Merge pull request #52 from HideyoshiSolutions/devel

Fixes unhandled authentication error (#51)
2024-05-26 02:02:05 -03:00
parent aecb0f63e3 b602d7dc33
commit 27049f194a
4 changed files with 45 additions and 41 deletions
--- a/src/main/java/br/com/hideyoshi/auth/controller/UserController.java
+++ b/src/main/java/br/com/hideyoshi/auth/controller/UserController.java
@@ -94,35 +94,48 @@ public class UserController {

    @PostMapping("/profile-picture")
    @UserResourceGuard(accessType = UserResourceGuardEnum.USER)
-    public StorageServiceUploadResponse addProfilePicture(
+    public ResponseEntity<StorageServiceUploadResponse> addProfilePicture(
            @RequestParam FileTypeEnum fileType
    ) {
        UserDTO user = this.authService.getLoggedUser();
-        return this.storageService.getNewFileUrl(
+
+
+
+        var newFileOption = this.storageService.getNewFileUrl(
                user.getUsername(),
                "profile",
                fileType
-        ).orElseThrow(() -> new BadRequestException("File not found"));
+        );
+
+        if (newFileOption.isEmpty()) {
+            throw new BadRequestException("Invalid File Type");
+        }
+
+        return ResponseEntity.ok(newFileOption.get());
    }

    @DeleteMapping("/profile-picture")
    @UserResourceGuard(accessType = UserResourceGuardEnum.USER)
-    public void deleteProfilePicture() {
+    public ResponseEntity<Void> deleteProfilePicture() {
        UserDTO user = this.authService.getLoggedUser();
        this.storageService.deleteFile(
                user.getUsername(),
                "profile"
        );
+
+        return new ResponseEntity<>(HttpStatus.NO_CONTENT);
    }

    @PostMapping("/profile-picture/proccess")
    @UserResourceGuard(accessType = UserResourceGuardEnum.USER)
-    public void processProfilePicture() {
+    public ResponseEntity<Void> processProfilePicture() {
        UserDTO user = this.authService.getLoggedUser();
        this.storageService.processFile(
                user.getUsername(),
                "profile"
        );
+
+        return new ResponseEntity<>(HttpStatus.NO_CONTENT);
    }

 }
--- a/src/main/java/br/com/hideyoshi/auth/security/config/SecurityConfig.java
+++ b/src/main/java/br/com/hideyoshi/auth/security/config/SecurityConfig.java
@@ -61,15 +61,31 @@ public class SecurityConfig {
        http.httpBasic().disable()
                .cors().and().csrf().disable();

-        this.addEndpointSecurityToHttp(http);
-        this.addOAuthSecurityToHttp(http);
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);

-        this.configureEndpoints(http);
+        http.exceptionHandling()
+                .authenticationEntryPoint(this::failureHandler);

-        return http.build();
-    }
+        http.formLogin(form -> form
+                .loginProcessingUrl("/user/login")
+                .successHandler(this::successFormHandler)
+                .failureHandler(this::failureHandler)
+        );
+
+        http.oauth2Login(
+                oauth -> oauth
+                        .authorizationEndpoint()
+                        .authorizationRequestRepository(this.oAuthRequestRepository)
+                        .and().successHandler(this::successOAuth2Handler)
+                        .failureHandler(this::failureHandler)
+
+        );
+
+        http.addFilterBefore(
+            new JWTAuthenticationFilter(this.authService),
+            UsernamePasswordAuthenticationFilter.class
+        );

-    private void configureEndpoints(HttpSecurity http) throws Exception {
        for (String endpoint : this.userResourceHandler.getOpenPaths()) {
            http.authorizeRequests().antMatchers(endpoint).permitAll();
        }
@@ -78,30 +94,7 @@ public class SecurityConfig {
            http.authorizeRequests().antMatchers(endpoint).hasAnyAuthority("ROLE_USER", "ROLE_ADMIN");
        }

-        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
-        http.addFilterBefore(
-            new JWTAuthenticationFilter(this.authService),
-            UsernamePasswordAuthenticationFilter.class
-        );
-    }
-
-    private void addEndpointSecurityToHttp(HttpSecurity http) throws Exception {
-        http.formLogin(form -> form
-                .loginProcessingUrl("/user/login")
-                .successHandler(this::successFormHandler)
-                .failureHandler(this::failureHandler)
-        );
-
-        http.authorizeRequests().antMatchers("/login").denyAll();
-    }
-
-    private void addOAuthSecurityToHttp(HttpSecurity http) throws Exception {
-
-        http.oauth2Login()
-                .authorizationEndpoint()
-                .authorizationRequestRepository(this.oAuthRequestRepository)
-                .and().successHandler(this::successOAuth2Handler)
-                .failureHandler(this::failureHandler);
+        return http.build();
    }

    private void successFormHandler(HttpServletRequest request,
--- a/src/main/java/br/com/hideyoshi/auth/security/filter/JWTAuthenticationFilter.java
+++ b/src/main/java/br/com/hideyoshi/auth/security/filter/JWTAuthenticationFilter.java
@@ -1,7 +1,7 @@
 package br.com.hideyoshi.auth.security.filter;

 import br.com.hideyoshi.auth.security.service.AuthService;
-import br.com.hideyoshi.auth.util.exception.AuthenticationInvalidException;
+import br.com.hideyoshi.auth.util.exception.BadRequestException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.OncePerRequestFilter;
@@ -52,7 +52,7 @@ public class JWTAuthenticationFilter extends OncePerRequestFilter {
            String accessToken = authorizationHeader.substring(AUTHORIZATION_TYPE_STRING.length());
            return this.authService.extractAccessTokenInfo(accessToken);
        } else {
-            throw new AuthenticationInvalidException("Access denied");
+            throw new BadRequestException("No authorization header found");
        }
    }
 }
--- a/src/main/java/br/com/hideyoshi/auth/security/service/AuthService.java
+++ b/src/main/java/br/com/hideyoshi/auth/security/service/AuthService.java
@@ -27,7 +27,6 @@ import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Service;

 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import javax.validation.Valid;
 import java.io.IOException;
@@ -130,11 +129,10 @@ public class AuthService {
        JWTVerifier verifier = JWT.require(algorithm).build();
        try {
            return Optional.of(verifier.verify(token));
-        } catch (Exception e) {
-            log.warn("Token verification failed: {}", e.getMessage());
-        }
+        } catch (Exception ignored) {
            return Optional.empty();
        }
+    }

    private UserDTO getUserFromOAuth2User(OAuthDTO oAuth2User) {
        UserDTO user;