Commit f6011c28 authored by Mathias Vehus's avatar Mathias Vehus
Browse files

Fixed some other security holes in the code including removing the admin user...

Fixed some other security holes in the code including removing the admin user and putting in a password repeat checker for the registration.
parent 06696691
......@@ -105,15 +105,19 @@ public class Handler extends AbstractHandler
(request.getParameter("username"))).get());
String password = (new Maybe<String>
(request.getParameter("password"))).get();
System.err.println("Registering user: \"" + username);
try {
Password pw = new Password(password);
inchat.register(new UserName(username),pw).forEach(sessionBuilder);
} catch (IllegalArgumentException e){
System.err.println("Invalid Password");
}
String passwordRepeat = (new Maybe<>(request.getParameter("password_repeat"))).get();
if (!password.equals(passwordRepeat))
System.err.println("Passwords do not match");
else {
System.err.println("Registering user: \"" + username);
try {
Password pw = new Password(password);
inchat.register(new UserName(username), pw).forEach(sessionBuilder);
} catch (IllegalArgumentException e) {
System.err.println("Invalid Password");
}
}
} catch (Maybe.NothingException e) {
// Not enough data suppied for login
System.err.println("Broken usage of register");
......@@ -630,26 +634,6 @@ public class Handler extends AbstractHandler
inchat = new InChat(userStore,channelStore,
accountStore,sessionStore,connection);
connection.setAutoCommit(false);
try {
final Stored<Session> admin = inchat.register(new UserName("admin"),new Password("pa$$w0rd")).get();
final Stored<Channel> debug = inchat.createChannel(admin.value.account, "debug").get();
(new Thread(){ public void run() {
Mutable<Stored<Channel>> chan = new Mutable<Stored<Channel>>(debug);
while(true) {
inchat.waitNextChannelVersion(chan.get().identity, chan.get().version).forEach(chan);
chan.get().value.events.head().forEach( e -> {
try {
if(e.value.message != null) {
ResultSet rs = connection.createStatement().executeQuery(e.value.message);
if (rs.next()) {
inchat.postMessage(admin.value.account,chan.get(),rs.getString(1)).forEach(chan);
}
}
} catch(Exception re) {}});
}
} }).start();
} catch (Exception e) {
}
Server server = new Server(8080);
server.setHandler(new Handler());
......
......@@ -13,7 +13,7 @@ public class Password {
}
private boolean checkPassword(String password) {
return password.length() >= 8;
return password.length() >= 8 && password.length() < 1000;
}
@Override
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment