summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-app-common/src/main
diff options
context:
space:
mode:
authorKotta, Shireesha (sk434m) <sk434m@att.com>2019-06-28 15:27:29 -0400
committerKotta, Shireesha (sk434m) <sk434m@att.com>2019-06-28 15:27:29 -0400
commit179ff1eb0c1ac9eef4d152c47df5cb12a4584c0f (patch)
treeb9b744e106d688e807ffb31b6a986230034423d5 /ecomp-sdk/epsdk-app-common/src/main
parentd63c87226df57e7bd0513f9b17374716197056fa (diff)
PENTEST:Do not display stack trace for the api's
Issue-ID: PORTAL-654 PENTEST:Do not display stack trace for the api's and all users info for get_user api Change-Id: I68a4e3c7eba2628363275d63535290034591aa07 Signed-off-by: Kotta, Shireesha (sk434m) <sk434m@att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-app-common/src/main')
-rw-r--r--ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileSearchController.java19
-rw-r--r--ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/service/OnBoardingApiServiceImpl.java41
2 files changed, 48 insertions, 12 deletions
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileSearchController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileSearchController.java
index f5d37e2b..a94c3b46 100644
--- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileSearchController.java
+++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/ProfileSearchController.java
@@ -50,10 +50,12 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.json.JSONObject;
+import org.onap.portalsdk.core.auth.LoginStrategy;
import org.onap.portalsdk.core.controller.RestrictedBaseController;
import org.onap.portalsdk.core.domain.MenuData;
import org.onap.portalsdk.core.domain.User;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;
import org.onap.portalsdk.core.service.FnMenuService;
import org.onap.portalsdk.core.service.UserProfileService;
import org.onap.portalsdk.core.service.UserService;
@@ -83,6 +85,9 @@ public class ProfileSearchController extends RestrictedBaseController {
@Autowired
private FnMenuService fnMenuService;
+
+ @Autowired
+ private LoginStrategy loginStrategy;
@RequestMapping(value = { "/profile_search" }, method = RequestMethod.GET)
public ModelAndView profileSearch(HttpServletRequest request) {
@@ -103,11 +108,21 @@ public class ProfileSearchController extends RestrictedBaseController {
@RequestMapping(value = { "/get_user" }, method = RequestMethod.GET)
public void getUser(HttpServletRequest request, HttpServletResponse response) {
logger.info(EELFLoggerDelegate.applicationLogger, "Initiating get_user in ProfileSearchController");
+ String userId = "";
+ try {
+ userId = loginStrategy.getUserId(request);
+ } catch (PortalAPIException e1) {
+ logger.error(EELFLoggerDelegate.applicationLogger, "No User found in request", e1);
+ }
+
+ final String requestedUserId = userId;
ObjectMapper mapper = new ObjectMapper();
List<User> profileList = null;
try {
profileList = service.findAll();
- JsonMessage msg = new JsonMessage(mapper.writeValueAsString(profileList));
+ User user = profileList.stream()
+ .filter(x -> x.getOrgUserId().equals(requestedUserId)).findAny().orElse(null);
+ JsonMessage msg = new JsonMessage(mapper.writeValueAsString(user));
JSONObject j = new JSONObject(msg);
response.setContentType(APPLICATION_JSON);
response.getWriter().write(j.toString());
@@ -180,4 +195,4 @@ public class ProfileSearchController extends RestrictedBaseController {
logger.error(EELFLoggerDelegate.applicationLogger, "toggleProfileActive failed", e);
}
}
-}
+} \ No newline at end of file
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/service/OnBoardingApiServiceImpl.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/service/OnBoardingApiServiceImpl.java
index acf94bae..e2875125 100644
--- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/service/OnBoardingApiServiceImpl.java
+++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/service/OnBoardingApiServiceImpl.java
@@ -193,7 +193,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR
user.setRoles(roles);
saveUserExtension(user);
} catch (Exception e) {
- String response = "OnboardingApiService.pushUser failed";
+ String response = "Failed to save user";
logger.error(EELFLoggerDelegate.errorLogger, response, e);
throw new PortalAPIException(response, e);
} finally {
@@ -276,7 +276,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR
editUserExtension(domainUser);
} catch (Exception e) {
- String response = "OnboardingApiService.editUser failed";
+ String response = "Failed to edit the user";
logger.error(EELFLoggerDelegate.errorLogger, response, e);
throw new PortalAPIException(response, e);
} finally {
@@ -311,7 +311,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR
} else
return UserUtils.convertToEcompUser(user);
} catch (Exception e) {
- String response = "OnboardingApiService.getUser failed";
+ String response = "failed to fetch the user";
logger.error(EELFLoggerDelegate.errorLogger, response, e);
return null;
// Unfortunately, Portal is not ready to accept proper error response
@@ -346,7 +346,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR
return ecompUsers;
}
} catch (Exception e) {
- String response = "OnboardingApiService.getUsers failed";
+ String response = "failed to fetch users";
logger.error(EELFLoggerDelegate.errorLogger, response, e);
if (usersList.isEmpty()) {
throw new PortalAPIException("Application is Inactive");
@@ -365,7 +365,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR
ecompRoles.add(UserUtils.convertToEcompRole(role));
return ecompRoles;
} catch (Exception e) {
- String response = "OnboardingApiService.getAvailableRoles failed";
+ String response = "Failed to fetch role";
logger.error(EELFLoggerDelegate.errorLogger, response, e);
throw new PortalAPIException(response, e);
}
@@ -406,7 +406,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR
// After successful creation, call admin auth extension
saveUserRoleExtension(roles,user);
} catch (Exception e) {
- String response = "OnboardingApiService.pushUserRole failed";
+ String response = "Failed to push userRole";
logger.error(EELFLoggerDelegate.errorLogger, response, e);
throw new PortalAPIException(response, e);
} finally {
@@ -449,7 +449,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR
}
return ecompRoles;
} catch (Exception e) {
- String response = "OnboardingApiService.getUserRoles failed";
+ String response = "Failed to fetch user roles";
logger.error(EELFLoggerDelegate.errorLogger, response, e);
throw new PortalAPIException(response, e);
}
@@ -481,12 +481,33 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR
}
@Override
- public boolean isAppAuthenticated(HttpServletRequest request) throws PortalAPIException {
- WebServiceCallService securityService = AppContextManager.getAppContext().getBean(WebServiceCallService.class);
+ public boolean isAppAuthenticated(HttpServletRequest request, Map<String,String> appCredentials) throws PortalAPIException {
+ if(appCredentials.isEmpty())
+ {
+ logger.debug(EELFLoggerDelegate.debugLogger, "app credentails are empty");
+ return false;
+ }
+ String appUserName = "";
+ String appPassword = "";
+ String appName = "";
+
+ for (Map.Entry<String, String> entry : appCredentials.entrySet()) {
+ if (entry.getKey().equalsIgnoreCase("username")) {
+ appUserName = entry.getValue();
+ } else if (entry.getKey().equalsIgnoreCase("password")) {
+ appPassword = entry.getValue();
+ } else {
+ appName = entry.getValue();
+ }
+ }
+
try {
String appUser = request.getHeader("username");
String password = request.getHeader("password");
- return securityService.verifyRESTCredential(null, appUser, password);
+ if (password.equals(appPassword) && appUserName.equals(appUser)) {
+ return true;
+ }
+ return false;
} catch (Exception e) {
String response = "OnboardingApiService.isAppAuthenticated failed";
logger.error(EELFLoggerDelegate.errorLogger, response, e);