net.webpasswordsafe.server.webservice.rest.PasswordController.java Source code

Java tutorial

Introduction

Here is the source code for net.webpasswordsafe.server.webservice.rest.PasswordController.java

Source

/*
Copyright 2013 Josh Drummond
    
This file is part of WebPasswordSafe.
    
WebPasswordSafe is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
    
WebPasswordSafe is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
    
You should have received a copy of the GNU General Public License
along with WebPasswordSafe; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*/
package net.webpasswordsafe.server.webservice.rest;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import net.webpasswordsafe.client.remote.LoginService;
import net.webpasswordsafe.client.remote.PasswordService;
import net.webpasswordsafe.common.model.AccessLevel;
import net.webpasswordsafe.common.model.Password;
import net.webpasswordsafe.common.model.PasswordData;
import net.webpasswordsafe.common.model.Permission;
import net.webpasswordsafe.common.model.Tag;
import net.webpasswordsafe.common.model.User;
import net.webpasswordsafe.common.util.Constants;
import net.webpasswordsafe.common.util.Constants.AuthenticationStatus;
import net.webpasswordsafe.common.util.Constants.Match;
import net.webpasswordsafe.common.util.Utils;
import net.webpasswordsafe.server.ServerSessionUtil;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.View;

/**
 * Set of password related REST webservices
 * 
 * @author Josh Drummond
 *
 */
@Controller
public class PasswordController {
    @Autowired
    private PasswordService passwordService;
    @Autowired
    protected LoginService loginService;
    @Autowired
    private View jsonView;
    private static Logger LOG = Logger.getLogger(PasswordController.class);

    @RequestMapping(value = "/passwords", method = RequestMethod.GET)
    public ModelAndView getPasswordList(@RequestParam(value = "query", required = false) String query,
            HttpServletRequest request, @RequestHeader(Constants.REST_AUTHN_USERNAME) String authnUsername,
            @RequestHeader(Constants.REST_AUTHN_PASSWORD) String authnPassword,
            @RequestHeader(Constants.REST_AUTHN_TOTP) String authnTOTP) {
        boolean isSuccess = false;
        String message = "";
        List<Map<String, String>> passwordList = new ArrayList<Map<String, String>>();
        try {
            ServerSessionUtil.setIP(request.getRemoteAddr());
            AuthenticationStatus authStatus = loginService.login(authnUsername,
                    Utils.buildCredentials(authnPassword, authnTOTP));
            if (AuthenticationStatus.SUCCESS == authStatus) {
                List<Password> results = passwordService.searchPassword(query, true, new HashSet<Tag>(), Match.AND);
                for (Password password : results) {
                    Map<String, String> passwordMap = new HashMap<String, String>();
                    passwordMap.put("id", String.valueOf(password.getId()));
                    passwordMap.put("title", password.getName());
                    passwordMap.put("username", password.getUsername());
                    passwordMap.put("notes", password.getNotes());
                    passwordMap.put("tags", password.getTagsAsString());
                    passwordList.add(passwordMap);
                }
                isSuccess = true;
            } else {
                message = "Invalid authentication";
            }
            loginService.logout();
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            isSuccess = false;
            message = e.getMessage();
        }
        return createModelAndView(isSuccess, message, "passwordList", passwordList);
    }

    @RequestMapping(value = "/passwords/{passwordId}", method = RequestMethod.GET)
    public ModelAndView getPassword(@PathVariable("passwordId") String passwordId, HttpServletRequest request,
            @RequestHeader(Constants.REST_AUTHN_USERNAME) String authnUsername,
            @RequestHeader(Constants.REST_AUTHN_PASSWORD) String authnPassword,
            @RequestHeader(Constants.REST_AUTHN_TOTP) String authnTOTP) {
        boolean isSuccess = false;
        String message = "";
        Map<String, String> passwordMap = new HashMap<String, String>();
        try {
            ServerSessionUtil.setIP(request.getRemoteAddr());
            AuthenticationStatus authStatus = loginService.login(authnUsername,
                    Utils.buildCredentials(authnPassword, authnTOTP));
            if (AuthenticationStatus.SUCCESS == authStatus) {
                Password password = passwordService.getPassword(Long.valueOf(passwordId));
                if (password != null) {
                    passwordMap.put("id", String.valueOf(password.getId()));
                    passwordMap.put("title", password.getName());
                    passwordMap.put("username", password.getUsername());
                    passwordMap.put("notes", password.getNotes());
                    passwordMap.put("tags", password.getTagsAsString());
                    passwordMap.put("active", password.isActive() ? "Y" : "N");
                    isSuccess = true;
                } else {
                    message = "Password not found";
                }
            } else {
                message = "Invalid authentication";
            }
            loginService.logout();
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            isSuccess = false;
            message = e.getMessage();
        }
        return createModelAndView(isSuccess, message, "password", passwordMap);
    }

    @RequestMapping(value = "/passwords/{passwordId}/currentValue", method = RequestMethod.GET)
    public ModelAndView getCurrentPassword(@PathVariable("passwordId") String passwordId,
            HttpServletRequest request, @RequestHeader(Constants.REST_AUTHN_USERNAME) String authnUsername,
            @RequestHeader(Constants.REST_AUTHN_PASSWORD) String authnPassword,
            @RequestHeader(Constants.REST_AUTHN_TOTP) String authnTOTP) {
        boolean isSuccess = false;
        String message = "";
        String currentPassword = "";
        try {
            ServerSessionUtil.setIP(request.getRemoteAddr());
            AuthenticationStatus authStatus = loginService.login(authnUsername,
                    Utils.buildCredentials(authnPassword, authnTOTP));
            if (AuthenticationStatus.SUCCESS == authStatus) {
                Password password = passwordService.getPassword(Long.valueOf(passwordId));
                if (password != null) {
                    currentPassword = passwordService.getCurrentPassword(password.getId());
                    isSuccess = true;
                } else {
                    message = "Password not found";
                }
            } else {
                message = "Invalid authentication";
            }
            loginService.logout();
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            isSuccess = false;
            message = e.getMessage();
        }
        return createModelAndView(isSuccess, message, "currentPassword", currentPassword);
    }

    @RequestMapping(value = "/passwords", method = RequestMethod.POST)
    public ModelAndView addPassword(@RequestBody Map<String, Object> passwordMap, HttpServletRequest request,
            @RequestHeader(Constants.REST_AUTHN_USERNAME) String authnUsername,
            @RequestHeader(Constants.REST_AUTHN_PASSWORD) String authnPassword,
            @RequestHeader(Constants.REST_AUTHN_TOTP) String authnTOTP) {
        boolean isSuccess = false;
        String message = "";
        String passwordId = "";
        try {
            ServerSessionUtil.setIP(request.getRemoteAddr());
            AuthenticationStatus authStatus = loginService.login(authnUsername,
                    Utils.buildCredentials(authnPassword, authnTOTP));
            if (AuthenticationStatus.SUCCESS == authStatus) {
                User loggedInUser = loginService.getLogin();
                Password password = new Password();
                password.setName(Utils.safeString(passwordMap.get("title")));
                password.setUsername(Utils.safeString(passwordMap.get("username")));
                PasswordData passwordDataItem = new PasswordData();
                passwordDataItem.setPassword(Utils.safeString(passwordMap.get("password")));
                password.addPasswordData(passwordDataItem);
                password.setNotes(Utils.safeString(passwordMap.get("notes")));
                password.setMaxHistory(-1);
                String active = Utils.safeString(passwordMap.get("active")).toLowerCase();
                password.setActive(
                        active.equals("") || active.equals("true") || active.equals("yes") || active.equals("y"));
                password.addPermission(new Permission(loggedInUser, AccessLevel.GRANT));
                password.addTagsAsString(Utils.safeString(passwordMap.get("tags")));
                if (passwordService.isPasswordTaken(password.getName(), password.getUsername(), password.getId())) {
                    message = "Password title and username already exists";
                } else {
                    passwordService.addPassword(password);
                    passwordId = String.valueOf(password.getId());
                    isSuccess = true;
                }
            } else {
                message = "Invalid authentication";
            }
            loginService.logout();
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            isSuccess = false;
            message = e.getMessage();
        }
        return createModelAndView(isSuccess, message, "passwordId", passwordId);
    }

    @RequestMapping(value = "/passwords", method = RequestMethod.PUT)
    public ModelAndView updatePassword(@RequestBody Map<String, Object> passwordMap, HttpServletRequest request,
            @RequestHeader(Constants.REST_AUTHN_USERNAME) String authnUsername,
            @RequestHeader(Constants.REST_AUTHN_PASSWORD) String authnPassword,
            @RequestHeader(Constants.REST_AUTHN_TOTP) String authnTOTP) {
        boolean isSuccess = false;
        String message = "";
        String passwordId = "";
        try {
            ServerSessionUtil.setIP(request.getRemoteAddr());
            AuthenticationStatus authStatus = loginService.login(authnUsername,
                    Utils.buildCredentials(authnPassword, authnTOTP));
            if (AuthenticationStatus.SUCCESS == authStatus) {
                passwordId = Utils.safeString(passwordMap.get("id"));
                int iPasswordId = Utils.safeInt(passwordId);
                if (iPasswordId > 0) {
                    Password password = passwordService.getPassword(iPasswordId);
                    if (null != password) {
                        Password updatePassword = password.cloneCopy();
                        updatePassword.setName(Utils.safeString(passwordMap.get("title")));
                        updatePassword.setUsername(Utils.safeString(passwordMap.get("username")));
                        PasswordData passwordDataItem = new PasswordData();
                        passwordDataItem.setPassword(Utils.safeString(passwordMap.get("password")));
                        updatePassword.addPasswordData(passwordDataItem);
                        updatePassword.setNotes(Utils.safeString(passwordMap.get("notes")));
                        String active = Utils.safeString(passwordMap.get("active")).toLowerCase();
                        updatePassword.setActive(active.equals("") || active.equals("true") || active.equals("yes")
                                || active.equals("y"));
                        updatePassword.addTagsAsString(Utils.safeString(passwordMap.get("tags")));
                        if (passwordService.isPasswordTaken(updatePassword.getName(), updatePassword.getUsername(),
                                updatePassword.getId())) {
                            message = "Password title and username already exists";
                        } else {
                            passwordService.updatePassword(updatePassword);
                            isSuccess = true;
                        }
                    } else {
                        message = "invalid id or no access";
                    }
                } else {
                    message = "invalid id or no access";
                }
            } else {
                message = "Invalid authentication";
            }
            loginService.logout();
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            isSuccess = false;
            message = e.getMessage();
        }
        return createModelAndView(isSuccess, message, "passwordId", passwordId);
    }

    private ModelAndView createModelAndView(boolean isSuccess, String message, String dataKey, Object dataValue) {
        ModelAndView mv = new ModelAndView(jsonView);
        mv.addObject("success", isSuccess);
        mv.addObject("message", message);
        mv.addObject(dataKey, dataValue);
        return mv;
    }
}