From 28d252279a83dad0c0b4f8f0ddd06fdda826c56d Mon Sep 17 00:00:00 2001 From: Bartha Maxime <231026@umons.ac.be> Date: Mon, 11 Mar 2024 22:33:53 +0100 Subject: [PATCH 1/5] added a small description --- .../java/ovh/herisson/Clyde/Tables/User.java | 26 ++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java b/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java index 101ec9e..5ba70ab 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java @@ -8,7 +8,6 @@ import java.util.Date; //et l'attribut tokenApi doit encore être ajouté vu qu'il faut en discuter @Entity -//Je rajoute un s au nom de la table pour éviter les conflits avec les mots réservés @Table(name = "Users") public class User { @Id @@ -37,6 +36,31 @@ public class User { this.password = password; } + + /** Constructor for the first registration request from a student (can't specify a Role) + * + * @param lastName + * @param firstName + * @param email + * @param address + * @param country + * @param birthDate + * @param profilePictureUrl + * @param password + */ + public User(String lastName, String firstName, String email, String address, + String country, Date birthDate, String profilePictureUrl, String password) + { + this.lastName = lastName; + this.firstName = firstName; + this.email = email; + this.address = address; + this.country = country; + this.birthDate = birthDate; + this.profilePictureUrl = profilePictureUrl; + this.password = password; + this.role = Role.Student; + } public User() {} public int getRegNo(){ From 5c728098dff85db2dc61fcf4153d7d6269614ffe Mon Sep 17 00:00:00 2001 From: Bartha Maxime <231026@umons.ac.be> Date: Tue, 12 Mar 2024 00:03:32 +0100 Subject: [PATCH 2/5] protected post /user and get/users and return without password --- .../Clyde/EndPoints/UserController.java | 47 ++++++++++++++++--- 1 file changed, 41 insertions(+), 6 deletions(-) diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java index 43bcd0c..4a20058 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java @@ -8,8 +8,11 @@ import org.springframework.web.bind.annotation.*; import ovh.herisson.Clyde.Responses.UnauthorizedResponse; import ovh.herisson.Clyde.Services.AuthenticatorService; import ovh.herisson.Clyde.Services.UserService; +import ovh.herisson.Clyde.Tables.Role; import ovh.herisson.Clyde.Tables.User; +import java.util.ArrayList; + @RestController @CrossOrigin(origins = "http://localhost:5173") @@ -23,25 +26,57 @@ public class UserController { } @GetMapping("/user") - public ResponseEntity getUser(@RequestHeader("Cookie") String authorization){ + public ResponseEntity getUser(@RequestHeader("Authorization") String authorization){ if (authorization == null) return new UnauthorizedResponse<>(null); User user = authServ.getUserFromToken(authorization); if (user == null) return new UnauthorizedResponse<>(null); - return new ResponseEntity<>(user, HttpStatus.OK); + + return new ResponseEntity<>(userWithoutPassword(user), HttpStatus.OK); } - @PostMapping("/user") //todo check role - public ResponseEntity postUser(@RequestBody User user){ + @PostMapping("/user") + public ResponseEntity postUser(@RequestBody User user,@RequestHeader("Authorization") String authorization){ + + if (authorization == null) return new UnauthorizedResponse<>(null); + User poster = authServ.getUserFromToken(authorization); + + if (poster.getRole() != Role.Secretary || poster.getRole() != Role.Admin) + return new UnauthorizedResponse<>(null); + + userService.save(user); return new ResponseEntity<>(String.format("Account created with ID:%s",user.getRegNo()),HttpStatus.CREATED); } @GetMapping("/users") - public Iterable getAllUsers(){ - return userService.getAll(); + public ResponseEntity> getAllUsers(@RequestHeader("Authorization") String authorization){ + + if (authorization == null) return new UnauthorizedResponse<>(null); + User poster = authServ.getUserFromToken(authorization); + + if (poster == null) return new UnauthorizedResponse<>(null); + + if (poster.getRole() != Role.Secretary || poster.getRole() != Role.Admin) + return new UnauthorizedResponse<>(null); + + Iterable users = userService.getAll(); + ArrayList withoutPassword = new ArrayList<>(); + + for (User u :users){ + withoutPassword.add(userWithoutPassword(u)); + } + return new ResponseEntity<>(withoutPassword, HttpStatus.OK); } + + /** return user's data except password + * @param user the user to return + * @return all the user data without the password + */ + private Object[] userWithoutPassword(User user){ + return new Object[] {user.getRegNo(),user.getFirstName(),user.getLastName(),user.getBirthDate(),user.getCountry(),user.getAddress(),user.getRole()}; + } } From dae59f67ce08e7fabc1d86684d4a1cb00c69aef3 Mon Sep 17 00:00:00 2001 From: Bartha Maxime <231026@umons.ac.be> Date: Tue, 12 Mar 2024 22:35:25 +0100 Subject: [PATCH 3/5] encoding the password before saving it oups I Forgor --- .../herisson/Clyde/EndPoints/MockController.java | 8 ++++---- .../ovh/herisson/Clyde/Services/UserService.java | 14 ++++++-------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java index 18fea23..7a57013 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java @@ -41,10 +41,10 @@ public class MockController { @PostMapping("/mock") public void postMock(){ - User herobrine = new User("brine","hero","admin@admin.com","in your WalLs","ShadowsLand",new Date(0), "none",Role.Admin,passwordEncoder.encode("admin")); - User joe = new User("Mama","Joe","student@student.com","roundabout","DaWarudo",new Date(0), "None",Role.Student,passwordEncoder.encode("student")); - User meh = new User("Inspiration","lackOf","secretary@secretary.com","a Box","the street",new Date(0),"none", Role.Teacher,passwordEncoder.encode("secretary")); - User joke = new User("CthemBalls","Lemme","teacher@teacher.com","lab","faculty",new Date(0), "none",Role.Teacher,passwordEncoder.encode("teacher")); + User herobrine = new User("brine","hero","admin@admin.com","in your WalLs","ShadowsLand",new Date(0), "none",Role.Admin,"admin"); + User joe = new User("Mama","Joe","student@student.com","roundabout","DaWarudo",new Date(0), "None",Role.Student,"student"); + User meh = new User("Inspiration","lackOf","secretary@secretary.com","a Box","the street",new Date(0),"none", Role.Teacher,"secretary"); + User joke = new User("CthemBalls","Lemme","teacher@teacher.com","lab","faculty",new Date(0), "none",Role.Teacher,"teacher"); mockUsers = new ArrayList(Arrays.asList(herobrine,joe,meh,joke)); diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java index f16c68f..ca04fff 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java @@ -5,16 +5,10 @@ import org.springframework.stereotype.Service; import ovh.herisson.Clyde.Repositories.UserRepository; import ovh.herisson.Clyde.Tables.Role; import ovh.herisson.Clyde.Tables.User; - -import java.text.DateFormat; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Date; -import java.util.List; +import java.util.*; @Service public class UserService { - private final UserRepository userRepo; private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); @@ -35,16 +29,20 @@ public class UserService { } + public boolean checkPassword(User user, String tryingPassword){ return passwordEncoder.matches(tryingPassword, user.getPassword()); } public void save(User user){ + user.setPassword(encodePassword(user.getPassword())); userRepo.save(user); } public Iterable getAll(){ return userRepo.findAll(); } - + public String encodePassword(String rawPassword){ + return passwordEncoder.encode(rawPassword); + } } \ No newline at end of file From 4b0ea8cf4060b04608d78717b5955f676c78a37e Mon Sep 17 00:00:00 2001 From: Bartha Maxime <231026@umons.ac.be> Date: Tue, 12 Mar 2024 23:08:18 +0100 Subject: [PATCH 4/5] added the post /user Endpoint --- .../Clyde/EndPoints/MockController.java | 8 +-- .../Clyde/EndPoints/UserController.java | 49 ++++++++++----- .../herisson/Clyde/Services/UserService.java | 62 +++++++++++++++++++ .../java/ovh/herisson/Clyde/Tables/User.java | 4 +- 4 files changed, 101 insertions(+), 22 deletions(-) diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java index 7a57013..8ae4217 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java @@ -41,10 +41,10 @@ public class MockController { @PostMapping("/mock") public void postMock(){ - User herobrine = new User("brine","hero","admin@admin.com","in your WalLs","ShadowsLand",new Date(0), "none",Role.Admin,"admin"); - User joe = new User("Mama","Joe","student@student.com","roundabout","DaWarudo",new Date(0), "None",Role.Student,"student"); - User meh = new User("Inspiration","lackOf","secretary@secretary.com","a Box","the street",new Date(0),"none", Role.Teacher,"secretary"); - User joke = new User("CthemBalls","Lemme","teacher@teacher.com","lab","faculty",new Date(0), "none",Role.Teacher,"teacher"); + User herobrine = new User("brine","hero","admin@admin.com","in your WalLs","ShadowsLand",new Date(0), "none",Role.Admin,passwordEncoder.encode("admin")); + User joe = new User("Mama","Joe","student@student.com","roundabout","DaWarudo",new Date(0), "None",Role.Student,passwordEncoder.encode("student")); + User meh = new User("Inspiration","lackOf","secretary@secretary.com","a Box","the street",new Date(0),"none", Role.Teacher, passwordEncoder.encode("secretary")); + User joke = new User("CthemBalls","Lemme","teacher@teacher.com","lab","faculty",new Date(0), "none",Role.Teacher, passwordEncoder.encode("teacher")); mockUsers = new ArrayList(Arrays.asList(herobrine,joe,meh,joke)); diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java index 4a20058..0ca4d47 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java @@ -1,8 +1,10 @@ package ovh.herisson.Clyde.EndPoints; +import jakarta.servlet.http.HttpServletRequest; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import ovh.herisson.Clyde.Responses.UnauthorizedResponse; @@ -11,7 +13,9 @@ import ovh.herisson.Clyde.Services.UserService; import ovh.herisson.Clyde.Tables.Role; import ovh.herisson.Clyde.Tables.User; +import java.io.IOException; import java.util.ArrayList; +import java.util.Map; @RestController @@ -38,13 +42,9 @@ public class UserController { @PostMapping("/user") public ResponseEntity postUser(@RequestBody User user,@RequestHeader("Authorization") String authorization){ - if (authorization == null) return new UnauthorizedResponse<>(null); - User poster = authServ.getUserFromToken(authorization); - - if (poster.getRole() != Role.Secretary || poster.getRole() != Role.Admin) + if (!isSecretaryOrAdmin(authorization)) return new UnauthorizedResponse<>(null); - userService.save(user); return new ResponseEntity<>(String.format("Account created with ID:%s",user.getRegNo()),HttpStatus.CREATED); } @@ -52,12 +52,7 @@ public class UserController { @GetMapping("/users") public ResponseEntity> getAllUsers(@RequestHeader("Authorization") String authorization){ - if (authorization == null) return new UnauthorizedResponse<>(null); - User poster = authServ.getUserFromToken(authorization); - - if (poster == null) return new UnauthorizedResponse<>(null); - - if (poster.getRole() != Role.Secretary || poster.getRole() != Role.Admin) + if (!isSecretaryOrAdmin(authorization)) return new UnauthorizedResponse<>(null); Iterable users = userService.getAll(); @@ -68,15 +63,37 @@ public class UserController { } return new ResponseEntity<>(withoutPassword, HttpStatus.OK); } + @PatchMapping("/user") + public ResponseEntity patchUser(@RequestBody Map updates, @RequestHeader("Authorization") String authorization) { + + if (authorization == null) return new UnauthorizedResponse<>(null); + + User poster = authServ.getUserFromToken(authorization); + if (poster == null) {return new UnauthorizedResponse<>("bad authorization");} + + if (!userService.modifyData(poster, updates, poster)) + return new UnauthorizedResponse<>("there was an issue with the updates requested"); + + return new ResponseEntity<>("data modified", HttpStatus.OK); + } - - /** return user's data except password - * @param user the user to return - * @return all the user data without the password - */ + /** return user's data except password + * @param user the user to return + * @return all the user data without the password + */ private Object[] userWithoutPassword(User user){ return new Object[] {user.getRegNo(),user.getFirstName(),user.getLastName(),user.getBirthDate(),user.getCountry(),user.getAddress(),user.getRole()}; } + + private boolean isSecretaryOrAdmin(String authorization){ + if (authorization ==null) + return false; + + User poster = authServ.getUserFromToken(authorization); + if (poster == null) return false; + + return poster.getRole() == Role.Secretary && poster.getRole() == Role.Admin; + } } diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java index ca04fff..79ec04a 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java @@ -28,6 +28,68 @@ public class UserService { } } + /** modify the target data + * verify the permission of modifying from the poster + * + * @param poster the user wanting to modify target's data + * @param updates the changes to be made + * @param target the user to update + * @return if the changes were done or not + */ + public boolean modifyData(User poster, Map updates, User target){ + + System.out.printf("%s and %s",poster.getRegNo(),target.getRegNo()); + if (poster.getRegNo().equals(target.getRegNo())){ + for (Map.Entry entry : updates.entrySet()){ + + if ( entry.getKey().equals("regNo") || entry.getKey().equals("role")) {return false;} + + switch (entry.getKey()){ + case "firstName": + target.setFirstName((String) entry.getValue()); + break; + case "lastName": + target.setLastName((String) entry.getValue()); + break; + case "email": + target.setEmail((String) entry.getValue()); + break; + case "address": + target.setAddress((String) entry.getValue()); + break; + case "country": + target.setCountry((String) entry.getValue()); + break; + case "birthDate": + target.setBirthDate((Date) entry.getValue()); + break; + case "profilePictureUrl": + target.setProfilePictureUrl((String) entry.getValue()); + break; + case "password": + target.setPassword(encodePassword((String) entry.getValue())); + break; + } + } + userRepo.save(target); + return true; + } + // the secretary can change roles (for example if a student becomes a teacher) + else if (poster.getRole() == Role.Secretary) + { + for (Map.Entry entry : updates.entrySet()){ + + if ( !entry.getKey().equals("role")) {return false;} + + if (entry.getValue() == Role.Admin){return false;} + + target.setRole((Role) entry.getValue()); + userRepo.save(target); + return true; + } + } + return false; + } public boolean checkPassword(User user, String tryingPassword){ diff --git a/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java b/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java index 5ba70ab..7a2c51d 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Tables/User.java @@ -12,7 +12,7 @@ import java.util.Date; public class User { @Id @GeneratedValue(strategy = GenerationType.AUTO) - private int regNo; + private Long regNo; private String lastName; private String firstName; private String email; @@ -63,7 +63,7 @@ public class User { } public User() {} - public int getRegNo(){ + public Long getRegNo(){ return this.regNo; } public String getLastName() { From 4b1db883e25afb3ed780d8f9f837857cb58aaf00 Mon Sep 17 00:00:00 2001 From: Bartha Maxime <231026@umons.ac.be> Date: Wed, 13 Mar 2024 15:28:17 +0100 Subject: [PATCH 5/5] updated tonitch's reviews --- .../Clyde/EndPoints/UserController.java | 21 ++++++++++++++----- .../herisson/Clyde/Services/UserService.java | 8 ++----- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java index 0ca4d47..63df79f 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java @@ -15,6 +15,7 @@ import ovh.herisson.Clyde.Tables.User; import java.io.IOException; import java.util.ArrayList; +import java.util.HashMap; import java.util.Map; @@ -30,7 +31,7 @@ public class UserController { } @GetMapping("/user") - public ResponseEntity getUser(@RequestHeader("Authorization") String authorization){ + public ResponseEntity> getUser(@RequestHeader("Authorization") String authorization){ if (authorization == null) return new UnauthorizedResponse<>(null); User user = authServ.getUserFromToken(authorization); @@ -50,13 +51,13 @@ public class UserController { } @GetMapping("/users") - public ResponseEntity> getAllUsers(@RequestHeader("Authorization") String authorization){ + public ResponseEntity>> getAllUsers(@RequestHeader("Authorization") String authorization){ if (!isSecretaryOrAdmin(authorization)) return new UnauthorizedResponse<>(null); Iterable users = userService.getAll(); - ArrayList withoutPassword = new ArrayList<>(); + ArrayList> withoutPassword = new ArrayList<>(); for (User u :users){ withoutPassword.add(userWithoutPassword(u)); @@ -82,8 +83,18 @@ public class UserController { * @param user the user to return * @return all the user data without the password */ - private Object[] userWithoutPassword(User user){ - return new Object[] {user.getRegNo(),user.getFirstName(),user.getLastName(),user.getBirthDate(),user.getCountry(),user.getAddress(),user.getRole()}; + private HashMap userWithoutPassword(User user){ + HashMap toReturn = new HashMap<>(); + + toReturn.put("regNo",user.getRegNo()); + toReturn.put("firstName",user.getFirstName()); + toReturn.put("lastName",user.getLastName()); + toReturn.put("birthDate",user.getBirthDate()); + toReturn.put("country",user.getCountry()); + toReturn.put("address",user.getAddress()); + toReturn.put("role",user.getRole()); + + return toReturn; } private boolean isSecretaryOrAdmin(String authorization){ diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java index 79ec04a..55a2f92 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Services/UserService.java @@ -38,7 +38,6 @@ public class UserService { */ public boolean modifyData(User poster, Map updates, User target){ - System.out.printf("%s and %s",poster.getRegNo(),target.getRegNo()); if (poster.getRegNo().equals(target.getRegNo())){ for (Map.Entry entry : updates.entrySet()){ @@ -67,7 +66,7 @@ public class UserService { target.setProfilePictureUrl((String) entry.getValue()); break; case "password": - target.setPassword(encodePassword((String) entry.getValue())); + target.setPassword(passwordEncoder.encode((String) entry.getValue())); break; } } @@ -97,14 +96,11 @@ public class UserService { } public void save(User user){ - user.setPassword(encodePassword(user.getPassword())); + user.setPassword(passwordEncoder.encode(user.getPassword())); userRepo.save(user); } public Iterable getAll(){ return userRepo.findAll(); } - public String encodePassword(String rawPassword){ - return passwordEncoder.encode(rawPassword); - } } \ No newline at end of file