return bad request on invlaid username

71e7254f · Grzegorz Pietrusza · d6585259 · 71e7254f · 71e7254f
Commit 71e7254f authored Mar 22, 2016 by Grzegorz Pietrusza
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 8 deletions

TasksRepository.java ...phoners/krakyournet/ctf/repositories/TasksRepository.java +7 -5

TasksResource.java .../telephoners/krakyournet/ctf/resources/TasksResource.java +7 -3

No files found.
--- a/service/src/main/java/com/telephoners/krakyournet/ctf/repositories/TasksRepository.java
+++ b/service/src/main/java/com/telephoners/krakyournet/ctf/repositories/TasksRepository.java
@@ -17,7 +17,6 @@ import javax.inject.Singleton;
 import java.security.MessageDigest;
 import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 import java.util.stream.Collectors;

 @Singleton
@@ -27,11 +26,13 @@ public class TasksRepository extends Repository<Task>
    private Datastore datastore;
    private TeamsRepository teamsRepository;
    private SolutionsRepository solutionsRepository;
+    private UsersRepository usersRepository;
    private MessageDigest messageDigest;

    @Inject
    public TasksRepository(ApplicationConfiguration applicationConfiguration, Datastore datastore,
                           TeamsRepository teamsRepository, SolutionsRepository solutionsRepository,
+                           UsersRepository usersRepository,
                           final @Named("messageDigest") MessageDigest messageDigest)
    {
        super(datastore);
@@ -39,6 +40,7 @@ public class TasksRepository extends Repository<Task>
        this.datastore = datastore;
        this.teamsRepository = teamsRepository;
        this.solutionsRepository = solutionsRepository;
+        this.usersRepository = usersRepository;
        this.messageDigest = messageDigest;
    }

@@ -62,7 +64,7 @@ public class TasksRepository extends Repository<Task>
                .collect(Collectors.toMap(
                        Task::getLevel,
                        task -> task.getFlags().stream()
-                                .map(flag -> calculateHashValue(username, flag.getValue()))
+                                .map(flag -> calculateHashValue(usersRepository.getUserByName(username), flag.getValue()))
                                .collect(Collectors.toList())
                ));
    }
@@ -71,15 +73,15 @@ public class TasksRepository extends Repository<Task>
    {
        String username = user.getName();
        Flag matchedFlag = getByLevel(taskLevel).getFlags().stream()
-                .filter(flag -> calculateHashValue(username, flag.getValue()).equals(userHash))
+                .filter(flag -> calculateHashValue(user, flag.getValue()).equals(userHash))
                .findFirst()
                .get();
        return new Pair<>(getByLevel(taskLevel), matchedFlag);
    }

-    public String calculateHashValue(String username, String flagValue)
+    public String calculateHashValue(User user, String flagValue)
    {
-        String combinedStrings = applicationConfiguration.getSalt() + username + flagValue;
+        String combinedStrings = applicationConfiguration.getSalt() + user.getName() + flagValue;
        return Hex.encodeHexString(messageDigest.digest(combinedStrings.getBytes()));
    }


--- a/service/src/main/java/com/telephoners/krakyournet/ctf/resources/TasksResource.java
+++ b/service/src/main/java/com/telephoners/krakyournet/ctf/resources/TasksResource.java
@@ -39,9 +39,13 @@ public class TasksResource
    public Response getUserFlags(@Auth User user, final @PathParam("username") String username)
    {
        if (user.isAdmin()) {
+            try {
                return Response.ok()
                        .entity(tasksRepository.getUserFlagsHashes(username))
                        .build();
+            } catch (Exception e) {
+                return Response.status(Response.Status.BAD_REQUEST).build();
+            }
        }
        return Response.status(Response.Status.UNAUTHORIZED).build();
    }