This is an automated email from the git hooks/post-receive script. unknown user pushed a commit to branch devel in repository Pollen. commit dbae913f3ba7c7e24c7fb00a2c7783089ec5e458 Author: Tony CHEMIT <chemit@codelutin.com> Date: Tue May 20 11:57:37 2014 +0200 make login works --- pollen-rest-api/src/main/resources/mapping | 6 +-- .../org/chorem/pollen/rest/api/AuthApiTest.java | 62 ++++++++++++++++++++++ .../service/security/PollenSecurityRealm.java | 13 +++-- .../services/service/security/SecurityService.java | 4 +- 4 files changed, 76 insertions(+), 9 deletions(-) diff --git a/pollen-rest-api/src/main/resources/mapping b/pollen-rest-api/src/main/resources/mapping index 501239a..6f70b40 100644 --- a/pollen-rest-api/src/main/resources/mapping +++ b/pollen-rest-api/src/main/resources/mapping @@ -27,9 +27,9 @@ GET /v1/doc DocApi.showMapping # AuthApi -POST /v1/login AuthApi.login -GET /v1/lostpassword/{token} AuthApi.lostPassword -GET /v1/logout AuthApi.logout +POST,PUT /v1/login AuthApi.login +GET /v1/lostpassword/{token} AuthApi.lostPassword +GET /v1/logout AuthApi.logout # ChoiceApi diff --git a/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AuthApiTest.java b/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AuthApiTest.java new file mode 100644 index 0000000..cebcedc --- /dev/null +++ b/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AuthApiTest.java @@ -0,0 +1,62 @@ +package org.chorem.pollen.rest.api; + +import org.apache.http.client.fluent.Request; +import org.apache.http.client.fluent.Response; +import org.junit.Assert; +import org.junit.Test; + +import java.io.IOException; +import java.net.URISyntaxException; + +import static org.junit.Assert.assertNotNull; + +/** + * Created on 5/20/14. + * + * @author Tony Chemit <chemit@codelutin.com> + * @since 2.0 + */ +public class AuthApiTest extends AbstractPollenRestApiTest { + + @Test + public void login() throws URISyntaxException, IOException { + + Request request = createRequest("/v1/login") + .addParameter("login", "admin") + .addParameter("password", "admin") + .Post(); + + String content = request.execute().returnContent().asString(); + showTestResult(content); + assertNotNull(content); + + } + + @Test + public void badLogin() throws URISyntaxException, IOException { + + Request request = createRequest("/v1/login") + .addParameter("login", "admin" + System.nanoTime()) + .addParameter("password", "admin" + System.nanoTime()) + .Post(); + + Response response = request.execute(); + int statusCode = response.returnResponse().getStatusLine().getStatusCode(); + Assert.assertEquals(401, statusCode); + + } + + @Test + public void badPassword() throws URISyntaxException, IOException { + + Request request = createRequest("/v1/login") + .addParameter("login", "admin") + .addParameter("password", "admin" + System.nanoTime()) + .Post(); + + Response response = request.execute(); + int statusCode = response.returnResponse().getStatusLine().getStatusCode(); + Assert.assertEquals(401, statusCode); + + } +} diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityRealm.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityRealm.java index ba936b7..f873a75 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityRealm.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityRealm.java @@ -33,7 +33,9 @@ import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; +import org.apache.shiro.util.SimpleByteSource; import org.chorem.pollen.persistence.PollenTopiaPersistenceContext; +import org.chorem.pollen.persistence.entity.PollenUser; import org.chorem.pollen.services.PollenApplicationContext; /** @@ -77,22 +79,23 @@ public class PollenSecurityRealm extends AuthorizingRealm { UsernamePasswordToken upToken = (UsernamePasswordToken) token; String username = upToken.getUsername(); - PollenTopiaPersistenceContext persistenceContext = applicationContext.newPersistenceContext(); try { - boolean loginExists = persistenceContext.getPollenUserDao().loginExists(username); + PollenUser pollenUser = + persistenceContext.getPollenUserDao().forLoginEquals(username).findUniqueOrNull(); - if (!loginExists) { + if (pollenUser == null) { throw new AuthenticationException(); } - char[] password = upToken.getPassword(); + String salt = pollenUser.getSalt(); SimpleAuthenticationInfo result = - new SimpleAuthenticationInfo(username, password, getName()); + new SimpleAuthenticationInfo(username, pollenUser.getPassword(), new SimpleByteSource(salt), getName()); return result; + } finally { persistenceContext.closeContext(); } diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java index 5d7241b..bc1b27c 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java @@ -67,7 +67,9 @@ public class SecurityService extends PollenServiceSupport { Subject subject = getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(login, password); - token.setRememberMe(rememberMe); + if (rememberMe != null) { + token.setRememberMe(rememberMe); + } try { subject.login(token); -- To stop receiving notification emails like this one, please contact Chorem.org SCM administrator <admin+scm@chorem.org>.