Edition of security layer and its impacts.
This commit is contained in:
@@ -1,12 +1,14 @@
|
||||
package org.codiki.account;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Optional;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.codiki.core.entities.dto.PasswordWrapperDTO;
|
||||
import org.codiki.core.entities.dto.UserDTO;
|
||||
import org.codiki.core.entities.persistence.User;
|
||||
import org.codiki.core.security.TokenService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
@@ -73,6 +75,11 @@ public class AccountController {
|
||||
public void changePassword(@RequestBody final PasswordWrapperDTO pPasswordWrapper,
|
||||
final HttpServletRequest pRequest,
|
||||
final HttpServletResponse pResponse) throws IOException {
|
||||
accountService.changePassword(tokenService.getAuthenticatedUserByToken(pRequest), pPasswordWrapper, pResponse);
|
||||
final Optional<User> connectedUser = tokenService.getAuthenticatedUserByToken(pRequest);
|
||||
if(connectedUser.isPresent()) {
|
||||
accountService.changePassword(connectedUser.get(), pPasswordWrapper, pResponse);
|
||||
} else {
|
||||
pResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
package org.codiki.core.entities.dto;
|
||||
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@@ -14,6 +15,7 @@ public class CategoryDTO {
|
||||
|
||||
public CategoryDTO() {
|
||||
super();
|
||||
listSubCategories = new LinkedList<>();
|
||||
}
|
||||
|
||||
public CategoryDTO(final Category pCategory) {
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package org.codiki.core.entities.persistence;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
|
||||
import javax.persistence.Entity;
|
||||
@@ -49,6 +50,7 @@ public class Category implements Serializable {
|
||||
/* ******************* */
|
||||
public Category() {
|
||||
super();
|
||||
listSubCategories = new LinkedList<>();
|
||||
}
|
||||
|
||||
public Category(final CategoryDTO pCategory) {
|
||||
|
||||
@@ -13,27 +13,33 @@ import org.codiki.core.AbstractFilter;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
@Component
|
||||
@Order(Ordered.HIGHEST_PRECEDENCE)
|
||||
public class AuthenticationFilter extends AbstractFilter {
|
||||
|
||||
private static final String HTTP_OPTIONS = "OPTIONS";
|
||||
|
||||
private static final String HEADER_TOKEN = "token";
|
||||
|
||||
@Autowired
|
||||
private TokenService tokenService;
|
||||
|
||||
@Override
|
||||
protected List<Route> getRoutes() {
|
||||
return Arrays.asList(
|
||||
new Route("\\/api\\/posts\\/myPosts")
|
||||
new Route("\\/api\\/posts\\/myPosts"),
|
||||
new Route("\\/api\\/posts\\/preview"),
|
||||
new Route("\\/api\\/posts\\/", HttpMethod.POST, HttpMethod.PUT, HttpMethod.DELETE),
|
||||
new Route("\\/api\\/account/changePassword")
|
||||
);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void filter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
|
||||
System.out.println("Token : " + request.getHeader("token"));
|
||||
|
||||
if("OPTIONS".equals(request.getMethod()) || tokenService.isUserConnected(request.getHeader("token"))) {
|
||||
if(HTTP_OPTIONS.equals(request.getMethod()) || tokenService.isUserConnected(request.getHeader(HEADER_TOKEN))) {
|
||||
chain.doFilter(request, response);
|
||||
} else {
|
||||
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
|
||||
@@ -4,6 +4,7 @@ import java.util.Date;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import java.util.TreeMap;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@@ -125,7 +126,7 @@ public class TokenService {
|
||||
}
|
||||
}
|
||||
|
||||
public User getAuthenticatedUserByToken(final HttpServletRequest pRequest) {
|
||||
return connectedUsers.get(pRequest.getHeader(HEADER_TOKEN));
|
||||
public Optional<User> getAuthenticatedUserByToken(final HttpServletRequest pRequest) {
|
||||
return Optional.ofNullable(connectedUsers.get(pRequest.getHeader(HEADER_TOKEN)));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package org.codiki.posts;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.stream.Collectors;
|
||||
@@ -11,6 +12,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.codiki.core.entities.dto.PostDTO;
|
||||
import org.codiki.core.entities.persistence.Post;
|
||||
import org.codiki.core.entities.persistence.User;
|
||||
import org.codiki.core.repositories.PostRepository;
|
||||
import org.codiki.core.security.TokenService;
|
||||
import org.codiki.core.services.ParserService;
|
||||
@@ -82,10 +84,18 @@ public class PostController {
|
||||
}
|
||||
|
||||
@GetMapping("/myPosts")
|
||||
public List<PostDTO> getMyPosts(final HttpServletRequest pRequest, final HttpServletResponse pResponse) {
|
||||
return postRepository.getByCreator(tokenService
|
||||
.getAuthenticatedUserByToken(pRequest).getId())
|
||||
.parallelStream().map(PostDTO::new).collect(Collectors.toList());
|
||||
public List<PostDTO> getMyPosts(final HttpServletRequest pRequest, final HttpServletResponse pResponse) throws IOException {
|
||||
List<PostDTO> result = new LinkedList<>();
|
||||
|
||||
final Optional<User> connectedUser = tokenService.getAuthenticatedUserByToken(pRequest);
|
||||
if(connectedUser.isPresent()) {
|
||||
result = postRepository.getByCreator(connectedUser.get().getId())
|
||||
.stream().map(PostDTO::new).collect(Collectors.toList());
|
||||
} else {
|
||||
pResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
@PostMapping("/preview")
|
||||
|
||||
@@ -33,15 +33,15 @@ public class PostService {
|
||||
final HttpServletResponse pResponse) {
|
||||
Optional<Post> result = Optional.empty();
|
||||
|
||||
final String userToken = pRequest.getHeader("token");
|
||||
final Optional<User> user = tokenService.getAuthenticatedUserByToken(pRequest);
|
||||
|
||||
if(userToken.equals(pPost.getAuthor().getToken())) {
|
||||
if(user.isPresent()) {
|
||||
final Post postToSave = new Post(pPost);
|
||||
postToSave.setAuthor(tokenService.getAuthenticatedUserByToken(pRequest));
|
||||
postToSave.setAuthor(user.get());
|
||||
postRepository.save(postToSave);
|
||||
result = Optional.of(postToSave);
|
||||
} else {
|
||||
pResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
|
||||
pResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
return result;
|
||||
@@ -49,9 +49,9 @@ public class PostService {
|
||||
|
||||
public void update(final PostDTO pPost, final HttpServletRequest pRequest,
|
||||
final HttpServletResponse pResponse) throws IOException {
|
||||
final User connectedUser = tokenService.getAuthenticatedUserByToken(pRequest);
|
||||
final Optional<User> connectedUser = tokenService.getAuthenticatedUserByToken(pRequest);
|
||||
|
||||
if(connectedUser != null && connectedUser.getKey().equals(pPost.getAuthor().getKey())) {
|
||||
if(connectedUser.isPresent() && connectedUser.get().getKey().equals(pPost.getAuthor().getKey())) {
|
||||
final Optional<Post> postOpt = postRepository.getByKey(pPost.getKey());
|
||||
|
||||
if(postOpt.isPresent()) {
|
||||
|
||||
Reference in New Issue
Block a user