From 25bda2559356b7fc4388069b641da16a35bcd0cc Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton@traccar.org>
Date: Sun, 5 May 2024 07:52:39 -0700
Subject: Refactor scheme login

---
 .../org/traccar/api/security/LoginService.java     | 18 +++++++++++++++++-
 .../api/security/SecurityRequestFilter.java        | 22 +++-------------------
 2 files changed, 20 insertions(+), 20 deletions(-)

(limited to 'src/main')

diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java
index 930c4fa46..507288c31 100644
--- a/src/main/java/org/traccar/api/security/LoginService.java
+++ b/src/main/java/org/traccar/api/security/LoginService.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022 - 2023 Anton Tananaev (anton@traccar.org)
+ * Copyright 2022 - 2024 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import org.traccar.api.signature.TokenManager;
 import org.traccar.config.Config;
 import org.traccar.config.Keys;
 import org.traccar.database.LdapProvider;
+import org.traccar.helper.DataConverter;
 import org.traccar.helper.model.UserUtil;
 import org.traccar.model.User;
 import org.traccar.storage.Storage;
@@ -32,6 +33,7 @@ import jakarta.annotation.Nullable;
 import jakarta.inject.Inject;
 import jakarta.inject.Singleton;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 
 @Singleton
@@ -58,6 +60,20 @@ public class LoginService {
         forceOpenId = config.getBoolean(Keys.OPENID_FORCE);
     }
 
+    public LoginResult login(
+            String scheme, String credentials) throws StorageException, GeneralSecurityException, IOException {
+        switch (scheme.toLowerCase()) {
+            case "bearer":
+                return login(credentials);
+            case "basic":
+                byte[] decodedBytes = DataConverter.parseBase64(credentials);
+                String[] auth = new String(decodedBytes, StandardCharsets.US_ASCII).split(":", 2);
+                return login(auth[0], auth[1], null);
+            default:
+                throw new SecurityException("Unsupported authorization scheme");
+        }
+    }
+
     public LoginResult login(String token) throws StorageException, GeneralSecurityException, IOException {
         if (serviceAccountToken != null && serviceAccountToken.equals(token)) {
             return new LoginResult(new ServiceAccountUser());
diff --git a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
index 12a5dbecf..07083e7a8 100644
--- a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
+++ b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015 - 2023 Anton Tananaev (anton@traccar.org)
+ * Copyright 2015 - 2024 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,7 +20,6 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.traccar.api.resource.SessionResource;
 import org.traccar.database.StatisticsManager;
-import org.traccar.helper.DataConverter;
 import org.traccar.model.User;
 import org.traccar.storage.StorageException;
 
@@ -36,7 +35,6 @@ import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.SecurityContext;
 import java.io.IOException;
 import java.lang.reflect.Method;
-import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.util.Date;
 
@@ -44,15 +42,6 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(SecurityRequestFilter.class);
 
-    public static String[] decodeBasicAuth(String auth) {
-        auth = auth.replaceFirst("[B|b]asic ", "");
-        byte[] decodedBytes = DataConverter.parseBase64(auth);
-        if (decodedBytes != null && decodedBytes.length > 0) {
-            return new String(decodedBytes, StandardCharsets.US_ASCII).split(":", 2);
-        }
-        return null;
-    }
-
     @Context
     private HttpServletRequest request;
 
@@ -83,13 +72,8 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
             if (authHeader != null) {
 
                 try {
-                    LoginResult loginResult;
-                    if (authHeader.startsWith("Bearer ")) {
-                        loginResult = loginService.login(authHeader.substring(7));
-                    } else {
-                        String[] auth = decodeBasicAuth(authHeader);
-                        loginResult = loginService.login(auth[0], auth[1], null);
-                    }
+                    String[] auth = authHeader.split(" ");
+                    LoginResult loginResult = loginService.login(auth[0], auth[1]);
                     if (loginResult != null) {
                         User user = loginResult.getUser();
                         statisticsManager.registerRequest(user.getId());
-- 
cgit v1.2.3