implemented user logout

7 months ago · 59b9976dbf
10 changed files with 72 additions and 23 deletions
--- a/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/PathHandler.java
+++ b/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/PathHandler.java
@ -119,6 +119,7 @@ public abstract class PathHandler implements HttpHandler {
 		}
 		public static boolean sendContent(HttpExchange ex, Object o) throws IOException {
 			if (o instanceof JSONObject) ex.getResponseHeaders().add(CONTENT_TYPE, JSON);
 			return sendContent(ex, HTTP_OK, o.toString().getBytes(UTF_8));
 		}
--- a/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/Backend.java
+++ b/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/Backend.java
@ -59,10 +59,23 @@ public class Backend extends PathHandler {
 	@Override
 	public boolean doGet(String path, HttpExchange ex) throws IOException {
 		// pre-login paths
 		switch (path) {
 			case "/openid-configuration":
 				return openidConfig(ex);
 		}
 		var optSession = getSession(ex);
 		if (optSession.isEmpty()) return sendEmptyResponse(HTTP_UNAUTHORIZED, ex);
 		// post-login paths
 		var session = optSession.get();
 		switch (path) {
 			case "/logout":
 				return logout(ex,session);
 		}
 		System.err.println("not implemented");
 		return sendEmptyResponse(HTTP_NOT_FOUND, ex);
 	}
@ -98,6 +111,12 @@ public class Backend extends PathHandler {
 		return SessionToken.from(ex).map(SessionToken::sessionId).flatMap(sessions::retrieve);
 	}
 	private boolean logout(HttpExchange ex, Session session) throws IOException {
 		sessions.dropSession(session.id());
 		new SessionToken("").addTo(ex);
 		return sendEmptyResponse(HTTP_OK,ex);
 	}
 	private boolean openidConfig(HttpExchange ex) throws IOException {
 		var        uri	= ex.getRequestURI().toString();
 		JSONObject json = new JSONObject();
@ -108,15 +127,8 @@ public class Backend extends PathHandler {
 	private boolean sendUserAndCookie(HttpExchange ex, Session session) throws IOException {
-		var bytes   = new JSONObject(session.user().map(false)).toString().getBytes(UTF_8);
+		new SessionToken(session.id()).addTo(ex);
-		var headers = ex.getResponseHeaders();
+		return sendContent(ex,new JSONObject(session.user().map(false)));
 		headers.add(CONTENT_TYPE, JSON);
 		new SessionToken(session.id()).addTo(headers);
 		ex.sendResponseHeaders(200, bytes.length);
 		var out = ex.getResponseBody();
 		out.write(bytes);
 		return true;
 	}
 	private boolean updatePassword(HttpExchange ex, Session session) throws IOException {
@ -126,13 +138,15 @@ public class Backend extends PathHandler {
 		if (!uuid.equals(user.uuid())) {
 			return sendEmptyResponse(HTTP_FORBIDDEN, ex);
 		}
-		var oldPass = json.getJSONArray("oldpass");
+		var oldPass = json.getString("oldpass");
-		var oldPass1 = oldPass.getString(0);
+		if (!users.passwordMatches(oldPass,user.hashedPassword())) return sendError(ex,"wrong password");
-		if (!oldPass1.equals(oldPass.getString(1))){
+
 		var newpass = json.getJSONArray("newpass");
 		var newPass1 = newpass.getString(0);
 		if (!newPass1.equals(newpass.getString(1))){
 			return sendError(ex,"password mismatch");
 		}
-		if (!users.passwordMatches(oldPass1,user.hashedPassword())) return sendError(ex,"wrong password");
+		users.updatePassword(user,newPass1);
 		users.updatePassword(user,json.getString("newpass"));
 		return sendContent(ex,new JSONObject(user.map(false)));
 	}
--- a/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java
+++ b/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java
@ -143,6 +143,9 @@ public class FileStore implements ClientService, SessionService, UserService {
 	/*** Session Service Methods ***/
 	// TODO: prolong session on user activity
 	// TODO: drop expired sessions
 	@Override
 	public Session createSession(User user) {
 		var now	 = Instant.now();
@ -152,7 +155,9 @@ public class FileStore implements ClientService, SessionService, UserService {
 	@Override
 	public SessionService dropSession(String sessionId) {
-		return null;
+		json.getJSONObject(SESSIONS).remove(sessionId);
 		save();
 		return this;
 	}
 	@Override
--- a/de.srsoftware.oidc.web/src/main/resources/en/login.html
+++ b/de.srsoftware.oidc.web/src/main/resources/en/login.html
@ -4,6 +4,7 @@
        <title>Light OIDC</title>
        <script src="common.js"></script>
        <script src="login.js"></script>
        <link rel="stylesheet" href="style.css" />
    </head>
    <body>
        <h1>Login</h1>
@ -15,7 +16,7 @@
            </label>
            <label>
                Password
-                <input type="password" id="password" />
+                <input type="password" id="password" onkeydown="keyDown()"/>
            </label>
            <button type="button" onClick="tryLogin()">Login</button>
        </fieldset>
--- a/de.srsoftware.oidc.web/src/main/resources/en/login.js
+++ b/de.srsoftware.oidc.web/src/main/resources/en/login.js
@ -30,4 +30,8 @@ function tryLogin(){
        })
    }).then(handleLogin);
    return false;
 }
 function keyDown(ev){
   if (event.keyCode == 13) tryLogin();
 }
--- a/de.srsoftware.oidc.web/src/main/resources/en/logout.html
+++ b/de.srsoftware.oidc.web/src/main/resources/en/logout.html
@ -0,0 +1,12 @@
 <html>
    <head>
        <meta charset="utf-8">
        <title>Light OIDC</title>
        <script src="common.js"></script>
        <script src="logout.js"></script>
        <link rel="stylesheet" href="style.css" />
    </head>
    <body>
        You are being logged out…
    </body>
 </html>
--- a/de.srsoftware.oidc.web/src/main/resources/en/logout.js
+++ b/de.srsoftware.oidc.web/src/main/resources/en/logout.js
@ -0,0 +1,7 @@
 function handleLogout(response){
    if (response.ok){
    document.body.innerHTML += 'success';
    document.location.href='index.html';
    }
 }
 fetch(api+"/logout").then(handleLogout)
--- a/de.srsoftware.oidc.web/src/main/resources/en/newclient.html
+++ b/de.srsoftware.oidc.web/src/main/resources/en/newclient.html
@ -4,6 +4,7 @@
    <title>Light OIDC</title>
    <script src="common.js"></script>
    <script src="user.js"></script>
    <link rel="stylesheet" href="style.css" />
 </head>
 <body>
 <h1>Add new client</h1>
--- a/de.srsoftware.oidc.web/src/main/resources/en/settings.html
+++ b/de.srsoftware.oidc.web/src/main/resources/en/settings.html
@ -38,15 +38,15 @@
        <table>
            <tr>
                <th>Old password</th>
-                <td><input id="oldpass1" type="password"></td>
+                <td><input id="oldpass" type="password"></td>
            </tr>
            <tr>
-                <th>Repeat Password</th>
+                <th>New Password</th>
-                <td><input id="oldpass2" type="password"></td>
+                <td><input id="newpass1" type="password"></td>
            </tr>
            <tr>
-                <th>New Password</th>
+                <th>Repeat Password</th>
-                <td><input id="newpass" type="password"></td>
+                <td><input id="newpass2" type="password" onkeydown="passKeyDown()"></td>
            </tr>
        </table>
        <button id="passBtn" type="button" onClick="updatePass()">Update</button>
--- a/de.srsoftware.oidc.web/src/main/resources/en/settings.js
+++ b/de.srsoftware.oidc.web/src/main/resources/en/settings.js
@ -47,8 +47,8 @@ function updatePass(){
    disable('passBtn');
    setText('passBtn','sent…');
    var newData = {
-        oldpass : [getValue('oldpass1'),getValue('oldpass2')],
+        oldpass : getValue('oldpass'),
-        newpass : getValue('newpass'),
+        newpass : [getValue('newpass1'),getValue('newpass2')],
        uuid : getValue('uuid')
    }
    fetch(api+'/update/password',{
@ -65,4 +65,8 @@ function updatePass(){
        },10000);
 }
 function passKeyDown(ev){
   if (event.keyCode == 13) updatePass();
 }
 setTimeout(fillForm,100);