Fixed loginApiKey

car031 · car031 · commit 2c20728c8f21 · 2025-03-05T17:13:07.000+01:00
diff --git a/logicaldoc-core/src/main/java/com/logicaldoc/core/security/user/HibernateUserDAO.java b/logicaldoc-core/src/main/java/com/logicaldoc/core/security/user/HibernateUserDAO.java
@@ -84,6 +84,9 @@ public List<User> findByName(String name) throws PersistenceException {
 
 	@Override
 	public User findByUsername(String username) throws PersistenceException {
+		if(StringUtils.isEmpty(username))
+			return null;
+		
 		User user = null;
 		Map<String, Object> params = new HashMap<>();
 		params.put(USERNAME, username);
@@ -97,6 +100,9 @@ public User findByUsername(String username) throws PersistenceException {
 
 	@Override
 	public User findByUsernameIgnoreCase(String username) throws PersistenceException {
+		if(StringUtils.isEmpty(username))
+			return null;
+		
 		User user = null;
 		Map<String, Object> params = new HashMap<>();
 		params.put(USERNAME, username.toLowerCase());
diff --git a/logicaldoc-webservice/src/main/java/com/logicaldoc/webservice/rest/endpoint/RestAuthService.java b/logicaldoc-webservice/src/main/java/com/logicaldoc/webservice/rest/endpoint/RestAuthService.java
@@ -11,9 +11,11 @@
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.MediaType;
 
+import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.logicaldoc.core.security.SessionManager;
 import com.logicaldoc.core.security.authentication.AuthenticationException;
 import com.logicaldoc.webservice.model.WSCredentials;
 import com.logicaldoc.webservice.rest.AuthService;
@@ -38,7 +40,7 @@ public String login(@QueryParam("u")
 	String password) throws AuthenticationException {
 		return super.login(username, password);
 	}
-	
+
 	@POST
 	@Path("/loginForm")
 	@Operation(operationId = "loginForm", summary = "Login with POST", description = "Deprecated, use loginApiKey instead")
@@ -58,12 +60,19 @@ public String loginForm(@FormParam("username")
 	public String loginPostJSON(WSCredentials cred) {
 		return super.login(cred.getUsername(), cred.getPassword());
 	}
-	
+
 	@GET
 	@Path("/loginApiKey")
 	@Override
-	public String loginApiKey(@HeaderParam("X-API-KEY") String apikey) {
-		return super.loginApiKey(apikey);
+	public String loginApiKey(@HeaderParam("X-API-KEY")
+	String apikey) {
+		// The header was already processed by the SessionFilter so we must
+		// check the existing session first
+		String sid = SessionManager.get().getSessionId(getCurrentRequest());
+		if (StringUtils.isEmpty(sid))
+			return super.loginApiKey(apikey);
+		else
+			return sid;
 	}
 
 	@DELETE
