diff options
| author | realtradam <[email protected]> | 2024-07-13 04:02:13 -0400 |
|---|---|---|
| committer | realtradam <[email protected]> | 2024-07-13 04:02:13 -0400 |
| commit | f0a93e706ac4188d5d754dafc17d389275d5993c (patch) | |
| tree | ab7dd67c9eb399100ffd8ea424766ae5d269b55f /src | |
| parent | ff63bacc647a20c59ce642a4d6b647c3a4290418 (diff) | |
| download | spring-blog-f0a93e706ac4188d5d754dafc17d389275d5993c.tar.gz spring-blog-f0a93e706ac4188d5d754dafc17d389275d5993c.zip | |
everything broke
Diffstat (limited to 'src')
5 files changed, 70 insertions, 5 deletions
diff --git a/src/main/java/com/blog/web/repository/UserRepository.java b/src/main/java/com/blog/web/repository/UserRepository.java index af67f58..c304fc0 100644 --- a/src/main/java/com/blog/web/repository/UserRepository.java +++ b/src/main/java/com/blog/web/repository/UserRepository.java @@ -6,4 +6,6 @@ import org.springframework.data.jpa.repository.JpaRepository; public interface UserRepository extends JpaRepository<UserEntity, Long> { UserEntity findByEmail(String email); UserEntity findByUsername(String username); + + UserEntity findFirstByUsername(String username); } diff --git a/src/main/java/com/blog/web/security/CustomUserDetailsService.java b/src/main/java/com/blog/web/security/CustomUserDetailsService.java new file mode 100644 index 0000000..a7516f3 --- /dev/null +++ b/src/main/java/com/blog/web/security/CustomUserDetailsService.java @@ -0,0 +1,38 @@ +package com.blog.web.security; + +import com.blog.web.models.UserEntity; +import com.blog.web.repository.UserRepository; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.stereotype.Service; + +import java.util.stream.Collectors; + +@Service +public class CustomUserDetailsService implements UserDetailsService { + private UserRepository userRepository; + + public CustomUserDetailsService(UserRepository userRepository) { + this.userRepository = userRepository; + } + + @Override + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + UserEntity user = userRepository.findFirstByUsername(username); + if(user != null) { + User authUser = new User( + user.getEmail(), + user.getPassword(), + user.getRoles().stream().map((role) -> new SimpleGrantedAuthority(role.getName())) + .collect(Collectors.toList()) + ); + return authUser; + } + else { + throw new UsernameNotFoundException("Invalid username or password"); + } + } +} diff --git a/src/main/java/com/blog/web/security/SecurityConfig.java b/src/main/java/com/blog/web/security/SecurityConfig.java index 1471d0f..99da308 100644 --- a/src/main/java/com/blog/web/security/SecurityConfig.java +++ b/src/main/java/com/blog/web/security/SecurityConfig.java @@ -2,9 +2,12 @@ package com.blog.web.security; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @@ -12,6 +15,17 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @EnableWebSecurity @EnableMethodSecurity(securedEnabled = true) public class SecurityConfig { + private CustomUserDetailsService userDetailsService; + + public SecurityConfig(CustomUserDetailsService userDetailsService) { + this.userDetailsService = userDetailsService; + } + + @Bean + public static PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { // disabling csrf leaves us vulnerable, in a real production app do not do this @@ -35,4 +49,8 @@ public class SecurityConfig { .logoutSuccessUrl("/articles")); return http.build(); } + + public void configure(AuthenticationManagerBuilder builder) throws Exception { + builder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); + } } diff --git a/src/main/java/com/blog/web/services/impl/UserServiceImpl.java b/src/main/java/com/blog/web/services/impl/UserServiceImpl.java index 06dbc22..b197af6 100644 --- a/src/main/java/com/blog/web/services/impl/UserServiceImpl.java +++ b/src/main/java/com/blog/web/services/impl/UserServiceImpl.java @@ -6,6 +6,7 @@ import com.blog.web.models.UserEntity; import com.blog.web.repository.RoleRepository; import com.blog.web.repository.UserRepository; import com.blog.web.services.UserService; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Service; import java.util.Arrays; @@ -14,10 +15,15 @@ import java.util.Arrays; public class UserServiceImpl implements UserService { private UserRepository userRepository; private RoleRepository roleRepository; + private PasswordEncoder passwordEncoder; - public UserServiceImpl(UserRepository userRepository, RoleRepository roleRepository) { + public UserServiceImpl( + UserRepository userRepository, + RoleRepository roleRepository, + PasswordEncoder passwordEncoder) { this.userRepository = userRepository; this.roleRepository = roleRepository; + this.passwordEncoder = passwordEncoder; } @Override @@ -27,8 +33,9 @@ public class UserServiceImpl implements UserService { user.setEmail(registrationDto.getEmail()); // this is an unsafe way to store passwords in production // it is left this way only because this is a practice project - user.setPassword(registrationDto.getPassword()); - + //user.setPassword(registrationDto.getPassword()); + user.setPassword(passwordEncoder.encode(registrationDto.getPassword())); + Role role = roleRepository.findByName("User"); user.setRoles(Arrays.asList(role)); userRepository.save(user); diff --git a/src/main/resources/templates/auth/register.html b/src/main/resources/templates/auth/register.html index 4f8fd44..dc57ca4 100644 --- a/src/main/resources/templates/auth/register.html +++ b/src/main/resources/templates/auth/register.html @@ -8,7 +8,7 @@ <div class="flex justify-center bg-white p-12"> <div th:if="${param.fail}" class="text-xl p-4 bg-black text-red-500">Username or Email already exists</div> - <form th:action="@{/register/save}" th:object="${user}" method="post" class="w-full max-w-lg"> + <form th:action="@{/register/save}" th:object="${user}" role="form" method="post" class="w-full max-w-lg"> <div class="flex flex-wrap -mx-3 mb-6"> <div class="w-full md:w-1/2 px-3 mb-6 md:mb-0"> <label class="block uppercase tracking-wide text-gray-700 text-xs font-bold mb-2" @@ -54,7 +54,7 @@ </div> <div class="flex flex-wrap mb-2"> </div> - <button type="submit" class="bg-blue-500 hover:bg-blue-700 text-white font-bold py-2 px-4 rounded">Register</button> + <button th:href="@{/register}" type="submit" class="bg-blue-500 hover:bg-blue-700 text-white font-bold py-2 px-4 rounded">Register</button> </form> </div> |