diff --git a/src/main/java/io/kamax/mxisd/HttpMxisd.java b/src/main/java/io/kamax/mxisd/HttpMxisd.java index 3ce607c..35ab09e 100644 --- a/src/main/java/io/kamax/mxisd/HttpMxisd.java +++ b/src/main/java/io/kamax/mxisd/HttpMxisd.java @@ -115,13 +115,6 @@ public class HttpMxisd { .post(LoginHandler.Path, SaneHandler.around(new LoginPostHandler(m.getAuth()))) .post(RestAuthHandler.Path, SaneHandler.around(new RestAuthHandler(m.getAuth()))) - // Account endpoints - .post(AccountRegisterHandler.Path, SaneHandler.around(new AccountRegisterHandler(m.getAccMgr()))) - .get(AccountGetUserInfoHandler.Path, - SaneHandler.around(AuthorizationHandler.around(m.getAccMgr(), new AccountGetUserInfoHandler(m.getAccMgr())))) - .post(AccountLogoutHandler.Path, - SaneHandler.around(AuthorizationHandler.around(m.getAccMgr(), new AccountLogoutHandler(m.getAccMgr())))) - // Directory endpoints .post(UserDirectorySearchHandler.Path, SaneHandler.around(new UserDirectorySearchHandler(m.getDirectory()))) @@ -151,6 +144,7 @@ public class HttpMxisd { identityEndpoints(handler); termsEndpoints(handler); hashEndpoints(handler); + accountEndpoints(handler); httpSrv = Undertow.builder().addHttpListener(m.getConfig().getServer().getPort(), "0.0.0.0").setHandler(handler).build(); httpSrv.start(); @@ -194,17 +188,25 @@ public class HttpMxisd { ); } + private void accountEndpoints(RoutingHandler routingHandler) { + routingHandler.post(AccountRegisterHandler.Path, SaneHandler.around(new AccountRegisterHandler(m.getAccMgr()))); + wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, sane(new AccountGetUserInfoHandler(m.getAccMgr())), + AccountGetUserInfoHandler.Path, true); + wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, sane(new AccountLogoutHandler(m.getAccMgr())), + AccountLogoutHandler.Path, true); + } + private void termsEndpoints(RoutingHandler routingHandler) { routingHandler.get(GetTermsHandler.PATH, new GetTermsHandler(m.getConfig().getPolicy())); - routingHandler - .post(AcceptTermsHandler.PATH, AuthorizationHandler.around(m.getAccMgr(), sane(new AcceptTermsHandler(m.getAccMgr())))); + wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.POST, sane(new AcceptTermsHandler(m.getAccMgr())), + AcceptTermsHandler.PATH, true); } private void hashEndpoints(RoutingHandler routingHandler) { - routingHandler - .get(HashDetailsHandler.PATH, AuthorizationHandler.around(m.getAccMgr(), sane(new HashDetailsHandler(m.getHashManager())))); - routingHandler.post(HashLookupHandler.Path, - AuthorizationHandler.around(m.getAccMgr(), sane(new HashLookupHandler(m.getIdentity(), m.getHashManager())))); + wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, sane(new HashDetailsHandler(m.getHashManager())), + HashDetailsHandler.PATH, true); + wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.POST, + sane(new HashLookupHandler(m.getIdentity(), m.getHashManager())), HashLookupHandler.Path, true); } private void addEndpoints(RoutingHandler routingHandler, HttpString method, boolean useAuthorization, ApiHandler... handlers) { @@ -220,27 +222,32 @@ public class HttpMxisd { routingHandler.add(method, apiHandler.getPath(IdentityServiceAPI.V1), httpHandler); } if (matrixConfig.isV2()) { - List policyObjects = getPolicyObjects(apiHandler); - boolean wrapWithTerms = !policyObjects.isEmpty(); - HttpHandler wrappedHandler; - if (useAuthorization) { - wrappedHandler = wrapWithTerms ? CheckTermsHandler.around(m.getAccMgr(), httpHandler, policyObjects) : httpHandler; - wrappedHandler = AuthorizationHandler.around(m.getAccMgr(), wrappedHandler); - } else { - wrappedHandler = httpHandler; - } - routingHandler.add(method, apiHandler.getPath(IdentityServiceAPI.V2), wrappedHandler); + String path = apiHandler.getPath(IdentityServiceAPI.V2); + wrapWithTokenAndAuthorizationHandlers(routingHandler, method, httpHandler, path, useAuthorization); } } + private void wrapWithTokenAndAuthorizationHandlers(RoutingHandler routingHandler, HttpString method, HttpHandler httpHandler, + String url, boolean useAuthorization) { + List policyObjects = getPolicyObjects(url); + HttpHandler wrappedHandler; + if (useAuthorization) { + wrappedHandler = policyObjects.isEmpty() ? httpHandler : CheckTermsHandler.around(m.getAccMgr(), httpHandler, policyObjects); + wrappedHandler = AuthorizationHandler.around(m.getAccMgr(), wrappedHandler); + } else { + wrappedHandler = httpHandler; + } + routingHandler.add(method, url, wrappedHandler); + } + @NotNull - private List getPolicyObjects(ApiHandler apiHandler) { + private List getPolicyObjects(String url) { PolicyConfig policyConfig = m.getConfig().getPolicy(); List policies = new ArrayList<>(); if (!policyConfig.getPolicies().isEmpty()) { for (PolicyConfig.PolicyObject policy : policyConfig.getPolicies().values()) { for (Pattern pattern : policy.getPatterns()) { - if (pattern.matcher(apiHandler.getHandlerPath()).matches()) { + if (pattern.matcher(url).matches()) { policies.add(policy); } } diff --git a/src/main/java/io/kamax/mxisd/http/undertow/handler/term/v2/AcceptTermsHandler.java b/src/main/java/io/kamax/mxisd/http/undertow/handler/term/v2/AcceptTermsHandler.java index ae2966b..8ca11d4 100644 --- a/src/main/java/io/kamax/mxisd/http/undertow/handler/term/v2/AcceptTermsHandler.java +++ b/src/main/java/io/kamax/mxisd/http/undertow/handler/term/v2/AcceptTermsHandler.java @@ -2,7 +2,6 @@ package io.kamax.mxisd.http.undertow.handler.term.v2; import com.google.gson.JsonElement; import com.google.gson.JsonObject; -import io.kamax.matrix.json.GsonUtil; import io.kamax.mxisd.auth.AccountManager; import io.kamax.mxisd.exception.InvalidCredentialsException; import io.kamax.mxisd.http.undertow.handler.BasicHttpHandler; @@ -28,7 +27,7 @@ public class AcceptTermsHandler extends BasicHttpHandler { String token = getAccessToken(exchange); JsonObject request = parseJsonObject(exchange); - JsonObject accepts = GsonUtil.getObj(request, "user_accepts"); + JsonElement accepts = request.get("user_accepts"); AccountDao account = accountManager.findAccount(token); if (account == null) { diff --git a/src/main/java/io/kamax/mxisd/storage/ormlite/OrmLiteSqlStorage.java b/src/main/java/io/kamax/mxisd/storage/ormlite/OrmLiteSqlStorage.java index ebb021c..235234b 100644 --- a/src/main/java/io/kamax/mxisd/storage/ormlite/OrmLiteSqlStorage.java +++ b/src/main/java/io/kamax/mxisd/storage/ormlite/OrmLiteSqlStorage.java @@ -294,6 +294,13 @@ public class OrmLiteSqlStorage implements IStorage { public void acceptTerm(String token, String url) { withCatcher(() -> { AccountDao account = findAccount(token).orElseThrow(InvalidCredentialsException::new); + List acceptedTerms = acceptedDao.queryForEq("userId", account.getUserId()); + for (AcceptedDao acceptedTerm : acceptedTerms) { + if (acceptedTerm.getUrl().equalsIgnoreCase(url)) { + // already accepted + return; + } + } int created = acceptedDao.create(new AcceptedDao(url, account.getUserId(), System.currentTimeMillis())); if (created != 1) { throw new RuntimeException("Unexpected row count after DB action: " + created);