Examples with AuthenticationChecker com.xebia.vulnmanager.auth.AuthenticationChecker used on opensource projects

Example 1 with AuthenticationChecker

use of com.xebia.vulnmanager.auth.AuthenticationChecker in project vulnmanager by xebia-research.

the class UploadFileController method uploadFile.

/**
 * Upload a report to the server.
 *
 * @param uploadFile The file that will be uploaded
 * @return A response with correct http header
 */
@RequestMapping(value = "/{company}/{team}/{scannerType}/upload", method = RequestMethod.POST)
@ResponseBody
ResponseEntity<?> uploadFile(@RequestParam("file") MultipartFile uploadFile, @RequestHeader(value = "auth", defaultValue = "nope") String authKey, @PathVariable("company") String companyName, @PathVariable("team") String teamName, @PathVariable("scannerType") String scannerType) {
    AuthenticationChecker authenticationChecker = new AuthenticationChecker();
    if (!authenticationChecker.checkTeamAndCompany(companyName, authKey, teamName)) {
        return new ResponseEntity(new ErrorMsg("Auth not correct!"), HttpStatus.BAD_REQUEST);
    }
    // Check if the parser type endpoint exists.
    if (!isValidScannerType(scannerType)) {
        return new ResponseEntity(new ErrorMsg("Unknown parser type"), HttpStatus.BAD_REQUEST);
    }
    // Shouldn't return null because the authenticationChecker als checks for null.
    MockCompanyFactory factory = new MockCompanyFactory();
    Company comp = factory.findCompanyByName(companyName);
    Team team = factory.findTeamByName(teamName, comp);
    logger.info("Single file upload started!");
    String newFileName = "";
    if (uploadFile.isEmpty()) {
        return new ResponseEntity(new ErrorMsg("Uploaded file should't be empty"), HttpStatus.BAD_REQUEST);
    }
    try {
        // IOUtil will try to save the file. Returns true on succes
        String filePath = IOUtil.saveUploadedFiles(uploadFile);
        // Success with upload. Check file to see of it is a {scannerType} document
        logger.info("File succesfully uploaded");
        boolean wrongEndpoint = false;
        // Success check uploaded file
        ReportType reportType = ReportUtil.checkDocumentType(ReportUtil.getDocumentFromFile(new File(filePath)));
        if (reportType != ReportType.UNKNOWN) {
            if (reportType.toString().equalsIgnoreCase(scannerType)) {
                newFileName = IOUtil.moveFileToFolder(new File(filePath), comp, team, reportType);
            } else {
                // File is known but wrong endpoint
                wrongEndpoint = true;
            }
        }
        File fileToRemove = new File(filePath);
        if (!fileToRemove.delete()) {
            logger.error("Temp file couldn't be deleted but it shoudl have been");
        }
        // Separate if to delete the tmp file
        if (reportType == ReportType.UNKNOWN) {
            // Type unknown send bad request.
            return new ResponseEntity(new ErrorMsg("Unknown report!"), HttpStatus.BAD_REQUEST);
        } else if (wrongEndpoint) {
            return new ResponseEntity(new ErrorMsg("This is a " + reportType.name() + " report but this endpoint expects a " + scannerType), HttpStatus.BAD_REQUEST);
        }
    } catch (IOException ex) {
        return new ResponseEntity(new ErrorMsg("IOException with msg: " + ex.getMessage()), HttpStatus.INTERNAL_SERVER_ERROR);
    }
    return new ResponseEntity(new ErrorMsg("Successfully uploaded - " + newFileName), HttpStatus.OK);
}

Example 2 with AuthenticationChecker

use of com.xebia.vulnmanager.auth.AuthenticationChecker in project vulnmanager by xebia-research.

the class CompanyController method getCompanyTeamMembers.

/**
 * Get the teams of a specific company
 * @param authKey The auth key of the company used to auth the request
 * @param companyName The name of the company
 * @return A list of teams within the team
 */
@RequestMapping(value = "/{team}", method = RequestMethod.GET)
@ResponseBody
ResponseEntity<?> getCompanyTeamMembers(@RequestHeader(value = "auth", defaultValue = "nope") String authKey, @PathVariable("company") String companyName, @PathVariable("team") String teamName) {
    AuthenticationChecker authChecker = new AuthenticationChecker();
    boolean authIsGood = authChecker.checkTeamAndCompany(companyName, authKey, teamName);
    MockCompanyFactory compFact = new MockCompanyFactory();
    if (authIsGood) {
        Company foundComp = compFact.findCompanyByName(companyName);
        Team team = foundComp.findTeamByName(teamName);
        return new ResponseEntity<Team>(team, HttpStatus.OK);
    }
    return new ResponseEntity<ErrorMsg>(new ErrorMsg("Wrong auth key or company not found"), HttpStatus.NOT_FOUND);
}

Example 3 with AuthenticationChecker

use of com.xebia.vulnmanager.auth.AuthenticationChecker in project vulnmanager by xebia-research.

the class CompanyController method getCompanyTeams.

/**
 * Get the teams of a specific company
 * @param authKey The auth key of the company used to auth the request
 * @param companyName The name of the company
 * @return A list of teams within the team
 */
@RequestMapping(method = RequestMethod.GET)
@ResponseBody
ResponseEntity<?> getCompanyTeams(@RequestHeader(value = "auth", defaultValue = "nope") String authKey, @PathVariable("company") String companyName) {
    AuthenticationChecker authChecker = new AuthenticationChecker();
    boolean authIsGood = authChecker.checkCompanyAuthKey(companyName, authKey);
    MockCompanyFactory compFact = new MockCompanyFactory();
    if (authIsGood) {
        Company foundComp = compFact.findCompanyByName(companyName);
        return new ResponseEntity<Company>(foundComp, HttpStatus.OK);
    }
    return new ResponseEntity<ErrorMsg>(new ErrorMsg("Wrong auth key or company not found"), HttpStatus.NOT_FOUND);
}