From 99512b425010216ba27e77cdc6c47846796764a1 Mon Sep 17 00:00:00 2001
From: Maximilian Leopold <max.leopold2111@gmail.com>
Date: Sat, 6 Apr 2019 12:29:09 +0200
Subject: [PATCH] Implemented Login with JWT

---
 build.gradle                                  |  5 ++
 .../bugageocaching/controller/Controller.java | 48 +++++++++++++++----
 .../labsw/bugageocaching/entities/Role.java   |  5 ++
 3 files changed, 50 insertions(+), 8 deletions(-)

diff --git a/build.gradle b/build.gradle
index 62a8c2c..94f19e8 100644
--- a/build.gradle
+++ b/build.gradle
@@ -37,6 +37,11 @@ dependencies {
 
     compile group: 'org.springframework.security', name: 'spring-security-core', version: '5.1.4.RELEASE'
 
+    //JWT
+    compile 'io.jsonwebtoken:jjwt-api:0.10.5'
+    runtime 'io.jsonwebtoken:jjwt-impl:0.10.5',
+            'io.jsonwebtoken:jjwt-jackson:0.10.5'
+
 }
 
 node {
diff --git a/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java b/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
index a962339..d57fd8b 100644
--- a/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
+++ b/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
@@ -1,20 +1,27 @@
 package hhn.labsw.bugageocaching.controller;
 
 import com.google.gson.Gson;
+
 import hhn.labsw.bugageocaching.entities.*;
 import hhn.labsw.bugageocaching.exceptions.IllegalParameterException;
 import hhn.labsw.bugageocaching.repositories.*;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.crypto.bcrypt.BCrypt;
 import org.springframework.web.bind.annotation.*;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Optional;
-import java.util.Random;
+import javax.annotation.PostConstruct;
+import javax.xml.bind.DatatypeConverter;
+import java.security.Key;
+import java.security.SecureRandom;
+import java.util.*;
 import java.util.concurrent.atomic.AtomicLong;
+import java.util.logging.Logger;
 
 @RestController
 public class Controller {
@@ -44,6 +51,13 @@ public class Controller {
   StationReihenfolgeRepository stationReihenfolgeRepository;
 
   private AtomicLong counter = new AtomicLong();
+  byte[] key = new byte[64];
+
+  @PostConstruct
+  public void init(){
+    new SecureRandom().nextBytes(key);
+    System.out.println(Arrays.toString(key));
+  }
 
   @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
   @RequestMapping("/api/allCaches")
@@ -65,14 +79,32 @@ public class Controller {
       return ResponseEntity.status(404).body("User was not found");
     }
 
-    if (BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())) {
+    SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
+
+    if(BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())){
+      String token = Jwts.builder().setSubject(user.getUsername()).claim("admin", userRepository.findByUsername(user.getUsername()).getRoles().stream().anyMatch(x->x.getId()==0)).setExpiration(new Date(new Date().getTime() + (1000 * 60 * 60 * 24))).signWith(signatureAlgorithm, key).compact();
+      System.out.println(token);
+
+      Claims claims = Jwts.parser()
+          .setSigningKey(key)
+          .parseClaimsJws(token).getBody();
+      System.out.println("ID: " + claims.getId());
+      System.out.println("Subject: " + claims.getSubject());
+      System.out.println("Issuer: " + claims.getIssuer());
+      System.out.println("Admin: " + claims.get("admin"));
+      System.out.println("Expiration: " + claims.getExpiration());
+
+      return ResponseEntity.status(200).body(token);
+    }
+
+    /*if (BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())) {
       String token = user.getUsername() + BCrypt.hashpw(String.valueOf(System.currentTimeMillis() + counter.incrementAndGet()), BCrypt.gensalt());
       String hashedToken = BCrypt.hashpw(token, BCrypt.gensalt());
       userRepository.findByUsername(user.getUsername()).setToken(hashedToken);
       userRepository.save(userRepository.findByUsername(user.getUsername()));
       //return ResponseEntity.ok(new Gson().toJson(token));
       return ResponseEntity.status(200).body(token);
-    }
+    }*/
     return ResponseEntity.status(400).body("Es ist ein Fehler aufgetreten");
   }
 
@@ -132,14 +164,14 @@ public class Controller {
   @ResponseBody
   public ResponseEntity logout(@RequestParam String token) {
 //    System.out.println("logout");
-    User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
+    /*User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
 //    System.out.println(token);
 //    System.out.println(user.getToken());
     if (user == null || user.getToken().isEmpty()) {
       return ResponseEntity.status(404).body("User was not found");
     }
     user.setToken(null);
-    userRepository.save(user);
+    userRepository.save(user);*/
     return ResponseEntity.status(200).body("Token was deleted");
   }
 
diff --git a/src/main/java/hhn/labsw/bugageocaching/entities/Role.java b/src/main/java/hhn/labsw/bugageocaching/entities/Role.java
index 5019a0b..b5612bc 100644
--- a/src/main/java/hhn/labsw/bugageocaching/entities/Role.java
+++ b/src/main/java/hhn/labsw/bugageocaching/entities/Role.java
@@ -31,4 +31,9 @@ public class Role {
   public void setName(String name) {
     this.name = name;
   }
+
+  @Override
+  public String toString() {
+    return name;
+  }
 }