Commit 4447a2fef9bd6a0acb1ae3687ee1d5d51289e701

Authored by Ali B
1 parent 70b54cf8

Fixed the authentication in api so you now need a token in order get data from a…

…pi, if the token is invalid or does not exsit then code 401 is returned and no data is returned. The client side also checks for code, if the status code is 401 then the user is returned to the login screen and the cached token is deleted. Also wrote about authentication in the PDF document and created a diagram for the program flow when logging in and requestin to see all activities. Also created a new and improved deployment diagram
Annet/Konfidensialitet og sporbarhet i et distribuert system.docx 0 → 100644
No preview for this file type
Forbedret deployment diagram.pdf 0 → 100644
No preview for this file type
Konfidensialitet og sporbarhet i et distribuert system.docx deleted
No preview for this file type
Konfidensialitet og sporbarhet i et distribuert system.pdf 0 → 100644
No preview for this file type
Risiko/app/src/main/java/activity/Accesslog.java
... ... @@ -17,6 +17,7 @@ import java.util.List;
17 17 import adapters.ListAdapterAccesslog;
18 18 import adapters.ListAdapterEvaluationLog;
19 19 import api.Api;
  20 +import api.TokenEncrypter;
20 21 import dataclasses.*;
21 22 import dataclasses.EvaluationLog;
22 23 import retrofit2.Call;
... ... @@ -25,6 +26,7 @@ import retrofit2.Response;
25 26  
26 27 public class Accesslog extends AppCompatActivity {
27 28 ListView lv;
  29 + String token;
28 30  
29 31 @Override
30 32 protected void onCreate(Bundle savedInstanceState) {
... ... @@ -38,10 +40,12 @@ public class Accesslog extends AppCompatActivity {
38 40 String assosiatedincident = b.getString("associatedincitent");
39 41 System.out.println("ASSOSIATED INCIDENT" + assosiatedincident);
40 42  
  43 + token = TokenEncrypter.getToken(this);
41 44  
42   - Api.getInstance().getAccesslog(assosiatedincident).enqueue(new Callback<List<dataclasses.Accesslog>>() {
  45 + Api.getInstance().getAccesslog(assosiatedincident, token).enqueue(new Callback<List<dataclasses.Accesslog>>() {
43 46 @Override
44 47 public void onResponse(Call<List<dataclasses.Accesslog>> call, Response<List<dataclasses.Accesslog>> response) {
  48 + if (response.code() == 401) TokenEncrypter.logOut(Accesslog.this);
45 49 if (response.isSuccessful()) {
46 50 List<dataclasses.Accesslog> log = response.body();
47 51 List<dataclasses.Accesslog> logs = new ArrayList<>();
... ...
Risiko/app/src/main/java/activity/Activities.java
... ... @@ -34,10 +34,11 @@ public class Activities extends AppCompatActivity {
34 34  
35 35 token = TokenEncrypter.getToken(this);
36 36  
37   - Api.getInstance().getAllActivities()
  37 + Api.getInstance().getAllActivities(token)
38 38 .enqueue(new Callback<List<Activity>>() {
39 39 @Override
40 40 public void onResponse(Call<List<Activity>> call, Response<List<Activity>> response) {
  41 + if (response.code() == 401) TokenEncrypter.logOut(Activities.this);
41 42 if (response.isSuccessful()) {
42 43 List<Activity> activities = response.body();
43 44 insertActivities(activities);
... ...
Risiko/app/src/main/java/activity/EditEvaluation.java
... ... @@ -110,7 +110,7 @@ public class EditEvaluation extends AppCompatActivity {
110 110 System.out.println("FØLGENDE FELT BLE OPPDATERT: " + fieldschanged);
111 111 logchanges(fieldschanged, logDate, id);
112 112  
113   - Api.getInstance().editEvaluation(id, newtitle, newOutcome, newMeasures, consequenceValue, probabilityValue, assosiatedActivity).enqueue(new Callback<Evaluation>() {
  113 + Api.getInstance().editEvaluation(id, newtitle, newOutcome, newMeasures, consequenceValue, probabilityValue, assosiatedActivity, token).enqueue(new Callback<Evaluation>() {
114 114 @Override
115 115 public void onResponse(Call<Evaluation> call, Response<Evaluation> response) {
116 116 System.out.println(response);
... ... @@ -139,7 +139,7 @@ public class EditEvaluation extends AppCompatActivity {
139 139 return;
140 140 }
141 141  
142   - Api.getInstance().newLogEntry(response.body().getName(), date, fieldsChanged, assosiatedEval).enqueue(new Callback<String>() {
  142 + Api.getInstance().newLogEntry(response.body().getName(), date, fieldsChanged, assosiatedEval, token).enqueue(new Callback<String>() {
143 143 @Override
144 144 public void onResponse(Call<String> call, Response<String> response) {
145 145 System.out.println(response);
... ...
Risiko/app/src/main/java/activity/EditIncident.java
... ... @@ -67,7 +67,7 @@ public class EditIncident extends AppCompatActivity {
67 67  
68 68 spinnerAssociatedRisk = findViewById(R.id.spinner_associated_risk);
69 69  
70   - Api.getInstance().getAllEvaluations()
  70 + Api.getInstance().getAllEvaluations(token)
71 71 .enqueue(new Callback<List<Evaluation>>() {
72 72  
73 73 @Override
... ... @@ -90,7 +90,7 @@ public class EditIncident extends AppCompatActivity {
90 90 String newlocation = etLocation.getText().toString();
91 91 String newdescription = etDescription.getText().toString();
92 92  
93   - Api.getInstance().editIncident(id, newdate, newlocation, newtitle, newdescription, associatedRisk).enqueue(new Callback<dataclasses.Incident>() {
  93 + Api.getInstance().editIncident(id, newdate, newlocation, newtitle, newdescription, associatedRisk, token).enqueue(new Callback<dataclasses.Incident>() {
94 94 @Override
95 95 public void onResponse(Call<Incident> call, Response<Incident> response) {
96 96 System.out.println(response);
... ...
Risiko/app/src/main/java/activity/EvaluationLog.java
... ... @@ -27,6 +27,7 @@ import retrofit2.Response;
27 27  
28 28 public class EvaluationLog extends AppCompatActivity {
29 29 ListView lv;
  30 + String token;
30 31  
31 32  
32 33 @Override
... ... @@ -39,13 +40,10 @@ public class EvaluationLog extends AppCompatActivity {
39 40 Intent intent = getIntent();
40 41 Bundle b = intent.getExtras();
41 42 String assosiatedeval = b.getString("assosiatedeval");
42   -/*
43   - List<dataclasses.EvaluationLog> log = new ArrayList<>();
44   - log.add(new dataclasses.EvaluationLog("Ola Nordmann", "2015-02-02", "Alle", assosiatedeval));
45   - log.add(new dataclasses.EvaluationLog("Kari Nordmann", "2015-01-02", "Tittel, konsekvens", assosiatedeval));
46   - insertLog(log);*/
47 43  
48   - Api.getInstance().getEvaluationLog(assosiatedeval).enqueue(new Callback<List<dataclasses.EvaluationLog>>() {
  44 + token = TokenEncrypter.getToken(this);
  45 +
  46 + Api.getInstance().getEvaluationLog(assosiatedeval, token).enqueue(new Callback<List<dataclasses.EvaluationLog>>() {
49 47 @Override
50 48 public void onResponse(Call<List<dataclasses.EvaluationLog>> call, Response<List<dataclasses.EvaluationLog>> response) {
51 49 if (response.isSuccessful()) {
... ...
Risiko/app/src/main/java/activity/Evaluations.java
... ... @@ -56,10 +56,11 @@ public class Evaluations extends AppCompatActivity {
56 56 System.out.println(activityId);
57 57  
58 58  
59   - Api.getInstance().getAllEvaluations()
  59 + Api.getInstance().getAllEvaluations(token)
60 60 .enqueue(new Callback<List<Evaluation>>() {
61 61 @Override
62 62 public void onResponse(Call<List<Evaluation>> call, Response<List<Evaluation>> response) {
  63 + if (response.code() == 401) TokenEncrypter.logOut(Evaluations.this);
63 64 if (response.isSuccessful()) {
64 65 List<Evaluation> evaluations = response.body();
65 66 List<Evaluation> associatedEvaluations = new ArrayList<>();
... ...
Risiko/app/src/main/java/activity/Incident.java
... ... @@ -61,11 +61,13 @@ public class Incident extends AppCompatActivity {
61 61 // insertEvents(incidentList);
62 62  
63 63  
64   - Api.getInstance().getAllIncidents()
  64 + Api.getInstance().getAllIncidents(token)
65 65 .enqueue(new Callback<List<dataclasses.Incident>>() {
66 66  
67 67 @Override
68 68 public void onResponse(Call<List<dataclasses.Incident>> call, Response<List<dataclasses.Incident>> response) {
  69 + if (response.code() == 401) TokenEncrypter.logOut(Incident.this);
  70 +
69 71 if (response.isSuccessful()) {
70 72 List<dataclasses.Incident> incidents = response.body();
71 73  
... ... @@ -125,7 +127,7 @@ public class Incident extends AppCompatActivity {
125 127 return;
126 128 }
127 129  
128   - Api.getInstance().newAccesslogEntry(chosenEventId, response.body().getName(), response.body().getReadAccessString(), logDate).enqueue(new Callback<String>() {
  130 + Api.getInstance().newAccesslogEntry(chosenEventId, response.body().getName(), response.body().getReadAccessString(), logDate, token).enqueue(new Callback<String>() {
129 131 @Override
130 132 public void onResponse(Call<String> call, Response<String> response) {
131 133  
... ... @@ -185,7 +187,7 @@ public class Incident extends AppCompatActivity {
185 187 }
186 188 });
187 189  
188   - Api.getInstance().getEvaluation(chosenItem.getAssociatedeval()).enqueue(new Callback<Evaluation>() {
  190 + Api.getInstance().getEvaluation(chosenItem.getAssociatedeval(), token).enqueue(new Callback<Evaluation>() {
189 191 @Override
190 192 public void onResponse(Call<Evaluation> call, Response<Evaluation> response) {
191 193 Evaluation evaluation = response.body();
... ... @@ -245,7 +247,7 @@ public class Incident extends AppCompatActivity {
245 247 @Override
246 248 public void onClick(DialogInterface dialogInterface, int i) {
247 249  
248   - Api.getInstance().deleteIncident(chosenEventId).enqueue(new Callback<String>() {
  250 + Api.getInstance().deleteIncident(chosenEventId, token).enqueue(new Callback<String>() {
249 251 @Override
250 252 public void onResponse(Call<String> call, Response<String> response) {
251 253 finish();
... ...
Risiko/app/src/main/java/activity/NewEvaluation.java
... ... @@ -72,7 +72,7 @@ public class NewEvaluation extends AppCompatActivity {
72 72 }
73 73  
74 74  
75   - Api.getInstance().newEvaluation(title, UUID.randomUUID().toString() ,activityId,consequenceValue,action,outcome,probabilityValue, response.body().getName()).enqueue(new Callback<String>() {
  75 + Api.getInstance().newEvaluation(title, UUID.randomUUID().toString() ,activityId,consequenceValue,action,outcome,probabilityValue, response.body().getName(), token).enqueue(new Callback<String>() {
76 76 @Override
77 77 public void onResponse(Call<String> call, Response<String> response) {
78 78 System.out.println(response);
... ...
Risiko/app/src/main/java/activity/NewIncident.java
... ... @@ -68,11 +68,12 @@ public class NewIncident extends AppCompatActivity {
68 68  
69 69 // dbs.getAllEvaluation(evaluations);
70 70  
71   - Api.getInstance().getAllEvaluations()
  71 + Api.getInstance().getAllEvaluations(token)
72 72 .enqueue(new Callback<List<Evaluation>>() {
73 73  
74 74 @Override
75 75 public void onResponse(Call<List<dataclasses.Evaluation>> call, Response<List<dataclasses.Evaluation>> response) {
  76 + if (response.code() == 401) TokenEncrypter.logOut(NewIncident.this);
76 77 if (response.isSuccessful()) {
77 78 List<dataclasses.Evaluation> evaluations = response.body();
78 79 if (evaluations != null){
... ... @@ -105,7 +106,7 @@ public class NewIncident extends AppCompatActivity {
105 106 int chosenAccess = spinnerReadAccess.getSelectedItemPosition();
106 107 System.out.println(chosenAccess);
107 108  
108   - Api.getInstance().newIncident(date, title, id, associatedRisk, description, location, response.body().getName(), chosenAccess).enqueue(new Callback<String>() {
  109 + Api.getInstance().newIncident(date, title, id, associatedRisk, description, location, response.body().getName(), chosenAccess, token).enqueue(new Callback<String>() {
109 110 @Override
110 111 public void onResponse(Call<String> call, Response<String> response) {
111 112 System.out.println(response);
... ...
Risiko/app/src/main/java/api/Endpoints.java
... ... @@ -17,6 +17,7 @@ import retrofit2.http.DELETE;
17 17 import retrofit2.http.Field;
18 18 import retrofit2.http.FormUrlEncoded;
19 19 import retrofit2.http.GET;
  20 +import retrofit2.http.Header;
20 21 import retrofit2.http.PATCH;
21 22 import retrofit2.http.POST;
22 23 import retrofit2.http.Path;
... ... @@ -50,66 +51,66 @@ public interface Endpoints {
50 51  
51 52  
52 53 @GET("evaluation")
53   - Call<List<Evaluation>> getAllEvaluations();
  54 + Call<List<Evaluation>> getAllEvaluations(@Header("apitoken") String token);
54 55  
55 56  
56 57 @GET("evaluation/{id}")
57   - Call<Evaluation> getEvaluation(@Path("id") String id);
  58 + Call<Evaluation> getEvaluation(@Path("id") String id, @Header("apitoken") String token);
58 59  
59 60  
60 61 @GET("activity")
61   - Call<List<Activity>> getAllActivities();
  62 + Call<List<Activity>> getAllActivities(@Header("apitoken") String token);
62 63  
63 64  
64 65 @GET("incident")
65   - Call<List<Incident>> getAllIncidents();
  66 + Call<List<Incident>> getAllIncidents(@Header("apitoken") String token);
66 67  
67 68  
68 69 @GET("incident/{id}")
69   - Call<List<Incident>> getIncident(@Path("id") String id);
  70 + Call<List<Incident>> getIncident(@Path("id") String id, @Header("apitoken") String token);
70 71  
71 72 @FormUrlEncoded
72 73 @POST("incident")
73 74 Call<String> newIncident(@Field("date") String date, @Field("title") String title, @Field("id") String id, @Field("associatedEval") String associatedEval,
74   - @Field("description") String description, @Field("location") String location, @Field("createdby") String createdBy, @Field("accessby") int accessBy);
  75 + @Field("description") String description, @Field("location") String location, @Field("createdby") String createdBy, @Field("accessby") int accessBy, @Header("apitoken") String token);
75 76  
76 77 @FormUrlEncoded
77 78 @POST("evaluation")
78 79 Call<String> newEvaluation(@Field("title") String title, @Field("id") String id, @Field("associatedActivity") String associatedactivity,
79 80 @Field("consequence") int consequence, @Field("measures") String measures,
80   - @Field("outcome") String outcome, @Field("probability") int probability, @Field("createdby") String createdBy);
  81 + @Field("outcome") String outcome, @Field("probability") int probability, @Field("createdby") String createdBy, @Header("apitoken") String token);
81 82  
82 83  
83 84 @DELETE("incident/{id}")
84   - Call<String> deleteIncident(@Path("id") String id);
  85 + Call<String> deleteIncident(@Path("id") String id, @Header("apitoken") String token);
85 86  
86 87  
87 88 @DELETE("evaluation/{id}")
88   - Call<String> deleteEvaluation(@Path("id") String id);
  89 + Call<String> deleteEvaluation(@Path("id") String id, @Header("apitoken") String token);
89 90  
90 91 @FormUrlEncoded
91 92 @PATCH("evaluation/{id}")
92 93 Call<Evaluation> editEvaluation(@Path("id") String id, @Field("title") String title, @Field("outcome") String outcome, @Field("measures") String measures, @Field("consequence") int consequence,
93   - @Field("probability") int probability, @Field("associatedActivity") String associatedactivity);
  94 + @Field("probability") int probability, @Field("associatedActivity") String associatedactivity, @Header("apitoken") String token);
94 95  
95 96 @FormUrlEncoded
96 97 @PATCH("incident/{id}")
97 98 Call<Incident> editIncident(@Path("id") String id, @Field("date") String date, @Field("location") String location,
98   - @Field("title") String title, @Field("description") String description, @Field("associatedEval") String associatedEval);
  99 + @Field("title") String title, @Field("description") String description, @Field("associatedEval") String associatedEval, @Header("apitoken") String token);
99 100  
100 101 @GET("evaluation/{assosiatedeval}/evaluationlog")
101   - Call<List<EvaluationLog>> getEvaluationLog(@Path("assosiatedeval") String assosiatedeval);
  102 + Call<List<EvaluationLog>> getEvaluationLog(@Path("assosiatedeval") String assosiatedeval, @Header("apitoken") String token);
102 103  
103 104 @FormUrlEncoded
104 105 @POST("evaluationlog")
105   - Call<String> newLogEntry(@Field("name") String name, @Field("date") String date, @Field("changedfields") String changedfields, @Field("associatedeval") String associatedeval);
  106 + Call<String> newLogEntry(@Field("name") String name, @Field("date") String date, @Field("changedfields") String changedfields, @Field("associatedeval") String associatedeval, @Header("apitoken") String token);
106 107  
107 108  
108 109 @GET("/incident/{associatedincident}/accesslog")
109   - Call<List<Accesslog>> getAccesslog(@Path("associatedincident") String associatedincident);
  110 + Call<List<Accesslog>> getAccesslog(@Path("associatedincident") String associatedincident, @Header("apitoken") String token);
110 111  
111 112 @FormUrlEncoded
112 113 @POST("accesslog")
113   - Call<String> newAccesslogEntry(@Field("associatedincident") String associatedincident, @Field("name") String name, @Field("groupnr") String groupnr, @Field("date") String date);
  114 + Call<String> newAccesslogEntry(@Field("associatedincident") String associatedincident, @Field("name") String name, @Field("groupnr") String groupnr, @Field("date") String date, @Header("apitoken") String token);
114 115  
115 116 }
... ...
Thumbs.db
No preview for this file type
restApi/.idea/workspace.xml
... ... @@ -2,15 +2,6 @@
2 2 <project version="4">
3 3 <component name="ChangeListManager">
4 4 <list default="true" id="0e20d303-9de8-4113-bfd9-019e72b304dc" name="Default" comment="">
5   - <change beforePath="$PROJECT_DIR$/../Risiko/app/src/main/java/activity/Accesslog.java" beforeDir="false" afterPath="$PROJECT_DIR$/../Risiko/app/src/main/java/activity/Accesslog.java" afterDir="false" />
6   - <change beforePath="$PROJECT_DIR$/../Risiko/app/src/main/java/activity/EditEvaluation.java" beforeDir="false" afterPath="$PROJECT_DIR$/../Risiko/app/src/main/java/activity/EditEvaluation.java" afterDir="false" />
7   - <change beforePath="$PROJECT_DIR$/../Risiko/app/src/main/java/activity/EvaluationLog.java" beforeDir="false" afterPath="$PROJECT_DIR$/../Risiko/app/src/main/java/activity/EvaluationLog.java" afterDir="false" />
8   - <change beforePath="$PROJECT_DIR$/../Risiko/app/src/main/java/activity/Evaluations.java" beforeDir="false" afterPath="$PROJECT_DIR$/../Risiko/app/src/main/java/activity/Evaluations.java" afterDir="false" />
9   - <change beforePath="$PROJECT_DIR$/../Risiko/app/src/main/java/activity/NewEvaluation.java" beforeDir="false" afterPath="$PROJECT_DIR$/../Risiko/app/src/main/java/activity/NewEvaluation.java" afterDir="false" />
10   - <change beforePath="$PROJECT_DIR$/../Risiko/app/src/main/java/api/Endpoints.java" beforeDir="false" afterPath="$PROJECT_DIR$/../Risiko/app/src/main/java/api/Endpoints.java" afterDir="false" />
11   - <change beforePath="$PROJECT_DIR$/../Risiko/app/src/main/java/api/TokenEncrypter.java" beforeDir="false" afterPath="$PROJECT_DIR$/../Risiko/app/src/main/java/api/TokenEncrypter.java" afterDir="false" />
12   - <change beforePath="$PROJECT_DIR$/../Risiko/app/src/main/java/dataclasses/Evaluation.java" beforeDir="false" afterPath="$PROJECT_DIR$/../Risiko/app/src/main/java/dataclasses/Evaluation.java" afterDir="false" />
13   - <change beforePath="$PROJECT_DIR$/../Risiko/app/src/main/res/layout/popup_evaluation.xml" beforeDir="false" afterPath="$PROJECT_DIR$/../Risiko/app/src/main/res/layout/popup_evaluation.xml" afterDir="false" />
14 5 <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
15 6 <change beforePath="$PROJECT_DIR$/api/routes/routes.js" beforeDir="false" afterPath="$PROJECT_DIR$/api/routes/routes.js" afterDir="false" />
16 7 </list>
... ... @@ -24,21 +15,25 @@
24 15 <session id="535790383">
25 16 <usages-collector id="statistics.lifecycle.project">
26 17 <counts>
27   - <entry key="project.closed" value="2" />
  18 + <entry key="project.closed" value="5" />
28 19 <entry key="project.open.time.1" value="1" />
  20 + <entry key="project.open.time.10" value="1" />
  21 + <entry key="project.open.time.23" value="1" />
29 22 <entry key="project.open.time.3" value="1" />
30 23 <entry key="project.open.time.31" value="1" />
31   - <entry key="project.opened" value="3" />
  24 + <entry key="project.opened" value="5" />
32 25 </counts>
33 26 </usages-collector>
34 27 <usages-collector id="statistics.file.extensions.edit">
35 28 <counts>
36   - <entry key="js" value="3537" />
  29 + <entry key="js" value="4016" />
  30 + <entry key="json" value="1" />
37 31 </counts>
38 32 </usages-collector>
39 33 <usages-collector id="statistics.file.types.edit">
40 34 <counts>
41   - <entry key="JavaScript" value="3537" />
  35 + <entry key="JSON" value="1" />
  36 + <entry key="JavaScript" value="4016" />
42 37 </counts>
43 38 </usages-collector>
44 39 <usages-collector id="statistics.file.types.open">
... ... @@ -60,8 +55,8 @@
60 55 <file pinned="false" current-in-tab="true">
61 56 <entry file="file://$PROJECT_DIR$/api/routes/routes.js">
62 57 <provider selected="true" editor-type-id="text-editor">
63   - <state relative-caret-position="-7184">
64   - <caret line="100" lean-forward="true" selection-start-line="100" selection-end-line="100" />
  58 + <state relative-caret-position="255">
  59 + <caret line="395" column="17" lean-forward="true" selection-start-line="395" selection-start-column="17" selection-end-line="395" selection-end-column="17" />
65 60 </state>
66 61 </provider>
67 62 </entry>
... ... @@ -100,6 +95,8 @@
100 95 <find>delete</find>
101 96 <find>incid</find>
102 97 <find>post</find>
  98 + <find>hash</find>
  99 + <find>activity</find>
103 100 </findStrings>
104 101 </component>
105 102 <component name="Git.Settings">
... ... @@ -130,8 +127,8 @@
130 127 </packageJsonPaths>
131 128 </component>
132 129 <component name="ProjectFrameBounds" extendedState="6">
133   - <option name="x" value="-367" />
134   - <option name="y" value="206" />
  130 + <option name="x" value="77" />
  131 + <option name="y" value="194" />
135 132 <option name="width" value="1920" />
136 133 <option name="height" value="1080" />
137 134 </component>
... ... @@ -140,6 +137,7 @@
140 137 <foldersAlwaysOnTop value="true" />
141 138 </navigator>
142 139 <panes>
  140 + <pane id="Scope" />
143 141 <pane id="ProjectPane">
144 142 <subPane>
145 143 <expand>
... ... @@ -168,7 +166,6 @@
168 166 <select />
169 167 </subPane>
170 168 </pane>
171   - <pane id="Scope" />
172 169 </panes>
173 170 </component>
174 171 <component name="PropertiesComponent">
... ... @@ -243,24 +240,26 @@
243 240 <workItem from="1542881688157" duration="372000" />
244 241 <workItem from="1543226716067" duration="9986000" />
245 242 <workItem from="1543573540819" duration="221000" />
246   - <workItem from="1543578347496" duration="5247000" />
  243 + <workItem from="1543578347496" duration="6049000" />
  244 + <workItem from="1543588437305" duration="162000" />
  245 + <workItem from="1543589360408" duration="5812000" />
247 246 </task>
248 247 <servers />
249 248 </component>
250 249 <component name="TimeTrackingManager">
251   - <option name="totallyTimeSpent" value="45145000" />
  250 + <option name="totallyTimeSpent" value="51921000" />
252 251 </component>
253 252 <component name="ToolWindowManager">
254 253 <frame x="-8" y="-8" width="1936" height="1056" extended-state="6" />
255 254 <editor active="true" />
256 255 <layout>
257   - <window_info content_ui="combo" id="Project" order="0" sideWeight="0.6845071" visible="true" weight="0.13856691" />
  256 + <window_info content_ui="combo" id="Project" order="0" sideWeight="0.6822126" visible="true" weight="0.103793465" />
258 257 <window_info id="Structure" order="1" weight="0.25" />
259   - <window_info id="npm" order="2" sideWeight="0.31549296" side_tool="true" visible="true" weight="0.13856691" />
  258 + <window_info id="npm" order="2" sideWeight="0.3177874" side_tool="true" visible="true" weight="0.103793465" />
260 259 <window_info id="Favorites" order="3" side_tool="true" />
261 260 <window_info anchor="bottom" id="Message" order="0" />
262 261 <window_info anchor="bottom" id="Find" order="1" />
263   - <window_info active="true" anchor="bottom" id="Run" order="2" visible="true" weight="0.22993493" />
  262 + <window_info anchor="bottom" id="Run" order="2" weight="0.22993493" />
264 263 <window_info anchor="bottom" id="Debug" order="3" weight="0.39903265" />
265 264 <window_info anchor="bottom" id="Cvs" order="4" weight="0.25" />
266 265 <window_info anchor="bottom" id="Inspection" order="5" weight="0.4" />
... ... @@ -289,13 +288,6 @@
289 288 </state>
290 289 </provider>
291 290 </entry>
292   - <entry file="file://$PROJECT_DIR$/api/routes/routes.js">
293   - <provider selected="true" editor-type-id="text-editor">
294   - <state relative-caret-position="-7184">
295   - <caret line="100" lean-forward="true" selection-start-line="100" selection-end-line="100" />
296   - </state>
297   - </provider>
298   - </entry>
299 291 <entry file="file://$PROJECT_DIR$/server.js">
300 292 <provider selected="true" editor-type-id="text-editor">
301 293 <state relative-caret-position="105">
... ... @@ -317,5 +309,12 @@
317 309 </state>
318 310 </provider>
319 311 </entry>
  312 + <entry file="file://$PROJECT_DIR$/api/routes/routes.js">
  313 + <provider selected="true" editor-type-id="text-editor">
  314 + <state relative-caret-position="255">
  315 + <caret line="395" column="17" lean-forward="true" selection-start-line="395" selection-start-column="17" selection-end-line="395" selection-end-column="17" />
  316 + </state>
  317 + </provider>
  318 + </entry>
320 319 </component>
321 320 </project>
322 321 \ No newline at end of file
... ...
restApi/api/routes/routes.js
... ... @@ -104,32 +104,39 @@ var appRouter = function(app) {
104 104 */
105 105 app.get("/incident/:id", function (req, res) {
106 106  
107   - if (!req.params.id) {
108   - logEndpoint("get /incident/{id}", null, "ID missing");
109   - return res.status(400).send("No id entered");
110   - }
  107 + checkForAuthorizedUser(req.headers.apitoken, function (err, callback) {
  108 + if (err)
  109 + res.status(401).send("Unauthorized");
  110 + else {
111 111  
112   - const params = [req.params.id];
113   - db.execute('SELECT * ' +
114   - 'FROM risk.incident ' +
115   - 'WHERE id = ?',
116   - params,
117   - { prepare: true },
118   - function(err, result) {
119   - if(err) {
120   - logEndpoint("get /incident/{id}", err, null);
121   - return res.status(400).send("Bad request, see API log");
122   - } else {
123   - if (result.rows.length != 0) {
124   - logEndpoint("get /incident/{id}", err, "Success, incident returned");
125   - return res.status(200).send(result.rows[0]);
126   - } else {
127   - logEndpoint("get /incident/{id}", err, "Success but id not found in database");
128   - return res.status(204).send("Id not found in database");
129   - }
  112 + if (!req.params.id) {
  113 + logEndpoint("get /incident/{id}", null, "ID missing");
  114 + return res.status(400).send("No id entered");
130 115 }
  116 +
  117 + const params = [req.params.id];
  118 + db.execute('SELECT * ' +
  119 + 'FROM risk.incident ' +
  120 + 'WHERE id = ?',
  121 + params,
  122 + {prepare: true},
  123 + function (err, result) {
  124 + if (err) {
  125 + logEndpoint("get /incident/{id}", err, null);
  126 + return res.status(400).send("Bad request, see API log");
  127 + } else {
  128 + if (result.rows.length != 0) {
  129 + logEndpoint("get /incident/{id}", err, "Success, incident returned");
  130 + return res.status(200).send(result.rows[0]);
  131 + } else {
  132 + logEndpoint("get /incident/{id}", err, "Success but id not found in database");
  133 + return res.status(204).send("Id not found in database");
  134 + }
  135 + }
  136 + }
  137 + );
131 138 }
132   - );
  139 + });
133 140 });
134 141  
135 142 /**
... ... @@ -137,24 +144,31 @@ var appRouter = function(app) {
137 144 */
138 145 app.get("/incident", function (req, res) {
139 146  
140   - db.execute('SELECT * ' +
141   - 'FROM risk.incident',
142   - function (err, result) {
143   - if(err) {
144   - logEndpoint("get /incident", err, null);
145   - return res.status(400).send("Bad request, see API log");
146   -
147   - } else {
148   - if (result.rows.length != 0) {
149   - logEndpoint("get /incident", err, "Success. All incidents returned");
150   - return res.status(200).send(result.rows);
151   - } else {
152   - logEndpoint("get /incident", err, "Success but no incidents found in database");
153   - return res.status(204).send("No registered incidents");
154   - }
155   - }
156   - }
157   - );
  147 + checkForAuthorizedUser(req.headers.apitoken, function (err, callback) {
  148 + if (err)
  149 + res.status(401).send("Unauthorized");
  150 + else {
  151 +
  152 + db.execute('SELECT * ' +
  153 + 'FROM risk.incident',
  154 + function (err, result) {
  155 + if (err) {
  156 + logEndpoint("get /incident", err, null);
  157 + return res.status(400).send("Bad request, see API log");
  158 +
  159 + } else {
  160 + if (result.rows.length != 0) {
  161 + logEndpoint("get /incident", err, "Success. All incidents returned");
  162 + return res.status(200).send(result.rows);
  163 + } else {
  164 + logEndpoint("get /incident", err, "Success but no incidents found in database");
  165 + return res.status(204).send("No registered incidents");
  166 + }
  167 + }
  168 + }
  169 + );
  170 + }
  171 + });
158 172 });
159 173  
160 174 /**
... ... @@ -162,23 +176,30 @@ var appRouter = function(app) {
162 176 */
163 177 app.post("/incident", function(req, res) {
164 178  
165   - // All these parameters must exist in the body with the exact name for this method to work
166   - if(!req.body.date || !req.body.location || !req.body.title || !req.body.description || !req.body.associatedEval || !req.body.createdby || !req.body.accessby) {
167   - logEndpoint("post /incident", null, "Missing params in body");
168   - return res.status(400).send("Missing params");
169   - } else {
170   - const query = 'INSERT INTO risk.incident(id, date, location, title, description, associatedEval, createdby, accessby) ' +
171   - 'VALUES(?,?,?,?,?,?,?,?)';
172   - const params = [uuid(), new Date(req.body.date), req.body.location, req.body.title, req.body.description, req.body.associatedEval, req.body.createdby, req.body.accessby];
173   - db.execute(query, params, { prepare: true }, function (err) {
174   - if (err) {
175   - logEndpoint("post /incident", err, "Bad request, see API log");
176   - return res.status(400).send("Bad Request");
  179 + checkForAuthorizedUser(req.headers.apitoken, function (err, callback) {
  180 + if (err)
  181 + res.status(401).send("Unauthorized");
  182 + else {
  183 +
  184 + // All these parameters must exist in the body with the exact name for this method to work
  185 + if (!req.body.date || !req.body.location || !req.body.title || !req.body.description || !req.body.associatedEval || !req.body.createdby || !req.body.accessby) {
  186 + logEndpoint("post /incident", null, "Missing params in body");
  187 + return res.status(400).send("Missing params");
  188 + } else {
  189 + const query = 'INSERT INTO risk.incident(id, date, location, title, description, associatedEval, createdby, accessby) ' +
  190 + 'VALUES(?,?,?,?,?,?,?,?)';
  191 + const params = [uuid(), new Date(req.body.date), req.body.location, req.body.title, req.body.description, req.body.associatedEval, req.body.createdby, req.body.accessby];
  192 + db.execute(query, params, {prepare: true}, function (err) {
  193 + if (err) {
  194 + logEndpoint("post /incident", err, "Bad request, see API log");
  195 + return res.status(400).send("Bad Request");
  196 + }
  197 + logEndpoint("post /incident", err, "Success, incident created");
  198 + return res.status(200).send("Incident Created");
  199 + });
177 200 }
178   - logEndpoint("post /incident", err, "Success, incident created");
179   - return res.status(200).send("Incident Created");
180   - });
181   - }
  201 + }
  202 + });
182 203 });
183 204  
184 205 /**
... ... @@ -186,31 +207,38 @@ var appRouter = function(app) {
186 207 */
187 208 app.patch("/incident/:id", function (req, res) {
188 209  
189   - if (!req.params.id) {
190   - logEndpoint("patch /incident", null, "ID missing");
191   - return res.status(400).send("Missing id");
192   - }
  210 + checkForAuthorizedUser(req.headers.apitoken, function (err, callback) {
  211 + if (err)
  212 + res.status(401).send("Unauthorized");
  213 + else {
193 214  
194   - if (!req.body.date || !req.body.location || !req.body.title || !req.body.description || !req.body.associatedEval) {
195   - logEndpoint("patch /incident", null, "Missing params in body");
196   - return res.status(400).send("Missing params");
197   - }
  215 + if (!req.params.id) {
  216 + logEndpoint("patch /incident", null, "ID missing");
  217 + return res.status(400).send("Missing id");
  218 + }
198 219  
199   - const params = [new Date(req.body.date), req.body.location, req.body.title, req.body.description, req.body.associatedEval, req.params.id];
200   - db.execute("UPDATE risk.incident " +
201   - "SET date=?, location=?, title=?, description=?, associatedEval=? " +
202   - "WHERE id=?",
203   - params,
204   - { prepare: true },
205   - function (err) {
206   - if (err) {
207   - logEndpoint("patch /incident", err, "Bad request, see API log");
208   - return res.status(400).send("Bad Request");
  220 + if (!req.body.date || !req.body.location || !req.body.title || !req.body.description || !req.body.associatedEval) {
  221 + logEndpoint("patch /incident", null, "Missing params in body");
  222 + return res.status(400).send("Missing params");
209 223 }
210   - logEndpoint("patch /incident", err, "Success, incident updated");
211   - return res.status(200).send("Incident updated");
  224 +
  225 + const params = [new Date(req.body.date), req.body.location, req.body.title, req.body.description, req.body.associatedEval, req.params.id];
  226 + db.execute("UPDATE risk.incident " +
  227 + "SET date=?, location=?, title=?, description=?, associatedEval=? " +
  228 + "WHERE id=?",
  229 + params,
  230 + {prepare: true},
  231 + function (err) {
  232 + if (err) {
  233 + logEndpoint("patch /incident", err, "Bad request, see API log");
  234 + return res.status(400).send("Bad Request");
  235 + }
  236 + logEndpoint("patch /incident", err, "Success, incident updated");
  237 + return res.status(200).send("Incident updated");
  238 + }
  239 + );
212 240 }
213   - );
  241 + });
214 242 });
215 243  
216 244 /**
... ... @@ -218,25 +246,32 @@ var appRouter = function(app) {
218 246 */
219 247 app.delete("/incident/:id", function (req, res) {
220 248  
221   - if (!req.params.id) {
222   - logEndpoint("delete /incident", null, "ID missing");
223   - return res.status(400).send("Missing id");
224   - }
  249 + checkForAuthorizedUser(req.headers.apitoken, function (err, callback) {
  250 + if (err)
  251 + res.status(401).send("Unauthorized");
  252 + else {
225 253  
226   - const params = [req.params.id];
227   - db.execute("DELETE FROM risk.incident " +
228   - "WHERE id = ?",
229   - params,
230   - { prepare: true },
231   - function (err) {
232   - if (err) {
233   - logEndpoint("delete /incident", err, "Bad request, see API log");
234   - return res.status(400).send("Bad request");
  254 + if (!req.params.id) {
  255 + logEndpoint("delete /incident", null, "ID missing");
  256 + return res.status(400).send("Missing id");
235 257 }
236   - logEndpoint("delete /incident", err, "Success, incident deleted");
237   - return res.status(200).send("Incident deleted");
  258 +
  259 + const params = [req.params.id];
  260 + db.execute("DELETE FROM risk.incident " +
  261 + "WHERE id = ?",
  262 + params,
  263 + {prepare: true},
  264 + function (err) {
  265 + if (err) {
  266 + logEndpoint("delete /incident", err, "Bad request, see API log");
  267 + return res.status(400).send("Bad request");
  268 + }
  269 + logEndpoint("delete /incident", err, "Success, incident deleted");
  270 + return res.status(200).send("Incident deleted");
  271 + }
  272 + );
238 273 }
239   - );
  274 + });
240 275 });
241 276  
242 277  
... ... @@ -245,32 +280,39 @@ var appRouter = function(app) {
245 280 */
246 281 app.get("/evaluation/:id", function (req, res) {
247 282  
248   - if (!req.params.id) {
249   - logEndpoint("get /evaluation/{id}", null, "ID missing");
250   - return req.status(400).send("No id entered");
251   - }
  283 + checkForAuthorizedUser(req.headers.apitoken, function (err, callback) {
  284 + if (err)
  285 + res.status(401).send("Unauthorized");
  286 + else {
252 287  
253   - const params = [req.params.id];
254   - db.execute('SELECT * ' +
255   - 'FROM risk.evaluation ' +
256   - 'WHERE id = ?',
257   - params,
258   - { prepare: true},
259   - function(err, result) {
260   - if(err) {
261   - logEndpoint("get /evaluation/{id}", err, "Bad request, see API log");
262   - return res.status(400).send("Bad request, see API log")
263   - } else {
264   - if (result.rows.length != 0) {
265   - logEndpoint("get /evaluation/{id}", err, "Success, evaluation returned");
266   - return res.status(200).send(result.rows[0]);
267   - } else {
268   - logEndpoint("get /evaluation/{id}", err, "Success but evaluation not found in database");
269   - return res.status(204).send("Id not found in database");
270   - }
  288 + if (!req.params.id) {
  289 + logEndpoint("get /evaluation/{id}", null, "ID missing");
  290 + return req.status(400).send("No id entered");
271 291 }
  292 +
  293 + const params = [req.params.id];
  294 + db.execute('SELECT * ' +
  295 + 'FROM risk.evaluation ' +
  296 + 'WHERE id = ?',
  297 + params,
  298 + {prepare: true},
  299 + function (err, result) {
  300 + if (err) {
  301 + logEndpoint("get /evaluation/{id}", err, "Bad request, see API log");
  302 + return res.status(400).send("Bad request, see API log")
  303 + } else {
  304 + if (result.rows.length != 0) {
  305 + logEndpoint("get /evaluation/{id}", err, "Success, evaluation returned");
  306 + return res.status(200).send(result.rows[0]);
  307 + } else {
  308 + logEndpoint("get /evaluation/{id}", err, "Success but evaluation not found in database");
  309 + return res.status(204).send("Id not found in database");
  310 + }
  311 + }
  312 + }
  313 + );
272 314 }
273   - );
  315 + });
274 316 });
275 317  
276 318  
... ... @@ -279,24 +321,31 @@ var appRouter = function(app) {
279 321 */
280 322 app.get("/evaluation", function (req, res) {
281 323  
282   - db.execute('SELECT * ' +
283   - 'FROM risk.evaluation',
284   - function (err, result) {
285   - if(err) {
286   - logEndpoint("get /evaluation/", err, "Bad request, see API log");
287   - return res.status(400).send("Bad Request");
288   -
289   - } else {
290   - if (result.rows.length != 0) {
291   - logEndpoint("get /evaluation/", err, "Success, all evaluations returned");
292   - return res.status(200).send(result.rows);
293   - } else {
294   - logEndpoint("get /evaluation/", err, "Success but no evaluations found in database");
295   - return res.status(204).send("No registered evaluations");
  324 + checkForAuthorizedUser(req.headers.apitoken, function (err, callback) {
  325 + if (err)
  326 + res.status(401).send("Unauthorized");
  327 + else {
  328 +
  329 + db.execute('SELECT * ' +
  330 + 'FROM risk.evaluation',
  331 + function (err, result) {
  332 + if (err) {
  333 + logEndpoint("get /evaluation/", err, "Bad request, see API log");
  334 + return res.status(400).send("Bad Request");
  335 +
  336 + } else {
  337 + if (result.rows.length != 0) {
  338 + logEndpoint("get /evaluation/", err, "Success, all evaluations returned");
  339 + return res.status(200).send(result.rows);
  340 + } else {
  341 + logEndpoint("get /evaluation/", err, "Success but no evaluations found in database");
  342 + return res.status(204).send("No registered evaluations");
  343 + }
  344 + }
296 345 }
297   - }
  346 + );
298 347 }
299   - );
  348 + });
300 349 });
301 350  
302 351 /**
... ... @@ -304,22 +353,29 @@ var appRouter = function(app) {
304 353 */
305 354 app.post("/evaluation", function(req, res) {
306 355  
307   - if(!req.body.title || !req.body.outcome || !req.body.measures || !req.body.consequence || !req.body.probability || !req.body.associatedActivity || !req.body.createdby) {
308   - logEndpoint("post /evaluation/", null, "Missing params in body");
309   - return res.status(400).send("Missing params");
310   - } else {
311   - const query = 'INSERT INTO risk.evaluation(id, title, outcome, measures, consequence, probability, associatedActivity, createdby) ' +
312   - 'VALUES(?,?,?,?,?,?,?,?)';
313   - const params = [uuid(), req.body.title, req.body.outcome, req.body.measures, req.body.consequence, req.body.probability, req.body.associatedActivity, req.body.createdby];
314   - db.execute(query, params, { prepare: true }, function (err) {
315   - if (err) {
316   - logEndpoint("post /evaluation/", err, "Bad request, see API log");
317   - return res.status(400).send("Bad Request");
  356 + checkForAuthorizedUser(req.headers.apitoken, function (err, callback) {
  357 + if (err)
  358 + res.status(401).send("Unauthorized");
  359 + else {
  360 +
  361 + if (!req.body.title || !req.body.outcome || !req.body.measures || !req.body.consequence || !req.body.probability || !req.body.associatedActivity || !req.body.createdby) {
  362 + logEndpoint("post /evaluation/", null, "Missing params in body");
  363 + return res.status(400).send("Missing params");
  364 + } else {
  365 + const query = 'INSERT INTO risk.evaluation(id, title, outcome, measures, consequence, probability, associatedActivity, createdby) ' +
  366 + 'VALUES(?,?,?,?,?,?,?,?)';
  367 + const params = [uuid(), req.body.title, req.body.outcome, req.body.measures, req.body.consequence, req.body.probability, req.body.associatedActivity, req.body.createdby];
  368 + db.execute(query, params, {prepare: true}, function (err) {
  369 + if (err) {
  370 + logEndpoint("post /evaluation/", err, "Bad request, see API log");
  371 + return res.status(400).send("Bad Request");
  372 + }
  373 + logEndpoint("post /evaluation/", err, "Success, evaluation created");
  374 + return res.status(200).send("Evaluation Created");
  375 + })
318 376 }
319   - logEndpoint("post /evaluation/", err, "Success, evaluation created");
320   - return res.status(200).send("Evaluation Created");
321   - })
322   - }
  377 + }
  378 + });
323 379 });
324 380  
325 381  
... ... @@ -329,25 +385,32 @@ var appRouter = function(app) {
329 385  
330 386 app.delete("/evaluation/:id", function (req, res) {
331 387  
332   - if (!req.params.id) {
333   - logEndpoint("delete /evaluation", null, "ID missing");
334   - return res.status(400).send("Missing id");
335   - }
  388 + checkForAuthorizedUser(req.headers.apitoken, function (err, callback) {
  389 + if (err)
  390 + res.status(401).send("Unauthorized");
  391 + else {
336 392  
337   - const params = [req.params.id];
338   - db.execute("DELETE FROM risk.evaluation " +
339   - "WHERE id = ?",
340   - params,
341   - { prepare: true },
342   - function (err) {
343   - if (err) {
344   - logEndpoint("delete /evaluation", err, "Bad request, see API log");
345   - return res.status(400).send("Bad request");
  393 + if (!req.params.id) {
  394 + logEndpoint("delete /evaluation", null, "ID missing");
  395 + return res.status(400).send("Missing id");
346 396 }
347   - logEndpoint("delete /evaluation", err, "Success, evaluation deleted");
348   - return res.status(200).send("Evaluation deleted");
  397 +
  398 + const params = [req.params.id];
  399 + db.execute("DELETE FROM risk.evaluation " +
  400 + "WHERE id = ?",
  401 + params,
  402 + {prepare: true},
  403 + function (err) {
  404 + if (err) {
  405 + logEndpoint("delete /evaluation", err, "Bad request, see API log");
  406 + return res.status(400).send("Bad request");
  407 + }
  408 + logEndpoint("delete /evaluation", err, "Success, evaluation deleted");
  409 + return res.status(200).send("Evaluation deleted");
  410 + }
  411 + );
349 412 }
350   - );
  413 + });
351 414 });
352 415  
353 416  
... ... @@ -357,31 +420,38 @@ var appRouter = function(app) {
357 420 */
358 421 app.patch("/evaluation/:id", function (req, res) {
359 422  
360   - if (!req.params.id) {
361   - logEndpoint("patch /evaluation", null, "ID missing");
362   - return res.status(400).send("Missing id");
363   - }
  423 + checkForAuthorizedUser(req.headers.apitoken, function (err, callback) {
  424 + if (err)
  425 + res.status(401).send("Unauthorized");
  426 + else {
364 427  
365   - if (!req.body.title || !req.body.outcome || !req.body.measures || !req.body.consequence || !req.body.probability || !req.body.associatedActivity) {
366   - logEndpoint("patch /evaluation", null, "Missing params in body");
367   - return res.status(400).send("Missing params");
368   - }
  428 + if (!req.params.id) {
  429 + logEndpoint("patch /evaluation", null, "ID missing");
  430 + return res.status(400).send("Missing id");
  431 + }
369 432  
370   - const params = [req.body.title, req.body.outcome, req.body.measures, req.body.consequence, req.body.probability, req.body.associatedActivity, req.params.id];
371   - db.execute("UPDATE risk.evaluation " +
372   - "SET title=?, outcome=?, measures=?, consequence=?, probability=?, associatedActivity=? " +
373   - "WHERE id=?",
374   - params,
375   - { prepare: true },
376   - function (err) {
377   - if (err) {
378   - logEndpoint("patch /evaluation", err, "Bad request, see API log");
379   - return res.status(400).send("Bad Request");
  433 + if (!req.body.title || !req.body.outcome || !req.body.measures || !req.body.consequence || !req.body.probability || !req.body.associatedActivity) {
  434 + logEndpoint("patch /evaluation", null, "Missing params in body");
  435 + return res.status(400).send("Missing params");
380 436 }
381   - logEndpoint("patch /evaluation", err, "Success, evaluation updated");
382   - return res.status(200).send("Evaluation updated");
  437 +
  438 + const params = [req.body.title, req.body.outcome, req.body.measures, req.body.consequence, req.body.probability, req.body.associatedActivity, req.params.id];
  439 + db.execute("UPDATE risk.evaluation " +
  440 + "SET title=?, outcome=?, measures=?, consequence=?, probability=?, associatedActivity=? " +
  441 + "WHERE id=?",
  442 + params,
  443 + {prepare: true},
  444 + function (err) {
  445 + if (err) {
  446 + logEndpoint("patch /evaluation", err, "Bad request, see API log");
  447 + return res.status(400).send("Bad Request");
  448 + }
  449 + logEndpoint("patch /evaluation", err, "Success, evaluation updated");
  450 + return res.status(200).send("Evaluation updated");
  451 + }