SHA256
Разрешить pairing без доп пароля
This commit is contained in:
+6
-4
@@ -55,9 +55,6 @@ public class Net_StartEspPairing_Handler implements JsonMessageHandler {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.BAD_REQUEST, "BAD_PAYLOAD_TYPE", "payloadType должен быть 1, 2 или 3");
|
||||
}
|
||||
String passwordHash = EspPairingSupport.normalizeOpaqueHash(req.getPasswordHash());
|
||||
if (passwordHash == null) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.BAD_REQUEST, "EMPTY_PASSWORD_HASH", "Пустой passwordHash");
|
||||
}
|
||||
|
||||
SolanaUserEntry user = SolanaUsersDAO.getInstance().getByLogin(login);
|
||||
if (user == null) {
|
||||
@@ -84,9 +81,14 @@ public class Net_StartEspPairing_Handler implements JsonMessageHandler {
|
||||
if (recentAttempts >= EspPairingSupport.REQUEST_RATE_LIMIT) {
|
||||
return NetExceptionResponseFactory.error(req, EspPairingSupport.STATUS_PAIRING_RATE_LIMIT, "PAIRING_RATE_LIMITED", "Слишком много pairing-запросов за короткое время");
|
||||
}
|
||||
if (!settings.getPasswordHash().equals(passwordHash)) {
|
||||
String configuredPasswordHash = settings.getPasswordHash() == null ? "" : settings.getPasswordHash().trim();
|
||||
boolean requiresPassword = !configuredPasswordHash.isBlank();
|
||||
if (requiresPassword && !configuredPasswordHash.equals(passwordHash)) {
|
||||
return NetExceptionResponseFactory.error(req, 422, "PAIRING_PASSWORD_INVALID", "Неверный pairing-пароль");
|
||||
}
|
||||
if (!requiresPassword && passwordHash != null && !passwordHash.isBlank()) {
|
||||
passwordHash = "";
|
||||
}
|
||||
|
||||
String clientPlatform = AuthSessionTypeSupport.normalizeClientPlatform(req.getRequesterClientPlatform());
|
||||
int ttlSeconds = EspPairingSupport.normalizeTtlSeconds(settings.getTtlSeconds());
|
||||
|
||||
-3
@@ -29,9 +29,6 @@ public class Net_UpsertEspPairingSettings_Handler implements JsonMessageHandler
|
||||
boolean enabled = req.getEnabled() != null && req.getEnabled();
|
||||
String passwordHash = EspPairingSupport.normalizeOpaqueHash(req.getPasswordHash());
|
||||
int ttlSeconds = EspPairingSupport.normalizeTtlSeconds(req.getTtlSeconds());
|
||||
if (enabled && (passwordHash == null || passwordHash.isBlank())) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.BAD_REQUEST, "EMPTY_PASSWORD_HASH", "Для включения pairing нужен passwordHash");
|
||||
}
|
||||
|
||||
long now = System.currentTimeMillis();
|
||||
EspPairingSettingsEntry entry = new EspPairingSettingsEntry();
|
||||
|
||||
@@ -79,6 +79,21 @@ public class IT_07_EspPairing {
|
||||
assertEquals("approved", JsonParsers.payloadText(statusResp, "state"));
|
||||
assertEquals("AQIDBA==", JsonParsers.payloadText(statusResp, "encryptedPayload"));
|
||||
|
||||
String upsertNoPasswordResp = clientWs.call(
|
||||
"UpsertEspPairingSettings",
|
||||
JsonBuilders.upsertEspPairingSettings(true, "", 180),
|
||||
t
|
||||
);
|
||||
assertEquals(200, JsonParsers.status(upsertNoPasswordResp), "UpsertEspPairingSettings without password must be 200");
|
||||
|
||||
SessionMaterial requesterNoPasswordMaterial = newSessionMaterial();
|
||||
String startNoPasswordResp = requesterWs.call(
|
||||
"StartEspPairing",
|
||||
JsonBuilders.startEspPairing(LOGIN, "", requesterNoPasswordMaterial.sessionKey(), 1, "Android", 1),
|
||||
t
|
||||
);
|
||||
assertEquals(200, JsonParsers.status(startNoPasswordResp), "StartEspPairing without password must be 200");
|
||||
|
||||
String forbiddenResp = requesterWs.call(
|
||||
"ListEspPairingRequests#anonymous",
|
||||
JsonBuilders.listEspPairingRequests(),
|
||||
@@ -86,7 +101,7 @@ public class IT_07_EspPairing {
|
||||
);
|
||||
assertErrorFormat(forbiddenResp, "ListEspPairingRequests", "PAIRING_REQUIRES_AUTH_SESSION");
|
||||
|
||||
r.ok("ESP pairing: обычная доверенная сессия увидела запрос и подтвердила зашифрованный payload");
|
||||
r.ok("ESP pairing: доверенная сессия принимает заявки как с доп. паролем, так и без него");
|
||||
}
|
||||
} catch (Throwable e) {
|
||||
r.fail("IT_07_EspPairing упал: " + e.getMessage());
|
||||
|
||||
Reference in New Issue
Block a user