From cb3b7710b9e32df408b3a38383aca049fa98214e Mon Sep 17 00:00:00 2001 From: Gunther6070 Date: Mon, 24 Mar 2025 21:17:33 -0400 Subject: Fixed various bugs and began fixing auth system. Also started implementing checkout method in cupboardService --- .../ufund/api/ufundapi/service/AuthService.java | 26 ++++++++++++++-------- .../api/ufundapi/service/CupboardService.java | 22 +++++++++++++++++- .../ufund/api/ufundapi/service/UserService.java | 6 ++++- 3 files changed, 43 insertions(+), 11 deletions(-) (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/service') diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java index 87a16a6..71b8f41 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java @@ -1,11 +1,12 @@ package com.ufund.api.ufundapi.service; +import java.io.IOException; + +import org.springframework.stereotype.Component; + import com.ufund.api.ufundapi.model.User; import com.ufund.api.ufundapi.model.UserAuth; import com.ufund.api.ufundapi.persistence.UserAuthDAO; -import org.springframework.stereotype.Component; - -import java.io.IOException; @Component public class AuthService { @@ -30,12 +31,19 @@ public class AuthService { if (userAuth == null) { throw new IllegalAccessException("Unauthenticated"); } -// -// var username = userAuth.getUsername(); -// var userType = userService.getUser(username).getType(); -// if (!username.equals(targetUsername) && userType != User.UserType.MANAGER) { -// throw new IllegalAccessException("Unauthorized"); -// } + + var username = userAuth.getUsername(); + var userType = userService.getUser(username).getType(); + if (!username.equals(targetUsername) && userType != User.UserType.MANAGER) { + throw new IllegalAccessException("Unauthorized"); + } + } + + public void authenticate(String key) throws IOException, IllegalAccessException { + var userAuth = userAuthDAO.getUserAuth(key); + if (userAuth == null) { + throw new IllegalAccessException("Unauthenticated"); + } } /** diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java index 2398745..8713882 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java @@ -3,6 +3,7 @@ package com.ufund.api.ufundapi.service; import java.io.IOException; import java.util.Arrays; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; import com.ufund.api.ufundapi.DuplicateKeyException; @@ -13,8 +14,10 @@ import com.ufund.api.ufundapi.persistence.CupboardDAO; public class CupboardService { private final CupboardDAO cupboardDAO; + final AuthService authService; - public CupboardService(CupboardDAO cupboardDAO) { + public CupboardService(@Lazy AuthService authService, CupboardDAO cupboardDAO) { + this.authService = authService; this.cupboardDAO = cupboardDAO; } @@ -96,6 +99,23 @@ public class CupboardService { return cupboardDAO.updateNeed(need); } + /** + * Checks out a need with the desired amount + * + * @param id The ID of the need to update + * @param checkoutAmount The amount to update the need by + * @throws IOException + * @throws IllegalAccessException + */ + public void checkoutNeed(int id, double checkoutAmount, String key) throws IOException, IllegalAccessException { + if (checkoutAmount <= 0) { + throw new IllegalArgumentException("Amount must be greather than 0"); + } + authService.authenticate(key); + Need need = cupboardDAO.getNeed(id); + need.incrementCurrent(checkoutAmount); + } + /** * Delete a need from the cupboard * diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/UserService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/UserService.java index caf9f4c..aaa2f06 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/UserService.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/UserService.java @@ -2,6 +2,7 @@ package com.ufund.api.ufundapi.service; import java.io.IOException; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; import com.ufund.api.ufundapi.DuplicateKeyException; @@ -12,7 +13,7 @@ import com.ufund.api.ufundapi.persistence.UserDAO; public class UserService { private final UserDAO userDAO; - private final CupboardService cupboardService; + final CupboardService cupboardService; public UserService(UserDAO userDao, CupboardService cupboardService) { this.userDAO = userDao; @@ -44,6 +45,9 @@ public class UserService { */ public User getUser(String username) throws IOException { User user = userDAO.getUser(username); + if (user == null) { + return null; + } for (int needId : user.getNeeds()) { if (cupboardService.getNeed(needId) == null) { user.removeBasketNeed(needId); -- cgit v1.2.3 From c15aa3daab0cf9a640945d4e634d1327fb55d2db Mon Sep 17 00:00:00 2001 From: sowgro Date: Tue, 25 Mar 2025 00:03:45 -0400 Subject: Greatly improve logging and other backend clean up --- .../src/main/java/com/ufund/api/ufundapi/service/AuthService.java | 8 ++++---- .../main/java/com/ufund/api/ufundapi/service/CupboardService.java | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/service') diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java index 71b8f41..4e5ebce 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java @@ -29,20 +29,20 @@ public class AuthService { public void authenticate(String targetUsername, String key) throws IllegalAccessException, IOException { var userAuth = userAuthDAO.getUserAuth(key); if (userAuth == null) { - throw new IllegalAccessException("Unauthenticated"); + throw new IllegalAccessException("Invalid authentication key"); } var username = userAuth.getUsername(); var userType = userService.getUser(username).getType(); if (!username.equals(targetUsername) && userType != User.UserType.MANAGER) { - throw new IllegalAccessException("Unauthorized"); + throw new IllegalAccessException("Provided key does not grant access to perform the requested operation"); } } public void authenticate(String key) throws IOException, IllegalAccessException { var userAuth = userAuthDAO.getUserAuth(key); if (userAuth == null) { - throw new IllegalAccessException("Unauthenticated"); + throw new IllegalAccessException("Invalid authentication key"); } } @@ -58,7 +58,7 @@ public class AuthService { public String login(String username, String password) throws IllegalAccessException, IOException { var usr = userService.getUser(username); if (usr == null || !usr.verifyPassword(password)) { - throw new IllegalAccessException("Unauthorized"); + throw new IllegalAccessException("Incorrect username or password"); } var userAuth = UserAuth.generate(username); userAuthDAO.addUserAuth(userAuth); diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java index 8713882..91e3ba5 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java @@ -104,12 +104,12 @@ public class CupboardService { * * @param id The ID of the need to update * @param checkoutAmount The amount to update the need by - * @throws IOException - * @throws IllegalAccessException + * @throws IOException If there is an error reading the file + * @throws IllegalAccessException If the user has insufficient permission */ public void checkoutNeed(int id, double checkoutAmount, String key) throws IOException, IllegalAccessException { if (checkoutAmount <= 0) { - throw new IllegalArgumentException("Amount must be greather than 0"); + throw new IllegalArgumentException("Amount must be greater than 0"); } authService.authenticate(key); Need need = cupboardDAO.getNeed(id); -- cgit v1.2.3 From d31c1aec7f615646553a227c8e235d4ae2679c68 Mon Sep 17 00:00:00 2001 From: Gunther6070 Date: Tue, 25 Mar 2025 08:20:31 -0400 Subject: Rename user getNeeds to getBasket --- .../src/main/java/com/ufund/api/ufundapi/service/UserService.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/service') diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/UserService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/UserService.java index aaa2f06..51283fc 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/UserService.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/UserService.java @@ -48,7 +48,7 @@ public class UserService { if (user == null) { return null; } - for (int needId : user.getNeeds()) { + for (int needId : user.getBasket()) { if (cupboardService.getNeed(needId) == null) { user.removeBasketNeed(needId); } @@ -59,7 +59,7 @@ public class UserService { /** * Updates a user * - * @param user The ID of the user to update + * @param user The ID of the user to update * @param username The user object to set (note: the ID is ignored) * @return The updated user object * @throws IOException Thrown if there was any issue saving the data @@ -81,5 +81,5 @@ public class UserService { public boolean deleteUser(String username) throws IOException { return userDAO.deleteUser(username); } - + } -- cgit v1.2.3 From 5f03e80712f7a18370b5118fde5327bde1b6fbbf Mon Sep 17 00:00:00 2001 From: sowgro Date: Tue, 25 Mar 2025 10:17:55 -0400 Subject: Fix tests and more cleanup --- ufund-api/src/main/java/com/ufund/api/ufundapi/service/UserService.java | 1 - 1 file changed, 1 deletion(-) (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/service') diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/UserService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/UserService.java index 51283fc..6e27f50 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/UserService.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/UserService.java @@ -2,7 +2,6 @@ package com.ufund.api.ufundapi.service; import java.io.IOException; -import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; import com.ufund.api.ufundapi.DuplicateKeyException; -- cgit v1.2.3 From ab35efb06b926e8a3aee5cfc8d1fa908aa4a4707 Mon Sep 17 00:00:00 2001 From: sowgro Date: Wed, 26 Mar 2025 18:14:47 -0400 Subject: Fix cupboard access checking and logging --- .../ufund/api/ufundapi/service/AuthService.java | 30 ++++++++++++++++++++-- .../api/ufundapi/service/CupboardService.java | 3 ++- 2 files changed, 30 insertions(+), 3 deletions(-) (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/service') diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java index 4e5ebce..cdce80d 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java @@ -25,8 +25,9 @@ public class AuthService { * @param targetUsername The targetUsername of the user trying to be accessed. * @param key The api key obtained by the client from logging in. * @throws IllegalAccessException Thrown if access was denied to the user. + * @throws IOException Thrown on a file writing issue */ - public void authenticate(String targetUsername, String key) throws IllegalAccessException, IOException { + public void keyHasAccessToUser(String targetUsername, String key) throws IllegalAccessException, IOException { var userAuth = userAuthDAO.getUserAuth(key); if (userAuth == null) { throw new IllegalAccessException("Invalid authentication key"); @@ -39,11 +40,36 @@ public class AuthService { } } - public void authenticate(String key) throws IOException, IllegalAccessException { + /** + * Check if the provided key is valid + * @param key The api key obtained by the client from logging in. + * @throws IllegalAccessException Thrown if access was denied to the user. + * @throws IOException Thrown on a file writing issue + */ + public void keyIsValid(String key) throws IOException, IllegalAccessException { + var userAuth = userAuthDAO.getUserAuth(key); + if (userAuth == null) { + throw new IllegalAccessException("Invalid authentication key"); + } + } + + /** + * Check if the provided key has access to edit the cupboard + * @param key The api key obtained by the client from logging in. + * @throws IllegalAccessException Thrown if access was denied to the user. + * @throws IOException Thrown on a file writing issue + */ + public void keyHasAccessToCupboard(String key) throws IOException, IllegalAccessException { var userAuth = userAuthDAO.getUserAuth(key); if (userAuth == null) { throw new IllegalAccessException("Invalid authentication key"); } + + var username = userAuth.getUsername(); + var userType = userService.getUser(username).getType(); + if (userType != User.UserType.MANAGER) { + throw new IllegalAccessException("Provided key does not grant access to perform the requested operation"); + } } /** diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java index 91e3ba5..aaa8cb8 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/CupboardService.java @@ -111,7 +111,7 @@ public class CupboardService { if (checkoutAmount <= 0) { throw new IllegalArgumentException("Amount must be greater than 0"); } - authService.authenticate(key); + authService.keyIsValid(key); Need need = cupboardDAO.getNeed(id); need.incrementCurrent(checkoutAmount); } @@ -124,6 +124,7 @@ public class CupboardService { * @throws IOException Thrown on any problem removing the need */ public boolean deleteNeed(int id) throws IOException { + return cupboardDAO.deleteNeed(id); } } -- cgit v1.2.3