Merge pull request #3310 from ingef/feature/remove-api-token-realm

remove apitoken related classes and code

backend/pom.xml

@@ -244,6 +244,11 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>com.password4j</groupId>
+            <artifactId>password4j</artifactId>
+            <version>1.7.3</version>
+        </dependency>
         <dependency>
             <groupId>io.dropwizard</groupId>
             <artifactId>dropwizard-views-freemarker</artifactId>

backend/src/main/java/com/bakdata/conquery/apiv1/auth/PasswordCredential.java

@@ -3,23 +3,13 @@
 import javax.validation.constraints.NotEmpty;
 
 import com.bakdata.conquery.io.cps.CPSType;
-import com.bakdata.conquery.models.config.auth.AuthorizationConfig;
 import com.bakdata.conquery.models.auth.basic.LocalAuthenticationRealm;
-import com.fasterxml.jackson.annotation.JsonCreator;
-import lombok.AllArgsConstructor;
-import lombok.Data;
-import lombok.RequiredArgsConstructor;
+import com.bakdata.conquery.models.config.auth.AuthorizationConfig;
 
 /**
- * Container for holding a password. This credential type is used by the
- * {@link LocalAuthenticationRealm} and can be used in the {@link AuthorizationConfig}. 
+ * Container for holding a plain-text password. This credential type is used by the
+ * {@link LocalAuthenticationRealm} and can be used in the {@link AuthorizationConfig}.
  */
 @CPSType(base = CredentialType.class, id = "PASSWORD")
-@Data
-@RequiredArgsConstructor(onConstructor = @__({@JsonCreator}))
-@AllArgsConstructor
-public class PasswordCredential implements CredentialType {
-
-	@NotEmpty
-	private char[] password;
+public record PasswordCredential(@NotEmpty String password) implements CredentialType {
 }

backend/src/main/java/com/bakdata/conquery/apiv1/auth/PasswordHashCredential.java

@@ -0,0 +1,9 @@
+package com.bakdata.conquery.apiv1.auth;
+
+import javax.validation.constraints.NotEmpty;
+
+import com.bakdata.conquery.io.cps.CPSType;
+
+@CPSType(base = CredentialType.class, id = "PASSWORD_HASH")
+public record PasswordHashCredential(@NotEmpty String hash) implements CredentialType {
+}

backend/src/main/java/com/bakdata/conquery/apiv1/auth/ProtoUser.java

@@ -1,7 +1,6 @@
 package com.bakdata.conquery.apiv1.auth;
 
 import java.util.Collections;
-import java.util.List;
 import java.util.Set;
 
 import javax.validation.Valid;
@@ -45,9 +44,8 @@ public class ProtoUser {
 	 * {@link UserManageable}, such as {@link LocalAuthenticationRealm}).
 	 */
 	@Builder.Default
-	@NotNull
 	@Valid
-	private List<CredentialType> credentials = Collections.emptyList();
+	private CredentialType credential = null;
 
 	public User createOrOverwriteUser(@NonNull MetaStorage storage) {
 		if (label == null) {

backend/src/main/java/com/bakdata/conquery/apiv1/auth/UsernamePasswordToken.java

@@ -17,5 +17,5 @@ public class UsernamePasswordToken {
 	@NotEmpty
 	private String user;
 	@NotEmpty
-	private char[] password;
+	private String password;
 }

backend/src/main/java/com/bakdata/conquery/models/auth/AuthorizationController.java

@@ -145,7 +145,7 @@ private static void initializeAuthConstellation(@NonNull AuthorizationConfig con
 			final User user = pUser.createOrOverwriteUser(storage);
 			for (Realm realm : realms) {
 				if (realm instanceof UserManageable) {
-					AuthorizationHelper.registerForAuthentication((UserManageable) realm, user, pUser.getCredentials(), true);
+					AuthorizationHelper.registerForAuthentication((UserManageable) realm, user, pUser.getCredential(), true);
 				}
 			}
 		}

backend/src/main/java/com/bakdata/conquery/models/auth/AuthorizationHelper.java

@@ -1,6 +1,5 @@
 package com.bakdata.conquery.models.auth;
 
-import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -14,8 +13,8 @@
 import com.bakdata.conquery.io.storage.MetaStorage;
 import com.bakdata.conquery.models.auth.entities.Group;
 import com.bakdata.conquery.models.auth.entities.Role;
-import com.bakdata.conquery.models.auth.entities.User;
 import com.bakdata.conquery.models.auth.entities.Subject;
+import com.bakdata.conquery.models.auth.entities.User;
 import com.bakdata.conquery.models.auth.permissions.Ability;
 import com.bakdata.conquery.models.auth.permissions.ConqueryPermission;
 import com.bakdata.conquery.models.datasets.Dataset;
@@ -129,7 +128,7 @@ public static Map<DatasetId, Set<Ability>> buildDatasetAbilityMap(Subject subjec
 	}
 
 
-	public static boolean registerForAuthentication(UserManageable userManager, User user, List<CredentialType> credentials, boolean override) {
+	public static boolean registerForAuthentication(UserManageable userManager, User user, CredentialType credentials, boolean override) {
 		if(override) {
 			return userManager.updateUser(user, credentials);
 		}

backend/src/main/java/com/bakdata/conquery/models/auth/UserManageable.java

@@ -20,13 +20,13 @@ public interface UserManageable {
 	 * @param credentials A List of credentials that are provided by the user.
 	 * @return True upon successful adding of the user. False if the user could not be added or was already present.
 	 */
-	boolean addUser(User user, List<CredentialType> credentials);
+	boolean addUser(User user, CredentialType credential);
 
 
 	/**
 	 * Similar to {@link UserManageable#addUser(User, List)} but if the user already existed it is overridden, when a fitting {@link CredentialType} was found.
 	 */
-	boolean updateUser(User user, List<CredentialType> credentials);
+	boolean updateUser(User user, CredentialType credential);
 
 	/**
 	 * Removes a user from the realm only but not from the local permission storage (i.e. {@link MetaStorage}).