nclazz
/
codebuilder-project
2
0
Fork 0
Code Issues 28 Pull Requests Projects 1 Releases Wiki Activity

#5 added authentications resource authorization

master
Niclas Thobaben 2021-10-18 15:19:41 +02:00 committed by Niclas Thobaben
parent 345252cefd
commit 51ff31d992
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
codebuilder-service/src/main/java/de/nclazz/apps/codebuilder/resources/authentications/AuthenticationsController.java
View File

@ -1,5 +1,7 @@
package de.nclazz.apps.codebuilder.resources.authentications;
import de.nclazz.apps.codebuilder.resources.users.UserEntity;
import de.nclazz.apps.codebuilder.resources.users.UsersService;
import de.nclazz.apps.codebuilder.security.AuthenticatedUser;
import de.nclazz.apps.codebuilder.security.UserAuthenticationService;
import de.nclazz.codebuilder.v0.models.*;
@ -27,6 +29,7 @@ public class AuthenticationsController {
private final ModelMapper mapper;
private final UserAuthenticationService userAuthenticationService;
private final AuthenticationsService authenticationsService;
private final UsersService usersService;
@PostMapping("login")
public String login(@RequestBody AuthenticationForm form) {
@ -36,7 +39,11 @@ public class AuthenticationsController {
@PostMapping("password")
public void requestPasswordReset(@RequestBody PasswordResetRequest request) {
//TODO
if(!this.usersService.emailExists(request.getEmail())) {
return;
}
this.usersService.findByNameOrEmail(request.getEmail())
.ifPresent(this.authenticationsService::requestPasswordReset);
}
@PreAuthorize("hasRole('admin') or @webSecurity.isSameUser(authentication, #guid)")

9
codebuilder-service/src/main/java/de/nclazz/apps/codebuilder/resources/authentications/AuthenticationsService.java
View File

@ -11,6 +11,8 @@ import org.springframework.context.ApplicationEventPublisher;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.time.LocalDateTime;
import java.util.*;
import java.util.function.Function;
@ -21,6 +23,8 @@ import java.util.function.Predicate;
@RequiredArgsConstructor
public class AuthenticationsService {
private static final Random RANDOM = new SecureRandom();
private final UsersService usersService;
private final AuthenticationsRepository authenticationsRepository;
private final PasswordEncoder passwordEncoder;
@ -42,6 +46,11 @@ public class AuthenticationsService {
.map(savePassword(userGuid, newPassword));
}
public Optional<AuthenticationEntity> requestPasswordReset(UserEntity user) {
String token = new BigInteger(128, RANDOM).toString(16);
return addAuthentication(user, AuthenticationType.PASSWORD_RESET_TOKEN, token);
}
private Function<AuthenticationEntity, AuthenticationEntity> savePassword(UUID userGuid, String password) {
return authentication -> {
authentication.setType(AuthenticationType.PASSWORD);