Skip to content
Snippets Groups Projects
Commit 59fc7e6f authored by Thomas's avatar Thomas
Browse files

Fixed users roles

parent 21843940
No related branches found
No related tags found
No related merge requests found
Showing with 104 additions and 33 deletions
......@@ -33,7 +33,7 @@ public class JwtAuthenticationFilter extends UsernamePasswordAuthenticationFilte
try {
LoginMessage message = new ObjectMapper().readValue(req.getInputStream(), LoginMessage.class);
System.err.println("Auth user n:"+message.getUsername()+" p:"+message.getPassword());
System.err.println("Login user n:"+message.getUsername()+" p:"+message.getPassword());
return authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(message.getUsername(), message.getPassword(), new ArrayList<>())
......@@ -47,7 +47,7 @@ public class JwtAuthenticationFilter extends UsernamePasswordAuthenticationFilte
protected void successfulAuthentication(HttpServletRequest req, HttpServletResponse res, FilterChain chain, Authentication auth)
throws IOException, ServletException {
User user = (User) auth.getPrincipal();
String token = JwtUtils.generateToken(user.getUsername());
String token = JwtUtils.generateToken(user.getUsername(), user.getAuthorities());
res.getWriter().write(new ObjectMapper().writeValueAsString(new ResponseMessage(false, token)));
// res.addHeader("Authorization", "Bearer " + token);
}
......
......@@ -2,7 +2,8 @@ package mozen.auth;
import java.io.IOException;
import java.security.Key;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
......@@ -11,9 +12,12 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import mozen.utils.JwtUtils;
......@@ -42,15 +46,19 @@ public class JwtAuthorizationFilter extends BasicAuthenticationFilter {
private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request) {
String token = request.getHeader("Authorization");
if(token != null) {
try {
Key key = JwtUtils.generateKey();
String username = Jwts.parser()
.setSigningKey(key)
.parseClaimsJws(token.replace("Bearer ", ""))
.getBody()
.getSubject();
if (username != null) {
return new UsernamePasswordAuthenticationToken(username, null, new ArrayList<>());
Claims claims = Jwts.parser().setSigningKey(key).parseClaimsJws(token.replace("Bearer ", "")).getBody();
String username = (String) claims.get("username");
String role = (String) claims.get("role");
if (username != null && role != null) {
System.err.println("Auth user u:"+username+" r:"+role);
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
grantedAuthorities.add(new SimpleGrantedAuthority(role));
return new UsernamePasswordAuthenticationToken(username, null, grantedAuthorities);
}
} catch (Exception e) {
return null;
}
return null;
......
......@@ -21,11 +21,10 @@ public class JwtUserDetailsService implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
System.err.println("[USER DETAILS] u:"+username);
mozen.model.User user = manager.getUserByUsername(username);
if(user == null) throw new UsernameNotFoundException(username);
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
/*
// Gestion multi roles
// Plus propre (Transformer model.Role en Entity et model.User.role en liste de Role)
......@@ -34,7 +33,8 @@ public class JwtUserDetailsService implements UserDetailsService {
}
*/
grantedAuthorities.add(new SimpleGrantedAuthority(user.getRole().toString()));
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_"+user.getRole().toString()));
return new User(user.getUsername(), user.getPassword(), grantedAuthorities);
}
......
......@@ -34,16 +34,30 @@ public class WebSecurity extends WebSecurityConfigurerAdapter{
.cors()
.and()
.authorizeRequests()
// PUBLIC SECTION
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.antMatchers("/").permitAll()
.antMatchers(HttpMethod.POST, "/login").permitAll()
.antMatchers(HttpMethod.POST, "/user/signup").permitAll()
.antMatchers(HttpMethod.POST, "/users/signup").permitAll()
.antMatchers(HttpMethod.GET, "/search").permitAll()
.antMatchers(HttpMethod.GET, "/comments").permitAll()
.antMatchers(HttpMethod.GET, "/tags").permitAll()
.antMatchers(HttpMethod.GET, "/models").permitAll()
.antMatchers(HttpMethod.GET, "/models/tags").permitAll()
.antMatchers(HttpMethod.GET, "/models/download").permitAll()
.antMatchers(HttpMethod.GET, "/models/downloadLayer").permitAll()
// .anyRequest().authenticated()
.antMatchers(HttpMethod.GET, "/layers/download").permitAll()
// ADMIN SECTION
.antMatchers(HttpMethod.GET, "/models/setVerified").hasRole("ADMIN")
.antMatchers(HttpMethod.GET, "/users/setAdmin").hasRole("ADMIN")
.antMatchers(HttpMethod.DELETE, "/tags").hasRole("ADMIN")
.antMatchers(HttpMethod.DELETE, "/tags/category").hasRole("ADMIN")
.antMatchers(HttpMethod.POST, "/tags/category").hasRole("ADMIN")
.antMatchers(HttpMethod.GET, "/models/list").hasRole("ADMIN")
.antMatchers(HttpMethod.GET, "/users/list").hasRole("ADMIN")
.antMatchers(HttpMethod.GET, "/comments/list").hasRole("ADMIN")
// USER SECTION
.anyRequest().authenticated()
.and()
.addFilter(new JwtAuthenticationFilter(authenticationManager()))
.addFilter(new JwtAuthorizationFilter(authenticationManager()))
......
......@@ -7,13 +7,15 @@ import mozen.model.User;
public interface IUserManager {
User addUser(SignupMessage message);
void updateUser(User user, User userToUpdate);
void updateUser(User user, User userToUpdate) throws Exception;
void removeUser(User user, Long id);
Collection<User> getUsers();
User getUser(Long id);
User getUserByUsername(String username);
void setAdmin(Long id, User user) throws Exception;
boolean resetPassword(String email);
boolean changePassword(String token, String password);
}
\ No newline at end of file
......@@ -11,6 +11,7 @@ import mozen.model.Role;
import mozen.messages.SignupMessage;
import mozen.model.User;
import mozen.repos.UserRepository;
import mozen.utils.UserHelper;
@Service
public class UserManager implements IUserManager {
......@@ -29,14 +30,14 @@ public class UserManager implements IUserManager {
u.setEmail(message.getEmail());
u.setUsername(message.getUsername());
u.setPassword(bCryptPasswordEncoder.encode(message.getPassword()));
u.setRole(Role.ROLE_DEFAULT);
u.setRole(Role.DEFAULT);
repo.save(u);
return u;
}
@Override
public void updateUser(User user, User userToUpdate) {
public void updateUser(User user, User userToUpdate) throws Exception {
if(isRightUser(user, userToUpdate)) repo.save(userToUpdate);
}
......@@ -76,8 +77,23 @@ public class UserManager implements IUserManager {
}
private boolean isRightUser(User userToCheck, User user) {
if (userToCheck.getRole() == Role.ROLE_ADMIN) return true;
if (userToCheck.getRole() == Role.ADMIN) return true;
return userToCheck.getId().equals(user.getId());
}
@Override
public void setAdmin(Long id, User user) throws Exception {
User userToUpdate = getUser(id);
if (userToUpdate == null)
throw new Exception("Unknown user");
if (!UserHelper.isAdmin(user))
throw new Exception("Not admin");
Role role = userToUpdate.getRole();
if (role == Role.ADMIN) userToUpdate.setRole(Role.DEFAULT);
else userToUpdate.setRole(Role.ADMIN);
repo.save(userToUpdate);
}
}
\ No newline at end of file
package mozen.model;
public enum Role {
ROLE_DEFAULT, ROLE_ADMIN
DEFAULT, ADMIN
}
\ No newline at end of file
......@@ -48,19 +48,19 @@ public class DatabaseFiller {
u1.setEmail("user1@email.com");
u1.setPassword(bCryptPasswordEncoder.encode("1234"));
u1.setUsername("user 1");
u1.setRole(Role.ROLE_DEFAULT);
u1.setRole(Role.DEFAULT);
User u2 = new User();
u2.setEmail("user2@email.com");
u2.setPassword(bCryptPasswordEncoder.encode("1234"));
u2.setUsername("user 2");
u2.setRole(Role.ROLE_DEFAULT);
u2.setRole(Role.DEFAULT);
User admin = new User();
admin.setEmail("admin@admin.admin");
admin.setPassword(bCryptPasswordEncoder.encode("1234"));
admin.setUsername("admin");
admin.setRole(Role.ROLE_ADMIN);
admin.setRole(Role.ADMIN);
Model m1 = new Model();
m1.setAuthor(u1);
......
......@@ -3,10 +3,13 @@ package mozen.utils;
import java.security.Key;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Collection;
import java.util.Date;
import javax.crypto.spec.SecretKeySpec;
import org.springframework.security.core.GrantedAuthority;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
......@@ -17,10 +20,12 @@ public class JwtUtils {
return key;
}
public static String generateToken(String username) {
public static String generateToken(String username, Collection<GrantedAuthority> roles) {
String role = roles.toArray()[0].toString();
return Jwts.builder()
.setSubject(username)
.claim("username", username)
.claim("role", role)
.setIssuedAt(new Date())
.setExpiration(toDate(LocalDateTime.now().plusDays(1L)))
.signWith(SignatureAlgorithm.HS512, generateKey())
......
......@@ -17,7 +17,7 @@ public class UserHelper {
}
public static boolean isAdmin(User user) {
return user.getRole() == Role.ROLE_ADMIN;
return user.getRole() == Role.ADMIN;
}
public static User getCurrentUser(IUserManager userManager) {
......
package mozen.web;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.CrossOrigin;
......@@ -25,7 +29,7 @@ import mozen.utils.JwtUtils;
import mozen.utils.UserHelper;
@RestController
@RequestMapping("/user")
@RequestMapping("/users")
@CrossOrigin
public class UserController {
@Autowired
......@@ -87,8 +91,10 @@ public class UserController {
ResponseMessage response = new ResponseMessage(false, "");
try {
userManager.addUser(message);
response.setMessage(JwtUtils.generateToken(message.getUsername()));
User user = userManager.addUser(message);
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_"+user.getRole()));
response.setMessage(JwtUtils.generateToken(user.getUsername(), grantedAuthorities));
} catch (Exception e) {
response.setError(true);
response.setMessage(e.getMessage());
......@@ -97,4 +103,24 @@ public class UserController {
return ResponseEntity.ok(response);
}
@GetMapping("/setAdmin")
public ResponseEntity<ResponseMessage> setAdmin(@RequestParam(value = "id", required = true) Long id) {
ResponseMessage response = new ResponseMessage(false, "");
User user = UserHelper.getCurrentUser(userManager);
if(user == null) {
response.setError(true);
response.setMessage("User unknown");
return ResponseEntity.badRequest().body(response);
}
try {
userManager.setAdmin(id, user);
} catch (Exception e) {
response.setError(true);
response.setMessage(e.getMessage());
return ResponseEntity.badRequest().body(response);
}
return ResponseEntity.ok(response);
}
}
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment