Search in sources :

Example 1 with DAOException

use of io.divide.shared.server.DAO.DAOException in project divide by HiddenStage.

the class AuthServerLogic method getUserFromAuthToken.

public Credentials getUserFromAuthToken(String token) throws DAOException {
    AuthTokenUtils.AuthToken authToken;
    try {
        authToken = new AuthTokenUtils.AuthToken(keyManager.getSymmetricKey(), token);
    } catch (AuthenticationException e) {
        throw new DAOException(HttpStatus.SC_INTERNAL_SERVER_ERROR, "internal error");
    }
    if (authToken.isExpired())
        throw new DAOException(HttpStatus.SC_UNAUTHORIZED, "Expired");
    Query q = new QueryBuilder().select().from(Credentials.class).where(Credentials.AUTH_TOKEN_KEY, OPERAND.EQ, token).build();
    TransientObject to = ObjectUtils.get1stOrNull(dao.query(q));
    if (to != null) {
        return new ServerCredentials(to);
    } else {
        throw new DAOException(HttpStatus.SC_BAD_REQUEST, "invalid auth token");
    }
}
Also used : DAOException(io.divide.shared.server.DAO.DAOException) Query(io.divide.shared.transitory.query.Query) AuthenticationException(io.divide.shared.util.AuthTokenUtils.AuthenticationException) AuthTokenUtils(io.divide.shared.util.AuthTokenUtils) QueryBuilder(io.divide.shared.transitory.query.QueryBuilder) TransientObject(io.divide.shared.transitory.TransientObject)

Example 2 with DAOException

use of io.divide.shared.server.DAO.DAOException in project divide by HiddenStage.

the class AuthServerLogic method userSignIn.

/**
 * Checks username/password against that stored in DB, if same return
 * token, if token expired create new.
 * @param credentials
 * @return authentication token
 */
public Credentials userSignIn(Credentials credentials) throws DAOException {
    Credentials dbCreds = getUserByEmail(dao, credentials.getEmailAddress());
    if (dbCreds == null) {
        throw new DAOException(HttpStatus.SC_UNAUTHORIZED, "User Doesnt exist");
    } else {
        // check if we are resetting the password
        if (dbCreds.getValidation() != null && dbCreds.getValidation().equals(credentials.getValidation())) {
            // decrypt the password
            credentials.decryptPassword(keyManager.getPrivateKey());
            // set the new password
            dbCreds.setPassword(BCrypt.hashpw(credentials.getPassword(), BCrypt.gensalt(10)));
        } else // else check password
        {
            String en = credentials.getPassword();
            // decrypt the password
            credentials.decryptPassword(keyManager.getPrivateKey());
            String de = credentials.getPassword();
            String ha = BCrypt.hashpw(de, BCrypt.gensalt(10));
            System.out.println("Comparing passwords.\n" + "Encrypted: " + en + "\n" + "Decrypted: " + de + "\n" + "Hashed:    " + ha + "\n" + "Stored:    " + dbCreds.getPassword());
            if (!BCrypt.checkpw(de, dbCreds.getPassword())) {
                throw new DAOException(HttpStatus.SC_UNAUTHORIZED, "User Already Exists");
            }
        }
        // check if token is expired, if so return/set new
        AuthTokenUtils.AuthToken token;
        try {
            token = new AuthTokenUtils.AuthToken(keyManager.getSymmetricKey(), dbCreds.getAuthToken());
        } catch (AuthenticationException e) {
            throw new DAOException(HttpStatus.SC_INTERNAL_SERVER_ERROR, "internal error");
        }
        if (c.getTime().getTime() > token.expirationDate) {
            dbCreds.setAuthToken(AuthTokenUtils.getNewToken(keyManager.getSymmetricKey(), dbCreds));
            dao.save(dbCreds);
        }
        return dbCreds;
    }
}
Also used : DAOException(io.divide.shared.server.DAO.DAOException) AuthenticationException(io.divide.shared.util.AuthTokenUtils.AuthenticationException) AuthTokenUtils(io.divide.shared.util.AuthTokenUtils) Credentials(io.divide.shared.transitory.Credentials)

Example 3 with DAOException

use of io.divide.shared.server.DAO.DAOException in project divide by HiddenStage.

the class PushEndpoint method register.

/*
    currently failing as the decryption key is probably different
     */
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response register(@Context Session session, EncryptedEntity.Reader entity) {
    try {
        Credentials credentials = session.getUser();
        entity.setKey(keyManager.getPrivateKey());
        credentials.setPushMessagingKey(entity.get("token"));
        dao.save(credentials);
    } catch (DAOException e) {
        logger.severe(ExceptionUtils.getStackTrace(e));
        return fromDAOExpection(e);
    } catch (Exception e) {
        logger.severe(ExceptionUtils.getStackTrace(e));
        return Response.serverError().entity("Shit").build();
    }
    return Response.ok().build();
}
Also used : DAOException(io.divide.shared.server.DAO.DAOException) Credentials(io.divide.shared.transitory.Credentials) IOException(java.io.IOException) DAOException(io.divide.shared.server.DAO.DAOException)

Example 4 with DAOException

use of io.divide.shared.server.DAO.DAOException in project divide by HiddenStage.

the class AuthServerLogic method getUserFromRecoveryToken.

public Credentials getUserFromRecoveryToken(String token) throws DAOException {
    Query q = new QueryBuilder().select().from(Credentials.class).where(Credentials.RECOVERY_TOKEN_KEY, OPERAND.EQ, token).build();
    TransientObject to = ObjectUtils.get1stOrNull(dao.query(q));
    if (to != null) {
        ServerCredentials sc = new ServerCredentials(to);
        sc.setAuthToken(AuthTokenUtils.getNewToken(keyManager.getSymmetricKey(), sc));
        sc.setRecoveryToken(AuthTokenUtils.getNewToken(keyManager.getSymmetricKey(), sc));
        dao.save(sc);
        return sc;
    } else {
        throw new DAOException(HttpStatus.SC_BAD_REQUEST, "invalid recovery token");
    }
}
Also used : DAOException(io.divide.shared.server.DAO.DAOException) Query(io.divide.shared.transitory.query.Query) QueryBuilder(io.divide.shared.transitory.query.QueryBuilder) TransientObject(io.divide.shared.transitory.TransientObject)

Aggregations

DAOException (io.divide.shared.server.DAO.DAOException)4 Credentials (io.divide.shared.transitory.Credentials)2 TransientObject (io.divide.shared.transitory.TransientObject)2 Query (io.divide.shared.transitory.query.Query)2 QueryBuilder (io.divide.shared.transitory.query.QueryBuilder)2 AuthTokenUtils (io.divide.shared.util.AuthTokenUtils)2 AuthenticationException (io.divide.shared.util.AuthTokenUtils.AuthenticationException)2 IOException (java.io.IOException)1