From db2ade58816b4c7a0f6a72c0387fd7cb11a0aaa4 Mon Sep 17 00:00:00 2001
From: Benedikt Galbavy <if22b082@technikum-wien.at>
Date: Sun, 7 Jan 2024 23:27:47 +0100
Subject: [PATCH] session bug fix

~30 min of work
---
 MonsterTradingCards.sh                         |  6 +++---
 .../mtcg/application/SessionHandler.java       | 18 ++++++++++++------
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/MonsterTradingCards.sh b/MonsterTradingCards.sh
index 04ba751..7e34f17 100644
--- a/MonsterTradingCards.sh
+++ b/MonsterTradingCards.sh
@@ -29,11 +29,11 @@ read -p "Press any key to resume ..." null
 
 # --------------------------------------------------
 echo "2) Login Users"
-token1=$(curl -i -X POST http://localhost:10001/sessions --header "Content-Type: application/json" -d "{\"Username\":\"kienboec\", \"Password\":\"daniel\"}")
+token1=$(curl --silent -X POST http://localhost:10001/sessions --header "Content-Type: application/json" -d "{\"Username\":\"kienboec\", \"Password\":\"daniel\"}")
 echo .
-token2=$(curl -i -X POST http://localhost:10001/sessions --header "Content-Type: application/json" -d "{\"Username\":\"altenhof\", \"Password\":\"markus\"}")
+token2=$(curl --silent -X POST http://localhost:10001/sessions --header "Content-Type: application/json" -d "{\"Username\":\"altenhof\", \"Password\":\"markus\"}")
 echo .
-token3=$(curl -i -X POST http://localhost:10001/sessions --header "Content-Type: application/json" -d "{\"Username\":\"admin\",    \"Password\":\"istrator\"}")
+token3=$(curl --silent -X POST http://localhost:10001/sessions --header "Content-Type: application/json" -d "{\"Username\":\"admin\",    \"Password\":\"istrator\"}")
 echo .
 
 read -p "Press any key to resume ..." null
diff --git a/src/at/nanopenguin/mtcg/application/SessionHandler.java b/src/at/nanopenguin/mtcg/application/SessionHandler.java
index ebbf2be..4bc6d49 100644
--- a/src/at/nanopenguin/mtcg/application/SessionHandler.java
+++ b/src/at/nanopenguin/mtcg/application/SessionHandler.java
@@ -28,11 +28,6 @@ public final class SessionHandler {
     }
 
     public synchronized UUID login(UserCredentials userCredentials) throws SQLException { // avoid multiple logins of same user
-        for (val session : this.sessions.entrySet()) {
-            if (userCredentials.username().equals(session.getValue().username())) {
-                this.sessions.remove(session.getKey());
-            }
-        }
 
         val result = DbQuery.builder()
                 .command(SqlCommand.SELECT)
@@ -53,13 +48,24 @@ public final class SessionHandler {
             return null;
         }
 
+        for (val session : this.sessions.entrySet()) {
+            if (userCredentials.username().equals(session.getValue().username())) {
+                this.sessions.remove(session.getKey());
+            }
+        }
+
         UUID uuid = UUID.randomUUID();
         this.sessions.put(uuid, new UserInfo((UUID) row1.get("uuid"), userCredentials.username(), (boolean) row1.get("admin")));
         return uuid;
     }
 
     public static UUID tokenFromHttpHeader(String headerValue) {
-        return headerValue == null ? null : UUID.fromString(headerValue.replaceFirst("^Bearer ", ""));
+        try {
+            return headerValue == null ? null : UUID.fromString(headerValue.replaceFirst("^Bearer ", ""));
+        }
+        catch (IllegalArgumentException e) {
+            return null;
+        }
     }
 
     public TokenValidity verifyUUID(UUID uuid) {