Fix login bug.

2024-11-21 21:57:56 +01:00 · 2024-02-07 00:04:06 -08:00 · 2024-02-07 00:04:06 -08:00 · 885de4e1c1
commit 885de4e1c1
parent 56c322fd3f
5 changed files with 147 additions and 83 deletions
--- a/wise-api/src/main/java/com/wisemapping/filter/JwtAuthenticationFilter.java
+++ b/wise-api/src/main/java/com/wisemapping/filter/JwtAuthenticationFilter.java
@ -11,8 +11,10 @@ import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.dao.DataAccessException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
@ -43,13 +45,13 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {

            if (email.isPresent() && jwtTokenUtil.validateJwtToken(token.get())) {
                // Is it an existing user ?
-                final UserDetails userDetails = userDetailsService.loadUserByUsername(email.get());
-                if (userDetails != null) {
+                try {
+                    final UserDetails userDetails = userDetailsService.loadUserByUsername(email.get());
                    final UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
                            userDetails, null, userDetails.getAuthorities());
                    authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                    SecurityContextHolder.getContext().setAuthentication(authenticationToken);
-                } else {
+                } catch (UsernameNotFoundException e) {
                    logger.trace("User " + email.get() + " could not be found");
                }
            }
--- a/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java
+++ b/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java
@ -69,7 +69,7 @@ public class MindmapController extends BaseController {


    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-        @RequestMapping(method = RequestMethod.GET, value = "/{id}", produces = {"application/json"})
+    @RequestMapping(method = RequestMethod.GET, value = "/{id}", produces = {"application/json"})
    @ResponseBody
    public RestMindmap retrieve(@PathVariable int id) throws WiseMappingException {
        final User user = Utils.getUser();
@ -77,6 +77,16 @@ public class MindmapController extends BaseController {
        return new RestMindmap(mindMap, user);
    }

+    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
+    @RequestMapping(method = RequestMethod.GET, value = "/{id}/metadata", produces = {"application/json"})
+    @ResponseBody
+    public RestMindmap retrieveMetadata(@PathVariable int id) throws WiseMappingException {
+        final User user = Utils.getUser();
+        
+        final Mindmap mindMap = findMindmapById(id);
+        return new RestMindmap(mindMap, user);
+    }
+
    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
    @RequestMapping(method = RequestMethod.GET, value = "/", produces = {"application/json"})
    public RestMindmapList retrieveList(@RequestParam(required = false) String q) {
--- a/wise-api/src/main/java/com/wisemapping/rest/UserController.java
+++ b/wise-api/src/main/java/com/wisemapping/rest/UserController.java
@ -51,100 +51,102 @@ import java.util.List;
@RequestMapping("/api/restful/users")
 public class UserController extends BaseController {

-	@Qualifier("userService")
-	@Autowired
-	private UserService userService;
+    @Qualifier("userService")
+    @Autowired
+    private UserService userService;

-	@Autowired
-	private RecaptchaService captchaService;
+    @Autowired
+    private RecaptchaService captchaService;

-	@Qualifier("authenticationManager")
-	@Autowired
-	private AuthenticationManager authManager;
+    @Qualifier("authenticationManager")
+    @Autowired
+    private AuthenticationManager authManager;

-	@Value("${google.recaptcha2.enabled:false}")
-	private Boolean recatchaEnabled;
+    @Value("${google.recaptcha2.enabled:false}")
+    private Boolean recatchaEnabled;

-	@Value("${accounts.exclusion.domain:''}")
-	private String domainBanExclusion;
+    @Value("${app.accounts.exclusion.domain:''}")
+    private String domainBanExclusion;

-	private static final Logger logger = LogManager.getLogger();
-	private static final String REAL_IP_ADDRESS_HEADER = "X-Real-IP";
+    private static final Logger logger = LogManager.getLogger();
+    private static final String REAL_IP_ADDRESS_HEADER = "X-Real-IP";

-	@RequestMapping(method = RequestMethod.POST, value = "/", produces = { "application/json" })
-	@ResponseStatus(value = HttpStatus.CREATED)
-	public void registerUser(@RequestBody RestUserRegistration registration, @NotNull HttpServletRequest request,
-			@NotNull HttpServletResponse response) throws WiseMappingException, BindException {
-		logger.debug("Register new user:" + registration.getEmail());
+    @RequestMapping(method = RequestMethod.POST, value = "/", produces = {"application/json"})
+    @ResponseStatus(value = HttpStatus.CREATED)
+    public void registerUser(@RequestBody RestUserRegistration registration, @NotNull HttpServletRequest request,
+                             @NotNull HttpServletResponse response) throws WiseMappingException, BindException {
+        logger.debug("Register new user:" + registration.getEmail());

-		if (registration.getPassword().length() > User.MAX_PASSWORD_LENGTH_SIZE) {
-			throw new PasswordTooLongException();
-		}
+        if (registration.getPassword().length() > User.MAX_PASSWORD_LENGTH_SIZE) {
+            throw new PasswordTooLongException();
+        }

-		// If tomcat is behind a reverse proxy, ip needs to be found in other header.
-		String remoteIp = request.getHeader(REAL_IP_ADDRESS_HEADER);
-		if (remoteIp == null || remoteIp.isEmpty()) {
-			remoteIp = request.getRemoteAddr();
-		}
-		logger.debug("Remote address" + remoteIp);
+        // If tomcat is behind a reverse proxy, ip needs to be found in other header.
+        String remoteIp = request.getHeader(REAL_IP_ADDRESS_HEADER);
+        if (remoteIp == null || remoteIp.isEmpty()) {
+            remoteIp = request.getRemoteAddr();
+        }
+        logger.debug("Remote address" + remoteIp);

-		verify(registration, remoteIp);
+        verify(registration, remoteIp);

-		final User user = new User();
-		user.setEmail(registration.getEmail().trim());
-		user.setFirstname(registration.getFirstname());
-		user.setLastname(registration.getLastname());
-		user.setPassword(registration.getPassword());
+        final User user = new User();
+        user.setEmail(registration.getEmail().trim());
+        user.setFirstname(registration.getFirstname());
+        user.setLastname(registration.getLastname());
+        user.setPassword(registration.getPassword());

-		user.setAuthenticationType(AuthenticationType.DATABASE);
-		userService.createUser(user, false, true);
-		response.setHeader("Location", "/api/restful/users/" + user.getId());
-	}
+        user.setAuthenticationType(AuthenticationType.DATABASE);
+        userService.createUser(user, false, true);
+        response.setHeader("Location", "/api/restful/users/" + user.getId());
+        response.setHeader("ResourceId", Integer.toString(user.getId()));

-	@RequestMapping(method = RequestMethod.PUT, value = "/resetPassword", produces = { "application/json" })
-	@ResponseStatus(value = HttpStatus.OK)
-	public RestResetPasswordResponse resetPassword(@RequestParam String email) throws InvalidAuthSchemaException, EmailNotExistsException {
-		try {
-			return userService.resetPassword(email);
-		} catch (InvalidUserEmailException e) {
-			throw new EmailNotExistsException(e);
-		}
-	}
+    }

-	private void verify(@NotNull final RestUserRegistration registration, @NotNull String remoteAddress)
-			throws BindException {
+    @RequestMapping(method = RequestMethod.PUT, value = "/resetPassword", produces = {"application/json"})
+    @ResponseStatus(value = HttpStatus.OK)
+    public RestResetPasswordResponse resetPassword(@RequestParam String email) throws InvalidAuthSchemaException, EmailNotExistsException {
+        try {
+            return userService.resetPassword(email);
+        } catch (InvalidUserEmailException e) {
+            throw new EmailNotExistsException(e);
+        }
+    }

-		final BindException errors = new RegistrationException(registration, "registration");
-		final UserValidator validator = new UserValidator();
-		validator.setUserService(userService);
-		validator.validate(registration, errors);
+    private void verify(@NotNull final RestUserRegistration registration, @NotNull String remoteAddress)
+            throws BindException {

-		// If captcha is enabled, generate it ...
-		if (recatchaEnabled) {
-			final String recaptcha = registration.getRecaptcha();
-			if (recaptcha != null) {
-				final String reCaptchaResponse = captchaService.verifyRecaptcha(remoteAddress, recaptcha);
-				if (reCaptchaResponse != null && !reCaptchaResponse.isEmpty()) {
-					errors.rejectValue("recaptcha", reCaptchaResponse);
-				}
-			} else {
-				errors.rejectValue("recaptcha", Messages.CAPTCHA_LOADING_ERROR);
-			}
-		} else {
-			logger.warn("captchaEnabled is enabled.Recommend to enable it for production environments.");
-		}
+        final BindException errors = new RegistrationException(registration, "registration");
+        final UserValidator validator = new UserValidator();
+        validator.setUserService(userService);
+        validator.validate(registration, errors);

-		if (errors.hasErrors()) {
-			throw errors;
-		}
+        // If captcha is enabled, generate it ...
+        if (recatchaEnabled) {
+            final String recaptcha = registration.getRecaptcha();
+            if (recaptcha != null) {
+                final String reCaptchaResponse = captchaService.verifyRecaptcha(remoteAddress, recaptcha);
+                if (reCaptchaResponse != null && !reCaptchaResponse.isEmpty()) {
+                    errors.rejectValue("recaptcha", reCaptchaResponse);
+                }
+            } else {
+                errors.rejectValue("recaptcha", Messages.CAPTCHA_LOADING_ERROR);
+            }
+        } else {
+            logger.warn("captchaEnabled is enabled.Recommend to enable it for production environments.");
+        }

-		// Is excluded ?.
-		final List<String> excludedDomains = Arrays.asList(domainBanExclusion.split(","));
-		final String emailDomain = registration.getEmail().split("@")[1];
-		if (excludedDomains.contains(emailDomain)) {
-			throw new IllegalArgumentException(
-					"Email is part of ban exclusion list due to abuse. Please, contact site admin if you think this is an error."
-							+ emailDomain);
-		}
-	}
+        if (errors.hasErrors()) {
+            throw errors;
+        }
+
+        // Is excluded ?.
+        final List<String> excludedDomains = Arrays.asList(domainBanExclusion.split(","));
+        final String emailDomain = registration.getEmail().split("@")[1];
+        if (excludedDomains.contains(emailDomain)) {
+            throw new IllegalArgumentException(
+                    "Email is part of ban exclusion list due to abuse. Please, contact site admin if you think this is an error."
+                            + emailDomain);
+        }
+    }
 }
--- a/wise-api/src/main/java/com/wisemapping/rest/model/RestMindmapMetadata.java
+++ b/wise-api/src/main/java/com/wisemapping/rest/model/RestMindmapMetadata.java
@ -0,0 +1,47 @@
+/*
+ *    Copyright [2022] [wisemapping]
+ *
+ *   Licensed under WiseMapping Public License, Version 1.0 (the "License").
+ *   It is basically the Apache License, Version 2.0 (the "License") plus the
+ *   "powered by wisemapping" text requirement on every single page;
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the license at
+ *
+ *       http://www.wisemapping.org/license
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ */
+
+package com.wisemapping.rest.model;
+
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.wisemapping.exceptions.InvalidMindmapException;
+import com.wisemapping.exceptions.WiseMappingException;
+import com.wisemapping.model.*;
+import com.wisemapping.util.TimeUtils;
+import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
+
+import java.io.IOException;
+import java.util.Calendar;
+
+@JsonAutoDetect(
+        fieldVisibility = JsonAutoDetect.Visibility.NONE,
+        setterVisibility = JsonAutoDetect.Visibility.PUBLIC_ONLY,
+        isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+        getterVisibility = JsonAutoDetect.Visibility.PUBLIC_ONLY
+)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class RestMindmapMetadata {
+
+    public RestMindmapMetadata() throws WiseMappingException {
+    }
+
+}
--- a/wise-api/src/main/resources/application.yml
+++ b/wise-api/src/main/resources/application.yml
@ -58,6 +58,9 @@ app:
  mail:
    serverSendEmail: root@localhost
    supportEmail: root@localhost
+#  accounts:
+#    exclusion:
+#      domain: