diff options
Diffstat (limited to 'juick-server')
-rw-r--r-- | juick-server/src/main/java/com/juick/service/UserServiceImpl.java | 63 | ||||
-rw-r--r-- | juick-server/src/test/java/com/juick/server/tests/ServerTests.java | 30 |
2 files changed, 41 insertions, 52 deletions
diff --git a/juick-server/src/main/java/com/juick/service/UserServiceImpl.java b/juick-server/src/main/java/com/juick/service/UserServiceImpl.java index 2de3dfc6..077fb01d 100644 --- a/juick-server/src/main/java/com/juick/service/UserServiceImpl.java +++ b/juick-server/src/main/java/com/juick/service/UserServiceImpl.java @@ -52,9 +52,8 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { user.setUid(rs.getInt(1)); user.setName(rs.getString(2)); - user.setBanned(rs.getBoolean(3)); - user.setLang(rs.getString(4)); - + user.setCredentials(rs.getString(3)); + user.setBanned(rs.getBoolean(4)); return user; } } @@ -121,7 +120,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { @Override public Optional<User> getUserByUID(final int uid) { List<User> list = getJdbcTemplate().query( - "SELECT id, nick, banned, lang FROM users WHERE id = ?", new UserMapper(), uid); + "SELECT id, nick, passw, banned FROM users WHERE id = ?", new UserMapper(), uid); return list.isEmpty() ? Optional.empty() : Optional.of(list.get(0)); } @@ -131,7 +130,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { public User getUserByName(final String username) { if (StringUtils.isNotBlank(username)) { List<User> list = getJdbcTemplate().query( - "SELECT id, nick, banned, lang FROM users WHERE nick = ?", new UserMapper(), username); + "SELECT id, nick, passw, banned FROM users WHERE nick = ?", new UserMapper(), username); if (!list.isEmpty()) return list.get(0); @@ -141,22 +140,11 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { } @Override - // No need marks with @Transactional annotation - public User getFullyUserByName(final String username) { - if (StringUtils.isNotBlank(username)) { - List<User> list = getFullyUsersByNames(Collections.singletonList(username)); - if (!list.isEmpty()) - return list.get(0); - } - return null; - } - - @Override @Transactional(readOnly = true) public User getUserByEmail(String email) { if (StringUtils.isNotBlank(email)) { List<User> list = getJdbcTemplate().query( - "SELECT id, nick, banned, lang FROM users WHERE id = (SELECT DISTINCT user_id FROM emails WHERE email = ?)", + "SELECT id, nick, passw, banned FROM users WHERE id = (SELECT DISTINCT user_id FROM emails WHERE email = ?)", new UserMapper(), email); @@ -168,34 +156,12 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { @Transactional(readOnly = true) @Override - public List<User> getFullyUsersByNames(final Collection<String> usernames) { - if (CollectionUtils.isEmpty(usernames)) - return Collections.emptyList(); - - return getNamedParameterJdbcTemplate().query( - "SELECT id, nick, passw, lang, banned FROM users WHERE nick in (:names)", - new MapSqlParameterSource("names", usernames), - (rs, rowNum) -> { - User user = new User(); - - user.setUid(rs.getInt(1)); - user.setName(rs.getString(2)); - user.setCredentials(rs.getString(3)); - user.setLang(rs.getString(4)); - user.setBanned(rs.getBoolean(5)); - - return user; - }); - } - - @Transactional(readOnly = true) - @Override public User getUserByJID(final String jid) { User result = null; if (StringUtils.isNotBlank(jid)) { List<User> list = getJdbcTemplate().query( - "SELECT id, nick, banned, lang FROM users WHERE id = (SELECT user_id FROM jids WHERE jid = ?)", + "SELECT id, nick, passw, banned FROM users WHERE id = (SELECT user_id FROM jids WHERE jid = ?)", new UserMapper(), jid); @@ -212,7 +178,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { return Collections.emptyList(); return getNamedParameterJdbcTemplate().query( - "SELECT id, nick, banned, lang FROM users WHERE nick IN (:unames)", + "SELECT id, nick, passw, banned FROM users WHERE nick IN (:unames)", new MapSqlParameterSource("unames", unames), new UserMapper()); } @@ -224,7 +190,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { return Collections.emptyList(); return getNamedParameterJdbcTemplate().query( - "SELECT id, nick, banned, lang FROM users WHERE id IN (:ids)", + "SELECT id, nick, passw, banned FROM users WHERE id IN (:ids)", new MapSqlParameterSource("ids", uids), new UserMapper()); } @@ -279,7 +245,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { public com.juick.User getUserByHash(final String hash) { if (StringUtils.isNotBlank(hash)) { List<User> list = getJdbcTemplate().query( - "SELECT logins.user_id, users.nick, users.banned, users.lang FROM logins " + + "SELECT logins.user_id, users.nick, users.passw, users.banned FROM logins " + "INNER JOIN users ON logins.user_id = users.id WHERE logins.hash = ?", new UserMapper(), hash); @@ -312,15 +278,8 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { public int checkPassword(final String username, final String password) { if (StringUtils.isNotBlank(username)) { List<User> list = getJdbcTemplate().query( - "SELECT id, nick, banned, passw FROM users WHERE nick = ?", - (rs, rowNum) -> { - User user = new User(); - user.setUid(rs.getInt(1)); - user.setName(rs.getString(2)); - user.setBanned(rs.getBoolean(3)); - user.setCredentials(rs.getString(4)); - return user; - }, + "SELECT id, nick, passw, banned FROM users WHERE nick = ?", + new UserMapper(), username); if (!list.isEmpty()) { diff --git a/juick-server/src/test/java/com/juick/server/tests/ServerTests.java b/juick-server/src/test/java/com/juick/server/tests/ServerTests.java index abeb7424..9f573e82 100644 --- a/juick-server/src/test/java/com/juick/server/tests/ServerTests.java +++ b/juick-server/src/test/java/com/juick/server/tests/ServerTests.java @@ -17,6 +17,7 @@ package com.juick.server.tests; +import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.ObjectMapper; import com.jayway.jsonpath.JsonPath; @@ -59,6 +60,7 @@ import org.springframework.web.context.WebApplicationContext; import org.springframework.web.util.UriComponents; import org.springframework.web.util.UriComponentsBuilder; import org.w3c.dom.Document; +import org.w3c.dom.Element; import org.w3c.dom.NamedNodeMap; import org.w3c.dom.Node; import org.xml.sax.SAXException; @@ -82,6 +84,7 @@ import java.io.*; import java.net.Socket; import java.net.URI; import java.net.URISyntaxException; +import java.nio.charset.StandardCharsets; import java.nio.file.*; import java.sql.Timestamp; import java.time.Instant; @@ -1225,4 +1228,31 @@ public class ServerTests { server.addConnectionIn(test); assertThat(getStatus.get().getInbound().size(), is(1)); } + @Test + public void credentialsShouldNeverBeSerialized() throws Exception { + int uid = userService.createUser("yyy", "xxxx"); + User yyy = userService.getUserByUID(uid).get(); + assertThat(yyy.getCredentials(), is("xxxx")); + ObjectMapper jsonMapper = new ObjectMapper(); + jsonMapper.setSerializationInclusion(JsonInclude.Include.NON_DEFAULT); + String jsonUser = jsonMapper.writeValueAsString(yyy); + Map<String, Object> user = JsonPath.read(jsonUser, "$"); + // only uid and name + assertThat(user.keySet().size(), is(2)); + + JAXBContext context = JAXBContext + .newInstance(User.class); + Marshaller m = context.createMarshaller(); + + StringWriter sw = new StringWriter(); + m.marshal(yyy, sw); + + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + DocumentBuilder db = dbf.newDocumentBuilder(); + Document doc = db.parse(new ByteArrayInputStream(sw.toString().getBytes(StandardCharsets.UTF_8))); + Element juickNode = doc.getDocumentElement(); + NamedNodeMap attrs = juickNode.getAttributes(); + // uid, name, xmlns, xmlns:user + assertThat(attrs.getLength(), is(4)); + } } |