work

Author: thomaswoehlke

src/main/java/org/woehlke/java/simpleworklist/domain/PagesController.java

@@ -1,6 +1,7 @@
 package org.woehlke.java.simpleworklist.domain;
 
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -13,9 +14,11 @@
 
 @Slf4j
 @Controller
+@PreAuthorize("permitAll()")
 @RequestMapping(path = "/pages")
-public class PagesController extends AbstractController {
+public class PagesController {
 
+  @PreAuthorize("permitAll()")
   @RequestMapping(path = "/information", method = RequestMethod.GET)
   public final String renderPageInformation(
     @NotNull @ModelAttribute("userSession") UserSessionBean userSession,

src/main/java/org/woehlke/java/simpleworklist/domain/UserLoginController.java

@@ -42,7 +42,7 @@ public UserLoginController(
      * Login Formular. If User is not logged in, this page will be displayed for
      * all page-URLs which need login.
      *
-     * @param model
+     * @param model Model
      * @return Login Screen.
      */
     @RequestMapping(path = "/login", method = RequestMethod.GET)
@@ -56,9 +56,9 @@ public final String loginGet(Model model) {
     /**
      * Perform login.
      *
-     * @param loginForm
-     * @param result
-     * @param model
+     * @param loginForm LoginForm
+     * @param result BindingResult
+     * @param model Model
      * @return Shows Root Project after successful login or login form with error messages.
      */
     @RequestMapping(path = "/login", method = RequestMethod.POST)

src/main/java/org/woehlke/java/simpleworklist/domain/UserPasswordRecoveryController.java

@@ -1,6 +1,7 @@
 package org.woehlke.java.simpleworklist.domain;
 
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -16,36 +17,33 @@
 import org.woehlke.java.simpleworklist.domain.db.user.passwordrecovery.UserAccountPasswordRecoveryService;
 import org.woehlke.java.simpleworklist.domain.db.user.signup.UserAccountRegistrationForm;
 
-import org.springframework.beans.factory.annotation.Autowired;
-
 import javax.validation.Valid;
 
 @Slf4j
 @Controller
-@RequestMapping(path = "/user")
+@RequestMapping(path= "/user/resetPassword")
 public class UserPasswordRecoveryController {
 
-    private final UserAccountService userAccountService;
     private final UserAccountPasswordRecoveryService userAccountPasswordRecoveryService;
+    private final UserAccountService userAccountService;
 
     @Autowired
     public UserPasswordRecoveryController(
-        UserAccountService userAccountService,
-        UserAccountPasswordRecoveryService userAccountPasswordRecoveryService
+        UserAccountPasswordRecoveryService userAccountPasswordRecoveryService,
+        UserAccountService userAccountService
     ) {
-        this.userAccountService = userAccountService;
         this.userAccountPasswordRecoveryService = userAccountPasswordRecoveryService;
+        this.userAccountService = userAccountService;
     }
 
     /**
      * Visitor who might be Registered, but not yet logged in, clicks
      * on 'password forgotten' at login formular.
      *
-     * @param model
+     * @param model Model
      * @return a Formular for entering the email-adress.
      */
-    @PreAuthorize("isAnonymous()")
-    @RequestMapping(path="/resetPassword", method = RequestMethod.GET)
+    @RequestMapping(path="/form", method = RequestMethod.GET)
     public final String passwordForgottenForm(Model model) {
         UserAccountRegistrationForm userAccountRegistrationForm = new UserAccountRegistrationForm();
         model.addAttribute("userAccountRegistrationForm", userAccountRegistrationForm);
@@ -55,13 +53,12 @@ public final String passwordForgottenForm(Model model) {
     /**
      * If email-address exists, send email with Link for password-Reset.
      *
-     * @param userAccountRegistrationForm
-     * @param result
-     * @param model
+     * @param userAccountRegistrationForm UserAccountRegistrationForm
+     * @param result BindingResult
+     * @param model Model
      * @return info page if without errors or formular again displaying error messages.
      */
-    @PreAuthorize("isAnonymous()")
-    @RequestMapping(path="/resetPassword", method = RequestMethod.POST)
+    @RequestMapping(path="/form", method = RequestMethod.POST)
     public final String passwordForgottenPost(
         @Valid UserAccountRegistrationForm userAccountRegistrationForm,
         BindingResult result,
@@ -78,6 +75,9 @@ public final String passwordForgottenPost(
             log.info(userAccountRegistrationForm.toString());
             log.info(result.toString());
             log.info(model.toString());
+            if(userAccountService == null){
+                return "redirect:/";
+            }
             if (userAccountService.findByUserEmail(userAccountRegistrationForm.getEmail()) == null) {
                 String objectName = "userRegistrationForm";
                 String field = "email";
@@ -95,12 +95,11 @@ public final String passwordForgottenPost(
     /**
      * User clicked on Link in Email for Password-Recovery.
      *
-     * @param confirmId
-     * @param model
+     * @param confirmId String
+     * @param model Model
      * @return a Formular for entering the new Password.
      */
-    @PreAuthorize("isAnonymous()")
-    @RequestMapping(path = "/resetPassword/confirm/{confirmId}", method = RequestMethod.GET)
+    @RequestMapping(path = "/confirm/{confirmId}", method = RequestMethod.GET)
     public final String enterNewPasswordFormular(
         @PathVariable String confirmId,
         Model model
@@ -123,14 +122,14 @@ public final String enterNewPasswordFormular(
     /**
      * Save new Password.
      *
-     * @param userAccountForm
-     * @param result
-     * @param confirmId
-     * @param model
+     * @param userAccountForm UserAccountForm
+     * @param result BindingResult
+     * @param confirmId String
+     * @param model Model
+     *
      * @return Info Page for success or back to formular with error messages.
      */
-    @PreAuthorize("isAnonymous()")
-    @RequestMapping(path =  "/resetPassword/confirm/{confirmId}", method = RequestMethod.POST)
+    @RequestMapping(path =  "/confirm/{confirmId}", method = RequestMethod.POST)
     public final String enterNewPasswordPost(
         @Valid UserAccountForm userAccountForm,
         BindingResult result,

src/main/java/org/woehlke/java/simpleworklist/domain/UserRegistrationController.java

@@ -2,7 +2,6 @@
 
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.BindingResult;
@@ -23,16 +22,16 @@
 @RequestMapping(path = "/user/register")
 public class UserRegistrationController {
 
-    private final UserAccountService userAccountService;
     private final UserAccountRegistrationService userAccountRegistrationService;
+    private final UserAccountService userAccountService;
 
     @Autowired
     public UserRegistrationController(
-        UserAccountService userAccountService,
-        UserAccountRegistrationService userAccountRegistrationService
+        UserAccountRegistrationService userAccountRegistrationService,
+        UserAccountService userAccountService
     ) {
-        this.userAccountService = userAccountService;
         this.userAccountRegistrationService = userAccountRegistrationService;
+        this.userAccountService = userAccountService;
     }
 
     /**
@@ -42,8 +41,7 @@ public UserRegistrationController(
      * @param model Model
      * @return Formular for entering Email-Address for Registration
      */
-    @PreAuthorize("isAnonymous()")
-    @RequestMapping(path = "/", method = RequestMethod.GET)
+    @RequestMapping(path = "/form", method = RequestMethod.GET)
     public final String registerGet(Model model) {
         log.info("registerGet");
         UserAccountRegistrationForm userAccountRegistrationForm = new UserAccountRegistrationForm();
@@ -59,8 +57,7 @@ public final String registerGet(Model model) {
      * @param model Model
      * @return info page at success or return to form with error messages.
      */
-    @PreAuthorize("isAnonymous()")
-    @RequestMapping(path = "/", method = RequestMethod.POST)
+    @RequestMapping(path = "/form", method = RequestMethod.POST)
     public final String registerPost(
             @Valid UserAccountRegistrationForm userAccountRegistrationForm,
             BindingResult result,
@@ -105,7 +102,6 @@ public final String registerPost(
      * @param model Model
      * @return Formular for Entering Account Task or Error Messages.
      */
-    @PreAuthorize("isAnonymous()")
     @RequestMapping(path = "/confirm/{confirmId}", method = RequestMethod.GET)
     public final String registerConfirmGet(
         @PathVariable String confirmId,
@@ -134,7 +130,6 @@ public final String registerConfirmGet(
      * @param model Model
      * @return login page at success or page with error messages.
      */
-    @PreAuthorize("isAnonymous()")
     @RequestMapping(path = "/confirm/{confirmId}", method = RequestMethod.POST)
     public final String registerConfirmPost(
         @PathVariable String confirmId,

src/main/java/org/woehlke/java/simpleworklist/domain/db/user/account/UserAccountServiceImpl.java

@@ -8,7 +8,6 @@
 
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Propagation;
@@ -33,13 +32,15 @@ public class UserAccountServiceImpl implements UserAccountService {
     public UserAccountServiceImpl(
         UserAccountRepository userAccountRepository,
         ChatMessageRepository userMessageRepository,
-        ContextRepository contextRepository
+        ContextRepository contextRepository,
+        PasswordEncoder encoder
     ) {
         this.userAccountRepository = userAccountRepository;
         this.userMessageRepository = userMessageRepository;
         this.contextRepository = contextRepository;
-        int strength = 10;
-        this.encoder = new BCryptPasswordEncoder(strength);
+        //int strength = this.simpleworklistProperties.getWebSecurity().getStrengthBCryptPasswordEncoder();
+        //this.encoder = new BCryptPasswordEncoder(strength);
+        this.encoder = encoder;
     }
 
     public boolean isEmailAvailable(String email) {

src/main/resources/templates/user/login/loginForm.html

@@ -58,13 +58,13 @@ <h2><small th:utext="#{user.loginForm.h2}">Your Todo-List for Getting Things Don
                     </button>
                 </span>
                 <span class="col-md-4 col-4 m-2 pe-2 align-middle text-right align-self-center">
-                    <a id="registerButton" th:href="@{/user/register/}"
+                    <a id="registerButton" th:href="@{/user/register/form}"
                        class="btn btn-outline-secondary btn-sm align-middle text-right">
                       <i class="fas fa-user"></i><span th:utext="#{user.loginForm.register}"></span>
                     </a>
                 </span>
                 <span class="col-md-4 col-4 m-2 pe-2 align-middle text-right align-self-center">
-                    <a id="passwordResetButton" th:href="@{/user/resetPassword}"
+                    <a id="passwordResetButton" th:href="@{/user/resetPassword/form}"
                        class="btn btn-outline-secondary btn-sm align-middle text-right align-self-center">
                       <i class="fas fa-question-circle"></i><span th:utext="#{user.loginForm.passwordReset}"></span>
                     </a>

src/main/resources/templates/user/register/registerForm.html

@@ -18,7 +18,7 @@ <h1>
 	</div>
 
 	<div th:fragment="mytwcontent">
-        <form id="formId" th:action="@{/user/register/}" th:object="${userAccountRegistrationForm}" method="post">
+        <form id="formId" th:action="@{/user/register/form}" th:object="${userAccountRegistrationForm}" method="post">
             <div class="card">
                 <div class="card-header">
                     <span th:utext="#{user.loginForm.register}">register as new user</span>

src/main/resources/templates/user/resetPassword/resetPasswordForm.html

@@ -18,7 +18,7 @@ <h1>
     </div>
 
     <div th:fragment="mytwcontent">
-        <form id="formId" th:action="@{/user/resetPassword}" th:object="${userAccountRegistrationForm}" method="post">
+        <form id="formId" th:action="@{/user/resetPassword/form}" th:object="${userAccountRegistrationForm}" method="post">
             <div class="card">
                 <div class="card-header">
                     <span th:utext="#{user.resetPasswordForm.h1}">Password Reset</span>