diff --git a/src/main/java/com/example/nto/config/SecurityConfig.java b/src/main/java/com/example/nto/config/SecurityConfig.java index ff17a81..a1afea6 100644 --- a/src/main/java/com/example/nto/config/SecurityConfig.java +++ b/src/main/java/com/example/nto/config/SecurityConfig.java @@ -13,6 +13,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractAu import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @@ -27,8 +28,7 @@ public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { return http.csrf(AbstractHttpConfigurer::disable) - .authorizeHttpRequests(auth -> auth.requestMatchers(new AntPathRequestMatcher("/api/login")).permitAll() - .requestMatchers(new AntPathRequestMatcher("/api/**")).authenticated()) + .authorizeHttpRequests(auth -> auth.requestMatchers(new AntPathRequestMatcher("/api/auth")).permitAll().anyRequest().authenticated()) .formLogin(AbstractAuthenticationFilterConfigurer::permitAll) .getOrBuild(); } diff --git a/src/main/java/com/example/nto/controller/AuthController.java b/src/main/java/com/example/nto/controller/AuthController.java deleted file mode 100644 index 9c69481..0000000 --- a/src/main/java/com/example/nto/controller/AuthController.java +++ /dev/null @@ -1,21 +0,0 @@ -package com.example.nto.controller; - -import com.example.nto.model.dto.AuthCredentials; -import com.example.nto.service.AuthService; -import lombok.RequiredArgsConstructor; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.RestController; - -@RestController -@RequiredArgsConstructor -@RequestMapping("/api") -public class AuthController { - private final AuthService authService; - - @PostMapping("/auth") - public void auth(@RequestParam final AuthCredentials authCredentials) { - authService.auth(authCredentials); - } -} diff --git a/src/main/java/com/example/nto/controller/EmployeeController.java b/src/main/java/com/example/nto/controller/EmployeeController.java index 1884aaf..d171aef 100644 --- a/src/main/java/com/example/nto/controller/EmployeeController.java +++ b/src/main/java/com/example/nto/controller/EmployeeController.java @@ -14,13 +14,17 @@ public class EmployeeController { private final EmployeeService employeeService; -// @PreAuthorize("hasAuthority('User', 'Admin')") + @GetMapping("/auth") + public void EmployeeExists(@RequestParam final String login) { + employeeService.employeeExists(login); + } +// @PreAuthorize("hasAuthority('ROLE_ADMIN')") @GetMapping("/info") public Employee info(@RequestParam final String login) { return employeeService.getEmployee(login); } -// @PreAuthorize("hasAuthority('User', 'Admin')") +// @PreAuthorize("hasAuthority('ROLE_USER', 'ROLE_ADMIN')") @PatchMapping("/open") public void open(@RequestParam final String login, @RequestBody final Code code) { employeeService.updateVisit(login, code.getValue()); diff --git a/src/main/java/com/example/nto/service/AuthService.java b/src/main/java/com/example/nto/service/AuthService.java deleted file mode 100644 index 5306b87..0000000 --- a/src/main/java/com/example/nto/service/AuthService.java +++ /dev/null @@ -1,7 +0,0 @@ -package com.example.nto.service; - -import com.example.nto.model.dto.AuthCredentials; - -public interface AuthService { - void auth(AuthCredentials authCredentials); -} diff --git a/src/main/java/com/example/nto/service/EmployeeService.java b/src/main/java/com/example/nto/service/EmployeeService.java index 0741f3f..2303ebf 100644 --- a/src/main/java/com/example/nto/service/EmployeeService.java +++ b/src/main/java/com/example/nto/service/EmployeeService.java @@ -5,6 +5,8 @@ import org.springframework.security.core.userdetails.UserDetails; public interface EmployeeService { + void employeeExists(final String login); + Employee getEmployee(String login); void updateVisit(String login, long value); diff --git a/src/main/java/com/example/nto/service/impl/AuthServiceImpl.java b/src/main/java/com/example/nto/service/impl/AuthServiceImpl.java deleted file mode 100644 index 4130648..0000000 --- a/src/main/java/com/example/nto/service/impl/AuthServiceImpl.java +++ /dev/null @@ -1,21 +0,0 @@ -package com.example.nto.service.impl; - -import com.example.nto.model.dto.AuthCredentials; -import com.example.nto.model.entity.Employee; -import com.example.nto.service.AuthService; -import com.example.nto.service.EmployeeCredentialsService; -import lombok.RequiredArgsConstructor; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.stereotype.Service; - -@Service -@RequiredArgsConstructor -public class AuthServiceImpl implements AuthService { - - private final AuthenticationManager authenticationManager; - - public void auth(AuthCredentials authCredentials) { - authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(authCredentials.getLogin(), authCredentials.getPassword())); - } -} diff --git a/src/main/java/com/example/nto/service/impl/EmployeeCredentialsServiceImpl.java b/src/main/java/com/example/nto/service/impl/EmployeeCredentialsServiceImpl.java index cc75d45..774575f 100644 --- a/src/main/java/com/example/nto/service/impl/EmployeeCredentialsServiceImpl.java +++ b/src/main/java/com/example/nto/service/impl/EmployeeCredentialsServiceImpl.java @@ -10,6 +10,7 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; @Service public class EmployeeCredentialsServiceImpl implements EmployeeCredentialsService, UserDetailsService { diff --git a/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java b/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java index 139d745..bffd7a9 100644 --- a/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java +++ b/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java @@ -13,6 +13,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Service; @@ -28,8 +29,17 @@ public class EmployeeServiceImpl implements EmployeeService { private final CodeRepository codeRepository; + @Override + public void employeeExists(final String login) { + if (!employeeRepository.existsByLogin(login)) { + throw new EmployeeNotFoundException(); + } + } + @Override public Employee getEmployee(final String login) { + var encoder = new BCryptPasswordEncoder(); + System.out.println(encoder.encode("nigger")); if (!employeeRepository.existsByLogin(login)) { throw new EmployeeNotFoundException(); } diff --git a/src/main/resources/data.sql b/src/main/resources/data.sql index 8a6f29d..0809db5 100644 --- a/src/main/resources/data.sql +++ b/src/main/resources/data.sql @@ -1,9 +1,9 @@ -INSERT INTO employee (id, login, name, photo, position, last_visit, role) +INSERT INTO employee (id, login, password, name, photo, position, last_visit, role) VALUES -(1, 'pivanov', 'Иванов Петр Федорович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-12T08:30', 'USER'), -(2, 'ipetrov', 'Петров Иван Константинович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Аналитик', '2024-02-13T08:35', 'ADMIN'), -(3, 'asemenov', 'Семенов Анатолий Анатольевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-13T08:31', 'USER'), -(4, 'afedorov', 'Федоров Александр Сергеевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Тестировщик', '2024-02-12T08:36', 'USER'); +(1, 'pivanov', '$2a$10$ciGeZy83rnnmeVDJylnAAuqg2z3ZfXNIS.8PYwRQdPrbguAybtUbe', 'Иванов Петр Федорович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-12T08:30', 'USER'), +(2, 'ipetrov', 'cringe', 'Петров Иван Константинович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Аналитик', '2024-02-13T08:35', 'ADMIN'), +(3, 'asemenov', 'pupupu', 'Семенов Анатолий Анатольевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-13T08:31', 'USER'), +(4, 'afedorov', '$2a$10$4tbL.Kp1e4TB1Luq86hzAeAdDgBLoqH3Kh0GaR5RmkNni5lzre3oO', 'Федоров Александр Сергеевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Тестировщик', '2024-02-12T08:36', 'USER'); INSERT INTO code (value) VALUES