From 25bda2559356b7fc4388069b641da16a35bcd0cc Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Sun, 5 May 2024 07:52:39 -0700 Subject: Refactor scheme login --- .../org/traccar/api/security/LoginService.java | 18 +++++++++++++++++- .../api/security/SecurityRequestFilter.java | 22 +++------------------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java index 930c4fa46..507288c31 100644 --- a/src/main/java/org/traccar/api/security/LoginService.java +++ b/src/main/java/org/traccar/api/security/LoginService.java @@ -1,5 +1,5 @@ /* - * Copyright 2022 - 2023 Anton Tananaev (anton@traccar.org) + * Copyright 2022 - 2024 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,6 +20,7 @@ import org.traccar.api.signature.TokenManager; import org.traccar.config.Config; import org.traccar.config.Keys; import org.traccar.database.LdapProvider; +import org.traccar.helper.DataConverter; import org.traccar.helper.model.UserUtil; import org.traccar.model.User; import org.traccar.storage.Storage; @@ -32,6 +33,7 @@ import jakarta.annotation.Nullable; import jakarta.inject.Inject; import jakarta.inject.Singleton; import java.io.IOException; +import java.nio.charset.StandardCharsets; import java.security.GeneralSecurityException; @Singleton @@ -58,6 +60,20 @@ public class LoginService { forceOpenId = config.getBoolean(Keys.OPENID_FORCE); } + public LoginResult login( + String scheme, String credentials) throws StorageException, GeneralSecurityException, IOException { + switch (scheme.toLowerCase()) { + case "bearer": + return login(credentials); + case "basic": + byte[] decodedBytes = DataConverter.parseBase64(credentials); + String[] auth = new String(decodedBytes, StandardCharsets.US_ASCII).split(":", 2); + return login(auth[0], auth[1], null); + default: + throw new SecurityException("Unsupported authorization scheme"); + } + } + public LoginResult login(String token) throws StorageException, GeneralSecurityException, IOException { if (serviceAccountToken != null && serviceAccountToken.equals(token)) { return new LoginResult(new ServiceAccountUser()); diff --git a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java index 12a5dbecf..07083e7a8 100644 --- a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java +++ b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java @@ -1,5 +1,5 @@ /* - * Copyright 2015 - 2023 Anton Tananaev (anton@traccar.org) + * Copyright 2015 - 2024 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,7 +20,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.traccar.api.resource.SessionResource; import org.traccar.database.StatisticsManager; -import org.traccar.helper.DataConverter; import org.traccar.model.User; import org.traccar.storage.StorageException; @@ -36,7 +35,6 @@ import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.SecurityContext; import java.io.IOException; import java.lang.reflect.Method; -import java.nio.charset.StandardCharsets; import java.security.GeneralSecurityException; import java.util.Date; @@ -44,15 +42,6 @@ public class SecurityRequestFilter implements ContainerRequestFilter { private static final Logger LOGGER = LoggerFactory.getLogger(SecurityRequestFilter.class); - public static String[] decodeBasicAuth(String auth) { - auth = auth.replaceFirst("[B|b]asic ", ""); - byte[] decodedBytes = DataConverter.parseBase64(auth); - if (decodedBytes != null && decodedBytes.length > 0) { - return new String(decodedBytes, StandardCharsets.US_ASCII).split(":", 2); - } - return null; - } - @Context private HttpServletRequest request; @@ -83,13 +72,8 @@ public class SecurityRequestFilter implements ContainerRequestFilter { if (authHeader != null) { try { - LoginResult loginResult; - if (authHeader.startsWith("Bearer ")) { - loginResult = loginService.login(authHeader.substring(7)); - } else { - String[] auth = decodeBasicAuth(authHeader); - loginResult = loginService.login(auth[0], auth[1], null); - } + String[] auth = authHeader.split(" "); + LoginResult loginResult = loginService.login(auth[0], auth[1]); if (loginResult != null) { User user = loginResult.getUser(); statisticsManager.registerRequest(user.getId()); -- cgit v1.2.3