#40 adding mysql connect as injection

gemeinsamforschen/src/main/java/unipotsdam/gf/config/GFApplicationBinder.java

 package unipotsdam.gf.config;
 
 import org.glassfish.hk2.utilities.binding.AbstractBinder;
+import unipotsdam.gf.core.database.mysql.MysqlConnect;
 import unipotsdam.gf.core.management.Management;
 import unipotsdam.gf.core.management.ManagementImpl;
 import unipotsdam.gf.core.management.group.GroupDAO;
@@ -45,6 +46,7 @@ public class GFApplicationBinder extends AbstractBinder {
         bind(UserDAO.class).to(UserDAO.class);
         bind(ProjectDAO.class).to(ProjectDAO.class);
         bind(GroupDAO.class).to(GroupDAO.class);
+        bind(MysqlConnect.class).to(MysqlConnect.class);
 
     }
 }

gemeinsamforschen/src/main/java/unipotsdam/gf/core/database/mysql/MysqlConnect.java

@@ -3,152 +3,160 @@ package unipotsdam.gf.core.database.mysql;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import unipotsdam.gf.config.GFDatabaseConfig;
-import unipotsdam.gf.modules.communication.view.CommunicationView;
 
-import java.sql.*;
+import javax.annotation.ManagedBean;
+import javax.annotation.Resource;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Types;
 import java.util.Date;
 
+@ManagedBean
+@Resource
 public class MysqlConnect {
 
-	private static final Logger log = LoggerFactory.getLogger(MysqlConnect.class);
-
-	public Connection conn = null;
-
-	private static String createConnectionString() {
-
-		String connString = "jdbc:mysql://" + "localhost" +
-				"/" + GFDatabaseConfig.DB_NAME +
-				"?user=" + GFDatabaseConfig.USER +
-				"&password=" + GFDatabaseConfig.PASS;
-		return String.format(connString, GFDatabaseConfig.DB_NAME);
-	}
-
-	public void connect() {
-		try {
-			try {
-				Class.forName("com.mysql.jdbc.Driver");
-			} catch (ClassNotFoundException ex) {
-				System.out.println(ex); //logger?
-			}
-			conn = DriverManager.getConnection(createConnectionString());
-		} catch (SQLException ex) {
-			System.out.println("SQLException: " + ex.getMessage());
-			System.out.println("SQLState: " + ex.getSQLState());
-			System.out.println("VendorError: " + ex.getErrorCode());
-			throw new Error("could not connect to mysql");
-		}
-	}
-
-
-	public void close() {
-		try {
-			if (conn != null) {
-				conn.close();
-			}
-		} catch (final SQLException e) {
-			log.error(e.toString());
-			throw new Error("could not close mysql");
-		}
-	}
-
-	private PreparedStatement addParameters(final String statement, final Object[] args) {
-		try {
-			final PreparedStatement ps = conn.prepareStatement(statement);
-			if (args != null) {
-				for (int i = 0; i < args.length; i++) {
-					final Object arg = args[i];
-					setParam(ps, arg, i + 1);
-				}
-			}
-			return ps;
-		} catch (SQLException ex) {
-			log.error(ex.toString());
-			System.out.println(ex);
-		}
-		return null;
-	}
-
-
-	public VereinfachtesResultSet issueSelectStatement(final String statement, final Object... args) {
-		try {
-			PreparedStatement ps = addParameters(statement, args);
-			ResultSet queryResult = ps.executeQuery();
-			return new VereinfachtesResultSet(queryResult);
-		} catch (SQLException ex) {
-			log.error(ex.toString());
-			System.out.println(ex);
-		}
-		return null;
-	}
-
-
-	public void otherStatements(final String statement) {
-		try {
-			this.conn.createStatement().execute(statement);
-		} catch (SQLException ex) {
-			log.error(ex.toString());
-			System.out.println(ex);
-		}
-	}
-
-
-	public Integer issueUpdateStatement(final String statement, final Object... args) {
-		PreparedStatement ps = addParameters(statement, args);
-		try {
-			return ps.executeUpdate();
-		} catch (SQLException ex) {
-			log.error(ex.toString());
-			System.out.println(ex);
-		}
-		return null;
-	}
-
-
-	public void issueInsertOrDeleteStatement(final String statement, final Object... args) {
-		PreparedStatement ps = addParameters(statement, args);
-		try {
-			ps.execute();
-		} catch (SQLException ex) {
-
-			log.error(ex.toString());
-			System.out.println(ex);
-		}
-	}
-
-	private void setParam(final PreparedStatement ps, final Object arg, final int i) throws SQLException {
-		if (arg instanceof String) {
-			ps.setString(i, (String) arg);
-		} else if (arg instanceof Integer) {
-			ps.setInt(i, (Integer) arg);
-		} else if (arg instanceof Double) {
-			ps.setDouble(i, (Double) arg);
-		} else if (arg instanceof Boolean) {
-			ps.setBoolean(i, (Boolean) arg);
-		} else if (arg instanceof Float) {
-			ps.setFloat(i, (Float) arg);
-		} else if (arg instanceof Short) {
-			ps.setShort(i, (Short) arg);
-		} else if (arg instanceof Long) {
-			ps.setLong(i, (Long) arg);
-		} else if (arg instanceof Byte) {
-			ps.setByte(i, (Byte) arg);
-		} else if (arg instanceof Character) {
-			ps.setString(i, arg.toString());
-		} else if (arg instanceof Date) {
-			final java.sql.Date d = new java.sql.Date(((Date) arg).getTime());
-			ps.setDate(i, d);
-		} else if (arg == null) {
-			ps.setNull(i, Types.NULL);
-		} else {
-			ps.setString(i, arg.toString());
-		}
-	}
-
-	public Connection getConnection() {
-		return conn;
-	}
-
-	public void setConnection(Connection conn) {
-		this.conn = conn;
-	}
+    private static final Logger log = LoggerFactory.getLogger(MysqlConnect.class);
+
+    public Connection conn = null;
+
+    private static String createConnectionString() {
+
+        String connString = "jdbc:mysql://" + "localhost" +
+                "/" + GFDatabaseConfig.DB_NAME +
+                "?user=" + GFDatabaseConfig.USER +
+                "&password=" + GFDatabaseConfig.PASS;
+        return String.format(connString, GFDatabaseConfig.DB_NAME);
+    }
+
+    public void connect() {
+        try {
+            try {
+                Class.forName("com.mysql.jdbc.Driver");
+            } catch (ClassNotFoundException ex) {
+                System.out.println(ex); //logger?
+            }
+            conn = DriverManager.getConnection(createConnectionString());
+        } catch (SQLException ex) {
+            System.out.println("SQLException: " + ex.getMessage());
+            System.out.println("SQLState: " + ex.getSQLState());
+            System.out.println("VendorError: " + ex.getErrorCode());
+            throw new Error("could not connect to mysql");
+        }
+    }
+
+
+    public void close() {
+        try {
+            if (conn != null) {
+                conn.close();
+            }
+        } catch (final SQLException e) {
+            log.error(e.toString());
+            throw new Error("could not close mysql");
+        }
+    }
+
+    private PreparedStatement addParameters(final String statement, final Object[] args) {
+        try {
+            final PreparedStatement ps = conn.prepareStatement(statement);
+            if (args != null) {
+                for (int i = 0; i < args.length; i++) {
+                    final Object arg = args[i];
+                    setParam(ps, arg, i + 1);
+                }
+            }
+            return ps;
+        } catch (SQLException ex) {
+            log.error(ex.toString());
+            System.out.println(ex);
+        }
+        return null;
+    }
+
+
+    public VereinfachtesResultSet issueSelectStatement(final String statement, final Object... args) {
+        try {
+            PreparedStatement ps = addParameters(statement, args);
+            ResultSet queryResult = ps.executeQuery();
+            return new VereinfachtesResultSet(queryResult);
+        } catch (SQLException ex) {
+            log.error(ex.toString());
+            System.out.println(ex);
+        }
+        return null;
+    }
+
+
+    public void otherStatements(final String statement) {
+        try {
+            this.conn.createStatement().execute(statement);
+        } catch (SQLException ex) {
+            log.error(ex.toString());
+            System.out.println(ex);
+        }
+    }
+
+
+    public Integer issueUpdateStatement(final String statement, final Object... args) {
+        PreparedStatement ps = addParameters(statement, args);
+        try {
+            return ps.executeUpdate();
+        } catch (SQLException ex) {
+            log.error(ex.toString());
+            System.out.println(ex);
+        }
+        return null;
+    }
+
+
+    public void issueInsertOrDeleteStatement(final String statement, final Object... args) {
+        PreparedStatement ps = addParameters(statement, args);
+        try {
+            ps.execute();
+        } catch (SQLException ex) {
+
+            log.error(ex.toString());
+            System.out.println(ex);
+        }
+    }
+
+    private void setParam(final PreparedStatement ps, final Object arg, final int i) throws SQLException {
+        if (arg instanceof String) {
+            ps.setString(i, (String) arg);
+        } else if (arg instanceof Integer) {
+            ps.setInt(i, (Integer) arg);
+        } else if (arg instanceof Double) {
+            ps.setDouble(i, (Double) arg);
+        } else if (arg instanceof Boolean) {
+            ps.setBoolean(i, (Boolean) arg);
+        } else if (arg instanceof Float) {
+            ps.setFloat(i, (Float) arg);
+        } else if (arg instanceof Short) {
+            ps.setShort(i, (Short) arg);
+        } else if (arg instanceof Long) {
+            ps.setLong(i, (Long) arg);
+        } else if (arg instanceof Byte) {
+            ps.setByte(i, (Byte) arg);
+        } else if (arg instanceof Character) {
+            ps.setString(i, arg.toString());
+        } else if (arg instanceof Date) {
+            final java.sql.Date d = new java.sql.Date(((Date) arg).getTime());
+            ps.setDate(i, d);
+        } else if (arg == null) {
+            ps.setNull(i, Types.NULL);
+        } else {
+            ps.setString(i, arg.toString());
+        }
+    }
+
+    public Connection getConnection() {
+        return conn;
+    }
+
+    public void setConnection(Connection conn) {
+        this.conn = conn;
+    }
 }

gemeinsamforschen/src/main/java/unipotsdam/gf/core/management/group/GroupDAO.java

@@ -7,6 +7,7 @@ import unipotsdam.gf.core.management.util.ResultSetUtil;
 
 import javax.annotation.ManagedBean;
 import javax.annotation.Resource;
+import javax.inject.Inject;
 import javax.inject.Singleton;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -18,8 +19,14 @@ import java.util.List;
 @Singleton
 public class GroupDAO {
 
+    private MysqlConnect connect;
+
+    @Inject
+    public GroupDAO(MysqlConnect connect) {
+        this.connect = connect;
+    }
+
     public void persist(Group group) {
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
 
         String mysqlRequestGroup = "INSERT INTO groups (`projectId`,`chatRoomId`) values (?,?)";
@@ -33,11 +40,10 @@ public class GroupDAO {
     }
 
     public void update(Group group) {
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
         String mysqlRequest = "UPDATE group SET projectId=?,chatRoomid=?";
         connect.issueUpdateStatement(mysqlRequest, group.getProjectId(), group.getChatRoomId());
-
+        connect.close();
         // TODO: implement update of groupuser if needed later (if member list need to be updated)
     }
 
@@ -56,7 +62,6 @@ public class GroupDAO {
     }
 
     public List<Group> getGroupsByProjectId(String projectId) {
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
         String mysqlRequest = "SELECT * FROM groups g " +
                 "JOIN groupuser gu ON g.id=gu.groupId " + "JOIN users u ON gu.userEmail=u.email" +
@@ -69,11 +74,11 @@ public class GroupDAO {
         }
         ArrayList<Group> groups = new ArrayList<>();
         groupHashMap.forEach((key, group) -> groups.add(group));
+
+        connect.close();
         if (groups.isEmpty()) {
             return null;
         }
-        connect.close();
-
         return groups;
     }
 

gemeinsamforschen/src/main/java/unipotsdam/gf/core/management/project/ProjectDAO.java

@@ -6,6 +6,7 @@ import unipotsdam.gf.core.states.ProjectPhase;
 
 import javax.annotation.ManagedBean;
 import javax.annotation.Resource;
+import javax.inject.Inject;
 import javax.inject.Singleton;
 import java.sql.Timestamp;
 import java.util.UUID;
@@ -15,12 +16,17 @@ import java.util.UUID;
 @Singleton
 public class ProjectDAO {
 
+    private MysqlConnect connect;
+
+    @Inject
+    public ProjectDAO(MysqlConnect connect) {
+        this.connect = connect;
+    }
+
     public void persist(Project project) {
         UUID uuid = UUID.randomUUID();
         String token = uuid.toString();
 
-
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
         String mysqlRequest =
                 "INSERT INTO projects (`id`, `password`, `active`, `timecreated`, `author`, "
@@ -32,7 +38,6 @@ public class ProjectDAO {
     }
 
     public void delete(Project project) {
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
         String mysqlRequest = "DELETE FROM projects where id = (?)";
         connect.issueInsertOrDeleteStatement(mysqlRequest, project.getId());
@@ -44,7 +49,6 @@ public class ProjectDAO {
 
     public Boolean exists(Project project) {
         Boolean result;
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
         String mysqlRequest = "SELECT * FROM projects where id = ? and adminPassword = ?";
         VereinfachtesResultSet vereinfachtesResultSet =
@@ -55,7 +59,6 @@ public class ProjectDAO {
     }
 
     public Project getProjectById(String id) {
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
         String mysqlRequest = "SELECT * FROM projects where id = ?";
         VereinfachtesResultSet vereinfachtesResultSet =

gemeinsamforschen/src/main/java/unipotsdam/gf/core/management/user/UserDAO.java

@@ -7,6 +7,7 @@ import unipotsdam.gf.core.management.util.ResultSetUtil;
 
 import javax.annotation.ManagedBean;
 import javax.annotation.Resource;
+import javax.inject.Inject;
 import javax.inject.Singleton;
 import java.util.ArrayList;
 import java.util.List;
@@ -17,11 +18,18 @@ import java.util.UUID;
 @Singleton
 public class UserDAO {
 
+
+    private MysqlConnect connect;
+
+    @Inject
+    public UserDAO(MysqlConnect connect) {
+        this.connect = connect;
+    }
+
     public void persist(User user, UserProfile profile) {
         UUID uuid = UUID.randomUUID();
         String token = uuid.toString();
 
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
         String mysqlRequest = "INSERT INTO users (`name`, `password`, `email`, `token`,`isStudent`," +
                 "`rocketChatId`,`rocketChatAuthToken`) values (?,?,?,?,?,?,?)";
@@ -33,7 +41,6 @@ public class UserDAO {
     }
 
     public void delete(User user) {
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
         String mysqlRequest = "DELETE FROM users where email = (?)";
         connect.issueInsertOrDeleteStatement(mysqlRequest, user.getEmail());
@@ -41,7 +48,6 @@ public class UserDAO {
     }
 
     public void update(User user) {
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
         String mysqlRequest = "UPDATE `users` SET `name`=?,`password`=?,`email`=?,`token`=?,`isStudent`=?," +
                 "`rocketChatId`=?,`rocketChatAuthToken`=? WHERE email=? LIMIT 1";
@@ -55,7 +61,6 @@ public class UserDAO {
 
     public boolean exists(User user) {
         boolean result;
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
         String mysqlRequest = "SELECT * FROM users where email = ? and password = ?";
         VereinfachtesResultSet vereinfachtesResultSet =
@@ -73,7 +78,6 @@ public class UserDAO {
                         + " WHERE pu.projectId = ?";
 
         ArrayList<User> result = new ArrayList<>();
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
         VereinfachtesResultSet vereinfachtesResultSet = connect.issueSelectStatement(query, project.getId());
         while (!vereinfachtesResultSet.isLast()) {
@@ -92,7 +96,6 @@ public class UserDAO {
     }
 
     public String getUserToken(User user) {
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
         String mysqlRequest = "SELECT * FROM users where email = ? and password = ?";
         VereinfachtesResultSet vereinfachtesResultSet =
@@ -116,7 +119,6 @@ public class UserDAO {
     }
 
     private User getUserByField(String field, String value) {
-        MysqlConnect connect = new MysqlConnect();
         connect.connect();
         String mysqlRequest = "SELECT * FROM users where " + field + " = ?";
         VereinfachtesResultSet vereinfachtesResultSet =
@@ -131,6 +133,4 @@ public class UserDAO {
             return null;
         }
     }
-
-
 }