This commit is contained in:
Claudio Maggioni 2020-03-02 16:56:43 +01:00
parent c42861fa1c
commit 51e6bb1f90
2 changed files with 36 additions and 21 deletions

View file

@ -50,17 +50,19 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.disable()
// dont authenticate this particular request
.authorizeRequests()
.antMatchers("/auth/login")
.antMatchers(
"/auth/login",
"/auth/register",
"/swagger-ui.html",
"/register",
"/register/confirm-account",
"/v2/api-docs",
"/webjars/**",
"/swagger-resources/**",
"/csrf")
.permitAll()
.antMatchers("/auth/register")
.permitAll()
.antMatchers("/register")
.permitAll()
.antMatchers("/register/confirm-account")
.permitAll()
.
// all other requests need to be authenticated
anyRequest()
.anyRequest()
.authenticated()
.and()
.

View file

@ -5,9 +5,9 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.JWTRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.JWTResponse;
import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.UserUpdateRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import io.swagger.annotations.Authorization;
import java.security.Principal;
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
@ -21,18 +21,28 @@ import org.springframework.web.bind.annotation.*;
@RequestMapping("/auth")
public class AuthenticationController {
@Autowired private AuthenticationManager authenticationManager;
private final AuthenticationManager authenticationManager;
@Autowired private UserRepository userRepository;
private final UserRepository userRepository;
@Autowired private JWTTokenUtil jwtTokenUtil;
private final JWTTokenUtil jwtTokenUtil;
@Autowired private JWTUserDetailsService userDetailsService;
@Autowired private UserRepository users;
private final JWTUserDetailsService userDetailsService;
private BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
public AuthenticationController(
AuthenticationManager authenticationManager,
UserRepository userRepository,
JWTTokenUtil jwtTokenUtil,
JWTUserDetailsService userDetailsService,
UserRepository users) {
this.authenticationManager = authenticationManager;
this.userRepository = userRepository;
this.jwtTokenUtil = jwtTokenUtil;
this.userDetailsService = userDetailsService;
}
@PostMapping("/login")
public JWTResponse login(@RequestBody JWTRequest authenticationRequest) throws Exception {
authenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword());
@ -42,15 +52,18 @@ public class AuthenticationController {
return new JWTResponse(token);
}
@Authorization(value = "Bearer")
@PatchMapping("/update")
public User update(@Valid @RequestBody final UserUpdateRequest u, final Principal principal) {
public User update(
@Valid @RequestBody final UserUpdateRequest userData, final Principal principal) {
final User oldUser = userRepository.findByUsername(principal.getName());
if (u.getName() != null) oldUser.setName(u.getName());
if (u.getEmail() != null) {
oldUser.setEmail(u.getEmail());
if (userData.getName() != null) oldUser.setName(userData.getName());
if (userData.getEmail() != null) {
oldUser.setEmail(userData.getEmail());
// TODO: handle email verification
}
if (u.getPassword() != null) oldUser.setPassword(encoder.encode(u.getPassword()));
if (userData.getPassword() != null)
oldUser.setPassword(encoder.encode(userData.getPassword()));
return userRepository.save(oldUser);
}