Add authentication function and filters for eventuserlist

Yes, yes. I know.. Authentication with session is not strictly REST.

Add authentication function and filters for eventuserlist
Yes, yes. I know.. Authentication with session is not strictly REST.
Tuomas Riihimäki
Commit ccd37ebf authored Jan 10, 2015 by Tuomas Riihimäki
Showing with 73 additions and 6 deletions
code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java
code/moya-web/src/main/java/fi/codecrew/moya/rest/UserRestView.java
--- a/code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java
+++ b/code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java
@@ -126,7 +126,7 @@ public class HostnameFilter implements Filter {
 	 */

 	private static final String[] NOAUTH_RESTPATHS = new String[] {
-			"/reader/EventRole/",
+			"/reader/EventRole/","/user/auth"

 	};

@@ -197,6 +197,7 @@ public class HostnameFilter implements Filter {

 	private boolean restAuth(HttpServletRequest httpRequest, ServletResponse response) {

+		
 		String sp = httpRequest.getPathInfo();
 		for (String s : NOAUTH_RESTPATHS) {
 			if (sp.startsWith(s)) {

--- a/code/moya-web/src/main/java/fi/codecrew/moya/rest/UserRestView.java
+++ b/code/moya-web/src/main/java/fi/codecrew/moya/rest/UserRestView.java
@@ -18,18 +18,35 @@
 */
 package fi.codecrew.moya.rest;

+import java.security.Principal;
+
+import javax.annotation.Resource;
 import javax.ejb.EJB;
+import javax.ejb.SessionContext;
 import javax.enterprise.context.RequestScoped;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Consumes;
+import javax.ws.rs.DefaultValue;
 import javax.ws.rs.FormParam;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
+import javax.ws.rs.core.Response.Status;
+
+import org.apache.http.HttpRequest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;

 import fi.codecrew.moya.beans.CardTemplateBeanLocal;
+import fi.codecrew.moya.beans.PermissionBeanLocal;
 import fi.codecrew.moya.beans.UserBeanLocal;
 import fi.codecrew.moya.model.EventUser;
 import fi.codecrew.moya.rest.pojo.userinfo.v1.EventUserRestPojo;
@@ -51,10 +68,59 @@ public class UserRestView {
 	@EJB
 	private CardTemplateBeanLocal cardbean;

+	@Context
+	private HttpServletRequest servletRequest;
+
+	@EJB
+	private PermissionBeanLocal permbean;
+
+	private static final Logger logger = LoggerFactory.getLogger(UserRestView.class);
+
+	@POST
+	@Path("/auth")
+	@Produces({ MediaType.APPLICATION_JSON })
+	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+	public Response auth(
+			@FormParam("username") String username,
+			@FormParam("password") String password) {
+		logger.info("Tried to login with rest {} , {}", username, password);
+		boolean success = true;
+		try {
+
+			Principal principal = servletRequest.getUserPrincipal();
+			if (principal != null) {
+				logger.info("Current username {}", principal.getName());
+
+				if (principal.getName() != null && !principal.getName().equals(username)) {
+					logger.info("Trying to logout from user {}", principal.getName());
+					servletRequest.logout();
+				}
+			}
+			if (principal == null || principal.getName() == null || !principal.getName().equals(username)) {
+
+				servletRequest.getSession(true);
+				servletRequest.login(username, password);
+			}
+		} catch (ServletException e) {
+			success = false;
+		}
+		ResponseBuilder ret = null;
+		if (success)
+			ret = Response.ok(PojoUtils.initEventUserRestPojo(permbean.getCurrentUser()));
+		else
+			ret = Response.status(Status.FORBIDDEN);
+		return ret.build();
+	}
+
 	@GET
 	@Path("/eventusers")
-	public SimpleEventuserRoot getEventUsers() {
-		UserSearchQuery q = new UserSearchQuery(0, 0, null, null, QuerySortOrder.UNSORTED);
+	public SimpleEventuserRoot getEventUsers(
+			@DefaultValue("0") @QueryParam("pagesize") Integer pagesize,
+			@DefaultValue("0") @QueryParam("page") Integer page,
+			@QueryParam("search") String search
+			) {
+
+		UserSearchQuery q = new UserSearchQuery(page, pagesize, null, search, QuerySortOrder.UNSORTED);
 		SearchResult<EventUser> users = userbean.getThisEventsUsers(q);
 		return PojoUtils.parseEventusers(users.getResults());
 	}
@@ -66,13 +132,13 @@ public class UserRestView {
 		return PojoUtils.initPrintedCardRestPojo(cardbean.checkPrintedCard(user));

 	}
-	
+
 	@GET
 	@Path("/eventuser/{cardauthcode}")
 	public EventUserRestPojo getEventUser(@PathParam("cardauthcode") String code) {
-		
+
 		EventUser user = userbean.getUserByAuthcode(code);
-		if(user != null)
+		if (user != null)
 			return PojoUtils.initEventUserRestPojo(user);
 		else
 			return new EventUserRestPojo();