This commit is contained in:
Claudio Maggioni 2020-03-02 16:56:43 +01:00
parent c42861fa1c
commit 51e6bb1f90
2 changed files with 36 additions and 21 deletions

View file

@ -50,17 +50,19 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.disable() .disable()
// dont authenticate this particular request // dont authenticate this particular request
.authorizeRequests() .authorizeRequests()
.antMatchers("/auth/login") .antMatchers(
"/auth/login",
"/auth/register",
"/swagger-ui.html",
"/register",
"/register/confirm-account",
"/v2/api-docs",
"/webjars/**",
"/swagger-resources/**",
"/csrf")
.permitAll() .permitAll()
.antMatchers("/auth/register")
.permitAll()
.antMatchers("/register")
.permitAll()
.antMatchers("/register/confirm-account")
.permitAll()
.
// all other requests need to be authenticated // all other requests need to be authenticated
anyRequest() .anyRequest()
.authenticated() .authenticated()
.and() .and()
. .

View file

@ -5,9 +5,9 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.JWTRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.JWTResponse; import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.JWTResponse;
import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.UserUpdateRequest; import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.UserUpdateRequest;
import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
import io.swagger.annotations.Authorization;
import java.security.Principal; import java.security.Principal;
import javax.validation.Valid; import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException; import org.springframework.security.authentication.DisabledException;
@ -21,18 +21,28 @@ import org.springframework.web.bind.annotation.*;
@RequestMapping("/auth") @RequestMapping("/auth")
public class AuthenticationController { public class AuthenticationController {
@Autowired private AuthenticationManager authenticationManager; private final AuthenticationManager authenticationManager;
@Autowired private UserRepository userRepository; private final UserRepository userRepository;
@Autowired private JWTTokenUtil jwtTokenUtil; private final JWTTokenUtil jwtTokenUtil;
@Autowired private JWTUserDetailsService userDetailsService; private final JWTUserDetailsService userDetailsService;
@Autowired private UserRepository users;
private BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); private BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
public AuthenticationController(
AuthenticationManager authenticationManager,
UserRepository userRepository,
JWTTokenUtil jwtTokenUtil,
JWTUserDetailsService userDetailsService,
UserRepository users) {
this.authenticationManager = authenticationManager;
this.userRepository = userRepository;
this.jwtTokenUtil = jwtTokenUtil;
this.userDetailsService = userDetailsService;
}
@PostMapping("/login") @PostMapping("/login")
public JWTResponse login(@RequestBody JWTRequest authenticationRequest) throws Exception { public JWTResponse login(@RequestBody JWTRequest authenticationRequest) throws Exception {
authenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword()); authenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword());
@ -42,15 +52,18 @@ public class AuthenticationController {
return new JWTResponse(token); return new JWTResponse(token);
} }
@Authorization(value = "Bearer")
@PatchMapping("/update") @PatchMapping("/update")
public User update(@Valid @RequestBody final UserUpdateRequest u, final Principal principal) { public User update(
@Valid @RequestBody final UserUpdateRequest userData, final Principal principal) {
final User oldUser = userRepository.findByUsername(principal.getName()); final User oldUser = userRepository.findByUsername(principal.getName());
if (u.getName() != null) oldUser.setName(u.getName()); if (userData.getName() != null) oldUser.setName(userData.getName());
if (u.getEmail() != null) { if (userData.getEmail() != null) {
oldUser.setEmail(u.getEmail()); oldUser.setEmail(userData.getEmail());
// TODO: handle email verification // TODO: handle email verification
} }
if (u.getPassword() != null) oldUser.setPassword(encoder.encode(u.getPassword())); if (userData.getPassword() != null)
oldUser.setPassword(encoder.encode(userData.getPassword()));
return userRepository.save(oldUser); return userRepository.save(oldUser);
} }