Login method modification.

New login method based in HTTP's Basic Authentication used. This new
method eliminates the need of the database supporting the SHA256
algorithm and facilitates the future use of Basic Authentication.

Tests were updated to use the new token encoding.

src/main/java/es/uvigo/esei/daa/LoginFilter.java

@@ -38,6 +38,8 @@ public class LoginFilter implements Filter {
 			} else {
 				redirectToIndex(httpRequest, httpResponse);
 			}
+		} catch (IllegalArgumentException iae) {
+			httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
 		} catch (DAOException e) {
 			httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 		}
@@ -101,7 +103,8 @@ public class LoginFilter implements Filter {
 		}
 	}
 	
-	private boolean checkToken(HttpServletRequest request) throws DAOException {
+	private boolean checkToken(HttpServletRequest request)
+	throws DAOException, IllegalArgumentException {
 		final Cookie[] cookies = request.getCookies();
 		
 		if (cookies != null) {

src/main/java/es/uvigo/esei/daa/dao/UsersDAO.java

@@ -5,12 +5,11 @@ import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 
+import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.codec.digest.DigestUtils;
 
 public class UsersDAO extends DAO {
 	public String checkLogin(String login, String password) throws DAOException {
-		final String shaPassword = DigestUtils.sha256Hex(password);
-
 		try (final Connection conn = this.getConnection()) {
 			final String query = "SELECT password FROM users WHERE login=?";
 			
@@ -20,9 +19,10 @@ public class UsersDAO extends DAO {
 				try (ResultSet result = statement.executeQuery()) {
 					if (result.next()) {
 						final String dbPassword = result.getString("password");
+						final String shaPassword = DigestUtils.sha256Hex(password);
 						
 						if (shaPassword.equals(dbPassword)) {
-							return DigestUtils.sha256Hex(login + dbPassword);
+							return new String(Base64.encodeBase64((login + ":" + password).getBytes()));
 						} else {
 							return null;
 						}
@@ -36,16 +36,31 @@ public class UsersDAO extends DAO {
 		}
 	}
 	
-	public String checkToken(String token) throws DAOException {
+	public String checkToken(String token)
+	throws DAOException, IllegalArgumentException {
+		final String decodedToken = new String(Base64.decodeBase64(token.getBytes()));
+		final int colonIndex = decodedToken.indexOf(':');
+		
+		if (colonIndex < 0 || colonIndex == decodedToken.length()-1) {
+			throw new IllegalArgumentException("Invalid token");
+		}
+		
+		final String login = decodedToken.substring(0, decodedToken.indexOf(':'));
+		final String password = DigestUtils.sha256Hex(
+			decodedToken.substring(decodedToken.indexOf(':') + 1)
+		);
+		
 		try (final Connection conn = this.getConnection()) {
-			final String query = "SELECT login FROM users WHERE sha2(concat(login, password), 256)=?";
+			final String query = "SELECT password FROM users WHERE login=?";
 			
 			try (PreparedStatement statement = conn.prepareStatement(query)) {
-				statement.setString(1, token);
+				statement.setString(1, login);
 				
 				try (ResultSet result = statement.executeQuery()) {
 					if (result.next()) {
-						return result.getString("login");
+						final String dbPassword = result.getString("password"); 
+						
+						return password.equals(dbPassword) ? login : null;
 					} else {
 						return null;
 					}

src/test/java/es/uvigo/esei/daa/web/PeopleWebTest.java

@@ -38,10 +38,7 @@ public class PeopleWebTest {
 
 		driver.get(baseUrl);
 		driver.manage().addCookie(
-			new Cookie(
-				"token",
-				"25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666"
-			)
+			new Cookie("token", "bXJqYXRvOm1yamF0bw==")
 		);
 		// Driver will wait DEFAULT_WAIT_TIME if it doesn't find and element.
 		driver.manage().timeouts().implicitlyWait(DEFAULT_WAIT_TIME, TimeUnit.SECONDS);

src/test/webapp/rest/people/add.html

@@ -34,7 +34,7 @@
 <tr>
 	<td>type</td>
 	<td>name=value</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 </tr>
 <tr>
 	<td>click</td>

src/test/webapp/rest/people/addNoName.html

@@ -34,7 +34,7 @@
 <tr>
 	<td>type</td>
 	<td>name=value</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 </tr>
 <tr>
 	<td>click</td>

src/test/webapp/rest/people/addNoSurname.html

@@ -34,7 +34,7 @@
 <tr>
 	<td>type</td>
 	<td>name=value</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 </tr>
 <tr>
 	<td>click</td>

src/test/webapp/rest/people/delete.html

@@ -34,7 +34,7 @@
 <tr>
 	<td>type</td>
 	<td>name=value</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 </tr>
 <tr>
 	<td>click</td>

src/test/webapp/rest/people/deleteInvalidId.html

@@ -34,7 +34,7 @@
 <tr>
 	<td>type</td>
 	<td>name=value</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 </tr>
 <tr>
 	<td>click</td>

src/test/webapp/rest/people/get.html

@@ -34,7 +34,7 @@
 <tr>
 	<td>type</td>
 	<td>name=value</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 </tr>
 <tr>
 	<td>click</td>

src/test/webapp/rest/people/list.html

@@ -34,7 +34,7 @@
 <tr>
 	<td>type</td>
 	<td>name=value</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 </tr>
 <tr>
 	<td>click</td>

src/test/webapp/rest/people/modify.html

@@ -34,7 +34,7 @@
 <tr>
 	<td>type</td>
 	<td>name=value</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 </tr>
 <tr>
 	<td>click</td>

src/test/webapp/rest/people/modifyInvalidId.html

@@ -34,7 +34,7 @@
 <tr>
 	<td>type</td>
 	<td>name=value</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 </tr>
 <tr>
 	<td>click</td>

src/test/webapp/rest/people/modifyNoId.html

@@ -34,7 +34,7 @@
 <tr>
 	<td>type</td>
 	<td>name=value</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 </tr>
 <tr>
 	<td>click</td>

src/test/webapp/rest/people/modifyNoName.html

@@ -34,7 +34,7 @@
 <tr>
 	<td>type</td>
 	<td>name=value</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 </tr>
 <tr>
 	<td>click</td>

src/test/webapp/rest/people/modifyNoSurname.html

@@ -34,7 +34,7 @@
 <tr>
 	<td>type</td>
 	<td>name=value</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 </tr>
 <tr>
 	<td>click</td>

src/test/webapp/web/people/add.html

@@ -13,7 +13,7 @@
 </thead><tbody>
 <tr>
 	<td>createCookie</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 	<td></td>
 </tr>
 <tr>

src/test/webapp/web/people/delete.html

@@ -13,7 +13,7 @@
 </thead><tbody>
 <tr>
 	<td>createCookie</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 	<td></td>
 </tr>
 <tr>

src/test/webapp/web/people/edit.html

@@ -13,7 +13,7 @@
 </thead><tbody>
 <tr>
 	<td>createCookie</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 	<td></td>
 </tr>
 <tr>

src/test/webapp/web/people/list.html

@@ -13,7 +13,7 @@
 </thead><tbody>
 <tr>
 	<td>createCookie</td>
-	<td>token=25d35467c91f0f8bbcc9a4f22bb359170643ccfdf38851599a03a8ffc0756666</td>
+	<td>token=bXJqYXRvOm1yamF0bw==</td>
 	<td></td>
 </tr>
 <tr>