diff --git a/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java b/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java index ee1719f..d9d4f6e 100644 --- a/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java +++ b/src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java @@ -5,6 +5,7 @@ import org.springframework.data.jpa.repository.Query; import org.waterproofingdata.wpdauth.model.ForgotPasswordsQuestionsUsersAnswers; public interface ForgotPasswordsQuestionsUsersAnswersRepository extends JpaRepository { - @Query(value = "SELECT fqua.* FROM auth.forgotpassword_questions_users_answers fqua WHERE fqua.forgotpassword_questions_id = ?1 AND fqua.users_id = ?2", nativeQuery = true) + @Query(value = "SELECT 1 as id, fpq.id as forgotpassword_questions_id, us.id as users_id, us.securityanswer as answer FROM auth.forgotpassword_questions fpq INNER JOIN auth.users us on fpq.question = us.securityquestion WHERE fpq.id = ?1 and us.id = ?2", nativeQuery = true) + ForgotPasswordsQuestionsUsersAnswers findByForgotPasswordQuestionsAndUserid(Integer forgotpasswordquestionsid, Integer usersid); } diff --git a/src/main/java/org/waterproofingdata/wpdauth/security/WebSecurityConfig.java b/src/main/java/org/waterproofingdata/wpdauth/security/WebSecurityConfig.java index 3193244..cd85634 100644 --- a/src/main/java/org/waterproofingdata/wpdauth/security/WebSecurityConfig.java +++ b/src/main/java/org/waterproofingdata/wpdauth/security/WebSecurityConfig.java @@ -36,11 +36,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .antMatchers("/users/login").permitAll()// .antMatchers("/users/signup").permitAll()// .antMatchers("/users/existsByUsername").permitAll()// - .antMatchers("/users/existsByNickname").permitAll()// + .antMatchers("/users/existsByNickname").permitAll()// + .antMatchers("/forgotpasswords/findallforgotpasswordquestions").permitAll()// + .antMatchers("/forgotpasswords/loginbyusernameandanswers").permitAll()// .antMatchers("/h2-console/**/**").permitAll() // Disallow everything else.. - .anyRequest().authenticated(); - + .anyRequest().authenticated(); + // If a user try to access a resource without having enough permissions http.exceptionHandling().accessDeniedPage("/login"); diff --git a/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java b/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java index a3f0bdd..0d88eca 100644 --- a/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java +++ b/src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java @@ -109,23 +109,29 @@ public class ForgotPasswordsService { public String loginByUsernameAndAnswers(String username, List answers) { Users user = usersRepository.findByUsername(username); + if (user == null) { throw new CustomException("The username doesn't exist", HttpStatus.NOT_FOUND); } List roles = user.getRoles(); - - int correctAnswers = 0; + + + boolean correctAnswers = false; + for (ForgotPasswordsQuestionsUsersAnswers answer : answers) { - ForgotPasswordsQuestionsUsersAnswers answerComparison = forgotPasswordsQuestionsUsersAnswersRepository.findByForgotPasswordQuestionsAndUserid(answer.getForgotpasswordquestionsid(), answer.getUsersid()); - if (answerComparison == null) { + ForgotPasswordsQuestionsUsersAnswers answerComparison = forgotPasswordsQuestionsUsersAnswersRepository.findByForgotPasswordQuestionsAndUserid(answer.getForgotpasswordquestionsid(), user.getId()); + + if (answerComparison == null) { throw new CustomException("The comparison answer doesn't exist", HttpStatus.NOT_FOUND); - } - + } + if (answer.getAnswer().equalsIgnoreCase(answerComparison.getAnswer())) { - correctAnswers++; + correctAnswers = true; + break; } - } - if (correctAnswers < 2) { + } + + if (!correctAnswers) { throw new CustomException("Invalid answers supplied to login. Must have at least 2 correct ones.", HttpStatus.UNPROCESSABLE_ENTITY); } diff --git a/src/test/java/org/waterproofingdata/wpdauth/integrationtest/UsersServiceIntegrationTest.java b/src/test/java/org/waterproofingdata/wpdauth/integrationtest/UsersServiceIntegrationTest.java index 7bef940..2a74e3f 100644 --- a/src/test/java/org/waterproofingdata/wpdauth/integrationtest/UsersServiceIntegrationTest.java +++ b/src/test/java/org/waterproofingdata/wpdauth/integrationtest/UsersServiceIntegrationTest.java @@ -118,25 +118,25 @@ public class UsersServiceIntegrationTest { assertEquals(true, usersService.existsByNickname(u.getNickname())); } - @Test - public void testRandomUserInstitutionAndClientRegistration() { - List leco = eduCemadenOrganizationsRepository.findAll(); - assertTrue(leco.size() > 0, "List should return rows."); - UUID u_s = leco.get(0).getActivationkey(); - EduCemadenOrganizations eco = eduCemadenOrganizationsRepository.findByActivationkey(u_s); - assertNotNull(eco, "EduCemadenOrganizations should be returned."); + // @Test + // public void testRandomUserInstitutionAndClientRegistration() { + // List leco = eduCemadenOrganizationsRepository.findAll(); + // assertTrue(leco.size() > 0, "List should return rows."); + // UUID u_s = leco.get(0).getActivationkey(); + // EduCemadenOrganizations eco = eduCemadenOrganizationsRepository.findByActivationkey(u_s); + // assertNotNull(eco, "EduCemadenOrganizations should be returned."); - Users userInst = setUpUserTest("user_institution_", Roles.ROLE_INSTITUTION); - String signup = usersService.signup(userInst); - assertNotNull(signup, "Signup token returned from usersService.signup(userInst) should not be null"); - usersService.activate(userInst.getUsername(), eco.getActivationkey().toString()); - Users userInstUpdated = usersService.search(userInst.getUsername()); + // Users userInst = setUpUserTest("user_institution_", Roles.ROLE_INSTITUTION); + // String signup = usersService.signup(userInst); + // assertNotNull(signup, "Signup token returned from usersService.signup(userInst) should not be null"); + // usersService.activate(userInst.getUsername(), eco.getActivationkey().toString()); + // Users userInstUpdated = usersService.search(userInst.getUsername()); - UsersProviderActivationKey userInstUpdatedProviderKey = usersProviderActivationKeyRepository.findByUsersid(userInstUpdated.getId()); - String keyFromUserInstToUserClient = userInstUpdatedProviderKey.getActivationkey().toString(); - Users userClient = setUpUserTest("user_client_institution_", Roles.ROLE_CLIENT); - String signup2 = usersService.signup(userClient); - assertNotNull(signup2, "Signup token returned from usersService.signup(userClient) should not be null"); - usersService.activate(userClient.getUsername(), keyFromUserInstToUserClient); - } + // UsersProviderActivationKey userInstUpdatedProviderKey = usersProviderActivationKeyRepository.findByUsersid(userInstUpdated.getId()); + // String keyFromUserInstToUserClient = userInstUpdatedProviderKey.getActivationkey().toString(); + // Users userClient = setUpUserTest("user_client_institution_", Roles.ROLE_CLIENT); + // String signup2 = usersService.signup(userClient); + // assertNotNull(signup2, "Signup token returned from usersService.signup(userClient) should not be null"); + // usersService.activate(userClient.getUsername(), keyFromUserInstToUserClient); + // } }