Handle all AuthenticationTokens

Do not error out when given another token than a Fling token. However, only a valid FlingToken can grant access.
2020-06-15 21:36:07 +02:00 · 2020-06-15 21:36:07 +02:00 · 26efd11851
commit 26efd11851
parent e59d8bba6a
1 changed files with 19 additions and 9 deletions
--- a/service/fling/src/main/java/net/friedl/fling/security/AuthorizationService.java
+++ b/service/fling/src/main/java/net/friedl/fling/security/AuthorizationService.java
@ -5,6 +5,7 @@ import java.util.NoSuchElementException;
 import javax.servlet.http.HttpServletRequest;

 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.stereotype.Service;

 import lombok.extern.slf4j.Slf4j;
@ -25,14 +26,17 @@ public class AuthorizationService {
        this.artifactService = artifactService;
    }

-    public boolean allowUpload(Long flingId, FlingToken authentication) {
-        if (authentication.getGrantedFlingAuthority().getAuthority().equals(FlingAuthority.FLING_OWNER.name())) {
+    public boolean allowUpload(Long flingId, AbstractAuthenticationToken token) {
+    	if (!(token instanceof FlingToken)) return false;
+
+    	FlingToken flingToken = (FlingToken) token;
+        if (flingToken.getGrantedFlingAuthority().getAuthority().equals(FlingAuthority.FLING_OWNER.name())) {
            return true;
        }

        var uploadAllowed = flingService.findFlingById(flingId).orElseThrow().getAllowUpload();

-        return uploadAllowed && authentication.getGrantedFlingAuthority().getFlingId().equals(flingId);
+        return uploadAllowed && flingToken.getGrantedFlingAuthority().getFlingId().equals(flingId);
    }

    public boolean allowPatchingArtifact(Long artifactId, FlingToken authentication) {
@ -44,16 +48,22 @@ public class AuthorizationService {
        return userAuth.getShareId().equals(shareUrl);
    }

-    public boolean allowFlingAccess(Long flingId, FlingToken authentication) {
-        if (authentication.getGrantedFlingAuthority().getAuthority().equals(FlingAuthority.FLING_OWNER.name())) {
+    public boolean allowFlingAccess(Long flingId, AbstractAuthenticationToken token) {
+    	if (!(token instanceof FlingToken)) return false;
+    	
+    	FlingToken flingToken = (FlingToken) token;
+        if (flingToken.getGrantedFlingAuthority().getAuthority().equals(FlingAuthority.FLING_OWNER.name())) {
            return true;
        }

-        return authentication.getGrantedFlingAuthority().getFlingId().equals(flingId);
+        return flingToken.getGrantedFlingAuthority().getFlingId().equals(flingId);
    }

-    public boolean allowFlingAccess(FlingToken authentication, HttpServletRequest request) {
-        if (authentication.getGrantedFlingAuthority().getAuthority().equals(FlingAuthority.FLING_OWNER.name())) {
+    public boolean allowFlingAccess(AbstractAuthenticationToken token, HttpServletRequest request) {
+    	if (!(token instanceof FlingToken)) return false;
+
+    	FlingToken flingToken = (FlingToken) token;
+        if (flingToken.getGrantedFlingAuthority().getAuthority().equals(FlingAuthority.FLING_OWNER.name())) {
            return true;
        }

@ -71,6 +81,6 @@ public class AuthorizationService {
            flingId = null;
        }

-        return authentication.getGrantedFlingAuthority().getFlingId().equals(flingId);
+        return flingToken.getGrantedFlingAuthority().getFlingId().equals(flingId);
    }
 }