java @@ -34,7 +34,6 @@ public final class AnonymousUser extends User { super.setAuthHash(getAuthHash()); super.setBanned(isBanned()); super.setCredentials(getCredentials()); - super.setLang(getLang()); } @Override @@ -83,11 +82,6 @@ public final class AnonymousUser extends User { } @Override - public String getLang() { - return "__"; - } - - @Override public int getMessagesCount() { return 0; } @@ -130,10 +124,6 @@ public final class AnonymousUser extends User { } @Override - public void setLang(String lang) { - } - - @Override public void setMessagesCount(int messagesCount) { } } diff --git a/juick-common/src/main/java/com/juick/service/UserService.java b/juick-common/src/main/java/com/juick/service/UserService.java index 08a7a6ed..ef49a8ab 100644 --- a/juick-common/src/main/java/com/juick/service/UserService.java +++ b/juick-common/src/main/java/com/juick/service/UserService.java @@ -46,12 +46,8 @@ public interface UserService { User getUserByName(String username); - User getFullyUserByName(String username); - User getUserByEmail(String email); - List<User> getFullyUsersByNames(Collection<String> usernames); - User getUserByJID(String jid); List<User> getUsersByName(Collection<String> unames); diff --git a/juick-common/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java b/juick-common/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java index b56b98c8..9215d09a 100644 --- a/juick-common/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java +++ b/juick-common/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java @@ -69,7 +69,7 @@ public class HashParamAuthenticationFilter extends OncePerRequestFilter { User user = userService.getUserByHash(hash); if (!user.isAnonymous()) { - User userWithPassword = userService.getFullyUserByName(user.getName()); + User userWithPassword = userService.getUserByName(user.getName()); userWithPassword.setAuthHash(userService.getHashByUID(userWithPassword.getUid())); Authentication authentication = new RememberMeAuthenticationToken( ((AbstractRememberMeServices)rememberMeServices).getKey(), new JuickUser(userWithPassword), JuickUser.USER_AUTHORITY); diff --git a/juick-common/src/main/java/com/juick/service/security/JuickUserDetailsService.java b/juick-common/src/main/java/com/juick/service/security/JuickUserDetailsService.java index f6ae8909..adb0ab44 100644 --- a/juick-common/src/main/java/com/juick/service/security/JuickUserDetailsService.java +++ b/juick-common/src/main/java/com/juick/service/security/JuickUserDetailsService.java @@ -41,7 +41,7 @@ public class JuickUserDetailsService implements UserDetailsService { if (StringUtils.isBlank(username)) throw new UsernameNotFoundException("Invalid user name " + username); - com.juick.User user = userService.getFullyUserByName(username); + com.juick.User user = userService.getUserByName(username); if (user != null) { user.setAuthHash(userService.getHashByUID(user.getUid())); diff --git a/juick-common/src/main/java/com/juick/service/security/deprecated/CookieSimpleHashRememberMeServices.java b/juick-common/src/main/java/com/juick/service/security/deprecated/CookieSimpleHashRememberMeServices.java index bda5e902..e385d7dd 100644 --- a/juick-common/src/main/java/com/juick/service/security/deprecated/CookieSimpleHashRememberMeServices.java +++ b/juick-common/src/main/java/com/juick/service/security/deprecated/CookieSimpleHashRememberMeServices.java @@ -115,7 +115,7 @@ public class CookieSimpleHashRememberMeServices extends AbstractRememberMeServic Assert.isTrue(userOptional.isPresent()); - return new JuickUser(userService.getFullyUserByName(userOptional.get().getName())); + return new JuickUser(userService.getUserByName(userOptional.get().getName())); } @Override diff --git a/juick-common/src/main/java/com/juick/service/security/deprecated/RequestParamHashRememberMeServices.java b/juick-common/src/main/java/com/juick/service/security/deprecated/RequestParamHashRememberMeServices.java index 71159e17..3631e5a4 100644 --- a/juick-common/src/main/java/com/juick/service/security/deprecated/RequestParamHashRememberMeServices.java +++ b/juick-common/src/main/java/com/juick/service/security/deprecated/RequestParamHashRememberMeServices.java @@ -81,7 +81,7 @@ public class RequestParamHashRememberMeServices extends AbstractRememberMeServic if (StringUtils.isNotBlank(hash)) { User user = userService.getUserByHash(hash); if (!user.isAnonymous()) - return new JuickUser(userService.getFullyUserByName(user.getName())); + return new JuickUser(userService.getUserByName(user.getName())); } throw new UsernameNotFoundException("User not found by hash " + hash); } diff --git a/juick-server/src/main/java/com/juick/service/UserServiceImpl.java b/juick-server/src/main/java/com/juick/service/UserServiceImpl.java index 2de3dfc6..077fb01d 100644 --- a/juick-server/src/main/java/com/juick/service/UserServiceImpl.java +++ b/juick-server/src/main/java/com/juick/service/UserServiceImpl.java @@ -52,9 +52,8 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { user.setUid(rs.getInt(1)); user.setName(rs.getString(2)); - user.setBanned(rs.getBoolean(3)); - user.setLang(rs.getString(4)); - + user.setCredentials(rs.getString(3)); + user.setBanned(rs.getBoolean(4)); return user; } } @@ -121,7 +120,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { @Override public Optional<User> getUserByUID(final int uid) { List<User> list = getJdbcTemplate().query( - "SELECT id, nick, banned, lang FROM users WHERE id = ?", new UserMapper(), uid); + "SELECT id, nick, passw, banned FROM users WHERE id = ?", new UserMapper(), uid); return list.isEmpty() ? Optional.empty() : Optional.of(list.get(0)); } @@ -131,7 +130,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { public User getUserByName(final String username) { if (StringUtils.isNotBlank(username)) { List<User> list = getJdbcTemplate().query( - "SELECT id, nick, banned, lang FROM users WHERE nick = ?", new UserMapper(), username); + "SELECT id, nick, passw, banned FROM users WHERE nick = ?", new UserMapper(), username); if (!list.isEmpty()) return list.get(0); @@ -141,22 +140,11 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { } @Override - // No need marks with @Transactional annotation - public User getFullyUserByName(final String username) { - if (StringUtils.isNotBlank(username)) { - List<User> list = getFullyUsersByNames(Collections.singletonList(username)); - if (!list.isEmpty()) - return list.get(0); - } - return null; - } - - @Override @Transactional(readOnly = true) public User getUserByEmail(String email) { if (StringUtils.isNotBlank(email)) { List<User> list = getJdbcTemplate().query( - "SELECT id, nick, banned, lang FROM users WHERE id = (SELECT DISTINCT user_id FROM emails WHERE email = ?)", + "SELECT id, nick, passw, banned FROM users WHERE id = (SELECT DISTINCT user_id FROM emails WHERE email = ?)", new UserMapper(), email); @@ -168,34 +156,12 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { @Transactional(readOnly = true) @Override - public List<User> getFullyUsersByNames(final Collection<String> usernames) { - if (CollectionUtils.isEmpty(usernames)) - return Collections.emptyList(); - - return getNamedParameterJdbcTemplate().query( - "SELECT id, nick, passw, lang, banned FROM users WHERE nick in (:names)", - new MapSqlParameterSource("names", usernames), - (rs, rowNum) -> { - User user = new User(); - - user.setUid(rs.getInt(1)); - user.setName(rs.getString(2)); - user.setCredentials(rs.getString(3)); - user.setLang(rs.getString(4)); - user.setBanned(rs.getBoolean(5)); - - return user; - }); - } - - @Transactional(readOnly = true) - @Override public User getUserByJID(final String jid) { User result = null; if (StringUtils.isNotBlank(jid)) { List<User> list = getJdbcTemplate().query( - "SELECT id, nick, banned, lang FROM users WHERE id = (SELECT user_id FROM jids WHERE jid = ?)", + "SELECT id, nick, passw, banned FROM users WHERE id = (SELECT user_id FROM jids WHERE jid = ?)", new UserMapper(), jid); @@ -212,7 +178,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { return Collections.emptyList(); return getNamedParameterJdbcTemplate().query( - "SELECT id, nick, banned, lang FROM users WHERE nick IN (:unames)", + "SELECT id, nick, passw, banned FROM users WHERE nick IN (:unames)", new MapSqlParameterSource("unames", unames), new UserMapper()); } @@ -224,7 +190,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { return Collections.emptyList(); return getNamedParameterJdbcTemplate().query( - "SELECT id, nick, banned, lang FROM users WHERE id IN (:ids)", + "SELECT id, nick, passw, banned FROM users WHERE id IN (:ids)", new MapSqlParameterSource("ids", uids), new UserMapper()); } @@ -279,7 +245,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { public com.juick.User getUserByHash(final String hash) { if (StringUtils.isNotBlank(hash)) { List<User> list = getJdbcTemplate().query( - "SELECT logins.user_id, users.nick, users.banned, users.lang FROM logins " + + "SELECT logins.user_id, users.nick, users.passw, users.banned FROM logins " + "INNER JOIN users ON logins.user_id = users.id WHERE logins.hash = ?", new UserMapper(), hash); @@ -312,15 +278,8 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { public int checkPassword(final String username, final String password) { if (StringUtils.isNotBlank(username)) { List<User> list = getJdbcTemplate().query( - "SELECT id, nick, banned, passw FROM users WHERE nick = ?", - (rs, rowNum) -> { - User user = new User(); - user.setUid(rs.getInt(1)); - user.setName(rs.getString(2)); - user.setBanned(rs.getBoolean(3)); - user.setCredentials(rs.getString(4)); - return user; - }, + "SELECT id, nick, passw, banned FROM users WHERE nick = ?", + new UserMapper(), username); if (!list.isEmpty()) { diff --git a/juick-server/src/test/java/com/juick/server/tests/ServerTests.java b/juick-server/src/test/java/com/juick/server/tests/ServerTests.java index abeb7424..9f573e82 100644 --- a/juick-server/src/test/java/com/juick/server/tests/ServerTests.java +++ b/juick-server/src/test/java/com/juick/server/tests/ServerTests.java @@ -17,6 +17,7 @@ package com.juick.server.tests; +import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.ObjectMapper; import com.jayway.jsonpath.JsonPath; @@ -59,6 +60,7 @@ import org.springframework.web.context.WebApplicationContext; import org.springframework.web.util.UriComponents; import org.springframework.web.util.UriComponentsBuilder; import org.w3c.dom.Document; +import org.w3c.dom.Element; import org.w3c.dom.NamedNodeMap; import org.w3c.dom.Node; import org.xml.sax.SAXException; @@ -82,6 +84,7 @@ import java.io.*; import java.net.Socket; import java.net.URI; import java.net.URISyntaxException; +import java.nio.charset.StandardCharsets; import java.nio.file.*; import java.sql.Timestamp; import java.time.Instant; @@ -1225,4 +1228,31 @@ public class ServerTests { server.addConnectionIn(test); assertThat(getStatus.get().getInbound().size(), is(1)); } + @Test + public void credentialsShouldNeverBeSerialized() throws Exception { + int uid = userService.createUser("yyy", "xxxx"); + User yyy = userService.getUserByUID(uid).get(); + assertThat(yyy.getCredentials(), is("xxxx")); + ObjectMapper jsonMapper = new ObjectMapper(); + jsonMapper.setSerializationInclusion(JsonInclude.Include.NON_DEFAULT); + String jsonUser = jsonMapper.writeValueAsString(yyy); + Map<String, Object> user = JsonPath.read(jsonUser, "$"); + // only uid and name + assertThat(user.keySet().size(), is(2)); + + JAXBContext context = JAXBContext + .newInstance(User.class); + Marshaller m = context.createMarshaller(); + + StringWriter sw = new StringWriter(); + m.marshal(yyy, sw); + + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + DocumentBuilder db = dbf.newDocumentBuilder(); + Document doc = db.parse(new ByteArrayInputStream(sw.toString().getBytes(StandardCharsets.UTF_8))); + Element juickNode = doc.getDocumentElement(); + NamedNodeMap attrs = juickNode.getAttributes(); + // uid, name, xmlns, xmlns:user + assertThat(attrs.getLength(), is(4)); + } } |