Last active
October 7, 2018 16:17
-
-
Save munsif3/57fe5b7961b880f5e8c5dbafc45e0f9a to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.munsif.ssd.csrfsynchronizer.controller; | |
| import javax.servlet.http.Cookie; | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletResponse; | |
| import org.springframework.beans.factory.annotation.Autowired; | |
| import org.springframework.stereotype.Controller; | |
| import org.springframework.web.bind.annotation.ModelAttribute; | |
| import org.springframework.web.bind.annotation.PostMapping; | |
| import com.munsif.ssd.csrfsynchronizer.model.Blog; | |
| import com.munsif.ssd.csrfsynchronizer.model.User; | |
| import com.munsif.ssd.csrfsynchronizer.service.AuthenticationService;; | |
| @Controller | |
| public class MainController { | |
| @Autowired | |
| private AuthenticationService authenticationService; | |
| /** | |
| * Handles Login request. Generates sessionCookie for keeping track of the | |
| * session. Generates userCookie to keep track of the user who interacts with | |
| * the application. | |
| * | |
| * @param credentials | |
| * @param response | |
| * @return request is redirected to the root request | |
| */ | |
| @PostMapping("/login") | |
| public String login(@ModelAttribute User credentials, HttpServletResponse response) { | |
| String username = credentials.getUsername(); | |
| String password = credentials.getPassword(); | |
| if (authenticationService.isValidUser(username, password)) { | |
| Cookie sessionCookie = new Cookie("sessionID", authenticationService.generateSessionId(username)); | |
| Cookie userCookie = new Cookie("username", username); | |
| response.addCookie(sessionCookie); | |
| response.addCookie(userCookie); | |
| return "redirect:/"; | |
| } | |
| return "redirect:/login?status=failed"; | |
| } | |
| /** | |
| * Handles the Add Blog request. Extracts the cookies from the request (if any). | |
| * Retrieves the sessionID from the cookie. Checks if the user is authenticated. | |
| * Validates the CSRF Token provided, with that of what is in the HashMap. | |
| * Returns with status as "success" or "failed" | |
| * | |
| * @param blog | |
| * @param request | |
| * @return | |
| */ | |
| @PostMapping("/blog") | |
| public String blog(@ModelAttribute Blog blog, HttpServletRequest request) { | |
| Cookie[] cookies = request.getCookies(); | |
| String blogToken = blog.getToken(); | |
| String sessionId = authenticationService.sessionIdFromCookies(cookies); | |
| if (authenticationService.isAuthenticated(cookies)) { | |
| if (authenticationService.validateCSRFToken(sessionId, blogToken)) { | |
| return "redirect:/home?status=success"; | |
| } | |
| } | |
| return "redirect:/home?status=failed"; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment