Made Server Less Error Prone #107

Merged
kske merged 5 commits from f/secure-server into develop 2020-10-31 16:30:45 +01:00
8 changed files with 64 additions and 79 deletions
Showing only changes of commit d4c7813c97 - Show all commits

View File

@ -21,7 +21,6 @@
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-11"> <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-11">
<attributes> <attributes>
<attribute name="maven.pomderived" value="true"/> <attribute name="maven.pomderived" value="true"/>
<attribute name="module" value="true"/>
</attributes> </attributes>
</classpathentry> </classpathentry>
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER"> <classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">

View File

@ -44,7 +44,6 @@ public final class LocalDB implements EventListener {
private IDGenerator idGenerator; private IDGenerator idGenerator;
private CacheMap cacheMap = new CacheMap(); private CacheMap cacheMap = new CacheMap();
private String authToken; private String authToken;
private boolean saveToken;
private boolean contactsChanged; private boolean contactsChanged;
// Auto save timer // Auto save timer
@ -261,7 +260,7 @@ public final class LocalDB implements EventListener {
Context.getInstance().getClient().isOnline() ? Instant.now() : lastSync); Context.getInstance().getClient().isOnline() ? Instant.now() : lastSync);
// Save last login information // Save last login information
if (saveToken && authToken != null) if (authToken != null)
SerializationUtils.write(lastLoginFile, user, authToken); SerializationUtils.write(lastLoginFile, user, authToken);
// Save ID generator // Save ID generator
@ -489,10 +488,4 @@ public final class LocalDB implements EventListener {
* @since Envoy Client v0.2-beta * @since Envoy Client v0.2-beta
*/ */
public String getAuthToken() { return authToken; } public String getAuthToken() { return authToken; }
/**
* @param saveToken whether the token will be persisted or deleted on shutdown
* @since Envoy Client v0.3-beta
*/
public void setSaveToken(boolean saveToken) { this.saveToken = saveToken; }
} }

View File

@ -153,8 +153,7 @@ public final class Client implements EventListener, Closeable {
try { try {
SerializationUtils.writeBytesWithLength( SerializationUtils.writeBytesWithLength(
new AuthenticatedRequest<>(obj, new AuthenticatedRequest<>(obj,
Context.getInstance().getLocalDB().getUser().getID(), Context.getInstance().getLocalDB().getUser().getID()),
Context.getInstance().getLocalDB().getAuthToken()),
socket.getOutputStream()); socket.getOutputStream());
} catch (final IOException e) { } catch (final IOException e) {
throw new RuntimeException(e); throw new RuntimeException(e);

View File

@ -16,7 +16,7 @@ import envoy.data.LoginCredentials;
import envoy.event.HandshakeRejection; import envoy.event.HandshakeRejection;
import envoy.util.*; import envoy.util.*;
import envoy.client.data.*; import envoy.client.data.ClientConfig;
import envoy.client.ui.Startup; import envoy.client.ui.Startup;
import envoy.client.util.IconUtil; import envoy.client.util.IconUtil;
@ -79,11 +79,9 @@ public final class LoginScene implements EventListener {
@FXML @FXML
private void loginButtonPressed() { private void loginButtonPressed() {
final String user = userTextField.getText(), pass = passwordField.getText(), final String user = userTextField.getText(), pass = passwordField.getText(),
repeatPass = repeatPasswordField.getText(); repeatPass = repeatPasswordField.getText();
final boolean requestToken = cbStaySignedIn.isSelected();
// Choose whether to persist the token or not
Context.getInstance().getLocalDB().setSaveToken(cbStaySignedIn.isSelected());
// Prevent registration with unequal passwords // Prevent registration with unequal passwords
if (registration && !pass.equals(repeatPass)) { if (registration && !pass.equals(repeatPass)) {
@ -98,8 +96,8 @@ public final class LoginScene implements EventListener {
} else { } else {
Instant lastSync = Startup.loadLastSync(userTextField.getText()); Instant lastSync = Startup.loadLastSync(userTextField.getText());
Startup.performHandshake(registration Startup.performHandshake(registration
? LoginCredentials.registration(user, pass, Startup.VERSION, lastSync) ? LoginCredentials.registration(user, pass, requestToken, Startup.VERSION, lastSync)
: LoginCredentials.login(user, pass, Startup.VERSION, lastSync)); : LoginCredentials.login(user, pass, requestToken, Startup.VERSION, lastSync));
} }
} }

View File

@ -4,7 +4,7 @@ import java.io.Serializable;
import java.util.Objects; import java.util.Objects;
/** /**
* Wraps any request sent to the server in the authentication details of a user. * Enables checking for the server whether the client is really who he is supposed to be.
* *
* @author Leon Hofmeister * @author Leon Hofmeister
* @param <T> the type of object to be sent * @param <T> the type of object to be sent
@ -12,30 +12,21 @@ import java.util.Objects;
*/ */
public final class AuthenticatedRequest<T extends Serializable> implements Serializable { public final class AuthenticatedRequest<T extends Serializable> implements Serializable {
private final T request; private final T request;
private final String authentication; private final long userID;
private final long userID;
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
/** /**
* @param request the actual object that should be sent * @param request the actual object that should be sent
* @param userID the ID of the currently logged in user * @param userID the ID of the currently logged in user
* @param authentication the authentication of the currently logged in user
* @since Envoy Common v0.3-beta * @since Envoy Common v0.3-beta
*/ */
public AuthenticatedRequest(T request, long userID, String authentication) { public AuthenticatedRequest(T request, long userID) {
this.request = Objects.requireNonNull(request); this.request = Objects.requireNonNull(request);
this.userID = userID; this.userID = userID;
this.authentication = authentication == null ? "" : authentication;
} }
/**
* @return the authentication token of the currently logged in user
* @since Envoy Common v0.3-beta
*/
public String getAuthentication() { return authentication; }
/** /**
* @return the request * @return the request
* @since Envoy Common v0.3-beta * @since Envoy Common v0.3-beta

View File

@ -15,18 +15,18 @@ import java.util.Objects;
public final class LoginCredentials implements Serializable { public final class LoginCredentials implements Serializable {
private final String identifier, password, clientVersion; private final String identifier, password, clientVersion;
private final boolean registration, token; private final boolean registration, token, requestToken;
private final Instant lastSync; private final Instant lastSync;
private static final long serialVersionUID = 4; private static final long serialVersionUID = 4;
private LoginCredentials(String identifier, String password, boolean registration, private LoginCredentials(String identifier, String password, boolean registration,
boolean token, String clientVersion, boolean token, boolean requestToken, String clientVersion, Instant lastSync) {
Instant lastSync) {
this.identifier = Objects.requireNonNull(identifier); this.identifier = Objects.requireNonNull(identifier);
this.password = Objects.requireNonNull(password); this.password = Objects.requireNonNull(password);
this.registration = registration; this.registration = registration;
this.token = token; this.token = token;
this.requestToken = requestToken;
this.clientVersion = Objects.requireNonNull(clientVersion); this.clientVersion = Objects.requireNonNull(clientVersion);
this.lastSync = lastSync == null ? Instant.EPOCH : lastSync; this.lastSync = lastSync == null ? Instant.EPOCH : lastSync;
} }
@ -36,14 +36,15 @@ public final class LoginCredentials implements Serializable {
* *
* @param identifier the identifier of the user * @param identifier the identifier of the user
* @param password the password of the user * @param password the password of the user
* @param requestToken requests the server to generate an authentication token
* @param clientVersion the version of the client sending these credentials * @param clientVersion the version of the client sending these credentials
* @param lastSync the timestamp of the last synchronization * @param lastSync the timestamp of the last synchronization
* @return the created login credentials * @return the created login credentials
* @since Envoy Common v0.2-beta * @since Envoy Common v0.2-beta
*/ */
public static LoginCredentials login(String identifier, String password, public static LoginCredentials login(String identifier, String password, boolean requestToken,
String clientVersion, Instant lastSync) { String clientVersion, Instant lastSync) {
return new LoginCredentials(identifier, password, false, false, clientVersion, return new LoginCredentials(identifier, password, false, false, requestToken, clientVersion,
lastSync); lastSync);
} }
@ -59,7 +60,7 @@ public final class LoginCredentials implements Serializable {
*/ */
public static LoginCredentials loginWithToken(String identifier, String token, public static LoginCredentials loginWithToken(String identifier, String token,
String clientVersion, Instant lastSync) { String clientVersion, Instant lastSync) {
return new LoginCredentials(identifier, token, false, true, clientVersion, lastSync); return new LoginCredentials(identifier, token, false, true, false, clientVersion, lastSync);
} }
/** /**
@ -67,24 +68,27 @@ public final class LoginCredentials implements Serializable {
* *
* @param identifier the identifier of the user * @param identifier the identifier of the user
* @param password the password of the user * @param password the password of the user
* @param requestToken requests the server to generate an authentication token
* @param clientVersion the version of the client sending these credentials * @param clientVersion the version of the client sending these credentials
* @param lastSync the timestamp of the last synchronization * @param lastSync the timestamp of the last synchronization
* @return the created login credentials * @return the created login credentials
* @since Envoy Common v0.2-beta * @since Envoy Common v0.2-beta
*/ */
public static LoginCredentials registration(String identifier, String password, public static LoginCredentials registration(String identifier, String password,
boolean requestToken,
String clientVersion, Instant lastSync) { String clientVersion, Instant lastSync) {
return new LoginCredentials(identifier, password, true, false, clientVersion, return new LoginCredentials(identifier, password, true, false, requestToken, clientVersion,
lastSync); lastSync);
} }
@Override @Override
public String toString() { public String toString() {
return String.format( return String.format(
"LoginCredentials[identifier=%s,registration=%b,token=%b,clientVersion=%s,lastSync=%s]", "LoginCredentials[identifier=%s,registration=%b,token=%b,requestToken=%b,clientVersion=%s,lastSync=%s]",
identifier, identifier,
registration, registration,
token, token,
requestToken,
clientVersion, clientVersion,
lastSync); lastSync);
} }
@ -116,6 +120,14 @@ public final class LoginCredentials implements Serializable {
return token; return token;
} }
/**
* @return {@code true} if the server should generate a new authentication token
* @since Envoy Common v0.2-beta
*/
public boolean requestToken() {
return requestToken;
}
/** /**
* @return the version of the client sending these credentials * @return the version of the client sending these credentials
* @since Envoy Common v0.1-beta * @since Envoy Common v0.1-beta

View File

@ -6,12 +6,11 @@ import java.util.Set;
import java.util.logging.*; import java.util.logging.*;
import com.jenkov.nioserver.*; import com.jenkov.nioserver.*;
import com.jenkov.nioserver.Message;
import envoy.data.AuthenticatedRequest; import envoy.data.AuthenticatedRequest;
import envoy.util.EnvoyLog; import envoy.util.EnvoyLog;
import envoy.server.data.*; import envoy.server.data.PersistenceManager;
import envoy.server.processors.ObjectProcessor; import envoy.server.processors.ObjectProcessor;
/** /**
@ -49,32 +48,25 @@ public final class ObjectMessageProcessor implements IMessageProcessor {
// authenticate requests if necessary // authenticate requests if necessary
boolean authenticated = false; boolean authenticated = false;
if (obj instanceof AuthenticatedRequest)
try {
authenticated = PersistenceManager
.getInstance().getUserByID(((AuthenticatedRequest<?>) obj).getUserID())
.getID() == ConnectionManager.getInstance()
.getUserIDBySocketID(message.socketId);
if (obj instanceof AuthenticatedRequest) { // Class cast exception and NullPointerException are valid here and signify a
Contact contact = PersistenceManager.getInstance() // failed authentication
.getContactByID(((AuthenticatedRequest<?>) obj).getUserID()); } catch (ClassCastException | NullPointerException e) {} finally {
obj = ((AuthenticatedRequest<?>) obj).getRequest();
// Validating the authenticity of the request
if (contact == null || contact instanceof Group
|| !((AuthenticatedRequest<?>) obj).getAuthentication()
.equals(((User) contact).getAuthToken())) {
// Invalid request
logger.log(Level.INFO,
"A user tried to perform an authenticated request but could not identify himself. Discarding request.");
return;
} }
logger.log(Level.INFO,
// Valid request "Received " + (authenticated ? "" : "un") + "authenticated " + obj);
logger.log(Level.INFO, "A user successfully authenticated a request for " + obj);
authenticated = true;
obj = ((AuthenticatedRequest<?>) obj).getRequest();
} else
logger.log(Level.FINE, "Received unauthenticated " + obj);
refer(message.socketId, writeProxy, obj, authenticated); refer(message.socketId, writeProxy, obj, authenticated);
} catch (IOException | ClassNotFoundException e) { } catch (IOException | ClassNotFoundException e) {
e.printStackTrace(); logger.log(Level.WARNING,
"An exception occurred when reading in an object: " + e);
} }
} }

View File

@ -124,22 +124,23 @@ public final class LoginCredentialProcessor implements ObjectProcessor<LoginCred
UserStatusChangeProcessor.updateUserStatus(user, ONLINE); UserStatusChangeProcessor.updateUserStatus(user, ONLINE);
// Process token request // Process token request
String token; if (credentials.requestToken()) {
if (user.getAuthToken() != null && user.getAuthTokenExpiration().isAfter(Instant.now())) String token;
if (user.getAuthToken() != null && user.getAuthTokenExpiration().isAfter(Instant.now()))
// Reuse existing token and delay expiration date // Reuse existing token and delay expiration date
token = user.getAuthToken(); token = user.getAuthToken();
else { else {
// Generate new token // Generate new token
token = AuthTokenGenerator.nextToken(); token = AuthTokenGenerator.nextToken();
user.setAuthToken(token); user.setAuthToken(token);
}
user.setAuthTokenExpiration(Instant.now().plus(
ServerConfig.getInstance().getAuthTokenExpiration().longValue(), ChronoUnit.DAYS));
persistenceManager.updateContact(user);
writeProxy.write(socketID, new NewAuthToken(token));
} }
user.setAuthTokenExpiration(Instant.now().plus(
ServerConfig.getInstance().getAuthTokenExpiration().longValue(), ChronoUnit.DAYS));
persistenceManager.updateContact(user);
writeProxy.write(socketID, new NewAuthToken(token));
final var pendingMessages = final var pendingMessages =
PersistenceManager.getInstance().getPendingMessages(user, credentials.getLastSync()); PersistenceManager.getInstance().getPendingMessages(user, credentials.getLastSync());
pendingMessages.removeIf(GroupMessage.class::isInstance); pendingMessages.removeIf(GroupMessage.class::isInstance);