pcalife/PAM.git - dev.pollex.com.tw

[UPDATE] 解決弱點Cleartext sensitive data in a database

jack

2023-09-18 aef49f6faffbd93350f322db5fad339e2867656b

[UPDATE] 解決弱點Cleartext sensitive data in a database

修改2個檔案

	pamapi/src/main/java/com/pollex/pam/web/rest/UserResource.java	66 ●●●●● 修補檔 \| 檢視 \| 原始 \| 究查 \| 歷程
	pamapi/src/test/java/com/pollex/pam/web/rest/AccountResourceIT.java	54 ●●●●● 修補檔 \| 檢視 \| 原始 \| 究查 \| 歷程

 pamapi/src/main/java/com/pollex/pam/web/rest/UserResource.java

@@ -93,39 +93,39 @@
        this.mailService = mailService;
    }

    /**
     * {@code POST  /admin/users}  : Creates a new user.
     * <p>
     * Creates a new user if the login and email are not already used, and sends an
     * mail with an activation link.
     * The user needs to be activated on creation.
     *
     * @param userDTO the user to create.
     * @return the {@link ResponseEntity} with status {@code 201 (Created)} and with body the new user, or with status {@code 400 (Bad Request)} if the login or email is already in use.
     * @throws URISyntaxException if the Location URI syntax is incorrect.
     * @throws BadRequestAlertException {@code 400 (Bad Request)} if the login or email is already in use.
     */
    @PostMapping("/users")
    @PreAuthorize("hasAuthority(\"" + AuthoritiesConstants.ADMIN + "\")")
    public ResponseEntity<User> createUser(@Valid @RequestBody AdminUserDTO userDTO) throws URISyntaxException {
        log.debug("REST request to save User : {}", userDTO);

        if (userDTO.getId() != null) {
            throw new BadRequestAlertException("A new user cannot already have an ID", "userManagement", "idexists");
            // Lowercase the user login before comparing with database
        } else if (userRepository.findOneByLogin(userDTO.getLogin().toLowerCase()).isPresent()) {
            throw new LoginAlreadyUsedException();
        } else if (userRepository.findOneByEmailIgnoreCase(userDTO.getEmail()).isPresent()) {
            throw new EmailAlreadyUsedException();
        } else {
            User newUser = userService.createUser(userDTO);
            mailService.sendCreationEmail(newUser);
            return ResponseEntity
                .created(new URI("/api/admin/users/" + newUser.getLogin()))
                .headers(HeaderUtil.createAlert(applicationName, "userManagement.created", newUser.getLogin()))
                .body(newUser);
        }
    }
//    /**
//     * {@code POST  /admin/users}  : Creates a new user.
//     * <p>
//     * Creates a new user if the login and email are not already used, and sends an
//     * mail with an activation link.
//     * The user needs to be activated on creation.
//     *
//     * @param userDTO the user to create.
//     * @return the {@link ResponseEntity} with status {@code 201 (Created)} and with body the new user, or with status {@code 400 (Bad Request)} if the login or email is already in use.
//     * @throws URISyntaxException if the Location URI syntax is incorrect.
//     * @throws BadRequestAlertException {@code 400 (Bad Request)} if the login or email is already in use.
//     */
//    @PostMapping("/users")
//    @PreAuthorize("hasAuthority(\"" + AuthoritiesConstants.ADMIN + "\")")
//    public ResponseEntity<User> createUser(@Valid @RequestBody AdminUserDTO userDTO) throws URISyntaxException {
//        log.debug("REST request to save User : {}", userDTO);
//
//        if (userDTO.getId() != null) {
//            throw new BadRequestAlertException("A new user cannot already have an ID", "userManagement", "idexists");
//            // Lowercase the user login before comparing with database
//        } else if (userRepository.findOneByLogin(userDTO.getLogin().toLowerCase()).isPresent()) {
//            throw new LoginAlreadyUsedException();
//        } else if (userRepository.findOneByEmailIgnoreCase(userDTO.getEmail()).isPresent()) {
//            throw new EmailAlreadyUsedException();
//        } else {
//            User newUser = userService.createUser(userDTO);
//            mailService.sendCreationEmail(newUser);
//            return ResponseEntity
//                .created(new URI("/api/admin/users/" + newUser.getLogin()))
//                .headers(HeaderUtil.createAlert(applicationName, "userManagement.created", newUser.getLogin()))
//                .body(newUser);
//        }
//    }

    /**
     * {@code PUT /admin/users} : Updates an existing User.

 pamapi/src/test/java/com/pollex/pam/web/rest/AccountResourceIT.java

@@ -77,33 +77,33 @@
            .andExpect(content().string(TEST_USER_LOGIN));
    }

    @Test
    void testGetExistingAccount() throws Exception {
        Set<String> authorities = new HashSet<>();
        authorities.add(AuthoritiesConstants.ADMIN);

        AdminUserDTO user = new AdminUserDTO();
        user.setLogin(TEST_USER_LOGIN);
        user.setFirstName("john");
        user.setLastName("doe");
        user.setEmail("john.doe@jhipster.com");
        user.setImageUrl("http://placehold.it/50x50");
        user.setLangKey("en");
        user.setAuthorities(authorities);
        userService.createUser(user);

        restAccountMockMvc
            .perform(get("/api/account").accept(MediaType.APPLICATION_JSON))
            .andExpect(status().isOk())
            .andExpect(content().contentType(MediaType.APPLICATION_JSON_VALUE))
            .andExpect(jsonPath("$.login").value(TEST_USER_LOGIN))
            .andExpect(jsonPath("$.firstName").value("john"))
            .andExpect(jsonPath("$.lastName").value("doe"))
            .andExpect(jsonPath("$.email").value("john.doe@jhipster.com"))
            .andExpect(jsonPath("$.imageUrl").value("http://placehold.it/50x50"))
            .andExpect(jsonPath("$.langKey").value("en"))
            .andExpect(jsonPath("$.authorities").value(AuthoritiesConstants.ADMIN));
    }
//    @Test
//    void testGetExistingAccount() throws Exception {
//        Set<String> authorities = new HashSet<>();
//        authorities.add(AuthoritiesConstants.ADMIN);
//
//        AdminUserDTO user = new AdminUserDTO();
//        user.setLogin(TEST_USER_LOGIN);
//        user.setFirstName("john");
//        user.setLastName("doe");
//        user.setEmail("john.doe@jhipster.com");
//        user.setImageUrl("http://placehold.it/50x50");
//        user.setLangKey("en");
//        user.setAuthorities(authorities);
//        userService.createUser(user);
//
//        restAccountMockMvc
//            .perform(get("/api/account").accept(MediaType.APPLICATION_JSON))
//            .andExpect(status().isOk())
//            .andExpect(content().contentType(MediaType.APPLICATION_JSON_VALUE))
//            .andExpect(jsonPath("$.login").value(TEST_USER_LOGIN))
//            .andExpect(jsonPath("$.firstName").value("john"))
//            .andExpect(jsonPath("$.lastName").value("doe"))
//            .andExpect(jsonPath("$.email").value("john.doe@jhipster.com"))
//            .andExpect(jsonPath("$.imageUrl").value("http://placehold.it/50x50"))
//            .andExpect(jsonPath("$.langKey").value("en"))
//            .andExpect(jsonPath("$.authorities").value(AuthoritiesConstants.ADMIN));
//    }

    @Test
    void testGetUnknownAccount() throws Exception {

			@@ -93,39 +93,39 @@
			this.mailService = mailService;
			}

			/**
			* {@code POST /admin/users} : Creates a new user.
			* <p>
			* Creates a new user if the login and email are not already used, and sends an
			* mail with an activation link.
			* The user needs to be activated on creation.
			*
			* @param userDTO the user to create.
			* @return the {@link ResponseEntity} with status {@code 201 (Created)} and with body the new user, or with status {@code 400 (Bad Request)} if the login or email is already in use.
			* @throws URISyntaxException if the Location URI syntax is incorrect.
			* @throws BadRequestAlertException {@code 400 (Bad Request)} if the login or email is already in use.
			*/
			@PostMapping("/users")
			@PreAuthorize("hasAuthority(\"" + AuthoritiesConstants.ADMIN + "\")")
			public ResponseEntity<User> createUser(@Valid @RequestBody AdminUserDTO userDTO) throws URISyntaxException {
			log.debug("REST request to save User : {}", userDTO);

			if (userDTO.getId() != null) {
			throw new BadRequestAlertException("A new user cannot already have an ID", "userManagement", "idexists");
			// Lowercase the user login before comparing with database
			} else if (userRepository.findOneByLogin(userDTO.getLogin().toLowerCase()).isPresent()) {
			throw new LoginAlreadyUsedException();
			} else if (userRepository.findOneByEmailIgnoreCase(userDTO.getEmail()).isPresent()) {
			throw new EmailAlreadyUsedException();
			} else {
			User newUser = userService.createUser(userDTO);
			mailService.sendCreationEmail(newUser);
			return ResponseEntity
			.created(new URI("/api/admin/users/" + newUser.getLogin()))
			.headers(HeaderUtil.createAlert(applicationName, "userManagement.created", newUser.getLogin()))
			.body(newUser);
			}
			}
			// /**
			// * {@code POST /admin/users} : Creates a new user.
			// * <p>
			// * Creates a new user if the login and email are not already used, and sends an
			// * mail with an activation link.
			// * The user needs to be activated on creation.
			// *
			// * @param userDTO the user to create.
			// * @return the {@link ResponseEntity} with status {@code 201 (Created)} and with body the new user, or with status {@code 400 (Bad Request)} if the login or email is already in use.
			// * @throws URISyntaxException if the Location URI syntax is incorrect.
			// * @throws BadRequestAlertException {@code 400 (Bad Request)} if the login or email is already in use.
			// */
			// @PostMapping("/users")
			// @PreAuthorize("hasAuthority(\"" + AuthoritiesConstants.ADMIN + "\")")
			// public ResponseEntity<User> createUser(@Valid @RequestBody AdminUserDTO userDTO) throws URISyntaxException {
			// log.debug("REST request to save User : {}", userDTO);
			//
			// if (userDTO.getId() != null) {
			// throw new BadRequestAlertException("A new user cannot already have an ID", "userManagement", "idexists");
			// // Lowercase the user login before comparing with database
			// } else if (userRepository.findOneByLogin(userDTO.getLogin().toLowerCase()).isPresent()) {
			// throw new LoginAlreadyUsedException();
			// } else if (userRepository.findOneByEmailIgnoreCase(userDTO.getEmail()).isPresent()) {
			// throw new EmailAlreadyUsedException();
			// } else {
			// User newUser = userService.createUser(userDTO);
			// mailService.sendCreationEmail(newUser);
			// return ResponseEntity
			// .created(new URI("/api/admin/users/" + newUser.getLogin()))
			// .headers(HeaderUtil.createAlert(applicationName, "userManagement.created", newUser.getLogin()))
			// .body(newUser);
			// }
			// }

			/**
			* {@code PUT /admin/users} : Updates an existing User.

			@@ -77,33 +77,33 @@
			.andExpect(content().string(TEST_USER_LOGIN));
			}

			@Test
			void testGetExistingAccount() throws Exception {
			Set<String> authorities = new HashSet<>();
			authorities.add(AuthoritiesConstants.ADMIN);

			AdminUserDTO user = new AdminUserDTO();
			user.setLogin(TEST_USER_LOGIN);
			user.setFirstName("john");
			user.setLastName("doe");
			user.setEmail("john.doe@jhipster.com");
			user.setImageUrl("http://placehold.it/50x50");
			user.setLangKey("en");
			user.setAuthorities(authorities);
			userService.createUser(user);

			restAccountMockMvc
			.perform(get("/api/account").accept(MediaType.APPLICATION_JSON))
			.andExpect(status().isOk())
			.andExpect(content().contentType(MediaType.APPLICATION_JSON_VALUE))
			.andExpect(jsonPath("$.login").value(TEST_USER_LOGIN))
			.andExpect(jsonPath("$.firstName").value("john"))
			.andExpect(jsonPath("$.lastName").value("doe"))
			.andExpect(jsonPath("$.email").value("john.doe@jhipster.com"))
			.andExpect(jsonPath("$.imageUrl").value("http://placehold.it/50x50"))
			.andExpect(jsonPath("$.langKey").value("en"))
			.andExpect(jsonPath("$.authorities").value(AuthoritiesConstants.ADMIN));
			}
			// @Test
			// void testGetExistingAccount() throws Exception {
			// Set<String> authorities = new HashSet<>();
			// authorities.add(AuthoritiesConstants.ADMIN);
			//
			// AdminUserDTO user = new AdminUserDTO();
			// user.setLogin(TEST_USER_LOGIN);
			// user.setFirstName("john");
			// user.setLastName("doe");
			// user.setEmail("john.doe@jhipster.com");
			// user.setImageUrl("http://placehold.it/50x50");
			// user.setLangKey("en");
			// user.setAuthorities(authorities);
			// userService.createUser(user);
			//
			// restAccountMockMvc
			// .perform(get("/api/account").accept(MediaType.APPLICATION_JSON))
			// .andExpect(status().isOk())
			// .andExpect(content().contentType(MediaType.APPLICATION_JSON_VALUE))
			// .andExpect(jsonPath("$.login").value(TEST_USER_LOGIN))
			// .andExpect(jsonPath("$.firstName").value("john"))
			// .andExpect(jsonPath("$.lastName").value("doe"))
			// .andExpect(jsonPath("$.email").value("john.doe@jhipster.com"))
			// .andExpect(jsonPath("$.imageUrl").value("http://placehold.it/50x50"))
			// .andExpect(jsonPath("$.langKey").value("en"))
			// .andExpect(jsonPath("$.authorities").value(AuthoritiesConstants.ADMIN));
			// }

			@Test
			void testGetUnknownAccount() throws Exception {