From 4d05956d1bcb1a9925ae070561ef2ed2630e565b Mon Sep 17 00:00:00 2001
From: Hugo <hugo.cubino@estudiantes.uva.es>
Date: Mon, 25 Nov 2024 13:43:33 +0100
Subject: [PATCH 1/4] El servicio corre, queda comprobar que el filtro funcione
correctamente
---
java/roomBooking/pom.xml | 26 ++++++++++
.../services/auth/AuthController.java | 47 ++++++++++++++++++
.../auth/JwtAuthenticationFilter.java | 48 +++++++++++++++++++
.../monolith/services/auth/LoginRequest.java | 23 +++++++++
.../services/auth/SecurityConfig.java | 32 +++++++++++++
.../users/controllers/UserController.java | 3 ++
.../users/controllers/UserService.java | 37 ++++++++++++++
.../monolith/services/users/models/User.java | 8 +++-
8 files changed, 222 insertions(+), 2 deletions(-)
create mode 100644 java/roomBooking/src/main/java/com/uva/monolith/services/auth/AuthController.java
create mode 100644 java/roomBooking/src/main/java/com/uva/monolith/services/auth/JwtAuthenticationFilter.java
create mode 100644 java/roomBooking/src/main/java/com/uva/monolith/services/auth/LoginRequest.java
create mode 100644 java/roomBooking/src/main/java/com/uva/monolith/services/auth/SecurityConfig.java
create mode 100644 java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserService.java
diff --git a/java/roomBooking/pom.xml b/java/roomBooking/pom.xml
index 476f735..0774735 100644
--- a/java/roomBooking/pom.xml
+++ b/java/roomBooking/pom.xml
@@ -49,6 +49,32 @@
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-security</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>io.jsonwebtoken</groupId>
+ <artifactId>jjwt-api</artifactId>
+ <version>0.11.5</version>
+ </dependency>
+ <dependency>
+ <groupId>io.jsonwebtoken</groupId>
+ <artifactId>jjwt-impl</artifactId>
+ <version>0.11.5</version>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>io.jsonwebtoken</groupId>
+ <artifactId>jjwt-jackson</artifactId>
+ <version>0.11.5</version>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>jakarta.servlet</groupId>
+ <artifactId>jakarta.servlet-api</artifactId>
+ <scope>provided</scope>
+ </dependency>
</dependencies>
<build>
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/auth/AuthController.java b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/AuthController.java
new file mode 100644
index 0000000..c47ba89
--- /dev/null
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/AuthController.java
@@ -0,0 +1,47 @@
+package com.uva.monolith.services.auth;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
+import com.uva.monolith.services.users.controllers.UserService;
+import com.uva.monolith.services.users.models.User;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.Key;
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+@RestController
+@RequestMapping("/api/auth")
+public class AuthController {
+
+ private final String SECRET_KEY = "clave_secreta";
+
+ @Autowired
+ private UserService userService;
+
+ @PostMapping("/login")
+ public Map<String, String> login(@RequestBody LoginRequest loginRequest) {
+ User user = userService.findByEmail(loginRequest.getEmail());
+
+ if (user != null && userService.verifyPassword(loginRequest.getPassword(), user.getPassword())) {
+ String token = Jwts.builder()
+ .setSubject(user.getEmail())
+ .signWith(new SecretKeySpec(SECRET_KEY.getBytes(), SignatureAlgorithm.HS256.getJcaName()))
+ .claim("email", user.getEmail())
+ .setExpiration(new Date(System.currentTimeMillis() + 3600000)) // 1 hora
+ .compact();
+
+ Map<String, String> response = new HashMap<>();
+ response.put("token", token);
+ return response;
+ }
+
+ throw new ResponseStatusException(HttpStatus.FORBIDDEN, "Credenciales inválidas");
+ }
+}
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/auth/JwtAuthenticationFilter.java b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/JwtAuthenticationFilter.java
new file mode 100644
index 0000000..2d33e24
--- /dev/null
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/JwtAuthenticationFilter.java
@@ -0,0 +1,48 @@
+package com.uva.monolith.services.auth;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.Filter;
+import java.io.IOException;
+
+@Component
+public class JwtAuthenticationFilter implements Filter {
+
+ private final String SECRET_KEY = "clave_secreta";
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+ String authHeader = httpRequest.getHeader("Authorization");
+
+ if (authHeader != null && authHeader.startsWith("Bearer ")) {
+ String token = authHeader.substring(7);
+ Claims claims = Jwts.parserBuilder()
+ .setSigningKey(SECRET_KEY.getBytes())
+ .build()
+ .parseClaimsJws(token)
+ .getBody();
+
+ String username = claims.getSubject();
+ if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+ UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
+ username, null, null);
+ authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ }
+ }
+
+ chain.doFilter(request, response);
+ }
+
+}
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/auth/LoginRequest.java b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/LoginRequest.java
new file mode 100644
index 0000000..62f9cb9
--- /dev/null
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/LoginRequest.java
@@ -0,0 +1,23 @@
+package com.uva.monolith.services.auth;
+
+public class LoginRequest {
+
+ private String email;
+ private String password;
+
+ public String getEmail() {
+ return email;
+ }
+
+ public void setEmail(String email) {
+ this.email = email;
+ }
+
+ public String getPassword() {
+ return password;
+ }
+
+ public void setPassword(String password) {
+ this.password = password;
+ }
+}
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/auth/SecurityConfig.java b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/SecurityConfig.java
new file mode 100644
index 0000000..4c4b892
--- /dev/null
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/SecurityConfig.java
@@ -0,0 +1,32 @@
+package com.uva.monolith.services.auth;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+ private final JwtAuthenticationFilter jwtAuthenticationFilter;
+
+ public SecurityConfig(JwtAuthenticationFilter jwtAuthenticationFilter) {
+ this.jwtAuthenticationFilter = jwtAuthenticationFilter;
+ }
+
+ @Bean
+ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+ http.csrf(csrf -> csrf.disable())
+ .authorizeHttpRequests(authorize -> authorize
+ .requestMatchers("/api/auth/login", "/api/auth/register").permitAll() // Rutas públicas
+ .requestMatchers("/api/users/**", "/api/hotels/**", "/api/reservas/**").authenticated() // Protegidas
+ )
+ // Registra el filtro antes del filtro estándar de autenticación
+ .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+ return http.build();
+ }
+}
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserController.java b/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserController.java
index c097ef7..eb71920 100644
--- a/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserController.java
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserController.java
@@ -18,6 +18,7 @@ import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.server.ResponseStatusException;
import com.uva.monolith.services.bookings.models.Booking;
import com.uva.monolith.services.users.models.User;
@@ -128,4 +129,6 @@ public class UserController {
User user = userRepository.findById(id).orElseThrow();
return user.getBookings();
}
+
+
}
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserService.java b/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserService.java
new file mode 100644
index 0000000..136875b
--- /dev/null
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserService.java
@@ -0,0 +1,37 @@
+package com.uva.monolith.services.users.controllers;
+
+import org.springframework.stereotype.Service;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.server.ResponseStatusException;
+
+import com.uva.monolith.services.users.models.User;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import com.uva.monolith.services.users.repositories.UserRepository;
+
+@Service
+public class UserService {
+
+ @Autowired
+ private UserRepository userRepository;
+
+ private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+
+ public boolean verifyPassword(String rawPassword, String encodedPassword) {
+ return passwordEncoder.matches(rawPassword, encodedPassword);
+ }
+
+ public String encodePassword(String password) {
+ return passwordEncoder.encode(password);
+ }
+
+ @GetMapping("/users")
+ public User findByEmail(@RequestParam String email) {
+ return userRepository.findByEmail(email)
+ .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Usuario no encontrado"));
+}
+}
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/User.java b/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/User.java
index 5c1f928..37d2eea 100644
--- a/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/User.java
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/User.java
@@ -3,6 +3,8 @@ package com.uva.monolith.services.users.models;
import java.time.LocalDate;
import java.util.List;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.uva.monolith.services.bookings.models.Booking;
@@ -89,8 +91,9 @@ public class User {
return password;
}
- public void setPassword(String password) {
- this.password = password;
+ public void setPassword(String rawPassword) {
+ BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+ this.password = encoder.encode(rawPassword);
}
public UserRol getRol() {
@@ -120,4 +123,5 @@ public class User {
public void setBookings(List<Booking> bookings) {
this.bookings = bookings;
}
+
}
--
GitLab
From cd57cd2d19f4ee6722ea88253f9398e4b08ac5c7 Mon Sep 17 00:00:00 2001
From: migudel <miguel.moras@estudiantes.uva.es>
Date: Tue, 26 Nov 2024 16:29:28 +0100
Subject: [PATCH 2/4] Ya se comunican y funciona pero falla el hash
---
docker-compose.yml | 24 ++---
java/roomBooking/pom.xml | 2 +-
.../auth/JwtAuthenticationFilter.java | 101 +++++++++++++++---
.../services/auth/SecurityConfig.java | 29 +++--
.../services/hotels/models/Hotel.java | 21 +++-
.../users/controllers/UserController.java | 21 ++--
.../services/users/models/Client.java | 65 +++++++++++
.../services/users/models/HotelManager.java | 38 +++++++
.../monolith/services/users/models/User.java | 60 +++--------
.../services/users/models/UserRol.java | 2 +-
.../users/repositories/ClientRepository.java | 10 ++
.../repositories/HotelManagerRepository.java | 10 ++
java/services/auth/pom.xml | 4 +
.../com/uva/authentication/api/UserAPI.java | 36 ++++++-
.../authentication/config/SecurityConfig.java | 17 +++
.../controllers/AuthController.java | 1 +
.../com/uva/authentication/models/Client.java | 60 +++++++++++
.../authentication/models/HotelManager.java | 40 +++++++
.../com/uva/authentication/models/User.java | 82 ++++++++++++--
.../uva/authentication/models/UserRol.java | 2 +-
.../repositories/ClientRepository.java | 11 ++
.../repositories/HotelManagerRepository.java | 11 ++
.../repositories/UserRepository.java | 9 ++
.../authentication/services/AuthService.java | 58 ++++++++--
.../{jwt => utils}/JwtUtil.java | 4 +-
.../authentication/utils/SecurityUtils.java | 12 +++
26 files changed, 619 insertions(+), 111 deletions(-)
create mode 100644 java/roomBooking/src/main/java/com/uva/monolith/services/users/models/Client.java
create mode 100644 java/roomBooking/src/main/java/com/uva/monolith/services/users/models/HotelManager.java
create mode 100644 java/roomBooking/src/main/java/com/uva/monolith/services/users/repositories/ClientRepository.java
create mode 100644 java/roomBooking/src/main/java/com/uva/monolith/services/users/repositories/HotelManagerRepository.java
create mode 100644 java/services/auth/src/main/java/com/uva/authentication/config/SecurityConfig.java
create mode 100644 java/services/auth/src/main/java/com/uva/authentication/models/Client.java
create mode 100644 java/services/auth/src/main/java/com/uva/authentication/models/HotelManager.java
create mode 100644 java/services/auth/src/main/java/com/uva/authentication/repositories/ClientRepository.java
create mode 100644 java/services/auth/src/main/java/com/uva/authentication/repositories/HotelManagerRepository.java
create mode 100644 java/services/auth/src/main/java/com/uva/authentication/repositories/UserRepository.java
rename java/services/auth/src/main/java/com/uva/authentication/{jwt => utils}/JwtUtil.java (96%)
create mode 100644 java/services/auth/src/main/java/com/uva/authentication/utils/SecurityUtils.java
diff --git a/docker-compose.yml b/docker-compose.yml
index 4048432..85641c2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,7 +8,7 @@ networks:
services:
Auth-API:
image: auth-api-image
- hostname: ${AUTH_SERVICE_HOSTNAME}
+ hostname: $${AUTH_SERVICE_HOSTNAME}
build:
context: ./java/services/auth
dockerfile: Dockerfile
@@ -18,13 +18,13 @@ services:
networks:
- kong-net
environment:
- SPRING_DATASOURCE_URL: jdbc:mysql://${DB_SERVICE_HOSTNAME}:3306/${DB_DATABASE_NAME}?createDatabaseIfNotExist=true
+ SPRING_DATASOURCE_URL: jdbc:mysql://$${DB_SERVICE_HOSTNAME}:3306/$${DB_DATABASE_NAME}?createDatabaseIfNotExist=true
depends_on:
- RoomsBooking-database
Users-API:
image: users-api-image
- hostname: "${USERS_SERVICE_HOSTNAME}"
+ hostname: "$${USERS_SERVICE_HOSTNAME}"
build:
context: ./java/services/users
dockerfile: Dockerfile
@@ -34,13 +34,13 @@ services:
networks:
- kong-net
environment:
- SPRING_DATASOURCE_URL: jdbc:mysql://${DB_SERVICE_HOSTNAME}:3306/${DB_DATABASE_NAME}?createDatabaseIfNotExist=true
+ SPRING_DATASOURCE_URL: jdbc:mysql://$${DB_SERVICE_HOSTNAME}:3306/$${DB_DATABASE_NAME}?createDatabaseIfNotExist=true
depends_on:
- RoomsBooking-database
Hotels-API:
image: hotels-api-image
- hostname: ${HOTELS_SERVICE_HOSTNAME}
+ hostname: $${HOTELS_SERVICE_HOSTNAME}
build:
context: ./java/services/hotels
dockerfile: Dockerfile
@@ -50,16 +50,16 @@ services:
networks:
- kong-net
environment:
- SPRING_DATASOURCE_URL: jdbc:mysql://${DB_SERVICE_HOSTNAME}:3306/${DB_DATABASE_NAME}?createDatabaseIfNotExist=true
- SPRING_DATASOURCE_USER: ${USER_DATABASE}
- SPRING_DATASOURCE_PASSWORD: ${}
+ SPRING_DATASOURCE_URL: jdbc:mysql://$${DB_SERVICE_HOSTNAME}:3306/$${DB_DATABASE_NAME}?createDatabaseIfNotExist=true
+ SPRING_DATASOURCE_USER: $${USER_DATABASE}
+ SPRING_DATASOURCE_PASSWORD: $${}
depends_on:
- RoomsBooking-database
- Bookings-API
Bookings-API:
image: bookings-api-image
- hostname: ${BOOKINGS_SERVICE_HOSTNAME}
+ hostname: $${BOOKINGS_SERVICE_HOSTNAME}
build:
context: ./java/services/bookings
dockerfile: Dockerfile
@@ -69,13 +69,13 @@ services:
networks:
- kong-net
environment:
- SPRING_DATASOURCE_URL: jdbc:mysql://${DB_SERVICE_HOSTNAME}:3306/${DB_DATABASE_NAME}?createDatabaseIfNotExist=true
+ SPRING_DATASOURCE_URL: jdbc:mysql://$${DB_SERVICE_HOSTNAME}:3306/$${DB_DATABASE_NAME}?createDatabaseIfNotExist=true
depends_on:
- RoomsBooking-database
RoomsBooking-database:
image: mysql
- hostname: ${DB_SERVICE_HOSTNAME}
+ hostname: $${DB_SERVICE_HOSTNAME}
cap_add:
- SYS_NICE
restart: unless-stopped
@@ -103,6 +103,6 @@ services:
networks:
- kong-net
environment:
- SPRING_DATASOURCE_URL: jdbc:mysql://${DB_SERVICE_HOSTNAME}:3306/${DB_DATABASE_NAME}?createDatabaseIfNotExist=true
+ SPRING_DATASOURCE_URL: jdbc:mysql://$${DB_SERVICE_HOSTNAME}:3306/$${DB_DATABASE_NAME}?createDatabaseIfNotExist=true
depends_on:
- RoomsBooking-database
diff --git a/java/roomBooking/pom.xml b/java/roomBooking/pom.xml
index 0774735..f6fa75b 100644
--- a/java/roomBooking/pom.xml
+++ b/java/roomBooking/pom.xml
@@ -86,4 +86,4 @@
</plugins>
</build>
-</project>
+</project>
\ No newline at end of file
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/auth/JwtAuthenticationFilter.java b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/JwtAuthenticationFilter.java
index 2d33e24..2313797 100644
--- a/java/roomBooking/src/main/java/com/uva/monolith/services/auth/JwtAuthenticationFilter.java
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/JwtAuthenticationFilter.java
@@ -1,11 +1,22 @@
package com.uva.monolith.services.auth;
+
import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.MalformedJwtException;
+import io.jsonwebtoken.UnsupportedJwtException;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.Keys;
+import io.jsonwebtoken.security.SignatureException;
+
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
+import com.uva.monolith.services.users.models.UserRol;
+
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
@@ -13,33 +24,95 @@ import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.Filter;
import java.io.IOException;
+import java.security.Key;
+import java.util.Collections;
+import java.util.Date;
@Component
public class JwtAuthenticationFilter implements Filter {
- private final String SECRET_KEY = "clave_secreta";
+ private final String SECRET_KEY = "3cfa76ef14937c1c0ea519f8fc057a80fcd04a7420f8e8bcd0a7567c272e007b";
+
+ private Key getSignInKey() {
+ byte[] keyBytes = Decoders.BASE64.decode(SECRET_KEY);
+ return Keys.hmacShaKeyFor(keyBytes);
+ }
+
+ private String getTokenFromRequest(HttpServletRequest request) {
+ String authHeader = request.getHeader("Authorization");
+ if (authHeader == null || !authHeader.startsWith("Bearer "))
+ return null;
+ return authHeader.substring(7);
+ }
+
+ private Claims getClaimsFromToken(String token) {
+ return Jwts.parserBuilder()
+ .setSigningKey(getSignInKey())
+ .build()
+ .parseClaimsJws(token)
+ .getBody();
+ }
+
+ private boolean validateToken(String token) {
+ if (token == null)
+ return false;// no token
+ try {
+ // Verifica y analiza el token
+ Claims claims = getClaimsFromToken(token);
+
+ // Verifica que el token no esté expirado
+ return claims.getExpiration().after(new Date());
+ } catch (ExpiredJwtException e) {
+ System.out.println("Token expirado: " + e.getMessage());
+ } catch (UnsupportedJwtException e) {
+ System.out.println("Token no soportado: " + e.getMessage());
+ } catch (MalformedJwtException e) {
+ System.out.println("Token malformado: " + e.getMessage());
+ } catch (SignatureException e) {
+ System.out.println("Firma inválida: " + e.getMessage());
+ } catch (IllegalArgumentException e) {
+ System.out.println("Token vacío o nulo: " + e.getMessage());
+ }
+ return false; // Si ocurre cualquier excepción, el token es inválido
+
+ }
+
+ private String getEmailFromToken(String token) {
+ return getClaimsFromToken(token).getSubject();
+ }
+
+ private UserRol getRoleFromToken(String token) {
+ String rol = getClaimsFromToken(token).get("rol", String.class);
+ return UserRol.valueOf(rol);
+ }
+
+ public static String getRol(UserRol rol) {
+ return String.format("ROLE_%s", rol.toString());
+ }
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
- String authHeader = httpRequest.getHeader("Authorization");
-
- if (authHeader != null && authHeader.startsWith("Bearer ")) {
- String token = authHeader.substring(7);
- Claims claims = Jwts.parserBuilder()
- .setSigningKey(SECRET_KEY.getBytes())
- .build()
- .parseClaimsJws(token)
- .getBody();
-
- String username = claims.getSubject();
- if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+ String token = getTokenFromRequest(httpRequest);
+
+ if (validateToken(token)) {
+
+ String email = getEmailFromToken(token);
+ UserRol role = getRoleFromToken(token); // Extraer el rol del token
+
+ if (email != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
- username, null, null);
+ email, null, null);
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
+
+ // Agregar el rol como autoridad
+ SimpleGrantedAuthority authority = new SimpleGrantedAuthority(getRol(role));
+ UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(email, null,
+ Collections.singletonList(authority));
+ SecurityContextHolder.getContext().setAuthentication(authentication);
}
chain.doFilter(request, response);
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/auth/SecurityConfig.java b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/SecurityConfig.java
index 4c4b892..3807692 100644
--- a/java/roomBooking/src/main/java/com/uva/monolith/services/auth/SecurityConfig.java
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/SecurityConfig.java
@@ -2,11 +2,14 @@ package com.uva.monolith.services.auth;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import com.uva.monolith.services.users.models.UserRol;
+
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@@ -20,12 +23,26 @@ public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf(csrf -> csrf.disable())
- .authorizeHttpRequests(authorize -> authorize
- .requestMatchers("/api/auth/login", "/api/auth/register").permitAll() // Rutas públicas
- .requestMatchers("/api/users/**", "/api/hotels/**", "/api/reservas/**").authenticated() // Protegidas
- )
- // Registra el filtro antes del filtro estándar de autenticación
- .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+ .authorizeHttpRequests(authorize -> authorize
+ .requestMatchers("/users").access((authentication, context) -> {
+ String method = context.getRequest().getMethod();
+ String email = context.getRequest().getParameter("email");
+ // Permitir POST a /users solo al rol ADMIN
+ boolean register = method.equals("POST") && authentication.get().getAuthorities().stream()
+ .anyMatch(auth -> auth.getAuthority().equals("ROLE_ADMIN"));
+ // Permitir GET a /users con parámetro email solo al rol ADMIN
+ boolean access = method.equals("GET") && email != null && !email.isEmpty() &&
+ authentication.get().getAuthorities().stream()
+ .anyMatch(auth -> auth.getAuthority().equals("ROLE_ADMIN"));
+ return new AuthorizationDecision(register || access);
+ })
+ .requestMatchers("/users/**").hasRole(UserRol.CLIENT.toString())
+ .requestMatchers("/hotels/**", "/booking/**").permitAll() //
+ // .requestMatchers("/users/**", "/hotels/**", "/booking/**").authenticated() //
+ // Protegidas
+ )
+ // Registra el filtro antes del filtro estándar de autenticación
+ .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/hotels/models/Hotel.java b/java/roomBooking/src/main/java/com/uva/monolith/services/hotels/models/Hotel.java
index 7400dfa..0616ff8 100644
--- a/java/roomBooking/src/main/java/com/uva/monolith/services/hotels/models/Hotel.java
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/hotels/models/Hotel.java
@@ -1,14 +1,21 @@
package com.uva.monolith.services.hotels.models;
import java.util.List;
+
+import org.hibernate.annotations.ManyToAny;
+
+import com.uva.monolith.services.users.models.HotelManager;
+
import jakarta.persistence.Basic;
import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
import jakarta.persistence.Entity;
import jakarta.persistence.FetchType;
import jakarta.persistence.GeneratedValue;
import jakarta.persistence.GenerationType;
import jakarta.persistence.Id;
import jakarta.persistence.JoinColumn;
+import jakarta.persistence.ManyToOne;
import jakarta.persistence.OneToMany;
import jakarta.persistence.OneToOne;
import jakarta.persistence.Table;
@@ -34,14 +41,19 @@ public class Hotel {
@OneToMany(mappedBy = "hotel", fetch = FetchType.EAGER, cascade = CascadeType.ALL)
private List<Room> rooms;
+ @ManyToOne(optional = false)
+ @JoinColumn(name = "hotel_manager", referencedColumnName = "id")
+ private HotelManager hotelManager;
+
public Hotel() {
}
- public Hotel(int id, String name, Address address, List<Room> rooms) {
+ public Hotel(int id, String name, Address address, List<Room> rooms, HotelManager hotelManager) {
setId(id);
setName(name);
setAddress(address);
setRooms(rooms);
+ setHotelManager(hotelManager);
}
public int getId() {
@@ -77,4 +89,11 @@ public class Hotel {
rooms.forEach(room -> room.setHotel(this));
}
+ public void setHotelManager(HotelManager hotelManager) {
+ this.hotelManager = hotelManager;
+ }
+
+ public HotelManager getHotelManager() {
+ return hotelManager;
+ }
}
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserController.java b/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserController.java
index eb71920..1669226 100644
--- a/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserController.java
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserController.java
@@ -5,6 +5,7 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Map;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.CrossOrigin;
@@ -21,20 +22,23 @@ import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.server.ResponseStatusException;
import com.uva.monolith.services.bookings.models.Booking;
+import com.uva.monolith.services.users.models.Client;
import com.uva.monolith.services.users.models.User;
import com.uva.monolith.services.users.models.UserRol;
import com.uva.monolith.services.users.models.UserStatus;
+import com.uva.monolith.services.users.repositories.ClientRepository;
import com.uva.monolith.services.users.repositories.UserRepository;
@RestController
@RequestMapping("users")
@CrossOrigin(origins = "*")
public class UserController {
- private final UserRepository userRepository;
- public UserController(UserRepository userRepository) {
- this.userRepository = userRepository;
- }
+ @Autowired
+ private UserRepository userRepository;
+
+ @Autowired
+ private ClientRepository clientRepository;
@GetMapping
public List<User> getAllUsers() {
@@ -52,9 +56,9 @@ public class UserController {
@PostMapping
public User addUser(@RequestBody User user) {
- user.setStatus(UserStatus.NO_BOOKINGS);
+ // user.setStatus(UserStatus.NO_BOOKINGS);
if (user.getRol() == null) // Rol por defecto
- user.setRol(UserRol.CONSUMER);
+ user.setRol(UserRol.CLIENT);
return userRepository.save(user);
}
@@ -77,7 +81,7 @@ public class UserController {
@PatchMapping("/{id}")
public User updateUserState(@PathVariable int id, @RequestBody Map<String, String> json) {
- User target = userRepository.findById(id).orElseThrow();
+ Client target = clientRepository.findById(id).orElseThrow();
String strStatus = json.get("status");
if (strStatus == null) {
// TODO cambiar manejo
@@ -126,9 +130,8 @@ public class UserController {
@GetMapping("/{id}/bookings")
public List<Booking> getUserBookingsById(@PathVariable int id) {
- User user = userRepository.findById(id).orElseThrow();
+ Client user = clientRepository.findById(id).orElseThrow();
return user.getBookings();
}
-
}
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/Client.java b/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/Client.java
new file mode 100644
index 0000000..e106ecd
--- /dev/null
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/Client.java
@@ -0,0 +1,65 @@
+package com.uva.monolith.services.users.models;
+
+import java.time.LocalDate;
+import java.util.ArrayList;
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.uva.monolith.services.bookings.models.Booking;
+
+import jakarta.persistence.Basic;
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.OneToMany;
+import jakarta.persistence.Table;
+
+@Entity
+@Table(name = "user_client")
+public class Client extends User {
+
+ @Basic(optional = false)
+ @Column(nullable = false)
+ @Enumerated(EnumType.STRING)
+ private UserStatus status;
+
+ @JsonIgnore
+ @OneToMany(mappedBy = "userId", fetch = FetchType.EAGER, cascade = CascadeType.ALL)
+ private List<Booking> bookings;
+
+ public Client() {
+ super();
+ bookings = new ArrayList<>();
+ status = UserStatus.NO_BOOKINGS;
+ }
+
+ public Client(int id, String name, String email, String password, UserStatus status,
+ List<Booking> bookings) {
+ super(id, name, email, password, UserRol.CLIENT);
+ setStatus(status);
+ setBookings(bookings);
+ }
+
+ public UserStatus getStatus() {
+ if (getBookings() == null || getBookings().isEmpty())
+ return UserStatus.NO_BOOKINGS;
+ boolean activeBookings = getBookings().stream()
+ .anyMatch(booking -> !booking.getEndDate().isBefore(LocalDate.now())); // reserva >= ahora
+ return activeBookings ? UserStatus.WITH_ACTIVE_BOOKINGS : UserStatus.WITH_INACTIVE_BOOKINGS;
+ }
+
+ public void setStatus(UserStatus status) {
+ this.status = status;
+ }
+
+ public List<Booking> getBookings() {
+ return this.bookings;
+ }
+
+ public void setBookings(List<Booking> bookings) {
+ this.bookings = bookings;
+ }
+}
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/HotelManager.java b/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/HotelManager.java
new file mode 100644
index 0000000..0e6f4b0
--- /dev/null
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/HotelManager.java
@@ -0,0 +1,38 @@
+package com.uva.monolith.services.users.models;
+
+import java.util.ArrayList;
+import java.util.List;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.uva.monolith.services.hotels.models.Hotel;
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.OneToMany;
+import jakarta.persistence.Table;
+
+@Entity
+@Table(name = "hotel_manager_user")
+public class HotelManager extends User {
+
+ @JsonIgnore
+ @OneToMany(mappedBy = "hotelManager", fetch = FetchType.EAGER, cascade = CascadeType.ALL)
+ private List<Hotel> hotels;
+
+ public HotelManager() {
+ super();
+ hotels = new ArrayList<>();
+ }
+
+ public HotelManager(int id, String name, String email, String password, List<Hotel> hotels) {
+ super(id, name, email, password, UserRol.HOTEL_ADMIN);
+ setHotels(hotels);
+ }
+
+ public List<Hotel> getHotels() {
+ return this.hotels;
+ }
+
+ public void setHotels(List<Hotel> hotels) {
+ this.hotels = hotels;
+ }
+}
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/User.java b/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/User.java
index 37d2eea..45decd6 100644
--- a/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/User.java
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/User.java
@@ -1,66 +1,56 @@
package com.uva.monolith.services.users.models;
-import java.time.LocalDate;
-import java.util.List;
-
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-
import com.fasterxml.jackson.annotation.JsonIgnore;
-import com.uva.monolith.services.bookings.models.Booking;
import jakarta.persistence.Basic;
-import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
import jakarta.persistence.Entity;
import jakarta.persistence.EnumType;
import jakarta.persistence.Enumerated;
-import jakarta.persistence.FetchType;
import jakarta.persistence.GeneratedValue;
import jakarta.persistence.GenerationType;
import jakarta.persistence.Id;
-import jakarta.persistence.OneToMany;
+import jakarta.persistence.Inheritance;
+import jakarta.persistence.InheritanceType;
import jakarta.persistence.Table;
@Entity
+@Inheritance(strategy = InheritanceType.JOINED)
@Table(name = "users")
public class User {
- // TODO extraer a dos clases hijas, una por cada tipo
+
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Basic(optional = false)
+ @Column(nullable = false)
private int id;
@Basic(optional = false)
+ @Column(nullable = false)
private String name;
@Basic(optional = false)
+ @Column(nullable = false, unique = true)
private String email;
+ @JsonIgnore
@Basic(optional = false)
+ @Column(nullable = false)
private String password;
@Basic(optional = false)
+ @Column(nullable = false)
@Enumerated(EnumType.STRING)
- private UserRol rol = UserRol.CONSUMER;
-
- @Basic(optional = false)
- @Enumerated(EnumType.STRING)
- private UserStatus status;
-
- @JsonIgnore
- @OneToMany(mappedBy = "userId", fetch = FetchType.EAGER, cascade = CascadeType.ALL)
- private List<Booking> bookings;
+ private UserRol rol = UserRol.CLIENT;
public User() {
}
- public User(int id, String name, String email, String password, UserRol rol, UserStatus status,
- List<Booking> bookings) {
+ public User(int id, String name, String email, String password, UserRol rol) {
setId(id);
setName(name);
setEmail(email);
setRol(rol);
- setStatus(status);
- setBookings(bookings);
}
public int getId() {
@@ -92,8 +82,7 @@ public class User {
}
public void setPassword(String rawPassword) {
- BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
- this.password = encoder.encode(rawPassword);
+ this.password = rawPassword;
}
public UserRol getRol() {
@@ -103,25 +92,4 @@ public class User {
public void setRol(UserRol rol) {
this.rol = rol;
}
-
- public UserStatus getStatus() {
- if (getBookings() == null || getBookings().isEmpty())
- return UserStatus.NO_BOOKINGS;
- boolean activeBookings = getBookings().stream()
- .anyMatch(booking -> !booking.getEndDate().isBefore(LocalDate.now())); // reserva >= ahora
- return activeBookings ? UserStatus.WITH_ACTIVE_BOOKINGS : UserStatus.WITH_INACTIVE_BOOKINGS;
- }
-
- public void setStatus(UserStatus status) {
- this.status = status;
- }
-
- public List<Booking> getBookings() {
- return this.bookings;
- }
-
- public void setBookings(List<Booking> bookings) {
- this.bookings = bookings;
- }
-
}
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/UserRol.java b/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/UserRol.java
index 0abe595..f408ba5 100644
--- a/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/UserRol.java
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/users/models/UserRol.java
@@ -1,5 +1,5 @@
package com.uva.monolith.services.users.models;
public enum UserRol {
- HOTEL_ADMIN, CONSUMER
+ ADMIN, HOTEL_ADMIN, CLIENT
}
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/users/repositories/ClientRepository.java b/java/roomBooking/src/main/java/com/uva/monolith/services/users/repositories/ClientRepository.java
new file mode 100644
index 0000000..1c1b46f
--- /dev/null
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/users/repositories/ClientRepository.java
@@ -0,0 +1,10 @@
+package com.uva.monolith.services.users.repositories;
+
+import java.util.Optional;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import com.uva.monolith.services.users.models.Client;
+
+public interface ClientRepository extends JpaRepository<Client, Integer> {
+ Optional<Client> findByEmail(String email);
+}
\ No newline at end of file
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/users/repositories/HotelManagerRepository.java b/java/roomBooking/src/main/java/com/uva/monolith/services/users/repositories/HotelManagerRepository.java
new file mode 100644
index 0000000..092a251
--- /dev/null
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/users/repositories/HotelManagerRepository.java
@@ -0,0 +1,10 @@
+package com.uva.monolith.services.users.repositories;
+
+import java.util.Optional;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import com.uva.monolith.services.users.models.HotelManager;
+
+public interface HotelManagerRepository extends JpaRepository<HotelManager, Integer> {
+ Optional<HotelManager> findByEmail(String email);
+}
\ No newline at end of file
diff --git a/java/services/auth/pom.xml b/java/services/auth/pom.xml
index 2838a0e..ab9de31 100644
--- a/java/services/auth/pom.xml
+++ b/java/services/auth/pom.xml
@@ -49,6 +49,10 @@
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-security</artifactId>
+ </dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
diff --git a/java/services/auth/src/main/java/com/uva/authentication/api/UserAPI.java b/java/services/auth/src/main/java/com/uva/authentication/api/UserAPI.java
index 03e44c8..fe5bfc6 100644
--- a/java/services/auth/src/main/java/com/uva/authentication/api/UserAPI.java
+++ b/java/services/auth/src/main/java/com/uva/authentication/api/UserAPI.java
@@ -2,6 +2,9 @@ package com.uva.authentication.api;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
@@ -10,6 +13,8 @@ import org.springframework.web.client.RestTemplate;
import com.uva.authentication.models.RegisterRequest;
import com.uva.authentication.models.User;
+import com.uva.authentication.models.UserRol;
+import com.uva.authentication.utils.JwtUtil;
@Component
public class UserAPI {
@@ -20,10 +25,30 @@ public class UserAPI {
@Value("${external.services.users.baseurl}")
private String USER_API_URL;
+ @Autowired
+ private JwtUtil jwtUtil;
+
+ private String token;
+ private final User USER = new User(-1, "admin", null, null, UserRol.ADMIN);
+
+ private String getAccessToken() {
+ if (token == null || token.isEmpty() || jwtUtil.isTokenValid(token, USER)) {
+ token = jwtUtil.generateToken(USER);
+ }
+ return token;
+ }
+
public User getUserByEmail(String email) {
- String url = USER_API_URL + "?email={email}";
+
+ String token = getAccessToken();
+ HttpHeaders headers = new HttpHeaders();
+ headers.set("Authorization", "Bearer " + token);
+ HttpEntity<Void> entity = new HttpEntity<>(headers);
+
+ String url = USER_API_URL + "?email={" + email + "}";
try {
- ResponseEntity<User> userResponse = restTemplate.getForEntity(url, User.class, email);
+ ResponseEntity<User> userResponse = // restTemplate.getForEntity(url, User.class, email, headers);
+ restTemplate.exchange(url, HttpMethod.GET, entity, User.class);
return userResponse.getBody();
} catch (HttpClientErrorException e) {
if (e.getStatusCode() != HttpStatus.NOT_FOUND)
@@ -33,8 +58,13 @@ public class UserAPI {
}
public User registerUser(RegisterRequest registerRequest) {
+
+ String token = getAccessToken();
+ HttpHeaders headers = new HttpHeaders();
+ headers.set("Authorization", "Bearer " + token);
+
String url = USER_API_URL;
- ResponseEntity<User> userResponse = restTemplate.postForEntity(url, registerRequest, User.class);
+ ResponseEntity<User> userResponse = restTemplate.postForEntity(url, registerRequest, User.class, headers);
if (!userResponse.getStatusCode().is2xxSuccessful())
throw new RuntimeException("Failed to register user");
diff --git a/java/services/auth/src/main/java/com/uva/authentication/config/SecurityConfig.java b/java/services/auth/src/main/java/com/uva/authentication/config/SecurityConfig.java
new file mode 100644
index 0000000..99715b0
--- /dev/null
+++ b/java/services/auth/src/main/java/com/uva/authentication/config/SecurityConfig.java
@@ -0,0 +1,17 @@
+package com.uva.authentication.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+public class SecurityConfig {
+
+ @Bean
+ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+ http.csrf(crsf -> crsf.disable())
+ .authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
+ return http.build();
+ }
+}
diff --git a/java/services/auth/src/main/java/com/uva/authentication/controllers/AuthController.java b/java/services/auth/src/main/java/com/uva/authentication/controllers/AuthController.java
index 08ad46a..7cee57e 100644
--- a/java/services/auth/src/main/java/com/uva/authentication/controllers/AuthController.java
+++ b/java/services/auth/src/main/java/com/uva/authentication/controllers/AuthController.java
@@ -42,6 +42,7 @@ public class AuthController {
// return new ResponseEntity<Void>(HttpStatus.FORBIDDEN);
return new ResponseEntity<String>(e.getMessage(), HttpStatus.CONFLICT);
}
+ e.fillInStackTrace();
}
return new ResponseEntity<String>("Algo no fue bien", HttpStatus.UNAUTHORIZED);
diff --git a/java/services/auth/src/main/java/com/uva/authentication/models/Client.java b/java/services/auth/src/main/java/com/uva/authentication/models/Client.java
new file mode 100644
index 0000000..896fe93
--- /dev/null
+++ b/java/services/auth/src/main/java/com/uva/authentication/models/Client.java
@@ -0,0 +1,60 @@
+package com.uva.authentication.models;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import jakarta.persistence.Basic;
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.OneToMany;
+import jakarta.persistence.Table;
+
+@Entity
+@Table(name = "user_client")
+public class Client extends User {
+
+ @Basic(optional = false)
+ @Column(nullable = false)
+ @Enumerated(EnumType.STRING)
+ private UserStatus status;
+
+ // @JsonIgnore
+ // @OneToMany(mappedBy = "userId", fetch = FetchType.EAGER, cascade =
+ // CascadeType.ALL)
+ // private List<?> bookings;
+
+ public Client() {
+ super();
+ // bookings = new ArrayList<>();
+ status = UserStatus.NO_BOOKINGS;
+ }
+
+ public Client(int id, String name, String email, String password, UserStatus status) {
+ // , List<?> bookings) {
+ super(id, name, email, password, UserRol.CLIENT);
+ setStatus(status);
+ // setBookings(bookings);
+ }
+
+ public UserStatus getStatus() {
+ return this.status;
+ }
+
+ public void setStatus(UserStatus status) {
+ this.status = status;
+ }
+
+ // public List<?> getBookings() {
+ // return this.bookings;
+ // }
+
+ // public void setBookings(List<?> bookings) {
+ // this.bookings = bookings;
+ // }
+}
diff --git a/java/services/auth/src/main/java/com/uva/authentication/models/HotelManager.java b/java/services/auth/src/main/java/com/uva/authentication/models/HotelManager.java
new file mode 100644
index 0000000..5cc75cb
--- /dev/null
+++ b/java/services/auth/src/main/java/com/uva/authentication/models/HotelManager.java
@@ -0,0 +1,40 @@
+package com.uva.authentication.models;
+
+import java.util.ArrayList;
+import java.util.List;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.OneToMany;
+import jakarta.persistence.Table;
+
+@Entity
+@Table(name = "hotel_manager_user")
+public class HotelManager extends User {
+
+ // TODO tener en cuenta que esto hay que tener un control adecuado
+ // @JsonIgnore
+ // @OneToMany(mappedBy = "userId", fetch = FetchType.EAGER, cascade =
+ // CascadeType.ALL)
+ // private List<?> hotels;
+
+ public HotelManager() {
+ super();
+ // hotels = new ArrayList<>();
+ }
+
+ public HotelManager(int id, String name, String email, String password) { // , List<?> hotels) {
+ super(id, name, email, password, UserRol.HOTEL_ADMIN);
+ // setHotels(hotels);
+ }
+
+ // public List<?> getHotels() {
+ // return this.hotels;
+ // }
+
+ // public void setHotels(List<?> hotels) {
+ // this.hotels = hotels;
+ // }
+}
diff --git a/java/services/auth/src/main/java/com/uva/authentication/models/User.java b/java/services/auth/src/main/java/com/uva/authentication/models/User.java
index 4a8ceb6..ae4981a 100644
--- a/java/services/auth/src/main/java/com/uva/authentication/models/User.java
+++ b/java/services/auth/src/main/java/com/uva/authentication/models/User.java
@@ -1,12 +1,58 @@
package com.uva.authentication.models;
-public class User extends RegisterRequest {
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import jakarta.persistence.Basic;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Inheritance;
+import jakarta.persistence.InheritanceType;
+import jakarta.persistence.Table;
+
+@Entity
+@Inheritance(strategy = InheritanceType.JOINED)
+@Table(name = "users")
+public class User {
+
+ @Id
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @Basic(optional = false)
+ @Column(nullable = false)
private int id;
- private UserStatus status;
+
+ @Basic(optional = false)
+ @Column(nullable = false)
+ private String name;
+
+ @Basic(optional = false)
+ @Column(nullable = false, unique = true)
+ private String email;
+
+ @JsonIgnore
+ @Basic(optional = false)
+ @Column(nullable = false)
+ private String password;
+
+ @Basic(optional = false)
+ @Column(nullable = false)
+ @Enumerated(EnumType.STRING)
+ private UserRol rol = UserRol.CLIENT;
public User() {
}
+ public User(int id, String name, String email, String password, UserRol rol) {
+ setId(id);
+ setName(name);
+ setEmail(email);
+ setRol(rol);
+ }
+
public int getId() {
return this.id;
}
@@ -15,11 +61,35 @@ public class User extends RegisterRequest {
this.id = id;
}
- public UserStatus getStatus() {
- return this.status;
+ public String getName() {
+ return this.name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getEmail() {
+ return this.email;
+ }
+
+ public void setEmail(String email) {
+ this.email = email;
+ }
+
+ public String getPassword() {
+ return password;
+ }
+
+ public void setPassword(String rawPassword) {
+ this.password = rawPassword;
+ }
+
+ public UserRol getRol() {
+ return this.rol;
}
- public void setStatus(UserStatus status) {
- this.status = status;
+ public void setRol(UserRol rol) {
+ this.rol = rol;
}
}
diff --git a/java/services/auth/src/main/java/com/uva/authentication/models/UserRol.java b/java/services/auth/src/main/java/com/uva/authentication/models/UserRol.java
index 80bc5a0..5944a68 100644
--- a/java/services/auth/src/main/java/com/uva/authentication/models/UserRol.java
+++ b/java/services/auth/src/main/java/com/uva/authentication/models/UserRol.java
@@ -1,5 +1,5 @@
package com.uva.authentication.models;
public enum UserRol {
- HOTEL_ADMIN, CONSUMER
+ ADMIN, HOTEL_ADMIN, CLIENT
}
diff --git a/java/services/auth/src/main/java/com/uva/authentication/repositories/ClientRepository.java b/java/services/auth/src/main/java/com/uva/authentication/repositories/ClientRepository.java
new file mode 100644
index 0000000..11e4c12
--- /dev/null
+++ b/java/services/auth/src/main/java/com/uva/authentication/repositories/ClientRepository.java
@@ -0,0 +1,11 @@
+package com.uva.authentication.repositories;
+
+import java.util.Optional;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import com.uva.authentication.models.Client;
+import com.uva.authentication.models.User;
+
+public interface ClientRepository extends JpaRepository<User, Integer> {
+ Optional<Client> findByEmail(String email);
+}
\ No newline at end of file
diff --git a/java/services/auth/src/main/java/com/uva/authentication/repositories/HotelManagerRepository.java b/java/services/auth/src/main/java/com/uva/authentication/repositories/HotelManagerRepository.java
new file mode 100644
index 0000000..a1e0ba8
--- /dev/null
+++ b/java/services/auth/src/main/java/com/uva/authentication/repositories/HotelManagerRepository.java
@@ -0,0 +1,11 @@
+package com.uva.authentication.repositories;
+
+import java.util.Optional;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import com.uva.authentication.models.HotelManager;
+import com.uva.authentication.models.User;
+
+public interface HotelManagerRepository extends JpaRepository<User, Integer> {
+ Optional<HotelManager> findByEmail(String email);
+}
\ No newline at end of file
diff --git a/java/services/auth/src/main/java/com/uva/authentication/repositories/UserRepository.java b/java/services/auth/src/main/java/com/uva/authentication/repositories/UserRepository.java
new file mode 100644
index 0000000..c0695df
--- /dev/null
+++ b/java/services/auth/src/main/java/com/uva/authentication/repositories/UserRepository.java
@@ -0,0 +1,9 @@
+package com.uva.authentication.repositories;
+
+import java.util.Optional;
+import org.springframework.data.jpa.repository.JpaRepository;
+import com.uva.authentication.models.User;
+
+public interface UserRepository extends JpaRepository<User, Integer> {
+ Optional<User> findByEmail(String email);
+}
\ No newline at end of file
diff --git a/java/services/auth/src/main/java/com/uva/authentication/services/AuthService.java b/java/services/auth/src/main/java/com/uva/authentication/services/AuthService.java
index 872aa3b..a603907 100644
--- a/java/services/auth/src/main/java/com/uva/authentication/services/AuthService.java
+++ b/java/services/auth/src/main/java/com/uva/authentication/services/AuthService.java
@@ -1,17 +1,25 @@
package com.uva.authentication.services;
-import java.util.Objects;
+import java.util.Optional;
+import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Service;
import org.springframework.web.client.HttpClientErrorException;
import com.uva.authentication.api.UserAPI;
-import com.uva.authentication.jwt.JwtUtil;
+import com.uva.authentication.models.Client;
+import com.uva.authentication.models.HotelManager;
import com.uva.authentication.models.LoginRequest;
import com.uva.authentication.models.RegisterRequest;
import com.uva.authentication.models.User;
+import com.uva.authentication.models.UserRol;
+import com.uva.authentication.repositories.ClientRepository;
+import com.uva.authentication.repositories.HotelManagerRepository;
+import com.uva.authentication.repositories.UserRepository;
+import com.uva.authentication.utils.JwtUtil;
+import com.uva.authentication.utils.SecurityUtils;
@Service
public class AuthService {
@@ -22,8 +30,20 @@ public class AuthService {
@Autowired
private UserAPI userAPI;
+ @Autowired
+ private HotelManagerRepository hotelManagerRepository;
+
+ @Autowired
+ private ClientRepository clientRepository;
+
+ @Autowired
+ private UserRepository userRepository;
+
private String hashPass(String password) {
- return String.valueOf(Objects.hashCode(password));
+ // return String.valueOf(Objects.hashCode(password));
+ String hash = SecurityUtils.encrypt(password);
+ System.out.println(password + " --> " + hash);
+ return hash;
}
private boolean authenticateUser(LoginRequest request, User user) {
@@ -31,13 +51,15 @@ public class AuthService {
if (user == null)
return false;
String hashPass = hashPass(request.getPassword());
- System.err.println(request.getPassword() + " -> " + hashPass + " == " +
+ System.err.println("PASSWORD: " + request.getPassword() + "\n" + hashPass + "\n" +
user.getPassword());
return hashPass.equals(user.getPassword());
}
public String login(LoginRequest loginRequest) {
- User user = userAPI.getUserByEmail(loginRequest.getEmail());
+ // User user = userAPI.getUserByEmail(loginRequest.getEmail());
+ User user = userRepository.findByEmail(loginRequest.getEmail())
+ .orElseThrow(() -> new HttpClientErrorException(HttpStatus.FORBIDDEN, "Invalid credentials"));
boolean isAuthenticated = authenticateUser(loginRequest, user);
if (!isAuthenticated) {
@@ -51,13 +73,31 @@ public class AuthService {
}
public User register(RegisterRequest registerRequest) {
- User user = userAPI.getUserByEmail(registerRequest.getEmail());
- if (user != null)
+ // User user = userAPI.getUserByEmail(registerRequest.getEmail());
+ Optional<User> user = userRepository.findByEmail(null);
+ if (user.isPresent())
throw new HttpClientErrorException(HttpStatus.CONFLICT, "Email already in use");
String hashPass = hashPass(registerRequest.getPassword());
- registerRequest.setPassword(hashPass);
- return userAPI.registerUser(registerRequest);
+ // return userAPI.registerUser(registerRequest);
+ User newUser;
+ if (registerRequest.getRol() == UserRol.HOTEL_ADMIN) {
+ HotelManager hm = new HotelManager();
+ hm.setName(registerRequest.getName());
+ hm.setEmail(registerRequest.getEmail());
+ hm.setRol(registerRequest.getRol());
+ hm.setPassword(hashPass);
+ newUser = hotelManagerRepository.save(hm);
+ } else {
+ Client client = new Client();
+ client.setName(registerRequest.getName());
+ client.setEmail(registerRequest.getEmail());
+ client.setRol(UserRol.CLIENT);
+ client.setPassword(hashPass);
+ newUser = clientRepository.save(client);
+ }
+ System.out.println("<--\n" + hashPass + "\n" + newUser.getPassword() + "\n-->");
+ return newUser;
}
}
diff --git a/java/services/auth/src/main/java/com/uva/authentication/jwt/JwtUtil.java b/java/services/auth/src/main/java/com/uva/authentication/utils/JwtUtil.java
similarity index 96%
rename from java/services/auth/src/main/java/com/uva/authentication/jwt/JwtUtil.java
rename to java/services/auth/src/main/java/com/uva/authentication/utils/JwtUtil.java
index 6c59611..2e22fae 100644
--- a/java/services/auth/src/main/java/com/uva/authentication/jwt/JwtUtil.java
+++ b/java/services/auth/src/main/java/com/uva/authentication/utils/JwtUtil.java
@@ -1,4 +1,4 @@
-package com.uva.authentication.jwt;
+package com.uva.authentication.utils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
@@ -41,8 +41,8 @@ public class JwtUtil {
public String generateToken(User user) {
Map<String, Object> extraClaims = new HashMap<>();
- // extraClaims.put("role", user.getRole());
extraClaims.put("email", user.getEmail());
+ extraClaims.put("rol", user.getRol());
extraClaims.put("user", user);
long expiration = jwtExpiration;
diff --git a/java/services/auth/src/main/java/com/uva/authentication/utils/SecurityUtils.java b/java/services/auth/src/main/java/com/uva/authentication/utils/SecurityUtils.java
new file mode 100644
index 0000000..f041c2c
--- /dev/null
+++ b/java/services/auth/src/main/java/com/uva/authentication/utils/SecurityUtils.java
@@ -0,0 +1,12 @@
+package com.uva.authentication.utils;
+
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+public class SecurityUtils {
+
+ private static BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+
+ public static String encrypt(String value) {
+ return encoder.encode(value);
+ }
+}
--
GitLab
From 9ff18f3b528779ed79cd02ee5a8f2f3e0fef04b8 Mon Sep 17 00:00:00 2001
From: Hugo <hugo.cubino@estudiantes.uva.es>
Date: Tue, 26 Nov 2024 18:24:02 +0100
Subject: [PATCH 3/4] =?UTF-8?q?Corregida=20la=20comparaci=C3=B3n=20de=20co?=
=?UTF-8?q?ntrase=C3=B1as?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../java/com/uva/authentication/services/AuthService.java | 3 ++-
.../java/com/uva/authentication/utils/SecurityUtils.java | 6 ++++++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/java/services/auth/src/main/java/com/uva/authentication/services/AuthService.java b/java/services/auth/src/main/java/com/uva/authentication/services/AuthService.java
index a603907..5476bf8 100644
--- a/java/services/auth/src/main/java/com/uva/authentication/services/AuthService.java
+++ b/java/services/auth/src/main/java/com/uva/authentication/services/AuthService.java
@@ -53,7 +53,8 @@ public class AuthService {
String hashPass = hashPass(request.getPassword());
System.err.println("PASSWORD: " + request.getPassword() + "\n" + hashPass + "\n" +
user.getPassword());
- return hashPass.equals(user.getPassword());
+ // return hashPass.equals(user.getPassword());
+ return SecurityUtils.checkPassword(request.getPassword(), user.getPassword());
}
public String login(LoginRequest loginRequest) {
diff --git a/java/services/auth/src/main/java/com/uva/authentication/utils/SecurityUtils.java b/java/services/auth/src/main/java/com/uva/authentication/utils/SecurityUtils.java
index f041c2c..2df069e 100644
--- a/java/services/auth/src/main/java/com/uva/authentication/utils/SecurityUtils.java
+++ b/java/services/auth/src/main/java/com/uva/authentication/utils/SecurityUtils.java
@@ -9,4 +9,10 @@ public class SecurityUtils {
public static String encrypt(String value) {
return encoder.encode(value);
}
+
+ // Método para comparar la contraseña ingresada con el hash almacenado
+ public static boolean checkPassword(String rawPassword, String encodedPassword) {
+ return encoder.matches(rawPassword, encodedPassword); // Comparar la contraseña con el hash
+ }
+
}
--
GitLab
From 5b9cb697ea6bc1a2e72d876ccac8d84116f894a6 Mon Sep 17 00:00:00 2001
From: migudel <miguel.moras@estudiantes.uva.es>
Date: Wed, 27 Nov 2024 18:00:03 +0100
Subject: [PATCH 4/4] Ajustes de acceso
---
.gitignore | 6 ++-
.../services/auth/SecurityConfig.java | 31 +++++++--------
.../users/controllers/UserService.java | 1 -
.../com/uva/authentication/api/UserAPI.java | 5 ++-
.../controllers/AuthController.java | 1 +
.../authentication/services/AuthService.java | 38 +++++++------------
6 files changed, 36 insertions(+), 46 deletions(-)
diff --git a/.gitignore b/.gitignore
index 73cfdb6..b82c94f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,8 @@
taller
*.pdf
**/target/
-**/.vscode
\ No newline at end of file
+**/.vscode
+*.ln
+*.tmp
+**/tmp
+*.log
\ No newline at end of file
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/auth/SecurityConfig.java b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/SecurityConfig.java
index 3807692..e115ffb 100644
--- a/java/roomBooking/src/main/java/com/uva/monolith/services/auth/SecurityConfig.java
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/auth/SecurityConfig.java
@@ -2,7 +2,6 @@ package com.uva.monolith.services.auth;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
@@ -24,23 +23,19 @@ public class SecurityConfig {
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf(csrf -> csrf.disable())
.authorizeHttpRequests(authorize -> authorize
- .requestMatchers("/users").access((authentication, context) -> {
- String method = context.getRequest().getMethod();
- String email = context.getRequest().getParameter("email");
- // Permitir POST a /users solo al rol ADMIN
- boolean register = method.equals("POST") && authentication.get().getAuthorities().stream()
- .anyMatch(auth -> auth.getAuthority().equals("ROLE_ADMIN"));
- // Permitir GET a /users con parámetro email solo al rol ADMIN
- boolean access = method.equals("GET") && email != null && !email.isEmpty() &&
- authentication.get().getAuthorities().stream()
- .anyMatch(auth -> auth.getAuthority().equals("ROLE_ADMIN"));
- return new AuthorizationDecision(register || access);
- })
- .requestMatchers("/users/**").hasRole(UserRol.CLIENT.toString())
- .requestMatchers("/hotels/**", "/booking/**").permitAll() //
- // .requestMatchers("/users/**", "/hotels/**", "/booking/**").authenticated() //
- // Protegidas
- )
+ // Permitir todas las conexiones
+ .requestMatchers("").permitAll()
+ // Acceso restringido a usuarios y administradores
+ .requestMatchers("users", "users/**")
+ .hasAnyRole(UserRol.ADMIN.toString(), UserRol.CLIENT.toString())
+ // Acceso restringido a gestores de hoteles y administradores
+ .requestMatchers("hotels", "hotels/**")
+ .hasAnyRole(UserRol.ADMIN.toString(), UserRol.HOTEL_ADMIN.toString())
+ // Acceso restringido a cualquier usuario del sistema
+ .requestMatchers("bookings", "bookings/**")
+ .hasAnyRole(UserRol.ADMIN.toString(), UserRol.HOTEL_ADMIN.toString(), UserRol.CLIENT.toString())
+ // Rechazar el resto
+ .anyRequest().denyAll())
// Registra el filtro antes del filtro estándar de autenticación
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
diff --git a/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserService.java b/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserService.java
index 136875b..bdaf5ac 100644
--- a/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserService.java
+++ b/java/roomBooking/src/main/java/com/uva/monolith/services/users/controllers/UserService.java
@@ -29,7 +29,6 @@ public class UserService {
return passwordEncoder.encode(password);
}
- @GetMapping("/users")
public User findByEmail(@RequestParam String email) {
return userRepository.findByEmail(email)
.orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Usuario no encontrado"));
diff --git a/java/services/auth/src/main/java/com/uva/authentication/api/UserAPI.java b/java/services/auth/src/main/java/com/uva/authentication/api/UserAPI.java
index fe5bfc6..a2df673 100644
--- a/java/services/auth/src/main/java/com/uva/authentication/api/UserAPI.java
+++ b/java/services/auth/src/main/java/com/uva/authentication/api/UserAPI.java
@@ -1,3 +1,4 @@
+// TODO eliminar si realmente no necesitamos comunicar un servicio con otro
package com.uva.authentication.api;
import org.springframework.beans.factory.annotation.Autowired;
@@ -47,8 +48,8 @@ public class UserAPI {
String url = USER_API_URL + "?email={" + email + "}";
try {
- ResponseEntity<User> userResponse = // restTemplate.getForEntity(url, User.class, email, headers);
- restTemplate.exchange(url, HttpMethod.GET, entity, User.class);
+ ResponseEntity<User> userResponse = restTemplate.getForEntity(url, User.class, email);
+ // restTemplate.exchange(url, HttpMethod.GET, entity, User.class);
return userResponse.getBody();
} catch (HttpClientErrorException e) {
if (e.getStatusCode() != HttpStatus.NOT_FOUND)
diff --git a/java/services/auth/src/main/java/com/uva/authentication/controllers/AuthController.java b/java/services/auth/src/main/java/com/uva/authentication/controllers/AuthController.java
index 7cee57e..b9434db 100644
--- a/java/services/auth/src/main/java/com/uva/authentication/controllers/AuthController.java
+++ b/java/services/auth/src/main/java/com/uva/authentication/controllers/AuthController.java
@@ -9,6 +9,7 @@ import com.uva.authentication.models.*;
import com.uva.authentication.services.AuthService;
@RestController
+@CrossOrigin(origins = "*")
public class AuthController {
@Autowired
diff --git a/java/services/auth/src/main/java/com/uva/authentication/services/AuthService.java b/java/services/auth/src/main/java/com/uva/authentication/services/AuthService.java
index 5476bf8..0ed1999 100644
--- a/java/services/auth/src/main/java/com/uva/authentication/services/AuthService.java
+++ b/java/services/auth/src/main/java/com/uva/authentication/services/AuthService.java
@@ -27,9 +27,6 @@ public class AuthService {
@Autowired
private JwtUtil jwtUtil;
- @Autowired
- private UserAPI userAPI;
-
@Autowired
private HotelManagerRepository hotelManagerRepository;
@@ -37,30 +34,22 @@ public class AuthService {
private ClientRepository clientRepository;
@Autowired
- private UserRepository userRepository;
+ private UserAPI userAPI;
- private String hashPass(String password) {
- // return String.valueOf(Objects.hashCode(password));
- String hash = SecurityUtils.encrypt(password);
- System.out.println(password + " --> " + hash);
- return hash;
- }
+ @Autowired
+ private UserRepository userRepository;
private boolean authenticateUser(LoginRequest request, User user) {
- System.err.println(user);
if (user == null)
return false;
- String hashPass = hashPass(request.getPassword());
- System.err.println("PASSWORD: " + request.getPassword() + "\n" + hashPass + "\n" +
- user.getPassword());
- // return hashPass.equals(user.getPassword());
return SecurityUtils.checkPassword(request.getPassword(), user.getPassword());
}
public String login(LoginRequest loginRequest) {
// User user = userAPI.getUserByEmail(loginRequest.getEmail());
User user = userRepository.findByEmail(loginRequest.getEmail())
- .orElseThrow(() -> new HttpClientErrorException(HttpStatus.FORBIDDEN, "Invalid credentials"));
+ .orElseThrow(() -> new HttpClientErrorException(HttpStatus.FORBIDDEN,
+ "Invalid credentials"));
boolean isAuthenticated = authenticateUser(loginRequest, user);
if (!isAuthenticated) {
@@ -75,29 +64,30 @@ public class AuthService {
public User register(RegisterRequest registerRequest) {
// User user = userAPI.getUserByEmail(registerRequest.getEmail());
- Optional<User> user = userRepository.findByEmail(null);
+ Optional<User> user = userRepository.findByEmail(registerRequest.getEmail());
if (user.isPresent())
throw new HttpClientErrorException(HttpStatus.CONFLICT, "Email already in use");
- String hashPass = hashPass(registerRequest.getPassword());
+ String hashPass = SecurityUtils.encrypt(registerRequest.getPassword());
// return userAPI.registerUser(registerRequest);
User newUser;
if (registerRequest.getRol() == UserRol.HOTEL_ADMIN) {
HotelManager hm = new HotelManager();
- hm.setName(registerRequest.getName());
- hm.setEmail(registerRequest.getEmail());
- hm.setRol(registerRequest.getRol());
+ // hm.setName(registerRequest.getName());
+ // hm.setEmail(registerRequest.getEmail());
+ // hm.setRol(registerRequest.getRol());
+ BeanUtils.copyProperties(registerRequest, hm);
hm.setPassword(hashPass);
newUser = hotelManagerRepository.save(hm);
} else {
Client client = new Client();
- client.setName(registerRequest.getName());
- client.setEmail(registerRequest.getEmail());
+ // client.setName(registerRequest.getName());
+ // client.setEmail(registerRequest.getEmail());
+ BeanUtils.copyProperties(registerRequest, client);
client.setRol(UserRol.CLIENT);
client.setPassword(hashPass);
newUser = clientRepository.save(client);
}
- System.out.println("<--\n" + hashPass + "\n" + newUser.getPassword() + "\n-->");
return newUser;
}
--
GitLab