Add some checks to stuff broken by domain migration from thread-store to username

code/moya-beans/ejbModule/fi/codecrew/moya/beans/CardTemplateBean.java

@@ -168,7 +168,7 @@ public class CardTemplateBean implements CardTemplateBeanLocal {
 	public PrintedCard checkPrintedCard(EventUser user) {
 	public PrintedCard checkPrintedCard(EventUser user) {
 		logger.info("Checking printed card");
 		logger.info("Checking printed card");
 
 
-		user = eventUserFacade.find(user.getId());
+		user = eventUserFacade.reload(user);
 
 
 		LanEvent currEvent = eventBean.getCurrentEvent();
 		LanEvent currEvent = eventBean.getCurrentEvent();
 		List<PrintedCard> myCards = printedcardfacade.getCards(user);
 		List<PrintedCard> myCards = printedcardfacade.getCards(user);

code/moya-utils/src/main/java/fi/codecrew/moya/utilities/UserLoginUtils.java

@@ -32,6 +32,12 @@ public class UserLoginUtils {
 	}
 	}
 
 
 	public static String getUsernameFromJaasString(String username) {
 	public static String getUsernameFromJaasString(String username) {
-		return username.split("@[^@]+$")[0];
+		String[] splitted = username.split("@[^@]+$");
+
+		String ret = null;
+		if (splitted.length > 0) {
+			ret = splitted[0];
+		}
+		return ret;
 	}
 	}
 }
 }

code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java

@@ -246,7 +246,7 @@ public class HostnameFilter implements Filter {
 		restAuthStr = httpRequest.getHeader("Authorization");
 		restAuthStr = httpRequest.getHeader("Authorization");
 		// }
 		// }
 
 
-		if (restAuthStr == null) {
+		if (restAuthStr == null && httpRequest.getParameter("appkey") != null) {
 
 
 			StringBuilder hashBuilder = new StringBuilder();
 			StringBuilder hashBuilder = new StringBuilder();
 			hashBuilder.append(JaasBeanLocal.REST_PREFIX);
 			hashBuilder.append(JaasBeanLocal.REST_PREFIX);
@@ -257,9 +257,15 @@ public class HostnameFilter implements Filter {
 			hashBuilder.append(httpRequest.getPathInfo());
 			hashBuilder.append(httpRequest.getPathInfo());
 			restAuthStr = hashBuilder.toString();
 			restAuthStr = hashBuilder.toString();
 		}
 		}
+
 		boolean ret = true;
 		boolean ret = true;
 		try {
 		try {
-			httpRequest.login('@' + parseHostname(httpRequest), restAuthStr);
+			if (restAuthStr == null) {
+				throw new ServletException("No auth data");
+			}
+			final String username = "@" + parseHostname(httpRequest);
+			logger.info("Logging in with username {} and password {}", username, restAuthStr);
+			httpRequest.login(username, restAuthStr);
 		} catch (ServletException loginEx) {
 		} catch (ServletException loginEx) {
 			ret = false;
 			ret = false;
 			logger.info("Rest api authentication failed for path " + httpRequest.getPathInfo() + " "
 			logger.info("Rest api authentication failed for path " + httpRequest.getPathInfo() + " "
@@ -296,10 +302,11 @@ public class HostnameFilter implements Filter {
 				logbean.sendMessage(MoyaEventType.USER_PERMISSION_VIOLATION,
 				logbean.sendMessage(MoyaEventType.USER_PERMISSION_VIOLATION,
 					"Hostname mismatch privilege escalation! User '", httpRequest.getUserPrincipal(), "' tried to change hostname from '",
 					"Hostname mismatch privilege escalation! User '", httpRequest.getUserPrincipal(), "' tried to change hostname from '",
 					userDomain, "' to '", hostname, ",");
 					userDomain, "' to '", hostname, ",");
-				throw new RuntimeException("Hostname mismatch!");
+				throw new RuntimeException("Hostname mismatch! Expected: " + hostname + " but logged in as " + userDomain);
+
+
 			}
 			}
 		}
 		}
-
 		BortalLocalContextHolder.setInDevelopmentMode(developmentMode);
 		BortalLocalContextHolder.setInDevelopmentMode(developmentMode);
 		return hostname;
 		return hostname;