Sanitize username

Do not login with anonymous when username has a trailing space.

Sanitize username
Do not login with anonymous when username has a trailing space.
Tuomas Riihimäki
Commit 3900e062 authored Oct 25, 2014 by Tuomas Riihimäki
Showing with 12 additions and 8 deletions
code/moya-beans/ejbModule/fi/codecrew/moya/beans/JaasBean.java
code/moya-beans/ejbModule/fi/codecrew/moya/facade/UserFacade.java
code/moya-web/src/main/java/fi/codecrew/moya/web/cdiview/shop/InviteAcceptView.java
code/moya-web/src/main/java/fi/codecrew/moya/web/cdiview/user/AuthView.java
--- a/code/moya-beans/ejbModule/fi/codecrew/moya/beans/JaasBean.java
+++ b/code/moya-beans/ejbModule/fi/codecrew/moya/beans/JaasBean.java
@@ -84,19 +84,23 @@ public class JaasBean implements MoyaRealmBeanRemote {
 	private EventBean eventorgbean;

 	public EventUser tryLogin(String username, String password) {
+		// 	username = username.trim().toLowerCase();

-		EventUser eventUser = eventUserFacade.findByLogin(username.trim().toLowerCase());
+		EventUser eventUser = eventUserFacade.findByLogin(username);
+		logger.info("Found eventuser '{}' with username '{}'", eventUser, username);

 		User user = null;
 		// Might not have EventUser
 		if (eventUser == null) {
-			user = userfacade.findByLogin(username.trim());
+			user = userfacade.findByLogin(username);
 		} else {
 			user = eventUser.getUser();
 		}
+		logger.info("User '{}' with '{}' ", user, username);

+		// If there is no eventuser found, try to create one.
 		if (user != null) {
-
+			logger.info("TryLogin user not null: {}", user);
 			if (user.isAnonymous()) {
 				logger.info("logging in as anonymous!!!");
 			} else if (!user.checkPassword(password)) {
@@ -255,7 +259,7 @@ public class JaasBean implements MoyaRealmBeanRemote {
 	public String authenticateApp(String pathInfo, String appId, String userId, String appStamp, String mac) {

 		logger.info("Authenticat app with pathinfo {}, appid {}, userid {}, appstamp {}, mac {}",
-				new Object[]{pathInfo, appId, userId, appStamp, mac}
+				new Object[] { pathInfo, appId, userId, appStamp, mac }
 				);
 		if (mac == null) {
 			logger.warn("Rest auth failed: Mac is null");

--- a/code/moya-beans/ejbModule/fi/codecrew/moya/facade/UserFacade.java
+++ b/code/moya-beans/ejbModule/fi/codecrew/moya/facade/UserFacade.java
@@ -89,11 +89,11 @@ public class UserFacade extends IntegerPkGenericFacade<User> {
 	 * 
 	 * @param login
 	 */
-	public User findByLogin(String login) {
+	public User findByLogin(final String login) {
 		CriteriaBuilder cb = getEm().getCriteriaBuilder();
 		CriteriaQuery<User> cq = cb.createQuery(User.class);
 		Root<User> root = cq.from(User.class);
-		cq.where(cb.equal(root.get(User_.login), login.toLowerCase().trim()));
+		cq.where(cb.equal(root.get(User_.login), login));

 		return getSingleNullableResult(getEm().createQuery(cq));
 	}

--- a/code/moya-web/src/main/java/fi/codecrew/moya/web/cdiview/shop/InviteAcceptView.java
+++ b/code/moya-web/src/main/java/fi/codecrew/moya/web/cdiview/shop/InviteAcceptView.java
@@ -115,7 +115,7 @@ public class InviteAcceptView extends GenericCDIView {

 		if (existingUsername == null) {
 			try {
-				req.login(usr, pwd);
+				req.login(usr.trim().toLowerCase(), pwd);
 			} catch (ServletException e) {
 				logger.warn("Login failed for invite user " + usr, e);
 			}

--- a/code/moya-web/src/main/java/fi/codecrew/moya/web/cdiview/user/AuthView.java
+++ b/code/moya-web/src/main/java/fi/codecrew/moya/web/cdiview/user/AuthView.java
@@ -150,7 +150,7 @@ public class AuthView extends GenericCDIView {
 		}

 		try {
-			request.login(login.toLowerCase(), password);
+			request.login(login.trim().toLowerCase(), password);
 		} catch (Throwable e) {
 			logger.info("Error while trying to login {}", e.getMessage());