Fixed admin scurtiy bug

46398f36 · Spiros Koulouzis · ea439ac8 · 46398f36 · 46398f36 · 46398f36
Commit 46398f36 authored Mar 11, 2017 by Spiros Koulouzis
5 changed files
--- a/doc/NOTES
+++ b/doc/NOTES
@@ -4,4 +4,4 @@ docker run --name mongo-inst -p 127.0.0.1:27017:27017 -d mongo:3
 #--------Add admin-----------------
-docker exec -t mongo-inst mongo -eval 'db.user.insert({"password":"1234","roles":["USER,ADMIN"],"username":"user","accountNonExpired":true,"accountNonLocked":true,"credentialsNonExpired":true,"enabled":true})' localhost/drip
+docker exec -t mongo-inst mongo -eval 'db.user.insert({"password":"$2a$10$QdysFgsH0sl6Y4BD84UhGO7yyNfoDPXjjEHkDJ3pX6cRfHDj2Q0BO","roles":["ADMIN"],"username":"admin","accountNonExpired":true,"accountNonLocked":true,"credentialsNonExpired":true,"enabled":true})' localhost/drip
--- a/drip-api/src/main/java/nl/uva/sne/drip/api/conf/SecurityConfig.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/conf/SecurityConfig.java
@@ -21,7 +21,6 @@ import nl.uva.sne.drip.api.service.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -37,8 +36,8 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationFi
 */
 @Configuration
 @EnableWebSecurity
-//@EnableGlobalMethodSecurity(jsr250Enabled = true, prePostEnabled = true)
+@EnableGlobalMethodSecurity(jsr250Enabled = true, prePostEnabled = true)
-@EnableGlobalMethodSecurity(prePostEnabled = true)
+//@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired

--- a/drip-api/src/main/java/nl/uva/sne/drip/api/service/UserService.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/service/UserService.java
@@ -15,6 +15,7 @@
 */
 package nl.uva.sne.drip.api.service;
+import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import nl.uva.sne.drip.api.dao.UserDao;
@@ -49,7 +50,23 @@ public class UserService implements UserDetailsService {
        return null;
    }
-    public UserDao getDao() {
+    public User save(User user) {
-        return dao;
+        return dao.save(user);
+    }
+    public User findOne(String id) {
+        return dao.findOne(id);
+    }
+    public void delete(User user) {
+        dao.delete(user);
+    }
+    public List<User> findAll() {
+        return dao.findAll();
+    }
+    public void deleteAll() {
+        dao.deleteAll();
    }
 }
--- a/drip-api/src/main/java/nl/uva/sne/drip/api/v0/rest/UserController0.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/v0/rest/UserController0.java
@@ -15,6 +15,8 @@
 */
 package nl.uva.sne.drip.api.v0.rest;
+import java.util.ArrayList;
+import java.util.Collection;
 import javax.annotation.security.RolesAllowed;
 import nl.uva.sne.drip.api.exception.PasswordNullException;
 import nl.uva.sne.drip.api.exception.UserExistsException;
@@ -29,6 +31,7 @@ import org.springframework.web.bind.annotation.RestController;
 import nl.uva.sne.drip.api.service.UserService;
 import nl.uva.sne.drip.commons.v0.types.Register;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -62,8 +65,15 @@ public class UserController0 {
        }
        User user = new User();
        user.setUsername(register.user);
+        user.setAccountNonExpired(true);
+        user.setAccountNonLocked(true);
+        user.setEnabled(true);
+        user.setCredentialsNonExpired(true);
+        Collection<String> roles = new ArrayList<>();
+        roles.add("USER");
+        user.setRoles(roles);
        user.setPassword(new BCryptPasswordEncoder().encode(register.pwd));
-        service.getDao().save(user);
+        user = service.save(user);
        return "Success: " + user.getId();
    }
 }
--- a/drip-api/src/main/java/nl/uva/sne/drip/api/v1/rest/UserController.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/v1/rest/UserController.java
@@ -33,6 +33,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 import nl.uva.sne.drip.api.service.UserService;
+import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -75,7 +76,7 @@ public class UserController {
            throw new UserExistsException("Username " + user.getUsername() + " is used");
        }
        user.setPassword(new BCryptPasswordEncoder().encode(user.getPassword()));
-        service.getDao().save(user);
+        user = service.save(user);
        return user.getId();
    }
@@ -101,7 +102,7 @@ public class UserController {
    public @ResponseBody
    User get(@PathVariable("id") String id) {
        try {
-            User user = service.getDao().findOne(id);
+            User user = service.findOne(id);
            if (user == null) {
                throw new UserNotFoundException("User " + id + " not found");
            }
@@ -123,11 +124,11 @@ public class UserController {
    public @ResponseBody
    String remove(@PathVariable("id") String id) {
        try {
-            User user = service.getDao().findOne(id);
+            User user = service.findOne(id);
            if (user == null) {
                throw new UserNotFoundException("User " + id + " not found");
            }
-            service.getDao().delete(user);
+            service.delete(user);
            return "Deleted : " + id;
        } catch (Exception ex) {
            Logger.getLogger(UserController.class.getName()).log(Level.SEVERE, null, ex);
@@ -145,7 +146,7 @@ public class UserController {
    public @ResponseBody
    List<String> getIds() {
        try {
-            List<User> all = service.getDao().findAll();
+            List<User> all = service.findAll();
            List<String> ids = new ArrayList<>();
            for (User tr : all) {
                ids.add(tr.getId());
@@ -162,7 +163,7 @@ public class UserController {
    public @ResponseBody
    List<User> getAll() {
        try {
-            return service.getDao().findAll();
+            return service.findAll();
        } catch (Exception ex) {
            Logger.getLogger(UserController.class.getName()).log(Level.SEVERE, null, ex);
        }