This commit is contained in:
Anthony Stirling 2024-01-13 00:37:19 +00:00
parent 5281d7a49a
commit c8e5023ec1
7 changed files with 94 additions and 17 deletions

View File

@ -28,7 +28,7 @@ licenseReport {
sourceSets { sourceSets {
main { main {
java { java {
if (System.getenv('DOCKER_ENABLE_SECURITY') != 'falsesss') { if (System.getenv('DOCKER_ENABLE_SECURITY') == 'false') {
exclude 'stirling/software/SPDF/config/security/**' exclude 'stirling/software/SPDF/config/security/**'
exclude 'stirling/software/SPDF/controller/api/UserController.java' exclude 'stirling/software/SPDF/controller/api/UserController.java'
exclude 'stirling/software/SPDF/controller/web/AccountWebController.java' exclude 'stirling/software/SPDF/controller/web/AccountWebController.java'
@ -85,11 +85,6 @@ spotless {
} }
} }
compileJava {
options.compilerArgs += '-parameters'
}
dependencies { dependencies {
//security updates //security updates
implementation 'ch.qos.logback:logback-classic:1.4.14' implementation 'ch.qos.logback:logback-classic:1.4.14'
@ -100,7 +95,7 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-web:3.2.1' implementation 'org.springframework.boot:spring-boot-starter-web:3.2.1'
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf:3.2.1' implementation 'org.springframework.boot:spring-boot-starter-thymeleaf:3.2.1'
if (System.getenv('DOCKER_ENABLE_SECURITY') == 'falseee') { if (System.getenv('DOCKER_ENABLE_SECURITY') != 'false') {
implementation 'org.springframework.boot:spring-boot-starter-security:3.2.1' implementation 'org.springframework.boot:spring-boot-starter-security:3.2.1'
implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.1.2.RELEASE' implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.1.2.RELEASE'
implementation "org.springframework.boot:spring-boot-starter-data-jpa:3.2.1" implementation "org.springframework.boot:spring-boot-starter-data-jpa:3.2.1"
@ -169,6 +164,9 @@ dependencies {
tasks.withType(JavaCompile) { tasks.withType(JavaCompile) {
dependsOn 'spotlessApply' dependsOn 'spotlessApply'
} }
compileJava {
options.compilerArgs << ' -parameters'
}
task writeVersion { task writeVersion {
def propsFile = file('src/main/resources/version.properties') def propsFile = file('src/main/resources/version.properties')

View File

@ -13,6 +13,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler; import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.ui.Model; import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
@ -20,13 +21,19 @@ import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.mvc.support.RedirectAttributes; import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import org.springframework.web.servlet.view.RedirectView; import org.springframework.web.servlet.view.RedirectView;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import stirling.software.SPDF.config.security.UserService; import stirling.software.SPDF.config.security.UserService;
import stirling.software.SPDF.model.Role; import stirling.software.SPDF.model.Role;
import stirling.software.SPDF.model.User; import stirling.software.SPDF.model.User;
import stirling.software.SPDF.model.api.misc.OptimizePdfRequest;
import stirling.software.SPDF.model.api.user.UpdateUserDetails;
import stirling.software.SPDF.model.api.user.UsernameAndPass;
@Controller @Controller
@Tag(name = "User", description = "User APIs")
@RequestMapping("/api/v1/user") @RequestMapping("/api/v1/user")
public class UserController { public class UserController {
@ -35,13 +42,13 @@ public class UserController {
@PreAuthorize("!hasAuthority('ROLE_DEMO_USER')") @PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
@PostMapping("/register") @PostMapping("/register")
public String register( public String register(
@RequestParam String username, @RequestParam String password, Model model) { @ModelAttribute UsernameAndPass requestModel, Model model) {
if (userService.usernameExists(username)) { if (userService.usernameExists(requestModel.getUsername())) {
model.addAttribute("error", "Username already exists"); model.addAttribute("error", "Username already exists");
return "register"; return "register";
} }
userService.saveUser(username, password); userService.saveUser(requestModel.getUsername(), requestModel.getPassword());
return "redirect:/login?registered=true"; return "redirect:/login?registered=true";
} }
@ -49,12 +56,18 @@ public class UserController {
@PostMapping("/change-username-and-password") @PostMapping("/change-username-and-password")
public RedirectView changeUsernameAndPassword( public RedirectView changeUsernameAndPassword(
Principal principal, Principal principal,
@RequestParam String currentPassword, @ModelAttribute UpdateUserDetails requestModel,
@RequestParam String newUsername,
@RequestParam String newPassword,
HttpServletRequest request, HttpServletRequest request,
HttpServletResponse response, HttpServletResponse response,
RedirectAttributes redirectAttributes) { RedirectAttributes redirectAttributes) {
String currentPassword = requestModel.getPassword();
String newPassword = requestModel.getNewPassword();
String newUsername = requestModel.getNewUsername();
System.out.println(currentPassword);
System.out.println(newPassword);
if (principal == null) { if (principal == null) {
return new RedirectView("/change-creds?messageType=notAuthenticated"); return new RedirectView("/change-creds?messageType=notAuthenticated");
} }

View File

@ -0,0 +1,16 @@
package stirling.software.SPDF.model.api.user;
import io.swagger.v3.oas.annotations.media.Schema;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
@Data
@NoArgsConstructor
@EqualsAndHashCode(callSuper = true)
public class UpdateUserDetails extends UpdateUserUsername {
@Schema(description = "new password for user")
private String newPassword;
}

View File

@ -0,0 +1,16 @@
package stirling.software.SPDF.model.api.user;
import io.swagger.v3.oas.annotations.media.Schema;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
@Data
@NoArgsConstructor
@EqualsAndHashCode(callSuper = true)
public class UpdateUserUsername extends UsernameAndPass {
@Schema(description = "new password for user")
private String newUsername;
}

View File

@ -0,0 +1,18 @@
package stirling.software.SPDF.model.api.user;
import org.springframework.web.multipart.MultipartFile;
import io.swagger.v3.oas.annotations.media.Schema;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
@Data
@EqualsAndHashCode
@NoArgsConstructor
public class Username {
@Schema(description = "username of user")
private String username;
}

View File

@ -0,0 +1,16 @@
package stirling.software.SPDF.model.api.user;
import io.swagger.v3.oas.annotations.media.Schema;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
@Data
@NoArgsConstructor
@EqualsAndHashCode(callSuper = true)
public class UsernameAndPass extends Username {
@Schema(description = "password of user")
private String password;
}

View File

@ -39,12 +39,12 @@
<h4 th:text="#{changeCreds.changeUserAndPassword}">Change Username and password</h4> <h4 th:text="#{changeCreds.changeUserAndPassword}">Change Username and password</h4>
<form action="api/v1/user/change-username-and-password" method="post"> <form action="api/v1/user/change-username-and-password" method="post">
<div class="mb-3"> <div class="mb-3">
<label for="newUsername" th:text="#{changeCreds.newUsername}">New Username</label> <label for="username" th:text="#{changeCreds.username}">New Username</label>
<input type="text" class="form-control" name="newUsername" id="newUsername" th:placeholder="${username}"> <input type="text" class="form-control" name="username" id="username" th:placeholder="${username}">
</div> </div>
<div class="mb-3"> <div class="mb-3">
<label for="currentPassword" th:text="#{changeCreds.oldPassword}">Old Password</label> <label for="password" th:text="#{changeCreds.oldPassword}">Old Password</label>
<input type="password" class="form-control" name="currentPassword" id="currentPasswordPassword" th:placeholder="#{changeCreds.oldPassword}"> <input type="password" class="form-control" name="password" id="password" th:placeholder="#{changeCreds.oldPassword}">
</div> </div>
<div class="mb-3"> <div class="mb-3">
<label for="newPassword" th:text="#{changeCreds.newPassword}">New Password</label> <label for="newPassword" th:text="#{changeCreds.newPassword}">New Password</label>