From 2d706a82b2cee7941c82a8c2b630ddd5f47a40e0 Mon Sep 17 00:00:00 2001
From: Bogdan Kostov <kostobog@fel.cvut.cz>
Date: Fri, 3 May 2024 18:35:38 +0200
Subject: [PATCH] Update authentication controller - remove old authentication
 controller - add two new authentication controllers

---
 .../analysis/controller/AuthController.java   | 53 -------------------
 .../controller/OidcUserController.java        | 45 ++++++++++++++++
 .../analysis/controller/UserController.java   | 30 +++++++++++
 3 files changed, 75 insertions(+), 53 deletions(-)
 delete mode 100755 src/main/java/cz/cvut/kbss/analysis/controller/AuthController.java
 create mode 100644 src/main/java/cz/cvut/kbss/analysis/controller/OidcUserController.java
 create mode 100644 src/main/java/cz/cvut/kbss/analysis/controller/UserController.java

diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/AuthController.java b/src/main/java/cz/cvut/kbss/analysis/controller/AuthController.java
deleted file mode 100755
index c069d147..00000000
--- a/src/main/java/cz/cvut/kbss/analysis/controller/AuthController.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package cz.cvut.kbss.analysis.controller;
-
-import cz.cvut.kbss.analysis.dto.UserUpdateDTO;
-import cz.cvut.kbss.analysis.dto.authentication.AuthenticationRequest;
-import cz.cvut.kbss.analysis.dto.authentication.AuthenticationResponse;
-import cz.cvut.kbss.analysis.model.User;
-import cz.cvut.kbss.analysis.service.JwtTokenProvider;
-import cz.cvut.kbss.analysis.service.UserRepositoryService;
-import lombok.RequiredArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.web.bind.annotation.*;
-
-@RestController
-@RequestMapping("/auth")
-@RequiredArgsConstructor(onConstructor = @__(@Autowired))
-@Slf4j
-public class AuthController {
-
-    private final AuthenticationManager authenticationManager;
-    private final JwtTokenProvider jwtTokenProvider;
-    private final UserRepositoryService userRepositoryService;
-
-
-    @PostMapping("/signin")
-    public AuthenticationResponse signIn(@RequestBody AuthenticationRequest data) {
-        log.info("> signIn - {}", data.getUsername());
-
-        String username = data.getUsername();
-        authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, data.getPassword()));
-
-        User user = userRepositoryService
-                .findByUsername(username)
-                .orElseThrow(() -> new UsernameNotFoundException("Username " + username + "not found"));
-
-        String token = jwtTokenProvider.createToken(username, user.getRoles());
-
-        log.info("< signIn - {}", username);
-        return new AuthenticationResponse(user.getUri(), username, token);
-    }
-
-    @ResponseStatus(HttpStatus.NO_CONTENT)
-    @PutMapping(value = "/current", consumes = {MediaType.APPLICATION_JSON_VALUE})
-    public void updateCurrent(@RequestBody UserUpdateDTO userUpdate) {
-        userRepositoryService.updateCurrent(userUpdate);
-        log.info("< updateCurrent - user {} updated", userUpdate.getUri());
-    }
-}
diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/OidcUserController.java b/src/main/java/cz/cvut/kbss/analysis/controller/OidcUserController.java
new file mode 100644
index 00000000..c5dd2c00
--- /dev/null
+++ b/src/main/java/cz/cvut/kbss/analysis/controller/OidcUserController.java
@@ -0,0 +1,45 @@
+package cz.cvut.kbss.analysis.controller;
+
+import cz.cvut.kbss.analysis.exception.EntityNotFoundException;
+import cz.cvut.kbss.analysis.model.User;
+import cz.cvut.kbss.analysis.security.SecurityConstants;
+import cz.cvut.kbss.analysis.service.UserRepositoryService;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * API for getting basic user info.
+ * <p>
+ * Enabled when OIDC security is used.
+ */
+@ConditionalOnProperty(prefix = "security", name = "provider", havingValue = "oidc")
+@RestController
+@RequestMapping("/users")
+public class OidcUserController {
+
+    private final UserRepositoryService userService;
+
+    public OidcUserController(UserRepositoryService userService) {
+        this.userService = userService;
+    }
+
+    @PreAuthorize("hasRole('" + SecurityConstants.ROLE_USER + "')")
+    @GetMapping(value = "/current", produces = MediaType.APPLICATION_JSON_VALUE)
+    public User getCurrent() {
+        return userService.getCurrentUser();
+    }
+
+    @PreAuthorize("hasRole('" + SecurityConstants.ROLE_ADMIN + "') or #username == authentication.name or " +
+            "hasRole('" + SecurityConstants.ROLE_USER + "')")
+    @GetMapping(value = "/{username}", produces = MediaType.APPLICATION_JSON_VALUE)
+    public User getByUsername(@PathVariable("username") String username) {
+        return userService.findByUsername(username).orElseThrow(() ->
+                 EntityNotFoundException.create("User", username));
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/cz/cvut/kbss/analysis/controller/UserController.java b/src/main/java/cz/cvut/kbss/analysis/controller/UserController.java
new file mode 100644
index 00000000..7f78b834
--- /dev/null
+++ b/src/main/java/cz/cvut/kbss/analysis/controller/UserController.java
@@ -0,0 +1,30 @@
+package cz.cvut.kbss.analysis.controller;
+
+
+import cz.cvut.kbss.analysis.model.User;
+import cz.cvut.kbss.analysis.security.SecurityConstants;
+import cz.cvut.kbss.analysis.service.UserRepositoryService;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@ConditionalOnProperty(prefix = "security", name = "provider", havingValue = "internal", matchIfMissing = true)
+@RestController
+@RequestMapping("/users")
+public class UserController {
+    private final UserRepositoryService userService;
+
+    public UserController(UserRepositoryService userService) {
+        this.userService = userService;
+    }
+
+    @PreAuthorize("hasRole('" + SecurityConstants.ROLE_USER + "')")
+    @GetMapping(value = "/current", produces = MediaType.APPLICATION_JSON_VALUE)
+    public User getCurrent() {
+        return userService.getCurrentUser();
+    }
+
+}