From f484fb095e58129cab610caacf287953e7f591c8 Mon Sep 17 00:00:00 2001
From: Bartha Maxime <231026@umons.ac.be>
Date: Mon, 18 Mar 2024 00:14:26 +0100
Subject: [PATCH] added protection for inscription requests

---
 .../EndPoints/InscriptionController.java      | 31 +++----------------
 .../Clyde/EndPoints/LoginController.java      |  9 ++++--
 .../Clyde/EndPoints/UserController.java       |  9 ++++++
 .../Clyde/Services/ProtectionService.java     | 29 +++++++++++++++++
 4 files changed, 50 insertions(+), 28 deletions(-)

diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/InscriptionController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/InscriptionController.java
index 6c71fd3..37312d3 100644
--- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/InscriptionController.java
+++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/InscriptionController.java
@@ -6,6 +6,7 @@ import org.springframework.web.bind.annotation.*;
 import ovh.herisson.Clyde.Responses.UnauthorizedResponse;
 import ovh.herisson.Clyde.Services.AuthenticatorService;
 import ovh.herisson.Clyde.Services.InscriptionService;
+import ovh.herisson.Clyde.Services.ProtectionService;
 import ovh.herisson.Clyde.Tables.InscriptionRequest;
 import ovh.herisson.Clyde.Tables.RequestState;
 import ovh.herisson.Clyde.Tables.Role;
@@ -34,13 +35,8 @@ public class InscriptionController {
             return new UnauthorizedResponse<>(null);
 
         Iterable<InscriptionRequest> inscriptionRequests = inscriptionServ.getAll();
-        ArrayList<Map<String,Object>> toReturn = new ArrayList<>();
 
-        for (InscriptionRequest i:inscriptionRequests){
-            toReturn.add(requestWithoutPassword(i));
-        }
-
-        return new ResponseEntity<>(toReturn, HttpStatus.OK);
+        return new ResponseEntity<>(ProtectionService.requestsWithoutPasswords(inscriptionRequests), HttpStatus.OK);
     }
 
 
@@ -55,38 +51,21 @@ public class InscriptionController {
         if (foundInscriptionRequest == null)
             return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST);
 
-        return new ResponseEntity<>(requestWithoutPassword(foundInscriptionRequest), HttpStatus.OK);
+        return new ResponseEntity<>(ProtectionService.requestWithoutPassword(foundInscriptionRequest), HttpStatus.OK);
     }
 
     @PatchMapping("/request/register/{id}")
     public ResponseEntity<InscriptionRequest> changeRequestState(@PathVariable long id,
                                                                  @RequestHeader("Authorization") String token,
-                                                                 @RequestBody RequestState requestState)
+                                                                 @RequestBody RequestState state)
     {
 
         if (authServ.isNotIn(new Role[]{Role.InscriptionService,Role.Admin},token))
             return new UnauthorizedResponse<>(null);
 
-        if (!inscriptionServ.modifyState(id, requestState))
+        if (!inscriptionServ.modifyState(id, state))
             return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
 
         return new ResponseEntity<>(HttpStatus.OK);
     }
-
-    private Map<String, Object> requestWithoutPassword(InscriptionRequest inscriptionRequest) {
-        Map<String, Object> toReturn = new HashMap<>();
-
-        toReturn.put("id", inscriptionRequest.getId());
-        toReturn.put("lastName", inscriptionRequest.getLastName());
-        toReturn.put("firstName", inscriptionRequest.getFirstName());
-        toReturn.put("address", inscriptionRequest.getAddress());
-        toReturn.put("email",inscriptionRequest.getEmail());
-        toReturn.put("birthDate", inscriptionRequest.getBirthDate());
-        toReturn.put("country", inscriptionRequest.getCountry());
-        toReturn.put("curriculum", inscriptionRequest.getCurriculumId());
-        toReturn.put("state", inscriptionRequest.getState());
-        toReturn.put("profilePictureUrl", inscriptionRequest.getProfilePicture());
-
-        return toReturn;
-    }
 }
diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java
index 9367484..ef3c559 100644
--- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java
+++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/LoginController.java
@@ -7,8 +7,10 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 import ovh.herisson.Clyde.Responses.UnauthorizedResponse;
 import ovh.herisson.Clyde.Services.AuthenticatorService;
+import ovh.herisson.Clyde.Services.ProtectionService;
 import ovh.herisson.Clyde.Tables.InscriptionRequest;
 import java.util.Date;
+import java.util.Map;
 
 @RestController
 @CrossOrigin(originPatterns = "*", allowCredentials = "true")
@@ -45,7 +47,10 @@ public class LoginController {
     }
 
     @PostMapping("/register")
-    public ResponseEntity<InscriptionRequest> register(@RequestBody InscriptionRequest inscriptionRequest){
-        return new ResponseEntity<>(authServ.register(inscriptionRequest), HttpStatus.CREATED);
+    public ResponseEntity<Map<String,Object>> register(@RequestBody InscriptionRequest inscriptionRequest){
+
+        InscriptionRequest returnedInscriptionRequest = authServ.register(inscriptionRequest);
+
+        return new ResponseEntity<>(ProtectionService.requestWithoutPassword(returnedInscriptionRequest), HttpStatus.CREATED);
     }
 }
diff --git a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java
index 4be3443..859bf54 100644
--- a/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java
+++ b/backend/src/main/java/ovh/herisson/Clyde/EndPoints/UserController.java
@@ -121,4 +121,13 @@ public class UserController {
 
         return new ResponseEntity<>(ProtectionService.usersWithoutPasswords(students), HttpStatus.OK);
     }
+
+    @DeleteMapping("/user/{id}")
+    public ResponseEntity<String> deleteStudent(@RequestHeader("Authorization") String token, @PathVariable Long id){
+        if (authServ.isNotIn(new Role[]{Role.Admin,Role.Secretary},token))
+            return new UnauthorizedResponse<>(null);
+
+        userService.delete(userService.getUserById(id));
+        return new ResponseEntity<>(HttpStatus.OK);
+    }
 }
\ No newline at end of file
diff --git a/backend/src/main/java/ovh/herisson/Clyde/Services/ProtectionService.java b/backend/src/main/java/ovh/herisson/Clyde/Services/ProtectionService.java
index 7f2bea8..6c300ba 100644
--- a/backend/src/main/java/ovh/herisson/Clyde/Services/ProtectionService.java
+++ b/backend/src/main/java/ovh/herisson/Clyde/Services/ProtectionService.java
@@ -1,10 +1,12 @@
 package ovh.herisson.Clyde.Services;
 
 import ovh.herisson.Clyde.Tables.Course;
+import ovh.herisson.Clyde.Tables.InscriptionRequest;
 import ovh.herisson.Clyde.Tables.User;
 
 import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.Map;
 
 public class ProtectionService {
 
@@ -61,5 +63,32 @@ public class ProtectionService {
     }
 
 
+    public static Map<String, Object> requestWithoutPassword(InscriptionRequest inscriptionRequest) {
+        Map<String, Object> toReturn = new HashMap<>();
+
+        toReturn.put("id", inscriptionRequest.getId());
+        toReturn.put("lastName", inscriptionRequest.getLastName());
+        toReturn.put("firstName", inscriptionRequest.getFirstName());
+        toReturn.put("address", inscriptionRequest.getAddress());
+        toReturn.put("email",inscriptionRequest.getEmail());
+        toReturn.put("birthDate", inscriptionRequest.getBirthDate());
+        toReturn.put("country", inscriptionRequest.getCountry());
+        toReturn.put("curriculum", inscriptionRequest.getCurriculumId());
+        toReturn.put("state", inscriptionRequest.getState());
+        toReturn.put("profilePictureUrl", inscriptionRequest.getProfilePicture());
+
+        return toReturn;
+    }
+
+    public static Iterable<Map<String ,Object>> requestsWithoutPasswords(Iterable<InscriptionRequest> inscriptionRequests){
+
+        ArrayList<Map<String,Object>> toReturn = new ArrayList<>();
+
+        for (InscriptionRequest i:inscriptionRequests){
+            toReturn.add(requestWithoutPassword(i));
+        }
+        return toReturn;
+    }
+
 }