Correct the api rest authentication [EN/PL]
(EN) Improvement of the REST-API for authentication
(polish version below)
Because imported data from Scada has a different password hashing mechanism, I adapted our API to use the same mechanism.
The method checkPassword (String hash, String password) has been added to check the validity of the hash with the password in the UsersServiceImpl.
The data structure has been changed. Field name md5password has been changed to hash.
This caused the need for changes also in the following classes: UserDao, Migration, User, UserAPI, UserDaoTest.
In addition, I changed the visibility range of the encriptPassword (String plainText) function to the public in the UsersServiceImp class, which allowed it to be used in the AuthenticationService class.
Also, a unit test has been added to check the hash of the default password for the User "admin" in the UserServiceTest.
And there has been a corrected mistake in using an annotation instead of @PathParam @PathVariable should be used.
Finally, the authentication check (which should be by https by default)
All changes were made as part of the tasks 198
(PL) Poprawa REST-API do autentykacji
Ponieważ zaimportowane dane z programu Scada-LTS mają inny mechanizm haszowania haseł to dostosowałem API aby używało tego samego mechanizmu.
Dodałem metodę checkPassword(String hash, String password) sprawdzającą prawidłowość hasza z hasłem w klasie UsersServiceImpl.
Zmodyfikowałem struktury danych, nazwa pola md5password została zamieniona na hash, co wymusiło zmiany w klasach: UserDao, Migration, User, UserAPI, UserDaoTest
Dodatkowo zmieniłem zasięg widoczności funkcji encriptPassword(String plainText) na publiczny w klasie UsersServiceImp, co pozwoliło na użycie jej w klasie AuthenticationService.
Utworzyłem test jednostkowy sprawdzający hash domyślnego hasła dla Użytkownika "admin" w UserServiceTest.
Poprawiłem też pomyłkę w użyciu adnotacji. Zmieniając @PathParam na @PathVariable.
Na końcu test sprawdzający autentykacje (która domyślnie ma być po https)
Wszystkie zmiany zostały dokonane w ramach zadaniach 198
Posted on Utopian.io - Rewarding Open Source Contributors
Leave Correct the api rest authentication [EN/PL] to:
Read more #utopian-io posts
Best Posts From grzesiek
We have not curated any of grzesiekb's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.
More Posts From grzesiek
- Bash script - challenge [part 3]. Authentication test (token) using the curl program.
- Bash script challenge [part 2]. Authentication test (session) using the curl program.
- Bash script - challenge. Writing API tests using the curl program
- Adding description for datasource state [develop Scada-LTS]
- New option in HttpRetriver datasource [Scada-LTS]
- New Export/Import pointHierarchy. [ScadaLTS]
- [Scada-LTS] The possibility to add image sets without requiring a reboot
- [Scada-LTS] The possibility to add image sets without a restart
- New Project “shop-at-everything”.
- A successful attempt on adding switch language option in the angular app and integrating it with crowdin.com
- Add login component [EN/PL]
- Generating data (multistate) for simulations in Scada-LTS. [EN/PL]
- Correct the api rest authentication [EN/PL]
- How the data of virtual multisate points in the Scada-LTS program change
- We add a virtual point with the ** multistate ** type (increment) in Scada-LTS
- Generating data (binary) for simulations in Scada-LTS / Generowanie danych (binarnych) do symulacji w Scadzie-LTS [EN/PL]
- Preview how data from "virtual-data source" (type binary - Alternate, No Change, Random) changes every second
- Add "virtual point" in "virual data-source" - with Binary type in Scada-LTS
- Add a "virtual data-source" in Scada-LTS
- Add permission mask decoding