Commit 2e614f9a authored by Kjetil Thuen's avatar Kjetil Thuen

Added authentication and better error handling

parent ab699313
TODO
Sjekk at nødvendige parametre er på plass i doGet (der er en egen returverdi for manglende parametre)
Autentisering?
* Sjekk at nødvendige parametre er på plass i doGet (der er en egen returverdi for manglende parametre)
* Autentisering?
Fiks at bash scriptet faktisk blir kjørt
Finn ut av linjeskift i SMS
Finn ut av prefix streng fra pam_otpsms.conf
......
......@@ -26,12 +26,16 @@ public class SMSByScript extends SMSSend {
BufferedReader read = new BufferedReader(new InputStreamReader(proc.getInputStream()));
try {
while (read.ready()) {
logger.info(read.readLine());
}
int ret = proc.waitFor();
logger.info("Return value " + ret);
if (ret != 0) {
logger.info("Return value " + ret);
throw new RuntimeException("Script failed");
}
} catch (InterruptedException e) {
throw new RuntimeException(e);
}
......
......@@ -3,8 +3,10 @@ package com.nesstar;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
......@@ -40,19 +42,16 @@ public class SMSGateway extends HttpServlet {
int serviceStatus = 0;
String statusString = "OK";
try {
if (null == request.getParameter("DESTADDR")) {
httpStatus = 500;
messageID = -1;
serviceStatus = 2;
statusString = "Mandatory parameter DESTADDR missing";
}
List<String> mandatoryParameters = Arrays.asList(new String[] { "DESTADDR", "MESSAGE", "USERNAME", "PASSWORD" });
if (serviceStatus == 0 && null == request.getParameter("MESSAGE")) {
httpStatus = 500;
messageID = -1;
serviceStatus = 2;
statusString = "Mandatory parameter MESSAGE missing";
try {
for (String parameter : mandatoryParameters) {
if (null == request.getParameter(parameter)) {
httpStatus = 500;
messageID = -1;
serviceStatus = 2;
statusString = "Mandatory parameter " + parameter + " missing";
}
}
if (serviceStatus == 0) {
......@@ -90,13 +89,13 @@ public class SMSGateway extends HttpServlet {
private boolean authenticateUser(HttpServletRequest request) {
String username = getInitParameter("username");
String passwordHash = getInitParameter("passwordhash");
String password = getInitParameter("password");
if (null != username && null != passwordHash) {
if (null != username && null != password) {
String requestUser = request.getParameter("USERNAME");
String requestPassword = request.getParameter("PASSWORD");
if (!requestUser.equals(username) || !requestPassword.equals(passwordHash)) {
if (!requestUser.equals(username) || !requestPassword.equals(password)) {
return false;
}
}
......
......@@ -16,7 +16,7 @@
<param-value>smsuser</param-value>
</init-param>
<init-param>
<param-name>passwordhash</param-name>
<param-name>password</param-name>
<!-- Available implementations: script, file, hand -->
<param-value>smspass</param-value>
</init-param>
......@@ -34,7 +34,7 @@
</init-param>
<init-param>
<param-name>global.message.suffix</param-name>
<param-value>...</param-value>
<param-value></param-value>
</init-param>
</servlet>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment