From c8e5023ec16d46fcc567957e31e5122f55260b67 Mon Sep 17 00:00:00 2001
From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
Date: Sat, 13 Jan 2024 00:37:19 +0000
Subject: [PATCH] fix

---
 build.gradle                                  | 12 ++++-----
 .../SPDF/controller/api/UserController.java   | 25 ++++++++++++++-----
 .../model/api/user/UpdateUserDetails.java     | 16 ++++++++++++
 .../model/api/user/UpdateUserUsername.java    | 16 ++++++++++++
 .../SPDF/model/api/user/Username.java         | 18 +++++++++++++
 .../SPDF/model/api/user/UsernameAndPass.java  | 16 ++++++++++++
 .../resources/templates/change-creds.html     |  8 +++---
 7 files changed, 94 insertions(+), 17 deletions(-)
 create mode 100644 src/main/java/stirling/software/SPDF/model/api/user/UpdateUserDetails.java
 create mode 100644 src/main/java/stirling/software/SPDF/model/api/user/UpdateUserUsername.java
 create mode 100644 src/main/java/stirling/software/SPDF/model/api/user/Username.java
 create mode 100644 src/main/java/stirling/software/SPDF/model/api/user/UsernameAndPass.java

diff --git a/build.gradle b/build.gradle
index 68797450..ebd73077 100644
--- a/build.gradle
+++ b/build.gradle
@@ -28,7 +28,7 @@ licenseReport {
 sourceSets {
     main {
         java {
-            if (System.getenv('DOCKER_ENABLE_SECURITY') != 'falsesss') {
+            if (System.getenv('DOCKER_ENABLE_SECURITY') == 'false') {
                 exclude 'stirling/software/SPDF/config/security/**'
                 exclude 'stirling/software/SPDF/controller/api/UserController.java'
                 exclude 'stirling/software/SPDF/controller/web/AccountWebController.java'
@@ -85,11 +85,6 @@ spotless {
     }
 }
 
-compileJava {
-    options.compilerArgs += '-parameters'
-}
-
-
 dependencies {
     //security updates
     implementation 'ch.qos.logback:logback-classic:1.4.14'
@@ -100,7 +95,7 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-web:3.2.1'
     implementation 'org.springframework.boot:spring-boot-starter-thymeleaf:3.2.1'
 
-    if (System.getenv('DOCKER_ENABLE_SECURITY') == 'falseee') {
+    if (System.getenv('DOCKER_ENABLE_SECURITY') != 'false') {
         implementation 'org.springframework.boot:spring-boot-starter-security:3.2.1'
         implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.1.2.RELEASE'
         implementation "org.springframework.boot:spring-boot-starter-data-jpa:3.2.1"
@@ -169,6 +164,9 @@ dependencies {
 tasks.withType(JavaCompile) {
     dependsOn 'spotlessApply'
 }
+compileJava {
+    options.compilerArgs << ' -parameters'
+}
 
 task writeVersion {
     def propsFile = file('src/main/resources/version.properties')
diff --git a/src/main/java/stirling/software/SPDF/controller/api/UserController.java b/src/main/java/stirling/software/SPDF/controller/api/UserController.java
index 89e81c99..cece8c49 100644
--- a/src/main/java/stirling/software/SPDF/controller/api/UserController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/UserController.java
@@ -13,6 +13,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -20,13 +21,19 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 import org.springframework.web.servlet.view.RedirectView;
 
+import io.swagger.v3.oas.annotations.tags.Tag;
+
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import stirling.software.SPDF.config.security.UserService;
 import stirling.software.SPDF.model.Role;
 import stirling.software.SPDF.model.User;
+import stirling.software.SPDF.model.api.misc.OptimizePdfRequest;
+import stirling.software.SPDF.model.api.user.UpdateUserDetails;
+import stirling.software.SPDF.model.api.user.UsernameAndPass;
 
 @Controller
+@Tag(name = "User", description = "User APIs")
 @RequestMapping("/api/v1/user")
 public class UserController {
 
@@ -35,13 +42,13 @@ public class UserController {
     @PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
     @PostMapping("/register")
     public String register(
-            @RequestParam String username, @RequestParam String password, Model model) {
-        if (userService.usernameExists(username)) {
+    		@ModelAttribute UsernameAndPass requestModel, Model model) {
+        if (userService.usernameExists(requestModel.getUsername())) {
             model.addAttribute("error", "Username already exists");
             return "register";
         }
 
-        userService.saveUser(username, password);
+        userService.saveUser(requestModel.getUsername(), requestModel.getPassword());
         return "redirect:/login?registered=true";
     }
 
@@ -49,12 +56,18 @@ public class UserController {
     @PostMapping("/change-username-and-password")
     public RedirectView changeUsernameAndPassword(
             Principal principal,
-            @RequestParam String currentPassword,
-            @RequestParam String newUsername,
-            @RequestParam String newPassword,
+            @ModelAttribute UpdateUserDetails requestModel,
             HttpServletRequest request,
             HttpServletResponse response,
             RedirectAttributes redirectAttributes) {
+
+    	
+    	String currentPassword = requestModel.getPassword();
+    	String newPassword = requestModel.getNewPassword();
+    	String newUsername = requestModel.getNewUsername();
+    			
+        System.out.println(currentPassword);
+        System.out.println(newPassword);
         if (principal == null) {
             return new RedirectView("/change-creds?messageType=notAuthenticated");
         }
diff --git a/src/main/java/stirling/software/SPDF/model/api/user/UpdateUserDetails.java b/src/main/java/stirling/software/SPDF/model/api/user/UpdateUserDetails.java
new file mode 100644
index 00000000..d8cbf790
--- /dev/null
+++ b/src/main/java/stirling/software/SPDF/model/api/user/UpdateUserDetails.java
@@ -0,0 +1,16 @@
+package stirling.software.SPDF.model.api.user;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.NoArgsConstructor;
+
+@Data
+@NoArgsConstructor
+@EqualsAndHashCode(callSuper = true)
+public class UpdateUserDetails extends UpdateUserUsername {
+
+    @Schema(description = "new password for user")
+    private String newPassword;
+}
diff --git a/src/main/java/stirling/software/SPDF/model/api/user/UpdateUserUsername.java b/src/main/java/stirling/software/SPDF/model/api/user/UpdateUserUsername.java
new file mode 100644
index 00000000..8b457605
--- /dev/null
+++ b/src/main/java/stirling/software/SPDF/model/api/user/UpdateUserUsername.java
@@ -0,0 +1,16 @@
+package stirling.software.SPDF.model.api.user;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.NoArgsConstructor;
+
+@Data
+@NoArgsConstructor
+@EqualsAndHashCode(callSuper = true)
+public class UpdateUserUsername extends UsernameAndPass {
+
+    @Schema(description = "new password for user")
+    private String newUsername;
+}
diff --git a/src/main/java/stirling/software/SPDF/model/api/user/Username.java b/src/main/java/stirling/software/SPDF/model/api/user/Username.java
new file mode 100644
index 00000000..3460745d
--- /dev/null
+++ b/src/main/java/stirling/software/SPDF/model/api/user/Username.java
@@ -0,0 +1,18 @@
+package stirling.software.SPDF.model.api.user;
+
+import org.springframework.web.multipart.MultipartFile;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.NoArgsConstructor;
+
+@Data
+@EqualsAndHashCode
+@NoArgsConstructor
+public class Username {
+
+    @Schema(description = "username of user")
+    private String username;
+}
diff --git a/src/main/java/stirling/software/SPDF/model/api/user/UsernameAndPass.java b/src/main/java/stirling/software/SPDF/model/api/user/UsernameAndPass.java
new file mode 100644
index 00000000..d925eef1
--- /dev/null
+++ b/src/main/java/stirling/software/SPDF/model/api/user/UsernameAndPass.java
@@ -0,0 +1,16 @@
+package stirling.software.SPDF.model.api.user;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.NoArgsConstructor;
+
+@Data
+@NoArgsConstructor
+@EqualsAndHashCode(callSuper = true)
+public class UsernameAndPass extends Username {
+
+    @Schema(description = "password of user")
+    private String password;
+}
diff --git a/src/main/resources/templates/change-creds.html b/src/main/resources/templates/change-creds.html
index a954e862..32a61e16 100644
--- a/src/main/resources/templates/change-creds.html
+++ b/src/main/resources/templates/change-creds.html
@@ -39,12 +39,12 @@
                         <h4 th:text="#{changeCreds.changeUserAndPassword}">Change Username and password</h4>
                         <form action="api/v1/user/change-username-and-password" method="post">
                             <div class="mb-3">
-                                <label for="newUsername" th:text="#{changeCreds.newUsername}">New Username</label>
-                                <input type="text" class="form-control" name="newUsername" id="newUsername" th:placeholder="${username}">
+                                <label for="username" th:text="#{changeCreds.username}">New Username</label>
+                                <input type="text" class="form-control" name="username" id="username" th:placeholder="${username}">
                             </div>
                             <div class="mb-3">
-                                <label for="currentPassword" th:text="#{changeCreds.oldPassword}">Old Password</label>
-                                <input type="password" class="form-control" name="currentPassword" id="currentPasswordPassword"  th:placeholder="#{changeCreds.oldPassword}">
+                                <label for="password" th:text="#{changeCreds.oldPassword}">Old Password</label>
+                                <input type="password" class="form-control" name="password" id="password"  th:placeholder="#{changeCreds.oldPassword}">
                             </div>
                             <div class="mb-3">
                                 <label for="newPassword" th:text="#{changeCreds.newPassword}">New Password</label>