Skip to content
Snippets Groups Projects
Commit d3abb138 authored by fakanpeter's avatar fakanpeter
Browse files

Fix: Adding dog without logging in SOLVED

parent 7a319e6a
No related branches found
No related tags found
No related merge requests found
...@@ -55,16 +55,29 @@ ...@@ -55,16 +55,29 @@
<artifactId>spring-security-core</artifactId> <artifactId>spring-security-core</artifactId>
<version>6.2.4</version> <version>6.2.4</version>
</dependency> </dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
<dependency> <dependency>
<groupId>javax.xml.bind</groupId> <groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId> <artifactId>jaxb-api</artifactId>
<version>2.3.1</version> <!-- Or the latest version --> <version>2.3.1</version> <!-- Or the latest version -->
</dependency> </dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.11.5</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
</dependencies> </dependencies>
<build> <build>
......
...@@ -25,6 +25,7 @@ import java.util.regex.Pattern; ...@@ -25,6 +25,7 @@ import java.util.regex.Pattern;
public class Controller { public class Controller {
private final DogService dogService; private final DogService dogService;
private final UserService userService; private final UserService userService;
private static final JwtTokenProvider jwtTokenProvider = JwtTokenProvider.getInstance();
@Autowired @Autowired
public Controller(DogService dogService, UserService userService) { public Controller(DogService dogService, UserService userService) {
...@@ -52,7 +53,9 @@ public class Controller { ...@@ -52,7 +53,9 @@ public class Controller {
@PostMapping("/newdog") @PostMapping("/newdog")
public ResponseEntity<?> addNewDog(@RequestBody DetailedDogDTO dto, @RequestHeader("Authorization") String token) { public ResponseEntity<?> addNewDog(@RequestBody DetailedDogDTO dto, @RequestHeader("Authorization") String token) {
System.out.println(token);
if(!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); if(!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
// Save the dog and picture // Save the dog and picture
try { try {
dogService.addNewDog(dto); dogService.addNewDog(dto);
...@@ -65,8 +68,6 @@ public class Controller { ...@@ -65,8 +68,6 @@ public class Controller {
@PostMapping(value = "/dogs/{id}/edit", consumes = MediaType.MULTIPART_FORM_DATA_VALUE) @PostMapping(value = "/dogs/{id}/edit", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
public ResponseEntity<?> editDog(@PathVariable Integer id, @RequestHeader("Authorization") String token, @RequestParam("dog") String stringDogDTO, @RequestParam("picture") MultipartFile mpf) { public ResponseEntity<?> editDog(@PathVariable Integer id, @RequestHeader("Authorization") String token, @RequestParam("dog") String stringDogDTO, @RequestParam("picture") MultipartFile mpf) {
if (!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); if (!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
System.out.println(stringDogDTO);
// Retrieve the dog entity from the database // Retrieve the dog entity from the database
Optional<DetailedDogDTO> optionalDog = dogService.get(id); Optional<DetailedDogDTO> optionalDog = dogService.get(id);
...@@ -124,7 +125,7 @@ public class Controller { ...@@ -124,7 +125,7 @@ public class Controller {
return ResponseEntity.badRequest().body(null); return ResponseEntity.badRequest().body(null);
} }
UserDTO userDTO = userService.login(request); UserDTO userDTO = userService.login(request, jwtTokenProvider);
if (userDTO == null) { if (userDTO == null) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
...@@ -167,12 +168,17 @@ public class Controller { ...@@ -167,12 +168,17 @@ public class Controller {
} }
private boolean isValidToken(String token) { private boolean isValidToken(String token) {
return token != null || verifyTokenSignature(token); return token != null && verifyTokenSignature(token);
} }
private boolean verifyTokenSignature(String token) { private boolean verifyTokenSignature(String token) {
JwtTokenProvider tokenProvider = new JwtTokenProvider(); if (token.startsWith("Bearer ")) {
return tokenProvider.validateToken(token); token = token.substring(7);
return jwtTokenProvider.validateToken(token);
} else {
return false;
}
} }
private abstract class ValidationError { private abstract class ValidationError {
......
...@@ -3,31 +3,45 @@ package hu.pazmany.security; ...@@ -3,31 +3,45 @@ package hu.pazmany.security;
import io.jsonwebtoken.Jwts; import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.JwtException; import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.security.Keys;
import javax.crypto.SecretKey;
public class JwtTokenProvider { public class JwtTokenProvider {
private static final JwtTokenProvider INSTANCE = new JwtTokenProvider();
private JwtTokenProvider() {
// private constructor to prevent instantiation
}
private final SecretKey secretKey = Keys.secretKeyFor(SignatureAlgorithm.HS512);
private final String secretKey = "cci5lQJvw4TX6vSdR2PIcTx4n9w2cE8F"; public static JwtTokenProvider getInstance() {
return INSTANCE;
}
public String generateToken(Integer userId) { public String generateToken(Integer userId) {
return Jwts.builder() String token = Jwts.builder()
.setSubject(String.valueOf(userId)) .setSubject(String.valueOf(userId))
.signWith(SignatureAlgorithm.HS512, secretKey) .signWith(secretKey)
.compact(); .compact();
System.out.println("Generated Token: " + token);
return token;
} }
public boolean validateToken(String token) { public boolean validateToken(String token) {
System.out.println("Parser token:" + token +"|");
try { try {
// Parse the token and extract the username // Parse the token and extract the username
String username = Jwts.parser() String userId = Jwts.parser()
.setSigningKey(secretKey.getBytes()) .setSigningKey(secretKey)
.parseClaimsJws(token) .parseClaimsJws(token)
.getBody() .getBody()
.getSubject(); .getSubject();
System.out.println(userId);
// Check if the username is not null or empty // Check if the username is not null or empty
return username != null && !username.isEmpty(); return userId != null && !userId.isEmpty();
} catch (JwtException | IllegalArgumentException e) { } catch (JwtException | IllegalArgumentException e) {
// Token is invalid or malformed // Token is invalid or malformed
System.out.println("Token validation failed: " + e.getMessage());
return false; return false;
} }
} }
......
...@@ -11,6 +11,7 @@ import org.springframework.stereotype.Service; ...@@ -11,6 +11,7 @@ import org.springframework.stereotype.Service;
import java.util.Optional; import java.util.Optional;
@Service @Service
public class UserService { public class UserService {
private final UserRepository userRepository; private final UserRepository userRepository;
...@@ -35,18 +36,19 @@ public class UserService { ...@@ -35,18 +36,19 @@ public class UserService {
userRepository.save(userEntity); userRepository.save(userEntity);
} }
public UserDTO login(UserDTO request) { public UserDTO login(UserDTO request, JwtTokenProvider jwtTokenProvider) {
Optional<UserEntity> userOptional = userRepository.findByUsername(request.getUsername()); Optional<UserEntity> userOptional = userRepository.findByUsername(request.getUsername());
if (userOptional.isPresent()) { if (userOptional.isPresent()) {
UserEntity userEntity = userOptional.get(); UserEntity userEntity = userOptional.get();
// Check if the password matches // Check if the password matches
if (passwordEncoder.matches(request.getPassword(), userEntity.getPassword())) { if (passwordEncoder.matches(request.getPassword(), userEntity.getPassword())) {
// Password matches, generate token using user's ID // Password matches, generate token using user's ID
String token = generateToken(userEntity.getId()); String token = jwtTokenProvider.generateToken(userEntity.getId());
// Create and return UserDTO with token // Create and return UserDTO with token
UserDTO userDTO = new UserDTO(); UserDTO userDTO = new UserDTO();
userDTO.setUsername(request.getUsername()); userDTO.setUsername(request.getUsername());
userDTO.setToken(token); userDTO.setToken(token);
System.out.println("login: " + token);
return userDTO; return userDTO;
} }
} }
...@@ -54,9 +56,8 @@ public class UserService { ...@@ -54,9 +56,8 @@ public class UserService {
return null; return null;
} }
private String generateToken(Integer userId) { private String generateToken(Integer userId, JwtTokenProvider jwtTokenProvider) {
JwtTokenProvider tokenProvider = new JwtTokenProvider(); return jwtTokenProvider.generateToken(userId);
return tokenProvider.generateToken(userId);
} }
public boolean isUserExists(String username) { public boolean isUserExists(String username) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment