From 4532fa3659a4937d19b2e98621a1984629839ed7 Mon Sep 17 00:00:00 2001
From: Alex Karpovich <aliaksandr_karpovich@epam.com>
Date: Tue, 19 Mar 2024 13:27:24 +0300
Subject: [PATCH] [*] Generate random passwords, if not specified

---
 .../SettingsAuthorizationProvider.java        | 29 ++++++++++++++++++-
 .../src/main/resources/application.yaml       |  7 ++---
 2 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/java/ws-server/src/main/java/com/epam/deltix/tbwg/webapp/services/authorization/SettingsAuthorizationProvider.java b/java/ws-server/src/main/java/com/epam/deltix/tbwg/webapp/services/authorization/SettingsAuthorizationProvider.java
index ee6e916..1a06130 100644
--- a/java/ws-server/src/main/java/com/epam/deltix/tbwg/webapp/services/authorization/SettingsAuthorizationProvider.java
+++ b/java/ws-server/src/main/java/com/epam/deltix/tbwg/webapp/services/authorization/SettingsAuthorizationProvider.java
@@ -27,14 +27,17 @@
 import com.epam.deltix.tbwg.webapp.settings.AuthoritiesSettings;
 import com.epam.deltix.tbwg.webapp.settings.ProviderType;
 import com.epam.deltix.tbwg.webapp.settings.SecurityOauth2ProviderSettings;
+import io.netty.util.internal.StringUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Random;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 import java.util.stream.Collectors;
@@ -42,6 +45,22 @@
 @Service
 @ConditionalOnProperty(value = "security.authorization.source", havingValue = "CONFIG", matchIfMissing = true)
 public class SettingsAuthorizationProvider implements AuthoritiesProvider, UsersProvider, ApiKeyInfoProvider {
+
+    private final Random rnd = new Random();
+
+    private char nextCharAlphaNumeric() {
+        return (char) (0x30 + rnd.nextInt(0x5A - 0x30 + 1));
+    }
+
+    private String getRandomAlphaNumeric(int size) {
+        StringBuilder sb = new StringBuilder(size);
+        for (int i = 0; i < size; i++) {
+            sb.append(nextCharAlphaNumeric());
+        }
+
+        return sb.toString();
+    }
+
     private static final Log LOGGER = LogFactory.getLog(SettingsAuthorizationProvider.class);
 
     private final ConcurrentMap<String, TbwgUser> users = new ConcurrentHashMap<>();
@@ -54,14 +73,22 @@ public SettingsAuthorizationProvider(SecurityOauth2ProviderSettings providerSett
                                          MangleService mangleService)
     {
         List<UserDto> usersList = settings.getUsers();
+
         if (usersList != null) {
             ProviderType providerType = providerSettings.getProviderType();
             usersList.forEach(user -> {
+
+                String pass = user.getPassword();
+                if (providerType == ProviderType.BUILT_IN_OAUTH && StringUtil.isNullOrEmpty(user.getPassword())) {
+                    pass = getRandomAlphaNumeric(16);
+                    new BCryptPasswordEncoder().encode(pass);
+                    LOGGER.warn("Generating random password for user (%s): %s").with(user.getUsername()).with(pass);
+                }
                 users.put(
                     user.getUsername(),
                     new TbwgUser(
                         user.getUsername(),
-                        providerType == ProviderType.BUILT_IN_OAUTH ? user.getPassword() : "",
+                        providerType == ProviderType.BUILT_IN_OAUTH ? pass : "",
                         buildAuthorities(user.getAuthorities())
                     )
                 );
diff --git a/java/ws-server/src/main/resources/application.yaml b/java/ws-server/src/main/resources/application.yaml
index b359353..970ea4a 100644
--- a/java/ws-server/src/main/resources/application.yaml
+++ b/java/ws-server/src/main/resources/application.yaml
@@ -48,14 +48,11 @@ security:
       - refresh_token
     users:
       - username: admin
-        password: $2a$10$7M3W5JMk1wggimrbVegxWeeasqjrZUjNEiZTpMSYdId92409D2TSq
+#        password: $2a$10$7M3W5JMk1wggimrbVegxWeeasqjrZUjNEiZTpMSYdId92409D2TSq
         authorities: [TB_ALLOW_READ, TB_ALLOW_WRITE]
       - username: reader
-        password: $2a$10$7M3W5JMk1wggimrbVegxWeeasqjrZUjNEiZTpMSYdId92409D2TSq
+#        password: $2a$10$7M3W5JMk1wggimrbVegxWeeasqjrZUjNEiZTpMSYdId92409D2TSq
         authorities: [ TB_ALLOW_READ]
-      - username: test
-        password: $2a$10$3PL6X1Gn8VjRy4r0od9NLeZrO2YWpUjzozv3jOxU0/RMjsElzPQdu
-        authorities: [TB_ALLOW_READ, TB_ALLOW_WRITE]
     scopes:
       - trust
     accessTokenValiditySeconds: 300 # 5 min