From 7a344efde9003d7917ce0b95b60a1714c30c53f4 Mon Sep 17 00:00:00 2001 From: Jim Ewald Date: Tue, 22 Feb 2022 10:28:34 -0800 Subject: [PATCH] Updates to offline BP. Disables account and project creation. --- README.md | 10 + pom.xml | 5 +- .../server/blocklyprop/jsp/Properties.java | 39 ++-- .../services/impl/SecurityServiceImpl.java | 174 +++++++++--------- .../utils/HttpServletRequestImpl.java | 13 +- .../translations.properties | 22 +-- src/main/webapp/WEB-INF/includes/include.jsp | 10 +- src/main/webapp/WEB-INF/locale.tld | 4 +- src/main/webapp/WEB-INF/properties.tld | 1 + src/main/webapp/login.jsp | 7 +- src/main/webapp/projectcreate.jsp | 6 +- 11 files changed, 154 insertions(+), 137 deletions(-) diff --git a/README.md b/README.md index 8377052b..33327cf4 100644 --- a/README.md +++ b/README.md @@ -94,3 +94,13 @@ Example projects 9. Musical Instrument control of something 10. RF tilt video game controller ( mx2125 ) 11. Light sensor + + +zefi@mac-2272 cs-server % catalina run +Using CATALINA_BASE: /usr/local/Cellar/tomcat/9.0.38/libexec +Using CATALINA_HOME: /usr/local/Cellar/tomcat/9.0.38/libexec +Using CATALINA_TMPDIR: /usr/local/Cellar/tomcat/9.0.38/libexec/temp +Using JRE_HOME: /usr/local/opt/openjdk +Using CLASSPATH: /usr/local/Cellar/tomcat/9.0.38/libexec/bin/bootstrap.jar:/usr/local/Cellar/tomcat/9.0.38/libexec/bin/tomcat-juli.jar +Using CATALINA_OPTS: +NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED diff --git a/pom.xml b/pom.xml index 8bb8da6a..15b28152 100644 --- a/pom.xml +++ b/pom.xml @@ -18,9 +18,12 @@ 3.7.4 2.8.5 - 1.5.0 + 1.6.0 3.1.0 1.19 + http://localhost:8080/manager/text + admin + admin diff --git a/src/main/java/com/parallax/server/blocklyprop/jsp/Properties.java b/src/main/java/com/parallax/server/blocklyprop/jsp/Properties.java index 39460a5a..b59d4230 100644 --- a/src/main/java/com/parallax/server/blocklyprop/jsp/Properties.java +++ b/src/main/java/com/parallax/server/blocklyprop/jsp/Properties.java @@ -49,13 +49,12 @@ public static Configuration getConfiguration() { *

* This method supports the "offline" mode which assumes that there is * no Internet connectivity available. - * - * @param file * - * @return + * @param file - Find a file + * @return string */ public static String getDownloadFilesBaseUrl(String file) { - if (configuration.getBoolean("offline.enabled") == true) { + if (configuration.getBoolean("offline.enabled")) { return configuration.getString("offline.downloadfiles.baseurl") + (file.startsWith("/") ? "" : "/") + file; } else { return configuration.getString("downloadfiles.baseurl") + (file.startsWith("/") ? "" : "/") + file; @@ -64,15 +63,15 @@ public static String getDownloadFilesBaseUrl(String file) { public static boolean isOauthEnabled(String oauthProvider) { // Disable Oauth if we are running offline - if (configuration.getBoolean("offline.enabled") == true) { - return false; + if (configuration.getBoolean("offline.enabled")) { + return false; } else { return configuration.getBoolean("oauth." + oauthProvider + ".enabled", true); } } - + // - + /** * Obtain the state of experimental menu items. *

@@ -81,25 +80,25 @@ public static boolean isOauthEnabled(String oauthProvider) { * contained in the application properties file will trigger the menu * system to expose experimental menu items. If this option is off or * missing, the experimental menu items will be disabled. - * - * @param state - * @return + * + * @param state - True if experimental menu is enabled + * @return boolean */ public static boolean isExperimentalMenu(Boolean state) { try { - if (configuration.getBoolean("experimental.menu") == true) { + if (state && configuration.getBoolean("experimental.menu")) { return true; } } catch (java.util.NoSuchElementException ex) { return false; } - + return false; } public static boolean isCoppaRestricted() { LoggerFactory.getLogger(Properties.class).info("Checking for COPPA restrictions"); - + // Get the current user context User user = BlocklyPropSecurityUtils.getUserInfo(); LoggerFactory.getLogger(Properties.class).info("Completed call to getUserInfo()"); @@ -110,12 +109,12 @@ public static boolean isCoppaRestricted() { LoggerFactory.getLogger(Properties.class).info("Anonymous user. No COPPA restrictions"); return false; } - -// LoggerFactory.getLogger(Properties.class).info("User screen name is: {}.", user.getScreenname()); -// LoggerFactory.getLogger(Properties.class).info("User COPPA requirement: {}.", user.isCoppaEligible()); -// LoggerFactory.getLogger(Properties.class).info("User COPPA month: {}.", user.getBirthMonth()); -// LoggerFactory.getLogger(Properties.class).info("User COPPA year: {}.", user.getBirthYear()); - + + LoggerFactory.getLogger(Properties.class).info("User screen name is: {}.", user.getScreenname()); + LoggerFactory.getLogger(Properties.class).info("User COPPA requirement: {}.", user.isCoppaEligible()); + LoggerFactory.getLogger(Properties.class).info("User COPPA month: {}.", user.getBirthMonth()); + LoggerFactory.getLogger(Properties.class).info("User COPPA year: {}.", user.getBirthYear()); + return user.isCoppaEligible(); } } diff --git a/src/main/java/com/parallax/server/blocklyprop/services/impl/SecurityServiceImpl.java b/src/main/java/com/parallax/server/blocklyprop/services/impl/SecurityServiceImpl.java index 04a34c5d..ac2d835e 100644 --- a/src/main/java/com/parallax/server/blocklyprop/services/impl/SecurityServiceImpl.java +++ b/src/main/java/com/parallax/server/blocklyprop/services/impl/SecurityServiceImpl.java @@ -21,46 +21,35 @@ package com.parallax.server.blocklyprop.services.impl; +import com.google.common.base.Preconditions; +import com.google.common.base.Strings; +import com.google.inject.Inject; +import com.google.inject.Provider; +import com.google.inject.Singleton; +import com.google.inject.persist.Transactional; import com.parallax.client.cloudsession.CloudSessionAuthenticateService; import com.parallax.client.cloudsession.CloudSessionRegisterService; import com.parallax.client.cloudsession.CloudSessionUserService; +import com.parallax.client.cloudsession.exceptions.*; import com.parallax.client.cloudsession.objects.User; -import com.parallax.client.cloudsession.exceptions.EmailNotConfirmedException; -import com.parallax.client.cloudsession.exceptions.InsufficientBucketTokensException; -import com.parallax.client.cloudsession.exceptions.NonUniqueEmailException; -import com.parallax.client.cloudsession.exceptions.PasswordComplexityException; -import com.parallax.client.cloudsession.exceptions.PasswordVerifyException; -import com.parallax.client.cloudsession.exceptions.ScreennameUsedException; -import com.parallax.client.cloudsession.exceptions.ServerException; -import com.parallax.client.cloudsession.exceptions.UnknownUserException; -import com.parallax.client.cloudsession.exceptions.UnknownUserIdException; -import com.parallax.client.cloudsession.exceptions.UserBlockedException; -import com.parallax.client.cloudsession.exceptions.WrongAuthenticationSourceException; import com.parallax.server.blocklyprop.SessionData; -import com.parallax.server.blocklyprop.services.SecurityService; -import com.parallax.server.blocklyprop.services.SessionService; import com.parallax.server.blocklyprop.db.dao.UserDao; import com.parallax.server.blocklyprop.db.generated.tables.records.UserRecord; - -import com.google.common.base.Preconditions; -import com.google.common.base.Strings; -import com.google.inject.Inject; -import com.google.inject.Provider; -import com.google.inject.Singleton; -import com.google.inject.persist.Transactional; -import java.util.Calendar; - - +import com.parallax.server.blocklyprop.services.SecurityService; +import com.parallax.server.blocklyprop.services.SessionService; import org.apache.commons.configuration.Configuration; import org.apache.commons.validator.routines.EmailValidator; import org.apache.shiro.SecurityUtils; -// import org.apache.shiro.session.Session; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.util.Calendar; + +// import org.apache.shiro.session.Session; + /** * User security services - * + * * @author Michel */ @Singleton @@ -114,9 +103,9 @@ public SecurityServiceImpl() { // // TODO: Correct the 'this' construct in the constructor // - // Notes from: https://www.securecoding.cert.org/confluence/display/java/TSM01-J.+Do+not+let+the+this+reference+escape+during+object+construction + // Notes from: https://www.securecoding.cert.org/confluence/display/java/TSM01-J.+Do+not+let+the+this+reference+escape+during+object+construction // - // Publishing by assigning this to a public static variable from the + // Publishing by assigning this to a public static variable from the // constructor of a class whose object is being constructed. //------------------------------------------------------------------- instance = this; @@ -125,10 +114,10 @@ public SecurityServiceImpl() { /** * Implements the Providers setSessionDataProvider interface - * + * * This is a callback used by the Shiro package to provide a connection * between the application and the Shiro session management services. - * + * * @param sessionDataProvider * is a class that models the session data * @@ -141,7 +130,7 @@ public void setSessionDataProvider(Provider sessionDataProvider) { /** * Set the session's user database object in the blocklyprop system. - * + * * @param userDao * is the DAO interface to User data instance store */ @@ -153,7 +142,7 @@ public void setUserDao(UserDao userDao) { /** * Configure cloud session service endpoints - * + * * @param configuration * A application configuration object */ @@ -166,14 +155,14 @@ public void setConfiguration(Configuration configuration) { // Set the source for the cloud session registration services registerService = new CloudSessionRegisterService( - configuration.getString("cloudsession.server"), + configuration.getString("cloudsession.server"), configuration.getString("cloudsession.baseurl")); - + // Set the source for cloud session user authentication services authenticateService = new CloudSessionAuthenticateService( - configuration.getString("cloudsession.server"), + configuration.getString("cloudsession.server"), configuration.getString("cloudsession.baseurl")); - + // Set the source location for cloud session existing local user // account services userService = new CloudSessionUserService( @@ -183,13 +172,13 @@ public void setConfiguration(Configuration configuration) { /** * Validate new user data and create a new user account - * + * * Details: * If the request passes all validity tests, create a user account - * in the cloud session system. If that account is created successfully, + * in the cloud session system. If that account is created successfully, * create a user record in the blocklyprop system from data stored in * the cloud session user record. - * + * * @param screenname String user screen name * @param email String user email address * @param password String user password @@ -218,17 +207,17 @@ public void setConfiguration(Configuration configuration) { */ @Override public Long register( - String screenname, - String email, - String password, + String screenname, + String email, + String password, String passwordConfirm, int birthMonth, int birthYear, String parentEmail, - int parentEmailSource) throws - NonUniqueEmailException, - PasswordVerifyException, - PasswordComplexityException, + int parentEmailSource) throws + NonUniqueEmailException, + PasswordVerifyException, + PasswordComplexityException, ScreennameUsedException, IllegalStateException{ @@ -288,22 +277,22 @@ public Long register( try { LOG.info("Registering user account with cloud-service"); Long idCloudSessionUser = registerService.registerUser( - email, - password, - passwordConfirm, - "en", + email, + password, + passwordConfirm, + "en", screenname, - birthMonth, - birthYear, - parentEmail, + birthMonth, + birthYear, + parentEmail, parentEmailSource); - + // Create a BlocklyProp user account record if (idCloudSessionUser > 0) { LOG.info("Creating matching blocklyprop user record for {}", screenname); userDao.create(idCloudSessionUser, screenname); } - + return idCloudSessionUser; } catch (ServerException se) { @@ -319,7 +308,7 @@ public Long register( /** * Get instance of an authenticated user object - * + * * @param email * @param password * @return Authenticated User object or null @@ -327,16 +316,16 @@ public Long register( * @throws UserBlockedException * @throws EmailNotConfirmedException * @throws InsufficientBucketTokensException - * @throws WrongAuthenticationSourceException + * @throws WrongAuthenticationSourceException */ @Inject public static User authenticateLocalUserStatic( - String email, + String email, String password) throws - UnknownUserException, - UserBlockedException, - EmailNotConfirmedException, - InsufficientBucketTokensException, + UnknownUserException, + UserBlockedException, + EmailNotConfirmedException, + InsufficientBucketTokensException, WrongAuthenticationSourceException, ServerException { @@ -347,20 +336,20 @@ public static User authenticateLocalUserStatic( /** * Get an instance of an authenticated user object - * + * * @param idUser - * + * * @return * @throws UnknownUserIdException * @throws UserBlockedException - * @throws EmailNotConfirmedException + * @throws EmailNotConfirmedException */ @Inject - public static User authenticateLocalUserStatic(Long idUser) throws - UnknownUserIdException, - UserBlockedException, + public static User authenticateLocalUserStatic(Long idUser) throws + UnknownUserIdException, + UserBlockedException, EmailNotConfirmedException { - + LOG.info("Authenticating user from userID"); return instance.authenticateLocalUser(idUser); } @@ -382,13 +371,13 @@ public static User authenticateLocalUserStatic(Long idUser) throws @Override public User authenticateLocalUser(String email, String password) throws UnknownUserException, - UserBlockedException, - EmailNotConfirmedException, - InsufficientBucketTokensException, + UserBlockedException, + EmailNotConfirmedException, + InsufficientBucketTokensException, WrongAuthenticationSourceException, NullPointerException, ServerException { - + try { LOG.info("Attempting to authenticate {}", email); @@ -426,7 +415,7 @@ public User authenticateLocalUser(String email, String password) throws } /** - * + * * @param idUser * This is the primary key from the cloudsession.user table. * @@ -442,9 +431,9 @@ public User authenticateLocalUser(String email, String password) throws * @throws EmailNotConfirmedException * User account registration is incomplete. The account is unavailable. */ - public User authenticateLocalUser(Long idUser) throws - UnknownUserIdException, - UserBlockedException, + public User authenticateLocalUser(Long idUser) throws + UnknownUserIdException, + UserBlockedException, EmailNotConfirmedException { // FixMe: UserBlockledException is never thrown in client.cloudsession. @@ -465,7 +454,7 @@ public User authenticateLocalUser(Long idUser) throws /** * Return user session data - * + * * @return SessionData object containing user session details or null * * @implNote @@ -487,21 +476,21 @@ public static SessionData getSessionData() { // Check for a BP user id if (sessionData.getIdUser() == null) { LOG.debug("No user ID is associated with the current session"); - + // No BP user id found, is the user in this session authenticated? if (SecurityUtils.getSubject().isAuthenticated()) { - + // The user identified by this session is authenticated. Perform // a fun exercise to locate the BP user id for this authenticated // user. LOG.debug("Obtaining session data for authenticated user"); - + try { // Getting a user record using the account email address String principal = (String) SecurityUtils.getSubject().getPrincipal(); // Display the user's email address LOG.debug("Principal is: {}", principal ); - + // Get the user account/profile record String emailAddress = (String) SecurityUtils.getSubject().getPrincipal(); LOG.debug("Getting user profile for {}", emailAddress); @@ -522,7 +511,7 @@ public static SessionData getSessionData() { if (!Strings.isNullOrEmpty(sessionData.getLocale())) { if (!sessionData.getLocale().equals(user.getLocale())) { try { - // User locale changed. Let's update the user + // User locale changed. Let's update the user // account with new locale LOG.debug("Changing user {} locale", user.getScreenname()); user = instance.userService.changeUserLocale( @@ -556,14 +545,19 @@ public static SessionData getSessionData() { // Verify that the screen name matches in both databases - if (! bpUser.getScreenname().equals(user.getScreenname())) { - LOG.info("Updating bp screen name from {} to {}", - bpUser.getScreenname(), - user.getScreenname()); - - instance.userDao.updateScreenName( - bpUser.getId(), - user.getScreenname()); + String screenName = bpUser.getScreenname(); + if (screenName != null) { + if (!screenName.equals(user.getScreenname())) { + LOG.info("Updating bp screen name from {} to {}", + bpUser.getScreenname(), + user.getScreenname()); + + instance.userDao.updateScreenName( + bpUser.getId(), + user.getScreenname()); + } + } else { + LOG.info("User screen name is undefined!"); } }else{ LOG.warn("Warning! Setting BP user id to zero"); diff --git a/src/main/java/com/parallax/server/blocklyprop/utils/HttpServletRequestImpl.java b/src/main/java/com/parallax/server/blocklyprop/utils/HttpServletRequestImpl.java index 7255be5e..956c9a98 100644 --- a/src/main/java/com/parallax/server/blocklyprop/utils/HttpServletRequestImpl.java +++ b/src/main/java/com/parallax/server/blocklyprop/utils/HttpServletRequestImpl.java @@ -5,6 +5,11 @@ */ package com.parallax.server.blocklyprop.utils; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletInputStream; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; import java.io.BufferedReader; import java.io.IOException; import java.io.UnsupportedEncodingException; @@ -12,12 +17,6 @@ import java.util.Enumeration; import java.util.Locale; import java.util.Map; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletInputStream; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; - /** * * @author Michel @@ -153,7 +152,7 @@ public boolean isRequestedSessionIdFromURL() { } /* - * Depricated as of Java Servlet API version 2.1 + * Deprecated as of Java Servlet API version 2.1 */ @Override public boolean isRequestedSessionIdFromUrl() { diff --git a/src/main/resources/com/parallax/server/blocklyprop/internationalization/translations.properties b/src/main/resources/com/parallax/server/blocklyprop/internationalization/translations.properties index 457923ee..3d93d9d5 100644 --- a/src/main/resources/com/parallax/server/blocklyprop/internationalization/translations.properties +++ b/src/main/resources/com/parallax/server/blocklyprop/internationalization/translations.properties @@ -4,8 +4,8 @@ # Application version numbers. application.major = 1 -application.minor = 3 -application.build = 503 +application.minor = 4 +application.build = 504 logout = Logout @@ -19,11 +19,11 @@ menu.login_and_register = Login/Register menu.my_projects = My projects menu.community_projects = Community projects menu.profile = Profile -menu.public-profile = Public profile +# menu.public-profile = Public profile menu.help = Help menu.newproject.title = New project -menu.newproject.spin = Scribbler Robot -menu.newproject.c = Propeller C +# menu.newproject.spin = Scribbler Robot +# menu.newproject.c = Propeller C menu.privacy = Privacy Policy footer.licenselink = License @@ -39,7 +39,7 @@ clientdownload.client.macos.installer = MacOS client installer clientdownload.client.windows32.installer = Windows 7/8/8.1/10 (32-bit) client installer clientdownload.client.windows64.installer = Windows 7/8/8.1/10 (64-bit) client installer clientdownload.client.chromeos.installer = Add to Chrome -clientdownload.client.chromeos.alreadyinstalled = BlocklyProp Launcher is already installed. Make sure it is open and running. +# clientdownload.client.chromeos.alreadyinstalled = BlocklyProp Launcher is already installed. Make sure it is open and running. help.title = Help help.not-found = Help file not found @@ -53,10 +53,10 @@ help.search = Search help.search.submit = Search home.latest_projects.title = Latest projects -home.c_project.title = C Project -home.c_project.newlink = New -home.spin_project.title = S3 Robot Project -home.spin_project.newlink = New +# home.c_project.title = C Project +# home.c_project.newlink = New +# home.spin_project.title = S3 Robot Project +# home.spin_project.newlink = New oauth.new-user = New user oauth.new-user.screenname = Screen Name @@ -104,8 +104,6 @@ project.table.description = Description project.table.board = Board project.table.user = User project.changed = Project changes have been saved -project.created = Created -project.modified = Modified project.create.title = New project project.create.basic = Basic info diff --git a/src/main/webapp/WEB-INF/includes/include.jsp b/src/main/webapp/WEB-INF/includes/include.jsp index 7823374c..04fb2d0f 100644 --- a/src/main/webapp/WEB-INF/includes/include.jsp +++ b/src/main/webapp/WEB-INF/includes/include.jsp @@ -23,6 +23,10 @@ Document : include Created on : 24-mei-2015, 18:42:01 Author : Michel + + Notes : The element in the TLD is a unique name for the tag library. That’s it. It + does NOT need to represent any actual location (path or URL, for example). It simply + has to be a name—the same name you use in the taglib directive. --%> <%-- <%@ page import="org.apache.shiro.SecurityUtils" %> --%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> @@ -31,10 +35,14 @@ <%@ taglib prefix="properties" uri="http://blocklyprop.parallax.com/properties" %> <%@ taglib prefix="locale" uri="http://blocklyprop.parallax.com/locale" %> <%@ taglib prefix="url" uri="http://blocklyprop.parallax.com/url" %> + +<%-- +--%> + - \ No newline at end of file + diff --git a/src/main/webapp/WEB-INF/locale.tld b/src/main/webapp/WEB-INF/locale.tld index bc14a730..8950ea88 100644 --- a/src/main/webapp/WEB-INF/locale.tld +++ b/src/main/webapp/WEB-INF/locale.tld @@ -7,6 +7,7 @@ BlocklyProp locale 1.0 + blockly_locale http://blocklyprop.parallax.com/locale @@ -17,7 +18,6 @@ locale true java.lang.String - true - \ No newline at end of file + diff --git a/src/main/webapp/WEB-INF/properties.tld b/src/main/webapp/WEB-INF/properties.tld index 0169c595..c3534962 100644 --- a/src/main/webapp/WEB-INF/properties.tld +++ b/src/main/webapp/WEB-INF/properties.tld @@ -29,6 +29,7 @@ BlocklyProp properties 1.0 + blockly-properties http://blocklyprop.parallax.com/properties diff --git a/src/main/webapp/login.jsp b/src/main/webapp/login.jsp index 2e97de6b..69f23e6a 100644 --- a/src/main/webapp/login.jsp +++ b/src/main/webapp/login.jsp @@ -50,7 +50,12 @@ <% } %> + + <%-- + New accounts are no longer supported

+ --%> +

@@ -74,4 +79,4 @@ <%@ include file="/WEB-INF/includes/pageparts/footer.jsp"%> - \ No newline at end of file + diff --git a/src/main/webapp/projectcreate.jsp b/src/main/webapp/projectcreate.jsp index 36206c1b..b5898e9c 100644 --- a/src/main/webapp/projectcreate.jsp +++ b/src/main/webapp/projectcreate.jsp @@ -29,8 +29,8 @@ <%@page contentType="text/html" pageEncoding="UTF-8"%> <%@ include file="/WEB-INF/includes/include.jsp"%> - + @@ -104,7 +104,7 @@

- +
- +