Commit 8362c28c authored by Vetle.Hjelmtvedt's avatar Vetle.Hjelmtvedt
Browse files

Merge branch 'taskW' into 'master'

Fixed some other security holes in the code including removing the admin user...

See merge request !11
parents 06696691 f6011c28
...@@ -105,15 +105,19 @@ public class Handler extends AbstractHandler ...@@ -105,15 +105,19 @@ public class Handler extends AbstractHandler
(request.getParameter("username"))).get()); (request.getParameter("username"))).get());
String password = (new Maybe<String> String password = (new Maybe<String>
(request.getParameter("password"))).get(); (request.getParameter("password"))).get();
System.err.println("Registering user: \"" + username); String passwordRepeat = (new Maybe<>(request.getParameter("password_repeat"))).get();
if (!password.equals(passwordRepeat))
try { System.err.println("Passwords do not match");
Password pw = new Password(password); else {
inchat.register(new UserName(username),pw).forEach(sessionBuilder); System.err.println("Registering user: \"" + username);
} catch (IllegalArgumentException e){
System.err.println("Invalid Password");
}
try {
Password pw = new Password(password);
inchat.register(new UserName(username), pw).forEach(sessionBuilder);
} catch (IllegalArgumentException e) {
System.err.println("Invalid Password");
}
}
} catch (Maybe.NothingException e) { } catch (Maybe.NothingException e) {
// Not enough data suppied for login // Not enough data suppied for login
System.err.println("Broken usage of register"); System.err.println("Broken usage of register");
...@@ -630,26 +634,6 @@ public class Handler extends AbstractHandler ...@@ -630,26 +634,6 @@ public class Handler extends AbstractHandler
inchat = new InChat(userStore,channelStore, inchat = new InChat(userStore,channelStore,
accountStore,sessionStore,connection); accountStore,sessionStore,connection);
connection.setAutoCommit(false); connection.setAutoCommit(false);
try {
final Stored<Session> admin = inchat.register(new UserName("admin"),new Password("pa$$w0rd")).get();
final Stored<Channel> debug = inchat.createChannel(admin.value.account, "debug").get();
(new Thread(){ public void run() {
Mutable<Stored<Channel>> chan = new Mutable<Stored<Channel>>(debug);
while(true) {
inchat.waitNextChannelVersion(chan.get().identity, chan.get().version).forEach(chan);
chan.get().value.events.head().forEach( e -> {
try {
if(e.value.message != null) {
ResultSet rs = connection.createStatement().executeQuery(e.value.message);
if (rs.next()) {
inchat.postMessage(admin.value.account,chan.get(),rs.getString(1)).forEach(chan);
}
}
} catch(Exception re) {}});
}
} }).start();
} catch (Exception e) {
}
Server server = new Server(8080); Server server = new Server(8080);
server.setHandler(new Handler()); server.setHandler(new Handler());
......
...@@ -13,7 +13,7 @@ public class Password { ...@@ -13,7 +13,7 @@ public class Password {
} }
private boolean checkPassword(String password) { private boolean checkPassword(String password) {
return password.length() >= 8; return password.length() >= 8 && password.length() < 1000;
} }
@Override @Override
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment