Add user authentication and management modules with Spring Security, JWT, and JPA
This commit is contained in:
@@ -0,0 +1,99 @@
|
||||
package fr.bureauservice.app.config;
|
||||
|
||||
import fr.bureauservice.app.service.auth.JpaUserDetailsService;
|
||||
import fr.bureauservice.app.util.auth.JwtAuthFilter;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
import org.springframework.web.cors.CorsConfigurationSource;
|
||||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableMethodSecurity
|
||||
public class SecurityConfig {
|
||||
|
||||
private final JwtAuthFilter jwtAuthFilter;
|
||||
private final JpaUserDetailsService userDetailsService;
|
||||
|
||||
public SecurityConfig(JwtAuthFilter jwtAuthFilter, JpaUserDetailsService userDetailsService) {
|
||||
this.jwtAuthFilter = jwtAuthFilter;
|
||||
this.userDetailsService = userDetailsService;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) {
|
||||
http
|
||||
.cors(Customizer.withDefaults())
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
.authenticationProvider(authenticationProvider())
|
||||
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
|
||||
.httpBasic(AbstractHttpConfigurer::disable)
|
||||
.formLogin(AbstractHttpConfigurer::disable)
|
||||
.authorizeHttpRequests(authz -> authz
|
||||
.requestMatchers("/api/auth/register", "/api/auth/login", "/api/auth/refresh", "/api/auth/logout").permitAll()
|
||||
.requestMatchers("/api/auth/me").authenticated()
|
||||
.requestMatchers("/api/users/**").authenticated()
|
||||
.requestMatchers("/api/app/**").authenticated()
|
||||
.anyRequest().permitAll()
|
||||
);
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
||||
@Bean
|
||||
public CorsConfigurationSource corsConfigurationSource() {
|
||||
CorsConfiguration config = new CorsConfiguration();
|
||||
|
||||
config.setAllowedOrigins(Arrays.asList(
|
||||
"http://localhost:4200",
|
||||
"http://127.0.0.1:4200"
|
||||
));
|
||||
|
||||
config.setAllowCredentials(true);
|
||||
config.setAllowedHeaders(List.of("*"));
|
||||
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
|
||||
|
||||
config.setExposedHeaders(Arrays.asList("Authorization", "Content-Type", "Set-Cookie"));
|
||||
|
||||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||
source.registerCorsConfiguration("/**", config);
|
||||
return source;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AuthenticationProvider authenticationProvider() {
|
||||
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider(userDetailsService);
|
||||
authProvider.setPasswordEncoder(passwordEncoder());
|
||||
return authProvider;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public PasswordEncoder passwordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) {
|
||||
return config.getAuthenticationManager();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,142 @@
|
||||
package fr.bureauservice.app.controller.auth;
|
||||
|
||||
import fr.bureauservice.app.dto.auth.AuthRequest;
|
||||
import fr.bureauservice.app.dto.auth.AuthResponse;
|
||||
import fr.bureauservice.app.dto.user.UserDTO;
|
||||
import fr.bureauservice.app.mapper.user.UserMapper;
|
||||
import fr.bureauservice.app.service.auth.AuthService;
|
||||
import jakarta.servlet.http.Cookie;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.ResponseCookie;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/api/auth")
|
||||
public class AuthController {
|
||||
|
||||
private final AuthService authService;
|
||||
|
||||
public AuthController(AuthService authService) {
|
||||
this.authService = authService;
|
||||
}
|
||||
|
||||
@PostMapping("/register")
|
||||
public ResponseEntity<AuthResponse> register(@RequestBody UserDTO dto,
|
||||
HttpServletResponse response) {
|
||||
return authService.register(UserMapper.fromDto(dto))
|
||||
.map(authResponse -> createAuthResponse(authResponse, response))
|
||||
.orElse(ResponseEntity.badRequest().build());
|
||||
}
|
||||
|
||||
@PostMapping("/login")
|
||||
public ResponseEntity<AuthResponse> authenticate(@RequestBody AuthRequest request,
|
||||
HttpServletResponse response) {
|
||||
return authService.authenticate(request)
|
||||
.map(authResponse -> createAuthResponse(authResponse, response))
|
||||
.orElse(ResponseEntity.badRequest().build());
|
||||
}
|
||||
|
||||
@GetMapping("/logout")
|
||||
public ResponseEntity<Void> logout(HttpServletResponse response) {
|
||||
ResponseCookie accessTokenCookie = ResponseCookie.from("accessToken", "")
|
||||
.httpOnly(true)
|
||||
.secure(false)
|
||||
.path("/")
|
||||
.maxAge(0)
|
||||
.sameSite("Lax")
|
||||
.build();
|
||||
response.addHeader(HttpHeaders.SET_COOKIE, accessTokenCookie.toString());
|
||||
|
||||
ResponseCookie refreshTokenCookie = ResponseCookie.from("refreshToken", "")
|
||||
.httpOnly(true)
|
||||
.secure(false)
|
||||
.path("/")
|
||||
.maxAge(0)
|
||||
.sameSite("Lax")
|
||||
.build();
|
||||
response.addHeader(HttpHeaders.SET_COOKIE, refreshTokenCookie.toString());
|
||||
|
||||
return ResponseEntity.ok().build();
|
||||
}
|
||||
|
||||
@GetMapping("/me")
|
||||
public ResponseEntity<UserDTO> getCurrentUser(@AuthenticationPrincipal UserDetails userDetails) {
|
||||
if (userDetails == null) {
|
||||
return ResponseEntity.status(401).build();
|
||||
}
|
||||
|
||||
return authService.getCurrentUser(userDetails.getUsername())
|
||||
.map(user -> ResponseEntity.ok(UserMapper.toDto(user)))
|
||||
.orElse(ResponseEntity.notFound().build());
|
||||
}
|
||||
|
||||
@PostMapping("/refresh")
|
||||
public ResponseEntity<AuthResponse> refreshPost(HttpServletRequest request,
|
||||
HttpServletResponse response) {
|
||||
return handleRefresh(request, response);
|
||||
}
|
||||
|
||||
@GetMapping("/refresh")
|
||||
public ResponseEntity<AuthResponse> refreshGet(HttpServletRequest request,
|
||||
HttpServletResponse response) {
|
||||
return handleRefresh(request, response);
|
||||
}
|
||||
|
||||
private ResponseEntity<AuthResponse> handleRefresh(HttpServletRequest request,
|
||||
HttpServletResponse response) {
|
||||
String refreshToken = null;
|
||||
|
||||
if (request.getCookies() != null) {
|
||||
refreshToken = Arrays.stream(request.getCookies())
|
||||
.filter(c -> "refreshToken".equals(c.getName()))
|
||||
.findFirst()
|
||||
.map(Cookie::getValue)
|
||||
.orElse(null);
|
||||
}
|
||||
|
||||
if (refreshToken == null) {
|
||||
return ResponseEntity.noContent().build();
|
||||
}
|
||||
|
||||
return authService.refresh(refreshToken)
|
||||
.map(authResponse -> createAuthResponse(authResponse, response))
|
||||
.orElse(ResponseEntity.noContent().build());
|
||||
}
|
||||
|
||||
private ResponseEntity<AuthResponse> createAuthResponse(AuthResponse authResponse,
|
||||
HttpServletResponse response) {
|
||||
// Access token en httpOnly cookie
|
||||
ResponseCookie accessTokenCookie = ResponseCookie.from("accessToken", authResponse.accessToken())
|
||||
.httpOnly(true)
|
||||
.secure(false) // true en prod
|
||||
.path("/")
|
||||
.maxAge(15 * 60) // 15 minutes
|
||||
.sameSite("Lax")
|
||||
.build();
|
||||
response.addHeader(HttpHeaders.SET_COOKIE, accessTokenCookie.toString());
|
||||
|
||||
// Refresh token en httpOnly cookie
|
||||
ResponseCookie refreshTokenCookie = ResponseCookie.from("refreshToken", authResponse.refreshToken())
|
||||
.httpOnly(true)
|
||||
.secure(false)
|
||||
.path("/")
|
||||
.maxAge(60 * 60 * 24 * 7) // 7 jours
|
||||
.sameSite("Lax")
|
||||
.build();
|
||||
response.addHeader(HttpHeaders.SET_COOKIE, refreshTokenCookie.toString());
|
||||
|
||||
// Ne retourner que le username sans les tokens
|
||||
return ResponseEntity.ok(new AuthResponse(
|
||||
authResponse.username(),
|
||||
null,
|
||||
null
|
||||
));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,54 @@
|
||||
package fr.bureauservice.app.controller.user;
|
||||
|
||||
import fr.bureauservice.app.model.user.User;
|
||||
import fr.bureauservice.app.service.user.UserService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/api/users")
|
||||
public class UserController {
|
||||
|
||||
private final UserService userService;
|
||||
|
||||
@Autowired
|
||||
public UserController(UserService userService) {
|
||||
this.userService = userService;
|
||||
}
|
||||
|
||||
@GetMapping
|
||||
public List<User> getAllUsers() {
|
||||
return userService.getAllUsers();
|
||||
}
|
||||
|
||||
@GetMapping("/{id}")
|
||||
public ResponseEntity<User> getUserById(@PathVariable Long id) {
|
||||
return userService.getUserById(id)
|
||||
.map(ResponseEntity::ok)
|
||||
.orElse(ResponseEntity.notFound().build());
|
||||
}
|
||||
|
||||
@PostMapping
|
||||
public void saveUser(@RequestBody User user) {
|
||||
userService.saveUser(user);
|
||||
}
|
||||
|
||||
@PutMapping("/{id}")
|
||||
public ResponseEntity<User> updateUser(@PathVariable Long id, @RequestBody User user) {
|
||||
return userService.getUserById(id)
|
||||
.map(existingUser -> userService.updateUser(user)
|
||||
.map(ResponseEntity::ok)
|
||||
.orElse(ResponseEntity.notFound().build()))
|
||||
.orElse(ResponseEntity.notFound().build());
|
||||
}
|
||||
|
||||
@DeleteMapping("/{id}")
|
||||
public ResponseEntity<User> deleteUserById(@PathVariable Long id) {
|
||||
return userService.deleteUserById(id)
|
||||
.map(user -> ResponseEntity.ok().body(user))
|
||||
.orElse(ResponseEntity.notFound().build());
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,6 @@
|
||||
package fr.bureauservice.app.dto.auth;
|
||||
|
||||
public record AuthRequest(
|
||||
String username,
|
||||
String password
|
||||
) {}
|
||||
@@ -0,0 +1,7 @@
|
||||
package fr.bureauservice.app.dto.auth;
|
||||
|
||||
public record AuthResponse(
|
||||
String username,
|
||||
String accessToken,
|
||||
String refreshToken
|
||||
) {}
|
||||
@@ -0,0 +1,18 @@
|
||||
package fr.bureauservice.app.dto.user;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
@Data
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
public class UserDTO {
|
||||
private Long id;
|
||||
private String firstName;
|
||||
private String lastName;
|
||||
private String username;
|
||||
private String email;
|
||||
private String password;
|
||||
private String role;
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
package fr.bureauservice.app.mapper.user;
|
||||
|
||||
import fr.bureauservice.app.dto.user.UserDTO;
|
||||
import fr.bureauservice.app.model.user.Role;
|
||||
import fr.bureauservice.app.model.user.User;
|
||||
|
||||
public class UserMapper {
|
||||
|
||||
public static User fromDto(UserDTO userDTO) {
|
||||
User user = new User();
|
||||
user.setId(userDTO.getId());
|
||||
user.setFirstName(userDTO.getFirstName());
|
||||
user.setLastName(userDTO.getLastName());
|
||||
user.setUsername(userDTO.getUsername());
|
||||
user.setEmail(userDTO.getEmail());
|
||||
user.setPassword(userDTO.getPassword());
|
||||
user.setRole(Role.valueOf(userDTO.getRole() != null ? userDTO.getRole() : "USER"));
|
||||
return user;
|
||||
}
|
||||
|
||||
public static UserDTO toDto(User user) {
|
||||
UserDTO userDTO = new UserDTO();
|
||||
userDTO.setId(user.getId());
|
||||
userDTO.setFirstName(user.getFirstName());
|
||||
userDTO.setLastName(user.getLastName());
|
||||
userDTO.setUsername(user.getUsername());
|
||||
userDTO.setEmail(user.getEmail());
|
||||
userDTO.setPassword(user.getPassword());
|
||||
userDTO.setRole(user.getRole() != null ? user.getRole().getDisplayName() : null);
|
||||
return userDTO;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,33 @@
|
||||
package fr.bureauservice.app.model.auth;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonBackReference;
|
||||
import fr.bureauservice.app.model.user.User;
|
||||
import jakarta.persistence.*;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import java.util.Date;
|
||||
|
||||
@Entity
|
||||
@Data
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
@Table(name = "tokens")
|
||||
public class Token {
|
||||
|
||||
@Id
|
||||
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||
private Long id;
|
||||
|
||||
@NotNull
|
||||
private String value;
|
||||
|
||||
private Date expirationDate;
|
||||
|
||||
@OneToOne
|
||||
@JoinColumn(name = "user_id", referencedColumnName = "id")
|
||||
@JsonBackReference
|
||||
private User user;
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
package fr.bureauservice.app.model.user;
|
||||
|
||||
import lombok.Getter;
|
||||
|
||||
@Getter
|
||||
public enum Role {
|
||||
USER("User"),
|
||||
ADMIN("Administrator");
|
||||
|
||||
private final String displayName;
|
||||
|
||||
Role(String displayName) {
|
||||
this.displayName = displayName;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,62 @@
|
||||
package fr.bureauservice.app.model.user;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonManagedReference;
|
||||
import jakarta.validation.constraints.Email;
|
||||
import jakarta.validation.constraints.NotBlank;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import fr.bureauservice.app.model.auth.Token;
|
||||
import jakarta.persistence.*;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
@Entity
|
||||
@Data
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
@Table(name = "users")
|
||||
public class User implements UserDetails {
|
||||
|
||||
@Id
|
||||
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||
private Long id;
|
||||
|
||||
@NotBlank
|
||||
@Column(length = 30, nullable = false)
|
||||
private String firstName;
|
||||
|
||||
@NotBlank
|
||||
@Column(length = 30, nullable = false)
|
||||
private String lastName;
|
||||
|
||||
@Column(length = 50, unique = true)
|
||||
private String username;
|
||||
|
||||
@Email
|
||||
@NotBlank
|
||||
@Column(length = 120, unique = true, nullable = false)
|
||||
private String email;
|
||||
|
||||
@NotBlank
|
||||
@Column(length = 120, nullable = false)
|
||||
private String password;
|
||||
|
||||
@NotNull
|
||||
@Enumerated(EnumType.STRING)
|
||||
private Role role = Role.USER;
|
||||
|
||||
@OneToOne(mappedBy = "user")
|
||||
@JsonManagedReference
|
||||
private Token token;
|
||||
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getAuthorities() {
|
||||
return List.of(new SimpleGrantedAuthority(Role.USER.name()));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,12 @@
|
||||
package fr.bureauservice.app.repository.auth;
|
||||
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
import org.springframework.stereotype.Repository;
|
||||
import fr.bureauservice.app.model.auth.Token;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
@Repository
|
||||
public interface TokenRepository extends JpaRepository<Token, Long> {
|
||||
Optional<Token> findByValue(String value);
|
||||
}
|
||||
@@ -0,0 +1,13 @@
|
||||
package fr.bureauservice.app.repository.user;
|
||||
|
||||
import fr.bureauservice.app.model.user.User;
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
import org.springframework.stereotype.Repository;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
@Repository
|
||||
public interface UserRepository extends JpaRepository<User, Long> {
|
||||
Optional<User> findByUsername(String username);
|
||||
Optional<User> findByEmail(String email);
|
||||
}
|
||||
@@ -0,0 +1,132 @@
|
||||
package fr.bureauservice.app.service.auth;
|
||||
|
||||
import jakarta.transaction.Transactional;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import fr.bureauservice.app.dto.auth.AuthRequest;
|
||||
import fr.bureauservice.app.dto.auth.AuthResponse;
|
||||
import fr.bureauservice.app.model.user.User;
|
||||
import fr.bureauservice.app.model.auth.Token;
|
||||
import fr.bureauservice.app.repository.user.UserRepository;
|
||||
import fr.bureauservice.app.repository.auth.TokenRepository;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.Date;
|
||||
import java.util.Optional;
|
||||
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
public class AuthService {
|
||||
|
||||
private final AuthenticationManager authenticationManager;
|
||||
private final JwtService jwtService;
|
||||
private final JpaUserDetailsService userDetailsService;
|
||||
private final TokenRepository tokenRepository;
|
||||
private final UserRepository userRepository;
|
||||
private final PasswordEncoder passwordEncoder;
|
||||
|
||||
private final int REFRESH_TOKEN_EXPIRATION_TIME = 1000 * 60 * 60 * 24 * 7; // 7 jours
|
||||
|
||||
public Optional<AuthResponse> register(User user) {
|
||||
String username = user.getUsername();
|
||||
|
||||
if (userRepository.findByUsername(username).isPresent()) {
|
||||
System.err.println("User already exists: " + username);
|
||||
return Optional.empty();
|
||||
}
|
||||
|
||||
user.setPassword(passwordEncoder.encode(user.getPassword()));
|
||||
userDetailsService.registerNewUser(user);
|
||||
|
||||
return Optional.of(new AuthResponse(username, null, null));
|
||||
}
|
||||
|
||||
@Transactional
|
||||
public Optional<AuthResponse> authenticate(AuthRequest request) {
|
||||
// 1. On valide les credentials en tout premier lieu !
|
||||
authenticationManager.authenticate(
|
||||
new UsernamePasswordAuthenticationToken(request.username(), request.password())
|
||||
);
|
||||
|
||||
String accessToken = jwtService.generateToken(request.username());
|
||||
|
||||
UserDetails userDetails = userDetailsService.loadUserByUsername(request.username());
|
||||
|
||||
User user = userRepository.findByUsername(userDetails.getUsername())
|
||||
.orElseThrow(() -> new RuntimeException("User not found: " + userDetails.getUsername()));
|
||||
|
||||
Token token = user.getToken() != null
|
||||
? tokenRepository.findById(user.getToken().getId()).orElse(null)
|
||||
: null;
|
||||
|
||||
if (token == null || isRefreshTokenExpired(token)) {
|
||||
System.out.println("[Authenticate] Refresh token absent ou expiré pour user: " + user.getUsername());
|
||||
token = generateNewRefreshToken(user);
|
||||
}
|
||||
|
||||
return Optional.of(new AuthResponse(
|
||||
user.getUsername(),
|
||||
accessToken,
|
||||
token.getValue()
|
||||
));
|
||||
}
|
||||
|
||||
@Transactional
|
||||
public Optional<User> getCurrentUser(String username) {
|
||||
return userRepository.findByUsername(username)
|
||||
.map(user -> {
|
||||
if (user.getToken() != null && isRefreshTokenExpired(user.getToken())) {
|
||||
System.out.println("[AuthService] Refresh token expired for user: " + user.getUsername());
|
||||
user.setToken(null);
|
||||
userRepository.save(user);
|
||||
}
|
||||
return user;
|
||||
});
|
||||
}
|
||||
|
||||
@Transactional
|
||||
public Optional<AuthResponse> refresh(String refreshTokenValue) {
|
||||
|
||||
if (tokenRepository.findByValue(refreshTokenValue).isPresent()) {
|
||||
Token savedToken = tokenRepository.findByValue(refreshTokenValue).get();
|
||||
|
||||
User user = savedToken.getUser();
|
||||
|
||||
if (isRefreshTokenExpired(savedToken)) {
|
||||
return Optional.empty();
|
||||
}
|
||||
|
||||
String newAccessToken = jwtService.generateToken(user.getUsername());
|
||||
return Optional.of(new AuthResponse(
|
||||
user.getUsername(),
|
||||
newAccessToken,
|
||||
refreshTokenValue
|
||||
));
|
||||
}
|
||||
return Optional.empty();
|
||||
}
|
||||
|
||||
private Token generateNewRefreshToken(User user) {
|
||||
System.out.println("[AuthService] Generating new refresh token for user: " + user.getUsername());
|
||||
|
||||
Token token = user.getToken();
|
||||
if (token == null) {
|
||||
token = new Token();
|
||||
token.setUser(user);
|
||||
}
|
||||
|
||||
token.setValue(java.util.UUID.randomUUID().toString());
|
||||
token.setExpirationDate(new Date(System.currentTimeMillis() + REFRESH_TOKEN_EXPIRATION_TIME));
|
||||
|
||||
tokenRepository.save(token);
|
||||
user.setToken(token);
|
||||
return token;
|
||||
}
|
||||
|
||||
private boolean isRefreshTokenExpired(Token token) {
|
||||
return token.getExpirationDate().getTime() < System.currentTimeMillis();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,31 @@
|
||||
package fr.bureauservice.app.service.auth;
|
||||
|
||||
import fr.bureauservice.app.model.user.User;
|
||||
import fr.bureauservice.app.repository.user.UserRepository;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
@Service
|
||||
public class JpaUserDetailsService implements UserDetailsService {
|
||||
|
||||
private final UserRepository userRepository;
|
||||
|
||||
public JpaUserDetailsService(UserRepository userRepository) {
|
||||
this.userRepository = userRepository;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
|
||||
return userRepository.findByUsername(username)
|
||||
.orElseThrow(() -> new UsernameNotFoundException("User not found: " + username));
|
||||
}
|
||||
|
||||
public void registerNewUser(User user) {
|
||||
if (userRepository.findByUsername(user.getUsername()).isPresent()) {
|
||||
throw new IllegalArgumentException("Username already exists: " + user.getUsername());
|
||||
}
|
||||
userRepository.save(user);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,65 @@
|
||||
package fr.bureauservice.app.service.auth;
|
||||
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import io.jsonwebtoken.security.Keys;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.security.Key;
|
||||
import java.util.Base64;
|
||||
import java.util.Date;
|
||||
import java.util.function.Function;
|
||||
|
||||
@Service
|
||||
public class JwtService {
|
||||
|
||||
private static final long EXPIRATION_TIME = 1000 * 60 * 10; // 10min
|
||||
|
||||
private final Key signingKey;
|
||||
|
||||
public JwtService(@Value("${jwt.secret}") String secret) {
|
||||
this.signingKey = Keys.hmacShaKeyFor(Base64.getDecoder().decode(secret));
|
||||
}
|
||||
|
||||
public String generateToken(String username) {
|
||||
return Jwts.builder()
|
||||
.setSubject(username)
|
||||
.setIssuedAt(new Date())
|
||||
.setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
|
||||
.signWith(signingKey, SignatureAlgorithm.HS256)
|
||||
.compact();
|
||||
}
|
||||
|
||||
public Claims extractAllClaims(String token) {
|
||||
return Jwts.parser()
|
||||
.setSigningKey(signingKey)
|
||||
.build()
|
||||
.parseClaimsJws(token)
|
||||
.getBody();
|
||||
}
|
||||
|
||||
public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
|
||||
final Claims claims = extractAllClaims(token);
|
||||
return claimsResolver.apply(claims);
|
||||
}
|
||||
|
||||
public String extractUsername(String token) {
|
||||
return extractClaim(token, Claims::getSubject);
|
||||
}
|
||||
|
||||
private Date extractExpiration(String token) {
|
||||
return extractClaim(token, Claims::getExpiration);
|
||||
}
|
||||
|
||||
private boolean isTokenExpired(String token) {
|
||||
return extractExpiration(token).before(new Date());
|
||||
}
|
||||
|
||||
public boolean isTokenValid(String token, UserDetails userDetails) {
|
||||
final String username = extractUsername(token);
|
||||
return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,51 @@
|
||||
package fr.bureauservice.app.service.auth;
|
||||
|
||||
import fr.bureauservice.app.model.auth.Token;
|
||||
import fr.bureauservice.app.repository.auth.TokenRepository;
|
||||
import jakarta.transaction.Transactional;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
@Service
|
||||
public class TokenService {
|
||||
|
||||
private final TokenRepository tokenRepository;
|
||||
|
||||
@Autowired
|
||||
public TokenService(TokenRepository tokenRepository) {
|
||||
this.tokenRepository = tokenRepository;
|
||||
}
|
||||
|
||||
@Transactional
|
||||
public void saveToken(Token token) {
|
||||
if (token.getId() == null) {
|
||||
tokenRepository.save(token);
|
||||
}
|
||||
}
|
||||
|
||||
public Optional<Token> getTokenById(Long id) {
|
||||
return tokenRepository.findById(id);
|
||||
}
|
||||
|
||||
public List<Token> getAllTokens() {
|
||||
return tokenRepository.findAll();
|
||||
}
|
||||
|
||||
@Transactional
|
||||
public Optional<Token> updateToken(Token token) {
|
||||
return tokenRepository.findById(token.getId()).map(existingToken -> {
|
||||
existingToken.setValue(token.getValue());
|
||||
return tokenRepository.save(existingToken);
|
||||
});
|
||||
}
|
||||
|
||||
@Transactional
|
||||
public Optional<Token> deleteTokenById(Long id) {
|
||||
Optional<Token> token = tokenRepository.findById(id);
|
||||
token.ifPresent(tokenRepository::delete);
|
||||
return token;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,61 @@
|
||||
package fr.bureauservice.app.service.user;
|
||||
|
||||
import fr.bureauservice.app.model.user.User;
|
||||
import fr.bureauservice.app.repository.user.UserRepository;
|
||||
import jakarta.transaction.Transactional;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
@Service
|
||||
public class UserService {
|
||||
|
||||
private final UserRepository userRepository;
|
||||
|
||||
@Autowired
|
||||
public UserService(UserRepository userRepository) {
|
||||
this.userRepository = userRepository;
|
||||
}
|
||||
|
||||
@Transactional
|
||||
public void saveUser(User user) {
|
||||
if (user.getId() == null) {
|
||||
userRepository.save(user);
|
||||
}
|
||||
}
|
||||
|
||||
public List<User> getAllUsers() {
|
||||
return userRepository.findAll();
|
||||
}
|
||||
|
||||
public Optional<User> getUserById(Long id) {
|
||||
return userRepository.findById(id);
|
||||
}
|
||||
|
||||
public Optional<User> getUserByUsername(String username) {
|
||||
return userRepository.findByUsername(username);
|
||||
}
|
||||
|
||||
public Optional<User> getUserByEmail(String email) {
|
||||
return userRepository.findByEmail(email);
|
||||
}
|
||||
|
||||
@Transactional
|
||||
public Optional<User> updateUser(User user) {
|
||||
return userRepository.findById(user.getId()).map(existingUser -> {
|
||||
existingUser.setEmail(user.getEmail());
|
||||
existingUser.setUsername(user.getUsername());
|
||||
existingUser.setPassword(user.getPassword());
|
||||
return userRepository.save(existingUser);
|
||||
});
|
||||
}
|
||||
|
||||
@Transactional
|
||||
public Optional<User> deleteUserById(Long id) {
|
||||
Optional<User> user = userRepository.findById(id);
|
||||
user.ifPresent(userRepository::delete);
|
||||
return user;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,74 @@
|
||||
package fr.bureauservice.app.util.auth;
|
||||
|
||||
import fr.bureauservice.app.service.auth.JpaUserDetailsService;
|
||||
import fr.bureauservice.app.service.auth.JwtService;
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.Cookie;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
|
||||
@Component
|
||||
public class JwtAuthFilter extends OncePerRequestFilter {
|
||||
private final JwtService jwtService;
|
||||
private final JpaUserDetailsService userDetailsService;
|
||||
|
||||
public JwtAuthFilter(JwtService jwtService, JpaUserDetailsService userDetailsService) {
|
||||
this.jwtService = jwtService;
|
||||
this.userDetailsService = userDetailsService;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doFilterInternal(HttpServletRequest request,
|
||||
HttpServletResponse response,
|
||||
FilterChain filterChain
|
||||
) throws ServletException, IOException {
|
||||
|
||||
// Récupère le token du cookie httpOnly
|
||||
String jwt = null;
|
||||
if (request.getCookies() != null) {
|
||||
jwt = Arrays.stream(request.getCookies())
|
||||
.filter(c -> "accessToken".equals(c.getName()))
|
||||
.findFirst()
|
||||
.map(Cookie::getValue)
|
||||
.orElse(null);
|
||||
}
|
||||
|
||||
if (jwt == null || SecurityContextHolder.getContext().getAuthentication() != null) {
|
||||
filterChain.doFilter(request, response);
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
final String username = jwtService.extractUsername(jwt);
|
||||
|
||||
if (username != null) {
|
||||
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
|
||||
|
||||
if (jwtService.isTokenValid(jwt, userDetails)) {
|
||||
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
|
||||
userDetails,
|
||||
null,
|
||||
userDetails.getAuthorities()
|
||||
);
|
||||
|
||||
authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
|
||||
SecurityContextHolder.getContext().setAuthentication(authToken);
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
// Token invalide, on continue sans authentification
|
||||
}
|
||||
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user