From d8780744a52b20334d920111848f51959fee0ca6 Mon Sep 17 00:00:00 2001
From: Maximilian Leopold <max.leopold2111@gmail.com>
Date: Sat, 6 Apr 2019 16:10:01 +0200
Subject: [PATCH] Implemented JWT

---
 .../bugageocaching/controller/Controller.java | 135 ++++++++++++------
 .../labsw/bugageocaching/entities/User.java   |  11 --
 2 files changed, 89 insertions(+), 57 deletions(-)

diff --git a/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java b/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
index ebb9744..6e4bbb1 100644
--- a/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
+++ b/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
@@ -6,6 +6,7 @@ import hhn.labsw.bugageocaching.entities.*;
 import hhn.labsw.bugageocaching.exceptions.IllegalParameterException;
 import hhn.labsw.bugageocaching.repositories.*;
 import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.security.Keys;
@@ -54,7 +55,7 @@ public class Controller {
   byte[] key = new byte[64];
 
   @PostConstruct
-  public void init(){
+  public void init() {
     new SecureRandom().nextBytes(key);
     System.out.println(Arrays.toString(key));
   }
@@ -81,22 +82,23 @@ public class Controller {
 
     SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
 
-    if(BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())){
+    if (BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())) {
       String token = Jwts.builder()
           .setSubject(user.getUsername())
-          .claim("admin", userRepository.findByUsername(user.getUsername()).getRoles().stream().anyMatch(x->x.getId()==0)) //True if user is admin
+          .claim("admin", userRepository.findByUsername(user.getUsername()).getRoles().stream().anyMatch(x -> x.getId() == 0)) //True if user is admin
           .setExpiration(new Date(new Date().getTime() + (1000 * 60 * 60 * 24))) //One day expiration
-          .signWith(signatureAlgorithm, key).compact();
-      System.out.println(token);
+          .signWith(signatureAlgorithm, key)
+          .compact();
+      /*System.out.println(token);
 
-      Claims claims = Jwts.parser()
+      Claims claims = Jwts.parser() //Parse JWT
           .setSigningKey(key)
           .parseClaimsJws(token).getBody();
       System.out.println("ID: " + claims.getId());
       System.out.println("Subject: " + claims.getSubject());
       System.out.println("Issuer: " + claims.getIssuer());
       System.out.println("Admin: " + claims.get("admin"));
-      System.out.println("Expiration: " + claims.getExpiration());
+      System.out.println("Expiration: " + claims.getExpiration());*/
 
       return ResponseEntity.status(200).body(token);
     }
@@ -122,35 +124,46 @@ public class Controller {
 
       Bearbeitet bearbeitet = new Bearbeitet();
 
-      User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
-      if (user == null) {
-        return ResponseEntity.status(404).body("User was not found");
-      }
-      bearbeitet.setUser(user);
+      try {
+        Claims claims = Jwts.parser() //Parse JWT
+            .setSigningKey(key)
+            .parseClaimsJws(token).getBody();
 
-      Optional<Cache> cacheOptional = cacheRepository.findById(Integer.valueOf(cacheID));
-      if (cacheOptional.isPresent()) {
-        Cache cache = cacheOptional.get();
-        bearbeitet.setCache(cache);
 
-        Station startStation = cache.getStartStation();
-        bearbeitet.setAktuelleStation(startStation);
-      } else {
-        return ResponseEntity.status(404).body("Couldnt find Cache " + cacheID);
-      }
+        User user = userRepository.findByUsername(claims.getSubject());
+        if (user == null) {
+          return ResponseEntity.status(404).body("User was not found");
+        }
+        bearbeitet.setUser(user);
 
-      Optional<CacheAccesDefinition> cacheAccesDefinitionOptional =
-          cacheAccesDefinitionRepository.findById(0); // angefangen
-      if (cacheAccesDefinitionOptional.isPresent()) {
-        CacheAccesDefinition cacheAccesDefinition = cacheAccesDefinitionOptional.get();
-        bearbeitet.setCacheAccesDefinition(cacheAccesDefinition);
-      } else {
-        return ResponseEntity.status(404).body("There is no cacheAccesDefinition with the ID " + 0);
+        Optional<Cache> cacheOptional = cacheRepository.findById(Integer.valueOf(cacheID));
+        if (cacheOptional.isPresent()) {
+          Cache cache = cacheOptional.get();
+          bearbeitet.setCache(cache);
+
+          Station startStation = cache.getStartStation();
+          bearbeitet.setAktuelleStation(startStation);
+        } else {
+          return ResponseEntity.status(404).body("Couldnt find Cache " + cacheID);
         }
 
-      bearbeitetRepository.save(bearbeitet);
+        Optional<CacheAccesDefinition> cacheAccesDefinitionOptional =
+            cacheAccesDefinitionRepository.findById(0); // angefangen
+        if (cacheAccesDefinitionOptional.isPresent()) {
+          CacheAccesDefinition cacheAccesDefinition = cacheAccesDefinitionOptional.get();
+          bearbeitet.setCacheAccesDefinition(cacheAccesDefinition);
+        } else {
+          return ResponseEntity.status(404).body("There is no cacheAccesDefinition with the ID " + 0);
+        }
 
-      return ResponseEntity.status(200).body(new Gson().toJson(bearbeitet));
+        bearbeitetRepository.save(bearbeitet);
+
+        return ResponseEntity.status(200).body(new Gson().toJson(bearbeitet));
+      } catch (ExpiredJwtException e) {
+        return ResponseEntity.status(400).body("JWT Token expired");
+      } catch (Exception e){
+        return ResponseEntity.status(400).body("JWT Token invalid");
+      }
 
     } else { // kein angemeldeter User startet den cache(es wird nur der cache als parameter übergeben)
       Optional<Cache> cacheOptional = cacheRepository.findById(Integer.valueOf(cacheID));
@@ -163,6 +176,7 @@ public class Controller {
     }
   }
 
+  //Eigentlich brauchen wir mit JWT keine Logout Methode mehr.
   @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
   @RequestMapping("/api/logout")
   @ResponseBody
@@ -183,9 +197,9 @@ public class Controller {
   @RequestMapping("/api/createStation")
   @ResponseBody
   public ResponseEntity createStation(@RequestParam String description,
-                               @RequestParam String latitude,
-                               @RequestParam String longitude,
-                               @RequestParam String solution) {
+                                      @RequestParam String latitude,
+                                      @RequestParam String longitude,
+                                      @RequestParam String solution) {
 
     if (description.length() == 0 || latitude.length() == 0 || longitude.length() == 0 || solution.length() == 0) {
       return ResponseEntity.status(400).body("At least one Argument was empty");
@@ -233,8 +247,21 @@ public class Controller {
   @RequestMapping("/api/checkAdmin")
   @ResponseBody
   public ResponseEntity checkAdmin(@RequestParam String token) {
-    User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
-    if(user == null){
+
+    try {
+      Claims claims = Jwts.parser() //Parse JWT
+          .setSigningKey(key)
+          .parseClaimsJws(token).getBody();
+
+      return ResponseEntity.status(200).body(claims.get("admin"));
+    }catch (ExpiredJwtException e) {
+      return ResponseEntity.status(400).body("JWT Token expired");
+    } catch (Exception e){
+      return ResponseEntity.status(400).body("JWT Token invalid");
+    }
+
+    /*User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
+    if (user == null) {
       return ResponseEntity.status(404).body("User was not found");
     }
     for (Role role : user.getRoles()) {
@@ -242,7 +269,7 @@ public class Controller {
         return ResponseEntity.status(200).body("User is Admin");
       }
     }
-    return ResponseEntity.status(401).body("User is no Admin");
+    return ResponseEntity.status(401).body("User is no Admin");*/
   }
 
   //Bis hier
@@ -257,10 +284,10 @@ public class Controller {
   @RequestMapping("/api/createCache")
   @ResponseBody
   public ResponseEntity createCache(@RequestParam String description,
-                             @RequestParam String name,
-                             @RequestParam String rankingPoints,
-                             @RequestParam(value = "rewardID", defaultValue = "-1") String rewardID,
-                             @RequestParam List<Station> stationen) {
+                                    @RequestParam String name,
+                                    @RequestParam String rankingPoints,
+                                    @RequestParam(value = "rewardID", defaultValue = "-1") String rewardID,
+                                    @RequestParam List<Station> stationen) {
 
     if (description.length() == 0 || name.length() == 0 || rankingPoints.length() == 0 || stationen.size() == 0) {
       return ResponseEntity.status(400).body("Fields can´t be empty");
@@ -340,7 +367,14 @@ public class Controller {
   @ResponseBody
   public ResponseEntity getMyCaches(@RequestParam String token) {
     try {
-      User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
+
+      Claims claims = Jwts.parser() //Parse JWT
+          .setSigningKey(key)
+          .parseClaimsJws(token).getBody();
+
+
+      User user = userRepository.findByUsername(claims.getSubject());
+
       if (user != null) {
         ArrayList<Bearbeitet> bearbeitetList = new ArrayList<>();
 
@@ -353,8 +387,10 @@ public class Controller {
       } else {
         return ResponseEntity.status(404).body("User was not found in the database");
       }
-    } catch (StringIndexOutOfBoundsException e) {
-      return ResponseEntity.status(400).body("Invalid token");
+    } catch (ExpiredJwtException e) {
+      return ResponseEntity.status(400).body("JWT Token expired");
+    } catch (Exception e){
+      return ResponseEntity.status(400).body("JWT Token invalid");
     }
   }
 
@@ -370,14 +406,21 @@ public class Controller {
   @ResponseBody
   public ResponseEntity getUser(@RequestParam String token) {
     try {
-      User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
+      Claims claims = Jwts.parser() //Parse JWT
+          .setSigningKey(key)
+          .parseClaimsJws(token).getBody();
+
+
+      User user = userRepository.findByUsername(claims.getSubject());
       if (user != null) {
         return ResponseEntity.status(200).body(new Gson().toJson(user));
       } else {
         return ResponseEntity.status(404).body("User was not found in the database");
       }
-    } catch (StringIndexOutOfBoundsException e) {
-      return ResponseEntity.status(400).body("Invalid token");
+    } catch (ExpiredJwtException e) {
+      return ResponseEntity.status(400).body("JWT Token expired");
+    } catch (Exception e){
+      return ResponseEntity.status(400).body("JWT Token invalid");
     }
   }
 }
diff --git a/src/main/java/hhn/labsw/bugageocaching/entities/User.java b/src/main/java/hhn/labsw/bugageocaching/entities/User.java
index ff11f43..0b546f6 100644
--- a/src/main/java/hhn/labsw/bugageocaching/entities/User.java
+++ b/src/main/java/hhn/labsw/bugageocaching/entities/User.java
@@ -26,9 +26,6 @@ public class User {
   @ManyToMany
   private List<Role> roles;
 
-  private String token;
-
-
   @ManyToOne
   private Team team;
 
@@ -108,12 +105,4 @@ public class User {
     this.roles = roles;
   }
 
-  public String getToken() {
-    return token;
-  }
-
-  public void setToken(String token) {
-    this.token = token;
-
-  }
 }