Changeset b81f586
- Timestamp:
- 01/26/26 09:02:46 (6 months ago)
- Branches:
- main
- Children:
- 561e9a6
- Parents:
- c6f7486
- Location:
- finkwave/src/main/java/com/ukim/finki/develop/finkwave
- Files:
-
- 2 edited
-
controller/AuthController.java (modified) (5 diffs)
-
service/AuthService.java (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
finkwave/src/main/java/com/ukim/finki/develop/finkwave/controller/AuthController.java
rc6f7486 rb81f586 32 32 // todo: read from config 33 33 private final int accessTokenMaxAge = 900; 34 private final int refreshTokenMaxAge = 10 * 24 * 60 * 60;35 34 private final AuthService authService; 36 35 … … 40 39 HttpServletResponse httpServletResponse){ 41 40 try { 42 AuthResponseDto authResponse = authService.registerAndLogIn(authRequestDto); 43 addTokensToResponse(httpServletResponse, authResponse); 41 AuthResponseDto authResponse = authService.registerAndLogIn(httpServletResponse, authRequestDto); 44 42 return ResponseEntity.ok(Map.of( 45 43 "user", authResponse.userResponseDto(), … … 58 56 HttpServletResponse httpServletResponse){ 59 57 try { 60 AuthResponseDto authResponse = authService.login(loginRequestDto.username(), loginRequestDto.password()); 61 addTokensToResponse(httpServletResponse, authResponse); 58 AuthResponseDto authResponse = authService.login(httpServletResponse, loginRequestDto); 62 59 return ResponseEntity.ok(Map.of( 63 60 "user", authResponse.userResponseDto(), … … 90 87 HttpServletResponse httpServletResponse, 91 88 @CookieValue(name = "refreshToken", required = false) String refreshToken){ 92 clearCookies(httpServletResponse, refreshToken);89 authService.clearCookies(httpServletResponse, refreshToken); 93 90 SecurityContextHolder.clearContext(); 94 91 return ResponseEntity.ok(Map.of("message", "Successful log out")); … … 112 109 } 113 110 114 private void clearCookies(HttpServletResponse httpServletResponse, String refreshToken) {115 if (refreshToken != null){116 authService.invalidateRefreshToken(refreshToken);117 Cookie clearCookie = new Cookie("refreshToken", null);118 clearCookie.setHttpOnly(true);119 clearCookie.setSecure(false);120 clearCookie.setPath("/");121 clearCookie.setMaxAge(0);122 httpServletResponse.addCookie(clearCookie);123 }124 125 Cookie clearAccess = new Cookie("accessToken", null);126 clearAccess.setHttpOnly(true);127 clearAccess.setSecure(false);128 clearAccess.setPath("/");129 clearAccess.setMaxAge(0);130 httpServletResponse.addCookie(clearAccess);131 }132 133 134 private void addTokensToResponse(HttpServletResponse response, AuthResponseDto authResponse){135 Cookie refreshCookie = new Cookie("refreshToken", authResponse.refreshToken().getToken());136 refreshCookie.setSecure(false);137 refreshCookie.setHttpOnly(true);138 refreshCookie.setPath("/");139 refreshCookie.setMaxAge(refreshTokenMaxAge);140 response.addCookie(refreshCookie);141 142 authService.addAccessCookieToResponse(response, authResponse.accessToken());143 }144 111 } -
finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/AuthService.java
rc6f7486 rb81f586 1 1 package com.ukim.finki.develop.finkwave.service; 2 2 3 import com.ukim.finki.develop.finkwave.dto.LoginRequestDto; 3 4 import org.springframework.security.crypto.password.PasswordEncoder; 4 5 import org.springframework.stereotype.Service; … … 27 28 private final RefreshTokenService refreshTokenService; 28 29 private final int accessTokenMaxAge = 900; 30 private final int refreshTokenMaxAge = 10 * 24 * 60 * 60; 29 31 30 32 // todo: should it be transactional? 31 33 // @Transactional 32 public AuthResponseDto registerAndLogIn( AuthRequestDto authRequestDto){34 public AuthResponseDto registerAndLogIn(HttpServletResponse response, AuthRequestDto authRequestDto){ 33 35 if (userRepository.findByUsername(authRequestDto.username()).isPresent()){ 34 36 throw new RuntimeException("User already exists"); … … 36 38 User user = new User(); 37 39 38 // todo: builder 40 // todo: builder / private createUser method 39 41 user.setUsername(authRequestDto.username()); 40 42 user.setRole(Role.NONADMIN); … … 48 50 nonAdminUserRepository.save(nonAdminUser); 49 51 userRepository.save(user); 50 return login(user.getUsername(), authRequestDto.password()); 52 // todo: could also be redirect in controller, which one is better? 53 return login(response, new LoginRequestDto(user.getUsername(), authRequestDto.password())); 51 54 } 52 55 53 56 54 public AuthResponseDto login(String username, String password){ 55 User user = userRepository.findByUsername(username) 57 // todo: dto in arguments or the standalone values? 58 public AuthResponseDto login(HttpServletResponse response, LoginRequestDto loginRequestDto){ 59 User user = userRepository.findByUsername(loginRequestDto.username()) 56 60 .orElseThrow(() -> new RuntimeException("Invalid credentials")); 57 if (!passwordEncoder.matches( password, user.getPassword())){61 if (!passwordEncoder.matches(loginRequestDto.password(), user.getPassword())){ 58 62 throw new RuntimeException("Invalid credentials"); 59 63 } 60 64 61 String accessToken = jwtService.generateToken( username, user.getRole().name());65 String accessToken = jwtService.generateToken(loginRequestDto.username(), user.getRole().name()); 62 66 RefreshToken refreshToken = refreshTokenService.createRefreshToken(user); 67 63 68 UserResponseDto userResponseDto = new UserResponseDto(user.getUsername(), user.getRole()); 64 return new AuthResponseDto(accessToken, refreshToken, userResponseDto); 69 // todo: dto inside a dto?? 70 AuthResponseDto authResponseDto = new AuthResponseDto(accessToken, refreshToken, userResponseDto); 71 addTokensToResponse(response, authResponseDto); 72 return authResponseDto; 65 73 } 66 74 … … 94 102 response.addCookie(accessCookie); 95 103 } 104 105 public void clearCookies(HttpServletResponse httpServletResponse, String refreshToken) { 106 if (refreshToken != null){ 107 invalidateRefreshToken(refreshToken); 108 Cookie clearCookie = new Cookie("refreshToken", null); 109 clearCookie.setHttpOnly(true); 110 clearCookie.setSecure(false); 111 clearCookie.setPath("/"); 112 clearCookie.setMaxAge(0); 113 httpServletResponse.addCookie(clearCookie); 114 } 115 116 Cookie clearAccess = new Cookie("accessToken", null); 117 clearAccess.setHttpOnly(true); 118 clearAccess.setSecure(false); 119 clearAccess.setPath("/"); 120 clearAccess.setMaxAge(0); 121 httpServletResponse.addCookie(clearAccess); 122 } 123 124 125 private void addTokensToResponse(HttpServletResponse response, AuthResponseDto authResponse){ 126 Cookie refreshCookie = new Cookie("refreshToken", authResponse.refreshToken().getToken()); 127 refreshCookie.setSecure(false); 128 refreshCookie.setHttpOnly(true); 129 refreshCookie.setPath("/"); 130 refreshCookie.setMaxAge(refreshTokenMaxAge); 131 response.addCookie(refreshCookie); 132 133 addAccessCookieToResponse(response, authResponse.accessToken()); 134 } 96 135 }
Note:
See TracChangeset
for help on using the changeset viewer.
