Merge branch 'restauth' into 'master'

Random minor fixes and additions for android app

Check commit messages.

See merge request !195

code/moya-beans-client/ejbModule/fi/codecrew/moya/beans/PermissionBeanLocal.java

@@ -60,6 +60,8 @@ public interface PermissionBeanLocal {
 
 	boolean hasPermission(SpecialPermission superadmin);
 
+	boolean isCurrentUser(String login);
+
 	// boolean hasPermission(String perm);
 
 }

code/moya-beans/ejbModule/fi/codecrew/moya/beans/JaasBean.java

@@ -114,7 +114,7 @@ public class JaasBean implements MoyaRealmBeanRemote {
 
 		// If there is no eventuser found, try to create one.
 		if (user != null) {
-			logger.info("TryLogin user not null: {}", user);
+			logger.info("TryLogin user not null: {}, login {}", user, user.getLogin());
 			if (user.isAnonymous()) {
 				logger.info("logging in as anonymous!!!");
 			} else if (!user.checkPassword(password)) {
@@ -140,7 +140,7 @@ public class JaasBean implements MoyaRealmBeanRemote {
 			}
 
 			// jos logitetaan anomuumi, niin uuden tapahtuman luominen hajoaa jännästi.
-			if (!user.isAnonymous())
+			if (user != null && !user.isAnonymous())
 				secubean.sendMessage(MoyaEventType.LOGIN_SUCCESSFULL, eventUser, "User logged in with username: '", username, "' eventuser: ", eventUser);
 		} else {
 			secubean.sendMessage(MoyaEventType.LOGIN_FAILED, eventUserFacade.findByLogin(User.ANONYMOUS_LOGINNAME), "Login failed: Username not found: ", username);

code/moya-beans/ejbModule/fi/codecrew/moya/beans/PermissionBean.java

@@ -156,7 +156,14 @@ public class PermissionBean implements PermissionBeanLocal {
 
 	@Override
 	public boolean isCurrentUser(User user) {
-		return (context.getCallerPrincipal() == null || user == null) ? false : context.getCallerPrincipal().getName().equals(user.getLogin());
+
+		return user != null && isCurrentUser(user.getLogin());
+	}
+
+	@Override
+	public boolean isCurrentUser(String login) {
+		return (context.getCallerPrincipal() == null || login == null) ? false : context.getCallerPrincipal().getName().equals(login);
+
 	}
 
 	@Override
@@ -215,7 +222,7 @@ public class PermissionBean implements PermissionBeanLocal {
 		//logger.debug("Principal: {}", principal);
 
 		String principalName = principal.getName();
-	//	logger.debug("Principal is {}", principalName);
+		//	logger.debug("Principal is {}", principalName);
 
 		return principalName;
 	}

code/moya-restpojo/pom.xml

@@ -2,19 +2,50 @@
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<artifactId>moya-restpojo</artifactId>
-	<parent>
-		<groupId>fi.codecrew.moya</groupId>
-		<artifactId>moya-parent</artifactId>
-		<version>1.0</version>
-		<relativePath>../moya-parent/pom.xml</relativePath>
-	</parent>
-	<!--  
-	<dependencies>
-		<dependency>
-			<groupId>fi.codecrew.moya</groupId>
-			<artifactId>moya-database</artifactId>
-			<version>${moya.version}</version>
-		</dependency>
-	</dependencies>
-	-->
+	<groupId>fi.codecrew.moya</groupId>
+	<version>1.0</version>
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<version>3.1</version>
+				<configuration>
+					<source>1.5</source>
+					<target>1.5</target>
+					<encoding>UTF-8</encoding>
+				</configuration>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-source-plugin</artifactId>
+				<executions>
+					<execution>
+						<id>attach-sources</id>
+						<goals>
+							<goal>jar</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+
+		</plugins>
+		<extensions>
+			<extension>
+				<groupId>org.apache.maven.wagon</groupId>
+				<artifactId>wagon-ssh</artifactId>
+				<version>2.7</version>
+			</extension>
+		</extensions>
+	</build>
+	<distributionManagement>
+		<downloadUrl>http://codecrew.fi/mvn</downloadUrl>
+		<repository>
+			<id>Codecrew</id>
+			<name>codecrew</name>
+			<url>sftp://codecrew.fi/var/www/website/mvn</url>
+		</repository>
+	</distributionManagement>
+
+
 </project>
\ No newline at end of file

code/moya-restpojo/src/main/java/fi/codecrew/moya/rest/pojo/network/v1/NetworkAssociationInfolistResponseRoot.java

@@ -28,7 +28,7 @@ public class NetworkAssociationInfolistResponseRoot {
 	private List<NetworkAssociationInfoPojo> associations;
 	
 	public NetworkAssociationInfolistResponseRoot() {
-		this.associations = new ArrayList<>();
+		this.associations = new ArrayList<NetworkAssociationInfoPojo>();
 	}
 
 	public List<NetworkAssociationInfoPojo> getAssociations() {

code/moya-restpojo/src/main/java/fi/codecrew/moya/rest/pojo/placemap/v1/PlacemapMapRootPojo.java

@@ -5,15 +5,11 @@ import java.util.List;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 @XmlRootElement
 public class PlacemapMapRootPojo {
 
 	private MapPojo map;
 	private List<ProductRestPojo> products;
-	private static final Logger logger = LoggerFactory.getLogger(PlacemapMapRootPojo.class);
 
 	public PlacemapMapRootPojo() {
 	}

code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java

@@ -126,7 +126,7 @@ public class HostnameFilter implements Filter {
 	 */
 
 	private static final String[] NOAUTH_RESTPATHS = new String[] {
-			"/reader/EventRole/",
+			"/reader/EventRole/","/user/auth"
 
 	};
 
@@ -197,6 +197,7 @@ public class HostnameFilter implements Filter {
 
 	private boolean restAuth(HttpServletRequest httpRequest, ServletResponse response) {
 
+		
 		String sp = httpRequest.getPathInfo();
 		for (String s : NOAUTH_RESTPATHS) {
 			if (sp.startsWith(s)) {

code/moya-web/src/main/java/fi/codecrew/moya/rest/UserRestView.java

@@ -18,18 +18,35 @@
  */
 package fi.codecrew.moya.rest;
 
+import java.security.Principal;
+
+import javax.annotation.Resource;
 import javax.ejb.EJB;
+import javax.ejb.SessionContext;
 import javax.enterprise.context.RequestScoped;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Consumes;
+import javax.ws.rs.DefaultValue;
 import javax.ws.rs.FormParam;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
+import javax.ws.rs.core.Response.Status;
+
+import org.apache.http.HttpRequest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import fi.codecrew.moya.beans.CardTemplateBeanLocal;
+import fi.codecrew.moya.beans.PermissionBeanLocal;
 import fi.codecrew.moya.beans.UserBeanLocal;
 import fi.codecrew.moya.model.EventUser;
 import fi.codecrew.moya.rest.pojo.userinfo.v1.EventUserRestPojo;
@@ -51,10 +68,59 @@ public class UserRestView {
 	@EJB
 	private CardTemplateBeanLocal cardbean;
 
+	@Context
+	private HttpServletRequest servletRequest;
+
+	@EJB
+	private PermissionBeanLocal permbean;
+
+	private static final Logger logger = LoggerFactory.getLogger(UserRestView.class);
+
+	@POST
+	@Path("/auth")
+	@Produces({ MediaType.APPLICATION_JSON })
+	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+	public Response auth(
+			@FormParam("username") String username,
+			@FormParam("password") String password) {
+		logger.info("Tried to login with rest {} , {}", username, password);
+		boolean success = true;
+		try {
+
+			Principal principal = servletRequest.getUserPrincipal();
+			if (principal != null) {
+				logger.info("Current username {}", principal.getName());
+
+				if (principal.getName() != null && !principal.getName().equals(username)) {
+					logger.info("Trying to logout from user {}", principal.getName());
+					servletRequest.logout();
+				}
+			}
+			if (principal == null || principal.getName() == null || !principal.getName().equals(username)) {
+
+				servletRequest.getSession(true);
+				servletRequest.login(username, password);
+			}
+		} catch (ServletException e) {
+			success = false;
+		}
+		ResponseBuilder ret = null;
+		if (success)
+			ret = Response.ok(PojoUtils.initEventUserRestPojo(permbean.getCurrentUser()));
+		else
+			ret = Response.status(Status.FORBIDDEN);
+		return ret.build();
+	}
+
 	@GET
 	@Path("/eventusers")
-	public SimpleEventuserRoot getEventUsers() {
-		UserSearchQuery q = new UserSearchQuery(0, 0, null, null, QuerySortOrder.UNSORTED);
+	public SimpleEventuserRoot getEventUsers(
+			@DefaultValue("0") @QueryParam("pagesize") Integer pagesize,
+			@DefaultValue("0") @QueryParam("page") Integer page,
+			@QueryParam("search") String search
+			) {
+
+		UserSearchQuery q = new UserSearchQuery(page, pagesize, null, search, QuerySortOrder.UNSORTED);
 		SearchResult<EventUser> users = userbean.getThisEventsUsers(q);
 		return PojoUtils.parseEventusers(users.getResults());
 	}
@@ -66,13 +132,13 @@ public class UserRestView {
 		return PojoUtils.initPrintedCardRestPojo(cardbean.checkPrintedCard(user));
 
 	}
-	
+
 	@GET
 	@Path("/eventuser/{cardauthcode}")
 	public EventUserRestPojo getEventUser(@PathParam("cardauthcode") String code) {
-		
+
 		EventUser user = userbean.getUserByAuthcode(code);
-		if(user != null)
+		if (user != null)
 			return PojoUtils.initEventUserRestPojo(user);
 		else
 			return new EventUserRestPojo();