From 61c5a43192e5ace5a41aa0973e0db9a0e104c710 Mon Sep 17 00:00:00 2001 From: Filip Izydorczyk Date: Wed, 23 Dec 2020 11:51:17 +0100 Subject: [PATCH] Added refresh token endpoint --- .../main/java/com/plannaplan/entities/User.java | 10 ++++++++++ .../plannaplan/repositories/UserRepository.java | 3 +++ .../java/com/plannaplan/services/EventService.java | 11 +++-------- .../java/com/plannaplan/services/UserService.java | 4 ++++ .../plannaplan/controllers/TokenController.java | 14 ++++++++++++++ .../plannaplan/responses/models/TokenResponse.java | 7 +++++++ .../com/plannaplan/security/WebSecurityConfig.java | 7 ++++--- 7 files changed, 45 insertions(+), 11 deletions(-) diff --git a/buisnesslogic/src/main/java/com/plannaplan/entities/User.java b/buisnesslogic/src/main/java/com/plannaplan/entities/User.java index 0633dcc..6f01759 100755 --- a/buisnesslogic/src/main/java/com/plannaplan/entities/User.java +++ b/buisnesslogic/src/main/java/com/plannaplan/entities/User.java @@ -1,6 +1,7 @@ package com.plannaplan.entities; import java.sql.Timestamp; +import java.util.UUID; import java.util.concurrent.TimeUnit; import javax.persistence.Entity; @@ -28,6 +29,7 @@ public class User { private String usosId; private UserRoles role; private String token; + private String refreshToken; private Timestamp tokenUsageDate; public User() { @@ -105,6 +107,13 @@ public class User { return token; } + /** + * @return token needed to call refresh token after it expired + */ + public String getRefreshToken() { + return refreshToken; + } + /** * token seter. Sets token and automaticly set time when was set * @@ -113,6 +122,7 @@ public class User { public void setToken(String token) { this.tokenUsageDate = new Timestamp(System.currentTimeMillis()); this.token = token; + this.refreshToken = UUID.randomUUID().toString(); } /** diff --git a/buisnesslogic/src/main/java/com/plannaplan/repositories/UserRepository.java b/buisnesslogic/src/main/java/com/plannaplan/repositories/UserRepository.java index c7af201..debf7ab 100755 --- a/buisnesslogic/src/main/java/com/plannaplan/repositories/UserRepository.java +++ b/buisnesslogic/src/main/java/com/plannaplan/repositories/UserRepository.java @@ -38,6 +38,9 @@ public interface UserRepository extends JpaRepository { @Query("FROM User WHERE email = ?1") Optional getByAuthority(@Param("authority") String authority); + @Query("FROM User WHERE refreshToken = ?1") + Optional getByRefreshToken(@Param("refreshToken") String refreshToken); + @Query("FROM User WHERE token = ?1") Optional getByToken(@Param("token") String token); diff --git a/buisnesslogic/src/main/java/com/plannaplan/services/EventService.java b/buisnesslogic/src/main/java/com/plannaplan/services/EventService.java index f58a4d0..7569bd0 100755 --- a/buisnesslogic/src/main/java/com/plannaplan/services/EventService.java +++ b/buisnesslogic/src/main/java/com/plannaplan/services/EventService.java @@ -1,22 +1,17 @@ package com.plannaplan.services; -import org.springframework.beans.factory.annotation.Autowired; +// import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Scheduled; import org.springframework.stereotype.Service; @Service public class EventService { - @Autowired - private EmailService emailService; + // @Autowired + // private EmailService emailService; @Scheduled(cron = "0 2 17 * * *") public void collectGroupLosses() { System.out.println("Checking for groups"); } - - @Scheduled(cron = "0 5 18 * * *") - public void testMail() { - this.emailService.sendMail("kaczor982@gmail.com", "Cześć. Jestem Tomek."); - } } diff --git a/buisnesslogic/src/main/java/com/plannaplan/services/UserService.java b/buisnesslogic/src/main/java/com/plannaplan/services/UserService.java index d4d2130..9192490 100755 --- a/buisnesslogic/src/main/java/com/plannaplan/services/UserService.java +++ b/buisnesslogic/src/main/java/com/plannaplan/services/UserService.java @@ -81,4 +81,8 @@ public class UserService { return this.repo.getAllByRole(UserRoles.STUDENT); } + public Optional getUserByRefreshToken(String refreshToken) { + return this.repo.getByRefreshToken(refreshToken); + } + } \ No newline at end of file diff --git a/restservice/src/main/java/com/plannaplan/controllers/TokenController.java b/restservice/src/main/java/com/plannaplan/controllers/TokenController.java index e4615d7..91cc224 100755 --- a/restservice/src/main/java/com/plannaplan/controllers/TokenController.java +++ b/restservice/src/main/java/com/plannaplan/controllers/TokenController.java @@ -1,5 +1,7 @@ package com.plannaplan.controllers; +import java.util.UUID; + import com.plannaplan.entities.User; import com.plannaplan.exceptions.UserNotFoundException; import com.plannaplan.responses.models.TokenResponse; @@ -61,4 +63,16 @@ public class TokenController { } } + + @GetMapping("/token/refresh") + @ApiOperation(value = "Endpoint to access new token based on refresh token. It's needed when request with provided token fail with code 403") + public ResponseEntity getRefreshToken( + @RequestParam("refreshToken") @ApiParam(value = "Refresh token obtained in /token request") final String refreshToken) { + User user = this.userService.getUserByRefreshToken(refreshToken) + .orElseThrow(() -> new NullPointerException("User not found")); + user.setToken(UUID.randomUUID().toString()); + user = this.userService.save(user); + return new ResponseEntity<>(new TokenResponse(user), HttpStatus.OK); + + } } diff --git a/restservice/src/main/java/com/plannaplan/responses/models/TokenResponse.java b/restservice/src/main/java/com/plannaplan/responses/models/TokenResponse.java index 33f6f6e..583619f 100755 --- a/restservice/src/main/java/com/plannaplan/responses/models/TokenResponse.java +++ b/restservice/src/main/java/com/plannaplan/responses/models/TokenResponse.java @@ -9,6 +9,8 @@ import io.swagger.annotations.ApiModelProperty; public class TokenResponse { @ApiModelProperty(value = "user token used to verify requests") private String token; + @ApiModelProperty(value = "user token needed to refresh") + private String refreshToken; @ApiModelProperty(value = "user id in database") private Long id; @ApiModelProperty(value = "user app role") @@ -21,6 +23,7 @@ public class TokenResponse { this.authorityRole = user.getRole().toString(); this.email = user.getEmail(); this.token = user.getToken(); + this.refreshToken = user.getRefreshToken(); } public String getEmail() { @@ -39,4 +42,8 @@ public class TokenResponse { return token; } + public String getRefreshToken() { + return this.refreshToken; + } + } diff --git a/restservice/src/main/java/com/plannaplan/security/WebSecurityConfig.java b/restservice/src/main/java/com/plannaplan/security/WebSecurityConfig.java index d41b9f6..cbeff0d 100755 --- a/restservice/src/main/java/com/plannaplan/security/WebSecurityConfig.java +++ b/restservice/src/main/java/com/plannaplan/security/WebSecurityConfig.java @@ -37,9 +37,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override public void configure(final WebSecurity webSecurity) { - webSecurity.ignoring().antMatchers("/token**").antMatchers("/api/v1/courses/all") - .antMatchers("/api/v1/groups/course/{id}").antMatchers("/v2/api-docs", "/configuration/ui", - "/swagger-resources/**", "/configuration/security", "/swagger-ui.html", "/webjars/**"); + webSecurity.ignoring().antMatchers("/token**").antMatchers("/token/refresh**") + .antMatchers("/api/v1/courses/all").antMatchers("/api/v1/groups/course/{id}") + .antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/security", + "/swagger-ui.html", "/webjars/**"); } @Override