From 885de4e1c145fe1a7796f573c58aea903c71867e Mon Sep 17 00:00:00 2001 From: Paulo Gustavo Veiga Date: Wed, 7 Feb 2024 00:04:06 -0800 Subject: [PATCH] Fix login bug. --- .../filter/JwtAuthenticationFilter.java | 8 +- .../wisemapping/rest/MindmapController.java | 12 +- .../com/wisemapping/rest/UserController.java | 160 +++++++++--------- .../rest/model/RestMindmapMetadata.java | 47 +++++ wise-api/src/main/resources/application.yml | 3 + 5 files changed, 147 insertions(+), 83 deletions(-) create mode 100644 wise-api/src/main/java/com/wisemapping/rest/model/RestMindmapMetadata.java diff --git a/wise-api/src/main/java/com/wisemapping/filter/JwtAuthenticationFilter.java b/wise-api/src/main/java/com/wisemapping/filter/JwtAuthenticationFilter.java index c0695515..fe462d9d 100644 --- a/wise-api/src/main/java/com/wisemapping/filter/JwtAuthenticationFilter.java +++ b/wise-api/src/main/java/com/wisemapping/filter/JwtAuthenticationFilter.java @@ -11,8 +11,10 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.jetbrains.annotations.NotNull; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.dao.DataAccessException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; @@ -43,13 +45,13 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { if (email.isPresent() && jwtTokenUtil.validateJwtToken(token.get())) { // Is it an existing user ? - final UserDetails userDetails = userDetailsService.loadUserByUsername(email.get()); - if (userDetails != null) { + try { + final UserDetails userDetails = userDetailsService.loadUserByUsername(email.get()); final UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken( userDetails, null, userDetails.getAuthorities()); authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); SecurityContextHolder.getContext().setAuthentication(authenticationToken); - } else { + } catch (UsernameNotFoundException e) { logger.trace("User " + email.get() + " could not be found"); } } diff --git a/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java b/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java index f4784bc3..526c5fcb 100644 --- a/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java +++ b/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java @@ -69,7 +69,7 @@ public class MindmapController extends BaseController { @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')") - @RequestMapping(method = RequestMethod.GET, value = "/{id}", produces = {"application/json"}) + @RequestMapping(method = RequestMethod.GET, value = "/{id}", produces = {"application/json"}) @ResponseBody public RestMindmap retrieve(@PathVariable int id) throws WiseMappingException { final User user = Utils.getUser(); @@ -77,6 +77,16 @@ public class MindmapController extends BaseController { return new RestMindmap(mindMap, user); } + @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')") + @RequestMapping(method = RequestMethod.GET, value = "/{id}/metadata", produces = {"application/json"}) + @ResponseBody + public RestMindmap retrieveMetadata(@PathVariable int id) throws WiseMappingException { + final User user = Utils.getUser(); + + final Mindmap mindMap = findMindmapById(id); + return new RestMindmap(mindMap, user); + } + @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')") @RequestMapping(method = RequestMethod.GET, value = "/", produces = {"application/json"}) public RestMindmapList retrieveList(@RequestParam(required = false) String q) { diff --git a/wise-api/src/main/java/com/wisemapping/rest/UserController.java b/wise-api/src/main/java/com/wisemapping/rest/UserController.java index 8e04eb4c..875719d9 100644 --- a/wise-api/src/main/java/com/wisemapping/rest/UserController.java +++ b/wise-api/src/main/java/com/wisemapping/rest/UserController.java @@ -51,100 +51,102 @@ import java.util.List; @RequestMapping("/api/restful/users") public class UserController extends BaseController { - @Qualifier("userService") - @Autowired - private UserService userService; + @Qualifier("userService") + @Autowired + private UserService userService; - @Autowired - private RecaptchaService captchaService; + @Autowired + private RecaptchaService captchaService; - @Qualifier("authenticationManager") - @Autowired - private AuthenticationManager authManager; + @Qualifier("authenticationManager") + @Autowired + private AuthenticationManager authManager; - @Value("${google.recaptcha2.enabled:false}") - private Boolean recatchaEnabled; + @Value("${google.recaptcha2.enabled:false}") + private Boolean recatchaEnabled; - @Value("${accounts.exclusion.domain:''}") - private String domainBanExclusion; + @Value("${app.accounts.exclusion.domain:''}") + private String domainBanExclusion; - private static final Logger logger = LogManager.getLogger(); - private static final String REAL_IP_ADDRESS_HEADER = "X-Real-IP"; + private static final Logger logger = LogManager.getLogger(); + private static final String REAL_IP_ADDRESS_HEADER = "X-Real-IP"; - @RequestMapping(method = RequestMethod.POST, value = "/", produces = { "application/json" }) - @ResponseStatus(value = HttpStatus.CREATED) - public void registerUser(@RequestBody RestUserRegistration registration, @NotNull HttpServletRequest request, - @NotNull HttpServletResponse response) throws WiseMappingException, BindException { - logger.debug("Register new user:" + registration.getEmail()); + @RequestMapping(method = RequestMethod.POST, value = "/", produces = {"application/json"}) + @ResponseStatus(value = HttpStatus.CREATED) + public void registerUser(@RequestBody RestUserRegistration registration, @NotNull HttpServletRequest request, + @NotNull HttpServletResponse response) throws WiseMappingException, BindException { + logger.debug("Register new user:" + registration.getEmail()); - if (registration.getPassword().length() > User.MAX_PASSWORD_LENGTH_SIZE) { - throw new PasswordTooLongException(); - } + if (registration.getPassword().length() > User.MAX_PASSWORD_LENGTH_SIZE) { + throw new PasswordTooLongException(); + } - // If tomcat is behind a reverse proxy, ip needs to be found in other header. - String remoteIp = request.getHeader(REAL_IP_ADDRESS_HEADER); - if (remoteIp == null || remoteIp.isEmpty()) { - remoteIp = request.getRemoteAddr(); - } - logger.debug("Remote address" + remoteIp); + // If tomcat is behind a reverse proxy, ip needs to be found in other header. + String remoteIp = request.getHeader(REAL_IP_ADDRESS_HEADER); + if (remoteIp == null || remoteIp.isEmpty()) { + remoteIp = request.getRemoteAddr(); + } + logger.debug("Remote address" + remoteIp); - verify(registration, remoteIp); + verify(registration, remoteIp); - final User user = new User(); - user.setEmail(registration.getEmail().trim()); - user.setFirstname(registration.getFirstname()); - user.setLastname(registration.getLastname()); - user.setPassword(registration.getPassword()); + final User user = new User(); + user.setEmail(registration.getEmail().trim()); + user.setFirstname(registration.getFirstname()); + user.setLastname(registration.getLastname()); + user.setPassword(registration.getPassword()); - user.setAuthenticationType(AuthenticationType.DATABASE); - userService.createUser(user, false, true); - response.setHeader("Location", "/api/restful/users/" + user.getId()); - } + user.setAuthenticationType(AuthenticationType.DATABASE); + userService.createUser(user, false, true); + response.setHeader("Location", "/api/restful/users/" + user.getId()); + response.setHeader("ResourceId", Integer.toString(user.getId())); - @RequestMapping(method = RequestMethod.PUT, value = "/resetPassword", produces = { "application/json" }) - @ResponseStatus(value = HttpStatus.OK) - public RestResetPasswordResponse resetPassword(@RequestParam String email) throws InvalidAuthSchemaException, EmailNotExistsException { - try { - return userService.resetPassword(email); - } catch (InvalidUserEmailException e) { - throw new EmailNotExistsException(e); - } - } + } - private void verify(@NotNull final RestUserRegistration registration, @NotNull String remoteAddress) - throws BindException { + @RequestMapping(method = RequestMethod.PUT, value = "/resetPassword", produces = {"application/json"}) + @ResponseStatus(value = HttpStatus.OK) + public RestResetPasswordResponse resetPassword(@RequestParam String email) throws InvalidAuthSchemaException, EmailNotExistsException { + try { + return userService.resetPassword(email); + } catch (InvalidUserEmailException e) { + throw new EmailNotExistsException(e); + } + } - final BindException errors = new RegistrationException(registration, "registration"); - final UserValidator validator = new UserValidator(); - validator.setUserService(userService); - validator.validate(registration, errors); + private void verify(@NotNull final RestUserRegistration registration, @NotNull String remoteAddress) + throws BindException { - // If captcha is enabled, generate it ... - if (recatchaEnabled) { - final String recaptcha = registration.getRecaptcha(); - if (recaptcha != null) { - final String reCaptchaResponse = captchaService.verifyRecaptcha(remoteAddress, recaptcha); - if (reCaptchaResponse != null && !reCaptchaResponse.isEmpty()) { - errors.rejectValue("recaptcha", reCaptchaResponse); - } - } else { - errors.rejectValue("recaptcha", Messages.CAPTCHA_LOADING_ERROR); - } - } else { - logger.warn("captchaEnabled is enabled.Recommend to enable it for production environments."); - } + final BindException errors = new RegistrationException(registration, "registration"); + final UserValidator validator = new UserValidator(); + validator.setUserService(userService); + validator.validate(registration, errors); - if (errors.hasErrors()) { - throw errors; - } + // If captcha is enabled, generate it ... + if (recatchaEnabled) { + final String recaptcha = registration.getRecaptcha(); + if (recaptcha != null) { + final String reCaptchaResponse = captchaService.verifyRecaptcha(remoteAddress, recaptcha); + if (reCaptchaResponse != null && !reCaptchaResponse.isEmpty()) { + errors.rejectValue("recaptcha", reCaptchaResponse); + } + } else { + errors.rejectValue("recaptcha", Messages.CAPTCHA_LOADING_ERROR); + } + } else { + logger.warn("captchaEnabled is enabled.Recommend to enable it for production environments."); + } - // Is excluded ?. - final List excludedDomains = Arrays.asList(domainBanExclusion.split(",")); - final String emailDomain = registration.getEmail().split("@")[1]; - if (excludedDomains.contains(emailDomain)) { - throw new IllegalArgumentException( - "Email is part of ban exclusion list due to abuse. Please, contact site admin if you think this is an error." - + emailDomain); - } - } + if (errors.hasErrors()) { + throw errors; + } + + // Is excluded ?. + final List excludedDomains = Arrays.asList(domainBanExclusion.split(",")); + final String emailDomain = registration.getEmail().split("@")[1]; + if (excludedDomains.contains(emailDomain)) { + throw new IllegalArgumentException( + "Email is part of ban exclusion list due to abuse. Please, contact site admin if you think this is an error." + + emailDomain); + } + } } diff --git a/wise-api/src/main/java/com/wisemapping/rest/model/RestMindmapMetadata.java b/wise-api/src/main/java/com/wisemapping/rest/model/RestMindmapMetadata.java new file mode 100644 index 00000000..63158ce3 --- /dev/null +++ b/wise-api/src/main/java/com/wisemapping/rest/model/RestMindmapMetadata.java @@ -0,0 +1,47 @@ +/* + * Copyright [2022] [wisemapping] + * + * Licensed under WiseMapping Public License, Version 1.0 (the "License"). + * It is basically the Apache License, Version 2.0 (the "License") plus the + * "powered by wisemapping" text requirement on every single page; + * you may not use this file except in compliance with the License. + * You may obtain a copy of the license at + * + * http://www.wisemapping.org/license + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.wisemapping.rest.model; + + +import com.fasterxml.jackson.annotation.JsonAutoDetect; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.wisemapping.exceptions.InvalidMindmapException; +import com.wisemapping.exceptions.WiseMappingException; +import com.wisemapping.model.*; +import com.wisemapping.util.TimeUtils; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +import java.io.IOException; +import java.util.Calendar; + +@JsonAutoDetect( + fieldVisibility = JsonAutoDetect.Visibility.NONE, + setterVisibility = JsonAutoDetect.Visibility.PUBLIC_ONLY, + isGetterVisibility = JsonAutoDetect.Visibility.NONE, + getterVisibility = JsonAutoDetect.Visibility.PUBLIC_ONLY +) +@JsonIgnoreProperties(ignoreUnknown = true) +public class RestMindmapMetadata { + + public RestMindmapMetadata() throws WiseMappingException { + } + +} diff --git a/wise-api/src/main/resources/application.yml b/wise-api/src/main/resources/application.yml index 13c110ba..12e87cc1 100755 --- a/wise-api/src/main/resources/application.yml +++ b/wise-api/src/main/resources/application.yml @@ -58,6 +58,9 @@ app: mail: serverSendEmail: root@localhost supportEmail: root@localhost +# accounts: +# exclusion: +# domain: