Index: backend/src/main/java/com/tradingmk/backend/config/SecurityConfig.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/config/SecurityConfig.java (revision a94fd9e8dc0b7e5b6336ed1783296b4f8e89ad9e) +++ backend/src/main/java/com/tradingmk/backend/config/SecurityConfig.java (revision 81e3c796855e92b468fc28f1faa1eb27f86de864) @@ -33,5 +33,5 @@ "/topic/**", "/api/history/upload", - "/api/history/{symbol}","/api/trades/**") + "/api/history/{symbol}","/api/trades/**","/api/auth/link/confirm") .permitAll() .anyRequest() Index: backend/src/main/java/com/tradingmk/backend/controller/AuthLinkController.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/controller/AuthLinkController.java (revision 81e3c796855e92b468fc28f1faa1eb27f86de864) +++ backend/src/main/java/com/tradingmk/backend/controller/AuthLinkController.java (revision 81e3c796855e92b468fc28f1faa1eb27f86de864) @@ -0,0 +1,87 @@ +package com.tradingmk.backend.controller; + +import com.tradingmk.backend.model.AuthProvider; +import com.tradingmk.backend.model.PendingLink; +import com.tradingmk.backend.model.User; +import com.tradingmk.backend.repository.PendingLinkRepository; +import com.tradingmk.backend.repository.UserRepository; +import com.tradingmk.backend.service.UserService; +import jakarta.transaction.Transactional; +import lombok.RequiredArgsConstructor; +import org.springframework.http.ResponseEntity; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.web.bind.annotation.*; + +import java.time.Instant; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +@RestController +@RequestMapping("/api/auth/link") +@RequiredArgsConstructor +public class AuthLinkController { + + private final PendingLinkRepository pendingLinkRepository; + private final UserRepository userRepository; + private final AuthenticationManager authenticationManager; + private final UserService userService; + + @PostMapping("/confirm") + @Transactional //need transactionalll!!!! + public ResponseEntity confirmLink(@RequestBody Map body) { + String pendingToken = body.get("pendingToken"); + String usernameOrEmail = body.get("username"); + String password = body.get("password"); + + if (pendingToken == null || usernameOrEmail == null || password == null) { + return ResponseEntity.badRequest().body("missing fields"); + } + + PendingLink pending = pendingLinkRepository.findByToken(pendingToken).orElse(null); + if (pending == null || pending.getExpiresAt().isBefore(Instant.now())) { + return ResponseEntity.status(410).body("pending token invalid or expired"); + } + + // auth internal credentials + try { + Authentication auth = authenticationManager.authenticate( + new UsernamePasswordAuthenticationToken(usernameOrEmail, password) + ); + } catch (Exception ex) { + return ResponseEntity.status(401).body("Invalid internal credentials"); + } + + // load user + User user = userRepository.findByUsername(usernameOrEmail) + .orElseGet(() -> userRepository.findByEmail(usernameOrEmail).orElse(null)); + if (user == null) { + return ResponseEntity.status(404).body("User not found"); + } + + // verufy + if (!user.getEmail().equalsIgnoreCase(pending.getEmail())) { + return ResponseEntity.status(403).body("Pending link does not match authenticated user"); + } + + + Set providers = user.getAuthProviders(); + providers.add(AuthProvider.GOOGLE); + user.setAuthProviders(providers); + userRepository.save(user); + + // delete pending + pendingLinkRepository.deleteByToken(pendingToken); + + // generate token + String jwt = userService.generateToken(user); + + Map resp = new HashMap<>(); + resp.put("token", jwt); + resp.put("message", "Google account linked and logged in"); + + return ResponseEntity.ok(resp); + } +} Index: backend/src/main/java/com/tradingmk/backend/controller/GoogleOAuthController.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/controller/GoogleOAuthController.java (revision a94fd9e8dc0b7e5b6336ed1783296b4f8e89ad9e) +++ backend/src/main/java/com/tradingmk/backend/controller/GoogleOAuthController.java (revision 81e3c796855e92b468fc28f1faa1eb27f86de864) @@ -4,8 +4,6 @@ import com.google.api.client.json.gson.GsonFactory; import com.tradingmk.backend.dto.GoogleAuthRequest; -import com.tradingmk.backend.model.AuthProvider; -import com.tradingmk.backend.model.Portfolio; -import com.tradingmk.backend.model.Role; -import com.tradingmk.backend.model.User; +import com.tradingmk.backend.model.*; +import com.tradingmk.backend.repository.PendingLinkRepository; import com.tradingmk.backend.repository.PortfolioRepository; import com.tradingmk.backend.repository.UserRepository; @@ -18,4 +16,5 @@ import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier; import java.math.BigDecimal; +import java.time.Instant; import java.util.Collections; import java.util.HashMap; @@ -31,5 +30,5 @@ private final UserService userService; private final PortfolioRepository portfolioRepository; - + private final PendingLinkRepository pendingLinkRepository; private final RestTemplate restTemplate = new RestTemplate(); @@ -82,5 +81,5 @@ String jwt = userService.generateToken(newUser); - return ResponseEntity.ok(Collections.singletonMap("token", jwt)); + return ResponseEntity.ok(Collections.singletonMap("token", jwt)); //tuka probaj } @@ -88,8 +87,22 @@ if (user.getAuthProviders().contains(AuthProvider.INTERNAL) && !user.getAuthProviders().contains(AuthProvider.GOOGLE)) { - return ResponseEntity.status(403).body( - "Веќе имате акаунт со е-пошта и лозинка. Најавете се прво со вашата лозинка. " + - "Потоа во профилот може да го поврзете Google." - ); + + // Generate token + String pendingToken = java.util.UUID.randomUUID().toString(); + Instant now = Instant.now(); + PendingLink pendingLink = PendingLink.builder() + .token(pendingToken) + .email(email) + .provider("GOOGLE") + .createdAt(now) + .expiresAt(now.plusSeconds(60 * 15)) // 15 min expiry + .build(); + pendingLinkRepository.save(pendingLink); + + Map resp = new HashMap<>(); + resp.put("message", "Account exists as INTERNAL. Confirm internal credentials to link Google."); + resp.put("pendingToken", pendingToken); + + return ResponseEntity.status(409).body(resp); } Index: backend/src/main/java/com/tradingmk/backend/model/PendingLink.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/model/PendingLink.java (revision 81e3c796855e92b468fc28f1faa1eb27f86de864) +++ backend/src/main/java/com/tradingmk/backend/model/PendingLink.java (revision 81e3c796855e92b468fc28f1faa1eb27f86de864) @@ -0,0 +1,25 @@ +package com.tradingmk.backend.model; + +import jakarta.persistence.*; +import lombok.*; + +import java.time.Instant; + +@Entity +@Table(name = "oauth_pending_links") +@Data +@NoArgsConstructor +@AllArgsConstructor +@Builder +public class PendingLink { + @Id + private String token; + + private String email; + + private String provider; + + private Instant expiresAt; + + private Instant createdAt; +} Index: backend/src/main/java/com/tradingmk/backend/repository/PendingLinkRepository.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/repository/PendingLinkRepository.java (revision 81e3c796855e92b468fc28f1faa1eb27f86de864) +++ backend/src/main/java/com/tradingmk/backend/repository/PendingLinkRepository.java (revision 81e3c796855e92b468fc28f1faa1eb27f86de864) @@ -0,0 +1,11 @@ +package com.tradingmk.backend.repository; + +import com.tradingmk.backend.model.PendingLink; +import org.springframework.data.jpa.repository.JpaRepository; + +import java.util.Optional; + +public interface PendingLinkRepository extends JpaRepository { + Optional findByToken(String token); + void deleteByToken(String token); +} Index: backend/src/main/java/com/tradingmk/backend/service/AuthenticationService.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/service/AuthenticationService.java (revision a94fd9e8dc0b7e5b6336ed1783296b4f8e89ad9e) +++ backend/src/main/java/com/tradingmk/backend/service/AuthenticationService.java (revision 81e3c796855e92b468fc28f1faa1eb27f86de864) @@ -5,4 +5,5 @@ import com.tradingmk.backend.dto.AuthenticationRequest; import com.tradingmk.backend.dto.RegisterRequest; +import com.tradingmk.backend.model.AuthProvider; import com.tradingmk.backend.model.Portfolio; import com.tradingmk.backend.model.Role; @@ -19,4 +20,5 @@ import java.util.HashMap; import java.util.Map; +import java.util.Set; @Service @@ -41,4 +43,5 @@ .password(passwordEncoder.encode(request.getPassword())) .role(Role.USER) + .authProviders(Set.of(AuthProvider.INTERNAL)) .build(); //save