From cb3b7710b9e32df408b3a38383aca049fa98214e Mon Sep 17 00:00:00 2001
From: Gunther6070 <haydenhartman10@yahoo.com>
Date: Mon, 24 Mar 2025 21:17:33 -0400
Subject: Fixed various bugs and began fixing auth system. Also started
 implementing checkout method in cupboardService

---
 .../ufund/api/ufundapi/service/AuthService.java    | 26 ++++++++++++++--------
 1 file changed, 17 insertions(+), 9 deletions(-)

(limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java')

diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
index 87a16a6..71b8f41 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
@@ -1,11 +1,12 @@
 package com.ufund.api.ufundapi.service;
 
+import java.io.IOException;
+
+import org.springframework.stereotype.Component;
+
 import com.ufund.api.ufundapi.model.User;
 import com.ufund.api.ufundapi.model.UserAuth;
 import com.ufund.api.ufundapi.persistence.UserAuthDAO;
-import org.springframework.stereotype.Component;
-
-import java.io.IOException;
 
 @Component
 public class AuthService {
@@ -30,12 +31,19 @@ public class AuthService {
         if (userAuth == null) {
             throw new IllegalAccessException("Unauthenticated");
         }
-//
-//        var username = userAuth.getUsername();
-//        var userType = userService.getUser(username).getType();
-//        if (!username.equals(targetUsername) && userType != User.UserType.MANAGER) {
-//            throw new IllegalAccessException("Unauthorized");
-//        }
+
+       var username = userAuth.getUsername();
+       var userType = userService.getUser(username).getType();
+       if (!username.equals(targetUsername) && userType != User.UserType.MANAGER) {
+           throw new IllegalAccessException("Unauthorized");
+       }
+    }
+
+    public void authenticate(String key) throws IOException, IllegalAccessException {
+        var userAuth = userAuthDAO.getUserAuth(key);
+        if (userAuth == null) {
+            throw new IllegalAccessException("Unauthenticated");
+        }
     }
 
     /**
-- 
cgit v1.2.3


From c15aa3daab0cf9a640945d4e634d1327fb55d2db Mon Sep 17 00:00:00 2001
From: sowgro <tpoke.ferrari@gmail.com>
Date: Tue, 25 Mar 2025 00:03:45 -0400
Subject: Greatly improve logging and other backend clean up

---
 .../src/main/java/com/ufund/api/ufundapi/service/AuthService.java | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java')

diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
index 71b8f41..4e5ebce 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
@@ -29,20 +29,20 @@ public class AuthService {
     public void authenticate(String targetUsername, String key) throws IllegalAccessException, IOException {
         var userAuth = userAuthDAO.getUserAuth(key);
         if (userAuth == null) {
-            throw new IllegalAccessException("Unauthenticated");
+            throw new IllegalAccessException("Invalid authentication key");
         }
 
        var username = userAuth.getUsername();
        var userType = userService.getUser(username).getType();
        if (!username.equals(targetUsername) && userType != User.UserType.MANAGER) {
-           throw new IllegalAccessException("Unauthorized");
+           throw new IllegalAccessException("Provided key does not grant access to perform the requested operation");
        }
     }
 
     public void authenticate(String key) throws IOException, IllegalAccessException {
         var userAuth = userAuthDAO.getUserAuth(key);
         if (userAuth == null) {
-            throw new IllegalAccessException("Unauthenticated");
+            throw new IllegalAccessException("Invalid authentication key");
         }
     }
 
@@ -58,7 +58,7 @@ public class AuthService {
     public String login(String username, String password) throws IllegalAccessException, IOException {
         var usr = userService.getUser(username);
         if (usr == null || !usr.verifyPassword(password)) {
-            throw new IllegalAccessException("Unauthorized");
+            throw new IllegalAccessException("Incorrect username or password");
         }
         var userAuth = UserAuth.generate(username);
         userAuthDAO.addUserAuth(userAuth);
-- 
cgit v1.2.3


From ab35efb06b926e8a3aee5cfc8d1fa908aa4a4707 Mon Sep 17 00:00:00 2001
From: sowgro <tpoke.ferrari@gmail.com>
Date: Wed, 26 Mar 2025 18:14:47 -0400
Subject: Fix cupboard access checking and logging

---
 .../ufund/api/ufundapi/service/AuthService.java    | 30 ++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

(limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java')

diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
index 4e5ebce..cdce80d 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
@@ -25,8 +25,9 @@ public class AuthService {
      * @param targetUsername The targetUsername of the user trying to be accessed.
      * @param key The api key obtained by the client from logging in.
      * @throws IllegalAccessException Thrown if access was denied to the user.
+     * @throws IOException Thrown on a file writing issue
      */
-    public void authenticate(String targetUsername, String key) throws IllegalAccessException, IOException {
+    public void keyHasAccessToUser(String targetUsername, String key) throws IllegalAccessException, IOException {
         var userAuth = userAuthDAO.getUserAuth(key);
         if (userAuth == null) {
             throw new IllegalAccessException("Invalid authentication key");
@@ -39,11 +40,36 @@ public class AuthService {
        }
     }
 
-    public void authenticate(String key) throws IOException, IllegalAccessException {
+    /**
+     * Check if the provided key is valid
+     * @param key The api key obtained by the client from logging in.
+     * @throws IllegalAccessException Thrown if access was denied to the user.
+     * @throws IOException Thrown on a file writing issue
+     */
+    public void keyIsValid(String key) throws IOException, IllegalAccessException {
+        var userAuth = userAuthDAO.getUserAuth(key);
+        if (userAuth == null) {
+            throw new IllegalAccessException("Invalid authentication key");
+        }
+    }
+
+    /**
+     * Check if the provided key has access to edit the cupboard
+     * @param key The api key obtained by the client from logging in.
+     * @throws IllegalAccessException Thrown if access was denied to the user.
+     * @throws IOException Thrown on a file writing issue
+     */
+    public void keyHasAccessToCupboard(String key) throws IOException, IllegalAccessException {
         var userAuth = userAuthDAO.getUserAuth(key);
         if (userAuth == null) {
             throw new IllegalAccessException("Invalid authentication key");
         }
+
+        var username = userAuth.getUsername();
+        var userType = userService.getUser(username).getType();
+        if (userType != User.UserType.MANAGER) {
+            throw new IllegalAccessException("Provided key does not grant access to perform the requested operation");
+        }
     }
 
     /**
-- 
cgit v1.2.3