Skip to content
Snippets Groups Projects
Commit f94798ba authored by Alicia.DeDiosFuente's avatar Alicia.DeDiosFuente Committed by Nicolas.Rod
Browse files

feat(DownloadTokenService): add method to extract tokenHash from the request

parent 5c4d7e29
No related branches found
No related tags found
1 merge request!427fix(DownloadTokenService): add method to extract tokenHash from the request
......@@ -27,10 +27,18 @@ import java.time.OffsetDateTime;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Service;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import ch.unige.solidify.config.SolidifyProperties;
import ch.unige.solidify.exception.SolidifyRuntimeException;
import ch.unige.solidify.model.security.DownloadToken;
import ch.unige.solidify.model.security.SolidifyDownloadTokenType;
import ch.unige.solidify.repository.DownloadTokenRepository;
import ch.unige.solidify.util.HashTool;
@Service
public class DownloadTokenService {
......@@ -53,4 +61,32 @@ public class DownloadTokenService {
}
}
public String getTokenHashFromRequest(String resourceId, SolidifyDownloadTokenType resourceType) {
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
if (servletRequestAttributes == null) {
throw new SolidifyRuntimeException("Can't get servlet request attributes");
}
HttpServletRequest httpServletRequest = servletRequestAttributes.getRequest();
String tokenString = null;
if (httpServletRequest.getCookies() == null) {
return null;
}
for (Cookie cookie : httpServletRequest.getCookies()) {
String cookieName = cookie.getName();
String cookieTypeAndResourceId = cookieName.substring(cookieName.indexOf('-') + 1);
if (cookieTypeAndResourceId.equals(resourceType + "-" + resourceId)) {
tokenString = cookie.getValue();
}
}
if (tokenString == null) {
return null;
}
return HashTool.hash(tokenString);
}
public DownloadToken findByTokenHash(String tokenHash) {
return this.downloadTokenRepository.findByTokenHash(tokenHash);
}
}
......@@ -23,57 +23,30 @@
package ch.unige.solidify.service.security;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import ch.unige.solidify.exception.SolidifyRuntimeException;
import ch.unige.solidify.model.security.DownloadToken;
import ch.unige.solidify.model.security.SolidifyDownloadTokenType;
import ch.unige.solidify.repository.DownloadTokenRepository;
import ch.unige.solidify.util.HashTool;
import ch.unige.solidify.service.DownloadTokenService;
public abstract class SolidifyDownloadTokenPermissionService<T extends SolidifyDownloadTokenType> implements SolidifyPermissionService {
private final DownloadTokenService downloadTokenService;
private final DownloadTokenRepository downloadTokenRepository;
protected SolidifyDownloadTokenPermissionService(DownloadTokenRepository downloadTokenRepository) {
protected SolidifyDownloadTokenPermissionService(DownloadTokenService downloadTokenService) {
super();
this.downloadTokenRepository = downloadTokenRepository;
this.downloadTokenService = downloadTokenService;
}
public boolean isAllowed(String resourceId, T resourceType) {
if (this.isRootOrTrustedRole()) {
return true;
}
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
if (servletRequestAttributes == null) {
throw new SolidifyRuntimeException("Can't get servlet request attributes");
}
HttpServletRequest httpServletRequest = servletRequestAttributes.getRequest();
String tokenString = null;
if (httpServletRequest.getCookies() == null) {
String tokenHash = this.downloadTokenService.getTokenHashFromRequest(resourceId, resourceType);
if (tokenHash == null) {
return false;
}
for (Cookie cookie : httpServletRequest.getCookies()) {
String cookieName = cookie.getName();
String cookieTypeAndResourceId = cookieName.substring(cookieName.indexOf('-') + 1);
if (cookieTypeAndResourceId.equals(resourceType.getLabel() + "-" + resourceId)) {
tokenString = cookie.getValue();
}
}
if (tokenString == null) {
return false;
}
String tokenHash = HashTool.hash(tokenString);
DownloadToken downloadToken = this.downloadTokenRepository.findByTokenHash(tokenHash);
DownloadToken downloadToken = this.downloadTokenService.findByTokenHash(tokenHash);
return downloadToken != null
&& downloadToken.getResourceType().equals(resourceType.getLabel())
&& downloadToken.getResourceId().equals(resourceId);
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment