Add some checks to stuff broken by domain migration from thread-store to username

code/moya-beans/ejbModule/fi/codecrew/moya/beans/CardTemplateBean.java

@@ -168,7 +168,7 @@ public class CardTemplateBean implements CardTemplateBeanLocal {
 	public PrintedCard checkPrintedCard(EventUser user) {
 		logger.info("Checking printed card");
 
-		user = eventUserFacade.find(user.getId());
+		user = eventUserFacade.reload(user);
 
 		LanEvent currEvent = eventBean.getCurrentEvent();
 		List<PrintedCard> myCards = printedcardfacade.getCards(user);

code/moya-utils/src/main/java/fi/codecrew/moya/utilities/UserLoginUtils.java

@@ -32,6 +32,12 @@ public class UserLoginUtils {
 	}
 
 	public static String getUsernameFromJaasString(String username) {
-		return username.split("@[^@]+$")[0];
+		String[] splitted = username.split("@[^@]+$");
+
+		String ret = null;
+		if (splitted.length > 0) {
+			ret = splitted[0];
+		}
+		return ret;
 	}
 }

code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java

@@ -246,7 +246,7 @@ public class HostnameFilter implements Filter {
 		restAuthStr = httpRequest.getHeader("Authorization");
 		// }
 
-		if (restAuthStr == null) {
+		if (restAuthStr == null && httpRequest.getParameter("appkey") != null) {
 
 			StringBuilder hashBuilder = new StringBuilder();
 			hashBuilder.append(JaasBeanLocal.REST_PREFIX);
@@ -257,9 +257,15 @@ public class HostnameFilter implements Filter {
 			hashBuilder.append(httpRequest.getPathInfo());
 			restAuthStr = hashBuilder.toString();
 		}
+
 		boolean ret = true;
 		try {
-			httpRequest.login('@' + parseHostname(httpRequest), restAuthStr);
+			if (restAuthStr == null) {
+				throw new ServletException("No auth data");
+			}
+			final String username = "@" + parseHostname(httpRequest);
+			logger.info("Logging in with username {} and password {}", username, restAuthStr);
+			httpRequest.login(username, restAuthStr);
 		} catch (ServletException loginEx) {
 			ret = false;
 			logger.info("Rest api authentication failed for path " + httpRequest.getPathInfo() + " "
@@ -296,10 +302,11 @@ public class HostnameFilter implements Filter {
 				logbean.sendMessage(MoyaEventType.USER_PERMISSION_VIOLATION,
 					"Hostname mismatch privilege escalation! User '", httpRequest.getUserPrincipal(), "' tried to change hostname from '",
 					userDomain, "' to '", hostname, ",");
-				throw new RuntimeException("Hostname mismatch!");
+				throw new RuntimeException("Hostname mismatch! Expected: " + hostname + " but logged in as " + userDomain);
+
+
 			}
 		}
-
 		BortalLocalContextHolder.setInDevelopmentMode(developmentMode);
 		return hostname;
 

code/moya-web/src/main/java/fi/codecrew/moya/rest/UserRestView.java

@@ -43,6 +43,7 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.ResponseBuilder;
 import javax.ws.rs.core.Response.Status;
 
+import fi.codecrew.moya.model.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -59,12 +60,6 @@ import fi.codecrew.moya.beans.TicketBeanLocal;
 import fi.codecrew.moya.beans.UserBeanLocal;
 import fi.codecrew.moya.entitysearch.UserSearchQuery;
 import fi.codecrew.moya.enums.apps.UserPermission;
-import fi.codecrew.moya.model.EventUser;
-import fi.codecrew.moya.model.GroupMembership;
-import fi.codecrew.moya.model.Place;
-import fi.codecrew.moya.model.ReaderEvent;
-import fi.codecrew.moya.model.User;
-import fi.codecrew.moya.model.UserImage;
 import fi.codecrew.moya.rest.pojo.userinfo.v1.EventUserRestPojo;
 import fi.codecrew.moya.rest.pojo.userinfo.v1.PrintedCardRestPojo;
 import fi.codecrew.moya.rest.pojo.userinfo.v1.SimpleEventuserRoot;
@@ -75,8 +70,8 @@ import fi.codecrew.moya.utilities.SearchResult;
 
 @RequestScoped
 @Path("/user")
-@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
-@Produces({ MediaType.APPLICATION_JSON + "; charset=UTF-8" })
+@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+@Produces({MediaType.APPLICATION_JSON + "; charset=UTF-8"})
 @Api(value = "/user", description = "Administer users")
 public class UserRestView {
 
@@ -200,7 +195,7 @@ public class UserRestView {
 
 	@POST
 	@Path("/auth")
-	@Produces({ MediaType.APPLICATION_JSON })
+	@Produces({MediaType.APPLICATION_JSON})
 	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
 	@ApiOperation(value = "Authenticate", response = EventUserRestPojo.class)
 	public Response auth(
@@ -266,7 +261,12 @@ public class UserRestView {
 	public PrintedCardRestPojo getUsersCard(
 		@ApiParam("EventUser entity ID") @PathParam("eventuserId") Integer eventuserid) {
 		EventUser user = userbean.findByEventUserId(eventuserid);
-		return PojoUtils.initPrintedCardRestPojo(cardbean.checkPrintedCard(user));
+		logger.warn("users card for user: {}", user);
+		PrintedCard card = cardbean.checkPrintedCard(user);
+		if (card == null) {
+			return null;
+		}
+		return PojoUtils.initPrintedCardRestPojo(card);
 
 	}
 
@@ -285,7 +285,7 @@ public class UserRestView {
 
 	@GET
 	@Path("/")
-    @Produces({ MediaType.APPLICATION_JSON })
+	@Produces({MediaType.APPLICATION_JSON})
 	@ApiOperation(value = "Find event user", response = EventUserRestPojo.class)
 	public Response getEventUser(@QueryParam("email") @ApiParam("Email address") String email,
 								 @QueryParam("login") @ApiParam("Username") String userName) {
@@ -302,7 +302,7 @@ public class UserRestView {
 				user = userbean.findUserByEmailUsername(email);
 			}
 
-            if(user != null) {
+			if (user != null) {
 				eventUser = userbean.getEventUser(user, true);
 			} else {
 				// Get the user
@@ -324,7 +324,7 @@ public class UserRestView {
 
 	@POST
 	@Path("/{userid}/check-password")
-    @Produces({ MediaType.APPLICATION_JSON })
+	@Produces({MediaType.APPLICATION_JSON})
 	@ApiOperation(value = "Check user password", response = EventUserRestPojo.class)
 	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
 	public Response checkPassword(@PathParam("userid") @ApiParam("User ID") Integer userId,
@@ -355,7 +355,7 @@ public class UserRestView {
 
 	@POST
 	@Path("/{userid}/reset-password")
-    @Produces({ MediaType.APPLICATION_JSON })
+	@Produces({MediaType.APPLICATION_JSON})
 	@ApiOperation(value = "Reset user password", response = EventUserRestPojo.class)
 	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
 	public Response resetPassword(@PathParam("userid") @ApiParam("User ID") Integer userId,
@@ -376,6 +376,7 @@ public class UserRestView {
 
 	/**
 	 * Post forma parameter "image" with the image data in it.
+	 *
 	 * @param request
 	 * @param userId
 	 * @return