FF-174 Create UserId generation (#46)

* FF-174 Create UserId generation

* Rewrote decoding exception catch.

* Rearranged Code

* Fixed Security Issue.

Author: open-schnick

src/main/java/de/filefighter/rest/domain/user/business/UserAuthorizationService.java

@@ -12,7 +12,6 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
-import java.io.UnsupportedEncodingException;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 
@@ -39,9 +38,10 @@ public User authenticateUserWithUsernameAndPassword(String base64encodedUserAndP
         String decodedUsernameAndPassword = "";
         try {
             byte[] decodedValue = Base64.getDecoder().decode(base64encodedUserAndPassword);
-            decodedUsernameAndPassword = new String(decodedValue, StandardCharsets.UTF_8.toString());
-        } catch (UnsupportedEncodingException ex) {
-            LOG.warn("Found UnsupportedEncodingException {} in {}",ex.getMessage(), base64encodedUserAndPassword);
+            decodedUsernameAndPassword = new String(decodedValue, StandardCharsets.UTF_8);
+        } catch (IllegalArgumentException ex) {
+            LOG.warn("Found {} in {}", ex.getMessage(), base64encodedUserAndPassword);
+            throw new RequestDidntMeetFormalRequirementsException("Found unsupported character in header.");
         }
 
         String[] split = decodedUsernameAndPassword.split(":");

src/main/java/de/filefighter/rest/domain/user/business/UserBusinessService.java

@@ -22,6 +22,7 @@
 import org.springframework.data.mongodb.core.query.Update;
 import org.springframework.stereotype.Service;
 
+import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.regex.Pattern;
 
@@ -38,6 +39,8 @@ public class UserBusinessService {
 
 
     private static final Logger LOG = LoggerFactory.getLogger(UserBusinessService.class);
+    public static final int USER_ID_MAX = 99999999;
+
 
     @Value("${filefighter.disable-password-check}")
     public boolean passwordCheckDisabled;
@@ -138,7 +141,7 @@ public void registerNewUser(UserRegisterForm newUser) {
                 .username(username)
                 .password(password)
                 .refreshToken(AccessTokenBusinessService.generateRandomTokenValue())
-                .userId(getUserCount() + 1)
+                .userId(generateRandomUserId())
                 .build());
     }
 
@@ -234,5 +237,19 @@ public void updateUser(long userId, UserRegisterForm userToUpdate, User authenti
         query.addCriteria(Criteria.where("userId").is(userId));
         mongoTemplate.findAndModify(query, newUpdate, UserEntity.class);
     }
+
+    public long generateRandomUserId(){
+        long possibleUserId = 0L;
+        boolean userIdIsFree = false;
+
+        while(!userIdIsFree){
+            possibleUserId = new SecureRandom().nextInt(UserBusinessService.USER_ID_MAX);
+            UserEntity userEntity = userRepository.findByUserId(possibleUserId);
+            if(null == userEntity && possibleUserId > 0)
+                userIdIsFree = true;
+        }
+
+        return possibleUserId;
+    }
 }
 

src/test/java/de/filefighter/rest/domain/user/business/UserAuthorizationServiceUnitTest.java

@@ -29,9 +29,10 @@ void authenticateUserWithUsernameAndPasswordThrows() {
         String matchesButDoesNotMeetRequirements = AUTHORIZATION_BASIC_PREFIX + "dWdhYnVnYQ==";
         String matchesButUserWasNotFound = AUTHORIZATION_BASIC_PREFIX + "dXNlcjpwYXNzd29yZA==";
 
-        assertThrows(RuntimeException.class, () ->
+        assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
                 userAuthorizationService.authenticateUserWithUsernameAndPassword(matchesButIsNotSupportedEncoding)
         );
+
         assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
                 userAuthorizationService.authenticateUserWithUsernameAndPassword(matchesButDoesNotMeetRequirements)
         );

src/test/java/de/filefighter/rest/domain/user/business/UserBusinessServiceUnitTest.java

@@ -208,7 +208,7 @@ void registerNewUserWorks() {
         String username = "username";
         String password = "validPassword1234";
         String confPassword = "validPassword1234";
-        long[] groups = null;
+        long[] groups = new long[]{0};
 
         UserRegisterForm userRegisterForm = UserRegisterForm.builder()
                 .username(username)
@@ -291,7 +291,7 @@ void updatePasswordThrows() {
         assertThrows(UserNotUpdatedException.class, () ->
                 userBusinessService.updateUser(userId, userRegisterForm, authenticatedUser), "Passwords do not match.");
 
-        String validPassword ="ValidPassword1234!=";
+        String validPassword = "ValidPassword1234!=";
         userRegisterForm.setPassword(validPassword);
         userRegisterForm.setConfirmationPassword(validPassword);
         when(userRepositoryMock.findByUserId(userId)).thenReturn(dummyEntity);
@@ -325,7 +325,7 @@ void updateGroupsThrows() {
         assertThrows(UserNotUpdatedException.class, () ->
                 userBusinessService.updateUser(userId, userRegisterForm, authenticatedUser));
 
-        groups = new long[]{123032,1230213};
+        groups = new long[]{123032, 1230213};
         userRegisterForm.setGroupIds(groups);
         when(userRepositoryMock.findByUserId(userId)).thenReturn(dummyEntity);
         when(groupRepositoryMock.getGroupsByIds(groups)).thenThrow(new IllegalArgumentException("id doesnt belong to a group"));
@@ -346,4 +346,10 @@ void updateGroupsWorks() {
         when(groupRepositoryMock.getGroupsByIds(groups)).thenReturn(new Groups[]{Groups.FAMILY});
         assertDoesNotThrow(() -> userBusinessService.updateUser(userId, userRegisterForm, authenticatedUser));
     }
+
+    @Test
+    void generateRandomUserIdWorks() {
+        long actualValue = userBusinessService.generateRandomUserId();
+        assertTrue(0 <= actualValue && actualValue <= UserBusinessService.USER_ID_MAX);
+    }
 }