add authentication step at customer order form

benjaminpochat · Feb 4, 2024 · d8fafb1 · d8fafb1
1 parent 6aff9be
commit d8fafb1
Show file tree

Hide file tree

Showing 32 changed files with 665 additions and 279 deletions.
diff --git a/backend/app/src/main/java/eu/viandeendirect/repository/ProductionRepository.java b/backend/app/src/main/java/eu/viandeendirect/repository/ProductionRepository.java
@@ -13,5 +13,5 @@ public interface ProductionRepository extends CrudRepository<Production, Integer
     List<Production> findByProducer(@Param("producer") Producer producer);
 
     @Query("select p from Sale s inner join s.productions p where s.id = :saleId")
-    List<Production> findBySalesId(@Param("saleId") Integer saleId);
+    List<Production> findBySaleId(@Param("saleId") Integer saleId);
 }
diff --git a/...end/app/src/main/java/eu/viandeendirect/security/configuration/SecurityConfiguration.java b/...end/app/src/main/java/eu/viandeendirect/security/configuration/SecurityConfiguration.java
@@ -5,6 +5,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.session.SessionRegistryImpl;
@@ -38,7 +39,11 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
                 .authorizeHttpRequests()
                 .requestMatchers("/swagger-ui")
-                .anonymous()
+                .permitAll()
+            .and()
+                .authorizeHttpRequests()
+                .requestMatchers("/addresses", "/addresses/**")
+                .permitAll()
             .and()
                 .authorizeHttpRequests()
                 .requestMatchers("/sales", "/sales/**")
@@ -50,11 +55,13 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
             .and()
                 .authorizeHttpRequests()
                 .requestMatchers("/productions", "/productions/**")
-                .hasRole("PRODUCER")
+                //.hasRole("PRODUCER")
+                .permitAll()
             .and()
                 .authorizeHttpRequests()
                 .requestMatchers("/beefProductions", "/beefProductions/**")
-                .hasRole("PRODUCER")
+                //.hasRole("PRODUCER")
+                .permitAll()
             .and()
                 .authorizeHttpRequests()
                 .requestMatchers("/honneyProductions", "/honneyProductions/**")
@@ -63,6 +70,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .authorizeHttpRequests()
                 .requestMatchers("/customers", "/customers/**")
                 .hasRole("PRODUCER")
+            .and()
+                .authorizeHttpRequests()
+                .requestMatchers("/producers", "/producers/**")
+                .hasRole("PRODUCER")
             .and()
                 .authorizeHttpRequests()
                 .requestMatchers("/orders", "/orders/**")

diff --git a/backend/app/src/main/java/eu/viandeendirect/service/AddresseService.java b/backend/app/src/main/java/eu/viandeendirect/service/AddresseService.java
@@ -4,7 +4,7 @@
 import eu.viandeendirect.model.Address;
 import eu.viandeendirect.model.Producer;
 import eu.viandeendirect.repository.AddressRepository;
-import eu.viandeendirect.service.specs.ProducerServiceSpecs;
+import eu.viandeendirect.service.specs.AuthenticationProducerServiceSpecs;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -19,7 +19,7 @@ public class AddresseService implements AddressesApiDelegate {
     AddressRepository addressRepository;
 
     @Autowired
-    ProducerServiceSpecs producerService;
+    AuthenticationProducerServiceSpecs producerService;
 
     @Override
     public ResponseEntity<List<Address>> getAddresses() {

diff --git a/backend/app/src/main/java/eu/viandeendirect/service/AuthenticationProducerService.java b/backend/app/src/main/java/eu/viandeendirect/service/AuthenticationProducerService.java
@@ -0,0 +1,33 @@
+package eu.viandeendirect.service;
+
+import eu.viandeendirect.api.ProducersApiDelegate;
+import eu.viandeendirect.model.Producer;
+import eu.viandeendirect.model.Sale;
+import eu.viandeendirect.repository.ProducerRepository;
+import eu.viandeendirect.repository.SaleRepository;
+import eu.viandeendirect.service.specs.AuthenticationProducerServiceSpecs;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Profile;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+import org.springframework.stereotype.Service;
+
+import static org.springframework.http.HttpStatus.CREATED;
+
+@Service
+@Profile("!test")
+public class AuthenticationProducerService implements AuthenticationProducerServiceSpecs {
+
+    @Autowired
+    ProducerRepository producerRepository;
+
+    @Override
+    public Producer getAuthenticatedProducer() {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        String email = ((JwtAuthenticationToken)authentication).getToken().getClaimAsString("email");
+        Producer producer = producerRepository.findByEmail(email).orElseThrow();
+        return producer;
+    }
+}
diff --git a/backend/app/src/main/java/eu/viandeendirect/service/BeefProductionService.java b/backend/app/src/main/java/eu/viandeendirect/service/BeefProductionService.java
@@ -2,10 +2,8 @@
 
 import eu.viandeendirect.api.BeefProductionsApiDelegate;
 import eu.viandeendirect.model.BeefProduction;
-import eu.viandeendirect.model.Producer;
-import eu.viandeendirect.model.Production;
 import eu.viandeendirect.repository.ProductionRepository;
-import eu.viandeendirect.service.specs.ProducerServiceSpecs;
+import eu.viandeendirect.service.specs.AuthenticationProducerServiceSpecs;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -18,7 +16,7 @@ public class BeefProductionService implements BeefProductionsApiDelegate {
     ProductionRepository productionRepository;
 
     @Autowired
-    ProducerServiceSpecs producerService;
+    AuthenticationProducerServiceSpecs producerService;
 
     @Override
     public ResponseEntity<BeefProduction> getBeefProduction(Integer beefProductionId) {

diff --git a/backend/app/src/main/java/eu/viandeendirect/service/CustomerService.java b/backend/app/src/main/java/eu/viandeendirect/service/CustomerService.java
@@ -5,7 +5,7 @@
 import eu.viandeendirect.model.Producer;
 import eu.viandeendirect.repository.CustomerRepository;
 import eu.viandeendirect.repository.UserRepository;
-import eu.viandeendirect.service.specs.ProducerServiceSpecs;
+import eu.viandeendirect.service.specs.AuthenticationProducerServiceSpecs;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -23,7 +23,7 @@ public class CustomerService implements CustomersApiDelegate {
     UserRepository userRepository;
 
     @Autowired
-    ProducerServiceSpecs producerService;
+    AuthenticationProducerServiceSpecs producerService;
 
 
     @Override

diff --git a/backend/app/src/main/java/eu/viandeendirect/service/ProducerService.java b/backend/app/src/main/java/eu/viandeendirect/service/ProducerService.java
@@ -1,27 +1,56 @@
 package eu.viandeendirect.service;
 
+import eu.viandeendirect.api.ProducersApiDelegate;
 import eu.viandeendirect.model.Producer;
+import eu.viandeendirect.model.Sale;
 import eu.viandeendirect.repository.ProducerRepository;
-import eu.viandeendirect.service.specs.ProducerServiceSpecs;
+import eu.viandeendirect.repository.SaleRepository;
+import eu.viandeendirect.service.specs.AuthenticationProducerServiceSpecs;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Profile;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.springframework.http.HttpStatus.*;
+
 @Service
-@Profile("!test")
-public class ProducerService implements ProducerServiceSpecs {
+public class ProducerService implements ProducersApiDelegate {
 
     @Autowired
     ProducerRepository producerRepository;
 
+    @Autowired
+    SaleRepository saleRepository;
+
+    @Autowired
+    AuthenticationProducerServiceSpecs producerService;
+
     @Override
-    public Producer getAuthenticatedProducer() {
-        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        String email = ((JwtAuthenticationToken)authentication).getToken().getClaimAsString("email");
+    public ResponseEntity<Sale> createProducerSale(Integer producerId, Sale sale) {
+        Producer producer = producerService.getAuthenticatedProducer();
+        if (!producer.getId().equals(producerId)) {
+            return new ResponseEntity<>(FORBIDDEN);
+        }
+        sale.setSeller(producer);
+        return new ResponseEntity<>(saleRepository.save(sale), CREATED);
+    }
+
+    @Override
+    public ResponseEntity<Producer> getProducer(String email) {
         Producer producer = producerRepository.findByEmail(email).orElseThrow();
-        return producer;
+        return new ResponseEntity<>(producer, OK);
+    }
+
+    @Override
+    public ResponseEntity<List<Sale>> getProducerSales(Integer producerId) {
+        Producer producer = producerService.getAuthenticatedProducer();
+        if (!producer.getId().equals(producerId)) {
+            return new ResponseEntity<>(FORBIDDEN);
+        }
+        List<Sale> sales = new ArrayList<>();
+        saleRepository.findBySeller(producer).forEach(sales::add);;
+        return new ResponseEntity<>(sales, OK);
     }
 }
diff --git a/backend/app/src/main/java/eu/viandeendirect/service/ProductionService.java b/backend/app/src/main/java/eu/viandeendirect/service/ProductionService.java
@@ -6,7 +6,7 @@
 import eu.viandeendirect.model.Production;
 import eu.viandeendirect.repository.PackageLotRepository;
 import eu.viandeendirect.repository.ProductionRepository;
-import eu.viandeendirect.service.specs.ProducerServiceSpecs;
+import eu.viandeendirect.service.specs.AuthenticationProducerServiceSpecs;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
@@ -25,7 +25,7 @@ public class ProductionService implements ProductionsApiDelegate {
     PackageLotRepository packageLotRepository;
 
     @Autowired
-    ProducerServiceSpecs producerService;
+    AuthenticationProducerServiceSpecs producerService;
 
     @Override
     public ResponseEntity<List<Production>> getProductions(Boolean forSale) {

diff --git a/backend/app/src/main/java/eu/viandeendirect/service/SaleService.java b/backend/app/src/main/java/eu/viandeendirect/service/SaleService.java
@@ -5,15 +5,14 @@
 import eu.viandeendirect.repository.OrderRepository;
 import eu.viandeendirect.repository.ProductionRepository;
 import eu.viandeendirect.repository.SaleRepository;
-import eu.viandeendirect.service.specs.ProducerServiceSpecs;
+import eu.viandeendirect.service.specs.AuthenticationProducerServiceSpecs;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
 
 import java.util.ArrayList;
 import java.util.List;
 
-import static org.springframework.http.HttpStatus.CREATED;
 import static org.springframework.http.HttpStatus.OK;
 
 @Service
@@ -23,40 +22,33 @@ public class SaleService implements SalesApiDelegate {
     SaleRepository saleRepository;
 
     @Autowired
-    ProducerServiceSpecs producerService;
+    AuthenticationProducerServiceSpecs producerService;
 
     @Autowired
     private OrderRepository orderRepository;
     @Autowired
     private ProductionRepository productionRepository;
 
-    @Override
-    public ResponseEntity<List<Sale>> getSales() {
-        Producer producer = producerService.getAuthenticatedProducer();
-        List<Sale> sales = new ArrayList<>();
-        saleRepository.findBySeller(producer).forEach(sales::add);;
-        return new ResponseEntity<>(sales, OK);
-    }
-
-    @Override
-    public ResponseEntity<Sale> createSale(Sale sale) {
-        sale.setSeller(producerService.getAuthenticatedProducer());
-        return new ResponseEntity<>(saleRepository.save(sale), CREATED);
-    }
-
     @Override
     public ResponseEntity<Sale> getSale(Integer saleId) {
         Sale sale = saleRepository.findById(saleId).get();
         return new ResponseEntity<>(sale, OK);
     }
 
+    @Override
+    public ResponseEntity<List<Sale>> getSales() {
+        List<Sale> sales = new ArrayList<>();
+        saleRepository.findAll().forEach(sales::add);
+        return new ResponseEntity<>(sales, OK);
+    }
+
     @Override
     public ResponseEntity<List<Order>> getSaleOrders(Integer saleId) {
         return new ResponseEntity<>(orderRepository.findBySaleId(saleId), OK);
     }
 
     @Override
     public ResponseEntity<List<Production>> getSaleProductions(Integer saleId) {
-        return new ResponseEntity<>(productionRepository.findBySalesId(saleId), OK);
+        return new ResponseEntity<>(productionRepository.findBySaleId(saleId), OK);
     }
 }
diff --git a/...t/service/specs/ProducerServiceSpecs.java → ...s/AuthenticationProducerServiceSpecs.java b/...t/service/specs/ProducerServiceSpecs.java → ...s/AuthenticationProducerServiceSpecs.java
@@ -2,6 +2,6 @@
 
 import eu.viandeendirect.model.Producer;
 
-public interface ProducerServiceSpecs {
+public interface AuthenticationProducerServiceSpecs {
     Producer getAuthenticatedProducer();
 }
diff --git a/...rect/service/ProducerServiceForTests.java → ...uthenticationProducerServiceForTests.java b/...rect/service/ProducerServiceForTests.java → ...uthenticationProducerServiceForTests.java
@@ -1,13 +1,13 @@
 package eu.viandeendirect.service;
 
 import eu.viandeendirect.model.Producer;
-import eu.viandeendirect.service.specs.ProducerServiceSpecs;
+import eu.viandeendirect.service.specs.AuthenticationProducerServiceSpecs;
 import org.springframework.context.annotation.Profile;
 import org.springframework.stereotype.Service;
 
 @Service
 @Profile("test")
-public class ProducerServiceForTests implements ProducerServiceSpecs {
+public class AuthenticationProducerServiceForTests implements AuthenticationProducerServiceSpecs {
 
     @Override
     public Producer getAuthenticatedProducer() {

diff --git a/backend/app/src/test/java/eu/viandeendirect/service/TestBeefProductionService.java b/backend/app/src/test/java/eu/viandeendirect/service/TestBeefProductionService.java
@@ -3,8 +3,6 @@
 import eu.viandeendirect.model.BeefProduction;
 import eu.viandeendirect.model.Production;
 import eu.viandeendirect.repository.ProductionRepository;
-import eu.viandeendirect.service.specs.ProducerServiceSpecs;
-import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -14,9 +12,6 @@
 import org.springframework.test.context.junit.jupiter.SpringExtension;
 
 
-import java.util.Optional;
-
-import static eu.viandeendirect.model.Production.ProductionTypeEnum.BEEFPRODUCTION;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.test.context.jdbc.Sql.ExecutionPhase.AFTER_TEST_METHOD;
 import static org.springframework.test.context.jdbc.Sql.ExecutionPhase.BEFORE_TEST_METHOD;