[Pollen-commits] 01/02: clean code and improve CORS management

This is an automated email from the git hooks/post-receive script. New commit to branch feature/pollen-riot-js in repository pollen. See https://gitlab.nuiton.org/chorem/pollen.git commit 180ede04c9723446aa7837fcf8f252c1828070ba Author: Tony CHEMIT <dev@tchemit.fr> Date: Wed Jan 11 10:38:17 2017 +0100 clean code and improve CORS management --- pollen-rest-api/pom.xml | 1 + .../rest/api/PollenRestApiRequestFilter.java | 34 +++++++--- .../chorem/pollen/rest/api/PollenRestApiUtil.java | 72 ---------------------- .../org/chorem/pollen/rest/api/v1/ErrorAction.java | 13 ---- .../org/chorem/pollen/rest/api/v1/PollApi.java | 6 +- .../chorem/pollen/rest/api/v1/VoterListApi.java | 4 +- .../services/service/security/SecurityService.java | 6 +- 7 files changed, 37 insertions(+), 99 deletions(-) diff --git a/pollen-rest-api/pom.xml b/pollen-rest-api/pom.xml index e7e19ea..ed76250 100644 --- a/pollen-rest-api/pom.xml +++ b/pollen-rest-api/pom.xml @@ -270,6 +270,7 @@ <pollen.log.dir>${defaultLogDir}</pollen.log.dir> </systemProperties> <uriEncoding>UTF-8</uriEncoding> + <port>8084</port> </configuration> </plugin> </plugins> diff --git a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java index ff950a4..72103b6 100644 --- a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java +++ b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java @@ -21,6 +21,7 @@ package org.chorem.pollen.rest.api; * #L% */ +import org.apache.commons.lang3.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.chorem.pollen.persistence.PollenPersistenceContext; @@ -48,13 +49,16 @@ import java.util.Map; */ public class PollenRestApiRequestFilter extends WebMotionFilter { - public static final String REQUEST_PERMISSION_PARAMETER = "permission"; + private static final String HEADER_ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers"; + private static final String HEADER_ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; + public static final String REQUEST_PERMISSION_PARAMETER = "permission"; public static final String REQUEST_HEADER_SESSION_TOKEN = "X-Pollen-Session-Token"; /** Logger. */ private static final Log log = LogFactory.getLog(PollenRestApiRequestFilter.class); + @SuppressWarnings("unused") public void inject(Call call, HttpContext context) throws PollenInvalidSessionTokenException { prepareRequestContext(context); @@ -63,17 +67,31 @@ public class PollenRestApiRequestFilter extends WebMotionFilter { Render render = call.getRender(); - if (render instanceof RenderStatus && - HttpServletResponse.SC_OK == ((RenderStatus) render).getCode()) { + if (render instanceof RenderStatus && HttpServletResponse.SC_OK == ((RenderStatus) render).getCode()) { - // operation accepted - PollenRestApiUtil.addOptionCorsHeaders(context); + // add CORS response headers + HttpServletResponse response = context.getResponse(); + + String requestHeaders = context.getHeader(HEADER_ACCESS_CONTROL_REQUEST_HEADERS); + + if (StringUtils.isNotBlank(requestHeaders)) { + response.setHeader(HEADER_ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders); + } else { + response.setHeader(HEADER_ACCESS_CONTROL_ALLOW_HEADERS, "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"); + } } } - PollenRestApiUtil.prepareResponse(context); + HttpServletResponse response = context.getResponse(); + + String origin = context.getHeader("Origin"); + if (origin != null) { + response.setHeader(HttpContext.HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, origin); + response.setHeader(HttpContext.HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); + response.setHeader(HttpContext.HEADER_ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, DELETE, PUT, OPTIONS"); + } doProcess(); @@ -129,8 +147,8 @@ public class PollenRestApiRequestFilter extends WebMotionFilter { protected Locale getUserLocale(HttpContext context) { String language = context.getHeader(HttpContext.HEADER_LANGUAGE); - if (log.isInfoEnabled()) { - log.info("Found Accept-Language: " + language); + if (log.isDebugEnabled()) { + log.debug("Found Accept-Language: " + language); } // search best locale accepted by the server 'fr' or 'en' diff --git a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiUtil.java b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiUtil.java deleted file mode 100644 index 7ff2080..0000000 --- a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiUtil.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.chorem.pollen.rest.api; - -/* - * #%L - * Pollen :: Rest Api - * %% - * Copyright (C) 2009 - 2017 Code Lutin, Tony Chemit - * %% - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * #L% - */ - -import com.google.common.collect.Lists; -import org.apache.commons.lang3.StringUtils; -import org.debux.webmotion.server.call.HttpContext; - -import javax.servlet.http.HttpServletResponse; -import java.util.List; - -/** - * Created on 5/16/14. - * - * @author Tony Chemit - dev@tchemit.fr - * @since 2.0 - */ -public class PollenRestApiUtil { - - public static final String HEADER_ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers"; - - public static final String HEADER_ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; - - @SafeVarargs - public static <O> List<O> toList(O... array) { - - List<O> list = null; - - if (array != null && array.length > 0) { - list = Lists.newArrayList(array); - } - - return list; - } - - public static void prepareResponse(HttpContext context) { - - HttpServletResponse response = context.getResponse(); - response.setHeader(HttpContext.HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, "*"); - response.setHeader(HttpContext.HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); - - } - - public static void addOptionCorsHeaders(HttpContext context) { - - String requestHeaders = context.getHeader(HEADER_ACCESS_CONTROL_REQUEST_HEADERS); - - if (StringUtils.isNotBlank(requestHeaders)) { - context.getResponse().addHeader(HEADER_ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders); - } - } - -} diff --git a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/ErrorAction.java b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/ErrorAction.java index 0c8c3af..24912a3 100644 --- a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/ErrorAction.java +++ b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/ErrorAction.java @@ -21,7 +21,6 @@ package org.chorem.pollen.rest.api.v1; * #L% */ -import org.chorem.pollen.rest.api.PollenRestApiUtil; import org.chorem.pollen.services.service.FavoriteListImportException; import org.chorem.pollen.services.service.InvalidFormException; import org.debux.webmotion.server.WebMotionController; @@ -40,8 +39,6 @@ public class ErrorAction extends WebMotionController { public InvalidFormException on400Form(HttpContext context, InvalidFormException e) { - PollenRestApiUtil.prepareResponse(context); - // just return the exception, return e; @@ -49,8 +46,6 @@ public class ErrorAction extends WebMotionController { public FavoriteListImportException on400Import(HttpContext context, FavoriteListImportException e) { - PollenRestApiUtil.prepareResponse(context); - // just return the exception, return e; @@ -58,32 +53,24 @@ public class ErrorAction extends WebMotionController { public Render on404(HttpContext context, Exception e) { - PollenRestApiUtil.prepareResponse(context); - return renderError(HttpServletResponse.SC_NOT_FOUND, e.getMessage()); } public Render on401(HttpContext context, Exception e) { - PollenRestApiUtil.prepareResponse(context); - return renderError(HttpServletResponse.SC_UNAUTHORIZED, e.getMessage()); } public Render on403(HttpContext context, Exception e) { - PollenRestApiUtil.prepareResponse(context); - return renderError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); } public Render on500(HttpContext context, Exception e) { - PollenRestApiUtil.prepareResponse(context); - return renderError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); } diff --git a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollApi.java b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollApi.java index 57afcef..75c88b9 100644 --- a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollApi.java +++ b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollApi.java @@ -21,8 +21,8 @@ package org.chorem.pollen.rest.api.v1; * #L% */ +import com.google.common.collect.Lists; import org.chorem.pollen.persistence.entity.Poll; -import org.chorem.pollen.rest.api.PollenRestApiUtil; import org.chorem.pollen.services.bean.ChoiceBean; import org.chorem.pollen.services.bean.PaginationParameterBean; import org.chorem.pollen.services.bean.PaginationResultBean; @@ -82,9 +82,9 @@ public class PollApi extends WebMotionController { public PollenEntityRef<Poll> createPoll(PollService pollService, PollBean poll, - ChoiceBean[] choices) throws InvalidFormException { + ChoiceBean... choices) throws InvalidFormException { - List<ChoiceBean> choiceList = PollenRestApiUtil.toList(choices); + List<ChoiceBean> choiceList = Lists.newArrayList(choices); return pollService.createPoll(poll, choiceList); diff --git a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoterListApi.java b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoterListApi.java index 8f7bdb7..c695f8a 100644 --- a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoterListApi.java +++ b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoterListApi.java @@ -21,11 +21,11 @@ package org.chorem.pollen.rest.api.v1; * #L% */ +import com.google.common.collect.Lists; import org.chorem.pollen.persistence.entity.FavoriteList; import org.chorem.pollen.persistence.entity.Poll; import org.chorem.pollen.persistence.entity.VoterList; import org.chorem.pollen.persistence.entity.VoterListMember; -import org.chorem.pollen.rest.api.PollenRestApiUtil; import org.chorem.pollen.services.bean.PollenEntityId; import org.chorem.pollen.services.bean.PollenEntityRef; import org.chorem.pollen.services.bean.VoterListBean; @@ -71,7 +71,7 @@ public class VoterListApi extends WebMotionController { public PollenEntityRef<VoterList> createVoterList(VoterListService voterListService, PollenEntityId<Poll> pollId, VoterListBean voterList, VoterListMemberBean... members) throws InvalidFormException { - List<VoterListMemberBean> memberList = PollenRestApiUtil.toList(members); + List<VoterListMemberBean> memberList = Lists.newArrayList(members); return voterListService.addVoterList(pollId.getEntityId(), voterList, memberList); diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java index f9d3217..6adb3f7 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java @@ -124,7 +124,11 @@ public class SecurityService extends PollenServiceSupport { Preconditions.checkNotNull(login); - PollenUser user = getPollenUserDao().forEmailEquals(login).findUnique(); + PollenUser user = getPollenUserDao().forEmailEquals(login).findUniqueOrNull(); + + if (user == null) { + throw new PollenUnauthorizedException(login); + } String newPassword = serviceContext.generatePassword(); -- To stop receiving notification emails like this one, please contact chorem.org SCM administrator <admin+scm@chorem.org>.