From 94c288b4f8d353c44b64e40c0863c7fce6782293 Mon Sep 17 00:00:00 2001
From: rsanchez <rsanchez@curisit.net>
Date: Thu, 24 Sep 2015 17:26:14 +0000
Subject: [PATCH] #2756 fix - chnaged API to allow activation by code and other UI changes

---
 securis/src/main/java/net/curisit/securis/utils/TokenHelper.java |   22 +++++++++++++++++-----
 1 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/securis/src/main/java/net/curisit/securis/utils/TokenHelper.java b/securis/src/main/java/net/curisit/securis/utils/TokenHelper.java
index 824dc51..72289c8 100644
--- a/securis/src/main/java/net/curisit/securis/utils/TokenHelper.java
+++ b/securis/src/main/java/net/curisit/securis/utils/TokenHelper.java
@@ -11,6 +11,7 @@
 import javax.inject.Inject;
 
 import net.curisit.integrity.commons.Utils;
+import net.curisit.securis.services.ApiResource;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
@@ -42,8 +43,12 @@
      * @return
      */
     public String generateToken(String user) {
+
+        return generateToken(user, new Date());
+    }
+
+    public String generateToken(String user, Date date) {
         try {
-            Date date = new Date();
             String secret = generateSecret(user, date);
             StringBuffer sb = new StringBuffer();
             sb.append(secret);
@@ -58,7 +63,6 @@
             LOG.error("Error generating SHA-256 hash", e);
         }
         return null;
-
     }
 
     private String generateSecret(String user, Date date) throws UnsupportedEncodingException, NoSuchAlgorithmException {
@@ -90,9 +94,11 @@
             String secret = parts[0];
             String user = parts[1];
             Date date = Utils.toDateFromIso(parts[2]);
-            if (new Date().after(new Date(date.getTime() + VALID_TOKEN_PERIOD * 60 * 60 * 1000))) {
-                return false;
-            }
+            if (date.getTime() > 0 || !user.equals(ApiResource.API_CLIENT_USERNAME)) {
+                if (new Date().after(new Date(date.getTime() + VALID_TOKEN_PERIOD * 60 * 60 * 1000))) {
+                    return false;
+                }
+            } // else: It's a securis-client API call
             String newSecret = generateSecret(user, date);
             return newSecret.equals(secret);
         } catch (IOException e) {
@@ -136,4 +142,10 @@
         return null;
     }
 
+    public static void main(String[] args) {
+        // client token:
+        // OTk3ODRiMzY5NzQ5MWI5NmYyZGQyODRiYjY2ZTU2YzdmMTZjYzM3YTY3N2ExM2M3ODI2MjU5ZTMzOTIyYjUzNSBfY2xpZW50IDE5NzAtMDEtMDFUMDA6NTk6NTkuOTk5KzAxMDA=
+        // OTk3ODRiMzY5NzQ5MWI5NmYyZGQyODRiYjY2ZTU2YzdmMTZjYzM3YTY3N2ExM2M3ODI2MjU5ZTMzOTIyYjUzNSBfY2xpZW50IDE5NzAtMDEtMDFUMDA6NTk6NTkuOTk5KzAxMDA=
+        System.out.print("client token: " + new TokenHelper().generateToken("_client", new Date(-1)));
+    }
 }

--
Gitblit v1.3.2