package login; import java.io.Serializable; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.concurrent.TimeUnit; import javax.annotation.PostConstruct; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import dao.entities.security.UserAuthDao; import dao.entities.security.UserInfoDao; import entities.security.UserAuth; import entities.security.UserInfo; import security.TokenSessionManager; @RestController @CrossOrigin public class Login { @Autowired private UserInfoDao userInfoDao; @Autowired private UserAuthDao userAuthDao; @Autowired private TokenSessionManager tokenSessionManager; @RequestMapping(method = RequestMethod.POST, value = { "/nativeLogin" }, consumes = "application/json", produces = "application/json") public @ResponseBody ResponseEntity nativeLogin(@RequestBody Credentials credentials) { String token = null; if(credentials == null || credentials.getPassword() == null || credentials.getUsername() ==null || credentials.getPassword().isEmpty() || credentials.getUsername().isEmpty()) { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Username and/or password cannot be empty."); } UserAuth userAuth = userAuthDao.getUserAuthBy(credentials.getUsername()); if(userAuth == null) userAuth = new UserAuth(); String userHash = userAuth.getPassword(); String providedHash = ""; try { providedHash = tokenSessionManager.hashPassword(credentials.getPassword()); } catch(NoSuchAlgorithmException ex) { return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Internal error. Cannot authenticate."); } if(userHash == null || "".equals(userHash) || !userHash.equals(providedHash)) { return ResponseEntity.status(HttpStatus.NOT_ACCEPTABLE).body("Wrong username or password"); } else if(userHash.equals(providedHash)) { // create a token token = tokenSessionManager.generateRandomAlphanumeric(512); // add it to the cache tokenSessionManager.set(token, credentials.getUsername()); } //get also the additional info of the user (if he has) UserInfo userInfo = userInfoDao.getByAuthenticationId((userAuth.getId() == null) ? "" : userAuth.getId().toString()); if(userInfo == null) userInfo = new UserInfo(); Response response = new Response(); response.setToken(token); response.setEmail(userInfo.getEmail()); response.setName(userInfo.getName()); response.setUsername(credentials.getUsername()); return new ResponseEntity(response.toJson(), HttpStatus.OK); } } class Credentials implements Serializable{ private static final long serialVersionUID = 3519634756673886633L; private String username; private String password; public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } } class Response implements Serializable { private static final long serialVersionUID = -3855159530298902864L; private String token; private String username; private String email; private String name; public String getToken() { return token; } public void setToken(String token) { this.token = token; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } public String getName() { return name; } public void setName(String name) { this.name = name; } public String toJson() { ObjectMapper objMapper = new ObjectMapper(); try { return objMapper.writeValueAsString(this); } catch(JsonProcessingException ex) { return "{}"; } } }