Skip to content

C
CTF
Commit 4640f4a3 authored by Grzegorz Pietrusza's avatar Grzegorz Pietrusza
Browse files
Options

authentication stub

parent f6d8e4c6
Hide whitespace changes
Inline Side-by-side
Showing with 120 additions and 36 deletions
.idea/libraries/dropwizard_auth_0_9_2.xml 0 → 100644
View file @ 4640f4a3
<component name="libraryTable">
<library name="dropwizard-auth-0.9.2">
<CLASSES>
<root url="jar://$PROJECT_DIR$/dropwizard-auth-0.9.2.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
</library>
</component>
\ No newline at end of file
service/configuration.yml
View file @ 4640f4a3
......@@ -2,4 +2,9 @@ dbHost: localhost
dbPort: 27017
dbName: db
flagHashMethod: "MD5"
\ No newline at end of file
flagHashMethod: "MD5"
users:
- gpietrus
- mehow
- rosiu
\ No newline at end of file
service/service.iml
View file @ 4640f4a3
......@@ -96,5 +96,6 @@
<orderEntry type="library" name="Maven: org.apache.httpcomponents:httpcore:4.4.3" level="project" />
<orderEntry type="library" name="Maven: commons-logging:commons-logging:1.2" level="project" />
<orderEntry type="library" name="Maven: commons-codec:commons-codec:1.9" level="project" />
<orderEntry type="library" name="dropwizard-auth-0.9.2" level="project" />
</component>
</module>
\ No newline at end of file
service/src/main/java/CTFApplication.java
View file @ 4640f4a3
import core.ApplicationConfiguration;
import repositories.SolutionsRepository;
import repositories.TasksRepository;
import repositories.TeamsRepository;
import api.ProxyResource;
import api.TasksResource;
import api.TeamsResource;
import com.google.common.base.Optional;
import com.google.inject.AbstractModule;
import com.google.inject.Guice;
import com.google.inject.Injector;
import core.ApplicationConfiguration;
import core.FlagChecker;
import core.TaskType;
import database.MongoDBConnector;
import io.dropwizard.Application;
import io.dropwizard.auth.*;
import io.dropwizard.auth.basic.BasicCredentialAuthFilter;
import io.dropwizard.auth.basic.BasicCredentials;
import io.dropwizard.setup.Environment;
import objects.Flag;
import objects.Task;
import objects.Team;
import objects.User;
import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature;
import repositories.SolutionsRepository;
import repositories.TasksRepository;
import repositories.TeamsRepository;
import repositories.UsersRepository;
import java.util.ArrayList;
import java.util.Random;
import java.util.UUID;
/**
......@@ -27,6 +32,8 @@ import java.util.UUID;
*/
public class CTFApplication extends Application<ApplicationConfiguration> {
private UsersRepository usersRepository; //todo: refactor to injects
@Override
public void run(ApplicationConfiguration applicationConfiguration, Environment environment) throws Exception {
......@@ -38,14 +45,15 @@ public class CTFApplication extends Application<ApplicationConfiguration> {
TeamsRepository teamsRepository = new TeamsRepository(dbConnector);
teamsRepository.clean();
int numberOfNewTeams = new Random().nextInt(20);
int numberOfTeamMembers = 3;
int numberOfNewTeams = 1;//new Random().nextInt(20);
int numberOfTeamMembers = 1;
for (int i = 0; i < numberOfNewTeams; i++) {
ArrayList<User> members = new ArrayList<>();
for (int j = 0; j < numberOfTeamMembers; j++) {
members.add(new User(String.valueOf(UUID.randomUUID()), "passwd", "email"));
members.add(new User("gpietrus", "passwd", "email"));
// members.add(new User(String.valueOf(UUID.randomUUID()), "passwd", "email"));
}
teamsRepository.add(new Team(String.valueOf(UUID.randomUUID()), "description", members));
......@@ -77,8 +85,43 @@ public class CTFApplication extends Application<ApplicationConfiguration> {
environment.jersey().register(injector.getInstance(ProxyResource.class));
//REGISTER AUTH
environment.jersey().register(new BasicAuthProvider<User>(new ExampleAuthenticator(),
"SUPER SECRET STUFF"));
environment.jersey().register(new AuthDynamicFeature(
new BasicCredentialAuthFilter.Builder<User>()
.setAuthenticator(new ExampleAuthenticator(usersRepository))
.setAuthorizer(new ExampleAuthorizer())
.setRealm("SUPER SECRET STUFF")
.buildAuthFilter()));
environment.jersey().register(RolesAllowedDynamicFeature.class);
//If you want to use @Auth to inject a custom Principal type into your resource
environment.jersey().register(new AuthValueFactoryProvider.Binder<>(User.class));
}
//todo: move to seperate class
public class ExampleAuthenticator implements Authenticator<BasicCredentials, User> {
private UsersRepository usersRepository;
public ExampleAuthenticator(UsersRepository usersRepository) {
this.usersRepository = usersRepository;
}
@Override
public com.google.common.base.Optional<User> authenticate(BasicCredentials credentials) throws AuthenticationException {
if ("secret".equals(credentials.getPassword())) {
java.util.Optional<User> user = usersRepository.get(credentials.getUsername());
if (user.isPresent()) {
return Optional.of(user.get());
}
}
return Optional.absent();
}
}
public class ExampleAuthorizer implements Authorizer<User> {
@Override
public boolean authorize(User user, String role) {
return user.getName().equals("good-guy") && role.equals("ADMIN");
}
}
//todo: inject dbonnector
......@@ -91,11 +134,13 @@ public class CTFApplication extends Application<ApplicationConfiguration> {
TeamsRepository teamsRepository = new TeamsRepository(dbConnector);
TasksRepository tasksRepository = new TasksRepository(dbConnector);
usersRepository = new UsersRepository(dbConnector, teamsRepository);
SolutionsRepository solutionsRepository = new SolutionsRepository(dbConnector);
FlagChecker flagChecker = new FlagChecker(applicationConfiguration, tasksRepository, teamsRepository, solutionsRepository);
bind(TeamsRepository.class).toInstance(teamsRepository);
bind(TasksRepository.class).toInstance(tasksRepository);
bind(UsersRepository.class).toInstance(usersRepository);
bind(TeamsResource.class).toInstance(new TeamsResource(teamsRepository));
bind(TasksResource.class).toInstance(new TasksResource(tasksRepository, teamsRepository,
......
service/src/main/java/api/TasksResource.java
View file @ 4640f4a3
package api;
import core.FlagChecker;
import io.dropwizard.auth.Auth;
import objects.Task;
import objects.User;
import repositories.SolutionsRepository;
import repositories.TasksRepository;
import repositories.TeamsRepository;
import core.FlagChecker;
import objects.Task;
import javax.inject.Inject;
import javax.ws.rs.GET;
......@@ -36,7 +38,7 @@ public class TasksResource
}
@GET
public List<Task> getTasks() {
public List<Task> getTasks(@Auth User user) {
return tasksRepository.getAll();
}
......
service/src/main/java/core/ApplicationConfiguration.java
View file @ 4640f4a3
......@@ -2,6 +2,8 @@ package core;
import io.dropwizard.Configuration;
import java.util.List;
/**
* Created by gpietrus on 16.02.16.
*/
......@@ -12,10 +14,20 @@ public class ApplicationConfiguration extends Configuration {
private String flagHashMethod;
private List<String> users;
public String getFlagHashMethod() {
return flagHashMethod;
}
public List<String> getUsers() {
return users;
}
public void setUsers(List<String> users) {
this.users = users;
}
public void setFlagHashMethod(String flagHashMethod) {
this.flagHashMethod = flagHashMethod;
}
......
service/src/main/java/objects/User.java
View file @ 4640f4a3
......@@ -3,12 +3,13 @@ package objects;
import com.google.common.collect.ImmutableMap;
import org.bson.Document;
import java.security.Principal;
import java.util.Map;
/**
* Created by gpietrus on 16.02.16.
*/
public class User {
public class User implements Principal {
private String name;
private String password;
private String email;
......
service/src/main/java/repositories/UsersRepository.java
View file @ 4640f4a3
package repositories;
import database.MongoDBConnector;
import objects.Team;
import objects.User;
import org.bson.Document;
import java.util.List;
import java.util.UUID;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.Collection;
import java.util.Optional;
/**
* Created by gpietrus on 20.02.2016.
......@@ -15,28 +13,39 @@ import java.util.stream.Collectors;
public class UsersRepository implements Repository {
private MongoDBConnector mongoDBConnector;
private TeamsRepository teamsRepository;
public UsersRepository(MongoDBConnector mongoDBConnector) {
public UsersRepository(MongoDBConnector mongoDBConnector,
TeamsRepository teamsRepository) {
this.mongoDBConnector = mongoDBConnector;
this.teamsRepository = teamsRepository;
}
public void get(UUID uuid) {
// new HashMap<>()
// return mongoDBConnector.getDocument("");
}
public List<User> getAll() {
return mongoDBConnector.getCollection("users")
public Optional<User> get(String username) {
Optional<User> userOptional = teamsRepository.getAll()
.stream()
.map((Function<Document, User>) User::new)
.collect(Collectors.toList());
.map(Team::getMembers)
.flatMap(Collection::stream)
.filter(user -> user.getName().equals(username))
.findFirst();
return userOptional;
}
public void add(User user) {
mongoDBConnector.addDocument("users", new Document(user.toMap()));
}
// public void get(UUID uuid) {
// }
public void clean() {
mongoDBConnector.removeCollection("users");
}
// public List<User> getAll() {
// return mongoDBConnector.getCollection("users")
// .stream()
// .map((Function<Document, User>) User::new)
// .collect(Collectors.toList());
// }
// public void add(User user) {
// mongoDBConnector.addDocument("users", new Document(user.toMap()));
// }
// public void clean() {
// mongoDBConnector.removeCollection("users");
// }
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment