diff --git a/build.gradle b/build.gradle index 5724707..62a8c2c 100644 --- a/build.gradle +++ b/build.gradle @@ -34,6 +34,9 @@ dependencies { //JSON Parser implementation 'com.google.code.gson:gson:2.8.5' + + compile group: 'org.springframework.security', name: 'spring-security-core', version: '5.1.4.RELEASE' + } node { diff --git a/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java b/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java index 241b764..273dd02 100644 --- a/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java +++ b/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java @@ -5,9 +5,14 @@ import hhn.labsw.bugageocaching.entities.*; import hhn.labsw.bugageocaching.exceptions.IllegalParameterException; import hhn.labsw.bugageocaching.repositories.*; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.security.crypto.bcrypt.BCrypt; import org.springframework.web.bind.annotation.*; +import java.time.Clock; import java.util.Optional; +import java.util.concurrent.atomic.AtomicLong; @RestController public class Controller { @@ -33,12 +38,35 @@ public class Controller { @Autowired UserRepository userRepository; + private AtomicLong counter = new AtomicLong(); + @RequestMapping("/api/allCaches") @ResponseBody public String getAllCaches() { return new Gson().toJson(cacheRepository.findAll()); } + @RequestMapping("/api/login") + @ResponseBody + public ResponseEntity login(@RequestParam(value = "username", defaultValue = "") String username, + @RequestParam(value = "password", defaultValue = "") String password){ + if(username == "" || password == ""){ + return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(null); + } + if(userRepository.findByUsername(username) == null){ + return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(null); + } + + if(BCrypt.checkpw(password, userRepository.findByUsername(username).getPassword())){ + String token = BCrypt.hashpw(String.valueOf(System.currentTimeMillis() + counter.incrementAndGet()), BCrypt.gensalt()); + String hashedToken = BCrypt.hashpw(token, BCrypt.gensalt()); + userRepository.findByUsername(username).setToken(hashedToken); + userRepository.save(userRepository.findByUsername(username)); + return ResponseEntity.ok(new Gson().toJson(token)); + } + return ResponseEntity.status(HttpStatus.BAD_GATEWAY).body(null); + } + @RequestMapping("/api/startCache") public @ResponseBody String startCache(@RequestParam(value = "userID", defaultValue = "-1") String userID, @@ -61,7 +89,7 @@ public class Controller { Cache cache = cacheOptional.get(); bearbeitet.setCache(cache); } else { - throw new IllegalParameterException( "There is no cache with the ID " + cacheID); + throw new IllegalParameterException("There is no cache with the ID " + cacheID); } Optional cacheAccesDefinitionOptional = @@ -83,7 +111,7 @@ public class Controller { Cache cache = cacheOptional.get(); return new Gson().toJson(cache); } else { - throw new IllegalParameterException( "There is no cache with the ID " + cacheID); + throw new IllegalParameterException("There is no cache with the ID " + cacheID); } } } diff --git a/src/main/java/hhn/labsw/bugageocaching/entities/Role.java b/src/main/java/hhn/labsw/bugageocaching/entities/Role.java new file mode 100644 index 0000000..5019a0b --- /dev/null +++ b/src/main/java/hhn/labsw/bugageocaching/entities/Role.java @@ -0,0 +1,34 @@ +package hhn.labsw.bugageocaching.entities; + +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.Id; + +@Entity +public class Role { + + @Id + @GeneratedValue + private int id; + private String name; + + public Role() { + + } + + public int getId() { + return id; + } + + public void setId(int id) { + this.id = id; + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } +} diff --git a/src/main/java/hhn/labsw/bugageocaching/entities/User.java b/src/main/java/hhn/labsw/bugageocaching/entities/User.java index eb0e75d..ffbed7d 100644 --- a/src/main/java/hhn/labsw/bugageocaching/entities/User.java +++ b/src/main/java/hhn/labsw/bugageocaching/entities/User.java @@ -1,6 +1,7 @@ package hhn.labsw.bugageocaching.entities; import javax.persistence.*; +import java.util.List; @Entity @Table @@ -14,10 +15,13 @@ public class User { private String lastname; private String username; private int rankingPointsSum; - private String discriminator; //should be Admin or Cacher private String email; private String password; - private String salt; + + @ManyToMany + private List roles; + + private String token; @ManyToOne private Team team; @@ -62,14 +66,6 @@ public class User { this.rankingPointsSum = rankingPointsSum; } - public String getDiscriminator() { - return discriminator; - } - - public void setDiscriminator(String discriminator) { - this.discriminator = discriminator; - } - public String getEmail() { return email; } @@ -86,14 +82,6 @@ public class User { this.password = password; } - public String getSalt() { - return salt; - } - - public void setSalt(String salt) { - this.salt = salt; - } - public Team getTeam() { return team; } @@ -101,4 +89,20 @@ public class User { public void setTeam(Team team) { this.team = team; } + + public List getRoles() { + return roles; + } + + public void setRoles(List roles) { + this.roles = roles; + } + + public String getToken() { + return token; + } + + public void setToken(String token) { + this.token = token; + } } diff --git a/src/main/java/hhn/labsw/bugageocaching/repositories/UserRepository.java b/src/main/java/hhn/labsw/bugageocaching/repositories/UserRepository.java index f899608..2434da1 100644 --- a/src/main/java/hhn/labsw/bugageocaching/repositories/UserRepository.java +++ b/src/main/java/hhn/labsw/bugageocaching/repositories/UserRepository.java @@ -4,4 +4,5 @@ import hhn.labsw.bugageocaching.entities.User; import org.springframework.data.repository.CrudRepository; public interface UserRepository extends CrudRepository { + User findByUsername(String username); }