Merge pull request #17 from RIT-SWEN-261-02/api-cleanup

Merge api-cleanup into main
author: Tyler Ferrari <69283684+Sowgro@users.noreply.github.com> 2025-03-27 18:50:33 -0400
committer: GitHub <noreply@github.com> 2025-03-27 18:50:33 -0400
commit: ddbd1cc688aa98fb275ad72a750fbaaf53e6c0ae (patch)
tree: 0a0f9669fb0f7cf2f2816b798269e50a8b26f125 /ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
parent: 35d7c971ed47718d4dc5738edb09d62cd780dac4 (diff)
parent: 4f5e9e9ecda282a98af5d70bd6cf0540973c7314 (diff)
download: JellySolutions-ddbd1cc688aa98fb275ad72a750fbaaf53e6c0ae.tar.gz
JellySolutions-ddbd1cc688aa98fb275ad72a750fbaaf53e6c0ae.tar.bz2
JellySolutions-ddbd1cc688aa98fb275ad72a750fbaaf53e6c0ae.zip
1 files changed, 46 insertions, 12 deletions
diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
index 87a16a6..cdce80d 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
@@ -1,11 +1,12 @@
 package com.ufund.api.ufundapi.service;
 
+import java.io.IOException;
+
+import org.springframework.stereotype.Component;
+
 import com.ufund.api.ufundapi.model.User;
 import com.ufund.api.ufundapi.model.UserAuth;
 import com.ufund.api.ufundapi.persistence.UserAuthDAO;
-import org.springframework.stereotype.Component;
-
-import java.io.IOException;
 
 @Component
 public class AuthService {
@@ -24,18 +25,51 @@ public class AuthService {
      * @param targetUsername The targetUsername of the user trying to be accessed.
      * @param key The api key obtained by the client from logging in.
      * @throws IllegalAccessException Thrown if access was denied to the user.
+     * @throws IOException Thrown on a file writing issue
+     */
+    public void keyHasAccessToUser(String targetUsername, String key) throws IllegalAccessException, IOException {
+        var userAuth = userAuthDAO.getUserAuth(key);
+        if (userAuth == null) {
+            throw new IllegalAccessException("Invalid authentication key");
+        }
+
+       var username = userAuth.getUsername();
+       var userType = userService.getUser(username).getType();
+       if (!username.equals(targetUsername) && userType != User.UserType.MANAGER) {
+           throw new IllegalAccessException("Provided key does not grant access to perform the requested operation");
+       }
+    }
+
+    /**
+     * Check if the provided key is valid
+     * @param key The api key obtained by the client from logging in.
+     * @throws IllegalAccessException Thrown if access was denied to the user.
+     * @throws IOException Thrown on a file writing issue
+     */
+    public void keyIsValid(String key) throws IOException, IllegalAccessException {
+        var userAuth = userAuthDAO.getUserAuth(key);
+        if (userAuth == null) {
+            throw new IllegalAccessException("Invalid authentication key");
+        }
+    }
+
+    /**
+     * Check if the provided key has access to edit the cupboard
+     * @param key The api key obtained by the client from logging in.
+     * @throws IllegalAccessException Thrown if access was denied to the user.
+     * @throws IOException Thrown on a file writing issue
      */
-    public void authenticate(String targetUsername, String key) throws IllegalAccessException, IOException {
+    public void keyHasAccessToCupboard(String key) throws IOException, IllegalAccessException {
         var userAuth = userAuthDAO.getUserAuth(key);
         if (userAuth == null) {
-            throw new IllegalAccessException("Unauthenticated");
+            throw new IllegalAccessException("Invalid authentication key");
+        }
+
+        var username = userAuth.getUsername();
+        var userType = userService.getUser(username).getType();
+        if (userType != User.UserType.MANAGER) {
+            throw new IllegalAccessException("Provided key does not grant access to perform the requested operation");
         }
-//
-//        var username = userAuth.getUsername();
-//        var userType = userService.getUser(username).getType();
-//        if (!username.equals(targetUsername) && userType != User.UserType.MANAGER) {
-//            throw new IllegalAccessException("Unauthorized");
-//        }
     }
 
     /**
@@ -50,7 +84,7 @@ public class AuthService {
     public String login(String username, String password) throws IllegalAccessException, IOException {
         var usr = userService.getUser(username);
         if (usr == null || !usr.verifyPassword(password)) {
-            throw new IllegalAccessException("Unauthorized");
+            throw new IllegalAccessException("Incorrect username or password");
         }
         var userAuth = UserAuth.generate(username);
         userAuthDAO.addUserAuth(userAuth);
author	Tyler Ferrari <69283684+Sowgro@users.noreply.github.com>	2025-03-27 18:50:33 -0400
committer	GitHub <noreply@github.com>	2025-03-27 18:50:33 -0400
commit	ddbd1cc688aa98fb275ad72a750fbaaf53e6c0ae (patch)
tree	0a0f9669fb0f7cf2f2816b798269e50a8b26f125 /ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
parent	35d7c971ed47718d4dc5738edb09d62cd780dac4 (diff)
parent	4f5e9e9ecda282a98af5d70bd6cf0540973c7314 (diff)
download	JellySolutions-ddbd1cc688aa98fb275ad72a750fbaaf53e6c0ae.tar.gz JellySolutions-ddbd1cc688aa98fb275ad72a750fbaaf53e6c0ae.tar.bz2 JellySolutions-ddbd1cc688aa98fb275ad72a750fbaaf53e6c0ae.zip