tvolkmann/labswp_2019_sose_geocaching
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Implemented JWT

Browse Source
This commit is contained in:
Maximilian Leopold 2019-04-06 16:10:01 +02:00
parent affd0a20f8
commit d8780744a5
2 changed files with 89 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
View File

@ -6,6 +6,7 @@ import hhn.labsw.bugageocaching.entities.*;
import hhn.labsw.bugageocaching.exceptions.IllegalParameterException;
import hhn.labsw.bugageocaching.repositories.*;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
@ -54,7 +55,7 @@ public class Controller {
byte[] key = new byte[64];
@PostConstruct
public void init(){
public void init() {
new SecureRandom().nextBytes(key);
System.out.println(Arrays.toString(key));
}
@ -81,22 +82,23 @@ public class Controller {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
if(BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())){
if (BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())) {
String token = Jwts.builder()
.setSubject(user.getUsername())
.claim("admin", userRepository.findByUsername(user.getUsername()).getRoles().stream().anyMatch(x->x.getId()==0)) //True if user is admin
.claim("admin", userRepository.findByUsername(user.getUsername()).getRoles().stream().anyMatch(x -> x.getId() == 0)) //True if user is admin
.setExpiration(new Date(new Date().getTime() + (1000 * 60 * 60 * 24))) //One day expiration
.signWith(signatureAlgorithm, key).compact();
System.out.println(token);
.signWith(signatureAlgorithm, key)
.compact();
/*System.out.println(token);
Claims claims = Jwts.parser()
Claims claims = Jwts.parser() //Parse JWT
.setSigningKey(key)
.parseClaimsJws(token).getBody();
System.out.println("ID: " + claims.getId());
System.out.println("Subject: " + claims.getSubject());
System.out.println("Issuer: " + claims.getIssuer());
System.out.println("Admin: " + claims.get("admin"));
System.out.println("Expiration: " + claims.getExpiration());
System.out.println("Expiration: " + claims.getExpiration());*/
return ResponseEntity.status(200).body(token);
}
@ -122,35 +124,46 @@ public class Controller {
Bearbeitet bearbeitet = new Bearbeitet();
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
if (user == null) {
return ResponseEntity.status(404).body("User was not found");
}
bearbeitet.setUser(user);
try {
Claims claims = Jwts.parser() //Parse JWT
.setSigningKey(key)
.parseClaimsJws(token).getBody();
Optional<Cache> cacheOptional = cacheRepository.findById(Integer.valueOf(cacheID));
if (cacheOptional.isPresent()) {
Cache cache = cacheOptional.get();
bearbeitet.setCache(cache);
Station startStation = cache.getStartStation();
bearbeitet.setAktuelleStation(startStation);
} else {
return ResponseEntity.status(404).body("Couldnt find Cache " + cacheID);
}
User user = userRepository.findByUsername(claims.getSubject());
if (user == null) {
return ResponseEntity.status(404).body("User was not found");
}
bearbeitet.setUser(user);
Optional<CacheAccesDefinition> cacheAccesDefinitionOptional =
cacheAccesDefinitionRepository.findById(0); // angefangen
if (cacheAccesDefinitionOptional.isPresent()) {
CacheAccesDefinition cacheAccesDefinition = cacheAccesDefinitionOptional.get();
bearbeitet.setCacheAccesDefinition(cacheAccesDefinition);
} else {
return ResponseEntity.status(404).body("There is no cacheAccesDefinition with the ID " + 0);
Optional<Cache> cacheOptional = cacheRepository.findById(Integer.valueOf(cacheID));
if (cacheOptional.isPresent()) {
Cache cache = cacheOptional.get();
bearbeitet.setCache(cache);
Station startStation = cache.getStartStation();
bearbeitet.setAktuelleStation(startStation);
} else {
return ResponseEntity.status(404).body("Couldnt find Cache " + cacheID);
}
bearbeitetRepository.save(bearbeitet);
Optional<CacheAccesDefinition> cacheAccesDefinitionOptional =
cacheAccesDefinitionRepository.findById(0); // angefangen
if (cacheAccesDefinitionOptional.isPresent()) {
CacheAccesDefinition cacheAccesDefinition = cacheAccesDefinitionOptional.get();
bearbeitet.setCacheAccesDefinition(cacheAccesDefinition);
} else {
return ResponseEntity.status(404).body("There is no cacheAccesDefinition with the ID " + 0);
}
return ResponseEntity.status(200).body(new Gson().toJson(bearbeitet));
bearbeitetRepository.save(bearbeitet);
return ResponseEntity.status(200).body(new Gson().toJson(bearbeitet));
} catch (ExpiredJwtException e) {
return ResponseEntity.status(400).body("JWT Token expired");
} catch (Exception e){
return ResponseEntity.status(400).body("JWT Token invalid");
}
} else { // kein angemeldeter User startet den cache(es wird nur der cache als parameter übergeben)
Optional<Cache> cacheOptional = cacheRepository.findById(Integer.valueOf(cacheID));
@ -163,6 +176,7 @@ public class Controller {
}
}
//Eigentlich brauchen wir mit JWT keine Logout Methode mehr.
@CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
@RequestMapping("/api/logout")
@ResponseBody
@ -183,9 +197,9 @@ public class Controller {
@RequestMapping("/api/createStation")
@ResponseBody
public ResponseEntity createStation(@RequestParam String description,
@RequestParam String latitude,
@RequestParam String longitude,
@RequestParam String solution) {
@RequestParam String latitude,
@RequestParam String longitude,
@RequestParam String solution) {
if (description.length() == 0 || latitude.length() == 0 || longitude.length() == 0 || solution.length() == 0) {
return ResponseEntity.status(400).body("At least one Argument was empty");
@ -233,8 +247,21 @@ public class Controller {
@RequestMapping("/api/checkAdmin")
@ResponseBody
public ResponseEntity checkAdmin(@RequestParam String token) {
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
if(user == null){
try {
Claims claims = Jwts.parser() //Parse JWT
.setSigningKey(key)
.parseClaimsJws(token).getBody();
return ResponseEntity.status(200).body(claims.get("admin"));
}catch (ExpiredJwtException e) {
return ResponseEntity.status(400).body("JWT Token expired");
} catch (Exception e){
return ResponseEntity.status(400).body("JWT Token invalid");
}
/*User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
if (user == null) {
return ResponseEntity.status(404).body("User was not found");
}
for (Role role : user.getRoles()) {
@ -242,7 +269,7 @@ public class Controller {
return ResponseEntity.status(200).body("User is Admin");
}
}
return ResponseEntity.status(401).body("User is no Admin");
return ResponseEntity.status(401).body("User is no Admin");*/
}
//Bis hier
@ -257,10 +284,10 @@ public class Controller {
@RequestMapping("/api/createCache")
@ResponseBody
public ResponseEntity createCache(@RequestParam String description,
@RequestParam String name,
@RequestParam String rankingPoints,
@RequestParam(value = "rewardID", defaultValue = "-1") String rewardID,
@RequestParam List<Station> stationen) {
@RequestParam String name,
@RequestParam String rankingPoints,
@RequestParam(value = "rewardID", defaultValue = "-1") String rewardID,
@RequestParam List<Station> stationen) {
if (description.length() == 0 || name.length() == 0 || rankingPoints.length() == 0 || stationen.size() == 0) {
return ResponseEntity.status(400).body("Fields can´t be empty");
@ -340,7 +367,14 @@ public class Controller {
@ResponseBody
public ResponseEntity getMyCaches(@RequestParam String token) {
try {
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
Claims claims = Jwts.parser() //Parse JWT
.setSigningKey(key)
.parseClaimsJws(token).getBody();
User user = userRepository.findByUsername(claims.getSubject());
if (user != null) {
ArrayList<Bearbeitet> bearbeitetList = new ArrayList<>();
@ -353,8 +387,10 @@ public class Controller {
} else {
return ResponseEntity.status(404).body("User was not found in the database");
}
} catch (StringIndexOutOfBoundsException e) {
return ResponseEntity.status(400).body("Invalid token");
} catch (ExpiredJwtException e) {
return ResponseEntity.status(400).body("JWT Token expired");
} catch (Exception e){
return ResponseEntity.status(400).body("JWT Token invalid");
}
}
@ -370,14 +406,21 @@ public class Controller {
@ResponseBody
public ResponseEntity getUser(@RequestParam String token) {
try {
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
Claims claims = Jwts.parser() //Parse JWT
.setSigningKey(key)
.parseClaimsJws(token).getBody();
User user = userRepository.findByUsername(claims.getSubject());
if (user != null) {
return ResponseEntity.status(200).body(new Gson().toJson(user));
} else {
return ResponseEntity.status(404).body("User was not found in the database");
}
} catch (StringIndexOutOfBoundsException e) {
return ResponseEntity.status(400).body("Invalid token");
} catch (ExpiredJwtException e) {
return ResponseEntity.status(400).body("JWT Token expired");
} catch (Exception e){
return ResponseEntity.status(400).body("JWT Token invalid");
}
}
}

11
src/main/java/hhn/labsw/bugageocaching/entities/User.java
View File

@ -26,9 +26,6 @@ public class User {
@ManyToMany
private List<Role> roles;
private String token;
@ManyToOne
private Team team;
@ -108,12 +105,4 @@ public class User {
this.roles = roles;
}
public String getToken() {
return token;
}
public void setToken(String token) {
this.token = token;
}
}