diff --git a/account/src/main/java/de/muehlencord/shared/account/business/account/boundary/ApiKeyService.java b/account/src/main/java/de/muehlencord/shared/account/business/account/boundary/ApiKeyService.java index afa5b68..d60edbb 100644 --- a/account/src/main/java/de/muehlencord/shared/account/business/account/boundary/ApiKeyService.java +++ b/account/src/main/java/de/muehlencord/shared/account/business/account/boundary/ApiKeyService.java @@ -16,7 +16,6 @@ package de.muehlencord.shared.account.business.account.boundary; import de.muehlencord.shared.account.business.account.control.AccountControl; -import de.muehlencord.shared.account.business.account.entity.Account; import de.muehlencord.shared.account.business.account.entity.AccountEntity; import de.muehlencord.shared.account.business.account.entity.ApiKeyEntity; import de.muehlencord.shared.account.business.account.entity.JWTObject; @@ -26,7 +25,10 @@ import de.muehlencord.shared.account.util.AccountPU; import de.muehlencord.shared.jeeutil.jwt.JWTDecoder; import de.muehlencord.shared.jeeutil.jwt.JWTEncoder; import de.muehlencord.shared.jeeutil.jwt.JWTException; +import de.muehlencord.shared.util.DateUtil; +import de.muehlencord.shared.util.StringUtil; import java.io.Serializable; +import java.time.ZoneId; import java.time.ZoneOffset; import java.time.ZonedDateTime; import java.util.ArrayList; @@ -67,9 +69,6 @@ public class ApiKeyService implements Serializable { @Inject ConfigService configService; - @Inject - Account account; - private String password; private String issuer; @@ -95,6 +94,20 @@ public class ApiKeyService implements Serializable { } } + public ApiKeyEntity getApiKeyFromString(String encodedJWT) throws ApiKeyException { + if (StringUtil.isEmpty(encodedJWT)) { + throw new ApiKeyException("Must provide authorization information"); + } + JWTObject jwt = getJWTObject(encodedJWT); + Query query = em.createNamedQuery("ApiKeyEntity.findByApiKey"); + query.setParameter("apiKey", jwt.getUnqiueId()); + List apiKeys = query.getResultList(); + if ((apiKeys == null) || (apiKeys.isEmpty())) { + throw new ApiKeyException("ApiKey not found in database"); + } + return apiKeys.get(0); + } + public List getUsersApiKeys(AccountEntity account) { Query query = em.createNamedQuery("ApiKeyEntity.findByAccount"); query.setParameter("account", account); @@ -107,27 +120,28 @@ public class ApiKeyService implements Serializable { } - public List getUsersApiKeys() { - return getUsersApiKeys(accountControl.getAccountEntity(account.getUsername(), false)); + public List getUsersApiKeys(String userName) { + return getUsersApiKeys(accountControl.getAccountEntity(userName, false)); } @Transactional @Lock(LockType.WRITE) - public String createNewApiKey(ZonedDateTime now, short expirationInMinutes) throws ApiKeyException { + public String createNewApiKey(String userName, short expirationInMinutes) throws ApiKeyException { if ((password == null || issuer == null)) { LOGGER.error("password or issuer not set in, please validate configuration"); } - Date nowDate = Date.from(now.toInstant()); + Date now = DateUtil.getCurrentTimeInUTC(); + ZonedDateTime zonedDateTime = ZonedDateTime.ofInstant(now.toInstant(), ZoneId.of("UTC")); String apiKeyString = RandomStringUtils.randomAscii(50); ApiKeyEntity apiKey = new ApiKeyEntity(); - apiKey.setAccount(accountControl.getAccountEntity(account.getUsername(), false)); + apiKey.setAccount(accountControl.getAccountEntity(userName, false)); apiKey.setApiKey(apiKeyString); - apiKey.setIssuedOn(nowDate); + apiKey.setIssuedOn(now); apiKey.setExpiration(expirationInMinutes); try { - String jwtString = JWTEncoder.encode(password, issuer, now, apiKey.getAccount().getUsername(), apiKey.getApiKey(), apiKey.getExpiration()); + String jwtString = JWTEncoder.encode(password, issuer, zonedDateTime, apiKey.getAccount().getUsername(), apiKey.getApiKey(), apiKey.getExpiration()); em.persist(apiKey); return jwtString; } catch (JWTException ex) {