JSON exception add
This commit is contained in:
Igor I
2
pom.xml
2
pom.xml
@ -134,7 +134,7 @@
|
|||||||
<version>2.22.2</version>
|
<version>2.22.2</version>
|
||||||
<configuration>
|
<configuration>
|
||||||
<systemPropertyVariables>
|
<systemPropertyVariables>
|
||||||
<spring.config.location>file:kz_mcp_jwt.properties</spring.config.location>
|
<spring.config.location>file:org_ccalm_jwt.properties</spring.config.location>
|
||||||
</systemPropertyVariables>
|
</systemPropertyVariables>
|
||||||
</configuration>
|
</configuration>
|
||||||
</plugin>
|
</plugin>
|
||||||
|
|||||||
@ -127,19 +127,27 @@ public class MainController implements ServletContextAware {
|
|||||||
|
|
||||||
public String createStrJSONError(int code, String message, String setting, String marker) {
|
public String createStrJSONError(int code, String message, String setting, String marker) {
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
json.put("error_code", code);
|
try {
|
||||||
json.put("error_message", Arrays.asList(message));
|
json.put("error_code", code);
|
||||||
json.put("error_setting", Arrays.asList(setting));
|
json.put("error_message", Arrays.asList(message));
|
||||||
json.put("error_marker", marker);
|
json.put("error_setting", Arrays.asList(setting));
|
||||||
|
json.put("error_marker", marker);
|
||||||
|
} catch (JSONException e) {
|
||||||
|
return "{}";
|
||||||
|
}
|
||||||
return json.toString();
|
return json.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
public JSONObject createJSONError(int code, String message, String setting, String marker) {
|
public JSONObject createJSONError(int code, String message, String setting, String marker) {
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
json.put("error_code", code);
|
try {
|
||||||
json.put("error_message", Arrays.asList(message));
|
json.put("error_code", code);
|
||||||
json.put("error_setting", Arrays.asList(setting));
|
json.put("error_message", Arrays.asList(message));
|
||||||
json.put("error_marker", Arrays.asList(setting));
|
json.put("error_setting", Arrays.asList(setting));
|
||||||
|
json.put("error_marker", Arrays.asList(setting));
|
||||||
|
} catch (JSONException e) {
|
||||||
|
logger.error(e);
|
||||||
|
}
|
||||||
return json;
|
return json;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -266,27 +274,31 @@ public class MainController implements ServletContextAware {
|
|||||||
@ResponseBody
|
@ResponseBody
|
||||||
public String index(Model model,@RequestParam(required=false,name="lng",defaultValue = "1") String language_id) {
|
public String index(Model model,@RequestParam(required=false,name="lng",defaultValue = "1") String language_id) {
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
json.put("error_code",0);
|
|
||||||
json.put("error_message","");
|
|
||||||
json.put("error_marker",(String)null);
|
|
||||||
String buildDate="";
|
|
||||||
//String buildVersion="";
|
|
||||||
try {
|
try {
|
||||||
InputStream inputStream = MainController.class.getClassLoader().getResourceAsStream("META-INF/build-info.properties");
|
json.put("error_code",0);
|
||||||
if (inputStream != null) {
|
json.put("error_message","");
|
||||||
Properties properties = new Properties();
|
json.put("error_marker",(String)null);
|
||||||
properties.load(inputStream);
|
String buildDate="";
|
||||||
buildDate = properties.getProperty("build.time");
|
//String buildVersion="";
|
||||||
//buildVersion = properties.getProperty("build.version");
|
try {
|
||||||
|
InputStream inputStream = MainController.class.getClassLoader().getResourceAsStream("META-INF/build-info.properties");
|
||||||
|
if (inputStream != null) {
|
||||||
|
Properties properties = new Properties();
|
||||||
|
properties.load(inputStream);
|
||||||
|
buildDate = properties.getProperty("build.time");
|
||||||
|
//buildVersion = properties.getProperty("build.version");
|
||||||
|
}
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
json.put("build_date",buildDate);
|
||||||
e.printStackTrace();
|
//json.put("build_version",buildVersion);
|
||||||
|
json.put("name",application_name);
|
||||||
|
//json.put("active_connections",dataSource.getHikariPoolMXBean().getActiveConnections());
|
||||||
|
//json.put("idle_connections",dataSource.getHikariPoolMXBean().getIdleConnections());
|
||||||
|
} catch (JSONException e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
json.put("build_date",buildDate);
|
|
||||||
//json.put("build_version",buildVersion);
|
|
||||||
json.put("name",application_name);
|
|
||||||
//json.put("active_connections",dataSource.getHikariPoolMXBean().getActiveConnections());
|
|
||||||
//json.put("idle_connections",dataSource.getHikariPoolMXBean().getIdleConnections());
|
|
||||||
return json.toString();
|
return json.toString();
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
@ -299,10 +311,11 @@ public class MainController implements ServletContextAware {
|
|||||||
public String get_settings(@CookieValue(value = "jwt_a", defaultValue = "") String jwt_a, @RequestParam(required=false,name="lng",defaultValue = "1") String language_id) {
|
public String get_settings(@CookieValue(value = "jwt_a", defaultValue = "") String jwt_a, @RequestParam(required=false,name="lng",defaultValue = "1") String language_id) {
|
||||||
Translation trt = new Translation(language_id,jdbcTemplate);
|
Translation trt = new Translation(language_id,jdbcTemplate);
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
json.put("error_code",0);
|
|
||||||
//json.put("error_message","");
|
|
||||||
//json.put("error_marker",(String)null);
|
|
||||||
try{
|
try{
|
||||||
|
json.put("error_code",0);
|
||||||
|
//json.put("error_message","");
|
||||||
|
//json.put("error_marker",(String)null);
|
||||||
|
|
||||||
if(jwt_a.equals("") || countOccurrences(jwt_a, '.')!=2)
|
if(jwt_a.equals("") || countOccurrences(jwt_a, '.')!=2)
|
||||||
{
|
{
|
||||||
throw new CustomException(10000, trt.trt("Please_send_a_valid_JWT_token"),null);
|
throw new CustomException(10000, trt.trt("Please_send_a_valid_JWT_token"),null);
|
||||||
@ -355,10 +368,11 @@ public class MainController implements ServletContextAware {
|
|||||||
public String set_settings(SettingModel setting, @CookieValue(value = "jwt_a", defaultValue = "") String jwt_a, @RequestParam(required=false,name="lng",defaultValue = "1") String language_id) {
|
public String set_settings(SettingModel setting, @CookieValue(value = "jwt_a", defaultValue = "") String jwt_a, @RequestParam(required=false,name="lng",defaultValue = "1") String language_id) {
|
||||||
Translation trt = new Translation(language_id,jdbcTemplate);
|
Translation trt = new Translation(language_id,jdbcTemplate);
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
json.put("error_code",0);
|
|
||||||
//json.put("error_message","");
|
|
||||||
//json.put("error_marker",(String)null);
|
|
||||||
try{
|
try{
|
||||||
|
json.put("error_code",0);
|
||||||
|
//json.put("error_message","");
|
||||||
|
//json.put("error_marker",(String)null);
|
||||||
|
|
||||||
if(jwt_a.equals("") || countOccurrences(jwt_a, '.')!=2)
|
if(jwt_a.equals("") || countOccurrences(jwt_a, '.')!=2)
|
||||||
{
|
{
|
||||||
throw new CustomException(10000, trt.trt("Please_send_a_valid_JWT_token"),null);
|
throw new CustomException(10000, trt.trt("Please_send_a_valid_JWT_token"),null);
|
||||||
@ -423,56 +437,60 @@ public class MainController implements ServletContextAware {
|
|||||||
public String access(Model model, @CookieValue(value = "jwt_a", defaultValue = "") String jwt_a,@Nullable @RequestBody ActionName action_name,@CookieValue(value = "lng",defaultValue = "1") String language_id) {
|
public String access(Model model, @CookieValue(value = "jwt_a", defaultValue = "") String jwt_a,@Nullable @RequestBody ActionName action_name,@CookieValue(value = "lng",defaultValue = "1") String language_id) {
|
||||||
|
|
||||||
Translation trt = new Translation(language_id,jdbcTemplate);
|
Translation trt = new Translation(language_id,jdbcTemplate);
|
||||||
|
|
||||||
String result=createStrJSONError(10000,trt.trt("Request_not_processed"), (String)null, (String)null);
|
String result=createStrJSONError(10000,trt.trt("Request_not_processed"), (String)null, (String)null);
|
||||||
if(jwt_a.equals("") || countOccurrences(jwt_a, '.')!=2)
|
|
||||||
{
|
|
||||||
result=createStrJSONError(10000,trt.trt("Please_send_a_valid_JWT_token"), (String)null, (String)null);
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Connection conn = getConnection();
|
|
||||||
//Проверяю подпись токена
|
|
||||||
Jws<Claims> claims = null;
|
|
||||||
//SecretKey key_a = new SecretKeySpec(Base64.getDecoder().decode(key_a_txt), "HmacSHA256");
|
|
||||||
try {
|
try {
|
||||||
claims = Jwts.parserBuilder()
|
if(jwt_a.equals("") || countOccurrences(jwt_a, '.')!=2)
|
||||||
.setSigningKey(getPublicKey()) //.setSigningKey(key_a)
|
{
|
||||||
.build()
|
result=createStrJSONError(10000,trt.trt("Please_send_a_valid_JWT_token"), (String)null, (String)null);
|
||||||
.parseClaimsJws(jwt_a);
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
//Connection conn = getConnection();
|
||||||
|
//Проверяю подпись токена
|
||||||
|
Jws<Claims> claims = null;
|
||||||
|
//SecretKey key_a = new SecretKeySpec(Base64.getDecoder().decode(key_a_txt), "HmacSHA256");
|
||||||
|
try {
|
||||||
|
claims = Jwts.parserBuilder()
|
||||||
|
.setSigningKey(getPublicKey()) //.setSigningKey(key_a)
|
||||||
|
.build()
|
||||||
|
.parseClaimsJws(jwt_a);
|
||||||
|
} catch (Exception e) {
|
||||||
|
return createStrJSONError(10000, trt.trt("JWT_token_verification_error"),(String)null,(String)null);
|
||||||
|
}
|
||||||
|
String sql = """
|
||||||
|
select
|
||||||
|
name
|
||||||
|
from
|
||||||
|
main.get_access_list(:user_id)
|
||||||
|
where
|
||||||
|
allow=true
|
||||||
|
and (:action_name::text is null or name ilike '%'|| :action_name::text ||'%')
|
||||||
|
order by name
|
||||||
|
""";
|
||||||
|
|
||||||
|
|
||||||
|
MapSqlParameterSource parameters = new MapSqlParameterSource();
|
||||||
|
parameters.addValue("user_id", claims.getBody().get("user_id"));
|
||||||
|
if(action_name == null)
|
||||||
|
parameters.addValue("action_name", null);
|
||||||
|
else
|
||||||
|
parameters.addValue("action_name", action_name.getActionName());
|
||||||
|
List<String> ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
|
||||||
|
JSONObject json = new JSONObject();
|
||||||
|
json.put("error_code",0);
|
||||||
|
//json.put("error_message","");
|
||||||
|
//json.put("error_marker",(String)null);
|
||||||
|
JSONArray data = new JSONArray();
|
||||||
|
for (int i = 0; i < ret.size(); i++) {
|
||||||
|
data.put((new JSONObject(ret.get(i))).getString("name"));
|
||||||
|
}
|
||||||
|
json.put("data",data);
|
||||||
|
result = json.toString();
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
return createStrJSONError(10000, trt.trt("JWT_token_verification_error"),(String)null,(String)null);
|
String uuid = UUID.randomUUID().toString();
|
||||||
|
logger.error(uuid,e);
|
||||||
|
result=createStrJSONError(10000,trt.trt("Internal_Server_Error"), (String)null, uuid);
|
||||||
}
|
}
|
||||||
String sql = """
|
|
||||||
select
|
|
||||||
name
|
|
||||||
from
|
|
||||||
main.get_access_list(:user_id)
|
|
||||||
where
|
|
||||||
allow=true
|
|
||||||
and (:action_name::text is null or name ilike '%'|| :action_name::text ||'%')
|
|
||||||
order by name
|
|
||||||
""";
|
|
||||||
|
|
||||||
|
|
||||||
MapSqlParameterSource parameters = new MapSqlParameterSource();
|
|
||||||
parameters.addValue("user_id", claims.getBody().get("user_id"));
|
|
||||||
if(action_name == null)
|
|
||||||
parameters.addValue("action_name", null);
|
|
||||||
else
|
|
||||||
parameters.addValue("action_name", action_name.getActionName());
|
|
||||||
List<String> ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
|
|
||||||
JSONObject json = new JSONObject();
|
|
||||||
json.put("error_code",0);
|
|
||||||
//json.put("error_message","");
|
|
||||||
//json.put("error_marker",(String)null);
|
|
||||||
JSONArray data = new JSONArray();
|
|
||||||
for (int i = 0; i < ret.size(); i++) {
|
|
||||||
data.put((new JSONObject(ret.get(i))).getString("name"));
|
|
||||||
}
|
|
||||||
json.put("data",data);
|
|
||||||
result = json.toString();
|
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -481,9 +499,10 @@ public class MainController implements ServletContextAware {
|
|||||||
public String captcha(Model model, @RequestBody EmailModel email_model, @RequestParam(required=false,name="lng",defaultValue = "1") String language_id) {
|
public String captcha(Model model, @RequestBody EmailModel email_model, @RequestParam(required=false,name="lng",defaultValue = "1") String language_id) {
|
||||||
Translation trt = new Translation(language_id,jdbcTemplate);
|
Translation trt = new Translation(language_id,jdbcTemplate);
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
json.put("error_code",0);
|
|
||||||
json.put("error_message","");
|
|
||||||
try{
|
try{
|
||||||
|
json.put("error_code",0);
|
||||||
|
json.put("error_message","");
|
||||||
|
|
||||||
//Генерю Captcha
|
//Генерю Captcha
|
||||||
ImageCaptcha imageCaptcha = new ImageCaptcha.Builder(400, 100)
|
ImageCaptcha imageCaptcha = new ImageCaptcha.Builder(400, 100)
|
||||||
.addContent(new LatinContentProducer(7),
|
.addContent(new LatinContentProducer(7),
|
||||||
@ -532,9 +551,10 @@ public class MainController implements ServletContextAware {
|
|||||||
public String create(@RequestBody NewUserModel newUserModel,@RequestParam(required=false,name="lng",defaultValue="1") String language_id) {
|
public String create(@RequestBody NewUserModel newUserModel,@RequestParam(required=false,name="lng",defaultValue="1") String language_id) {
|
||||||
Translation trt = new Translation(language_id,jdbcTemplate);
|
Translation trt = new Translation(language_id,jdbcTemplate);
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
json.put("error_code",0);
|
|
||||||
json.put("error_message","");
|
|
||||||
try{
|
try{
|
||||||
|
json.put("error_code",0);
|
||||||
|
json.put("error_message","");
|
||||||
|
|
||||||
if(newUserModel.getName().length()<3) {
|
if(newUserModel.getName().length()<3) {
|
||||||
throw new CustomException(10000, trt.trt("The_name_field_is_empty"),null);
|
throw new CustomException(10000, trt.trt("The_name_field_is_empty"),null);
|
||||||
}
|
}
|
||||||
@ -665,9 +685,10 @@ public class MainController implements ServletContextAware {
|
|||||||
public String info(Model model, @CookieValue(value = "jwt_a", defaultValue = "") String jwt_a, @CookieValue(value = "lng",defaultValue="1") String language_id) {
|
public String info(Model model, @CookieValue(value = "jwt_a", defaultValue = "") String jwt_a, @CookieValue(value = "lng",defaultValue="1") String language_id) {
|
||||||
Translation trt = new Translation(language_id,jdbcTemplate);
|
Translation trt = new Translation(language_id,jdbcTemplate);
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
json.put("error_code",0);
|
|
||||||
json.put("error_message","");
|
|
||||||
try {
|
try {
|
||||||
|
json.put("error_code",0);
|
||||||
|
json.put("error_message","");
|
||||||
|
|
||||||
if(jwt_a.equals("") || countOccurrences(jwt_a, '.')!=2)
|
if(jwt_a.equals("") || countOccurrences(jwt_a, '.')!=2)
|
||||||
{
|
{
|
||||||
throw new CustomException(10000, trt.trt("Please_send_a_valid_JWT_token"),null);
|
throw new CustomException(10000, trt.trt("Please_send_a_valid_JWT_token"),null);
|
||||||
@ -733,9 +754,10 @@ public class MainController implements ServletContextAware {
|
|||||||
|
|
||||||
Translation trt = new Translation(language_id,jdbcTemplate);
|
Translation trt = new Translation(language_id,jdbcTemplate);
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
json.put("error_code",0);
|
|
||||||
json.put("error_message","");
|
|
||||||
try {
|
try {
|
||||||
|
json.put("error_code",0);
|
||||||
|
json.put("error_message","");
|
||||||
|
|
||||||
if(loginModel.getLogin().isEmpty())
|
if(loginModel.getLogin().isEmpty())
|
||||||
throw new CustomException(10000,trt.trt("The_login_field_is_empty"),null);
|
throw new CustomException(10000,trt.trt("The_login_field_is_empty"),null);
|
||||||
if(!Tools.isValidEmail(loginModel.getLogin()))
|
if(!Tools.isValidEmail(loginModel.getLogin()))
|
||||||
@ -1032,6 +1054,10 @@ public class MainController implements ServletContextAware {
|
|||||||
java.lang.String uuid = UUID.randomUUID().toString();
|
java.lang.String uuid = UUID.randomUUID().toString();
|
||||||
logger.error("Error executing SQL query", uuid, ex);
|
logger.error("Error executing SQL query", uuid, ex);
|
||||||
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
|
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
|
||||||
|
}catch (Exception e) {
|
||||||
|
String uuid = UUID.randomUUID().toString();
|
||||||
|
logger.error(uuid,e);
|
||||||
|
throw new CustomException(10000, trt.trt("Internal_Server_Error"),uuid);
|
||||||
}
|
}
|
||||||
|
|
||||||
Map<String, Integer> result = new HashMap<>();
|
Map<String, Integer> result = new HashMap<>();
|
||||||
@ -1047,9 +1073,10 @@ public class MainController implements ServletContextAware {
|
|||||||
public String newtotp(HttpServletRequest request, @RequestBody LoginModel loginModel, @RequestParam(required=false,name="lng",defaultValue="1") String language_id) {
|
public String newtotp(HttpServletRequest request, @RequestBody LoginModel loginModel, @RequestParam(required=false,name="lng",defaultValue="1") String language_id) {
|
||||||
Translation trt = new Translation(language_id,jdbcTemplate);
|
Translation trt = new Translation(language_id,jdbcTemplate);
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
json.put("error_code",0);
|
|
||||||
json.put("error_message","");
|
|
||||||
try {
|
try {
|
||||||
|
json.put("error_code",0);
|
||||||
|
json.put("error_message","");
|
||||||
|
|
||||||
if(loginModel.getLogin().isEmpty())
|
if(loginModel.getLogin().isEmpty())
|
||||||
throw new CustomException(10000,trt.trt("The_login_field_is_empty"),null);
|
throw new CustomException(10000,trt.trt("The_login_field_is_empty"),null);
|
||||||
if(!Tools.isValidEmail(loginModel.getLogin()))
|
if(!Tools.isValidEmail(loginModel.getLogin()))
|
||||||
@ -1219,9 +1246,9 @@ public class MainController implements ServletContextAware {
|
|||||||
|
|
||||||
Translation trt = new Translation(language_id,jdbcTemplate);
|
Translation trt = new Translation(language_id,jdbcTemplate);
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
json.put("error_code",0);
|
|
||||||
json.put("error_message","");
|
|
||||||
try {
|
try {
|
||||||
|
json.put("error_code",0);
|
||||||
|
json.put("error_message","");
|
||||||
|
|
||||||
if(jwt_a.equals("") || countOccurrences(jwt_a, '.')!=2 || jwt_r.equals("") || countOccurrences(jwt_r, '.')!=2 )
|
if(jwt_a.equals("") || countOccurrences(jwt_a, '.')!=2 || jwt_r.equals("") || countOccurrences(jwt_r, '.')!=2 )
|
||||||
{
|
{
|
||||||
@ -1317,50 +1344,53 @@ public class MainController implements ServletContextAware {
|
|||||||
|
|
||||||
Translation trt = new Translation(language_id,jdbcTemplate);
|
Translation trt = new Translation(language_id,jdbcTemplate);
|
||||||
String result=createHTMLError(1,trt.trt("Request_not_processed"));
|
String result=createHTMLError(1,trt.trt("Request_not_processed"));
|
||||||
|
try {
|
||||||
|
int index = token.indexOf(".");
|
||||||
|
if (index < 0)
|
||||||
|
return createHTMLError(10000, trt.trt("Please_send_a_valid_token"));
|
||||||
|
|
||||||
int index = token.indexOf(".");
|
String payload = token.substring(0, index);
|
||||||
if(index<0)
|
String signature1 = token.substring(index + 1);
|
||||||
return createHTMLError(10000,trt.trt("Please_send_a_valid_token"));
|
|
||||||
|
|
||||||
String payload = token.substring(0, index);
|
String signature2 = Tools.generateSignature(captchaKey, payload);
|
||||||
String signature1 = token.substring(index+1);
|
if (!signature1.equals(signature2)) {
|
||||||
|
return createHTMLError(1, trt.trt("The_signature_did_not_match"));
|
||||||
|
}
|
||||||
|
|
||||||
String signature2 = Tools.generateSignature(captchaKey,payload);
|
//расшифровываю
|
||||||
if(! signature1.equals(signature2))
|
JSONObject jToken = new JSONObject(Tools.decryptText(captchaKey, payload));
|
||||||
{
|
if (jToken == null)
|
||||||
return createHTMLError(1,trt.trt("The_signature_did_not_match"));
|
return createHTMLError(10000, trt.trt("Please_send_a_valid_JSON_string_in_your_token"));
|
||||||
|
if (jToken.getLong("exp") < Instant.now().getEpochSecond()) {
|
||||||
|
return createHTMLError(10000, trt.trt("Captcha_is_outdated"));
|
||||||
|
}
|
||||||
|
if (!Tools.isValidEmail(jToken.getString("email"))) {
|
||||||
|
return createHTMLError(10000, trt.trt("The_email_field_is_incorrect"));
|
||||||
|
}
|
||||||
|
|
||||||
|
//Проверяю на то что не нажали много раз на востановление пароля
|
||||||
|
long id = 0;
|
||||||
|
String sql = "select id from main._users where del=false and password_new=:password_new and email=:email";
|
||||||
|
MapSqlParameterSource parameters = new MapSqlParameterSource();
|
||||||
|
parameters.addValue("password_new", jToken.getString("password"));
|
||||||
|
parameters.addValue("email", jToken.getString("email"));
|
||||||
|
List<String> ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
|
||||||
|
for (int i = 0; i < ret.size(); i++) {
|
||||||
|
id = (new JSONObject(ret.get(i))).getLong("id");
|
||||||
|
}
|
||||||
|
if (id == 0)
|
||||||
|
return createHTMLError(10000, trt.trt("The_password_update_request_has_expired"));
|
||||||
|
|
||||||
|
//Теперь обновляем пароль в базе
|
||||||
|
sql = "update main._users set password=crypt(password_new, gen_salt('bf')),password_new = null,expiration='1970-01-01' where password_new is not null and email=:email";
|
||||||
|
parameters = new MapSqlParameterSource();
|
||||||
|
parameters.addValue("email", jToken.getString("email"));
|
||||||
|
int cnt = jdbcTemplate.update(sql, parameters);
|
||||||
|
} catch (Exception e) {
|
||||||
|
String uuid = UUID.randomUUID().toString();
|
||||||
|
logger.error(uuid,e);
|
||||||
|
return createHTMLError(10000,trt.trt("Internal_Server_Error"));
|
||||||
}
|
}
|
||||||
|
|
||||||
//расшифровываю
|
|
||||||
JSONObject jToken = new JSONObject(Tools.decryptText(captchaKey,payload));
|
|
||||||
if(jToken==null)
|
|
||||||
return createHTMLError(10000,trt.trt("Please_send_a_valid_JSON_string_in_your_token"));
|
|
||||||
if(jToken.getLong("exp")<Instant.now().getEpochSecond()){
|
|
||||||
return createHTMLError(10000,trt.trt("Captcha_is_outdated"));
|
|
||||||
}
|
|
||||||
if (!Tools.isValidEmail(jToken.getString("email"))) {
|
|
||||||
return createHTMLError(10000,trt.trt("The_email_field_is_incorrect"));
|
|
||||||
}
|
|
||||||
|
|
||||||
//Проверяю на то что не нажали много раз на востановление пароля
|
|
||||||
long id=0;
|
|
||||||
String sql = "select id from main._users where del=false and password_new=:password_new and email=:email";
|
|
||||||
MapSqlParameterSource parameters = new MapSqlParameterSource();
|
|
||||||
parameters.addValue("password_new", jToken.getString("password"));
|
|
||||||
parameters.addValue("email", jToken.getString("email"));
|
|
||||||
List<String> ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
|
|
||||||
for (int i = 0; i < ret.size(); i++) {
|
|
||||||
id = (new JSONObject(ret.get(i))).getLong("id");
|
|
||||||
}
|
|
||||||
if(id==0)
|
|
||||||
return createHTMLError(10000, trt.trt("The_password_update_request_has_expired"));
|
|
||||||
|
|
||||||
//Теперь обновляем пароль в базе
|
|
||||||
sql = "update main._users set password=crypt(password_new, gen_salt('bf')),password_new = null,expiration='1970-01-01' where password_new is not null and email=:email";
|
|
||||||
parameters = new MapSqlParameterSource();
|
|
||||||
parameters.addValue("email", jToken.getString("email"));
|
|
||||||
int cnt = jdbcTemplate.update(sql, parameters);
|
|
||||||
|
|
||||||
return createHTMLError(0,trt.trt("The_password_has_been_changed_and_you_will_be_redirected_to_the_main_page"));
|
return createHTMLError(0,trt.trt("The_password_has_been_changed_and_you_will_be_redirected_to_the_main_page"));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1369,91 +1399,96 @@ public class MainController implements ServletContextAware {
|
|||||||
public String restore(Model model, @RequestBody RestoreModel restore, @RequestParam(required=false,name="lng",defaultValue = "1") String language_id) {
|
public String restore(Model model, @RequestBody RestoreModel restore, @RequestParam(required=false,name="lng",defaultValue = "1") String language_id) {
|
||||||
|
|
||||||
Translation trt = new Translation(language_id,jdbcTemplate);
|
Translation trt = new Translation(language_id,jdbcTemplate);
|
||||||
|
|
||||||
String result=createStrJSONError(10000,trt.trt("Request_not_processed"), (String)null, (String)null);
|
String result=createStrJSONError(10000,trt.trt("Request_not_processed"), (String)null, (String)null);
|
||||||
//Connection conn = getConnection();
|
try{
|
||||||
|
//Connection conn = getConnection();
|
||||||
|
|
||||||
int index = restore.getToken().indexOf(".");
|
int index = restore.getToken().indexOf(".");
|
||||||
String payload = restore.getToken().substring(0, index);
|
String payload = restore.getToken().substring(0, index);
|
||||||
String signature1 = restore.getToken().substring(index+1);
|
String signature1 = restore.getToken().substring(index+1);
|
||||||
|
|
||||||
System.out.println("signature1: " + signature1);
|
System.out.println("signature1: " + signature1);
|
||||||
System.out.println("payload: " + payload);
|
System.out.println("payload: " + payload);
|
||||||
|
|
||||||
String signature2 = Tools.generateSignature(captchaKey,payload);
|
String signature2 = Tools.generateSignature(captchaKey,payload);
|
||||||
if(! signature1.equals(signature2))
|
if(! signature1.equals(signature2))
|
||||||
{
|
{
|
||||||
result=createStrJSONError(10000,trt.trt("The_signature_did_not_match"), (String)null, (String)null);
|
result=createStrJSONError(10000,trt.trt("The_signature_did_not_match"), (String)null, (String)null);
|
||||||
}
|
}
|
||||||
|
|
||||||
System.out.println("signature2: " + signature2);
|
System.out.println("signature2: " + signature2);
|
||||||
|
|
||||||
//расшифровываю
|
//расшифровываю
|
||||||
JSONObject token = new JSONObject(Tools.decryptText(captchaKey,payload));
|
JSONObject token = new JSONObject(Tools.decryptText(captchaKey,payload));
|
||||||
|
|
||||||
if(token==null)
|
if(token==null)
|
||||||
return createStrJSONError(10000,trt.trt("Please_send_a_valid_JSON_string_in_your_token"), (String)null,(String)null);
|
return createStrJSONError(10000,trt.trt("Please_send_a_valid_JSON_string_in_your_token"), (String)null,(String)null);
|
||||||
if(!restore.getCode().equals(token.getString("code"))){
|
if(!restore.getCode().equals(token.getString("code"))){
|
||||||
return createStrJSONError(10000,trt.trt("The_code_did_not_match"),(String)null,(String)null);
|
return createStrJSONError(10000,trt.trt("The_code_did_not_match"),(String)null,(String)null);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(token.getLong("exp")<Instant.now().getEpochSecond()){
|
if(token.getLong("exp")<Instant.now().getEpochSecond()){
|
||||||
return createStrJSONError(10000,trt.trt("Captcha_is_outdated"),(String)null,(String)null);
|
return createStrJSONError(10000,trt.trt("Captcha_is_outdated"),(String)null,(String)null);
|
||||||
}
|
}
|
||||||
if (!Tools.isValidEmail(token.getString("email"))) {
|
if (!Tools.isValidEmail(token.getString("email"))) {
|
||||||
return createStrJSONError(10000,trt.trt("The_email_field_is_incorrect"),(String)null,(String)null);
|
return createStrJSONError(10000,trt.trt("The_email_field_is_incorrect"),(String)null,(String)null);
|
||||||
}
|
}
|
||||||
|
|
||||||
//Проверяю есть ли в базе пользователь если есть отправляю ему почту для востановления
|
//Проверяю есть ли в базе пользователь если есть отправляю ему почту для востановления
|
||||||
long id=0;
|
long id=0;
|
||||||
String sql = "select id from main._users where del=false and email=:email";
|
String sql = "select id from main._users where del=false and email=:email";
|
||||||
MapSqlParameterSource parameters = new MapSqlParameterSource();
|
MapSqlParameterSource parameters = new MapSqlParameterSource();
|
||||||
parameters.addValue("email", token.getString("email"));
|
parameters.addValue("email", token.getString("email"));
|
||||||
List<String> ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
|
List<String> ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
|
||||||
for (int i = 0; i < ret.size(); i++) {
|
for (int i = 0; i < ret.size(); i++) {
|
||||||
id = (new JSONObject(ret.get(i))).getLong("id");
|
id = (new JSONObject(ret.get(i))).getLong("id");
|
||||||
}
|
}
|
||||||
if(id==0)
|
if(id==0)
|
||||||
return createStrJSONError(10000, trt.trt("User_with_this_email_was_not_found"),(String)null,(String)null);
|
return createStrJSONError(10000, trt.trt("User_with_this_email_was_not_found"),(String)null,(String)null);
|
||||||
|
|
||||||
String password_new = Tools.generatePassword(6);
|
String password_new = Tools.generatePassword(6);
|
||||||
|
|
||||||
sql = "update main._users set password_new=:password_new where email=:email";
|
sql = "update main._users set password_new=:password_new where email=:email";
|
||||||
parameters = new MapSqlParameterSource();
|
parameters = new MapSqlParameterSource();
|
||||||
parameters.addValue("password_new", password_new);
|
parameters.addValue("password_new", password_new);
|
||||||
parameters.addValue("email", token.getString("email"));
|
parameters.addValue("email", token.getString("email"));
|
||||||
int cnt = jdbcTemplate.update(sql, parameters);
|
int cnt = jdbcTemplate.update(sql, parameters);
|
||||||
|
|
||||||
//Создаю новый токен, кодирую, шифрую, подписываю и затем отправляю на почту
|
//Создаю новый токен, кодирую, шифрую, подписываю и затем отправляю на почту
|
||||||
JSONObject jTokenNew = new JSONObject();
|
JSONObject jTokenNew = new JSONObject();
|
||||||
jTokenNew.put("exp", Instant.now().getEpochSecond()+(60*60)); //+60 минут
|
jTokenNew.put("exp", Instant.now().getEpochSecond()+(60*60)); //+60 минут
|
||||||
jTokenNew.put("password",password_new);
|
jTokenNew.put("password",password_new);
|
||||||
jTokenNew.put("email",token.getString("email"));
|
jTokenNew.put("email",token.getString("email"));
|
||||||
String token_new = jTokenNew.toString();
|
String token_new = jTokenNew.toString();
|
||||||
token_new = Tools.encryptText(captchaKey,token_new);
|
token_new = Tools.encryptText(captchaKey,token_new);
|
||||||
token_new = token_new+"."+Tools.generateSignature(captchaKey, token_new); //Подпись для как бы токена
|
token_new = token_new+"."+Tools.generateSignature(captchaKey, token_new); //Подпись для как бы токена
|
||||||
|
|
||||||
//token_new = token_new.replace("+", "-")
|
//token_new = token_new.replace("+", "-")
|
||||||
// .replace("/", "_")
|
// .replace("/", "_")
|
||||||
// .replace("=", "^"); //Убираем спец символы для передачи через URL
|
// .replace("=", "^"); //Убираем спец символы для передачи через URL
|
||||||
try {
|
try {
|
||||||
token_new = URLEncoder.encode(token_new, StandardCharsets.UTF_8.toString());
|
token_new = URLEncoder.encode(token_new, StandardCharsets.UTF_8.toString());
|
||||||
} catch (UnsupportedEncodingException e) {
|
} catch (UnsupportedEncodingException e) {
|
||||||
return createStrJSONError(10000, trt.trt("Internal_Server_Error"), (String)null, (String)null);
|
return createStrJSONError(10000, trt.trt("Internal_Server_Error"), (String)null, (String)null);
|
||||||
}
|
}
|
||||||
|
|
||||||
//Формирую ссылку для отправки на почту для сброса пароля
|
//Формирую ссылку для отправки на почту для сброса пароля
|
||||||
String html = "<html><head><title>"+trt.trt("Password_recovery")+"</title></head><body>";
|
String html = "<html><head><title>"+trt.trt("Password_recovery")+"</title></head><body>";
|
||||||
html += "<h1>"+trt.trt("To_reset_your_password_click_on_the_link")+":</h1>";
|
html += "<h1>"+trt.trt("To_reset_your_password_click_on_the_link")+":</h1>";
|
||||||
html += "<a href=\""+url_reset+"?token=" + token_new + "\">"+trt.trt("Reset_the_password")+"</a><br><br>";
|
html += "<a href=\""+url_reset+"?token=" + token_new + "\">"+trt.trt("Reset_the_password")+"</a><br><br>";
|
||||||
html += trt.trt("After_clicking_on_the_link_the_new_password_will_be")+": \"<b>" + password_new + "</b>\"";
|
html += trt.trt("After_clicking_on_the_link_the_new_password_will_be")+": \"<b>" + password_new + "</b>\"";
|
||||||
html += "</body></html>";
|
html += "</body></html>";
|
||||||
try {
|
try {
|
||||||
EmailUtility.sendEmail(mail_host, mail_port, mail_login, mail_password, token.getString("email"), trt.trt("Password_recovery"), html);
|
EmailUtility.sendEmail(mail_host, mail_port, mail_login, mail_password, token.getString("email"), trt.trt("Password_recovery"), html);
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
|
String uuid = UUID.randomUUID().toString();
|
||||||
|
logger.error(uuid, ex);
|
||||||
|
return createStrJSONError(10000,trt.trt("Failed_send_mail_to_s"), token.getString("email"),uuid);
|
||||||
|
}
|
||||||
|
} catch (Exception e) {
|
||||||
String uuid = UUID.randomUUID().toString();
|
String uuid = UUID.randomUUID().toString();
|
||||||
logger.error(uuid, ex);
|
logger.error(uuid,e);
|
||||||
return createStrJSONError(10000,trt.trt("Failed_send_mail_to_s"), token.getString("email"),uuid);
|
return createStrJSONError(10000,trt.trt("Internal_Server_Error"), (String)null,uuid);
|
||||||
}
|
}
|
||||||
return createStrJSONError(0, trt.trt("A_recovery_link_has_been_sent_to_your_email"),(String)null,(String)null);
|
return createStrJSONError(0, trt.trt("A_recovery_link_has_been_sent_to_your_email"),(String)null,(String)null);
|
||||||
}
|
}
|
||||||
@ -1464,9 +1499,10 @@ public class MainController implements ServletContextAware {
|
|||||||
|
|
||||||
Translation trt = new Translation(language_id,jdbcTemplate);
|
Translation trt = new Translation(language_id,jdbcTemplate);
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
json.put("error_code",0);
|
|
||||||
json.put("error_message","");
|
|
||||||
try {
|
try {
|
||||||
|
json.put("error_code",0);
|
||||||
|
json.put("error_message","");
|
||||||
|
|
||||||
if(update==null)
|
if(update==null)
|
||||||
throw new CustomException(10000,trt.trt("Please_send_a_valid_JSON_string_in_your_request"),null);
|
throw new CustomException(10000,trt.trt("Please_send_a_valid_JSON_string_in_your_request"),null);
|
||||||
if(update.getLogin().equals(""))
|
if(update.getLogin().equals(""))
|
||||||
@ -1547,6 +1583,10 @@ public class MainController implements ServletContextAware {
|
|||||||
|
|
||||||
} catch (CustomException e) {
|
} catch (CustomException e) {
|
||||||
json = e.getJson();
|
json = e.getJson();
|
||||||
|
} catch (Exception e) {
|
||||||
|
String uuid = UUID.randomUUID().toString();
|
||||||
|
logger.error(uuid,e);
|
||||||
|
return createStrJSONError(10000,trt.trt("Internal_Server_Error"), (String)null,uuid);
|
||||||
} finally {
|
} finally {
|
||||||
}
|
}
|
||||||
return json.toString();
|
return json.toString();
|
||||||
|
|||||||
@ -1,11 +1,15 @@
|
|||||||
package org.ccalm.jwt.tools;
|
package org.ccalm.jwt.tools;
|
||||||
|
|
||||||
|
import org.apache.logging.log4j.LogManager;
|
||||||
|
import org.apache.logging.log4j.Logger;
|
||||||
|
import org.json.JSONException;
|
||||||
import org.json.JSONObject;
|
import org.json.JSONObject;
|
||||||
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
public class CustomException extends Exception {
|
public class CustomException extends Exception {
|
||||||
|
private static final Logger logger = LogManager.getLogger(CustomException.class);
|
||||||
private int errorCode;
|
private int errorCode;
|
||||||
private String marker;
|
private String marker;
|
||||||
private List<String> errorMessages;
|
private List<String> errorMessages;
|
||||||
@ -59,10 +63,14 @@ public class CustomException extends Exception {
|
|||||||
|
|
||||||
public JSONObject getJson() {
|
public JSONObject getJson() {
|
||||||
JSONObject json = new JSONObject();
|
JSONObject json = new JSONObject();
|
||||||
json.put("error_code", this.getErrorCode());
|
try {
|
||||||
json.put("error_message", this.getErrorMessages());
|
json.put("error_code", this.getErrorCode());
|
||||||
json.put("error_setting", this.getErrorSettings());
|
json.put("error_message", this.getErrorMessages());
|
||||||
json.put("error_marker", this.getErrorMarker());
|
json.put("error_setting", this.getErrorSettings());
|
||||||
|
json.put("error_marker", this.getErrorMarker());
|
||||||
|
} catch (JSONException e) {
|
||||||
|
logger.error("Error", e);
|
||||||
|
}
|
||||||
return json;
|
return json;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -80,6 +80,8 @@ public class Storage implements AutoCloseable {
|
|||||||
}
|
}
|
||||||
} catch (SQLException e) {
|
} catch (SQLException e) {
|
||||||
logger.error("An error occurred", e);
|
logger.error("An error occurred", e);
|
||||||
|
} catch (Exception e) {
|
||||||
|
logger.error("An error occurred", e);
|
||||||
}
|
}
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user