authentication midway on dashboard;yaml

Author: thomasm1

.DS_Store

@@ -23,7 +23,6 @@ public RestTemplate restTemplate(){
 	public WebClient webClient(){
 		return WebClient.builder().build();
 	}
-
 	public static void main(String[] args) {
 		SpringApplication.run(RegistrationLoginSystemApplication.class, args);
 	}

client-mapl-auth/src/main/java/app/mapl/RegistrationLoginSystemApplication.java

@@ -6,6 +6,7 @@
 import app.mapl.models.auth.UserRequest;
 import app.mapl.models.auth.UserResponse;
 import app.mapl.exception.ResourceNotFoundException;
+import app.mapl.models.dto.UserDto;
 import app.mapl.service.UsersService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
@@ -214,8 +215,8 @@ public ResponseEntity createUser(@RequestBody UserRequest user) {
             description = "HTTP Status 200 SUCCESS"
     )
     @PutMapping(value = USER_PATH + "/{userId}", consumes = "application/json")  // userId in body
-    public ResponseEntity<UserResponse> updateUser(@PathVariable("userId") int userId, @RequestBody UserResponse userResponse) {
-        Optional<UserResponse> updated = usersService.updateUser(userResponse);
+    public ResponseEntity<UserDto> updateUser(@PathVariable("userId") int userId, @RequestBody UserDto userDto) {
+        Optional<UserDto> updated = usersService.updateUser(userDto);
         return updated.map(dto -> new ResponseEntity<>(
                 dto,
                 HttpStatus.CREATED)).orElseGet(() -> new ResponseEntity<>(HttpStatus.NO_CONTENT));
@@ -233,8 +234,8 @@ public ResponseEntity<UserResponse> updateUser(@PathVariable("userId") int userI
             description = "HTTP Status 200 SUCCESS"
     )
     @PatchMapping(USER_PATH_ID)
-    public ResponseEntity<UserResponse> patchUserById(@PathVariable("userId") Integer userId,
-                                                      @RequestBody UserResponse user) {
+    public ResponseEntity<UserDto> patchUserById(@PathVariable("userId") Integer userId,
+                                                      @RequestBody UserDto user) {
 
         usersService.patchUserById(userId, user);
 
@@ -256,7 +257,7 @@ public ResponseEntity<UserResponse> patchUserById(@PathVariable("userId") Intege
     public ResponseEntity<Boolean> deleteUser(@PathVariable("userId") int userId) {
         Boolean boolSuccess = null;
 
-        Optional<UserResponse> tempUser = usersService.getUser(userId);
+        Optional<UserDto> tempUser = usersService.getUser(userId);
         if (tempUser == null) throw new ResourceNotFoundException("User " + userId + "not found to delete");
         try {
             boolSuccess = usersService.deleteUser(String.valueOf(tempUser));

client-mapl-dashboard/src/main/java/app/mapl/controllers/UsersController.java

@@ -1,18 +1,17 @@
 package app.mapl.mapper;
 
-import app.mapl.models.auth.UserResponse;
-import app.mapl.models.auth.UserRequest;
 import app.mapl.models.auth.User;
+import app.mapl.models.dto.UserDto;
 import org.mapstruct.*;
 
 
 @Mapper(unmappedTargetPolicy = ReportingPolicy.IGNORE, componentModel = MappingConstants.ComponentModel.SPRING)
 public interface UserMapper {
-    User toUser(UserRequest userDto);  // REQUEST FROM UI
+    User toUser(UserDto userDto);  // REQUEST FROM UI
 
-    UserResponse toDto(User user); // RESPONSE TO UI
+    UserDto toDto(User user); // RESPONSE TO UI
 
     @BeanMapping(nullValuePropertyMappingStrategy = NullValuePropertyMappingStrategy.IGNORE)
-    User partialUpdate(UserResponse userResponse, @MappingTarget User user);
+    User partialUpdate(UserDto userResponse, @MappingTarget User user);
 
 }

client-mapl-dashboard/src/main/java/app/mapl/mapper/UserMapper.java

@@ -1,12 +1,14 @@
 package app.mapl.models.auth;
 
+import app.mapl.models.dto.UserDto;
 import app.mapl.service.UsersService;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
@@ -37,13 +39,13 @@ public AuthenticationFilter(AuthenticationManager authenticationManager, UsersSe
     public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException , ServletException {
 
         try {
-            var user = new ObjectMapper().configure(AUTO_CLOSE_SOURCE, true).readValue(request.getInputStream(), LoginRequest.class);
+            var user = new ObjectMapper().configure(AUTO_CLOSE_SOURCE, true).readValue(request.getInputStream(), UserDto.class);  // LoginRequest
             userService.updateLoginAttempt(user.getEmail(), LoginType.LOGIN_ATTEMPT);
             var authentication = unauthenticated(user.getEmail(), user.getPassword());
         } catch (Exception exception) {
             throw new BadCredentialsException("Invalid username or password");
         }
-            User user = userService.updateLoginAttempt(request.getParameter("email"), LoginType.valueOf(request.getParameter("password")));
+            UserDto user = userService.updateLoginAttempt(request.getParameter("email"), LoginType.valueOf(request.getParameter("password")));
             if (user == null) {
 //                log.error(exception.getMessage());
                 handleErrorResponse(request, response, new BadCredentialsException("User not found"));
@@ -56,9 +58,28 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ
 
     @Override
     protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain, Authentication authResult) throws IOException, ServletException {
-        super.successfulAuthentication(request, response, filterChain, authResult);
+        var user = (UserDto) authResult.getPrincipal(); // PRINCIPAL is the DTO
+        userService.updateLoginAttempt(user.getEmail(), LoginType.LOGIN_SUCCESS);
+       var httpResponse = user.isMfa();
+         if (  httpResponse==true ) {
+             sendQrCode(request, user); }
+         else {
+             sendResponse(request, response, user);
+         }
+        response.setContentType("application/json");
+         response.setStatus(HttpStatus.OK.value());
+         var out = response.getOutputStream();
+         var mapper = new ObjectMapper();
+         mapper.writeValue(out, httpResponse);
+          out.flush();
+
+    }
+
+    private void sendResponse(HttpServletRequest request, HttpServletResponse response, UserDto user) {
     }
 
+    private void sendQrCode(HttpServletRequest request, UserDto user) {
+    }
 
 
 }

client-mapl-dashboard/src/main/java/app/mapl/models/auth/AuthenticationFilter.java

@@ -0,0 +1,110 @@
+package app.mapl.models.auth;
+
+
+import app.mapl.models.dto.UserDto;
+import app.mapl.service.UsersService;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.JwtBuilder;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.Keys;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.function.TriConsumer;
+
+import javax.crypto.SecretKey;
+import java.time.LocalDateTime;
+import java.util.Date;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.UUID;
+import java.util.function.BiFunction;
+import java.util.function.Function;
+import java.util.function.Supplier;
+
+import static app.mapl.models.auth.TokenType.ACCESS_TOKEN;
+import static app.mapl.models.auth.TokenType.REFRESH_TOKEN;
+import static app.mapl.models.auth.User.from;
+import static com.google.common.collect.Streams.stream;
+import static io.jsonwebtoken.Header.JWT_TYPE;
+import static io.micrometer.core.instrument.config.validate.PropertyValidator.getSecret;
+
+import static java.util.Optional.empty;
+
+@RequiredArgsConstructor
+@Slf4j
+public class JWTServiceImpl extends JwtConfiguration implements JwtService {
+    public static final String TYPE = "TYPE";
+    private final UsersService userService;
+    private final Supplier<SecretKey> key = () -> Keys.hmacShaKeyFor(Decoders.BASE64.decode(getSecret()));
+    private final Function<String, Claims> claimsFunction = token ->
+                Jwts.parser()
+                        .verifyWith(key.get())
+                        .build()
+                        .parseSignedClaims(token)
+                        .getPayload();
+    private final Function<String, String> subject = token -> getClaimsValue(token, Claims::getSubject);
+
+
+
+    private final BiFunction<HttpServletRequest, String, Optional<String>> extractToken = (request, cookieName) ->
+                Optional.of(stream(request.getCookies() == null ? new Cookie[]{new Cookie("empty"," ")} : request.getCookies())
+                        .filter(cookie -> Objects.equals(cookieName, cookie.getName()))
+                        .map(Cookie::getValue)
+                        .findAny()
+                        .orElse(empty()));
+
+    private final Supplier<JwtBuilder> builder = () ->
+            Jwts.builder()
+                .header().add(Map.of(TYPE, JWT_TYPE))
+                    .and()
+                    .audience().add("mapl")
+                    .and()
+                    .id(UUID.randomUUID().toString())
+                    .issuedAt(from(LocalDateTime.now()))
+                    .notBefore(new Date())
+                .signWith(key.get(), Jwts.SIG.HS512);
+
+
+
+    private final BiFunction<UserDto, TokenType, String> buildToken = (userDto, type) ->
+            Objects.equals(type, ACCESS_TOKEN) ?
+                    Jwts.builder()
+                            .setSubject(userDto.getUserId())
+                            .claim("authorities", userDto.getAuthorities())
+                            .claim(RoleEntity.class.getSimpleName(), userDto.getRole())
+                            .expiration(from(LocalDateTime.now().plusSeconds((Long) getExpiration())))
+                            .compact() :
+                    Jwts.builder()
+                            .setSubject(userDto.getUserId())
+                            .claim("authorities", userDto.getRole())
+                            .expiration(from(LocalDateTime.now().plusSeconds((Long) getExpiration())))
+                            .compact();
+
+    private Object Token;
+    private final TriConsumer<HttpServletRequest, UserDto, TokenType> addCookie = (response, user, type) -> {
+        switch(type) {
+            case ACCESS_TOKEN:
+                var accessToken = createToken(userDto, Token::getAccess);
+                var cookie = new Cookie(type.getValue().accessToken);
+                cookie.setHttpOnly(true);
+                //cookie.setSecure(true);
+                cookie.setMaxAge(2 * 60 * 60);
+                cookie.setPath("/");
+                cookie.setAttribute("SameSite", "NONE       ");
+            case REFRESH_TOKEN:
+                response.addCookie(new Cookie("refresh_token", buildToken.apply(user, REFRESH_TOKEN)));
+                break;
+        }
+    };
+    private Object getExpiration() {
+        return null;
+    }
+
+    private String getClaimsValue(String token, Function<Claims, String> claimsResolver) {
+        return claimsResolver.apply(claimsFunction.apply(token));
+    }
+}

client-mapl-dashboard/src/main/java/app/mapl/models/auth/JWTServiceImpl.java

@@ -0,0 +1,4 @@
+package app.mapl.models.auth;
+
+public class JwtConfiguration {
+}

client-mapl-dashboard/src/main/java/app/mapl/models/auth/JwtConfiguration.java

@@ -1,4 +1,5 @@
 package app.mapl.models.auth;
 
-public class JwtService {
+public interface JwtService {
+
 }

client-mapl-dashboard/src/main/java/app/mapl/models/auth/JwtService.java

@@ -1,6 +1,7 @@
 package app.mapl.models.auth;
 
 import app.mapl.exception.ApiException;
+import app.mapl.models.dto.UserDto;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -11,53 +12,53 @@
 public class MaplAuthentication extends AbstractAuthenticationToken {
     private static final String PASSWORD_PROTECTED = "PASSWORD_PROTECTED";
     private static final String EMAIL_PROTECTED = "EMAAL_PROTECTED";
-    private User user;
+    private UserDto userDto;
     private String email;
     private String password;
 
     private boolean authenticated;
-//    private ApiAuthentication(String email, String password) {
+
+    private MaplAuthentication(String email, String password) {
+        super(AuthorityUtils.NO_AUTHORITIES);
+        this.email = email;
+        this.password = password;
+        this.authenticated = false;
+    }
+
+     private MaplAuthentication(UserDto userDto, Collection<? extends GrantedAuthority> authorities) {
+        super(authorities);
+        this.userDto = userDto;
+        this.password = PASSWORD_PROTECTED;
+        this.email = EMAIL_PROTECTED;
+        this.authenticated = true;
+    }
+//     public MaplAuthentication(String email, String password) {
 //        super(AuthorityUtils.NO_AUTHORITIES);
 //        this.email = email;
 //        this.password = password;
 //        this.authenticated = false;
 //    }
-//
-//    private ApiAuthentication(User user, Collection<? extends GrantedAuthority> authorities) {
+//    public MaplAuthentication(UserDto userDto, Collection<? extends GrantedAuthority> authorities) {
 //        super(authorities);
-//        this.user = user;
+//        this.userDto = userDto;
 //        this.password = PASSWORD_PROTECTED;
 //        this.email = EMAIL_PROTECTED;
 //        this.authenticated = true;
 //
 //    }
-    public MaplAuthentication(String email, String password) {
-        super(AuthorityUtils.NO_AUTHORITIES);
-        this.email = email;
-        this.password = password;
-        this.authenticated = false;
-    }
-    public MaplAuthentication(User user, Collection<? extends GrantedAuthority> authorities) {
-        super(authorities);
-        this.user = user;
-        this.password = PASSWORD_PROTECTED;
-        this.email = EMAIL_PROTECTED;
-        this.authenticated = true;
-
-    }
     public MaplAuthentication unauthenticated(String email, String password) {
         return new MaplAuthentication(email, password);
     }
-    public static MaplAuthentication authenticated(User user, Collection<? extends GrantedAuthority> authorities) {
-        return new MaplAuthentication(user, authorities);
+    public static MaplAuthentication authenticated(UserDto userDto, Collection<? extends GrantedAuthority> authorities) {
+        return new MaplAuthentication(userDto, authorities);
     }
         @Override
     public Object getCredentials() {
         return PASSWORD_PROTECTED;
     }
     @Override
     public Object getPrincipal() {
-        return this.user;
+        return this.userDto;
 
     }
     @Override

client-mapl-dashboard/src/main/java/app/mapl/models/auth/MaplAuthentication.java

@@ -17,11 +17,15 @@ public class MaplAuthenticationProvider implements AuthenticationProvider {
      * @param authentication
      * @return
      * @throws AuthenticationException
+     *
+     *      userAuthToken.getPrincipal() returns the userDto  - email
+     *      userAuthToken.getCredentials() returns the password
+     *
      */
     @Override
     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 
-        var userAuthToken = (UsernamePasswordAuthenticationToken) authentication;
+        var userAuthToken = (UsernamePasswordAuthenticationToken) authentication;  // soon to deprecate UsernamePasswordAuthenticationToken
 
         var userFromDb = userDetailsService.loadUserByUsername((String) userAuthToken.getPrincipal());
         var password = (String) userAuthToken.getCredentials();