Switching individual_profile_from_login_password to POST

The CCB API has changed such that the individual_profile_from_login_password API now expects the username and password to be sent as a form body.
author: Jesse Morgan <jesse@jesterpm.net> 2016-09-21 21:56:57 -0700
committer: Jesse Morgan <jesse@jesterpm.net> 2016-09-21 21:56:57 -0700
commit: 23d1bd2dfbbbd2a5dd975d085e8a9f092464e76e (patch)
tree: bba7d911cedce2fbd4e3fa74be1fef43f512652a /src
parent: 34513e1fd739896e7151cb5ec18915fb881f5e46 (diff)
2 files changed, 18 insertions, 11 deletions
diff --git a/src/main/java/com/p4square/ccbapi/CCBAPIClient.java b/src/main/java/com/p4square/ccbapi/CCBAPIClient.java
index e3750cf..96abf78 100644
--- a/src/main/java/com/p4square/ccbapi/CCBAPIClient.java
+++ b/src/main/java/com/p4square/ccbapi/CCBAPIClient.java
@@ -2,6 +2,7 @@ package com.p4square.ccbapi;
 
 import com.p4square.ccbapi.exception.CCBErrorResponseException;
 import com.p4square.ccbapi.model.*;
+import com.p4square.ccbapi.serializer.FormBuilder;
 import com.p4square.ccbapi.serializer.IndividualProfileSerializer;
 
 import java.io.IOException;
@@ -76,6 +77,8 @@ public class CCBAPIClient implements CCBAPI {
         // Prepare the request.
         String serviceName;
         final Map<String, String> params = new HashMap<>();
+        String form = null;
+
         if (request.getId() != 0) {
             // Use individual_profile_from_id (individual_id)
             serviceName = "individual_profile_from_id";
@@ -84,20 +87,24 @@ public class CCBAPIClient implements CCBAPI {
         } else if (request.getLogin() != null && request.getPassword() != null) {
             // Use individual_profile_from_login_password (login, password)
             serviceName = "individual_profile_from_login_password";
-            params.put("login", request.getLogin());
+
+            FormBuilder loginform = new FormBuilder();
+            loginform.appendField("login", request.getLogin());
             /*
                 TODO: Don't convert password char[] to String.
                 The whole purpose behind keeping the password in a char[] is
                 so that it can be zeroed out in the heap when its no longer
                 needed.
-                Unfortunately Church Community Builder decided to send the
+                Originally, Church Community Builder decided to send the
                 user's password, among other sensitive fields, as a query
-                parameter. Since the query string has to be a String, I'll go
-                ahead and convert the password to String here.
-                The library's public interface will use char[] to make the
-                switch easier if CCB provides a more sane alternative.
+                parameter. Since the query string had to be a String, I
+                converted the password to String here.
+                CCB has since switched to POST. But there was no grace period
+                to ease the transition. In the interest of fixing the site
+                quickly, I'm leaving this TODO incomplete for now.
              */
-            params.put("password", new String(request.getPassword()));
+            loginform.appendField("password", new String(request.getPassword()));
+            form = loginform.build();
 
         } else if (request.getRoutingNumber() != null && request.getAccountNumber() != null) {
             // Use individual_profile_from_micr (account_number, routing_number)
@@ -123,7 +130,7 @@ public class CCBAPIClient implements CCBAPI {
         }
 
         // Send the request and parse the response.
-        return makeRequest(serviceName, params, null, GetIndividualProfilesResponse.class);
+        return makeRequest(serviceName, params, form, GetIndividualProfilesResponse.class);
     }
 
     @Override
diff --git a/src/test/java/com/p4square/ccbapi/CCBAPIClientTest.java b/src/test/java/com/p4square/ccbapi/CCBAPIClientTest.java
index b7d32e1..71427b5 100644
--- a/src/test/java/com/p4square/ccbapi/CCBAPIClientTest.java
+++ b/src/test/java/com/p4square/ccbapi/CCBAPIClientTest.java
@@ -158,10 +158,10 @@ public class CCBAPIClientTest {
     @Test
     public void testGetIndividualProfilesByLogin() throws Exception {
         // Set expectation.
-        URI expectedURI = new URI("https://localhost:8080/api.php?"
-                + "srv=individual_profile_from_login_password&password=pass&login=user");
+        URI expectedURI = new URI("https://localhost:8080/api.php?srv=individual_profile_from_login_password");
+        byte[] expectedForm = "login=user&password=pass".getBytes();
         InputStream is = getClass().getResourceAsStream("model/ccb_individual_profile_response.xml");
-        EasyMock.expect(mockHttpClient.sendPostRequest(expectedURI, null))
+        EasyMock.expect(mockHttpClient.sendPostRequest(EasyMock.eq(expectedURI), EasyMock.aryEq(expectedForm)))
                 .andReturn(is);
         EasyMock.replay(mockHttpClient);
author	Jesse Morgan <jesse@jesterpm.net>	2016-09-21 21:56:57 -0700
committer	Jesse Morgan <jesse@jesterpm.net>	2016-09-21 21:56:57 -0700
commit	23d1bd2dfbbbd2a5dd975d085e8a9f092464e76e (patch)
tree	bba7d911cedce2fbd4e3fa74be1fef43f512652a /src
parent	34513e1fd739896e7151cb5ec18915fb881f5e46 (diff)