authentication stub

4640f4a3 · Grzegorz Pietrusza · f6d8e4c6 · 4640f4a3 · 4640f4a3 · 4640f4a3
Commit 4640f4a3 authored Feb 21, 2016 by Grzegorz Pietrusza
8 changed files
--- a/.idea/libraries/dropwizard_auth_0_9_2.xml
+++ b/.idea/libraries/dropwizard_auth_0_9_2.xml
+<component name="libraryTable">
+  <library name="dropwizard-auth-0.9.2">
+    <CLASSES>
+      <root url="jar://$PROJECT_DIR$/dropwizard-auth-0.9.2.jar!/" />
+    </CLASSES>
+    <JAVADOC />
+    <SOURCES />
+  </library>
+</component>
\ No newline at end of file
--- a/service/configuration.yml
+++ b/service/configuration.yml
@@ -3,3 +3,8 @@ dbPort: 27017
 dbName: db
 flagHashMethod: "MD5"
+users:
+    - gpietrus
+    - mehow
+    - rosiu
\ No newline at end of file
--- a/service/service.iml
+++ b/service/service.iml
@@ -96,5 +96,6 @@
    <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpcore:4.4.3" level="project" />
    <orderEntry type="library" name="Maven: commons-logging:commons-logging:1.2" level="project" />
    <orderEntry type="library" name="Maven: commons-codec:commons-codec:1.9" level="project" />
+    <orderEntry type="library" name="dropwizard-auth-0.9.2" level="project" />
  </component>
 </module>
\ No newline at end of file
--- a/service/src/main/java/CTFApplication.java
+++ b/service/src/main/java/CTFApplication.java
-import core.ApplicationConfiguration;
-import repositories.SolutionsRepository;
-import repositories.TasksRepository;
-import repositories.TeamsRepository;
 import api.ProxyResource;
 import api.TasksResource;
 import api.TeamsResource;
+import com.google.common.base.Optional;
 import com.google.inject.AbstractModule;
 import com.google.inject.Guice;
 import com.google.inject.Injector;
+import core.ApplicationConfiguration;
 import core.FlagChecker;
 import core.TaskType;
 import database.MongoDBConnector;
 import io.dropwizard.Application;
+import io.dropwizard.auth.*;
+import io.dropwizard.auth.basic.BasicCredentialAuthFilter;
+import io.dropwizard.auth.basic.BasicCredentials;
 import io.dropwizard.setup.Environment;
 import objects.Flag;
 import objects.Task;
 import objects.Team;
 import objects.User;
+import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature;
+import repositories.SolutionsRepository;
+import repositories.TasksRepository;
+import repositories.TeamsRepository;
+import repositories.UsersRepository;
 import java.util.ArrayList;
-import java.util.Random;
 import java.util.UUID;
 /**
@@ -27,6 +32,8 @@ import java.util.UUID;
 */
 public class CTFApplication extends Application<ApplicationConfiguration> {
+    private UsersRepository usersRepository; //todo: refactor to injects
    @Override
    public void run(ApplicationConfiguration applicationConfiguration, Environment environment) throws Exception {
@@ -38,14 +45,15 @@ public class CTFApplication extends Application<ApplicationConfiguration> {
        TeamsRepository teamsRepository = new TeamsRepository(dbConnector);
        teamsRepository.clean();
-        int numberOfNewTeams = new Random().nextInt(20);
+        int numberOfNewTeams = 1;//new Random().nextInt(20);
-        int numberOfTeamMembers = 3;
+        int numberOfTeamMembers = 1;
        for (int i = 0; i < numberOfNewTeams; i++) {
            ArrayList<User> members = new ArrayList<>();
            for (int j = 0; j < numberOfTeamMembers; j++) {
-                members.add(new User(String.valueOf(UUID.randomUUID()), "passwd", "email"));
+                members.add(new User("gpietrus", "passwd", "email"));
+//                members.add(new User(String.valueOf(UUID.randomUUID()), "passwd", "email"));
            }
            teamsRepository.add(new Team(String.valueOf(UUID.randomUUID()), "description", members));
@@ -77,8 +85,43 @@ public class CTFApplication extends Application<ApplicationConfiguration> {
        environment.jersey().register(injector.getInstance(ProxyResource.class));
        //REGISTER AUTH
-        environment.jersey().register(new BasicAuthProvider<User>(new ExampleAuthenticator(),
+        environment.jersey().register(new AuthDynamicFeature(
-                "SUPER SECRET STUFF"));
+                new BasicCredentialAuthFilter.Builder<User>()
+                        .setAuthenticator(new ExampleAuthenticator(usersRepository))
+                        .setAuthorizer(new ExampleAuthorizer())
+                        .setRealm("SUPER SECRET STUFF")
+                        .buildAuthFilter()));
+        environment.jersey().register(RolesAllowedDynamicFeature.class);
+        //If you want to use @Auth to inject a custom Principal type into your resource
+        environment.jersey().register(new AuthValueFactoryProvider.Binder<>(User.class));
+    }
+    //todo: move to seperate class
+    public class ExampleAuthenticator implements Authenticator<BasicCredentials, User> {
+        private UsersRepository usersRepository;
+        public ExampleAuthenticator(UsersRepository usersRepository) {
+            this.usersRepository = usersRepository;
+        }
+        @Override
+        public com.google.common.base.Optional<User> authenticate(BasicCredentials credentials) throws AuthenticationException {
+            if ("secret".equals(credentials.getPassword())) {
+                java.util.Optional<User> user = usersRepository.get(credentials.getUsername());
+                if (user.isPresent()) {
+                    return Optional.of(user.get());
+                }
+            }
+            return Optional.absent();
+        }
+    }
+    public class ExampleAuthorizer implements Authorizer<User> {
+        @Override
+        public boolean authorize(User user, String role) {
+            return user.getName().equals("good-guy") && role.equals("ADMIN");
+        }
    }
    //todo: inject dbonnector
@@ -91,11 +134,13 @@ public class CTFApplication extends Application<ApplicationConfiguration> {
                TeamsRepository teamsRepository = new TeamsRepository(dbConnector);
                TasksRepository tasksRepository = new TasksRepository(dbConnector);
+                usersRepository = new UsersRepository(dbConnector, teamsRepository);
                SolutionsRepository solutionsRepository = new SolutionsRepository(dbConnector);
                FlagChecker flagChecker = new FlagChecker(applicationConfiguration, tasksRepository, teamsRepository, solutionsRepository);
                bind(TeamsRepository.class).toInstance(teamsRepository);
                bind(TasksRepository.class).toInstance(tasksRepository);
+                bind(UsersRepository.class).toInstance(usersRepository);
                bind(TeamsResource.class).toInstance(new TeamsResource(teamsRepository));
                bind(TasksResource.class).toInstance(new TasksResource(tasksRepository, teamsRepository,

--- a/service/src/main/java/api/TasksResource.java
+++ b/service/src/main/java/api/TasksResource.java
 package api;
+import core.FlagChecker;
+import io.dropwizard.auth.Auth;
+import objects.Task;
+import objects.User;
 import repositories.SolutionsRepository;
 import repositories.TasksRepository;
 import repositories.TeamsRepository;
-import core.FlagChecker;
-import objects.Task;
 import javax.inject.Inject;
 import javax.ws.rs.GET;
@@ -36,7 +38,7 @@ public class TasksResource
    }
    @GET
-    public List<Task> getTasks() {
+    public List<Task> getTasks(@Auth User user) {
        return tasksRepository.getAll();
    }

--- a/service/src/main/java/core/ApplicationConfiguration.java
+++ b/service/src/main/java/core/ApplicationConfiguration.java
@@ -2,6 +2,8 @@ package core;
 import io.dropwizard.Configuration;
+import java.util.List;
 /**
 * Created by gpietrus on 16.02.16.
 */
@@ -12,10 +14,20 @@ public class ApplicationConfiguration extends Configuration {
    private String flagHashMethod;
+    private List<String> users;
    public String getFlagHashMethod() {
        return flagHashMethod;
    }
+    public List<String> getUsers() {
+        return users;
+    }
+    public void setUsers(List<String> users) {
+        this.users = users;
+    }
    public void setFlagHashMethod(String flagHashMethod) {
        this.flagHashMethod = flagHashMethod;
    }

--- a/service/src/main/java/objects/User.java
+++ b/service/src/main/java/objects/User.java
@@ -3,12 +3,13 @@ package objects;
 import com.google.common.collect.ImmutableMap;
 import org.bson.Document;
+import java.security.Principal;
 import java.util.Map;
 /**
 * Created by gpietrus on 16.02.16.
 */
-public class User {
+public class User implements Principal {
    private String name;
    private String password;
    private String email;

--- a/service/src/main/java/repositories/UsersRepository.java
+++ b/service/src/main/java/repositories/UsersRepository.java
 package repositories;
 import database.MongoDBConnector;
+import objects.Team;
 import objects.User;
-import org.bson.Document;
-import java.util.List;
+import java.util.Collection;
-import java.util.UUID;
+import java.util.Optional;
-import java.util.function.Function;
-import java.util.stream.Collectors;
 /**
 * Created by gpietrus on 20.02.2016.
@@ -15,28 +13,39 @@ import java.util.stream.Collectors;
 public class UsersRepository implements Repository {
    private MongoDBConnector mongoDBConnector;
+    private TeamsRepository teamsRepository;
-    public UsersRepository(MongoDBConnector mongoDBConnector) {
+    public UsersRepository(MongoDBConnector mongoDBConnector,
+                           TeamsRepository teamsRepository) {
        this.mongoDBConnector = mongoDBConnector;
+        this.teamsRepository = teamsRepository;
    }
-    public void get(UUID uuid) {
+    public Optional<User> get(String username) {
-//        new HashMap<>()
+        Optional<User> userOptional = teamsRepository.getAll()
-//        return mongoDBConnector.getDocument("");
-    }
-    public List<User> getAll() {
-        return mongoDBConnector.getCollection("users")
                .stream()
-                .map((Function<Document, User>) User::new)
+                .map(Team::getMembers)
-                .collect(Collectors.toList());
+                .flatMap(Collection::stream)
+                .filter(user -> user.getName().equals(username))
+                .findFirst();
+        return userOptional;
    }
-    public void add(User user) {
+//    public void get(UUID uuid) {
-        mongoDBConnector.addDocument("users", new Document(user.toMap()));
+//    }
-    }
-    public void clean() {
+//    public List<User> getAll() {
-        mongoDBConnector.removeCollection("users");
+//        return mongoDBConnector.getCollection("users")
-    }
+//                .stream()
+//                .map((Function<Document, User>) User::new)
+//                .collect(Collectors.toList());
+//    }
+//    public void add(User user) {
+//        mongoDBConnector.addDocument("users", new Document(user.toMap()));
+//    }
+//    public void clean() {
+//        mongoDBConnector.removeCollection("users");
+//    }
 }