diff --git a/src/main/java/com/example/onomatopoeiaback/controller/EmployeeController.java b/src/main/java/com/example/onomatopoeiaback/controller/EmployeeController.java index 41362e8..ca379de 100644 --- a/src/main/java/com/example/onomatopoeiaback/controller/EmployeeController.java +++ b/src/main/java/com/example/onomatopoeiaback/controller/EmployeeController.java @@ -5,12 +5,14 @@ import com.example.onomatopoeiaback.domain.employee.Employee; import com.example.onomatopoeiaback.domain.employee.EmployeeDTO; import com.example.onomatopoeiaback.domain.visit.Visit; import com.example.onomatopoeiaback.domain.visit.VisitDTO; +import com.example.onomatopoeiaback.security.Auth; import com.example.onomatopoeiaback.service.EmployeeService; import com.example.onomatopoeiaback.service.VisitService; import io.swagger.v3.oas.annotations.security.SecurityRequirement; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.Authentication; import org.springframework.web.bind.annotation.*; import java.util.List; @@ -28,27 +30,27 @@ public class EmployeeController { @PostMapping("/create") @SecurityRequirement(name = "basicAuth") - public ResponseEntity createEmployee(@RequestBody EmployeeDTO employeeDTO) { + public ResponseEntity createEmployee(Authentication authentication, @RequestBody EmployeeDTO employeeDTO) { return ResponseEntity.ok(employeeService.createEmployee(employeeDTO)); } - @GetMapping("/{username}/info") + @GetMapping("/info") @SecurityRequirement(name = "basicAuth") - public ResponseEntity info(@PathVariable String username) { - return ResponseEntity.ok(employeeService.info(username)); + public ResponseEntity info(Authentication authentication) { + return ResponseEntity.ok(employeeService.info(Auth.getEmployee(authentication).getLogin())); } - @GetMapping("/{username}/auth") + @GetMapping("/auth") @SecurityRequirement(name = "basicAuth") - public ResponseEntity auth(@PathVariable String username) { - employeeService.auth(username); + public ResponseEntity auth(Authentication authentication) { + employeeService.auth(Auth.getEmployee(authentication).getLogin()); return new ResponseEntity<>(HttpStatus.OK); } - @PatchMapping("/{username}/open") + @PatchMapping("/open") @SecurityRequirement(name = "basicAuth") - public ResponseEntity open(@PathVariable String username, @RequestBody VisitDTO visitDTO) { - visitService.register(username, visitDTO); + public ResponseEntity open(Authentication authentication, @RequestBody VisitDTO visitDTO) { + visitService.register(Auth.getEmployee(authentication).getLogin(), visitDTO); return new ResponseEntity<>(HttpStatus.OK); } } diff --git a/src/main/java/com/example/onomatopoeiaback/controller/QrCodeController.java b/src/main/java/com/example/onomatopoeiaback/controller/QrCodeController.java index 5bffd98..0b8b677 100644 --- a/src/main/java/com/example/onomatopoeiaback/controller/QrCodeController.java +++ b/src/main/java/com/example/onomatopoeiaback/controller/QrCodeController.java @@ -24,7 +24,6 @@ public class QrCodeController { @PostMapping("/create") @SecurityRequirement(name = "basicAuth") public ResponseEntity createQrCode(Authentication authentication, @RequestParam String name) { - Auth.getEmployee(authentication); return ResponseEntity.ok(qrCodeService.createQrCode(name)); } } diff --git a/src/main/java/com/example/onomatopoeiaback/controller/VisitController.java b/src/main/java/com/example/onomatopoeiaback/controller/VisitController.java index 4c40b3c..adc0bb9 100644 --- a/src/main/java/com/example/onomatopoeiaback/controller/VisitController.java +++ b/src/main/java/com/example/onomatopoeiaback/controller/VisitController.java @@ -6,6 +6,7 @@ import com.example.onomatopoeiaback.service.VisitService; import io.swagger.v3.oas.annotations.security.SecurityRequirement; import org.springframework.data.domain.Page; import org.springframework.http.ResponseEntity; +import org.springframework.security.core.Authentication; import org.springframework.web.bind.annotation.*; import java.util.List; @@ -22,6 +23,7 @@ public class VisitController { @GetMapping("/{login}/visits") @SecurityRequirement(name = "basicAuth") public ResponseEntity> getVisits( + Authentication authentication, @PathVariable String login, @RequestParam(defaultValue = "0") int page, @RequestParam(defaultValue = "10") int size) { diff --git a/src/main/java/com/example/onomatopoeiaback/security/CustomAuthenticationProvider.java b/src/main/java/com/example/onomatopoeiaback/security/CustomAuthenticationProvider.java index c4a3f43..29f1232 100644 --- a/src/main/java/com/example/onomatopoeiaback/security/CustomAuthenticationProvider.java +++ b/src/main/java/com/example/onomatopoeiaback/security/CustomAuthenticationProvider.java @@ -2,7 +2,6 @@ package com.example.onomatopoeiaback.security; import com.example.onomatopoeiaback.exceptions.BadRequestException; import com.example.onomatopoeiaback.exceptions.ForbiddenException; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; diff --git a/src/main/java/com/example/onomatopoeiaback/security/NoPopupBasicAuthenticationEntryPoint.java b/src/main/java/com/example/onomatopoeiaback/security/NoPopupBasicAuthenticationEntryPoint.java index 8ecf956..8319fdb 100644 --- a/src/main/java/com/example/onomatopoeiaback/security/NoPopupBasicAuthenticationEntryPoint.java +++ b/src/main/java/com/example/onomatopoeiaback/security/NoPopupBasicAuthenticationEntryPoint.java @@ -9,11 +9,13 @@ import org.springframework.security.web.AuthenticationEntryPoint; import java.io.IOException; public class NoPopupBasicAuthenticationEntryPoint implements AuthenticationEntryPoint { - @Override public void commence(HttpServletRequest request, HttpServletResponse response, - AuthenticationException authException) throws IOException { - response.sendError(HttpServletResponse.SC_FORBIDDEN, authException.getMessage()); + AuthenticationException authException) throws IOException, ServletException { + int statusCode = response.getStatus(); + if (statusCode == 200) { + statusCode = HttpServletResponse.SC_FORBIDDEN; + } + response.sendError(statusCode, authException.getMessage()); } - } \ No newline at end of file diff --git a/src/main/java/com/example/onomatopoeiaback/security/SecurityConfig.java b/src/main/java/com/example/onomatopoeiaback/security/SecurityConfig.java index a2e599c..cae79e3 100644 --- a/src/main/java/com/example/onomatopoeiaback/security/SecurityConfig.java +++ b/src/main/java/com/example/onomatopoeiaback/security/SecurityConfig.java @@ -8,8 +8,11 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; @Configuration diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index f5a05d1..43f9129 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -10,4 +10,4 @@ spring.datasource.password=MobileDev spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.PostgreSQLDialect spring.jpa.hibernate.ddl-auto=update # set up https -server.forward-headers-strategy=framework \ No newline at end of file +server.forward-headers-strategy=framework diff --git a/src/main/resources/default-admin.sql b/src/main/resources/default-admin.sql new file mode 100644 index 0000000..e69de29