Examples with ApiKey org.jbei.ice.storage.model.ApiKey used on opensource projects

Example 6 with ApiKey

use of org.jbei.ice.storage.model.ApiKey in project ice by JBEI.

the class ApiKeyDAO method getApiKeysForUser.

public List<ApiKey> getApiKeysForUser(String userId, String sort, int limit, int start, boolean asc) {
    try {
        CriteriaQuery<ApiKey> query = getBuilder().createQuery(ApiKey.class);
        Root<ApiKey> from = query.from(ApiKey.class);
        query.where(getBuilder().equal(from.get("ownerEmail"), userId)).orderBy(asc ? getBuilder().asc(from.get(sort)) : getBuilder().desc(from.get(sort))).distinct(true);
        return currentSession().createQuery(query).setFirstResult(start).setMaxResults(limit).list();
    } catch (HibernateException he) {
        Logger.error(he);
        throw new DAOException(he);
    }
}

Example 7 with ApiKey

use of org.jbei.ice.storage.model.ApiKey in project ice by JBEI.

the class TokenVerification method verifyAPIKey.

public String verifyAPIKey(String token, String clientId, String userId) {
    // hash = (token, client + salt + client)
    Optional<ApiKey> optionalKey = DAOFactory.getApiKeyDAO().getByClientId(clientId);
    if (!optionalKey.isPresent())
        throw new PermissionException("Invalid client Id " + clientId);
    ApiKey key = optionalKey.get();
    String hash_token = tokenHash.encrypt(token, clientId + key.getSecret() + clientId);
    if (!hash_token.equalsIgnoreCase(key.getHashedToken()))
        throw new PermissionException("Invalid token");
    // if the api belongs to an admin, accept whatever user id they present
    AccountDAO accountDAO = DAOFactory.getAccountDAO();
    Account account = accountDAO.getByEmail(key.getOwnerEmail());
    if (userId == null)
        userId = account.getEmail();
    if (account.getType() == AccountType.ADMIN) {
        if (account.getEmail().equalsIgnoreCase(userId))
            return userId;
        if (accountDAO.getByEmail(userId) == null)
            throw new PermissionException("Invalid user id");
        return userId;
    }
    return key.getOwnerEmail();
}

Example 8 with ApiKey

use of org.jbei.ice.storage.model.ApiKey in project ice by JBEI.

the class UserApiKeys method requestKey.

/**
     * Generates an access key using the client identifier
     *
     * @param clientId unique client identifier.
     * @return wrapper around created token, client_id and secret.
     * <p>The api token that is generated and returned to the user is not stored and therefore cannot be retrieved.
     * If lost, the api key record can be deleted by the user who created it (or an admin) and a new one created.</p>
     */
public AccessKey requestKey(String clientId) {
    try {
        Optional<ApiKey> optional = apiKeyDAO.getByClientId(clientId);
        if (optional.isPresent())
            throw new IllegalArgumentException("Attempting to create duplicate key for client id " + clientId);
    } catch (DAOException e) {
        Logger.error(e);
        return null;
    }
    TokenHash hash = new TokenHash();
    String token = hash.generateRandomToken(32);
    String salt = hash.generateSalt();
    String hash_token = hash.encrypt(token, clientId + salt + clientId);
    ApiKey apiKey = new ApiKey();
    apiKey.setCreationTime(new Date());
    apiKey.setOwnerEmail(userId);
    apiKey.setClientId(clientId);
    apiKey.setSecret(salt);
    apiKey.setStatus(AccessStatus.OK);
    apiKey.setHashedToken(hash_token);
    apiKey = apiKeyDAO.create(apiKey);
    AccessKey key = apiKey.toDataTransferObject();
    key.setToken(token);
    return key;
}