auth fixes

55ba14f8 · Thomas · a0a20889 · 55ba14f8 · 55ba14f8 · 55ba14f8
Commit 55ba14f8 authored 5 years ago by Thomas
--- a/mozen/src/main/java/mozen/auth/JwtAuthenticationFilter.java
+++ b/mozen/src/main/java/mozen/auth/JwtAuthenticationFilter.java
 package mozen.auth;
 import java.io.IOException;
-import java.security.Key;
-import java.time.LocalDateTime;
-import java.time.ZoneId;
 import java.util.ArrayList;
-import java.util.Date;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -18,14 +14,11 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
 import mozen.model.LoginMessage;
-import mozen.utils.KeyGenerator;
+import mozen.utils.JwtUtils;
 public class JwtAuthenticationFilter extends UsernamePasswordAuthenticationFilter{
  private AuthenticationManager authenticationManager;
@@ -53,24 +46,9 @@ public class JwtAuthenticationFilter extends UsernamePasswordAuthenticationFilte
  protected void successfulAuthentication(HttpServletRequest req, HttpServletResponse res, FilterChain chain, Authentication auth) 
  throws IOException, ServletException {
    User user = (User) auth.getPrincipal();
-    Key key = KeyGenerator.generateKey();
-    // ! A modifier si gestion multi roles (cf UserDetailsService)
+    String token = JwtUtils.generateToken(user.getUsername());
-    SimpleGrantedAuthority authority = (SimpleGrantedAuthority) user.getAuthorities().toArray()[0];
-    String token = Jwts.builder()
-      .setSubject(user.getUsername())
-      .claim("username",user.getUsername())
-      .claim("role",authority.getAuthority())
-      .setIssuedAt(new Date())
-      .setExpiration(toDate(LocalDateTime.now().plusDays(1L)))
-      .signWith(SignatureAlgorithm.HS512, key)
-      .compact();
      res.addHeader("Authorization", "Bearer " + token);
  }
-  private Date toDate(LocalDateTime localDateTime) {
-    return Date.from(localDateTime.atZone(ZoneId.systemDefault()).toInstant());
-  }
 }
\ No newline at end of file
--- a/mozen/src/main/java/mozen/auth/JwtAuthorizationFilter.java
+++ b/mozen/src/main/java/mozen/auth/JwtAuthorizationFilter.java
@@ -15,7 +15,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import io.jsonwebtoken.Jwts;
-import mozen.utils.KeyGenerator;
+import mozen.utils.JwtUtils;
 public class JwtAuthorizationFilter extends BasicAuthenticationFilter {
@@ -42,7 +42,7 @@ public class JwtAuthorizationFilter extends BasicAuthenticationFilter {
  private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request) {
    String token = request.getHeader("Authorization");
    if(token != null) {
-      Key key = KeyGenerator.generateKey();
+      Key key = JwtUtils.generateKey();
      String username = Jwts.parser()
        .setSigningKey(key)
        .parseClaimsJws(token.replace("Bearer ", ""))

--- a/mozen/src/main/java/mozen/utils/KeyGenerator.java
+++ b/mozen/src/main/java/mozen/utils/KeyGenerator.java
 package mozen.utils;
 import java.security.Key;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.util.Date;
 import javax.crypto.spec.SecretKeySpec;
-public class KeyGenerator {
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+public class JwtUtils {
  public static Key generateKey() {
    String keyString = "LePetitBonhommeEnMousse";
    Key key = new SecretKeySpec(keyString.getBytes(), 0, keyString.getBytes().length, "DES");
    return key;
  }
+  public static String generateToken(String username) {
+    return Jwts.builder()
+      .setSubject(username)
+      .claim("username", username)
+      .setIssuedAt(new Date())
+      .setExpiration(toDate(LocalDateTime.now().plusDays(1L)))
+      .signWith(SignatureAlgorithm.HS512, generateKey())
+      .compact();
+  }
+  private static Date toDate(LocalDateTime localDateTime) {
+    return Date.from(localDateTime.atZone(ZoneId.systemDefault()).toInstant());
+  }
 }
\ No newline at end of file
--- a/mozen/src/main/java/mozen/web/ModelController.java
+++ b/mozen/src/main/java/mozen/web/ModelController.java
@@ -10,7 +10,6 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -47,6 +46,7 @@ public class ModelController {
    if(user != null) {
      return ResponseEntity.ok().body(user.getModels());
    } else {
+      if(id == null) return ResponseEntity.badRequest().build();
      return ResponseEntity.ok().body(modelManager.getModel(id));
    }
  }
@@ -158,8 +158,8 @@ public class ModelController {
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (!(auth instanceof AnonymousAuthenticationToken)) {
-      UserDetails userDetails = (UserDetails) auth.getPrincipal();
+      String username = (String) auth.getPrincipal();
-      return userManager.getUserByUsername(userDetails.getUsername());
+      return userManager.getUserByUsername(username);
    } else {
      return null;
    }

--- a/mozen/src/main/java/mozen/web/UserController.java
+++ b/mozen/src/main/java/mozen/web/UserController.java
@@ -5,7 +5,6 @@ import javax.validation.Valid;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -18,6 +17,7 @@ import mozen.business.IUserManager;
 import mozen.model.ResponseMessage;
 import mozen.model.SignupMessage;
 import mozen.model.User;
+import mozen.utils.JwtUtils;
 @RestController
 @RequestMapping("/user")
@@ -28,15 +28,24 @@ public class UserController {
  @GetMapping("")
  public User getUser() {
-    UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+    String username = (String) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
-    return manager.getUserByUsername(userDetails.getUsername());
+    return manager.getUserByUsername(username);
  }
  @PostMapping("/signup")
  public ResponseEntity<ResponseMessage> addUser(@RequestBody @Valid SignupMessage message, BindingResult result) {
    System.err.println("SIGNUP u:"+message.getUsername()+" e:"+message.getEmail()+" p:"+message.getPassword());
-    manager.addUser(message);
    ResponseMessage response = new ResponseMessage(false, "");
+    try {
+      manager.addUser(message);
+      response.setMessage(JwtUtils.generateToken(message.getUsername()));
+    } catch (Exception e) {
+      response.setError(true);
+      response.setMessage(e.getMessage());
+    }   
    return ResponseEntity.ok(response);
  }
 }
\ No newline at end of file