From d3abb138c46c4343ef6bae9cde7f84d29427c48f Mon Sep 17 00:00:00 2001
From: fakanpeter <fakanpeti@gmail.com>
Date: Tue, 14 May 2024 21:04:57 +0200
Subject: [PATCH] Fix: Adding dog without logging in SOLVED
---
backend/pom.xml | 23 +++++++++++----
.../hu/pazmany/controller/Controller.java | 18 ++++++++----
.../hu/pazmany/security/JwtTokenProvider.java | 28 ++++++++++++++-----
.../java/hu/pazmany/service/UserService.java | 11 ++++----
4 files changed, 57 insertions(+), 23 deletions(-)
diff --git a/backend/pom.xml b/backend/pom.xml
index 612acbb..f26b207 100644
--- a/backend/pom.xml
+++ b/backend/pom.xml
@@ -55,16 +55,29 @@
<artifactId>spring-security-core</artifactId>
<version>6.2.4</version>
</dependency>
- <dependency>
- <groupId>io.jsonwebtoken</groupId>
- <artifactId>jjwt</artifactId>
- <version>0.9.0</version>
- </dependency>
+
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.1</version> <!-- Or the latest version -->
</dependency>
+ <dependency>
+ <groupId>io.jsonwebtoken</groupId>
+ <artifactId>jjwt-api</artifactId>
+ <version>0.11.5</version>
+ </dependency>
+ <dependency>
+ <groupId>io.jsonwebtoken</groupId>
+ <artifactId>jjwt-impl</artifactId>
+ <version>0.11.5</version>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>io.jsonwebtoken</groupId>
+ <artifactId>jjwt-jackson</artifactId>
+ <version>0.11.5</version>
+ <scope>runtime</scope>
+ </dependency>
</dependencies>
<build>
diff --git a/backend/src/main/java/hu/pazmany/controller/Controller.java b/backend/src/main/java/hu/pazmany/controller/Controller.java
index 1a9d045..9c9fa99 100644
--- a/backend/src/main/java/hu/pazmany/controller/Controller.java
+++ b/backend/src/main/java/hu/pazmany/controller/Controller.java
@@ -25,6 +25,7 @@ import java.util.regex.Pattern;
public class Controller {
private final DogService dogService;
private final UserService userService;
+ private static final JwtTokenProvider jwtTokenProvider = JwtTokenProvider.getInstance();
@Autowired
public Controller(DogService dogService, UserService userService) {
@@ -52,7 +53,9 @@ public class Controller {
@PostMapping("/newdog")
public ResponseEntity<?> addNewDog(@RequestBody DetailedDogDTO dto, @RequestHeader("Authorization") String token) {
+ System.out.println(token);
if(!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+
// Save the dog and picture
try {
dogService.addNewDog(dto);
@@ -65,8 +68,6 @@ public class Controller {
@PostMapping(value = "/dogs/{id}/edit", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
public ResponseEntity<?> editDog(@PathVariable Integer id, @RequestHeader("Authorization") String token, @RequestParam("dog") String stringDogDTO, @RequestParam("picture") MultipartFile mpf) {
if (!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
- System.out.println(stringDogDTO);
-
// Retrieve the dog entity from the database
Optional<DetailedDogDTO> optionalDog = dogService.get(id);
@@ -124,7 +125,7 @@ public class Controller {
return ResponseEntity.badRequest().body(null);
}
- UserDTO userDTO = userService.login(request);
+ UserDTO userDTO = userService.login(request, jwtTokenProvider);
if (userDTO == null) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
@@ -167,12 +168,17 @@ public class Controller {
}
private boolean isValidToken(String token) {
- return token != null || verifyTokenSignature(token);
+ return token != null && verifyTokenSignature(token);
}
private boolean verifyTokenSignature(String token) {
- JwtTokenProvider tokenProvider = new JwtTokenProvider();
- return tokenProvider.validateToken(token);
+ if (token.startsWith("Bearer ")) {
+ token = token.substring(7);
+ return jwtTokenProvider.validateToken(token);
+ } else {
+ return false;
+ }
+
}
private abstract class ValidationError {
diff --git a/backend/src/main/java/hu/pazmany/security/JwtTokenProvider.java b/backend/src/main/java/hu/pazmany/security/JwtTokenProvider.java
index 685ea37..fa8e251 100644
--- a/backend/src/main/java/hu/pazmany/security/JwtTokenProvider.java
+++ b/backend/src/main/java/hu/pazmany/security/JwtTokenProvider.java
@@ -3,31 +3,45 @@ package hu.pazmany.security;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.JwtException;
+import io.jsonwebtoken.security.Keys;
+
+import javax.crypto.SecretKey;
public class JwtTokenProvider {
+ private static final JwtTokenProvider INSTANCE = new JwtTokenProvider();
+ private JwtTokenProvider() {
+ // private constructor to prevent instantiation
+ }
+ private final SecretKey secretKey = Keys.secretKeyFor(SignatureAlgorithm.HS512);
- private final String secretKey = "cci5lQJvw4TX6vSdR2PIcTx4n9w2cE8F";
+ public static JwtTokenProvider getInstance() {
+ return INSTANCE;
+ }
public String generateToken(Integer userId) {
- return Jwts.builder()
+ String token = Jwts.builder()
.setSubject(String.valueOf(userId))
- .signWith(SignatureAlgorithm.HS512, secretKey)
+ .signWith(secretKey)
.compact();
+ System.out.println("Generated Token: " + token);
+ return token;
}
public boolean validateToken(String token) {
+ System.out.println("Parser token:" + token +"|");
try {
// Parse the token and extract the username
- String username = Jwts.parser()
- .setSigningKey(secretKey.getBytes())
+ String userId = Jwts.parser()
+ .setSigningKey(secretKey)
.parseClaimsJws(token)
.getBody()
.getSubject();
-
+ System.out.println(userId);
// Check if the username is not null or empty
- return username != null && !username.isEmpty();
+ return userId != null && !userId.isEmpty();
} catch (JwtException | IllegalArgumentException e) {
// Token is invalid or malformed
+ System.out.println("Token validation failed: " + e.getMessage());
return false;
}
}
diff --git a/backend/src/main/java/hu/pazmany/service/UserService.java b/backend/src/main/java/hu/pazmany/service/UserService.java
index 63e08f9..32df07e 100644
--- a/backend/src/main/java/hu/pazmany/service/UserService.java
+++ b/backend/src/main/java/hu/pazmany/service/UserService.java
@@ -11,6 +11,7 @@ import org.springframework.stereotype.Service;
import java.util.Optional;
+
@Service
public class UserService {
private final UserRepository userRepository;
@@ -35,18 +36,19 @@ public class UserService {
userRepository.save(userEntity);
}
- public UserDTO login(UserDTO request) {
+ public UserDTO login(UserDTO request, JwtTokenProvider jwtTokenProvider) {
Optional<UserEntity> userOptional = userRepository.findByUsername(request.getUsername());
if (userOptional.isPresent()) {
UserEntity userEntity = userOptional.get();
// Check if the password matches
if (passwordEncoder.matches(request.getPassword(), userEntity.getPassword())) {
// Password matches, generate token using user's ID
- String token = generateToken(userEntity.getId());
+ String token = jwtTokenProvider.generateToken(userEntity.getId());
// Create and return UserDTO with token
UserDTO userDTO = new UserDTO();
userDTO.setUsername(request.getUsername());
userDTO.setToken(token);
+ System.out.println("login: " + token);
return userDTO;
}
}
@@ -54,9 +56,8 @@ public class UserService {
return null;
}
- private String generateToken(Integer userId) {
- JwtTokenProvider tokenProvider = new JwtTokenProvider();
- return tokenProvider.generateToken(userId);
+ private String generateToken(Integer userId, JwtTokenProvider jwtTokenProvider) {
+ return jwtTokenProvider.generateToken(userId);
}
public boolean isUserExists(String username) {
--
GitLab