Add some checks to stuff broken by domain migration from thread-store to username

code/moya-beans/ejbModule/fi/codecrew/moya/beans/CardTemplateBean.java

@@ -168,7 +168,7 @@ public class CardTemplateBean implements CardTemplateBeanLocal {
 	public PrintedCard checkPrintedCard(EventUser user) {
 	public PrintedCard checkPrintedCard(EventUser user) {
 		logger.info("Checking printed card");
 		logger.info("Checking printed card");
 
 
-		user = eventUserFacade.find(user.getId());
+		user = eventUserFacade.reload(user);
 
 
 		LanEvent currEvent = eventBean.getCurrentEvent();
 		LanEvent currEvent = eventBean.getCurrentEvent();
 		List<PrintedCard> myCards = printedcardfacade.getCards(user);
 		List<PrintedCard> myCards = printedcardfacade.getCards(user);

code/moya-utils/src/main/java/fi/codecrew/moya/utilities/UserLoginUtils.java

@@ -32,6 +32,12 @@ public class UserLoginUtils {
 	}
 	}
 
 
 	public static String getUsernameFromJaasString(String username) {
 	public static String getUsernameFromJaasString(String username) {
-		return username.split("@[^@]+$")[0];
+		String[] splitted = username.split("@[^@]+$");
+
+		String ret = null;
+		if (splitted.length > 0) {
+			ret = splitted[0];
+		}
+		return ret;
 	}
 	}
 }
 }

code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java

@@ -246,7 +246,7 @@ public class HostnameFilter implements Filter {
 		restAuthStr = httpRequest.getHeader("Authorization");
 		restAuthStr = httpRequest.getHeader("Authorization");
 		// }
 		// }
 
 
-		if (restAuthStr == null) {
+		if (restAuthStr == null && httpRequest.getParameter("appkey") != null) {
 
 
 			StringBuilder hashBuilder = new StringBuilder();
 			StringBuilder hashBuilder = new StringBuilder();
 			hashBuilder.append(JaasBeanLocal.REST_PREFIX);
 			hashBuilder.append(JaasBeanLocal.REST_PREFIX);
@@ -257,9 +257,15 @@ public class HostnameFilter implements Filter {
 			hashBuilder.append(httpRequest.getPathInfo());
 			hashBuilder.append(httpRequest.getPathInfo());
 			restAuthStr = hashBuilder.toString();
 			restAuthStr = hashBuilder.toString();
 		}
 		}
+
 		boolean ret = true;
 		boolean ret = true;
 		try {
 		try {
-			httpRequest.login('@' + parseHostname(httpRequest), restAuthStr);
+			if (restAuthStr == null) {
+				throw new ServletException("No auth data");
+			}
+			final String username = "@" + parseHostname(httpRequest);
+			logger.info("Logging in with username {} and password {}", username, restAuthStr);
+			httpRequest.login(username, restAuthStr);
 		} catch (ServletException loginEx) {
 		} catch (ServletException loginEx) {
 			ret = false;
 			ret = false;
 			logger.info("Rest api authentication failed for path " + httpRequest.getPathInfo() + " "
 			logger.info("Rest api authentication failed for path " + httpRequest.getPathInfo() + " "
@@ -296,10 +302,11 @@ public class HostnameFilter implements Filter {
 				logbean.sendMessage(MoyaEventType.USER_PERMISSION_VIOLATION,
 				logbean.sendMessage(MoyaEventType.USER_PERMISSION_VIOLATION,
 					"Hostname mismatch privilege escalation! User '", httpRequest.getUserPrincipal(), "' tried to change hostname from '",
 					"Hostname mismatch privilege escalation! User '", httpRequest.getUserPrincipal(), "' tried to change hostname from '",
 					userDomain, "' to '", hostname, ",");
 					userDomain, "' to '", hostname, ",");
-				throw new RuntimeException("Hostname mismatch!");
+				throw new RuntimeException("Hostname mismatch! Expected: " + hostname + " but logged in as " + userDomain);
+
+
 			}
 			}
 		}
 		}
-
 		BortalLocalContextHolder.setInDevelopmentMode(developmentMode);
 		BortalLocalContextHolder.setInDevelopmentMode(developmentMode);
 		return hostname;
 		return hostname;
 
 

code/moya-web/src/main/java/fi/codecrew/moya/rest/UserRestView.java

@@ -43,6 +43,7 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.ResponseBuilder;
 import javax.ws.rs.core.Response.ResponseBuilder;
 import javax.ws.rs.core.Response.Status;
 import javax.ws.rs.core.Response.Status;
 
 
+import fi.codecrew.moya.model.*;
 import org.slf4j.Logger;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.slf4j.LoggerFactory;
 
 
@@ -59,12 +60,6 @@ import fi.codecrew.moya.beans.TicketBeanLocal;
 import fi.codecrew.moya.beans.UserBeanLocal;
 import fi.codecrew.moya.beans.UserBeanLocal;
 import fi.codecrew.moya.entitysearch.UserSearchQuery;
 import fi.codecrew.moya.entitysearch.UserSearchQuery;
 import fi.codecrew.moya.enums.apps.UserPermission;
 import fi.codecrew.moya.enums.apps.UserPermission;
-import fi.codecrew.moya.model.EventUser;
-import fi.codecrew.moya.model.GroupMembership;
-import fi.codecrew.moya.model.Place;
-import fi.codecrew.moya.model.ReaderEvent;
-import fi.codecrew.moya.model.User;
-import fi.codecrew.moya.model.UserImage;
 import fi.codecrew.moya.rest.pojo.userinfo.v1.EventUserRestPojo;
 import fi.codecrew.moya.rest.pojo.userinfo.v1.EventUserRestPojo;
 import fi.codecrew.moya.rest.pojo.userinfo.v1.PrintedCardRestPojo;
 import fi.codecrew.moya.rest.pojo.userinfo.v1.PrintedCardRestPojo;
 import fi.codecrew.moya.rest.pojo.userinfo.v1.SimpleEventuserRoot;
 import fi.codecrew.moya.rest.pojo.userinfo.v1.SimpleEventuserRoot;
@@ -75,8 +70,8 @@ import fi.codecrew.moya.utilities.SearchResult;
 
 
 @RequestScoped
 @RequestScoped
 @Path("/user")
 @Path("/user")
-@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
-@Produces({ MediaType.APPLICATION_JSON + "; charset=UTF-8" })
+@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+@Produces({MediaType.APPLICATION_JSON + "; charset=UTF-8"})
 @Api(value = "/user", description = "Administer users")
 @Api(value = "/user", description = "Administer users")
 public class UserRestView {
 public class UserRestView {
 
 
@@ -200,7 +195,7 @@ public class UserRestView {
 
 
 	@POST
 	@POST
 	@Path("/auth")
 	@Path("/auth")
-	@Produces({ MediaType.APPLICATION_JSON })
+	@Produces({MediaType.APPLICATION_JSON})
 	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
 	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
 	@ApiOperation(value = "Authenticate", response = EventUserRestPojo.class)
 	@ApiOperation(value = "Authenticate", response = EventUserRestPojo.class)
 	public Response auth(
 	public Response auth(
@@ -266,7 +261,12 @@ public class UserRestView {
 	public PrintedCardRestPojo getUsersCard(
 	public PrintedCardRestPojo getUsersCard(
 		@ApiParam("EventUser entity ID") @PathParam("eventuserId") Integer eventuserid) {
 		@ApiParam("EventUser entity ID") @PathParam("eventuserId") Integer eventuserid) {
 		EventUser user = userbean.findByEventUserId(eventuserid);
 		EventUser user = userbean.findByEventUserId(eventuserid);
-		return PojoUtils.initPrintedCardRestPojo(cardbean.checkPrintedCard(user));
+		logger.warn("users card for user: {}", user);
+		PrintedCard card = cardbean.checkPrintedCard(user);
+		if (card == null) {
+			return null;
+		}
+		return PojoUtils.initPrintedCardRestPojo(card);
 
 
 	}
 	}
 
 
@@ -285,7 +285,7 @@ public class UserRestView {
 
 
 	@GET
 	@GET
 	@Path("/")
 	@Path("/")
-    @Produces({ MediaType.APPLICATION_JSON })
+	@Produces({MediaType.APPLICATION_JSON})
 	@ApiOperation(value = "Find event user", response = EventUserRestPojo.class)
 	@ApiOperation(value = "Find event user", response = EventUserRestPojo.class)
 	public Response getEventUser(@QueryParam("email") @ApiParam("Email address") String email,
 	public Response getEventUser(@QueryParam("email") @ApiParam("Email address") String email,
 								 @QueryParam("login") @ApiParam("Username") String userName) {
 								 @QueryParam("login") @ApiParam("Username") String userName) {
@@ -302,7 +302,7 @@ public class UserRestView {
 				user = userbean.findUserByEmailUsername(email);
 				user = userbean.findUserByEmailUsername(email);
 			}
 			}
 
 
-            if(user != null) {
+			if (user != null) {
 				eventUser = userbean.getEventUser(user, true);
 				eventUser = userbean.getEventUser(user, true);
 			} else {
 			} else {
 				// Get the user
 				// Get the user
@@ -324,7 +324,7 @@ public class UserRestView {
 
 
 	@POST
 	@POST
 	@Path("/{userid}/check-password")
 	@Path("/{userid}/check-password")
-    @Produces({ MediaType.APPLICATION_JSON })
+	@Produces({MediaType.APPLICATION_JSON})
 	@ApiOperation(value = "Check user password", response = EventUserRestPojo.class)
 	@ApiOperation(value = "Check user password", response = EventUserRestPojo.class)
 	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
 	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
 	public Response checkPassword(@PathParam("userid") @ApiParam("User ID") Integer userId,
 	public Response checkPassword(@PathParam("userid") @ApiParam("User ID") Integer userId,
@@ -355,7 +355,7 @@ public class UserRestView {
 
 
 	@POST
 	@POST
 	@Path("/{userid}/reset-password")
 	@Path("/{userid}/reset-password")
-    @Produces({ MediaType.APPLICATION_JSON })
+	@Produces({MediaType.APPLICATION_JSON})
 	@ApiOperation(value = "Reset user password", response = EventUserRestPojo.class)
 	@ApiOperation(value = "Reset user password", response = EventUserRestPojo.class)
 	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
 	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
 	public Response resetPassword(@PathParam("userid") @ApiParam("User ID") Integer userId,
 	public Response resetPassword(@PathParam("userid") @ApiParam("User ID") Integer userId,
@@ -376,6 +376,7 @@ public class UserRestView {
 
 
 	/**
 	/**
 	 * Post forma parameter "image" with the image data in it.
 	 * Post forma parameter "image" with the image data in it.
+	 *
 	 * @param request
 	 * @param request
 	 * @param userId
 	 * @param userId
 	 * @return
 	 * @return