Browse Source

Merge pull request #1 from urbanbigdatacentre/dev

Dev updates for server version
main
Diego F. Pajarito Grajales 3 years ago
committed by GitHub
parent
commit
6d7e4bf3e8
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 3
      src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java
  2. 6
      src/main/java/org/waterproofingdata/wpdauth/security/WebSecurityConfig.java
  3. 20
      src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java
  4. 42
      src/test/java/org/waterproofingdata/wpdauth/integrationtest/UsersServiceIntegrationTest.java

3
src/main/java/org/waterproofingdata/wpdauth/repository/ForgotPasswordsQuestionsUsersAnswersRepository.java

@ -5,6 +5,7 @@ import org.springframework.data.jpa.repository.Query;
import org.waterproofingdata.wpdauth.model.ForgotPasswordsQuestionsUsersAnswers; import org.waterproofingdata.wpdauth.model.ForgotPasswordsQuestionsUsersAnswers;
public interface ForgotPasswordsQuestionsUsersAnswersRepository extends JpaRepository<ForgotPasswordsQuestionsUsersAnswers, Integer> { public interface ForgotPasswordsQuestionsUsersAnswersRepository extends JpaRepository<ForgotPasswordsQuestionsUsersAnswers, Integer> {
@Query(value = "SELECT fqua.* FROM auth.forgotpassword_questions_users_answers fqua WHERE fqua.forgotpassword_questions_id = ?1 AND fqua.users_id = ?2", nativeQuery = true)
@Query(value = "SELECT 1 as id, fpq.id as forgotpassword_questions_id, us.id as users_id, us.securityanswer as answer FROM auth.forgotpassword_questions fpq INNER JOIN auth.users us on fpq.question = us.securityquestion WHERE fpq.id = ?1 and us.id = ?2", nativeQuery = true)
ForgotPasswordsQuestionsUsersAnswers findByForgotPasswordQuestionsAndUserid(Integer forgotpasswordquestionsid, Integer usersid); ForgotPasswordsQuestionsUsersAnswers findByForgotPasswordQuestionsAndUserid(Integer forgotpasswordquestionsid, Integer usersid);
} }

6
src/main/java/org/waterproofingdata/wpdauth/security/WebSecurityConfig.java

@ -36,10 +36,12 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers("/users/login").permitAll()// .antMatchers("/users/login").permitAll()//
.antMatchers("/users/signup").permitAll()// .antMatchers("/users/signup").permitAll()//
.antMatchers("/users/existsByUsername").permitAll()// .antMatchers("/users/existsByUsername").permitAll()//
.antMatchers("/users/existsByNickname").permitAll()//
.antMatchers("/users/existsByNickname").permitAll()//
.antMatchers("/forgotpasswords/findallforgotpasswordquestions").permitAll()//
.antMatchers("/forgotpasswords/loginbyusernameandanswers").permitAll()//
.antMatchers("/h2-console/**/**").permitAll() .antMatchers("/h2-console/**/**").permitAll()
// Disallow everything else.. // Disallow everything else..
.anyRequest().authenticated();
.anyRequest().authenticated();
// If a user try to access a resource without having enough permissions // If a user try to access a resource without having enough permissions
http.exceptionHandling().accessDeniedPage("/login"); http.exceptionHandling().accessDeniedPage("/login");

20
src/main/java/org/waterproofingdata/wpdauth/service/ForgotPasswordsService.java

@ -109,23 +109,29 @@ public class ForgotPasswordsService {
public String loginByUsernameAndAnswers(String username, List<ForgotPasswordsQuestionsUsersAnswers> answers) { public String loginByUsernameAndAnswers(String username, List<ForgotPasswordsQuestionsUsersAnswers> answers) {
Users user = usersRepository.findByUsername(username); Users user = usersRepository.findByUsername(username);
if (user == null) { if (user == null) {
throw new CustomException("The username doesn't exist", HttpStatus.NOT_FOUND); throw new CustomException("The username doesn't exist", HttpStatus.NOT_FOUND);
} }
List<Roles> roles = user.getRoles(); List<Roles> roles = user.getRoles();
int correctAnswers = 0;
boolean correctAnswers = false;
for (ForgotPasswordsQuestionsUsersAnswers answer : answers) { for (ForgotPasswordsQuestionsUsersAnswers answer : answers) {
ForgotPasswordsQuestionsUsersAnswers answerComparison = forgotPasswordsQuestionsUsersAnswersRepository.findByForgotPasswordQuestionsAndUserid(answer.getForgotpasswordquestionsid(), answer.getUsersid());
if (answerComparison == null) {
ForgotPasswordsQuestionsUsersAnswers answerComparison = forgotPasswordsQuestionsUsersAnswersRepository.findByForgotPasswordQuestionsAndUserid(answer.getForgotpasswordquestionsid(), user.getId());
if (answerComparison == null) {
throw new CustomException("The comparison answer doesn't exist", HttpStatus.NOT_FOUND); throw new CustomException("The comparison answer doesn't exist", HttpStatus.NOT_FOUND);
}
}
if (answer.getAnswer().equalsIgnoreCase(answerComparison.getAnswer())) { if (answer.getAnswer().equalsIgnoreCase(answerComparison.getAnswer())) {
correctAnswers++;
correctAnswers = true;
break;
} }
}
if (correctAnswers < 2) {
}
if (!correctAnswers) {
throw new CustomException("Invalid answers supplied to login. Must have at least 2 correct ones.", HttpStatus.UNPROCESSABLE_ENTITY); throw new CustomException("Invalid answers supplied to login. Must have at least 2 correct ones.", HttpStatus.UNPROCESSABLE_ENTITY);
} }

42
src/test/java/org/waterproofingdata/wpdauth/integrationtest/UsersServiceIntegrationTest.java

@ -118,25 +118,25 @@ public class UsersServiceIntegrationTest {
assertEquals(true, usersService.existsByNickname(u.getNickname())); assertEquals(true, usersService.existsByNickname(u.getNickname()));
} }
@Test
public void testRandomUserInstitutionAndClientRegistration() {
List<EduCemadenOrganizations> leco = eduCemadenOrganizationsRepository.findAll();
assertTrue(leco.size() > 0, "List<EduCemadenOrganizations> should return rows.");
UUID u_s = leco.get(0).getActivationkey();
EduCemadenOrganizations eco = eduCemadenOrganizationsRepository.findByActivationkey(u_s);
assertNotNull(eco, "EduCemadenOrganizations should be returned.");
Users userInst = setUpUserTest("user_institution_", Roles.ROLE_INSTITUTION);
String signup = usersService.signup(userInst);
assertNotNull(signup, "Signup token returned from usersService.signup(userInst) should not be null");
usersService.activate(userInst.getUsername(), eco.getActivationkey().toString());
Users userInstUpdated = usersService.search(userInst.getUsername());
UsersProviderActivationKey userInstUpdatedProviderKey = usersProviderActivationKeyRepository.findByUsersid(userInstUpdated.getId());
String keyFromUserInstToUserClient = userInstUpdatedProviderKey.getActivationkey().toString();
Users userClient = setUpUserTest("user_client_institution_", Roles.ROLE_CLIENT);
String signup2 = usersService.signup(userClient);
assertNotNull(signup2, "Signup token returned from usersService.signup(userClient) should not be null");
usersService.activate(userClient.getUsername(), keyFromUserInstToUserClient);
}
// @Test
// public void testRandomUserInstitutionAndClientRegistration() {
// List<EduCemadenOrganizations> leco = eduCemadenOrganizationsRepository.findAll();
// assertTrue(leco.size() > 0, "List<EduCemadenOrganizations> should return rows.");
// UUID u_s = leco.get(0).getActivationkey();
// EduCemadenOrganizations eco = eduCemadenOrganizationsRepository.findByActivationkey(u_s);
// assertNotNull(eco, "EduCemadenOrganizations should be returned.");
// Users userInst = setUpUserTest("user_institution_", Roles.ROLE_INSTITUTION);
// String signup = usersService.signup(userInst);
// assertNotNull(signup, "Signup token returned from usersService.signup(userInst) should not be null");
// usersService.activate(userInst.getUsername(), eco.getActivationkey().toString());
// Users userInstUpdated = usersService.search(userInst.getUsername());
// UsersProviderActivationKey userInstUpdatedProviderKey = usersProviderActivationKeyRepository.findByUsersid(userInstUpdated.getId());
// String keyFromUserInstToUserClient = userInstUpdatedProviderKey.getActivationkey().toString();
// Users userClient = setUpUserTest("user_client_institution_", Roles.ROLE_CLIENT);
// String signup2 = usersService.signup(userClient);
// assertNotNull(signup2, "Signup token returned from usersService.signup(userClient) should not be null");
// usersService.activate(userClient.getUsername(), keyFromUserInstToUserClient);
// }
} }
Loading…
Cancel
Save