Commit 8362c28c authored by Vetle.Hjelmtvedt's avatar Vetle.Hjelmtvedt
Browse files

Merge branch 'taskW' into 'master'

Fixed some other security holes in the code including removing the admin user...

See merge request !11
parents 06696691 f6011c28
......@@ -105,15 +105,19 @@ public class Handler extends AbstractHandler
(request.getParameter("username"))).get());
String password = (new Maybe<String>
(request.getParameter("password"))).get();
System.err.println("Registering user: \"" + username);
try {
Password pw = new Password(password);
inchat.register(new UserName(username),pw).forEach(sessionBuilder);
} catch (IllegalArgumentException e){
System.err.println("Invalid Password");
}
String passwordRepeat = (new Maybe<>(request.getParameter("password_repeat"))).get();
if (!password.equals(passwordRepeat))
System.err.println("Passwords do not match");
else {
System.err.println("Registering user: \"" + username);
try {
Password pw = new Password(password);
inchat.register(new UserName(username), pw).forEach(sessionBuilder);
} catch (IllegalArgumentException e) {
System.err.println("Invalid Password");
}
}
} catch (Maybe.NothingException e) {
// Not enough data suppied for login
System.err.println("Broken usage of register");
......@@ -630,26 +634,6 @@ public class Handler extends AbstractHandler
inchat = new InChat(userStore,channelStore,
accountStore,sessionStore,connection);
connection.setAutoCommit(false);
try {
final Stored<Session> admin = inchat.register(new UserName("admin"),new Password("pa$$w0rd")).get();
final Stored<Channel> debug = inchat.createChannel(admin.value.account, "debug").get();
(new Thread(){ public void run() {
Mutable<Stored<Channel>> chan = new Mutable<Stored<Channel>>(debug);
while(true) {
inchat.waitNextChannelVersion(chan.get().identity, chan.get().version).forEach(chan);
chan.get().value.events.head().forEach( e -> {
try {
if(e.value.message != null) {
ResultSet rs = connection.createStatement().executeQuery(e.value.message);
if (rs.next()) {
inchat.postMessage(admin.value.account,chan.get(),rs.getString(1)).forEach(chan);
}
}
} catch(Exception re) {}});
}
} }).start();
} catch (Exception e) {
}
Server server = new Server(8080);
server.setHandler(new Handler());
......
......@@ -13,7 +13,7 @@ public class Password {
}
private boolean checkPassword(String password) {
return password.length() >= 8;
return password.length() >= 8 && password.length() < 1000;
}
@Override
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment