From 51e6bb1f90a69fba603a8c3b9eeabade60b28e00 Mon Sep 17 00:00:00 2001
From: Claudio Maggioni <maggicl@usi.ch>
Date: Mon, 2 Mar 2020 16:56:43 +0100
Subject: [PATCH] Merge

---
 .../smarthut/config/WebSecurityConfig.java    | 20 +++++-----
 .../controller/AuthenticationController.java  | 37 +++++++++++++------
 2 files changed, 36 insertions(+), 21 deletions(-)

diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/WebSecurityConfig.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/WebSecurityConfig.java
index 9bbea89..e38d0df 100644
--- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/WebSecurityConfig.java
+++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/WebSecurityConfig.java
@@ -50,17 +50,19 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                 .disable()
                 // dont authenticate this particular request
                 .authorizeRequests()
-                .antMatchers("/auth/login")
+                .antMatchers(
+                        "/auth/login",
+                        "/auth/register",
+                        "/swagger-ui.html",
+                        "/register",
+                        "/register/confirm-account",
+                        "/v2/api-docs",
+                        "/webjars/**",
+                        "/swagger-resources/**",
+                        "/csrf")
                 .permitAll()
-                .antMatchers("/auth/register")
-                .permitAll()
-                .antMatchers("/register")
-                .permitAll()
-                .antMatchers("/register/confirm-account")
-                .permitAll()
-                .
                 // all other requests need to be authenticated
-                anyRequest()
+                .anyRequest()
                 .authenticated()
                 .and()
                 .
diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/AuthenticationController.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/AuthenticationController.java
index 4646bd1..cc9ed2e 100644
--- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/AuthenticationController.java
+++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/AuthenticationController.java
@@ -5,9 +5,9 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.JWTRequest;
 import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.JWTResponse;
 import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.UserUpdateRequest;
 import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
+import io.swagger.annotations.Authorization;
 import java.security.Principal;
 import javax.validation.Valid;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.DisabledException;
@@ -21,18 +21,28 @@ import org.springframework.web.bind.annotation.*;
 @RequestMapping("/auth")
 public class AuthenticationController {
 
-    @Autowired private AuthenticationManager authenticationManager;
+    private final AuthenticationManager authenticationManager;
 
-    @Autowired private UserRepository userRepository;
+    private final UserRepository userRepository;
 
-    @Autowired private JWTTokenUtil jwtTokenUtil;
+    private final JWTTokenUtil jwtTokenUtil;
 
-    @Autowired private JWTUserDetailsService userDetailsService;
-
-    @Autowired private UserRepository users;
+    private final JWTUserDetailsService userDetailsService;
 
     private BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
 
+    public AuthenticationController(
+            AuthenticationManager authenticationManager,
+            UserRepository userRepository,
+            JWTTokenUtil jwtTokenUtil,
+            JWTUserDetailsService userDetailsService,
+            UserRepository users) {
+        this.authenticationManager = authenticationManager;
+        this.userRepository = userRepository;
+        this.jwtTokenUtil = jwtTokenUtil;
+        this.userDetailsService = userDetailsService;
+    }
+
     @PostMapping("/login")
     public JWTResponse login(@RequestBody JWTRequest authenticationRequest) throws Exception {
         authenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword());
@@ -42,15 +52,18 @@ public class AuthenticationController {
         return new JWTResponse(token);
     }
 
+    @Authorization(value = "Bearer")
     @PatchMapping("/update")
-    public User update(@Valid @RequestBody final UserUpdateRequest u, final Principal principal) {
+    public User update(
+            @Valid @RequestBody final UserUpdateRequest userData, final Principal principal) {
         final User oldUser = userRepository.findByUsername(principal.getName());
-        if (u.getName() != null) oldUser.setName(u.getName());
-        if (u.getEmail() != null) {
-            oldUser.setEmail(u.getEmail());
+        if (userData.getName() != null) oldUser.setName(userData.getName());
+        if (userData.getEmail() != null) {
+            oldUser.setEmail(userData.getEmail());
             // TODO: handle email verification
         }
-        if (u.getPassword() != null) oldUser.setPassword(encoder.encode(u.getPassword()));
+        if (userData.getPassword() != null)
+            oldUser.setPassword(encoder.encode(userData.getPassword()));
         return userRepository.save(oldUser);
     }