TeamPiped-mirror/Piped-Backend
1
0
Fork 0
mirror of https://github.com/TeamPiped/Piped-Backend.git synced 2024-08-14 23:51:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add backend code for user deletion

Browse source
This commit is contained in:
theanonymousexyz 2022-04-21 21:39:58 +02:00
parent bbd552fc71
commit 640f59d0c9
No known key found for this signature in database
GPG key ID: 35EE09F5481049BB
2 changed files with 48 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

40
src/main/java/me/kavin/piped/utils/ResponseHelper.java
View file

@ -47,6 +47,7 @@ import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaDelete;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.JoinType;
import javax.persistence.criteria.Root;
@ -625,6 +626,42 @@ public class ResponseHelper {
private static final Argon2PasswordEncoder argon2PasswordEncoder = new Argon2PasswordEncoder();
public static byte[] deleteUserResponse(String session, String pass) throws IOException {
if (StringUtils.isBlank(pass))
return Constants.mapper.writeValueAsBytes(new InvalidRequestResponse());
try (Session s = DatabaseSessionFactory.createSession()) {
User user = DatabaseHelper.getUserFromSession(session);
if (user != null) {
String hash = user.getPassword();
boolean passMatch =
(hash.startsWith("$argon2") && argon2PasswordEncoder.matches(pass, hash)) || bcryptPasswordEncoder.matches(pass, hash);
if (!passMatch)
return Constants.mapper.writeValueAsBytes(new IncorrectCredentialsResponse());
CriteriaBuilder cb = s.getCriteriaBuilder();
CriteriaDelete<User> cd = cb.createCriteriaDelete(User.class);
Root<User> root = cd.from(User.class);
cd.where(cb.equal(root.get("session_id"), session));
try {
s.getTransaction().begin();
s.createQuery(cd).executeUpdate();
s.getTransaction().commit();
} catch (Exception e) {
return Constants.mapper.writeValueAsBytes(new ErrorResponse(ExceptionUtils.getStackTrace(e), e.getMessage()));
}
return Constants.mapper.writeValueAsBytes(new DeleteUserResponse(user.getUsername()));
}
}
return Constants.mapper.writeValueAsBytes(new AuthenticationFailureResponse());
}
public static byte[] registerResponse(String user, String pass) throws IOException {
if (Constants.DISABLE_REGISTRATION)
@ -642,9 +679,8 @@ public class ResponseHelper {
cr.select(root).where(cb.equal(root.get("username"), user));
boolean registered = s.createQuery(cr).uniqueResult() != null;
if (registered) {
if (registered)
return Constants.mapper.writeValueAsBytes(new AlreadyRegisteredResponse());
}
if (Constants.COMPROMISED_PASSWORD_CHECK) {
String sha1Hash = DigestUtils.sha1Hex(pass).toUpperCase();

10
src/main/java/me/kavin/piped/utils/resp/DeleteUserResponse.java Normal file
View file

@ -0,0 +1,10 @@
package me.kavin.piped.utils.resp;
public class DeleteUserResponse {
public String username;
public DeleteUserResponse(String username) {
this.username = username;
}
}