From d3abb138c46c4343ef6bae9cde7f84d29427c48f Mon Sep 17 00:00:00 2001 From: fakanpeter <fakanpeti@gmail.com> Date: Tue, 14 May 2024 21:04:57 +0200 Subject: [PATCH] Fix: Adding dog without logging in SOLVED --- backend/pom.xml | 23 +++++++++++---- .../hu/pazmany/controller/Controller.java | 18 ++++++++---- .../hu/pazmany/security/JwtTokenProvider.java | 28 ++++++++++++++----- .../java/hu/pazmany/service/UserService.java | 11 ++++---- 4 files changed, 57 insertions(+), 23 deletions(-) diff --git a/backend/pom.xml b/backend/pom.xml index 612acbb..f26b207 100644 --- a/backend/pom.xml +++ b/backend/pom.xml @@ -55,16 +55,29 @@ <artifactId>spring-security-core</artifactId> <version>6.2.4</version> </dependency> - <dependency> - <groupId>io.jsonwebtoken</groupId> - <artifactId>jjwt</artifactId> - <version>0.9.0</version> - </dependency> + <dependency> <groupId>javax.xml.bind</groupId> <artifactId>jaxb-api</artifactId> <version>2.3.1</version> <!-- Or the latest version --> </dependency> + <dependency> + <groupId>io.jsonwebtoken</groupId> + <artifactId>jjwt-api</artifactId> + <version>0.11.5</version> + </dependency> + <dependency> + <groupId>io.jsonwebtoken</groupId> + <artifactId>jjwt-impl</artifactId> + <version>0.11.5</version> + <scope>runtime</scope> + </dependency> + <dependency> + <groupId>io.jsonwebtoken</groupId> + <artifactId>jjwt-jackson</artifactId> + <version>0.11.5</version> + <scope>runtime</scope> + </dependency> </dependencies> <build> diff --git a/backend/src/main/java/hu/pazmany/controller/Controller.java b/backend/src/main/java/hu/pazmany/controller/Controller.java index 1a9d045..9c9fa99 100644 --- a/backend/src/main/java/hu/pazmany/controller/Controller.java +++ b/backend/src/main/java/hu/pazmany/controller/Controller.java @@ -25,6 +25,7 @@ import java.util.regex.Pattern; public class Controller { private final DogService dogService; private final UserService userService; + private static final JwtTokenProvider jwtTokenProvider = JwtTokenProvider.getInstance(); @Autowired public Controller(DogService dogService, UserService userService) { @@ -52,7 +53,9 @@ public class Controller { @PostMapping("/newdog") public ResponseEntity<?> addNewDog(@RequestBody DetailedDogDTO dto, @RequestHeader("Authorization") String token) { + System.out.println(token); if(!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); + // Save the dog and picture try { dogService.addNewDog(dto); @@ -65,8 +68,6 @@ public class Controller { @PostMapping(value = "/dogs/{id}/edit", consumes = MediaType.MULTIPART_FORM_DATA_VALUE) public ResponseEntity<?> editDog(@PathVariable Integer id, @RequestHeader("Authorization") String token, @RequestParam("dog") String stringDogDTO, @RequestParam("picture") MultipartFile mpf) { if (!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); - System.out.println(stringDogDTO); - // Retrieve the dog entity from the database Optional<DetailedDogDTO> optionalDog = dogService.get(id); @@ -124,7 +125,7 @@ public class Controller { return ResponseEntity.badRequest().body(null); } - UserDTO userDTO = userService.login(request); + UserDTO userDTO = userService.login(request, jwtTokenProvider); if (userDTO == null) { return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); @@ -167,12 +168,17 @@ public class Controller { } private boolean isValidToken(String token) { - return token != null || verifyTokenSignature(token); + return token != null && verifyTokenSignature(token); } private boolean verifyTokenSignature(String token) { - JwtTokenProvider tokenProvider = new JwtTokenProvider(); - return tokenProvider.validateToken(token); + if (token.startsWith("Bearer ")) { + token = token.substring(7); + return jwtTokenProvider.validateToken(token); + } else { + return false; + } + } private abstract class ValidationError { diff --git a/backend/src/main/java/hu/pazmany/security/JwtTokenProvider.java b/backend/src/main/java/hu/pazmany/security/JwtTokenProvider.java index 685ea37..fa8e251 100644 --- a/backend/src/main/java/hu/pazmany/security/JwtTokenProvider.java +++ b/backend/src/main/java/hu/pazmany/security/JwtTokenProvider.java @@ -3,31 +3,45 @@ package hu.pazmany.security; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.JwtException; +import io.jsonwebtoken.security.Keys; + +import javax.crypto.SecretKey; public class JwtTokenProvider { + private static final JwtTokenProvider INSTANCE = new JwtTokenProvider(); + private JwtTokenProvider() { + // private constructor to prevent instantiation + } + private final SecretKey secretKey = Keys.secretKeyFor(SignatureAlgorithm.HS512); - private final String secretKey = "cci5lQJvw4TX6vSdR2PIcTx4n9w2cE8F"; + public static JwtTokenProvider getInstance() { + return INSTANCE; + } public String generateToken(Integer userId) { - return Jwts.builder() + String token = Jwts.builder() .setSubject(String.valueOf(userId)) - .signWith(SignatureAlgorithm.HS512, secretKey) + .signWith(secretKey) .compact(); + System.out.println("Generated Token: " + token); + return token; } public boolean validateToken(String token) { + System.out.println("Parser token:" + token +"|"); try { // Parse the token and extract the username - String username = Jwts.parser() - .setSigningKey(secretKey.getBytes()) + String userId = Jwts.parser() + .setSigningKey(secretKey) .parseClaimsJws(token) .getBody() .getSubject(); - + System.out.println(userId); // Check if the username is not null or empty - return username != null && !username.isEmpty(); + return userId != null && !userId.isEmpty(); } catch (JwtException | IllegalArgumentException e) { // Token is invalid or malformed + System.out.println("Token validation failed: " + e.getMessage()); return false; } } diff --git a/backend/src/main/java/hu/pazmany/service/UserService.java b/backend/src/main/java/hu/pazmany/service/UserService.java index 63e08f9..32df07e 100644 --- a/backend/src/main/java/hu/pazmany/service/UserService.java +++ b/backend/src/main/java/hu/pazmany/service/UserService.java @@ -11,6 +11,7 @@ import org.springframework.stereotype.Service; import java.util.Optional; + @Service public class UserService { private final UserRepository userRepository; @@ -35,18 +36,19 @@ public class UserService { userRepository.save(userEntity); } - public UserDTO login(UserDTO request) { + public UserDTO login(UserDTO request, JwtTokenProvider jwtTokenProvider) { Optional<UserEntity> userOptional = userRepository.findByUsername(request.getUsername()); if (userOptional.isPresent()) { UserEntity userEntity = userOptional.get(); // Check if the password matches if (passwordEncoder.matches(request.getPassword(), userEntity.getPassword())) { // Password matches, generate token using user's ID - String token = generateToken(userEntity.getId()); + String token = jwtTokenProvider.generateToken(userEntity.getId()); // Create and return UserDTO with token UserDTO userDTO = new UserDTO(); userDTO.setUsername(request.getUsername()); userDTO.setToken(token); + System.out.println("login: " + token); return userDTO; } } @@ -54,9 +56,8 @@ public class UserService { return null; } - private String generateToken(Integer userId) { - JwtTokenProvider tokenProvider = new JwtTokenProvider(); - return tokenProvider.generateToken(userId); + private String generateToken(Integer userId, JwtTokenProvider jwtTokenProvider) { + return jwtTokenProvider.generateToken(userId); } public boolean isUserExists(String username) { -- GitLab