Authorization working

2025-02-22 16:54:37 -05:00
parent 96419f0077
commit 02c615ee0c
47 changed files with 1894 additions and 0 deletions
--- a/src/main/java/com/mattrixwv/raidbuilder/controller/AuthenticationController.java
+++ b/src/main/java/com/mattrixwv/raidbuilder/controller/AuthenticationController.java
@@ -0,0 +1,348 @@
+package com.mattrixwv.raidbuilder.controller;
+
+
+import java.time.ZonedDateTime;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import org.springframework.security.authorization.AuthorizationDeniedException;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.mattrixwv.raidbuilder.annotation.AccountAuthorization;
+import com.mattrixwv.raidbuilder.config.TokenService;
+import com.mattrixwv.raidbuilder.entity.Account;
+import com.mattrixwv.raidbuilder.service.AccountService;
+import com.mattrixwv.raidbuilder.util.DatabaseTypeUtil.AccountPermissionType;
+import com.mattrixwv.raidbuilder.util.DatabaseTypeUtil.AccountStatus;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+
+
+@Slf4j
+@RestController
+@RequestMapping("/auth")
+@RequiredArgsConstructor
+public class AuthenticationController{
+	private final ObjectMapper mapper;
+	private final TokenService tokenService;
+	private final AccountService accountService;
+
+	@PostMapping("/token")
+	@AccountAuthorization(permissions = {})
+	public ObjectNode token(Authentication authentication){
+		log.info("Token requested for user {}", authentication.getName());
+
+
+		Account account = accountService.getByUsername(authentication.getName());
+		String token = tokenService.generateAccessToken(account);
+		log.debug("Token granted {}", token);
+		ObjectNode tokenNode = mapper.valueToTree(account);
+		tokenNode.put("token", token);
+
+
+		return tokenNode;
+	}
+
+	@PostMapping("/refresh")
+	@AccountAuthorization(permissions = {})
+	public ObjectNode refresh(@RequestBody ObjectNode refreshTokenNode){
+		log.info("Refreshing token");
+
+
+		UUID refreshToken = UUID.fromString(refreshTokenNode.get("refreshToken").asText());
+		log.debug("refreshToken: {}", refreshToken);
+
+		Account account = accountService.getByRefreshToken(refreshToken);
+
+		if(account == null){
+			throw new AuthorizationDeniedException("Refresh token is invalid", () -> false);
+		}
+
+		//Update login date
+		account.setLoginDate(ZonedDateTime.now());
+		account = accountService.updateAccount(account);
+
+		String token = tokenService.generateAccessToken(account);
+		log.debug("new token: {}", token);
+		ObjectNode tokenNode = mapper.valueToTree(account);
+		tokenNode.put("token", token);
+
+		return tokenNode;
+	}
+
+	@PostMapping("/signup")
+	@AccountAuthorization(permissions = {})
+	public ObjectNode signup(@RequestBody Account account){
+		log.info("Creating account {}", account.getUsername());
+
+
+		ObjectNode returnNode = mapper.createObjectNode();
+
+		//Verify account object
+		List<String> errors = verifyNewAccount(account);
+		if(errors.isEmpty()){
+			//Create the account
+			account = accountService.createAccount(account);
+
+			returnNode.put("accountId", account.getAccountId().toString());
+			returnNode.put("status", "success");
+
+			//TODO: Send email
+
+			log.info("Successfully created account: {}", account.getAccountId());
+		}
+		else{
+			ArrayNode errorsNode = mapper.createArrayNode();
+			errors.forEach(errorsNode::add);
+			returnNode.set("errors", errorsNode);
+
+			log.info("Error creating account: {}", errors);
+		}
+
+		return returnNode;
+	}
+
+	@PostMapping("/confirm")
+	@AccountAuthorization(permissions = {})
+	public ObjectNode confirm(@RequestBody ObjectNode confirmNode){
+		UUID confirmToken = UUID.fromString(confirmNode.get("confirmToken").asText());
+		log.info("Confirming account with token {}", confirmToken);
+
+
+		ObjectNode returnNode = mapper.createObjectNode();
+
+		//Verify token
+		Account account = accountService.getByRefreshToken(confirmToken);
+		log.debug("Found account: {}", account);
+		if((account != null) &&  (account.getAccountStatus() == AccountStatus.UNCONFIRMED) && (account.getRefreshTokenExpiration().isAfter(ZonedDateTime.now()))){
+			accountService.confirmAccount(account);
+
+			returnNode.put("status", "success");
+		}
+		else{
+			ArrayNode errorsNode = mapper.createArrayNode();
+			errorsNode.add("Account is not unconfirmed");
+			returnNode.set("errors", errorsNode);
+		}
+
+		return returnNode;
+	}
+
+	@PostMapping("/forgot")
+	@AccountAuthorization(permissions = {})
+	public ObjectNode forgot(@RequestParam("loginId") String loginId){
+		log.info("Setting up user that forgot their password: {}", loginId);
+
+
+		ObjectNode returnNode = mapper.createObjectNode();
+
+		//Verify the account exists
+		Account account = accountService.getByUsername(loginId);
+		if(account != null){
+			//Setup token
+			UUID token = UUID.randomUUID();
+			account.setRefreshToken(token);
+			account.setRefreshTokenExpiration(ZonedDateTime.now().plusHours(1));
+			account.setAccountStatus(AccountStatus.LOCKED);
+
+			account = accountService.updateAccount(account);
+
+			//TODO: Send email
+
+			returnNode.put("status", "success");
+		}
+		else{
+			ArrayNode errorsNode = mapper.createArrayNode();
+			errorsNode.add("Could not find account with login " + loginId);
+			returnNode.set("errors", errorsNode);
+		}
+
+		return returnNode;
+	}
+
+	@PostMapping("/forgot/reset")
+	@AccountAuthorization(permissions = {})
+	public ObjectNode setNewPasswordForgot(@RequestBody ObjectNode forgotNode){
+		UUID forgotToken = UUID.fromString(forgotNode.get("forgotToken").asText());
+		String newPassword = forgotNode.get("password").asText();
+		log.info("Confirming user reset password (forget) with token {}", forgotToken);
+
+
+		ObjectNode returnNode = mapper.createObjectNode();
+
+
+		//Verify the account exists
+		Account existingAccount = accountService.getByRefreshToken(forgotToken);
+		if(existingAccount != null){
+			existingAccount = accountService.updatePassword(existingAccount.getAccountId(), newPassword);
+
+			existingAccount.setRefreshToken(null);
+			existingAccount.setRefreshTokenExpiration(null);
+			existingAccount.setAccountStatus(AccountStatus.ACTIVE);
+			existingAccount = accountService.updateAccount(existingAccount);
+
+			returnNode.put("status", "success");
+		}
+		else{
+			ArrayNode errorsNode = mapper.createArrayNode();
+			errorsNode.add("Invalid token");
+			returnNode.set("errors", errorsNode);
+		}
+
+		return returnNode;
+	}
+
+	@PostMapping("/resetPassword")
+	@AccountAuthorization(permissions = {})
+	public ObjectNode resetPassword(Authentication authentication, @RequestBody ObjectNode requestNode){
+		log.info("Resetting password for {}", authentication.getName());
+
+
+		if((requestNode == null) || (!requestNode.has("password"))){
+			throw new IllegalArgumentException("Invalid request");
+		}
+
+		Account account = accountService.getByUsername(authentication.getName());
+		accountService.updatePassword(account.getAccountId(), requestNode.get("password").asText());
+		account.setForceReset(false);
+		accountService.updateAccount(account);
+
+		ObjectNode returnNode = mapper.createObjectNode();
+		returnNode.put("status", "success");
+
+
+		return returnNode;
+	}
+
+	@PostMapping("/logout")
+	@AccountAuthorization(permissions = {})
+	public ObjectNode logout(Authentication authentication){
+		log.info("Logging out account {}", authentication.getName());
+
+
+		Account account = accountService.getByUsername(authentication.getName());
+		if(account != null){
+			account.setRefreshToken(null);
+			account.setRefreshTokenExpiration(null);
+			account = accountService.updateAccount(account);
+		}
+
+		ObjectNode returnNode = mapper.createObjectNode();
+		returnNode.put("status", "success");
+
+
+		return returnNode;
+	}
+
+	@PutMapping("/{accountId}/revokeRefreshToken")
+	@AccountAuthorization(permissions = {AccountPermissionType.ADMIN})
+	public ObjectNode revokeRefreshToken(@PathVariable("accountId") UUID accountId){
+		log.info("Revoking refresh token for account {}", accountId);
+
+
+		Account account = accountService.getByAccountId(accountId);
+		account.setRefreshToken(null);
+		account.setRefreshTokenExpiration(null);
+		account = accountService.updateAccount(account);
+
+		ObjectNode returnNode = mapper.createObjectNode();
+		returnNode.put("status", "success");
+		returnNode.put("accountId", account.getAccountId().toString());
+
+		return returnNode;
+	}
+
+
+	private List<String> verifyNewAccount(Account account){
+		ArrayList<String> errors = new ArrayList<>();
+
+		//Check ID
+		if(account.getAccountId() != null){
+			errors.add("Invalid Account ID");
+		}
+
+		//Check login exists in entity
+		if((account.getUsername() == null) || (account.getUsername().isEmpty())){
+			errors.add("Invalid Login ID");
+		}
+		else{
+			//Check login doesn't exist in db
+			Account existingAccount = accountService.getByUsername(account.getUsername());
+			if(existingAccount != null){
+				errors.add("Login ID already exists");
+			}
+		}
+
+		//Check password exists in entity
+		if((account.getPassword() == null) || (account.getPassword().isEmpty())){
+			errors.add("No password found");
+		}
+
+		//Check email exists in entity
+		if((account.getEmail() == null) || (account.getEmail().isEmpty())){
+			errors.add("Invalid email");
+		}
+		else{
+			//Check email doesn't exist in db
+			Account existingAccount = accountService.getByEmail(account.getEmail());
+			if(existingAccount != null){
+				errors.add("Account with email already exists");
+			}
+		}
+
+		return errors;
+	}
+
+	private List<String> verifyUpdatedAccount(Account account){
+		ArrayList<String> errors = new ArrayList<>();
+
+		//Check ID
+		if(account.getAccountId() == null){
+			errors.add("Invalid Account ID");
+		}
+
+		//Verify account exists
+		Account existingAccount = accountService.getByAccountId(account.getAccountId());
+		if(existingAccount == null){
+			errors.add("Account not found");
+		}
+
+		//Check login exists in entity
+		if((account.getUsername() == null) || (account.getUsername().isEmpty())){
+			errors.add("Invalid Login ID");
+		}
+		else{
+			//Check login doesn't exist in db, other than the object itself
+			Account existingAccountByLogin = accountService.getByUsername(account.getUsername());
+			if((existingAccountByLogin != null) && (!existingAccountByLogin.getAccountId().equals(account.getAccountId()))){
+				errors.add("Login ID already exists");
+			}
+		}
+
+		//Check email exists in entity
+		if((account.getEmail() == null) || (account.getEmail().isEmpty())){
+			errors.add("Invalid email");
+		}
+		else{
+			//Check email doesn't exist in db, other than the object itself
+			Account existingAccountByEmail = accountService.getByEmail(account.getEmail());
+			if((existingAccountByEmail != null) && (!existingAccountByEmail.getAccountId().equals(account.getAccountId()))){
+				errors.add("Account with email already exists");
+			}
+		}
+
+		return errors;
+	}
+}
--- a/src/main/java/com/mattrixwv/raidbuilder/controller/ExceptionController.java
+++ b/src/main/java/com/mattrixwv/raidbuilder/controller/ExceptionController.java
@@ -0,0 +1,75 @@
+package com.mattrixwv.raidbuilder.controller;
+
+
+import org.springframework.http.HttpStatus;
+import org.springframework.security.authorization.AuthorizationDeniedException;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.mattrixwv.raidbuilder.exception.MissingAuthorizationException;
+
+import lombok.extern.slf4j.Slf4j;
+
+
+@Slf4j
+@RestControllerAdvice
+public class ExceptionController{
+	private static final ObjectMapper mapper = new ObjectMapper();
+
+
+	@ExceptionHandler(Exception.class)
+	@ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
+	@ResponseBody
+	public ObjectNode genericExceptionHandler(Exception error){
+		log.error(error.getMessage(), error);
+
+
+		ObjectNode returnJson = mapper.createObjectNode();
+		ArrayNode errorsNode = mapper.createArrayNode();
+		errorsNode.add(error.getMessage());
+		returnJson.set("errors", errorsNode);
+		returnJson.put("status", "error");
+
+
+		return returnJson;
+	}
+
+	@ExceptionHandler(AuthorizationDeniedException.class)
+	@ResponseStatus(HttpStatus.FORBIDDEN)
+	@ResponseBody
+	public ObjectNode authorizationExceptionHandler(AuthorizationDeniedException error){
+		log.info(error.getMessage());
+
+
+		ObjectNode returnJson = mapper.createObjectNode();
+		ArrayNode errorsNode = mapper.createArrayNode();
+		errorsNode.add(error.getMessage());
+		returnJson.set("errors", errorsNode);
+		returnJson.put("status", "error");
+
+
+		return returnJson;
+	}
+
+	@ExceptionHandler(MissingAuthorizationException.class)
+	@ResponseStatus(HttpStatus.FORBIDDEN)
+	@ResponseBody
+	public ObjectNode missingAuthorizationExceptionHandler(MissingAuthorizationException error){
+		log.info(error.getMessage());
+
+
+		ObjectNode returnJson = mapper.createObjectNode();
+		ArrayNode errorsNode = mapper.createArrayNode();
+		errorsNode.add("Server is misconfigured");
+		returnJson.set("errors", errorsNode);
+		returnJson.put("status", "error");
+
+
+		return returnJson;
+	}
+}