zervo/seb-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

password view feature only enabled if password is not already hashed

Browse source
This commit is contained in:
anhefti 2020-02-20 14:55:52 +01:00
parent 7c092d6e12
commit 0411a016d2
4 changed files with 46 additions and 34 deletions
src/main/java/ch/ethz/seb/sebserver
gbl
Constants.java
gui/widget
PasswordInput.java
webservice/servicelayer/sebconfig/impl
ExamConfigXMLParser.java
converter
StringConverter.java

2
src/main/java/ch/ethz/seb/sebserver/gbl/Constants.java
View file

@ -125,6 +125,8 @@ public final class Constants {
public static final RGB WHITE_RGB = new RGB(255, 255, 255);
public static final RGB BLACK_RGB = new RGB(0, 0, 0);
public static final String IMPORTED_PASSWORD_MARKER = "_IMPORTED_PASSWORD";
public static final TypeReference<Collection<APIMessage>> TYPE_REFERENCE_API_MESSAGE =
new TypeReferenceAPIMessage();
public static final ParameterizedTypeReference<Collection<Privilege>> TYPE_REFERENCE_PRIVILEGES =

23
src/main/java/ch/ethz/seb/sebserver/gui/widget/PasswordInput.java
View file

@ -8,6 +8,7 @@
package ch.ethz.seb.sebserver.gui.widget;
import ch.ethz.seb.sebserver.gbl.Constants;
import ch.ethz.seb.sebserver.gui.service.i18n.LocTextKey;
import ch.ethz.seb.sebserver.gui.service.page.PageService;
import org.apache.commons.lang3.StringUtils;
@ -16,6 +17,7 @@ import org.eclipse.swt.SWT;
import org.eclipse.swt.layout.GridData;
import org.eclipse.swt.layout.GridLayout;
import org.eclipse.swt.widgets.Composite;
import org.eclipse.swt.widgets.Event;
import org.eclipse.swt.widgets.Label;
import org.eclipse.swt.widgets.Text;
@ -25,7 +27,6 @@ public class PasswordInput extends Composite {
new LocTextKey("sebserver.overall.action.showPassword.tooltip");
private final WidgetFactory widgetFactory;
private final Composite inputAnchor;
private final Label visibilityButton;
@ -35,7 +36,6 @@ public class PasswordInput extends Composite {
public PasswordInput(final Composite parent, final WidgetFactory widgetFactory) {
super(parent, SWT.NONE);
this.widgetFactory = widgetFactory;
GridLayout gridLayout = new GridLayout(2, false);
gridLayout.horizontalSpacing = 0;
@ -54,8 +54,6 @@ public class PasswordInput extends Composite {
inputAnchor.setLayout(gridLayout);
inputAnchor.setLayoutData(new GridData(SWT.FILL, SWT.FILL, true, false));
visibilityButton = widgetFactory.imageButton(
WidgetFactory.ImageIcon.VISIBILITY,
this,
@ -95,8 +93,8 @@ public class PasswordInput extends Composite {
}
if (buildPassword) {
passwordInput.addListener(SWT.FocusOut, event -> super.notifyListeners(SWT.FocusOut, event));
passwordInput.addListener(SWT.Traverse, event -> super.notifyListeners(SWT.Traverse, event));
passwordInput.addListener(SWT.FocusOut, event -> changeEvent(SWT.FocusOut, event));
passwordInput.addListener(SWT.Traverse, event -> changeEvent(SWT.Traverse, event));
this.visibilityButton.setImage(WidgetFactory.ImageIcon.VISIBILITY.getImage(getDisplay()));
} else {
passwordInput.setData(RWT.CUSTOM_VARIANT, WidgetFactory.CustomVariant.PLAIN_PWD.key);
@ -109,9 +107,22 @@ public class PasswordInput extends Composite {
super.layout(true, true);
}
private void changeEvent(int eventType, Event event) {
if (!this.visibilityButton.isEnabled() && !StringUtils.endsWith(
this.passwordInput.getText(),
Constants.IMPORTED_PASSWORD_MARKER)) {
visibilityButton.setEnabled(true);
}
super.notifyListeners(eventType, event);
}
public void setValue(CharSequence value) {
if (passwordInput != null) {
passwordInput.setText(value != null ? value.toString() : StringUtils.EMPTY);
if (StringUtils.endsWith(value, Constants.IMPORTED_PASSWORD_MARKER)) {
this.visibilityButton.setEnabled(false);
}
}
}

50
src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ExamConfigXMLParser.java
View file

@ -8,6 +8,20 @@
package ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl;
import ch.ethz.seb.sebserver.gbl.Constants;
import ch.ethz.seb.sebserver.gbl.model.sebconfig.AttributeType;
import ch.ethz.seb.sebserver.gbl.model.sebconfig.ConfigurationAttribute;
import ch.ethz.seb.sebserver.gbl.model.sebconfig.ConfigurationValue;
import ch.ethz.seb.sebserver.gbl.util.Cryptor;
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl.ExamConfigXMLParser.PListNode.Type;
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl.converter.KioskModeConverter;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.Attributes;
import org.xml.sax.helpers.DefaultHandler;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
@ -15,22 +29,6 @@ import java.util.Stack;
import java.util.function.Consumer;
import java.util.function.Function;
import ch.ethz.seb.sebserver.gbl.util.Cryptor;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
import ch.ethz.seb.sebserver.gbl.Constants;
import ch.ethz.seb.sebserver.gbl.model.sebconfig.AttributeType;
import ch.ethz.seb.sebserver.gbl.model.sebconfig.ConfigurationAttribute;
import ch.ethz.seb.sebserver.gbl.model.sebconfig.ConfigurationValue;
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl.ExamConfigXMLParser.PListNode.Type;
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl.converter.KioskModeConverter;
public class ExamConfigXMLParser extends DefaultHandler {
private static final Logger log = LoggerFactory.getLogger(ExamConfigXMLParser.class);
@ -91,8 +89,6 @@ public class ExamConfigXMLParser extends DefaultHandler {
"hashedAdminPassword"
));
public static final String IMPORTED_PASSWORD_MARKER = "_IMPORTED_PASSWORD";
private final Cryptor cryptor;
private final Consumer<ConfigurationValue> valueConsumer;
private final Function<String, ConfigurationAttribute> attributeResolver;
@ -120,14 +116,14 @@ public class ExamConfigXMLParser extends DefaultHandler {
}
@Override
public void startDocument() throws SAXException {
public void startDocument() {
if (log.isDebugEnabled()) {
log.debug("Start parsing document");
}
}
@Override
public void endDocument() throws SAXException {
public void endDocument() {
if (log.isDebugEnabled()) {
log.debug("End parsing document");
}
@ -138,7 +134,7 @@ public class ExamConfigXMLParser extends DefaultHandler {
final String uri,
final String localName,
final String qName,
final Attributes attributes) throws SAXException {
final Attributes attributes) {
if (log.isDebugEnabled()) {
log.debug("start element: {}", qName);
@ -274,7 +270,7 @@ public class ExamConfigXMLParser extends DefaultHandler {
public void endElement(
final String uri,
final String localName,
final String qName) throws SAXException {
final String qName) {
final PListNode top = this.stack.peek();
if (VALUE_ELEMENTS.contains(qName)) {
@ -386,7 +382,7 @@ public class ExamConfigXMLParser extends DefaultHandler {
public void characters(
final char[] ch,
final int start,
final int length) throws SAXException {
final int length) {
final char[] valueChar = new char[length];
System.arraycopy(ch, start, valueChar, 0, length);
@ -453,7 +449,9 @@ public class ExamConfigXMLParser extends DefaultHandler {
this.configId,
attribute.id,
listIndex,
StringUtils.isNotBlank(value) ? cryptor.encrypt(value + IMPORTED_PASSWORD_MARKER).toString() : value);
StringUtils.isNotBlank(value)
? cryptor.encrypt(value + Constants.IMPORTED_PASSWORD_MARKER).toString()
: value);
}
return new ConfigurationValue(
@ -510,7 +508,7 @@ public class ExamConfigXMLParser extends DefaultHandler {
private final boolean isValueType;
private final String typeName;
private Type(final boolean isValueType, final String typeName) {
Type(final boolean isValueType, final String typeName) {
this.isValueType = isValueType;
this.typeName = typeName;
}
@ -520,7 +518,7 @@ public class ExamConfigXMLParser extends DefaultHandler {
}
public static Type getType(final String qName) {
return Arrays.asList(Type.values()).stream()
return Arrays.stream(Type.values())
.filter(type -> type.typeName.equals(qName))
.findFirst()
.orElse(null);

5
src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/converter/StringConverter.java
View file

@ -16,6 +16,7 @@ import java.util.HashSet;
import java.util.Set;
import java.util.function.Function;
import ch.ethz.seb.sebserver.gbl.Constants;
import ch.ethz.seb.sebserver.webservice.servicelayer.client.ClientCredentialService;
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl.ExamConfigXMLParser;
import org.apache.commons.lang3.StringUtils;
@ -123,8 +124,8 @@ public class StringConverter implements AttributeValueConverter {
// decrypt internally encrypted password and hash it for export
// NOTE: see special case description in ExamConfigXMLParser.createConfigurationValue
String plainText = this.clientCredentialService.decrypt(value).toString();
if (plainText.endsWith(ExamConfigXMLParser.IMPORTED_PASSWORD_MARKER)) {
return plainText.replace(ExamConfigXMLParser.IMPORTED_PASSWORD_MARKER, StringUtils.EMPTY);
if (plainText.endsWith(Constants.IMPORTED_PASSWORD_MARKER)) {
return plainText.replace(Constants.IMPORTED_PASSWORD_MARKER, StringUtils.EMPTY);
} else {
return Utils.hash_SHA_256_Base_16(plainText);
}