From d3303749f8408e1dcedf400fdc90842b7c624559 Mon Sep 17 00:00:00 2001 From: Bartha Maxime <231026@umons.ac.be> Date: Sat, 9 Mar 2024 19:50:49 +0100 Subject: [PATCH 1/2] fixed some issue for the token authorization --- .../Clyde/EndPoints/MockController.java | 4 --- .../Clyde/EndPoints/TokenController.java | 27 +++++++++++++++++++ .../Clyde/EndPoints/UserController.java | 14 ++++++---- .../Clyde/Repositories/TokenRepository.java | 1 + .../herisson/Clyde/Services/TokenService.java | 13 +++++++-- .../java/ovh/herisson/Clyde/Tables/Token.java | 2 +- 6 files changed, 49 insertions(+), 12 deletions(-) create mode 100644 backend/src/main/java/ovh/herisson/Clyde/EndPoints/TokenController.java diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java index f7825f6..18fea23 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/MockController.java @@ -49,10 +49,6 @@ public class MockController { mockUsers = new ArrayList(Arrays.asList(herobrine,joe,meh,joke)); userRepo.saveAll(mockUsers); - - for (User user: mockUsers){ - tokenRepo.save(new Token(user,user.getPassword())); - } } @DeleteMapping("/mock") diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/TokenController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/TokenController.java new file mode 100644 index 0000000..334ae79 --- /dev/null +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/TokenController.java @@ -0,0 +1,27 @@ +package ovh.herisson.Clyde.EndPoints; + + + +import org.springframework.web.bind.annotation.CrossOrigin; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; +import ovh.herisson.Clyde.Services.TokenService; +import ovh.herisson.Clyde.Tables.Token; + +@RestController +@CrossOrigin(origins = "http://localhost:5173") + +public class TokenController { + + private final TokenService tokenServ; + + public TokenController(TokenService tokenServ){ + this.tokenServ = tokenServ; + } + + + @GetMapping("/tokens") + public Iterable getTokens(){ + return tokenServ.getAllTokens(); + } +} diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java index ba54926..8a9bdbd 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java @@ -23,18 +23,22 @@ public class UserController { } @GetMapping("/user") - public ResponseEntity getUser(@RequestHeader("Authorization") String token){ - User user = authServ.getUserFromToken(token); - if (user == null) { - return new UnauthorizedResponse<>(null); + public ResponseEntity getUser(@RequestHeader("Cookie") String cookie){ + String[] tokens = cookie.split("=",2); + if (! tokens[0].equals("session_token") || tokens[1].length() != 64) + { + return new UnauthorizedResponse<>(null); } + System.out.println(tokens[1]); + User user = authServ.getUserFromToken(tokens[1]); + if (user == null) return new UnauthorizedResponse<>(null); return new ResponseEntity<>(user, HttpStatus.OK); } @PostMapping("/user") public ResponseEntity postUser(@RequestBody User user){ userService.save(user); - return new ResponseEntity(String.format("Account created with ID:%s",user.getRegNo()),HttpStatus.CREATED); + return new ResponseEntity<>(String.format("Account created with ID:%s",user.getRegNo()),HttpStatus.CREATED); } @GetMapping("/users") diff --git a/backend/src/main/java/ovh/herisson/Clyde/Repositories/TokenRepository.java b/backend/src/main/java/ovh/herisson/Clyde/Repositories/TokenRepository.java index d375e7a..6a4e47a 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Repositories/TokenRepository.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Repositories/TokenRepository.java @@ -9,4 +9,5 @@ public interface TokenRepository extends CrudRepository { Token getByToken(String token); Iterable getByUser(User user); + } diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java index a82951d..125dbde 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Services/TokenService.java @@ -20,12 +20,19 @@ public class TokenService { this.tokenRepo = tokenRepo; } + public Iterable getAllTokens() { + return tokenRepo.findAll(); + } + public String generateNewToken(){ byte[] bytes = new byte[64]; new SecureRandom().nextBytes(bytes); for (int i = 0; i < bytes.length; i++) { bytes[i] = (byte) (((bytes[i]+256)%256 %95+ 32)); + while ((char)bytes[i] == ';'){ + bytes[i] = new SecureRandom().generateSeed(1)[0]; + } } // will never end up in the catch because of the way that SecureRandom.nextBytes is implemented try { @@ -35,8 +42,10 @@ public class TokenService { } } - public User getUserFromToken(String token){ - return tokenRepo.getByToken(token).getUser(); + public User getUserFromToken(String token) { + Token tokenRep = tokenRepo.getByToken(token); + if (tokenRep == null) return null; + return tokenRep.getUser(); } public void saveToken(String token, User user, Date expirationDate){// todo faire qlq chose de l'expDate diff --git a/backend/src/main/java/ovh/herisson/Clyde/Tables/Token.java b/backend/src/main/java/ovh/herisson/Clyde/Tables/Token.java index 5b61cb9..848f836 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/Tables/Token.java +++ b/backend/src/main/java/ovh/herisson/Clyde/Tables/Token.java @@ -8,7 +8,7 @@ public class Token { @Id private int id; - @ManyToOne(fetch = FetchType.LAZY) + @ManyToOne(fetch = FetchType.EAGER) @JoinColumn(name ="Users") private User user; private String token; -- 2.46.0 From 1ad67edabb6b55c9198bc3a764fb5bf7877898ad Mon Sep 17 00:00:00 2001 From: Bartha Maxime <231026@umons.ac.be> Date: Sun, 10 Mar 2024 10:44:14 +0100 Subject: [PATCH 2/2] cookie -> authorization --- .../herisson/Clyde/EndPoints/TokenController.java | 1 - .../ovh/herisson/Clyde/EndPoints/UserController.java | 12 ++++-------- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/TokenController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/TokenController.java index 334ae79..793e61b 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/TokenController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/TokenController.java @@ -10,7 +10,6 @@ import ovh.herisson.Clyde.Tables.Token; @RestController @CrossOrigin(origins = "http://localhost:5173") - public class TokenController { private final TokenService tokenServ; diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java index 8a9bdbd..8de166e 100644 --- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java +++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java @@ -23,14 +23,10 @@ public class UserController { } @GetMapping("/user") - public ResponseEntity getUser(@RequestHeader("Cookie") String cookie){ - String[] tokens = cookie.split("=",2); - if (! tokens[0].equals("session_token") || tokens[1].length() != 64) - { - return new UnauthorizedResponse<>(null); - } - System.out.println(tokens[1]); - User user = authServ.getUserFromToken(tokens[1]); + public ResponseEntity getUser(@RequestHeader("Cookie") String authorization){ + + if (authorization == null) return new UnauthorizedResponse<>(null); + User user = authServ.getUserFromToken(authorization); if (user == null) return new UnauthorizedResponse<>(null); return new ResponseEntity<>(user, HttpStatus.OK); } -- 2.46.0