Skip to content

S
solo-1
Commit f2ee84a0 authored by Liang Ding's avatar Liang Ding
Browse files
Options

🔥 删除密码字段

parent d78e5dac
Hide whitespace changes
Inline Side-by-side
Showing with 22 additions and 826 deletions
README.md
View file @ f2ee84a0
......@@ -50,7 +50,6 @@
* SQL / JSON / Markdown 导出
* 插件系统
* Atom / RSS / Sitemap
* MetaWeblog API
* CDN 静态资源分离
* [GitHub 集成](https://github.com/b3log/solo/issues/12514)
......
src/main/java/org/b3log/solo/processor/BlogProcessor.java
View file @ f2ee84a0
......@@ -17,7 +17,6 @@
*/
package org.b3log.solo.processor;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.b3log.latke.Keys;
import org.b3log.latke.Latkes;
......@@ -36,13 +35,11 @@ import org.b3log.solo.service.*;
import org.json.JSONArray;
import org.json.JSONObject;
import javax.servlet.http.HttpServletResponse;
/**
* Blog processor.
*
* @author <a href="http://88250.b3log.org">Liang Ding</a>
* @version 1.3.1.7, Jan 28, 2019
* @version 1.3.1.8, Feb 7, 2019
* @since 0.4.6
*/
@RequestProcessor
......@@ -111,11 +108,8 @@ public class BlogProcessor {
jsonObject.put("recentArticleTime", articleQueryService.getRecentArticleTime());
final JSONObject statistic = statisticQueryService.getStatistic();
// TODO: 重构数据统计计数 #12633
// jsonObject.put("articleCount", statistic.getLong(Option.ID_C_STATISTIC_PUBLISHED_ARTICLE_COUNT));
// jsonObject.put("commentCount", statistic.getLong(Option.ID_C_STATISTIC_PUBLISHED_BLOG_COMMENT_COUNT));
jsonObject.put("articleCount", statistic.getLong(Option.ID_T_STATISTIC_PUBLISHED_ARTICLE_COUNT));
jsonObject.put("commentCount", statistic.getLong(Option.ID_T_STATISTIC_PUBLISHED_BLOG_COMMENT_COUNT));
jsonObject.put("tagCount", tagQueryService.getTagCount());
jsonObject.put("servePath", Latkes.getServePath());
jsonObject.put("staticServePath", Latkes.getStaticServePath());
......@@ -157,24 +151,6 @@ public class BlogProcessor {
*/
@RequestProcessing(value = "/blog/articles-tags", method = HttpMethod.GET)
public void getArticlesTags(final RequestContext context) {
final String pwd = context.param("pwd");
if (StringUtils.isBlank(pwd)) {
context.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
try {
final JSONObject admin = userQueryService.getAdmin();
if (!DigestUtils.md5Hex(pwd).equals(admin.getString(User.USER_PASSWORD))) {
context.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
} catch (final Exception e) {
// ignored
}
final JSONObject requestJSONObject = new JSONObject();
requestJSONObject.put(Pagination.PAGINATION_CURRENT_PAGE_NUM, 1);
requestJSONObject.put(Pagination.PAGINATION_PAGE_SIZE, Integer.MAX_VALUE);
......
src/main/java/org/b3log/solo/processor/OAuthGitHubProcessor.java
View file @ f2ee84a0
......@@ -183,7 +183,6 @@ public class OAuthGitHubProcessor {
final JSONObject initReq = new JSONObject();
initReq.put(User.USER_NAME, userName);
initReq.put(User.USER_EMAIL, userEmail);
initReq.put(User.USER_PASSWORD, RandomStringUtils.randomAlphanumeric(8));
initReq.put(UserExt.USER_AVATAR, userAvatar);
initReq.put(UserExt.USER_T_B3_KEY, openId);
try {
......@@ -207,7 +206,6 @@ public class OAuthGitHubProcessor {
final JSONObject addUserReq = new JSONObject();
addUserReq.put(User.USER_NAME, userName);
addUserReq.put(User.USER_EMAIL, userEmail);
addUserReq.put(User.USER_PASSWORD, RandomStringUtils.randomAlphanumeric(8));
addUserReq.put(UserExt.USER_AVATAR, userAvatar);
addUserReq.put(User.USER_ROLE, Role.VISITOR_ROLE);
try {
......
src/main/java/org/b3log/solo/processor/api/MetaWeblogAPI.java deleted 100644 → 0
View file @ d78e5dac
/*
* Solo - A small and beautiful blogging system written in Java.
* Copyright (c) 2010-2019, b3log.org & hacpai.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package org.b3log.solo.processor.api;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.time.DateFormatUtils;
import org.apache.commons.lang.time.DateUtils;
import org.b3log.latke.Keys;
import org.b3log.latke.Latkes;
import org.b3log.latke.ioc.Inject;
import org.b3log.latke.logging.Level;
import org.b3log.latke.logging.Logger;
import org.b3log.latke.model.User;
import org.b3log.latke.repository.Transaction;
import org.b3log.latke.service.ServiceException;
import org.b3log.latke.servlet.HttpMethod;
import org.b3log.latke.servlet.RequestContext;
import org.b3log.latke.servlet.annotation.RequestProcessing;
import org.b3log.latke.servlet.annotation.RequestProcessor;
import org.b3log.latke.servlet.renderer.TextXmlRenderer;
import org.b3log.solo.model.Article;
import org.b3log.solo.model.Option;
import org.b3log.solo.model.Tag;
import org.b3log.solo.repository.ArticleRepository;
import org.b3log.solo.service.*;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.json.XML;
import org.jsoup.Jsoup;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import java.text.ParseException;
import java.util.Date;
import java.util.List;
/**
* MetaWeblog API requests processing.
* <p>
* Implemented the following APIs:
* <ul>
* <li>blogger.deletePost</li>
* <li>blogger.getUsersBlogs</li>
* <li>metaWeblog.editPost</li>
* <li>metaWeblog.getCategories</li>
* <li>metaWeblog.getPost</li>
* <li>metaWeblog.getRecentPosts</li>
* <li>metaWeblog.newPost</li>
* </ul>
* </p>
*
* @author <a href="http://88250.b3log.org">Liang Ding</a>
* @version 1.0.0.19, Oct 19, 2018
* @since 0.4.0
*/
@RequestProcessor
public class MetaWeblogAPI {
/**
* Logger.
*/
private static final Logger LOGGER = Logger.getLogger(MetaWeblogAPI.class);
/**
* Key of method call.
*/
private static final String METHOD_CALL = "methodCall";
/**
* Key of method name.
*/
private static final String METHOD_NAME = "methodName";
/**
* Method name: "blogger.getUsersBlogs".
*/
private static final String METHOD_GET_USERS_BLOGS = "blogger.getUsersBlogs";
/**
* Method name: "metaWeblog.getCategories".
*/
private static final String METHOD_GET_CATEGORIES = "metaWeblog.getCategories";
/**
* Method name: "metaWeblog.getRecentPosts".
*/
private static final String METHOD_GET_RECENT_POSTS = "metaWeblog.getRecentPosts";
/**
* Method name: "metaWeblog.newPost".
*/
private static final String METHOD_NEW_POST = "metaWeblog.newPost";
/**
* Method name: "metaWeblog.editPost".
*/
private static final String METHOD_EDIT_POST = "metaWeblog.editPost";
/**
* Method name: "metaWeblog.getPost".
*/
private static final String METHOD_GET_POST = "metaWeblog.getPost";
/**
* Method name: "blogger.deletePost".
*/
private static final String METHOD_DELETE_POST = "blogger.deletePost";
/**
* Argument "username" index.
*/
private static final int INDEX_USER_EMAIL = 1;
/**
* Argument "postid" index.
*/
private static final int INDEX_POST_ID = 0;
/**
* Argument "password" index.
*/
private static final int INDEX_USER_PWD = 2;
/**
* Argument "numberOfPosts" index.
*/
private static final int INDEX_NUM_OF_POSTS = 3;
/**
* Argument "post" index.
*/
private static final int INDEX_POST = 3;
/**
* Argument "publish" index.
*/
private static final int INDEX_PUBLISH = 4;
/**
* Preference query service.
*/
@Inject
private PreferenceQueryService preferenceQueryService;
/**
* Tag query service.
*/
@Inject
private TagQueryService tagQueryService;
/**
* Article query service.
*/
@Inject
private ArticleQueryService articleQueryService;
/**
* Article management service.
*/
@Inject
private ArticleMgmtService articleMgmtService;
/**
* Article repository.
*/
@Inject
private ArticleRepository articleRepository;
/**
* User query service.
*/
@Inject
private UserQueryService userQueryService;
/**
* MetaWeblog requests processing.
*
* @param context the specified http request context
*/
@RequestProcessing(value = "/apis/metaweblog", method = HttpMethod.POST)
public void metaWeblog(final RequestContext context) {
final TextXmlRenderer renderer = new TextXmlRenderer();
context.setRenderer(renderer);
String responseContent;
try {
final HttpServletRequest request = context.getRequest();
String xml;
try {
final ServletInputStream inputStream = request.getInputStream();
xml = IOUtils.toString(inputStream, "UTF-8");
} catch (final Exception e) {
xml = IOUtils.toString(request.getReader());
}
final JSONObject requestJSONObject = XML.toJSONObject(xml);
final JSONObject methodCall = requestJSONObject.getJSONObject(METHOD_CALL);
final String methodName = methodCall.getString(METHOD_NAME);
LOGGER.log(Level.INFO, "MetaWeblog[methodName={0}]", methodName);
final JSONArray params = methodCall.getJSONObject("params").getJSONArray("param");
if (METHOD_DELETE_POST.equals(methodName)) {
params.remove(0); // Removes the first argument "appkey"
}
final String userEmail = params.getJSONObject(INDEX_USER_EMAIL).getJSONObject("value").optString("string");
final JSONObject user = userQueryService.getUserByEmailOrUserName(userEmail);
if (null == user) {
throw new Exception("No user [email=" + userEmail + "]");
}
final String userId = user.optString(Keys.OBJECT_ID);
final String userPwd = params.getJSONObject(INDEX_USER_PWD).getJSONObject("value").get("string").toString();
if (!user.getString(User.USER_PASSWORD).equals(DigestUtils.md5Hex(userPwd))) {
throw new Exception("Wrong password");
}
if (METHOD_GET_USERS_BLOGS.equals(methodName)) {
responseContent = getUsersBlogs();
} else if (METHOD_GET_CATEGORIES.equals(methodName)) {
responseContent = getCategories();
} else if (METHOD_GET_RECENT_POSTS.equals(methodName)) {
final int numOfPosts = params.getJSONObject(INDEX_NUM_OF_POSTS).getJSONObject("value").getInt("int");
responseContent = getRecentPosts(numOfPosts);
} else if (METHOD_NEW_POST.equals(methodName)) {
final JSONObject article = parsetPost(methodCall);
article.put(Article.ARTICLE_AUTHOR_ID, userId);
addArticle(article);
final StringBuilder stringBuilder = new StringBuilder("<?xml version=\"1.0\" encoding=\"UTF-8\"?><methodResponse>").append("<params><param><value><string>").append(article.getString(Keys.OBJECT_ID)).append(
"</string></value></param></params></methodResponse>");
responseContent = stringBuilder.toString();
} else if (METHOD_GET_POST.equals(methodName)) {
final String postId = params.getJSONObject(INDEX_POST_ID).getJSONObject("value").optString("string");
responseContent = getPost(postId);
} else if (METHOD_EDIT_POST.equals(methodName)) {
final JSONObject article = parsetPost(methodCall);
final String postId = params.getJSONObject(INDEX_POST_ID).getJSONObject("value").optString("string");
article.put(Keys.OBJECT_ID, postId);
article.put(Article.ARTICLE_AUTHOR_ID, userId);
final JSONObject updateArticleRequest = new JSONObject();
updateArticleRequest.put(Article.ARTICLE, article);
articleMgmtService.updateArticle(updateArticleRequest);
final StringBuilder stringBuilder = new StringBuilder("<?xml version=\"1.0\" encoding=\"UTF-8\"?><methodResponse>").append("<params><param><value><string>").append(postId).append(
"</string></value></param></params></methodResponse>");
responseContent = stringBuilder.toString();
} else if (METHOD_DELETE_POST.equals(methodName)) {
final String postId = params.getJSONObject(INDEX_POST_ID).getJSONObject("value").optString("string");
articleMgmtService.removeArticle(postId);
final StringBuilder stringBuilder = new StringBuilder("<?xml version=\"1.0\" encoding=\"UTF-8\"?><methodResponse>").append("<params><param><value><boolean>").append(true).append(
"</boolean></value></param></params></methodResponse>");
responseContent = stringBuilder.toString();
} else {
throw new UnsupportedOperationException("Unsupported method[name=" + methodName + "]");
}
} catch (final Exception e) {
LOGGER.log(Level.ERROR, e.getMessage(), e);
final StringBuilder stringBuilder = new StringBuilder("<?xml version=\"1.0\" encoding=\"UTF-8\"?><methodResponse>").append("<fault><value><struct>").append("<member><name>faultCode</name><value><int>500</int></value></member>").append("<member><name>faultString</name><value><string>").append(e.getMessage()).append(
"</string></value></member></struct></value></fault></methodResponse>");
responseContent = stringBuilder.toString();
}
renderer.setContent(responseContent);
}
/**
* Processes {@value #METHOD_GET_POST}.
*
* @param postId the specified post id
* @return method response XML
* @throws Exception exception
*/
private String getPost(final String postId) throws Exception {
final StringBuilder stringBuilder = new StringBuilder(
"<?xml version=\"1.0\" encoding=\"UTF-8\"?><methodResponse><params><param><value>");
final String posts = buildPost(postId);
stringBuilder.append(posts);
stringBuilder.append("</value></param></params></methodResponse>");
return stringBuilder.toString();
}
/**
* Adds the specified article.
*
* @param article the specified article
* @throws Exception exception
*/
private void addArticle(final JSONObject article) throws Exception {
final Transaction transaction = articleRepository.beginTransaction();
try {
articleMgmtService.addArticleInternal(article);
transaction.commit();
} catch (final ServiceException e) {
if (transaction.isActive()) {
transaction.rollback();
}
throw e;
}
}
/**
* Parses the specified method call for an article.
*
* @param methodCall the specified method call
* @return article
* @throws Exception exception
*/
private JSONObject parsetPost(final JSONObject methodCall) throws Exception {
final JSONObject ret = new JSONObject();
final JSONArray params = methodCall.getJSONObject("params").getJSONArray("param");
final JSONObject post = params.getJSONObject(INDEX_POST).getJSONObject("value").getJSONObject("struct");
final JSONArray members = post.getJSONArray("member");
for (int i = 0; i < members.length(); i++) {
final JSONObject member = members.getJSONObject(i);
final String name = member.getString("name");
if ("dateCreated".equals(name)) {
final String dateString = member.getJSONObject("value").getString("dateTime.iso8601");
Date date;
try {
date = (Date) DateFormatUtils.ISO_DATETIME_FORMAT.parseObject(dateString);
} catch (final ParseException e) {
LOGGER.log(Level.DEBUG,
"Parses article create date failed with ISO8601, retry to parse with "
+ "pattern[yyyy-MM-dd'T'HH:mm:ss, yyyyMMdd'T'HH:mm:ss'Z']");
date = DateUtils.parseDate(dateString, new String[]{"yyyyMMdd'T'HH:mm:ss", "yyyyMMdd'T'HH:mm:ss'Z'"});
}
ret.put(Article.ARTICLE_CREATED, date.getTime());
} else if ("title".equals(name)) {
ret.put(Article.ARTICLE_TITLE, member.getJSONObject("value").getString("string"));
} else if ("description".equals(name)) {
final String content = member.getJSONObject("value").optString("string");
ret.put(Article.ARTICLE_CONTENT, content);
ret.put(Article.ARTICLE_ABSTRACT, Article.getAbstract(Jsoup.parse(content).text()));
} else if ("categories".equals(name)) {
final StringBuilder tagBuilder = new StringBuilder();
final JSONObject data = member.getJSONObject("value").getJSONObject("array").getJSONObject("data");
if (0 == data.length()) {
throw new Exception("At least one Tag");
}
final Object value = data.get("value");
if (value instanceof JSONArray) {
final JSONArray tags = (JSONArray) value;
for (int j = 0; j < tags.length(); j++) {
final String tagTitle = tags.getJSONObject(j).optString("string");
tagBuilder.append(tagTitle);
if (j < tags.length() - 1) {
tagBuilder.append(",");
}
}
} else {
final JSONObject tag = (JSONObject) value;
tagBuilder.append(tag.getString("string"));
}
ret.put(Article.ARTICLE_TAGS_REF, tagBuilder.toString());
}
}
final boolean publish = 1 == params.getJSONObject(INDEX_PUBLISH).getJSONObject("value").getInt("boolean");
ret.put(Article.ARTICLE_IS_PUBLISHED, publish);
ret.put(Article.ARTICLE_COMMENTABLE, true);
ret.put(Article.ARTICLE_VIEW_PWD, "");
return ret;
}
/**
* Processes {@value #METHOD_GET_RECENT_POSTS}.
*
* @param fetchSize the specified fetch size
* @return method response XML
* @throws Exception exception
*/
private String getRecentPosts(final int fetchSize) throws Exception {
final StringBuilder stringBuilder = new StringBuilder(
"<?xml version=\"1.0\" encoding=\"UTF-8\"?><methodResponse><params><param><value><array><data>");
final String posts = buildRecentPosts(fetchSize);
stringBuilder.append(posts);
stringBuilder.append("</data></array></value></param></params></methodResponse>");
return stringBuilder.toString();
}
/**
* Processes {@value #METHOD_GET_CATEGORIES}.
*
* @return method response XML
* @throws Exception exception
*/
private String getCategories() throws Exception {
final StringBuilder stringBuilder = new StringBuilder(
"<?xml version=\"1.0\" encoding=\"UTF-8\"?><methodResponse><params><param><value><array><data>");
final String categories = buildCategories();
stringBuilder.append(categories);
stringBuilder.append("</data></array></value></param></params></methodResponse>");
return stringBuilder.toString();
}
/**
* Processes {@value #METHOD_GET_USERS_BLOGS}.
*
* @return method response XML
* @throws Exception exception
*/
private String getUsersBlogs() throws Exception {
final StringBuilder stringBuilder = new StringBuilder(
"<?xml version=\"1.0\" encoding=\"UTF-8\"?><methodResponse><params><param><value><array><data><value><struct>");
final JSONObject preference = preferenceQueryService.getPreference();
final String blogInfo = buildBlogInfo(preference);
stringBuilder.append(blogInfo);
stringBuilder.append("</struct></value></data></array></value></param></params></methodResponse>");
return stringBuilder.toString();
}
/**
* Builds a post (post struct) with the specified post id.
*
* @param postId the specified post id
* @return blog info XML
* @throws Exception exception
*/
private String buildPost(final String postId) throws Exception {
final StringBuilder stringBuilder = new StringBuilder();
final JSONObject result = articleQueryService.getArticle(postId);
if (null == result) {
throw new Exception("Not found article[id=" + postId + "]");
}
final JSONObject article = result.getJSONObject(Article.ARTICLE);
final long createDate = article.getLong(Article.ARTICLE_CREATED);
final String articleTitle = StringEscapeUtils.escapeXml(article.getString(Article.ARTICLE_TITLE));
stringBuilder.append("<struct>");
stringBuilder.append("<member><name>dateCreated</name>").append("<value><dateTime.iso8601>").append(DateFormatUtils.ISO_DATETIME_TIME_ZONE_FORMAT.format(createDate)).append(
"</dateTime.iso8601></value></member>");
stringBuilder.append("<member><name>description</name>").append("<value>").append(StringEscapeUtils.escapeXml(article.getString(Article.ARTICLE_CONTENT))).append(
"</value></member>");
stringBuilder.append("<member><name>title</name>").append("<value>").append(articleTitle).append("</value></member>");
stringBuilder.append("<member><name>categories</name>").append("<value><array><data>");
final JSONArray tags = article.getJSONArray(Article.ARTICLE_TAGS_REF);
for (int i = 0; i < tags.length(); i++) {
final String tagTitle = tags.getJSONObject(i).getString(Tag.TAG_TITLE);
stringBuilder.append("<value>").append(tagTitle).append("</value>");
}
stringBuilder.append("</data></array></value></member></struct>");
return stringBuilder.toString();
}
/**
* Builds recent posts (array of post structs) with the specified fetch size.
*
* @param fetchSize the specified fetch size
* @return blog info XML
* @throws Exception exception
*/
private String buildRecentPosts(final int fetchSize) throws Exception {
final StringBuilder stringBuilder = new StringBuilder();
final List<JSONObject> recentArticles = articleQueryService.getRecentArticles(fetchSize);
for (final JSONObject article : recentArticles) {
final long createDate = article.getLong(Article.ARTICLE_CREATED);
final String articleTitle = StringEscapeUtils.escapeXml(article.getString(Article.ARTICLE_TITLE));
stringBuilder.append("<value><struct>");
stringBuilder.append("<member><name>dateCreated</name>").append("<value><dateTime.iso8601>").append(DateFormatUtils.ISO_DATETIME_TIME_ZONE_FORMAT.format(createDate)).append(
"</dateTime.iso8601></value></member>");
stringBuilder.append("<member><name>description</name>").append("<value>").append(StringEscapeUtils.escapeXml(article.getString(Article.ARTICLE_CONTENT))).append(
"</value></member>");
stringBuilder.append("<member><name>title</name>").append("<value>").append(articleTitle).append("</value></member>");
stringBuilder.append("<member><name>postid</name>").append("<value>").append(article.getString(Keys.OBJECT_ID)).append(
"</value></member>");
stringBuilder.append("<member><name>categories</name>").append("<value><array><data>");
final String tagTitles = article.getString(Article.ARTICLE_TAGS_REF);
final String[] tagTitleArray = tagTitles.split(",");
for (int i = 0; i < tagTitleArray.length; i++) {
final String tagTitle = tagTitleArray[i];
stringBuilder.append("<value>").append(tagTitle).append("</value>");
}
stringBuilder.append("</data></array></value></member>");
stringBuilder.append("</struct></value>");
}
return stringBuilder.toString();
}
/**
* Builds categories (array of category info structs) with the specified preference.
*
* @return blog info XML
* @throws Exception exception
*/
private String buildCategories() throws Exception {
final StringBuilder stringBuilder = new StringBuilder();
final List<JSONObject> tags = tagQueryService.getTags();
for (final JSONObject tag : tags) {
final String tagTitle = StringEscapeUtils.escapeXml(tag.getString(Tag.TAG_TITLE));
final String tagId = tag.getString(Keys.OBJECT_ID);
stringBuilder.append("<value><struct>");
stringBuilder.append("<member><name>description</name>").append("<value>").append(tagTitle).append("</value></member>");
stringBuilder.append("<member><name>title</name>").append("<value>").append(tagTitle).append("</value></member>");
stringBuilder.append("<member><name>categoryid</name>").append("<value>").append(tagId).append("</value></member>");
stringBuilder.append("<member><name>htmlUrl</name>").append("<value>").append(Latkes.getServePath()).append("/tags/").append(tagTitle).append("</value></member>");
stringBuilder.append("</struct></value>");
}
return stringBuilder.toString();
}
/**
* Builds blog info struct with the specified preference.
*
* @param preference the specified preference
* @return blog info XML
* @throws JSONException json exception
*/
private String buildBlogInfo(final JSONObject preference) throws JSONException {
final String blogId = preference.getString(Option.ID_C_ADMIN_EMAIL);
final String blogTitle = StringEscapeUtils.escapeXml(preference.getString(Option.ID_C_BLOG_TITLE));
final StringBuilder stringBuilder = new StringBuilder("<member><name>blogid</name><value>").append(blogId).append(
"</value></member>");
stringBuilder.append("<member><name>url</name><value>").append(Latkes.getServePath()).append("</value></member>");
stringBuilder.append("<member><name>blogName</name><value>").append(blogTitle).append("</value></member>");
return stringBuilder.toString();
}
}
src/main/java/org/b3log/solo/service/InitService.java
View file @ f2ee84a0
......@@ -397,7 +397,6 @@ public class InitService {
* {
* "userName": "",
* "userEmail": "",
* "userPassowrd": "", // Unhashed
* "userAvatar": "" // optional
* }
* @throws Exception exception
......@@ -410,7 +409,6 @@ public class InitService {
admin.put(User.USER_EMAIL, requestJSONObject.getString(User.USER_EMAIL));
admin.put(User.USER_URL, Latkes.getServePath());
admin.put(User.USER_ROLE, Role.ADMIN_ROLE);
admin.put(User.USER_PASSWORD, DigestUtils.md5Hex(requestJSONObject.getString(User.USER_PASSWORD)));
String avatar = requestJSONObject.optString(UserExt.USER_AVATAR);
if (StringUtils.isBlank(avatar)) {
avatar = Solos.getGravatarURL(requestJSONObject.getString(User.USER_EMAIL), "128");
......
src/main/java/org/b3log/solo/service/UserMgmtService.java
View file @ f2ee84a0
......@@ -17,7 +17,6 @@
*/
package org.b3log.solo.service;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.b3log.latke.Keys;
import org.b3log.latke.Latkes;
......@@ -95,7 +94,6 @@ public class UserMgmtService {
* "oId": "",
* "userName": "",
* "userEmail": "",
* "userPassword": "", // Unhashed
* "userRole": "", // optional
* "userURL": "", // optional
* @throws ServiceException service exception
......@@ -129,14 +127,6 @@ public class UserMgmtService {
}
oldUser.put(User.USER_NAME, userName);
final String userPassword = requestJSONObject.optString(User.USER_PASSWORD);
final boolean maybeHashed = HASHED_PASSWORD_LENGTH == userPassword.length();
final String newHashedPassword = DigestUtils.md5Hex(userPassword);
final String oldHashedPassword = oldUser.optString(User.USER_PASSWORD);
if (!maybeHashed || (!oldHashedPassword.equals(userPassword) && !oldHashedPassword.equals(newHashedPassword))) {
oldUser.put(User.USER_PASSWORD, newHashedPassword);
}
final String userRole = requestJSONObject.optString(User.USER_ROLE);
if (StringUtils.isNotBlank(userRole)) {
oldUser.put(User.USER_ROLE, userRole);
......@@ -208,7 +198,6 @@ public class UserMgmtService {
* @param requestJSONObject the specified request json object, for example,
* "userName": "",
* "userEmail": "",
* "userPassword": "", // Unhashed
* "userURL": "", // optional, uses 'servePath' instead if not specified
* "userRole": "", // optional, uses {@value Role#DEFAULT_ROLE} instead if not specified
* "userAvatar": "" // optional, users generated gravatar url instead if not specified
......@@ -251,9 +240,6 @@ public class UserMgmtService {
}
user.put(User.USER_NAME, userName);
final String userPassword = requestJSONObject.optString(User.USER_PASSWORD);
user.put(User.USER_PASSWORD, DigestUtils.md5Hex(userPassword));
String userURL = requestJSONObject.optString(User.USER_URL);
if (StringUtils.isBlank(userURL)) {
userURL = Latkes.getServePath();
......
src/main/java/org/b3log/solo/util/Solos.java
View file @ f2ee84a0
......@@ -40,6 +40,7 @@ import org.b3log.solo.model.Common;
import org.b3log.solo.model.Option;
import org.b3log.solo.model.UserExt;
import org.b3log.solo.repository.UserRepository;
import org.b3log.solo.service.PreferenceQueryService;
import org.json.JSONArray;
import org.json.JSONObject;
......@@ -302,10 +303,13 @@ public final class Solos {
break;
}
final String userPassword = user.optString(User.USER_PASSWORD);
final String token = cookieJSONObject.optString(Keys.TOKEN);
final String hashPassword = StringUtils.substringBeforeLast(token, ":");
if (userPassword.equals(hashPassword)) {
final PreferenceQueryService preferenceQueryService = BeanManager.getInstance().getReference(PreferenceQueryService.class);
final JSONObject preference = preferenceQueryService.getPreference();
final String b3Key = preference.optString(Option.ID_C_KEY_OF_SOLO);
final String tokenVal = cookieJSONObject.optString(Keys.TOKEN);
final String token = StringUtils.substringBeforeLast(tokenVal, ":");
if (StringUtils.equals(b3Key, token)) {
login(user, response);
return user;
......@@ -327,22 +331,18 @@ public final class Solos {
* Logins the specified user from the specified request.
*
* @param response the specified response
* @param user the specified user, for example,
* {
* "userEmail": "",
* "userPassword": ""
* }
* @param user the specified user
*/
public static void login(final JSONObject user, final HttpServletResponse response) {
try {
final String userId = user.optString(Keys.OBJECT_ID);
final JSONObject cookieJSONObject = new JSONObject();
cookieJSONObject.put(Keys.OBJECT_ID, userId);
cookieJSONObject.put(User.USER_PASSWORD, user.optString(User.USER_PASSWORD));
final String random = RandomStringUtils.randomAlphanumeric(16);
cookieJSONObject.put(Keys.TOKEN, user.optString(User.USER_PASSWORD) + ":" + random);
final PreferenceQueryService preferenceQueryService = BeanManager.getInstance().getReference(PreferenceQueryService.class);
final JSONObject preference = preferenceQueryService.getPreference();
final String b3Key = preference.optString(Option.ID_C_KEY_OF_SOLO);
final String random = RandomStringUtils.randomAlphanumeric(8);
cookieJSONObject.put(Keys.TOKEN, b3Key + ":" + random);
final String cookieValue = Crypts.encryptByAES(cookieJSONObject.toString(), COOKIE_SECRET);
final Cookie cookie = new Cookie(COOKIE_NAME, cookieValue);
cookie.setPath("/");
......
src/main/resources/repository.json
View file @ f2ee84a0
{
"description": "Description of repository structures, for generation of the relational database table and persistence validation.",
"version": "3.2.1.3, Feb 6, 2019",
"version": "3.2.1.4, Feb 7, 2019",
"authors": [
"Liang Ding"
],
......@@ -125,7 +125,7 @@
"name": "commentContent",
"description": "评论内容",
"type": "String",
"length": 2000
"length": 2048
},
{
"name": "commentCreated",
......@@ -401,12 +401,6 @@
"type": "String",
"length": 255
},
{
"name": "userPassword",
"description": "用户密码,MD5",
"type": "String",
"length": 255
},
{
"name": "userRole",
"description": "用户角色,管理员:adminRole,普通用户:defaultRole,访客用户:visitorRole",
......
src/test/java/org/b3log/solo/AbstractTestCase.java
View file @ f2ee84a0
......@@ -27,7 +27,6 @@ import org.b3log.latke.repository.jdbc.util.Connections;
import org.b3log.latke.repository.jdbc.util.JdbcRepositories;
import org.b3log.latke.service.ServiceException;
import org.b3log.latke.util.Crypts;
import org.b3log.solo.processor.api.MetaWeblogAPI;
import org.b3log.solo.cache.*;
import org.b3log.solo.processor.MockDispatcherServlet;
import org.b3log.solo.repository.*;
......@@ -52,7 +51,7 @@ import java.util.Locale;
* Abstract test case.
*
* @author <a href="http://88250.b3log.org">Liang Ding</a>
* @version 3.0.0.0, Dec 5, 2018
* @version 3.0.0.1, Feb 7, 2019
* @since 2.9.7
*/
public abstract class AbstractTestCase {
......@@ -124,7 +123,6 @@ public abstract class AbstractTestCase {
final JSONObject requestJSONObject = new JSONObject();
requestJSONObject.put(User.USER_EMAIL, "test@gmail.com");
requestJSONObject.put(User.USER_NAME, "Admin");
requestJSONObject.put(User.USER_PASSWORD, "pass");
initService.init(requestJSONObject);
final UserQueryService userQueryService = getUserQueryService();
Assert.assertNotNull(userQueryService.getUserByEmailOrUserName("test@gmail.com"));
......@@ -141,9 +139,8 @@ public abstract class AbstractTestCase {
final String userId = adminUser.optString(Keys.OBJECT_ID);
final JSONObject cookieJSONObject = new JSONObject();
cookieJSONObject.put(Keys.OBJECT_ID, userId);
cookieJSONObject.put(User.USER_PASSWORD, adminUser.optString(User.USER_PASSWORD));
final String random = RandomStringUtils.randomAlphanumeric(16);
cookieJSONObject.put(Keys.TOKEN, adminUser.optString(User.USER_PASSWORD) + ":" + random);
cookieJSONObject.put(Keys.TOKEN, "pass:" + random);
final String cookieValue = Crypts.encryptByAES(cookieJSONObject.toString(), Solos.COOKIE_SECRET);
final Cookie cookie = new Cookie(Solos.COOKIE_NAME, cookieValue);
request.setCookies(new Cookie[]{cookie});
......@@ -487,9 +484,4 @@ public abstract class AbstractTestCase {
public OptionQueryService getOptionQueryService() {
return beanManager.getReference(OptionQueryService.class);
}
public MetaWeblogAPI getMetaWeblogAPI() {
return beanManager.getReference(MetaWeblogAPI.class);
}
}
src/test/java/org/b3log/solo/processor/MetaWeblogAPITestCase.java deleted 100644 → 0
View file @ d78e5dac
/*
* Solo - A small and beautiful blogging system written in Java.
* Copyright (c) 2010-2019, b3log.org & hacpai.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package org.b3log.solo.processor;
import org.apache.commons.lang.StringUtils;
import org.b3log.solo.AbstractTestCase;
import org.b3log.solo.MockHttpServletRequest;
import org.b3log.solo.MockHttpServletResponse;
import org.b3log.solo.processor.api.MetaWeblogAPI;
import org.testng.Assert;
import org.testng.annotations.Test;
import java.io.BufferedReader;
import java.io.StringReader;
/**
* {@link MetaWeblogAPI} test case.
*
* @author yugt
* @author <a href="http://88250.b3log.org">Liang Ding</a>
* @version 1.0.0.2, Oct 19, 2018
* @since 1.7.0
*/
@Test(suiteName = "api")
public class MetaWeblogAPITestCase extends AbstractTestCase {
/**
* Init.
*
* @throws Exception exception
*/
@Test
public void init() throws Exception {
super.init();
}
/**
* 手动构造rpc请求
*
* @throws Exception exception
*/
@Test(dependsOnMethods = "init")
public void metaWeblog() throws Exception {
final MockHttpServletRequest request = mockRequest();
request.setRequestURI("/apis/metaweblog");
request.setMethod("POST");
final StringBuilder sb = new StringBuilder();
sb.append("<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>")
.append("<methodCall>")
.append("<methodName>metaWeblog.newPost</methodName>")
.append("<params>")
.append("<param>")
.append("<value><int>11</int></value>")
.append("</param>")
.append("<param>")
.append("<value><string>test@gmail.com</string></value>")
.append("</param>")
.append("<param>")
.append("<value><string>pass</string></value>")
.append("</param>")
.append("<param>")
.append("<value>")
.append("<struct>")
.append("<member>")
.append("<name>dateCreated</name>")
.append("<value><dateTime.iso8601>20040503T17:30:08</dateTime.iso8601></value>")
.append("</member>")
.append("<member>")
.append("<name>title</name>")
.append("<value><string>title</string></value>")
.append("</member>")
.append("<member>")
.append("<name>description</name>")
.append("<value><string>description</string></value>")
.append("</member>")
.append("<member>")
.append("<name>categories</name>")
.append("<value>")
.append("<array>")
.append("<data>")
.append("<value>")
.append("<string>Solo</string>")
.append("</value>")
.append("</data>")
.append("</array>")
.append("</value>")
.append("</member>")
.append("</struct>")
.append("</value>")
.append("</param>")
.append("<param>")
.append("<value><boolean>1</boolean></value>")
.append("</param>")
.append("</params>")
.append("</methodCall>");
final BufferedReader reader = new BufferedReader(new StringReader(sb.toString()));
request.setReader(reader);
final MockHttpServletResponse response = mockResponse();
mockDispatcherServletService(request, response);
final String content = response.body();
// System.out.println("xxxxxcontent:" + content);
Assert.assertTrue(StringUtils.startsWith(content, "<?xml version=\"1.0\""));
}
/**
* 使用XmlRpcClient发送rpc请求
*
* @throws Exception exception
*/
// @Test(dependsOnMethods = "init")
// public void metaWeblog2() throws Exception {
// final MetaWeblogAPI metaWeblogAPI = getMetaWeblogAPI();
// metaWeblogAPI.metaWeblog(null,null,null);
//
// XmlRpcClientConfigImpl config = new XmlRpcClientConfigImpl();
// config.setServerURL(new URL("http://localhost:8080/solo/apis/metaweblog"));
// XmlRpcClient client = new XmlRpcClient();
// client.setConfig(config);
// Vector<Object> params= new Vector<Object>();
// params.add(1, 12);
// params.add(2, "gangtaoyu@gmail.com");
// params.add(3, "sky");
// params.add(4, new Struct());
// params.add(5, "publish");
// Integer result=(Integer)client.execute("metaWeblog.newPost",params);
//
// System.out.println(result);
//
//
// }
class Struct {
String title = "title";
String link = "link";
String description = "description";
String author = "author";
String[] category = {"category1", "category2"};
String comments = "comments";
String enclosure = "enclosure";
String guid = "guid";
String pubDate = "pubDate";
String source = "source";
}
}
src/test/java/org/b3log/solo/processor/console/UserConsoleTestCase.java
View file @ f2ee84a0
......@@ -64,7 +64,6 @@ public class UserConsoleTestCase extends AbstractTestCase {
final JSONObject requestJSON = new JSONObject();
requestJSON.put(User.USER_NAME, "D");
requestJSON.put(User.USER_EMAIL, "d@b3log.org");
requestJSON.put(User.USER_PASSWORD, "password");
final BufferedReader reader = new BufferedReader(new StringReader(requestJSON.toString()));
request.setReader(reader);
......
src/test/java/org/b3log/solo/repository/UserRepositoryImplTestCase.java
View file @ f2ee84a0
......@@ -52,7 +52,6 @@ public final class UserRepositoryImplTestCase extends AbstractTestCase {
final JSONObject another = new JSONObject();
another.put(User.USER_NAME, "test1");
another.put(User.USER_EMAIL, "test1@gmail.com");
another.put(User.USER_PASSWORD, "pass1");
another.put(User.USER_URL, "https://b3log.org");
another.put(User.USER_ROLE, Role.DEFAULT_ROLE);
another.put(UserExt.USER_AVATAR, "");
......@@ -66,7 +65,6 @@ public final class UserRepositoryImplTestCase extends AbstractTestCase {
JSONObject admin = new JSONObject();
admin.put(User.USER_NAME, "test");
admin.put(User.USER_EMAIL, "test@gmail.com");
admin.put(User.USER_PASSWORD, "pass");
admin.put(User.USER_URL, "https://b3log.org");
admin.put(User.USER_ROLE, Role.ADMIN_ROLE);
admin.put(UserExt.USER_AVATAR, "");
......@@ -92,6 +90,6 @@ public final class UserRepositoryImplTestCase extends AbstractTestCase {
final JSONObject found = userRepository.getByEmail("test1@gmail.com");
Assert.assertNotNull(found);
Assert.assertEquals(found.getString(User.USER_PASSWORD), "pass1");
Assert.assertEquals(found.getString(User.USER_EMAIL), "test1@gmail.com");
}
}
src/test/java/org/b3log/solo/service/UserMgmtServiceTestCase.java
View file @ f2ee84a0
......@@ -18,7 +18,6 @@
package org.b3log.solo.service;
import junit.framework.Assert;
import org.apache.commons.codec.digest.DigestUtils;
import org.b3log.latke.Keys;
import org.b3log.latke.model.Role;
import org.b3log.latke.model.User;
......@@ -50,7 +49,6 @@ public class UserMgmtServiceTestCase extends AbstractTestCase {
requestJSONObject.put(User.USER_NAME, "user1name");
requestJSONObject.put(User.USER_EMAIL, "test1@gmail.com");
requestJSONObject.put(User.USER_PASSWORD, "pass1");
final String id = userMgmtService.addUser(requestJSONObject);
Assert.assertNotNull(id);
......@@ -68,7 +66,6 @@ public class UserMgmtServiceTestCase extends AbstractTestCase {
JSONObject requestJSONObject = new JSONObject();
requestJSONObject.put(User.USER_NAME, "user2name");
requestJSONObject.put(User.USER_EMAIL, "test2@gmail.com");
requestJSONObject.put(User.USER_PASSWORD, "pass2");
requestJSONObject.put(User.USER_ROLE, Role.ADMIN_ROLE);
final String id = userMgmtService.addUser(requestJSONObject);
......@@ -81,17 +78,6 @@ public class UserMgmtServiceTestCase extends AbstractTestCase {
Assert.assertEquals(getUserQueryService().getUser(id).getJSONObject(
User.USER).getString(User.USER_NAME), "user2newname");
// Do not update password
requestJSONObject.put(Keys.OBJECT_ID, id);
requestJSONObject.put(User.USER_NAME, "user2name");
requestJSONObject.put(User.USER_EMAIL, "test2@gmail.com");
requestJSONObject.put(User.USER_PASSWORD, "pass2");
userMgmtService.updateUser(requestJSONObject);
Assert.assertEquals(getUserQueryService().getUser(id).getJSONObject(
User.USER).getString(User.USER_PASSWORD), DigestUtils.md5Hex("pass2"));
}
/**
......@@ -106,7 +92,6 @@ public class UserMgmtServiceTestCase extends AbstractTestCase {
final JSONObject requestJSONObject = new JSONObject();
requestJSONObject.put(User.USER_NAME, "user1 name");
requestJSONObject.put(User.USER_EMAIL, "test1@gmail.com");
requestJSONObject.put(User.USER_PASSWORD, "pass1");
try {
final String id = userMgmtService.addUser(requestJSONObject);
......
src/test/java/org/b3log/solo/service/UserQueryServiceTestCase.java
View file @ f2ee84a0
......@@ -48,7 +48,6 @@ public class UserQueryServiceTestCase extends AbstractTestCase {
requestJSONObject.put(User.USER_NAME, "user1name");
requestJSONObject.put(User.USER_EMAIL, "test1@gmail.com");
requestJSONObject.put(User.USER_PASSWORD, "pass1");
final String id = userMgmtService.addUser(requestJSONObject);
Assert.assertNotNull(id);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment