/* Query2Report Copyright (C) 2018 Yogesh Deshpande This file is part of Query2Report. Query2Report is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Query2Report is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with Query2Report. If not, see <http://www.gnu.org/licenses/>. */ package com.lwr.software.reporter.admin.usermgmt; import java.nio.charset.StandardCharsets; import java.security.SecureRandom; import java.util.Base64; import java.util.Date; import org.apache.log4j.LogManager; import org.apache.log4j.Logger; import org.codehaus.jackson.annotate.JsonIgnore; import com.lwr.software.reporter.DashboardConstants; import com.lwr.software.reporter.utils.EncryptionUtil; public class User { @JsonIgnore private static Logger logger = LogManager.getLogger(User.class); private String username; private String password; private String displayName; private String chartType = DashboardConstants.HTML_JFREE; private String role = DashboardConstants.ADMIN_USER; private long refreshInterval = DashboardConstants.DEFAULT_REFRESH_INTERVAL_MILLIS; private int sessionTimeout = DashboardConstants.DEFAULT_SESSION_TIMEOUT; private String authToken = ""; public User(){ } public String getAuthToken() { return authToken; } public void setAuthToken(String authToken) { this.authToken = authToken; } public int getSessionTimeout() { return sessionTimeout; } public void setSessionTimeout(int sessionTimeout) { this.sessionTimeout = sessionTimeout; } public long getRefreshInterval() { return refreshInterval; } public void setRefreshInterval(long refreshInterval) { this.refreshInterval = refreshInterval; } public User(String displayName,String username,String password, String role, String chartType){ this.displayName=displayName; this.username=username; this.password=password; this.role=role; this.chartType=chartType; } public String getChartType() { return chartType; } public void setChartType(String chartType) { this.chartType = chartType; } public String getDisplayName() { return displayName; } public void setDisplayName(String displayName) { this.displayName = displayName; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public String getRole() { return role; } public void setRole(String role) { this.role = role; } @Override public boolean equals(Object obj) { if(obj==null) return false; User user = (User)obj; return getUsername().equalsIgnoreCase(user.getUsername()); } @Override public int hashCode() { return getUsername().hashCode(); } @Override public String toString() { return "[username: "+this.username+", displayName: "+this.displayName+", role: "+this.role+", chartType: "+this.chartType+", refreshInterval: "+this.refreshInterval+"]"; } public String loginUser(String inPassword){ String encPassword = getPassword(); String inEncPassword = EncryptionUtil.encrypt(inPassword); if(encPassword.equals(inEncPassword)){ return generateToken(); } throw new RuntimeException("Unauthorized user. Invalid username or password."); } @JsonIgnore public String generateToken(){ SecureRandom randomGenerator = new SecureRandom(); Integer randomNumber = randomGenerator.nextInt(10000); double currNanoTime = System.nanoTime(); double durationNanoTime = ((double)this.sessionTimeout)*(1000000000); double expNanoTime = currNanoTime+durationNanoTime; String key = this.username+":"+randomNumber.toString()+":"+expNanoTime; byte[] dataBytes = key.getBytes(StandardCharsets.UTF_8); authToken = username+"_0_"+Base64.getEncoder().encodeToString(dataBytes)+"_0_"+role; System.out.println(authToken); logger.info("Token for user "+this.username+" is "+this.authToken); // authToken = username+"_0_"+key+"_0_"+role; return authToken; } @JsonIgnore public boolean isValidToken(String token){ logger.info("For user "+this.username+" in token is "+token+" stored token is "+this.authToken); if(authToken!=null && !authToken.equals(token)){ logger.error("Corrupt token"); return false; } String tokenPatterns[] = token.split("_0_"); if(tokenPatterns == null || tokenPatterns.length!=3){ return false; } byte[] data = Base64.getDecoder().decode(tokenPatterns[1]); String decodedToken = new String(data, StandardCharsets.UTF_8); tokenPatterns = decodedToken.split(":"); if(tokenPatterns.length != 3){ logger.error("Corrupt token"); return false; } double expNanoTime = Double.parseDouble(tokenPatterns[2]); double currNanoTime = System.nanoTime(); logger.info("User "+this.username+" token will expire in "+((expNanoTime-currNanoTime)/10E9)+" seconds."); System.out.println("User "+this.username+" token will expire in "+((expNanoTime-currNanoTime)/1E9)+" seconds."); if(currNanoTime < expNanoTime ){ return true; }else{ logger.error("Token expired"); return false; } } public void logoutUser() { this.authToken=""; logger.info("For user "+this.username+" logging out and setting authToken to null"); } }