Add drd required apis

code/moya-beans-client/ejbModule/fi/codecrew/moya/beans/ApiApplicationBeanLocal.java

@@ -33,4 +33,6 @@ public interface ApiApplicationBeanLocal {
 	List<ApiApplication> findAllApplications();
 
 	ApiApplicationInstance createApplicationInstance(ApiApplication application);
+	
+	ApiApplication findApplication(String appKey);
 }

code/moya-beans/ejbModule/fi/codecrew/moya/beans/ApiApplicationBean.java

@@ -19,6 +19,7 @@
 package fi.codecrew.moya.beans;
 
 import java.util.Calendar;
+import java.util.Date;
 import java.util.List;
 
 import javax.annotation.security.DeclareRoles;
@@ -34,6 +35,7 @@ import fi.codecrew.moya.facade.EventUserFacade;
 import fi.codecrew.moya.model.ApiApplication;
 import fi.codecrew.moya.model.ApiApplicationInstance;
 import fi.codecrew.moya.model.EventUser;
+import fi.codecrew.moya.model.LanEvent;
 import fi.codecrew.moya.utilities.PasswordFunctions;
 import fi.codecrew.moya.utilities.moyamessage.MoyaEventType;
 
@@ -76,14 +78,18 @@ public class ApiApplicationBean implements ApiApplicationBeanLocal {
 	@RolesAllowed(SpecialPermission.S_USER)
 	public ApiApplicationInstance createApplicationInstance(ApiApplication application) {
 
+		application = applicationFacade.reload(application);
 		// ugly as shit sanitation for eventName, sorry
-		String eventName = eventBean.getCurrentEvent().getName().replace(" ", "_").replace("ä", "a").replace("ö", "o")
-				.replace("Ä", "A").replace("Ö", "O").replace("å", "a").replace("Å", "A");
+		LanEvent currevent = eventBean.getCurrentEvent();
 
-		String authname = permissionBean.getCurrentUser().getLogin() + "_" + application.getName() + "_" + eventName;
+		String authname = permissionBean.getCurrentUser().getLogin() + "_" + application.getName() + "_" + currevent.getId() + "_" + currevent.getName();
+		// Replace all non-valid characters with '_'
+		authname.replaceAll("[^a-zA-Z0-9._]", "_");
 
-		while (instanceFacade.findInstance(application, authname, eventBean.getCurrentEvent()) != null) {
-			authname += "_";
+		// Ensure authname is unique;
+		final String origAuthname = authname;
+		for (int i = 2; instanceFacade.findInstance(application, authname, eventBean.getCurrentEvent()) != null; ++i) {
+			authname = origAuthname + "_" + i;
 		}
 
 		ApiApplicationInstance instance = new ApiApplicationInstance();
@@ -91,7 +97,7 @@ public class ApiApplicationBean implements ApiApplicationBeanLocal {
 		instance.setApplication(application);
 		instance.setAuthname(authname);
 		instance.setName(application.getName() + " for user: " + permissionBean.getCurrentUser().getLogin());
-		instance.setCreated(Calendar.getInstance().getTime());
+		instance.setCreated(new Date());
 		instance.setEnabled(true);
 		instance.setEventuser(permissionBean.getCurrentUser());
 		instance.setSecretKey(PasswordFunctions.generateRandomString(30));
@@ -104,6 +110,11 @@ public class ApiApplicationBean implements ApiApplicationBeanLocal {
 	}
 
 	@Override
+	public ApiApplication findApplication(String appKey) {
+		return applicationFacade.findByAppid(appKey);
+	}
+
+	@Override
 	@RolesAllowed(SpecialPermission.S_USER)
 	public List<ApiApplication> findMyApplications() {
 		EventUser curruser = permissionBean.getCurrentUser();

code/moya-beans/ejbModule/fi/codecrew/moya/beans/EventBean.java

@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
 
 import fi.codecrew.moya.enums.apps.EventPermission;
 import fi.codecrew.moya.enums.apps.SpecialPermission;
+import fi.codecrew.moya.enums.apps.UserPermission;
 import fi.codecrew.moya.facade.EventFacade;
 import fi.codecrew.moya.facade.EventOrganiserFacade;
 import fi.codecrew.moya.facade.LanEventDomainFacade;
@@ -55,10 +56,12 @@ import fi.codecrew.moya.model.LanEventPropertyKey;
  */
 @Stateless
 @LocalBean
-@DeclareRoles({ EventPermission.S_MANAGE_PRIVATE_PROPERTIES,
+@DeclareRoles({
+	EventPermission.S_MANAGE_PRIVATE_PROPERTIES,
 	EventPermission.S_MANAGE_PROPERTIES,
 	EventPermission.S_MANAGE_EVENT,
 	SpecialPermission.S_SUPERADMIN,
+	SpecialPermission.S_USER
 })
 public class EventBean implements EventBeanLocal {
 
@@ -158,7 +161,7 @@ public class EventBean implements EventBeanLocal {
 	}
 
 	@Override
-	@RolesAllowed({ SpecialPermission.S_SUPERADMIN, EventPermission.S_MANAGE_EVENT })
+	@RolesAllowed({SpecialPermission.S_SUPERADMIN, EventPermission.S_MANAGE_EVENT})
 	public LanEvent mergeChanges(LanEvent event) {
 		if (!permbean.hasPermission(SpecialPermission.SUPERADMIN) && !getCurrentEvent().equals(event)) {
 			throw new EJBAccessException("Trying to save another event.");
@@ -167,7 +170,7 @@ public class EventBean implements EventBeanLocal {
 	}
 
 	@Override
-	@RolesAllowed({ SpecialPermission.S_SUPERADMIN, EventPermission.S_MANAGE_EVENT })
+	@RolesAllowed({SpecialPermission.S_SUPERADMIN, EventPermission.S_MANAGE_EVENT})
 	public void create(LanEvent event) {
 
 		eventFacade.create(event);
@@ -181,7 +184,7 @@ public class EventBean implements EventBeanLocal {
 	}
 
 	@Override
-	@RolesAllowed({ EventPermission.S_MANAGE_PRIVATE_PROPERTIES, EventPermission.S_MANAGE_EVENT })
+	@RolesAllowed({EventPermission.S_MANAGE_PRIVATE_PROPERTIES, EventPermission.S_MANAGE_EVENT})
 	public List<LanEventPrivateProperty> getPrivateProperties() {
 		return eventPrivatePropertyFacade.findAllForEvent();
 	}
@@ -211,8 +214,7 @@ public class EventBean implements EventBeanLocal {
 	}
 
 	@Override
-	public long getPropertyLong(LanEventPropertyKey property)
-	{
+	public long getPropertyLong(LanEventPropertyKey property) {
 		LanEventProperty retProp = eventPropertyFacade.find(getCurrentEvent(), property);
 		long ret = 0;
 		if (retProp == null) {
@@ -224,8 +226,7 @@ public class EventBean implements EventBeanLocal {
 	}
 
 	@Override
-	public String getPropertyString(LanEventPropertyKey property)
-	{
+	public String getPropertyString(LanEventPropertyKey property) {
 		LanEventProperty retProp = eventPropertyFacade.find(getCurrentEvent(), property);
 		String ret = null;
 		if (retProp == null) {
@@ -255,10 +256,11 @@ public class EventBean implements EventBeanLocal {
 	}
 
 	@Override
-	@RolesAllowed({ SpecialPermission.S_SUPERADMIN, EventPermission.S_MANAGE_EVENT })
+	@RolesAllowed({SpecialPermission.S_SUPERADMIN, EventPermission.S_MANAGE_EVENT})
 	public LanEventProperty saveOrCreateProperty(LanEventProperty property) {
 		LanEventProperty ret = null;
-		logger.info("Saving property {}, eventorg {}, key {}", new Object[] { property.getEvent(), property.getEventorg(), property.getKey() });
+		logger.info("Saving property {}, eventorg {}, key {}",
+			new Object[]{property.getEvent(), property.getEventorg(), property.getKey()});
 
 		if (property.getId() == null) {
 			ret = property;
@@ -270,8 +272,7 @@ public class EventBean implements EventBeanLocal {
 			}
 			event.getProperties().add(property);
 
-		}
-		else {
+		} else {
 			ret = eventPropertyFacade.merge(property);
 		}
 		return ret;
@@ -279,16 +280,17 @@ public class EventBean implements EventBeanLocal {
 	}
 
 	@Override
-	@RolesAllowed({ SpecialPermission.S_SUPERADMIN, EventPermission.S_MANAGE_EVENT })
+	@RolesAllowed({SpecialPermission.S_SUPERADMIN, EventPermission.S_MANAGE_EVENT})
 	public EventOrganiser mergeChanges(EventOrganiser eventorg) {
 		return eventOrganiserFacade.merge(eventorg);
 	}
 
 	@Override
-	@RolesAllowed({ EventPermission.S_MANAGE_PRIVATE_PROPERTIES, EventPermission.S_MANAGE_EVENT })
+	@RolesAllowed({EventPermission.S_MANAGE_PRIVATE_PROPERTIES, EventPermission.S_MANAGE_EVENT})
 	public LanEventPrivateProperty saveOrCreatePrivateProperty(LanEventPrivateProperty privateProperty) {
 		LanEventPrivateProperty ret = null;
-		logger.info("Saving property {}, eventorg {}, key {}", new Object[] { privateProperty.getEvent(), privateProperty.getEventorg(), privateProperty.getKey() });
+		logger.info("Saving property {}, eventorg {}, key {}",
+			new Object[]{privateProperty.getEvent(), privateProperty.getEventorg(), privateProperty.getKey()});
 
 		if (privateProperty.getId() == null) {
 			ret = privateProperty;
@@ -320,7 +322,7 @@ public class EventBean implements EventBeanLocal {
 	}
 
 	@Override
-	@RolesAllowed({ EventPermission.S_MANAGE_PRIVATE_PROPERTIES, EventPermission.S_MANAGE_EVENT })
+	@RolesAllowed({EventPermission.S_MANAGE_PRIVATE_PROPERTIES, EventPermission.S_MANAGE_EVENT})
 	public LanEvent deletePrivateProperty(LanEventPrivateProperty property) {
 		property = eventPrivatePropertyFacade.reload(property);
 		LanEvent event = property.getEvent();
@@ -335,14 +337,15 @@ public class EventBean implements EventBeanLocal {
 	}
 
 	@Override
+	@RolesAllowed({SpecialPermission.S_USER})
 	public List<LanEvent> findAllEventsForCurrentUser() {
 		return eventFacade.findAll(permbean.getCurrentUser().getUser());
 	}
 
 	@Override
+	@RolesAllowed({SpecialPermission.S_USER})
 	public List<LanEvent> findFutureAndRunningEventsForCurrentUser() {
 
-
 		List<LanEvent> events = findAllEventsForCurrentUser();
 
 		List<LanEvent> retlist = new ArrayList<>();
@@ -351,19 +354,18 @@ public class EventBean implements EventBeanLocal {
 		tmp.add(Calendar.DAY_OF_MONTH, -5);
 		Date compareDate = tmp.getTime();
 
-		for(LanEvent event : events) {
+		for (LanEvent event : events) {
 
-			if(event.getEndTime() == null) {
+			if (event.getEndTime() == null) {
 				retlist.add(event);
 				continue;
 			}
 
-			if(event.getEndTime().compareTo(compareDate) > 0) {
+			if (event.getEndTime().compareTo(compareDate) > 0) {
 				retlist.add(event);
 			}
 		}
 
-
 		return retlist;
 	}
 

code/moya-beans/ejbModule/fi/codecrew/moya/beans/auth/BasicAuthPBean.java

@@ -36,6 +36,14 @@ public class BasicAuthPBean extends ApiAuth implements AuthenticationFormat {
 	@EJB
 	private EventBean eventbean;
 
+	/**
+	 * Authenticate application with username being `null` and password containing basic auth credentials:
+	 * username should be constant 'appauth' and password should contain the following fields delimited by: `:` 
+	 * 1) application Id
+	 * 2) application instance authname
+	 * 3) application instance secret
+	 * 
+	 */
 	@Override
 	public AuthenticationResult authenticate(String jaasUsername, String password) {
 		AuthenticationResult ret = null;

code/moya-restpojo/pom.xml

@@ -4,7 +4,7 @@
 	<artifactId>moya-restpojo</artifactId>
 	<!-- This is set here on purpose, so that remote dependencies do not break 
 		If this is updated. remember to update also version in moya-web -->
-	<version>1.2.1</version>
+	<version>1.2.4</version>
 	<distributionManagement>
 		<downloadUrl>http://codecrew.fi/mvn</downloadUrl>
 		<repository>

code/moya-restpojo/src/main/java/fi/codecrew/moya/rest/pojo/appconfig/v1/ApplicationInstancePojo.java

@@ -23,7 +23,6 @@ public class ApplicationInstancePojo {
 	}
 
 
-
 	@XmlElement()
 	public String getSecretKey() {
 		return secretKey;
@@ -34,11 +33,6 @@ public class ApplicationInstancePojo {
 	}
 
 
-
-
-
-
-
 	@XmlElement()
 	public String getName() {
 		return name;

code/moya-restpojo/src/main/java/fi/codecrew/moya/rest/pojo/appconfig/v1/EventPojo.java

@@ -4,6 +4,8 @@ package fi.codecrew.moya.rest.pojo.appconfig.v1;
 import io.swagger.annotations.ApiModel;
 
 import javax.xml.bind.annotation.XmlElement;
+
+import java.util.Date;
 import java.util.List;
 
 /**
@@ -15,6 +17,7 @@ public class EventPojo {
 	private Integer lanEventId;
 	private String name;
 	private List<String> urls;
+	private Date startTime;
 
 	@XmlElement
 	public Integer getLanEventId() {
@@ -42,4 +45,12 @@ public class EventPojo {
 	public void setUrls(List<String> urls) {
 		this.urls = urls;
 	}
+
+	public Date getStartTime() {
+		return startTime;
+	}
+
+	public void setStartTime(Date startTime) {
+		this.startTime = startTime;
+	}
 }

code/moya-restpojo/src/main/java/fi/codecrew/moya/rest/pojo/userinfo/v1/ApiApplicationInstancePojo.java

+package fi.codecrew.moya.rest.pojo.userinfo.v1;
+
+import java.io.Serializable;
+import java.util.Date;
+
+import io.swagger.annotations.ApiModel;
+
+@ApiModel
+public class ApiApplicationInstancePojo implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+
+	private boolean enabled;
+	private Date created;
+	private String authname;
+	private String secret;
+	
+	public boolean isEnabled() {
+		return enabled;
+	}
+	public void setEnabled(boolean enabled) {
+		this.enabled = enabled;
+	}
+	public Date getCreated() {
+		return created;
+	}
+	public void setCreated(Date created) {
+		this.created = created;
+	}
+	public String getAuthname() {
+		return authname;
+	}
+	public void setAuthname(String authname) {
+		this.authname = authname;
+	}
+	public String getSecret() {
+		return secret;
+	}
+	public void setSecret(String secret) {
+		this.secret = secret;
+	}
+
+}

code/moya-restpojo/src/main/java/fi/codecrew/moya/rest/pojo/userinfo/v1/UserPwdPojo.java

+package fi.codecrew.moya.rest.pojo.userinfo.v1;
+
+import java.io.Serializable;
+import java.util.Date;
+
+public class UserPwdPojo implements Serializable{
+
+	private static final long serialVersionUID = 1L;
+
+	private String username;
+	private String password;
+	private Date submitTime;
+	
+	public String getUsername() {
+		return username;
+	}
+	public void setUsername(String username) {
+		this.username = username;
+	}
+	public String getPassword() {
+		return password;
+	}
+	public void setPassword(String password) {
+		this.password = password;
+	}
+	public Date getSubmitTime() {
+		return submitTime;
+	}
+	public void setSubmitTime(Date submitTime) {
+		this.submitTime = submitTime;
+	}
+	
+}

code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java

@@ -145,7 +145,12 @@ public class HostnameFilter implements Filter {
 		MDC.remove("req.eventhost");
 	}
 
-	private static final String[] NOAUTH_RESTPATHS = new String[]{"/reader/EventRole/", "/user/auth"};
+	private static final String[] NOAUTH_RESTPATHS = new String[]{
+		"/reader/EventRole/",
+		"/user/auth",
+		"/appconfig/v1/eventinfo/allevents",
+		"/apiapp/v1/createInstance/"
+	};
 
 	/**
 	 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)

code/moya-web/src/main/java/fi/codecrew/moya/rest/PojoUtils.java

@@ -337,6 +337,7 @@ public class PojoUtils {
 			pojo.setName(event.getName());
 			pojo.setLanEventId(event.getId());
 			pojo.setUrls(urls);
+			pojo.setStartTime(event.getStartTime());
 			eventPojos.add(pojo);
 		}
 

code/moya-web/src/main/java/fi/codecrew/moya/rest/apiapp/v1/ApiAppRestViewV1.java

+package fi.codecrew.moya.rest.apiapp.v1;
+
+import java.security.Principal;
+
+import javax.ejb.EJB;
+import javax.enterprise.context.RequestScoped;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import fi.codecrew.moya.beans.ApiApplicationBeanLocal;
+import fi.codecrew.moya.model.ApiApplication;
+import fi.codecrew.moya.model.ApiApplicationInstance;
+import fi.codecrew.moya.rest.pojo.userinfo.v1.ApiApplicationInstancePojo;
+import fi.codecrew.moya.rest.pojo.userinfo.v1.UserPwdPojo;
+import io.swagger.annotations.Api;
+
+@RequestScoped
+@Path("/apiapp/v1")
+@Consumes({ MediaType.APPLICATION_JSON })
+@Produces({ MediaType.APPLICATION_JSON + "; charset=UTF-8" })
+@Api(value = "/apiapp/v1/", description = "Manage api application and keys")
+public class ApiAppRestViewV1 {
+
+	private static final Logger logger = LoggerFactory.getLogger(ApiAppRestViewV1.class);
+	
+	@Context
+	private HttpServletRequest servletRequest;
+
+	@EJB
+	private ApiApplicationBeanLocal apibean;
+
+	@POST
+	@Path("/createInstance/{appKey}")
+	public Response createApiInstance(@PathParam("appKey") String appKey, @QueryParam("username") String username, @QueryParam("password") String password, @QueryParam("nonce") Long timestamp) {
+		try {
+			Principal principal = servletRequest.getUserPrincipal();
+
+			// ensure logged out user
+			if (principal != null && principal.getName() != null) {
+				servletRequest.logout();
+
+				principal = null;
+			}
+			servletRequest.getSession(true);
+			servletRequest.login(username, password);
+			
+			ApiApplication app = apibean.findApplication(appKey);
+			ApiApplicationInstance apiInstance = apibean.createApplicationInstance(app);
+			ApiApplicationInstancePojo ret = new ApiApplicationInstancePojo();
+			ret.setAuthname(apiInstance.getAuthname());
+			ret.setCreated(apiInstance.getCreated());
+			ret.setEnabled(apiInstance.isEnabled());
+			ret.setSecret(apiInstance.getSecretKey());
+			return Response.ok(ret).build();
+			
+		} catch (ServletException e) {
+			logger.warn("Error logging in while creating ApiApplication instance");
+			return Response.serverError().entity(e.getCause()).build();
+		}
+	}
+
+}

code/moya-web/src/main/java/fi/codecrew/moya/rest/appconfig/v1/EventInfoV1.java

 package fi.codecrew.moya.rest.appconfig.v1;
 
+import java.security.Principal;
+import java.util.Date;
+
 import javax.ejb.EJB;
 import javax.enterprise.context.RequestScoped;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
@@ -16,7 +22,9 @@ import io.swagger.annotations.ApiResponse;
 import fi.codecrew.moya.beans.EventBeanLocal;
 import fi.codecrew.moya.beans.PermissionBeanLocal;
 import fi.codecrew.moya.rest.PojoUtils;
+import fi.codecrew.moya.rest.apiapp.v1.ApiAppRestViewV1;
 import fi.codecrew.moya.rest.pojo.appconfig.v1.EventRoot;
+import fi.codecrew.moya.rest.pojo.userinfo.v1.UserPwdPojo;
 
 /**
  * Created by tuukka on 28.3.2015.
@@ -24,17 +32,43 @@ import fi.codecrew.moya.rest.pojo.appconfig.v1.EventRoot;
 
 @RequestScoped
 @Path("/appconfig/v1/eventinfo")
-@Consumes({ MediaType.APPLICATION_JSON })
-@Produces({ MediaType.APPLICATION_JSON + "; charset=UTF-8" })
-@Api(value="/appconfig/v1/eventinfo", description = "Event information for application")
+@Consumes({MediaType.APPLICATION_JSON})
+@Produces({MediaType.APPLICATION_JSON + "; charset=UTF-8"})
+@Api(value = "/appconfig/v1/eventinfo", description = "Event information for application")
 public class EventInfoV1 {
+	private static final Logger logger = LoggerFactory.getLogger(EventInfoV1.class);
 
-	@EJB
-	PermissionBeanLocal permissionBean;
 
+	@Context
+	private HttpServletRequest servletRequest;
 
 	@EJB
-	EventBeanLocal eventBean;
+	private PermissionBeanLocal permissionBean;
+
+	@EJB
+	private EventBeanLocal eventBean;
+
+	@GET
+	@Path("/allevents")
+	public Response getEventsForUser(@QueryParam("username") String username, @QueryParam("password") String password, @QueryParam("timestamp") Long timestamp) {
+
+		try {
+			if (username != null) {
+				Principal principal = servletRequest.getUserPrincipal();
+
+				// ensure logged out user
+				if (principal != null && principal.getName() != null) {
+					servletRequest.logout();
+				}
+				servletRequest.getSession(true);
+				servletRequest.login(username, password);
+			}
+			return Response.ok(PojoUtils.parseEvents(eventBean.findAllEventsForCurrentUser())).build();
+		} catch (ServletException e) {
+			logger.warn("Error logging in while creating ApiApplication instance");
+			return Response.serverError().entity(e.getCause()).build();
+		}
+	}
 
 	@GET
 	@Path("/listevents/")
@@ -42,10 +76,11 @@ public class EventInfoV1 {
 	@ApiResponse(code = 200, message = "Return events for current user")
 	public Response getEventsForCurrentUser() {
 
-		if(permissionBean.getCurrentUser().isAnonymous()) {
+		if (permissionBean.getCurrentUser().isAnonymous()) {
 			return Response.status(Response.Status.FORBIDDEN).build();
 		}
 
 		return Response.ok(PojoUtils.parseEvents(eventBean.findFutureAndRunningEventsForCurrentUser())).build();
 	}
+
 }