public static User validateAuth(UserDao userDao, HttpRequest req) throws IllegalAccessException { String auth = req.headers().get(HttpHeaderNames.AUTHORIZATION); if (auth != null) { try { String encodedAuth = auth.substring("Basic ".length()); String decoded = new String(java.util.Base64.getDecoder().decode(encodedAuth)); String[] userAndPass = decoded.split(":"); String user = userAndPass[0].toLowerCase(); String pass = userAndPass[1]; User superUser = userDao.getSuperAdmin(); String passHash = SHA256Util.makeHash(pass, user); log.info("Header auth attempt. User: {}, pass: {}", user, pass); if (superUser != null && superUser.email.equals(user) && superUser.pass.equals(passHash)) { return superUser; } else { throw new IllegalAccessException("Authentication failed."); } } catch (IllegalAccessException iae) { log.error("Error invoking OTA handler. {}", iae.getMessage()); throw iae; } catch (Exception e) { log.error("Error invoking OTA handler."); } } return null; } }
private static void createSuperUser(Holder holder) { ServerProperties props = holder.props; String url = props.getAdminUrl(props.host); String email = props.getProperty("admin.email", "admin@blynk.cc"); String pass = props.getProperty("admin.pass"); if (!holder.userDao.isSuperAdminExists()) { if (pass == null || pass.isEmpty()) { System.out.println("Admin password not specified. Random password generated."); pass = StringUtils.randomPassword(24); } System.out.println("Your Admin url is " + url); System.out.println("Your Admin login email is " + email); System.out.println("Your Admin password is " + pass); String hash = SHA256Util.makeHash(pass, email); holder.userDao.add(email, hash, AppNameUtil.BLYNK, true); String vendorEmail = props.vendorEmail; if (vendorEmail != null) { String subj = "Your private Blynk server for " + props.productName + " is up!"; String body = buildServerUpEmailBody(url, email, pass); holder.blockingIOProcessor.messagingExecutor.execute(() -> { try { holder.mailWrapper.sendHtml(vendorEmail, subj, body); } catch (Exception e) { e.printStackTrace(); } }); } } }
updatedUser.pass = SHA256Util.makeHash(updatedUser.pass, updatedUser.email);