Add exception handling and json validation/parsing to data received

f4d02a0d · Ira ¯\_(ツ)_/¯ · e0b3e222 · f4d02a0d
Verified Commit f4d02a0d authored 4 years ago by $Ira ¯\_(ツ)_/¯'s avatar$ Ira ¯\_(ツ)_/¯
--- a/roles/keycloak/files/providers/keycloak-mailpass-rest/src/main/java/org/archlinux/keycloak/mailpass/rest/MailPassResource.java
+++ b/roles/keycloak/files/providers/keycloak-mailpass-rest/src/main/java/org/archlinux/keycloak/mailpass/rest/MailPassResource.java
 package org.archlinux.keycloak.mailpass.rest;

 import java.security.SecureRandom;
+
+import javax.ws.rs.BadRequestException;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+
 import org.bouncycastle.crypto.generators.OpenBSDBCrypt;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.keycloak.models.KeycloakSession;

+import io.restassured.path.json.JsonPath;
+import io.restassured.path.json.exception.JsonPathException;
+
 /**
- * A custom REST endpoint to trigger functionality on the Keycloak server, which is not available
- * through the default set of built-in Keycloak REST endpoints. This is to be used during the
- * storage of a custom attribute on the Account Management Console for the mail password. The data
- * stored will be a Bcrypt hash instead of the plain text password.
+ * A custom REST endpoint to trigger functionality on the Keycloak server, which
+ * is not available through the default set of built-in Keycloak REST endpoints.
+ * This is to be used during the storage of a custom attribute on the Account
+ * Management Console for the mail password. The data stored will be a Bcrypt
+ * hash instead of the plain text password.
 */
 public class MailPassResource {

@@ -39,7 +46,8 @@ public class MailPassResource {
  }

  /**
-   * The custom REST endpoint reachable at {{ base_url }}/realms/{{ realm }}/mailpass/hashify.
+   * The custom REST endpoint reachable at {{ base_url }}/realms/{{ realm
+   * }}/mailpass/auth/compute-password-hash.
   *
   * @param data The JSON property including the password entry.
   * @return Response instance including the hashed password string.
@@ -48,11 +56,26 @@ public class MailPassResource {
  @Path("compute-password-hash")
  @NoCache
  @Consumes(MediaType.APPLICATION_JSON)
+  @Produces(MediaType.TEXT_PLAIN)
  public Response generateBcryptHash(String data) {

-    byte[] salt = generateSalt();
-    String hash = OpenBSDBCrypt.generate(VARIANT, data.toCharArray(), salt, COST);
+    try {
+      JsonPath jsonPath = JsonPath.from(data);
+
+      String password = jsonPath.getString("password");

-    return Response.status(201).entity(hash).build();
+      if (password == null) {
+        throw new BadRequestException("password object not detected in provided JSON body");
+      }
+
+      byte[] salt = generateSalt();
+      String hash = OpenBSDBCrypt.generate(VARIANT, password.toCharArray(), salt, COST);
+
+      return Response.status(Response.Status.CREATED).entity(hash).build();
+
+    } catch (JsonPathException e) {
+      throw new BadRequestException("provided data is not in valid JSON format");
+    }
  }
+
 }