Change user unlock to new API

service/fling/src/main/java/net/friedl/fling/service/AuthenticationService.java

@@ -15,12 +15,14 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
+import org.springframework.util.StringUtils;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.JwtBuilder;
 import io.jsonwebtoken.JwtParser;
 import io.jsonwebtoken.Jwts;
 import lombok.extern.slf4j.Slf4j;
 import net.friedl.fling.model.dto.AdminAuthDto;
+import net.friedl.fling.model.dto.FlingDto;
 import net.friedl.fling.model.dto.UserAuthDto;
 import net.friedl.fling.persistence.entities.FlingEntity;
 import net.friedl.fling.persistence.entities.TokenEntity;
@@ -84,10 +86,14 @@ public class AuthenticationService {
       throw new EntityNotFoundException("No entity for shareId=" + userAuth.getShareId());
     }
 
-    String providedAuthCodeHash = passwordEncoder.encode(userAuth.getAuthCode());
+    String providedAuthCode = userAuth.getAuthCode();
     String actualAuthCodeHash = flingEntity.getAuthCode();
     
-    if (!actualAuthCodeHash.equals(providedAuthCodeHash)) {
+    Boolean isProtected = StringUtils.hasText(actualAuthCodeHash);
+
+    if(!isProtected) log.debug("No protection set for fling [.shareId={}]");
+
+    if (isProtected && !passwordEncoder.matches(providedAuthCode, actualAuthCodeHash)) {
       log.debug("Authentication failed for fling [.shareId={}]", userAuth.getShareId());
       return Optional.empty();
     }
@@ -96,6 +102,7 @@ public class AuthenticationService {
     return Optional.of(
         getJwtBuilder()
             .setSubject("user")
+            .claim("shareId", flingEntity.getShareId())
             .claim("id", flingEntity.getId())
             .compact());
 

service/fling/src/test/java/net/friedl/fling/service/AuthenticationServiceTest.java

@@ -118,6 +118,16 @@ public class AuthenticationServiceTest {
     assertThat(authenticationService.authenticate(userAuthDto), equalTo(Optional.empty()));
   }
 
+  @Test
+  public void authenticate_authCodeEmpty_ok() {
+    FlingEntity flingEntity = new FlingEntity();
+    UserAuthDto userAuthDto = new UserAuthDto("shareId", "");
+
+    when(flingRepository.findByShareId(any(String.class))).thenReturn(flingEntity);
+
+    assertThat(authenticationService.authenticate(userAuthDto), not(equalTo(Optional.empty())));
+  }
+
   @Test
   public void authenticate_authCodeEquals_ok() {
     FlingEntity flingEntity = new FlingEntity();
@@ -130,6 +140,7 @@ public class AuthenticationServiceTest {
 
     when(flingRepository.findByShareId(any(String.class))).thenReturn(flingEntity);
     when(passwordEncoder.encode(any(String.class))).thenReturn("authCodeHash");
+    when(passwordEncoder.matches("authCode", "authCodeHash")).thenReturn(true);
 
     assertThat(authenticationService.authenticate(userAuthDto), not(equalTo(Optional.empty())));
   }

web/fling/src/App.jsx

@@ -87,7 +87,7 @@ function UserRoute({ children, ...rest }) {
 
         let authorized =
           jwt.hasSubject("admin")
-          || ( jwt.hasSubject("user") && jwt.hasClaim("id", state['shareId']) );
+          || ( jwt.hasSubject("user") && jwt.hasClaim("shareId", state['shareId']) );
 
         if (authorized) { return children; }
         else { return <Redirect to={{ pathname: "/unlock", state: state }} />; }

web/fling/src/components/user/Error.jsx

@@ -1,26 +0,0 @@
-import React, {useState} from 'react';
-import classNames from 'classnames';
-
-import log from 'loglevel';
-
-export default (props) => {
-    function renderError() {
-        return (
-            <div className="toast toast-error mb-2">
-              <button className="btn btn-clear float-right" onClick={props.clearErrors}></button>
-              <h5>Ooops!</h5>
-              <li>
-                { props.errors.map( (err, idx) => <ul key={idx}>{err}</ul> ) }
-              </li>
-            </div>
-        );
-    }
-
-    return (
-        <>
-          { props.errors.length > 0 && !props.below ? renderError() : "" }
-          { props.children }
-          { props.errors.length > 0 && props.below ? renderError() : "" }
-        </>
-    );
-}

web/fling/src/components/user/FlingUser.jsx

@@ -1,8 +1,8 @@
-import React, {useState, useEffect} from 'react';
+import React, { useState, useEffect } from 'react';
 
-import {useParams} from 'react-router-dom';
+import { useParams } from 'react-router-dom';
 
-import {flingClient} from '../../util/flingclient';
+import { FlingClient } from '../../util/fc';
 
 import DirectDownload from './DirectDownload';
 import FlingUserList from './FlingUserList';
@@ -12,11 +12,12 @@ export default function FlingUser() {
   let [fling, setFling] = useState({});
 
   useEffect(() => {
+    let flingClient = new FlingClient();
     flingClient.getFlingByShareId(shareId)
       .then(f => setFling(f));
   }, [shareId]);
 
-    return(
+  return (
     <div>
       {fling.sharing && fling.sharing.directDownload
         ? <DirectDownload fling={fling} />

web/fling/src/components/user/Unlock.jsx

@@ -1,8 +1,8 @@
 import log from 'loglevel';
-import React, {useState, useEffect} from 'react';
-import {useHistory, useLocation} from 'react-router-dom';
+import React, { useState, useEffect } from 'react';
+import { useHistory, useLocation } from 'react-router-dom';
 
-import request, {setAuth} from '../../util/request';
+import { AuthClient, fc } from '../../util/fc';
 
 export default function Unlock() {
   const [authCode, setAuthCode] = useState("");
@@ -10,16 +10,18 @@ export default function Unlock() {
   const location = useLocation();
   const { from, shareId } = location.state || { from: { pathname: "/admin" }, shareId: "" };
 
-    useEffect(() => setAuth(null), []);
-
   useEffect(() => {
-        request.post("/auth/user", {"shareId": location.state.shareId})
+    let authClient = new AuthClient();
+    let userAuth = new fc.UserAuth(location.state.shareId, "")
+
+    authClient.authenticateUser({ 'userAuth': userAuth })
       .then(response => {
         log.info("Fling is not protected. Logged in successfully.");
-                setAuth(response.data);
+        sessionStorage.setItem('token', response);
         history.replace(location.state.from);
-            })
-            .catch(err => {/* ignored */});
+      }).catch(error => {
+        log.info("Fling protected. Could not unlock without code.")
+      });
   }, [location, history]);
 
   return (
@@ -31,7 +33,8 @@ export default function Unlock() {
         <div className="column col-12">
           <form id="auth-code-form" onSubmit={handleSubmit}>
             <div className="input-group">
-                  <input id="auth-code" className="form-input" name="authCode" type="password" placeholder="Enter your code" value={authCode} onChange={handleChange} />
+              <input id="auth-code" className="form-input" name="authCode" type="password" placeholder="Enter your code"
+                     value={authCode} onChange={ev => setAuthCode(ev.target.value)} />
               <button className="btn btn-primary" type="submit">Unlock</button>
             </div>
           </form>
@@ -42,20 +45,16 @@ export default function Unlock() {
 
   function handleSubmit(ev) {
     ev.preventDefault();
+    let authClient = new AuthClient();
+    let userAuth = new fc.UserAuth(shareId, authCode)
 
-        request.post("/auth/user", {"shareId": shareId, "code": authCode})
+    authClient.authenticateUser({ 'userAuth': userAuth })
       .then(response => {
         log.info("Logged in successfully");
-                setAuth(response.data);
+        sessionStorage.setItem('token', response);
         history.replace(from);
-            })
-            .catch(error => {
+      }).catch(error => {
         log.error(error);
       });
   };
-
-    function handleChange(ev) {
-        let val = ev.target.value;
-        setAuthCode(val);
-    };
 }