From: kenstir <kenstir@gmail.com>
Date: Sun, 20 Oct 2013 18:30:50 +0000 (-0400)
Subject: Fixed bug 16: app leaks password to System.out (visible in logcat)
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=6ede3506f98c090056268964b7ba7a869ba3ae5d;p=working%2FEvergreen.git

Fixed bug 16: app leaks password to System.out (visible in logcat)
---

diff --git a/Open-ILS/src/Android/src/org/evergreen/android/accountAccess/AccountAccess.java b/Open-ILS/src/Android/src/org/evergreen/android/accountAccess/AccountAccess.java
index 98402aedfe..32eaff6570 100644
--- a/Open-ILS/src/Android/src/org/evergreen/android/accountAccess/AccountAccess.java
+++ b/Open-ILS/src/Android/src/org/evergreen/android/accountAccess/AccountAccess.java
@@ -174,7 +174,7 @@ public class AccountAccess {
     private String httpAddress = "http://ulysses.calvin.edu";
 
     /** The TAG. */
-    public String TAG = "AuthenticareUser";
+    public String TAG = "AccountAccess";
 
     /**
      * The auth token. Sent with every request that needs authentication
@@ -207,6 +207,7 @@ public class AccountAccess {
      */
     private AccountAccess(String httpAddress, ConnectivityManager cm) {
 
+        System.out.println("AccountAccess ctor: "+httpAddress);
         this.httpAddress = httpAddress;
         this.cm = cm;
 
@@ -396,7 +397,7 @@ public class AccountAccess {
 
         String seed = null;
 
-        System.out.println("Send request to " + httpAddress);
+        System.out.println("AccountAccess.authenticateInit " + httpAddress);
         Object resp = (Object) Utils.doRequest(conn, SERVICE_AUTH,
                 METHOD_AUTH_INIT, cm, new Object[] { userName });
         if (resp != null)
@@ -408,7 +409,7 @@ public class AccountAccess {
     }
 
     /**
-     * Authenticate complete. Phase 2 of login process Application send's
+     * Authenticate complete. Phase 2 of login process Application sends
      * username and hash to confirm login
      *
      * @param seed the seed
@@ -419,30 +420,27 @@ public class AccountAccess {
      */
     private boolean authenticateComplete(String seed) throws NoAccessToServer,
             NoNetworkAccessException {
+        System.out.println("AccountAccess.authenticateComplete seed=" + seed);
 
         // calculate hash to pass to server for authentication process phase 2
         // seed = "b18a9063e0c6f49dfe7a854cc6ab5775";
         String hash = md5(seed + md5(password));
-        System.out.println("Hash " + hash);
 
         HashMap<String, String> complexParam = new HashMap<String, String>();
         // TODO parameter for user login
         complexParam.put("type", "opac");
-
         complexParam.put("username", userName);
         complexParam.put("password", hash);
 
-        System.out.println("Password " + password);
-        System.out.println("Compelx param " + complexParam);
-
         Object resp = Utils.doRequest(conn, SERVICE_AUTH, METHOD_AUTH_COMPLETE,
                 cm, new Object[] { complexParam });
-        if (resp == null)
+        if (resp == null) {
+            System.out.println("Result: null");
             return false;
+        }
 
         String queryResult = ((Map<String, String>) resp).get("textcode");
-
-        System.out.println("Result " + queryResult);
+        System.out.println("Result: " + queryResult);
 
         if (queryResult.equals("SUCCESS")) {
             Object payload = ((Map<String, String>) resp).get("payload");
@@ -464,6 +462,7 @@ public class AccountAccess {
             } catch (Exception e) {
                 Log.d(TAG,
                         "Error in retrieving account info, this is normal if it is before IDL load");
+                System.err.println("Error in retrieving account info "+e.getMessage()+" cause: "+e.getCause());
             }
 
             return true;
diff --git a/Open-ILS/src/Android/src/org/evergreen/android/accountAccess/AuthenticateUser.java b/Open-ILS/src/Android/src/org/evergreen/android/accountAccess/AuthenticateUser.java
index b02c72b756..59b1d325ce 100644
--- a/Open-ILS/src/Android/src/org/evergreen/android/accountAccess/AuthenticateUser.java
+++ b/Open-ILS/src/Android/src/org/evergreen/android/accountAccess/AuthenticateUser.java
@@ -72,6 +72,7 @@ public class AuthenticateUser {
      */
     public AuthenticateUser(String httpAddress) {
 
+        System.out.println("AuthenticateUser ctor: "+httpAddress);
         this.httpAddress = httpAddress;
 
         try {
@@ -141,6 +142,7 @@ public class AuthenticateUser {
      * @return seed for phase 2 of login
      */
     private String authenticateInit() {
+        System.out.println("AuthenticateUser.authenticateInit " + httpAddress);
 
         Method method = new Method(METHOD_AUTH_INIT);
 
@@ -170,6 +172,7 @@ public class AuthenticateUser {
      *            the seed
      */
     private void authenticateComplete(String seed) {
+        System.out.println("AuthenticateUser.authenticationComplete " + seed);
 
         // calculate hash to pass to server for authentication process phase 2
         // seed = "b18a9063e0c6f49dfe7a854cc6ab5775";
@@ -184,7 +187,6 @@ public class AuthenticateUser {
         complexParam.put("password", hash + "'");
 
         method.addParam(complexParam);
-        System.out.println("Compelx param " + complexParam);
 
         // sync test
         HttpRequest req = new GatewayRequest(conn, SERVICE, method).send();
diff --git a/Open-ILS/src/Android/src/org/evergreen/android/globals/GlobalConfigs.java b/Open-ILS/src/Android/src/org/evergreen/android/globals/GlobalConfigs.java
index 47058af3ab..f0f2bc51f1 100644
--- a/Open-ILS/src/Android/src/org/evergreen/android/globals/GlobalConfigs.java
+++ b/Open-ILS/src/Android/src/org/evergreen/android/globals/GlobalConfigs.java
@@ -142,11 +142,13 @@ public class GlobalConfigs {
     public void loadIDLFile() {
 
         try {
-            Log.d("debug", "Read fm");
+            Log.d("debug", "loadIDLFile start");
             InputStream in_IDL = Utils.getNetInputStream(httpAddress
                     + IDL_FILE_FROM_ROOT);
             IDLParser parser = new IDLParser(in_IDL);
+            Log.d("debug", "loadIDLFile parse");
             parser.parse();
+            Log.d("debug", "loadIDLFile done");
         } catch (Exception e) {
             System.err.println("Error in parsing IDL file "
                     + IDL_FILE_FROM_ROOT + " " + e.getMessage());
diff --git a/Open-ILS/src/Android/src/org/evergreen/android/globals/Utils.java b/Open-ILS/src/Android/src/org/evergreen/android/globals/Utils.java
index 61ff8158a1..e7d0358f60 100644
--- a/Open-ILS/src/Android/src/org/evergreen/android/globals/Utils.java
+++ b/Open-ILS/src/Android/src/org/evergreen/android/globals/Utils.java
@@ -297,13 +297,11 @@ public class Utils {
 
         Method method = new Method(methodName);
 
-        System.out.println("Method :" + methodName + " param:");
+        System.out.println("Method :" + methodName + ":");
         for (int i = 0; i < params.length; i++) {
             method.addParam(params[i]);
-            System.out.print("Param " + i + ":" + params[i]);
+            System.out.println("Param " + i + ": " + params[i]);
         }
-        // need space
-        System.out.println();
 
         // sync request
         HttpRequest req = new GatewayRequest(conn, service, method).send();
@@ -325,13 +323,11 @@ public class Utils {
     public static Object doRequestSimple(HttpConnection conn, String service,
             String methodName, Object[] params) {
         Method method = new Method(methodName);
-        System.out.println("Method :" + methodName + " param:");
+        System.out.println("Method :" + methodName);
         for (int i = 0; i < params.length; i++) {
             method.addParam(params[i]);
-            System.out.print("Param " + i + ":" + params[i]);
+            System.out.println("Param " + i + ":" + params[i]);
         }
-        // need space
-        System.out.println();
 
         // sync request
         HttpRequest req = new GatewayRequest(conn, service, method).send();
diff --git a/Open-ILS/src/Android/src/org/evergreen/android/views/ConfigureApplicationActivity.java b/Open-ILS/src/Android/src/org/evergreen/android/views/ConfigureApplicationActivity.java
index 1392e2c027..eefdbe9c44 100644
--- a/Open-ILS/src/Android/src/org/evergreen/android/views/ConfigureApplicationActivity.java
+++ b/Open-ILS/src/Android/src/org/evergreen/android/views/ConfigureApplicationActivity.java
@@ -70,7 +70,7 @@ public class ConfigureApplicationActivity extends Activity {
         SharedPreferences preferences = PreferenceManager
                 .getDefaultSharedPreferences(context);
         username.setText(preferences.getString("username", ""));
-        server_http.setText(preferences.getString("library_url", ""));  
+        server_http.setText(preferences.getString("library_url", "https://bark.cwmars.org"));  
         password.setText(preferences.getString("password", ""));
         
         Button connect = (Button) findViewById(R.id.connect_button);