in ignite-tc-helper-web/src/main/java/org/apache/ignite/ci/web/auth/AuthenticationFilter.java [156:215]
public boolean authenticate(ContainerRequestContext reqCtx,
String tokFull,
IUserStorage users) {
final StringTokenizer tokenizer = new StringTokenizer(tokFull, ":");
final String sessId = tokenizer.nextToken();
final String tok = tokenizer.nextToken();
UserSession ses = users.getSession(sessId);
if (ses == null) {
logger.warn("Users session not found " + sessId + " enforcing login");
return false;
}
if (reqCtx.getUriInfo() != null)
logger.info("[[" + ses.username + "]] " + reqCtx.getUriInfo().getPath() + " Session:" + sessId);
TcHelperUser user = users.getUser(ses.username);
if (user == null) {
logger.error("No such user " + ses.username + " for " + sessId + " enforcing login");
reqCtx.abortWith(rspUnathorized());
return false;
}
if (user.userKeyKcv == null) {
logger.error("User not initialised " + ses.username + ",failed at " + sessId + " enforcing login");
return false;
}
byte[] userKey;
try {
userKey = CryptUtil.aesDecrypt(Base64Util.decodeString(tok), ses.userKeyUnderToken);
byte[] userKeyKcv = CryptUtil.aesKcv(userKey);
if(!Arrays.equals(userKeyKcv, user.userKeyKcv)) {
logger.error("User provided " + ses.username + " invalid token ,failed at " + sessId + " enforcing login");
return false;
}
} catch (Exception e) {
logger.info("Exception during decrypt " + e.getMessage(), e);
return false;
}
ses.lastActiveTs = System.currentTimeMillis();
users.putSession(sessId, ses);
reqCtx.setProperty(ITcBotUserCreds._KEY, createCredsProv(user, userKey));
return true;
}