From a37fe92b5daca76aabd50ff1e6920670b30b84ee Mon Sep 17 00:00:00 2001
From: st782s <statta@research.att.com>
Date: Thu, 2 Nov 2017 17:05:10 -0400
Subject: Security vulnerability

Handle Session issues and security vulnerability login issue to by
preventing sql injection attack

Issue: PORTAL-137
Change-Id: I16eeacd6958af1a8274259e5dc0a008c5f64fb9f
Signed-off-by: st782s <statta@research.att.com>
---
 ecomp-sdk/epsdk-app-overlay/README.md               |  3 +++
 ecomp-sdk/epsdk-app-overlay/pom.xml                 |  2 +-
 .../main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml   | 21 ++++++++++++++-------
 3 files changed, 18 insertions(+), 8 deletions(-)

(limited to 'ecomp-sdk/epsdk-app-overlay')

diff --git a/ecomp-sdk/epsdk-app-overlay/README.md b/ecomp-sdk/epsdk-app-overlay/README.md
index df86ec91..094ab0fc 100644
--- a/ecomp-sdk/epsdk-app-overlay/README.md
+++ b/ecomp-sdk/epsdk-app-overlay/README.md
@@ -17,6 +17,9 @@ AngularJS version 1.5.0.
 
 ### ONAP Distributions
 
+Version 1.3.2, 1 November 2017
+- PORTAL-137 Enhance authentication
+
 Version 1.3.1, 15 October 2017
 - PORTAL-127 Remove GreenSock code from b2b library
 
diff --git a/ecomp-sdk/epsdk-app-overlay/pom.xml b/ecomp-sdk/epsdk-app-overlay/pom.xml
index 0332717d..63800739 100644
--- a/ecomp-sdk/epsdk-app-overlay/pom.xml
+++ b/ecomp-sdk/epsdk-app-overlay/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.onap.portal.sdk</groupId>
 		<artifactId>epsdk-project</artifactId>
-		<version>1.3.1</version>
+		<version>1.3.2</version>
 	</parent>
 
 	<!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
index 098a5857..dbe53d5b 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
@@ -352,14 +352,14 @@
     <query name="getAllUsers">
       select id, firstName, lastName from User where active = true order by lastName, firstName
     </query>
-	
+
     <query name="getRoleNameById">
       select name from Role where id = :role_id
     </query>
 
     <query name="getAllRoles">
       select id, name from Role order by name
-    </query>	
+    </query>
     
     <query name="getReportSecurityUsers">
       select repId, orderNo, roleId, userId, readOnlyYn from ReportUserRole where repId = :report_id and userId is not null
@@ -369,11 +369,6 @@
       select repId, orderNo, roleId, userId, readOnlyYn from ReportUserRole where repId = :report_id and roleId is not null
     </query>
 
-<!--     <query name="insertReportSecurityUsers">
-		insert into ReportUserRole (repId, roleId, userId, readOnlyYn) values (:report_id, :role_id, :user_id, :read_only_yn)
-    </query> -->
-    
-
     <query name="deleteReportSecurityUsers">
       delete from ReportUserRole where repId = :report_id and userId =:user_id
     </query>
@@ -390,4 +385,16 @@
       select id from User where orgUserId = :orgUserId
     </query>
 
+     <query name="getUserByOrgUserId">
+       FROM User WHERE orgUserId = :org_user_id
+     </query>
+
+     <query name="getUserByLoginId">
+       FROM User WHERE loginId = :login_id
+     </query>
+
+     <query name="getUserByLoginIdLoginPwd">
+       FROM User WHERE loginId = :login_id and loginPwd = :login_pwd
+     </query>
+
 </hibernate-mapping>
-- 
cgit 1.2.3-korg