Skip to content

Commit 07a33e7

Browse files
MClarkDevMClarkDev
committed
Case insensitivity in auth handler.
1 parent 8016c18 commit 07a33e7

File tree

4 files changed

+16
-9
lines changed

4 files changed

+16
-9
lines changed

config/community/admins.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
{
2-
"admin": "changeme"
2+
"admin": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
33
}

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,7 @@
116116
<dependency>
117117
<groupId>com.mclarkdev.tools</groupId>
118118
<artifactId>liblog</artifactId>
119-
<version>1.6.5</version>
119+
<version>1.6.6</version>
120120
</dependency>
121121

122122
<dependency>

src/main/java/org/barcodeapi/core/Config.java

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@
88

99
import com.mclarkdev.tools.libargs.LibArgs;
1010
import com.mclarkdev.tools.libextras.LibExtrasStreams;
11-
import com.mclarkdev.tools.liblog.LibLog;
1211

1312
public class Config {
1413

src/main/java/org/barcodeapi/server/core/SessionHelper.java

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -97,8 +97,8 @@ public static CachedSession getSession(Request request) {
9797
/**
9898
* Validate a user based on the provided Authentication string.
9999
*
100-
* @param request
101-
* @return
100+
* @param basicAuth BasicAuth encoded string
101+
* @return valid user name or null or no user found
102102
*/
103103
public static String validateUser(String basicAuth) {
104104

@@ -131,10 +131,18 @@ public static String validateUser(String basicAuth) {
131131
String uName = decoded.substring(0, split);
132132
String pWord = decoded.substring(split + 1);
133133

134-
// Calculate the expected password hash
135-
String passHash = LibExtrasHashes.sumSHA256(pWord.getBytes());
134+
// Check if requested user exists
135+
if (!(_admins.has(uName))) {
136136

137-
// Check if login exists in app config and return
138-
return (passHash.equals(_admins.optString(uName)) ? uName : null);
137+
// Fail if user not found
138+
return null;
139+
}
140+
141+
// Determine actual and expected password hashes
142+
String passHashActual = LibExtrasHashes.sumSHA256(pWord.getBytes());
143+
String passHashExpected = _admins.getString(uName).toUpperCase();
144+
145+
// Check if actual pass hash matches expected pass hash
146+
return (passHashActual.equals(passHashExpected) ? uName : null);
139147
}
140148
}

0 commit comments

Comments
 (0)