Fix: Adding dog without logging in SOLVED

d3abb138 · fakanpeter · 7a319e6a · d3abb138 · d3abb138 · d3abb138
Commit d3abb138 authored 1 year ago by fakanpeter
--- a/backend/pom.xml
+++ b/backend/pom.xml
@@ -55,16 +55,29 @@
 			<artifactId>spring-security-core</artifactId>
 			<version>6.2.4</version>
 		</dependency>
-		<dependency>
-			<groupId>io.jsonwebtoken</groupId>
-			<artifactId>jjwt</artifactId>
-			<version>0.9.0</version>
-		</dependency>
+
 		<dependency>
 			<groupId>javax.xml.bind</groupId>
 			<artifactId>jaxb-api</artifactId>
 			<version>2.3.1</version> <!-- Or the latest version -->
 		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-api</artifactId>
+			<version>0.11.5</version>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-impl</artifactId>
+			<version>0.11.5</version>
+			<scope>runtime</scope>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-jackson</artifactId>
+			<version>0.11.5</version>
+			<scope>runtime</scope>
+		</dependency>
 	</dependencies>

 	<build>

--- a/backend/src/main/java/hu/pazmany/controller/Controller.java
+++ b/backend/src/main/java/hu/pazmany/controller/Controller.java
@@ -25,6 +25,7 @@ import java.util.regex.Pattern;
 public class Controller {
 	private final DogService dogService;
 	private final UserService userService;
+	private static final JwtTokenProvider jwtTokenProvider = JwtTokenProvider.getInstance();

 	@Autowired
 	public Controller(DogService dogService, UserService userService) {
@@ -52,7 +53,9 @@ public class Controller {

 	@PostMapping("/newdog")
 	public ResponseEntity<?> addNewDog(@RequestBody DetailedDogDTO dto, @RequestHeader("Authorization") String token) {
+		System.out.println(token);
 		if(!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+
 		// Save the dog and picture
        try {
            dogService.addNewDog(dto);
@@ -65,8 +68,6 @@ public class Controller {
 	@PostMapping(value = "/dogs/{id}/edit",  consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
 	public ResponseEntity<?> editDog(@PathVariable Integer id, @RequestHeader("Authorization") String token, @RequestParam("dog") String stringDogDTO, @RequestParam("picture") MultipartFile mpf) {
 		if (!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
-		System.out.println(stringDogDTO);
-

 		// Retrieve the dog entity from the database
 		Optional<DetailedDogDTO> optionalDog = dogService.get(id);
@@ -124,7 +125,7 @@ public class Controller {
 			return ResponseEntity.badRequest().body(null);
 		}

-		UserDTO userDTO = userService.login(request);
+		UserDTO userDTO = userService.login(request, jwtTokenProvider);

 		if (userDTO == null) {
 			return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
@@ -167,12 +168,17 @@ public class Controller {
 	}

 	private boolean isValidToken(String token) {
-		return token != null || verifyTokenSignature(token);
+		return token != null && verifyTokenSignature(token);
 	}

 	private boolean verifyTokenSignature(String token) {
-		JwtTokenProvider tokenProvider = new JwtTokenProvider();
-		return tokenProvider.validateToken(token);
+		if (token.startsWith("Bearer ")) {
+			token = token.substring(7);
+			return jwtTokenProvider.validateToken(token);
+		} else {
+			return false;
+		}
+
 	}

 	private abstract class ValidationError {

--- a/backend/src/main/java/hu/pazmany/security/JwtTokenProvider.java
+++ b/backend/src/main/java/hu/pazmany/security/JwtTokenProvider.java
@@ -3,31 +3,45 @@ package hu.pazmany.security;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.JwtException;
+import io.jsonwebtoken.security.Keys;
+
+import javax.crypto.SecretKey;

 public class JwtTokenProvider {
+    private static final JwtTokenProvider INSTANCE = new JwtTokenProvider();
+    private JwtTokenProvider() {
+        // private constructor to prevent instantiation
+    }
+    private final SecretKey secretKey = Keys.secretKeyFor(SignatureAlgorithm.HS512);

-    private final String secretKey = "cci5lQJvw4TX6vSdR2PIcTx4n9w2cE8F";
+    public static JwtTokenProvider getInstance() {
+        return INSTANCE;
+    }

    public String generateToken(Integer userId) {
-        return Jwts.builder()
+        String token = Jwts.builder()
                .setSubject(String.valueOf(userId))
-                .signWith(SignatureAlgorithm.HS512, secretKey)
+                .signWith(secretKey)
                .compact();
+        System.out.println("Generated Token: " + token);
+        return token;
    }

    public boolean validateToken(String token) {
+        System.out.println("Parser token:" + token +"|");
        try {
            // Parse the token and extract the username
-            String username = Jwts.parser()
-                    .setSigningKey(secretKey.getBytes())
+            String userId = Jwts.parser()
+                    .setSigningKey(secretKey)
                    .parseClaimsJws(token)
                    .getBody()
                    .getSubject();
-
+            System.out.println(userId);
            // Check if the username is not null or empty
-            return username != null && !username.isEmpty();
+            return userId != null && !userId.isEmpty();
        } catch (JwtException | IllegalArgumentException e) {
            // Token is invalid or malformed
+            System.out.println("Token validation failed: " + e.getMessage());
            return false;
        }
    }

--- a/backend/src/main/java/hu/pazmany/service/UserService.java
+++ b/backend/src/main/java/hu/pazmany/service/UserService.java
@@ -11,6 +11,7 @@ import org.springframework.stereotype.Service;

 import java.util.Optional;

+
 @Service
 public class UserService {
    private final UserRepository userRepository;
@@ -35,18 +36,19 @@ public class UserService {
        userRepository.save(userEntity);
    }

-    public UserDTO login(UserDTO request) {
+    public UserDTO login(UserDTO request, JwtTokenProvider jwtTokenProvider) {
        Optional<UserEntity> userOptional = userRepository.findByUsername(request.getUsername());
        if (userOptional.isPresent()) {
            UserEntity userEntity = userOptional.get();
            // Check if the password matches
            if (passwordEncoder.matches(request.getPassword(), userEntity.getPassword())) {
                // Password matches, generate token using user's ID
-                String token = generateToken(userEntity.getId());
+                String token = jwtTokenProvider.generateToken(userEntity.getId());
                // Create and return UserDTO with token
                UserDTO userDTO = new UserDTO();
                userDTO.setUsername(request.getUsername());
                userDTO.setToken(token);
+                System.out.println("login: " + token);
                return userDTO;
            }
        }
@@ -54,9 +56,8 @@ public class UserService {
        return null;
    }

-    private String generateToken(Integer userId) {
-        JwtTokenProvider tokenProvider = new JwtTokenProvider();
-        return tokenProvider.generateToken(userId);
+    private String generateToken(Integer userId, JwtTokenProvider jwtTokenProvider) {
+        return jwtTokenProvider.generateToken(userId);
    }

    public boolean isUserExists(String username) {