refactoring (usage of constant names for attributes of authentication

check)
11 years ago · 7d6fc79eb8
parent b9d36e45e0
commit 7d6fc79eb8
12 changed files with 55 additions and 51 deletions
--- a/htroot/Collage.java
+++ b/htroot/Collage.java
@ -29,6 +29,7 @@ import net.yacy.cora.protocol.Domains;
 import net.yacy.cora.protocol.RequestHeader;
 import net.yacy.crawler.data.ResultImages;
 import net.yacy.search.Switchboard;
 import net.yacy.search.SwitchboardConstants;
 import net.yacy.server.serverObjects;
 import net.yacy.server.serverSwitch;
@ -95,7 +96,7 @@ public class Collage {
                // check if this loads a page from localhost, which must be prevented to protect the server
                // against attacks to the administration interface when localhost access is granted
                if ((Domains.isLocal(baseURL.getHost(), null) || Domains.isLocal(imageURL.getHost(), null)) &&
-                    sb.getConfigBool("adminAccountForLocalhost", false)) continue;
+                    sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) continue;
                final long z = imgZIndex[i];
                prop.put("imgurl_list_" + c + "_url",
--- a/htroot/ConfigAccounts_p.java
+++ b/htroot/ConfigAccounts_p.java
@ -55,7 +55,7 @@ public class ConfigAccounts_p {
        UserDB.Entry entry = null;
        // admin password
-        boolean localhostAccess = sb.getConfigBool("adminAccountForLocalhost", false);
+        boolean localhostAccess = sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false);
        if (post != null && post.containsKey("setAdmin")) {
            localhostAccess = Domains.isLocalhost(post.get("access", ""));
            final String user = (post == null) ? "" : post.get("adminuser", "");
@ -66,22 +66,22 @@ public class ConfigAccounts_p {
            if (user.length() > 0 && pw1.length() > 3 && pw1.equals(pw2)) {
                // check passed. set account:
                env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(user + ":" + pw1)));
-                env.setConfig("adminAccount", "");
+                env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT, "");
-                env.setConfig("adminAccountUserName",user);
+                env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME,user);
            }
            if (localhostAccess) {
-            	sb.setConfig("adminAccountForLocalhost", true);
+            	sb.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, true);
            	// if an localhost access is configured, check if a local password is given
            	// if not, set a random password
            	if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty()) {
            		// make a 'random' password
            		env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "0000" + sb.genRandomPassword());
-            		env.setConfig("adminAccount", "");
+            		env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT, "");
            	}
            } else {
-                sb.setConfig("adminAccountForLocalhost", false);
+                sb.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false);
                if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").startsWith("0000")) {
                    // make shure that the user can still use the interface after a random password was set
                    env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
@ -89,14 +89,14 @@ public class ConfigAccounts_p {
            }
        }
-        if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty() && !env.getConfigBool("adminAccountForLocalhost", false)) {
+        if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty() && !env.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) {
            prop.put("passwordNotSetWarning", 1);
        }
        prop.put("localhost.checked", (localhostAccess) ? 1 : 0);
        prop.put("account.checked", (localhostAccess) ? 0 : 1);
        prop.put("statusPassword", localhostAccess ? "0" : "1");
-        prop.put("defaultUser", env.getConfig("adminAccountUserName", "admin"));
+        prop.put("defaultUser", env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin"));
        //default values
        prop.put("current_user", "newuser");
--- a/htroot/ConfigBasic.java
+++ b/htroot/ConfigBasic.java
@ -234,7 +234,7 @@ public class ConfigBasic {
        prop.put("setUseCase_repositoryPath", sb.getConfig("repositoryPath", "/DATA/HTROOT/repository"));
        // check if values are proper
-        final boolean properPassword = (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").length() > 0) || sb.getConfigBool("adminAccountForLocalhost", false);
+        final boolean properPassword = (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").length() > 0) || sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false);
        final boolean properName = (sb.peers.mySeed().getName().length() >= 3) && (!(Seed.isDefaultPeerName(sb.peers.mySeed().getName())));
        final boolean properPort = (sb.peers.mySeed().isSenior()) || (sb.peers.mySeed().isPrincipal());
--- a/htroot/SettingsAck_p.java
+++ b/htroot/SettingsAck_p.java
@ -93,8 +93,8 @@ public class SettingsAck_p {
            }
            // check passed. set account:
            env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(user + ":" + pw1)));
-            env.setConfig("adminAccount", "");
+            env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT, "");
-            env.setConfig("adminAccountUserName", user);
+            env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, user);
            prop.put("info", "5");//admin account changed
            prop.putHTML("info_user", user);
            return prop;
--- a/htroot/Status.java
+++ b/htroot/Status.java
@ -131,14 +131,14 @@ public class Status
        // password protection
        if ( (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty())
-            && (!sb.getConfigBool("adminAccountForLocalhost", false)) ) {
+            && (!sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) ) {
            prop.put("protection", "0"); // not protected
            prop.put("urgentSetPassword", "1");
        } else {
            prop.put("protection", "1"); // protected
        }
-        if ( sb.getConfigBool("adminAccountForLocalhost", false) ) {
+        if ( sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) ) {
            prop.put("unrestrictedLocalAccess", 1);
        }
--- a/source/net/yacy/http/Jetty8YaCySecurityHandler.java
+++ b/source/net/yacy/http/Jetty8YaCySecurityHandler.java
@ -33,6 +33,7 @@ import net.yacy.cora.document.id.MultiProtocolURL;
 import net.yacy.cora.protocol.Domains;
 import net.yacy.data.UserDB.AccessRight;
 import net.yacy.search.Switchboard;
 import net.yacy.search.SwitchboardConstants;
 import org.eclipse.jetty.http.HttpSchemes;
 import org.eclipse.jetty.security.RoleInfo;
@ -168,7 +169,7 @@ public class Jetty8YaCySecurityHandler extends SecurityHandler {
    @Override
    protected RoleInfo prepareConstraintInfo(String pathInContext, Request request) {
        final Switchboard sb = Switchboard.getSwitchboard();
-        final boolean adminAccountForLocalhost = sb.getConfigBool("adminAccountForLocalhost", false);
+        final boolean adminAccountForLocalhost = sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false);
        //final String adminAccountBase64MD5 = sb.getConfig(YaCyLegacyCredential.ADMIN_ACCOUNT_B64MD5, "");
        String refererHost;
--- a/source/net/yacy/http/YaCyLegacyCredential.java
+++ b/source/net/yacy/http/YaCyLegacyCredential.java
@ -26,6 +26,7 @@ package net.yacy.http;
 import net.yacy.cora.order.Base64Order;
 import net.yacy.cora.order.Digest;
 import org.eclipse.jetty.util.security.Credential;
@ -39,7 +40,7 @@ public class YaCyLegacyCredential extends Credential {
    private String hash;
    private String foruser; // remember the user as YaCy credential is username:pwd (not just pwd)
    private boolean isBase64enc; // remember hash encoding  false = encodeMD5Hex(usr:pwd) ; true = encodeMD5Hex(Base64Order.standardCoder.encodeString(usr:pw))
-
+    
    /**
     * internal hash function
     *
@ -54,11 +55,9 @@ public class YaCyLegacyCredential extends Credential {
    public boolean check(Object credentials) {
        if (credentials instanceof String) {
            final String pw = (String) credentials;
-            if (isBase64enc) { // for adminuser
+            if (isBase64enc) return calcHash(foruser + ":" + pw).equals(this.hash); // for admin user
-                return calcHash(foruser + ":" + pw).equals(this.hash);                
+            // normal users
-            } else { // for user
+            return Digest.encodeMD5Hex(foruser + ":" + pw).equals(this.hash);
                return Digest.encodeMD5Hex(foruser + ":" + pw).equals(this.hash);
            }
        }
        throw new UnsupportedOperationException();
    }
@ -70,8 +69,8 @@ public class YaCyLegacyCredential extends Credential {
 	 */
 	public static Credential getCredentialsFromConfig(String username, String configHash) {
 		YaCyLegacyCredential c = new YaCyLegacyCredential();
-                c.foruser=username;
+        c.foruser = username;
-                c.isBase64enc=true;
+        c.isBase64enc = true;
 		c.hash = configHash;
 		return c;
 	}
@ -84,9 +83,9 @@ public class YaCyLegacyCredential extends Credential {
 	 */
 	public static Credential getCredentials(String username, String configHash) {
 		YaCyLegacyCredential c = new YaCyLegacyCredential();
-                c.foruser=username;
+        c.foruser = username;
-                c.isBase64enc = false;
+        c.isBase64enc = false;
-                c.hash = configHash;
+        c.hash = configHash;
 		//c.hash = calcHash(user + ":" + password);
 		return c;
 	}
--- a/source/net/yacy/http/YaCyLoginService.java
+++ b/source/net/yacy/http/YaCyLoginService.java
@ -49,7 +49,7 @@ public class YaCyLoginService extends MappedLoginService {
        // TODO: implement legacy credentials
        final Switchboard sb = Switchboard.getSwitchboard();
-        String adminuser = sb.getConfig("adminAccountUserName", "admin");
+        String adminuser = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
        if (username.equals(adminuser)) {
            final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
            // in YaCy the credential hash is composed of username:pwd so the username is needed to create valid credential 
@ -66,23 +66,22 @@ public class YaCyLoginService extends MappedLoginService {
            subject.setReadOnly();
            IdentityService is = getIdentityService();
            return is.newUserIdentity(subject, userPrincipal, new String[]{AccessRight.ADMIN_RIGHT.toString()});
-        } else { // get user data from UserDB            
+        }
-            Entry user = sb.userDB.getEntry(username);
+        Entry user = sb.userDB.getEntry(username);
-            if (user != null) {
+        if (user != null) {
-                if (user.hasRight(AccessRight.ADMIN_RIGHT)) {
+            if (user.hasRight(AccessRight.ADMIN_RIGHT)) {
-                    String[] role = new String[]{AccessRight.ADMIN_RIGHT.toString()};
+                String[] role = new String[]{AccessRight.ADMIN_RIGHT.toString()};
-                    Credential credential = YaCyLegacyCredential.getCredentials(username, user.getMD5EncodedUserPwd());
+                Credential credential = YaCyLegacyCredential.getCredentials(username, user.getMD5EncodedUserPwd());
-                    Principal userPrincipal = new MappedLoginService.KnownUser(username, credential);
+                Principal userPrincipal = new MappedLoginService.KnownUser(username, credential);
-                    Subject subject = new Subject();
+                Subject subject = new Subject();
-                    subject.getPrincipals().add(userPrincipal);
+                subject.getPrincipals().add(userPrincipal);
-                    subject.getPrivateCredentials().add(credential);
+                subject.getPrivateCredentials().add(credential);
-                    subject.setReadOnly();
+                subject.setReadOnly();
-                    IdentityService is = getIdentityService();
+                IdentityService is = getIdentityService();
-                    return is.newUserIdentity(subject, userPrincipal, role);
+                return is.newUserIdentity(subject, userPrincipal, role);
-                } 
+            } 
            }
        }
        return null;
    }
--- a/source/net/yacy/migration.java
+++ b/source/net/yacy/migration.java
@ -234,9 +234,9 @@ public class migration {
    public static void presetPasswords(final Switchboard sb) {
        // set preset accounts/passwords
        String acc;
-        if ((acc = sb.getConfig("adminAccount", "")).length() > 0) {
+        if ((acc = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT, "")).length() > 0) {
            sb.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(acc)));
-            sb.setConfig("adminAccount", "");
+            sb.setConfig(SwitchboardConstants.ADMIN_ACCOUNT, "");
        }
        // fix unsafe old passwords
--- a/source/net/yacy/search/Switchboard.java
+++ b/source/net/yacy/search/Switchboard.java
@ -208,6 +208,7 @@ import net.yacy.utils.UPnP;
 import net.yacy.utils.crypt;
 import com.google.common.io.Files;
 import net.yacy.http.YaCyHttpServer;
@ -886,7 +887,7 @@ public final class Switchboard extends serverSwitch {
        // that an automatic authorization of localhost is done, because in this case crawls from local
        // addresses are blocked to prevent attack szenarios where remote pages contain links to localhost
        // addresses that can steer a YaCy peer
-        if ( !getConfigBool("adminAccountForLocalhost", false) ) {
+        if ( !getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) ) {
            if ( getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").startsWith("0000") ) {
                // the password was set automatically with a random value.
                // We must remove that here to prevent that a user cannot log in any more
@ -2056,11 +2057,11 @@ public final class Switchboard extends serverSwitch {
            }
            // set a random password if no password is configured
-            if ( getConfigBool("adminAccountForLocalhost", false)
+            if ( getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)
                && getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty() ) {
                // make a 'random' password
                setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "0000" + this.genRandomPassword());
-                setConfig("adminAccount", "");
+                setConfig(SwitchboardConstants.ADMIN_ACCOUNT, "");
            }
            // stop greedylearning if limit is reached
@ -3242,7 +3243,7 @@ public final class Switchboard extends serverSwitch {
        // authorization for localhost, only if flag is set to grant localhost access as admin
        final boolean accessFromLocalhost = requestHeader.accessFromLocalhost();
-        if ( getConfigBool("adminAccountForLocalhost", false) && accessFromLocalhost ) {
+        if ( getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) && accessFromLocalhost ) {
            adminAuthenticationLastAccess = System.currentTimeMillis();
            return 3; // soft-authenticated for localhost
        }
--- a/source/net/yacy/search/SwitchboardConstants.java
+++ b/source/net/yacy/search/SwitchboardConstants.java
@ -41,8 +41,11 @@ public final class SwitchboardConstants {
     * <p>Name of the setting holding the authentication hash for the static <code>admin</code>-account. It is calculated
     * by first encoding <code>username:password</code> as Base64 and hashing it using {@link MapTools#encodeMD5Hex(String)}.</p>
     */
-    public static final String ADMIN_ACCOUNT_B64MD5 = "adminAccountBase64MD5";
+    public static final String ADMIN_ACCOUNT                = "adminAccount";
-
+    public static final String ADMIN_ACCOUNT_B64MD5         = "adminAccountBase64MD5";
    public static final String ADMIN_ACCOUNT_USER_NAME      = "adminAccountUserName"; // by default 'admin'
    public static final String ADMIN_ACCOUNT_FOR_LOCALHOST  = "adminAccountForLocalhost";
    public static final int   CRAWLJOB_SYNC = 0;
    public static final int   CRAWLJOB_STATUS = 1;
    // 20_dhtdistribution
--- a/source/net/yacy/yacy.java
+++ b/source/net/yacy/yacy.java
@ -355,7 +355,7 @@ public final class yacy {
                final boolean browserPopUpTrigger = sb.getConfig(SwitchboardConstants.BROWSER_POP_UP_TRIGGER, "true").equals("true");
                if (browserPopUpTrigger) try {
                    final String  browserPopUpPage = sb.getConfig(SwitchboardConstants.BROWSER_POP_UP_PAGE, "ConfigBasic.html");
-                    //boolean properPW = (sb.getConfig("adminAccount", "").isEmpty()) && (sb.getConfig(httpd.ADMIN_ACCOUNT_B64MD5, "").length() > 0);
+                    //boolean properPW = (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT, "").isEmpty()) && (sb.getConfig(httpd.ADMIN_ACCOUNT_B64MD5, "").length() > 0);
                    //if (!properPW) browserPopUpPage = "ConfigBasic.html";
                    Browser.openBrowser(("http://localhost:"+port) + "/" + browserPopUpPage);
                   // Browser.openBrowser((server.withSSL()?"https":"http") + "://localhost:" + serverCore.getPortNr(port) + "/" + browserPopUpPage);