Skip to content

Commit

Permalink
Fix secure key generation
Browse files Browse the repository at this point in the history
  • Loading branch information
@ElPicador
ElPicador committed Jul 6, 2016
1 parent cd3131d commit 8ea3584
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 6 deletions.
7 changes: 5 additions & 2 deletions algoliasearch-common/src/main/java/com/algolia/search/APIClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@
import com.algolia.search.responses.*;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import com.google.common.io.BaseEncoding;

import javax.annotation.Nonnull;
import javax.crypto.Mac;
Expand Down Expand Up @@ -52,7 +51,11 @@ private static String hmac(String key, String msg) throws AlgoliaException {
throw new AlgoliaException("Can not init HmacSHA256 algorithm", e);
}
byte[] rawHmac = hmac.doFinal(msg.getBytes());
return BaseEncoding.base32Hex().encode(rawHmac);
StringBuilder sb = new StringBuilder(rawHmac.length * 2);
for (byte b : rawHmac) {
sb.append(String.format("%02x", b & 0xff));
}
return sb.toString();
}

/**
Expand Down
14 changes: 10 additions & 4 deletions algoliasearch-common/src/main/java/com/algolia/search/objects/Query.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ public class Query {
private String numericFilters;

/* CATEGORY SEARCH PARAMETER */
private String tagsFilters;
private String tagFilters;

/* DISTINCT PARAMETER */
private Integer distinct;
Expand Down Expand Up @@ -130,7 +130,7 @@ public Map<String, String> toQueryParam() {
builder = add(builder, "numericFilters", numericFilters);

/* CATEGORY SEARCH PARAMETER */
builder = add(builder, "tagsFilters", tagsFilters);
builder = add(builder, "tagFilters", tagFilters);

/* DISTINCT PARAMETER */
builder = add(builder, "distinct", distinct);
Expand Down Expand Up @@ -210,14 +210,20 @@ private ImmutableMap.Builder<String, String> add(ImmutableMap.Builder<String, St

public String toParam() {
StringBuilder builder = new StringBuilder();
boolean firstOne = true;
for (Map.Entry<String, String> entry : toQueryParam().entrySet()) {
try {
if(!firstOne) {
builder = builder.append("&");
}

builder = builder
.append(entry.getKey())
.append("=")
.append(URLEncoder.encode(entry.getValue(), "UTF-8"));
} catch (UnsupportedEncodingException ignore) {
}
firstOne = false;
}

return builder.toString();
Expand Down Expand Up @@ -378,8 +384,8 @@ public Query setNumericFilters(String numericFilters) {
return this;
}

public Query setTagsFilters(String tagsFilters) {
this.tagsFilters = tagsFilters;
public Query setTagFilters(String tagFilters) {
this.tagFilters = tagFilters;
return this;
}

Expand Down
32 changes: 32 additions & 0 deletions algoliasearch-common/src/test/java/com/algolia/search/APIClientTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
package com.algolia.search;

import com.algolia.search.exceptions.AlgoliaException;
import com.algolia.search.http.AlgoliaHttpClient;
import com.algolia.search.objects.Query;
import org.junit.Before;
import org.junit.Test;

import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;

public class APIClientTest {

private APIClient client;

@Before
public void before() {
client = new APIClient(mock(AlgoliaHttpClient.class), mock(APIClientConfiguration.class));
}

@Test
public void secureKeys() throws AlgoliaException {
assertThat(
client.generateSecuredApiKey("182634d8894831d5dbce3b3185c50881", new Query().setTagFilters("(public,user1)"))
).isEqualTo("MDZkNWNjNDY4M2MzMDA0NmUyNmNkZjY5OTMzYjVlNmVlMTk1NTEwMGNmNTVjZmJhMmIwOTIzYjdjMTk2NTFiMnRhZ0ZpbHRlcnM9JTI4cHVibGljJTJDdXNlcjElMjk=");

assertThat(
client.generateSecuredApiKey("182634d8894831d5dbce3b3185c50881", new Query().setTagFilters("(public,user1)").setUserToken("42"))
).isEqualTo("OGYwN2NlNTdlOGM2ZmM4MjA5NGM0ZmYwNTk3MDBkNzMzZjQ0MDI3MWZjNTNjM2Y3YTAzMWM4NTBkMzRiNTM5YnRhZ0ZpbHRlcnM9JTI4cHVibGljJTJDdXNlcjElMjkmdXNlclRva2VuPTQy");
}

}
6 changes: 6 additions & 0 deletions algoliasearch-common/src/test/java/com/algolia/search/objects/QueryTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,10 @@ public void queryWithUTF8() {
Query query = new Query("鮄");
assertThat(query.toParam()).isEqualTo("query=%C3%A9%C2%AE%E2%80%9E");
}

@Test
public void queryWithMultipleParams() {
Query query = new Query("鮄").setTagFilters("(attribute)");
assertThat(query.toParam()).isEqualTo("query=%C3%A9%C2%AE%E2%80%9E&tagFilters=%28attribute%29");
}
}

0 comments on commit 8ea3584

Please sign in to comment.