Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2026-02-05 22:29:11 +01:00
Code Issues Packages Projects Releases Activity

Reduce logging of ApiTokenRealm

Browse Source
This commit is contained in:
Sebastian Sdorra
2020-10-22 14:39:09 +02:00
parent 49607236e5
commit 7b91cf82bf
4 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
scm-webapp/src/main/java/sonia/scm/security/ApiKeyRealm.java
View File

@@ -24,6 +24,7 @@
package sonia.scm.security;
import com.google.common.io.BaseEncoding;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
@@ -61,13 +62,14 @@ public class ApiKeyRealm extends AuthenticatingRealm {
}
@Override
@SuppressWarnings("java:S4738") // java.util.Base64 has no canDecode method
public boolean supports(AuthenticationToken token) {
if (token instanceof UsernamePasswordToken || token instanceof BearerToken) {
boolean containsDot = getPassword(token).contains(".");
if (containsDot) {
LOG.debug("Ignoring token with at least one dot ('.'); this is probably a JWT token");
boolean isBase64 = BaseEncoding.base64().canDecode(getPassword(token));
if (!isBase64) {
LOG.debug("Ignoring non base 64 token; this is probably a JWT token or a normal password");
}
return !containsDot;
return isBase64;
}
return false;
}