From c02c47efcb00782feb1461534923023a711d4f15 Mon Sep 17 00:00:00 2001 From: sowgro Date: Sun, 2 Mar 2025 11:22:48 -0500 Subject: First attempt at an authentication system. --- .../api/ufundapi/controller/UserController.java | 64 ++++++++++++++-------- 1 file changed, 40 insertions(+), 24 deletions(-) (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java') diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java index 4e5f156..aa9598d 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java @@ -1,19 +1,14 @@ package com.ufund.api.ufundapi.controller; import java.io.IOException; +import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; +import com.ufund.api.ufundapi.persistence.UserAuthDAO; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.DeleteMapping; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.PutMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; import com.ufund.api.ufundapi.model.User; import com.ufund.api.ufundapi.persistence.UserDAO; @@ -21,30 +16,34 @@ import com.ufund.api.ufundapi.persistence.UserDAO; @RestController @RequestMapping("users") public class UserController { - private static final Logger LOG = Logger.getLogger(CupboardController.class.getName()); + private static final Logger LOG = Logger.getLogger(UserController.class.getName()); private final UserDAO UserDAO; + private final UserAuthDAO userAuthDAO; /** * Create a user controller to receive REST signals * * @param userDAO The Data Access Object */ - public UserController(UserDAO userDAO) { + public UserController(UserDAO userDAO, UserAuthDAO userAuthDAO) { this.UserDAO = userDAO; + this.userAuthDAO = userAuthDAO; } /** * Creates a User with the provided object * - * @param user The user to create * @return OK response and the user if it was successful, INTERNAL_SERVER_ERROR * otherwise */ @PostMapping("") - public ResponseEntity createUser(@RequestBody User user) { + public ResponseEntity createUser(@RequestBody Map params) { + String username = params.get("username"); + String password = params.get("password"); + try { - if (UserDAO.createUser(user) != null) { - return new ResponseEntity<>(user, HttpStatus.CREATED); + if (UserDAO.addUser(User.create(username, password)) != null) { + return new ResponseEntity<>(true, HttpStatus.CREATED); } else { return new ResponseEntity<>(HttpStatus.CONFLICT); } @@ -62,14 +61,19 @@ public class UserController { * ResponseEntity with HTTP status of NOT_FOUND if not found
* ResponseEntity with HTTP status of INTERNAL_SERVER_ERROR otherwise */ - @GetMapping("/{name}") - public ResponseEntity getUser(@PathVariable String name) { - LOG.log(Level.INFO, "GET /user/{0}", name); + @GetMapping("/{username}") + public ResponseEntity getUser(@PathVariable String username, @RequestHeader("jelly-api-key") String key) { + LOG.log(Level.INFO, "GET /user/{0}", username); + + var userAuth = userAuthDAO.getUserAuth(key); + if (userAuth == null || !userAuth.getUsername().equals(username)) { + return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); + } try { - User user = UserDAO.getUser(name); + User user = UserDAO.getUser(username); if (user != null) { - return new ResponseEntity<>(user, HttpStatus.OK); + return new ResponseEntity<>(user.withoutPasswordHash(), HttpStatus.OK); } else { return new ResponseEntity<>(HttpStatus.NOT_FOUND); } @@ -89,7 +93,13 @@ public class UserController { * INTERNAL_SERVER_ERROR if there was an issue */ @PutMapping("/{name}") - public ResponseEntity updateUser(@RequestBody User user, @PathVariable String name) { + public ResponseEntity updateUser(@RequestBody User user, @PathVariable String name, @RequestHeader("jelly-api-key") String key) { + + var userAuth = userAuthDAO.getUserAuth(key); + if (userAuth == null || !userAuth.getUsername().equals(user.getUsername())) { + return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); + } + try { user = UserDAO.updateUser(user, name); if (user != null) { @@ -106,14 +116,20 @@ public class UserController { /** * Deletes a user with the desired name * - * @param name The name of the user + * @param username The name of the user * @return OK if the user was deleted, NOT_FOUND if the user was not found, or * INTERNAL_SERVER_ERROR if an error occurred */ - @DeleteMapping("/{name}") - public ResponseEntity deleteUser(@PathVariable String name) { + @DeleteMapping("/{username}") + public ResponseEntity deleteUser(@PathVariable String username, @RequestHeader("jelly-api-key") String key) { + + var userAuth = userAuthDAO.getUserAuth(key); + if (userAuth == null || !userAuth.getUsername().equals(username)) { + return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); + } + try { - if (UserDAO.deleteUser(name)) { + if (UserDAO.deleteUser(username)) { return new ResponseEntity<>(HttpStatus.OK); } else { return new ResponseEntity<>(HttpStatus.NOT_FOUND); -- cgit v1.2.3 From 42c61d799bb5828949d71dfce6b83dccd3514768 Mon Sep 17 00:00:00 2001 From: Gunther6070 Date: Thu, 6 Mar 2025 17:24:47 -0500 Subject: Migrated user controller methods to user service. Also changed some return types. --- .../api/ufundapi/controller/UserController.java | 65 ++++++++++------------ 1 file changed, 30 insertions(+), 35 deletions(-) (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java') diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java index aa9598d..02526af 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java @@ -5,29 +5,30 @@ import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; -import com.ufund.api.ufundapi.persistence.UserAuthDAO; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import com.ufund.api.ufundapi.model.User; -import com.ufund.api.ufundapi.persistence.UserDAO; +import com.ufund.api.ufundapi.service.AuthService; +import com.ufund.api.ufundapi.service.UserService; @RestController @RequestMapping("users") public class UserController { private static final Logger LOG = Logger.getLogger(UserController.class.getName()); - private final UserDAO UserDAO; - private final UserAuthDAO userAuthDAO; + private final UserService userService; + private final AuthService authService; /** - * Create a user controller to receive REST signals - * - * @param userDAO The Data Access Object + * Creates a UserController + * + * @param userService + * @param authService */ - public UserController(UserDAO userDAO, UserAuthDAO userAuthDAO) { - this.UserDAO = userDAO; - this.userAuthDAO = userAuthDAO; + public UserController(UserService userService, AuthService authService) { + this.userService = userService; + this.authService = authService; } /** @@ -37,13 +38,14 @@ public class UserController { * otherwise */ @PostMapping("") - public ResponseEntity createUser(@RequestBody Map params) { + public ResponseEntity createUser(@RequestBody Map params) { String username = params.get("username"); String password = params.get("password"); try { - if (UserDAO.addUser(User.create(username, password)) != null) { - return new ResponseEntity<>(true, HttpStatus.CREATED); + User user = userService.createUser(username, password); + if (user == null) { + return new ResponseEntity<>(user, HttpStatus.CREATED); } else { return new ResponseEntity<>(HttpStatus.CONFLICT); } @@ -65,19 +67,16 @@ public class UserController { public ResponseEntity getUser(@PathVariable String username, @RequestHeader("jelly-api-key") String key) { LOG.log(Level.INFO, "GET /user/{0}", username); - var userAuth = userAuthDAO.getUserAuth(key); - if (userAuth == null || !userAuth.getUsername().equals(username)) { - return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); - } - try { - User user = UserDAO.getUser(username); + authService.authenticate(username, key); + User user = userService.getUser(username); if (user != null) { return new ResponseEntity<>(user.withoutPasswordHash(), HttpStatus.OK); } else { return new ResponseEntity<>(HttpStatus.NOT_FOUND); } - + } catch (IllegalAccessException ex) { + return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); } catch (IOException e) { LOG.log(Level.SEVERE, e.getLocalizedMessage()); return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); @@ -92,16 +91,12 @@ public class UserController { * @return OK response and the user if it was successful, or * INTERNAL_SERVER_ERROR if there was an issue */ - @PutMapping("/{name}") - public ResponseEntity updateUser(@RequestBody User user, @PathVariable String name, @RequestHeader("jelly-api-key") String key) { - - var userAuth = userAuthDAO.getUserAuth(key); - if (userAuth == null || !userAuth.getUsername().equals(user.getUsername())) { - return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); - } + @PutMapping("/{username}") + public ResponseEntity updateUser(@RequestBody User user, @PathVariable String username, @RequestHeader("jelly-api-key") String key) { try { - user = UserDAO.updateUser(user, name); + authService.authenticate(username, key); + user = userService.updateUser(user, username); if (user != null) { return new ResponseEntity<>(user, HttpStatus.OK); } else { @@ -110,6 +105,8 @@ public class UserController { } catch (IOException e) { return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); + } catch (IllegalAccessException e) { + return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); } } @@ -121,21 +118,19 @@ public class UserController { * INTERNAL_SERVER_ERROR if an error occurred */ @DeleteMapping("/{username}") - public ResponseEntity deleteUser(@PathVariable String username, @RequestHeader("jelly-api-key") String key) { - - var userAuth = userAuthDAO.getUserAuth(key); - if (userAuth == null || !userAuth.getUsername().equals(username)) { - return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); - } + public ResponseEntity deleteUser(@PathVariable String username, @RequestHeader("jelly-api-key") String key) { try { - if (UserDAO.deleteUser(username)) { + authService.authenticate(username, key); + if (userService.deleteUser(username)) { return new ResponseEntity<>(HttpStatus.OK); } else { return new ResponseEntity<>(HttpStatus.NOT_FOUND); } } catch (IOException e) { return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); + } catch (IllegalAccessException e) { + return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); } } -- cgit v1.2.3 From a3fbcd713ae9a6b3f38dcc42a5c4c2f369a5d6f5 Mon Sep 17 00:00:00 2001 From: sowgro Date: Thu, 6 Mar 2025 22:53:36 -0500 Subject: more javadocs and cleanup --- .../com/ufund/api/ufundapi/controller/UserController.java | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java') diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java index 02526af..21cd1b3 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java @@ -5,6 +5,7 @@ import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; +import com.ufund.api.ufundapi.DuplicateKeyException; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; @@ -20,12 +21,6 @@ public class UserController { private final UserService userService; private final AuthService authService; - /** - * Creates a UserController - * - * @param userService - * @param authService - */ public UserController(UserService userService, AuthService authService) { this.userService = userService; this.authService = authService; @@ -49,7 +44,8 @@ public class UserController { } else { return new ResponseEntity<>(HttpStatus.CONFLICT); } - + } catch (DuplicateKeyException ex) { + return new ResponseEntity<>(HttpStatus.CONFLICT); } catch (IOException ex) { return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); } @@ -93,7 +89,6 @@ public class UserController { */ @PutMapping("/{username}") public ResponseEntity updateUser(@RequestBody User user, @PathVariable String username, @RequestHeader("jelly-api-key") String key) { - try { authService.authenticate(username, key); user = userService.updateUser(user, username); -- cgit v1.2.3 From 34903015992ac0cd7719b662af3ceb54a801351c Mon Sep 17 00:00:00 2001 From: sowgro Date: Fri, 7 Mar 2025 00:02:56 -0500 Subject: Finish update methods --- .../main/java/com/ufund/api/ufundapi/controller/UserController.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java') diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java index 21cd1b3..0bb3fcf 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java @@ -1,6 +1,7 @@ package com.ufund.api.ufundapi.controller; import java.io.IOException; +import java.security.InvalidParameterException; import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; @@ -97,7 +98,8 @@ public class UserController { } else { return new ResponseEntity<>(HttpStatus.NOT_FOUND); } - + } catch (InvalidParameterException ex) { + return new ResponseEntity<>(HttpStatus.BAD_REQUEST); } catch (IOException e) { return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); } catch (IllegalAccessException e) { -- cgit v1.2.3 From bae0f05fb971b7ec99f4279743e602a418553e45 Mon Sep 17 00:00:00 2001 From: Gunther6070 Date: Thu, 13 Mar 2025 17:44:26 -0400 Subject: Updated docstrings --- .../api/ufundapi/controller/UserController.java | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java') diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java index 0bb3fcf..795ca13 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java @@ -6,11 +6,19 @@ import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; -import com.ufund.api.ufundapi.DuplicateKeyException; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.DeleteMapping; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestHeader; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; +import com.ufund.api.ufundapi.DuplicateKeyException; import com.ufund.api.ufundapi.model.User; import com.ufund.api.ufundapi.service.AuthService; import com.ufund.api.ufundapi.service.UserService; @@ -29,7 +37,7 @@ public class UserController { /** * Creates a User with the provided object - * + * @param params A map consisting of the parameters for a user * @return OK response and the user if it was successful, INTERNAL_SERVER_ERROR * otherwise */ @@ -55,6 +63,8 @@ public class UserController { /** * Responds to the GET request for a {@linkplain User user} for the given id * + * @param username The name of the user + * @param key The authentication key of the user * @return ResponseEntity with {@link User user} object and HTTP status of OK if * found
* ResponseEntity with HTTP status of NOT_FOUND if not found
@@ -84,7 +94,9 @@ public class UserController { /** * Updates a User with the provided one * - * @param user The user to update + * @param user The user to update + * @param username The name of the user + * @param key The authentication key of the user * @return OK response and the user if it was successful, or * INTERNAL_SERVER_ERROR if there was an issue */ @@ -111,6 +123,7 @@ public class UserController { * Deletes a user with the desired name * * @param username The name of the user + * @param key The authentication key of the user * @return OK if the user was deleted, NOT_FOUND if the user was not found, or * INTERNAL_SERVER_ERROR if an error occurred */ -- cgit v1.2.3 From 4caaeec30f8732658dbe9ad053253d5cb483efca Mon Sep 17 00:00:00 2001 From: Gunther6070 Date: Thu, 13 Mar 2025 20:38:41 -0400 Subject: Updated tests --- .../src/main/java/com/ufund/api/ufundapi/controller/UserController.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java') diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java index 795ca13..adf17a1 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java @@ -48,7 +48,7 @@ public class UserController { try { User user = userService.createUser(username, password); - if (user == null) { + if (user != null) { return new ResponseEntity<>(user, HttpStatus.CREATED); } else { return new ResponseEntity<>(HttpStatus.CONFLICT); -- cgit v1.2.3