From 60c5f8323d03258fa0df89aa72665fc53869953f Mon Sep 17 00:00:00 2001
From: elvinvina <vina9196@gmail.com>
Date: Wed, 30 Nov 2016 13:32:12 +0700
Subject: [PATCH] new token dan validasi token sesuai skenario
---
IdentityService/src/com/KEM/ws/IdentityS.java | 93 +++++++++++++++++--
.../src/com/KEM/ws/registerUser.java | 91 ++++++++++++++++--
KEMProject/WebContent/login.jsp | 5 +
KEMProject/WebContent/register.jsp | 5 +
KEMProject/src/backend/javaclass/Login.java | 9 +-
.../src/backend/javaclass/register.java | 10 +-
6 files changed, 192 insertions(+), 21 deletions(-)
diff --git a/IdentityService/src/com/KEM/ws/IdentityS.java b/IdentityService/src/com/KEM/ws/IdentityS.java
index ae93a9c..943d841 100644
--- a/IdentityService/src/com/KEM/ws/IdentityS.java
+++ b/IdentityService/src/com/KEM/ws/IdentityS.java
@@ -71,15 +71,90 @@ public class IdentityS extends HttpServlet {
int Id = rs2.getInt("Id_User");
generateToken gt = new generateToken();
- String token = gt.generateAccessToken();
- sql3 = "INSERT INTO authTokenUser(userId, token, created, expires) VALUES ("+Id+",\""+token+"\",CURRENT_TIMESTAMP, DATE_ADD(NOW(), INTERVAL 600 SECOND))";
- stmt.executeUpdate(sql3);
-
- rs2.close();
- stmt.close();
- conn.close();
- out.println(token);
- out.println(Id);
+ String token = gt.generateAccessToken();
+ String browser=request.getParameter("browser");
+ String ipAdr=request.getParameter("ip");
+ sql3 = "SELECT COUNT(*) as counter FROM authTokenUser";
+ rs3 = stmt.executeQuery(sql3);
+ rs3.next();
+ boolean sama = false;
+ int t = 0;
+ int i = 0;
+ String[] auth = new String[rs3.getInt("counter")];
+ if (rs3.getInt("counter") >= 1) {
+ rs3.close();
+ sql3 = "SELECT * FROM authTokenUser";
+ rs3 = stmt.executeQuery(sql3);
+ System.out.println("tokennyaaaaa : " + token);
+ while (rs3.next()) {
+ auth[i] = rs3.getString("token");
+ i++;
+ }
+ rs3.close();
+ t=0;
+ System.out.println("substring : " + auth[t].substring(0, 40));
+ while (t<i && !sama) {
+ if (token.equals(auth[t].substring(0, 40))) {
+ sama = true;
+ }
+ t++;
+ }
+ if (sama==false) {
+ System.out.println("ini token berbedaaaaaaaa");
+ token = token+"_"+browser+"_"+ipAdr;
+ sql3 = "INSERT INTO authTokenUser(userId, token, created, expires) VALUES ("+Id+",\""+token+"\",CURRENT_TIMESTAMP, DATE_ADD(NOW(), INTERVAL 600 SECOND))";
+ stmt.executeUpdate(sql3);
+ rs2.close();
+ stmt.close();
+ conn.close();
+ out.println(token);
+ out.println(Id);
+ }
+ else {
+ System.out.println("ini tokeeen samaaaaa");
+ t=0;
+ sama = false;
+ token = token + "_" + browser + "_" + ipAdr;
+ while (t<i && !sama) {
+ if (token.equals(auth[t])) {
+ sama = true;
+ }
+ t++;
+ }
+ if (sama==true) {
+
+ System.out.println("iniii samaaa semuaaaaaaaaaaa");
+ sql3 = "INSERT INTO authTokenUser(userId, token, created, expires) VALUES ("+Id+",\""+token+"\",CURRENT_TIMESTAMP, DATE_ADD(NOW(), INTERVAL 600 SECOND))";
+ stmt.executeUpdate(sql3);
+
+ rs2.close();
+ stmt.close();
+ conn.close();
+ out.println(token);
+ out.println(Id);
+ }
+ else {
+ System.out.println("ini ada yaang bedaaaaaa");
+ rs2.close();
+ stmt.close();
+ conn.close();
+ out.println("invalid");
+ }
+ }
+
+ }
+ else {
+ token = token+"_"+browser+ "_"+ipAdr;
+
+ sql3 = "INSERT INTO authTokenUser(userId, token, created, expires) VALUES ("+Id+",\""+token+"\",CURRENT_TIMESTAMP, DATE_ADD(NOW(), INTERVAL 600 SECOND))";
+ stmt.executeUpdate(sql3);
+
+ rs2.close();
+ stmt.close();
+ conn.close();
+ out.println(token);
+ out.println(Id);
+ }
}else{
// Clean-up environment
rs.close();
diff --git a/IdentityService/src/com/KEM/ws/registerUser.java b/IdentityService/src/com/KEM/ws/registerUser.java
index 2dfecdd..ad63a42 100644
--- a/IdentityService/src/com/KEM/ws/registerUser.java
+++ b/IdentityService/src/com/KEM/ws/registerUser.java
@@ -86,16 +86,91 @@ public class registerUser extends HttpServlet {
generateToken gt = new generateToken();
String token = gt.generateAccessToken();
- sqlToken = "INSERT INTO authTokenUser(userId, token, created, expires) VALUES ("+Id+",\""+token+"\",CURRENT_TIMESTAMP, DATE_ADD(NOW(), INTERVAL 600 SECOND))";
- stmt.executeUpdate(sqlToken);
+ String browser=request.getParameter("browser");
+ String ipAdr=request.getParameter("ip");
- rs.close();
- stmt.close();
- conn.close();
+ sql3 = "SELECT COUNT(*) as counter FROM authTokenUser";
+ rs3 = stmt.executeQuery(sql3);
+ rs3.next();
+ boolean sama = false;
+ int t = 0;
+ int i = 0;
+ String[] auth = new String[rs3.getInt("counter")];
+
+ if (rs3.getInt("counter")>=1) {
+ rs3.close();
+ sql3 = "SELECT * FROM authTokenUser";
+ rs3 = stmt.executeQuery(sql3);
+ System.out.println("tokennyaaaaa : " + token);
+ while (rs3.next()) {
+ auth[i] = rs3.getString("token");
+ i++;
+ }
+ rs3.close();
+ t=0;
+ System.out.println("substring : " + auth[t].substring(0, 40));
+ while (t<i && !sama) {
+ if (token.equals(auth[t].substring(0, 40))) {
+ sama = true;
+ }
+ t++;
+ }
+ if (sama==false) {
+ token = token+"_"+browser+"_"+ipAdr;
+ sql3 = "INSERT INTO authTokenUser(userId, token, created, expires) VALUES ("+Id+",\""+token+"\",CURRENT_TIMESTAMP, DATE_ADD(NOW(), INTERVAL 600 SECOND))";
+ stmt.executeUpdate(sql3);
+
+ rs.close();
+ stmt.close();
+ conn.close();
- out.println(token);
- out.println(Id);
- }
+ out.println(token);
+ out.println(Id);
+ }
+ else {
+ t=0;
+ sama = false;
+ token = token + "_" + browser + "_" + ipAdr;
+ while (t<i && !sama) {
+ if (token.equals(auth[t])) {
+ sama = true;
+ }
+ t++;
+ }
+ if (sama==true) {
+ sql3 = "INSERT INTO authTokenUser(userId, token, created, expires) VALUES ("+Id+",\""+token+"\",CURRENT_TIMESTAMP, DATE_ADD(NOW(), INTERVAL 600 SECOND))";
+ stmt.executeUpdate(sql3);
+
+ rs.close();
+ stmt.close();
+ conn.close();
+
+ out.println(token);
+ out.println(Id);
+ }
+ else {
+ System.out.println("ini ada yaang bedaaaaaa");
+ rs.close();
+ rsEmail.close();
+ stmt.close();
+ conn.close();
+ out.println("invalid");
+ }
+ }
+ }
+ else {
+ token = token+"_"+browser+ "_"+ipAdr;
+
+ sqlToken = "INSERT INTO authTokenUser(userId, token, created, expires) VALUES ("+Id+",\""+token+"\",CURRENT_TIMESTAMP, DATE_ADD(NOW(), INTERVAL 15 SECOND))";
+ stmt.executeUpdate(sqlToken);
+
+ rs.close();
+ stmt.close();
+ conn.close();
+
+ out.println(token);
+ out.println(Id);
+ }
else {
// Clean-up environment
rsEmail.close();
diff --git a/KEMProject/WebContent/login.jsp b/KEMProject/WebContent/login.jsp
index dd2b1c1..b45fc8e 100644
--- a/KEMProject/WebContent/login.jsp
+++ b/KEMProject/WebContent/login.jsp
@@ -1,4 +1,5 @@
<%session.invalidate();%>
+<%@ page import="java.net.InetAddress" %>
<!DOCTYPE html>
<html>
<head>
@@ -26,6 +27,10 @@
<div class="warning" id="warnpass"></div>
<div class="warning"></div>
+ <%InetAddress ip;
+ ip = InetAddress.getLocalHost(); %>
+ <input type="hidden" name="browser" value="<%=request.getHeader("User-Agent")%>" />
+ <input type="hidden" name="ip" value="<%=ip.getHostAddress()%>" />
</div>
<div class="buttonplace">
<button type="submit">LOGIN</button></br>
diff --git a/KEMProject/WebContent/register.jsp b/KEMProject/WebContent/register.jsp
index a329492..b3837c4 100644
--- a/KEMProject/WebContent/register.jsp
+++ b/KEMProject/WebContent/register.jsp
@@ -1,3 +1,4 @@
+<%@ page import="java.net.InetAddress" %>
<!DOCTYPE html>
<html>
<head>
@@ -45,6 +46,10 @@
<label>Phone Number</label><br>
<input type="text" name = "telp"><br>
<div class="warning" id="warntelp"></div><br>
+ <%InetAddress ip;
+ ip = InetAddress.getLocalHost(); %>
+ <input type="hidden" name="browser" value="<%=request.getHeader("User-Agent")%>" />
+ <input type="hidden" name="ip" value="<%=ip.getHostAddress()%>" />
</div>
<div class="buttonplace">
diff --git a/KEMProject/src/backend/javaclass/Login.java b/KEMProject/src/backend/javaclass/Login.java
index 9eb9315..466837c 100644
--- a/KEMProject/src/backend/javaclass/Login.java
+++ b/KEMProject/src/backend/javaclass/Login.java
@@ -16,10 +16,14 @@ public class Login extends HttpServlet {
String un=request.getParameter("username");
String pw=request.getParameter("password");
+ String browser=request.getParameter("browser");
+ String ipAdr=request.getParameter("ip");
Map<String,Object> params = new LinkedHashMap<>();
params.put("username", un);
params.put("password", pw);
+ params.put("browser", browser);
+ params.put("ip", ipAdr);
StringBuilder postData = new StringBuilder();
String res="";
@@ -56,8 +60,9 @@ public class Login extends HttpServlet {
response.sendRedirect("login.jsp");
}
else{
- token = res.substring(0, 40);
- String userId = res.substring(40);
+ int lengres= res.length();
+ token = res.substring(0, lengres-1);
+ String userId = res.substring(lengres-1);
//tes session
HttpSession session = request.getSession();
session.setAttribute("token", token);
diff --git a/KEMProject/src/backend/javaclass/register.java b/KEMProject/src/backend/javaclass/register.java
index ee0981d..117ed82 100644
--- a/KEMProject/src/backend/javaclass/register.java
+++ b/KEMProject/src/backend/javaclass/register.java
@@ -27,6 +27,8 @@ public class register extends HttpServlet {
String address=request.getParameter("address");
String postcode=request.getParameter("postcode");
String phone=request.getParameter("telp");
+ String browser=request.getParameter("browser");
+ String ipAdr=request.getParameter("ip");
Map<String,Object> params = new LinkedHashMap<>();
params.put("fullname", fullname);
@@ -36,6 +38,9 @@ public class register extends HttpServlet {
params.put("address", address);
params.put("postcode", postcode);
params.put("telp", phone);
+ params.put("browser", browser);
+ params.put("ip", ipAdr);
+
StringBuilder postData = new StringBuilder();
String res= new String("");
@@ -69,8 +74,9 @@ public class register extends HttpServlet {
response.sendRedirect("register.jsp");
}
else{
- String token = res.substring(0, 40);
- String userId = res.substring(40);
+ int lengres= res.length();
+ String token = res.substring(0, lengres-1);
+ String userId = res.substring(lengres-1);
HttpSession session = request.getSession();
session.setAttribute("token", token);
--
GitLab