Merge pull request #101 from Tech-Harbor/Bezsmertnyi

Bezsmertnyi | JWT, Headers
Tech-Harbor · Apr 10, 2024 · ad3141c · ad3141c
2 parents 21915a6 + 74702a7
commit ad3141c
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 15 deletions.
diff --git a/src/main/java/com/example/backend/security/SecurityConfig.java b/src/main/java/com/example/backend/security/SecurityConfig.java
@@ -14,6 +14,7 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -36,7 +37,9 @@ public class SecurityConfig {
     public SecurityFilterChain securityFilterChain(final HttpSecurity http) {
         return http
                 .csrf(AbstractHttpConfigurer::disable)
-                .cors(cors -> cors.configurationSource(corsConfig.corsConfigurationSource()))
+                .cors(cors -> cors
+                        .configurationSource(corsConfig.corsConfigurationSource())
+                )
                 .httpBasic(Customizer.withDefaults())
                 .authorizeHttpRequests(request -> request
                         .requestMatchers("/api/auth/accouth/**").authenticated()
@@ -53,6 +56,9 @@ public SecurityFilterChain securityFilterChain(final HttpSecurity http) {
                 )
                 .authenticationProvider(authProvider)
                 .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
+                .headers(headers -> headers
+                        .frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)
+                )
                 .oauth2Login(oauth -> oauth
                         .successHandler(authGoogle)
                 )

diff --git a/src/main/java/com/example/backend/security/controllers/AuthController.java b/src/main/java/com/example/backend/security/controllers/AuthController.java
@@ -1,11 +1,11 @@
 package com.example.backend.security.controllers;
 
-import com.example.backend.security.models.response.ErrorResponse;
 import com.example.backend.security.models.request.AuthRequest;
 import com.example.backend.security.models.request.EmailRequest;
 import com.example.backend.security.models.request.PasswordRequest;
 import com.example.backend.security.models.request.RegisterRequest;
 import com.example.backend.security.models.response.AuthResponse;
+import com.example.backend.security.models.response.ErrorResponse;
 import com.example.backend.security.service.AuthService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.media.Content;
@@ -20,6 +20,7 @@
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
+import static org.springframework.http.HttpHeaders.AUTHORIZATION;
 import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
 
 @RestController
@@ -72,7 +73,7 @@ public AuthResponse login(@RequestBody @Validated final AuthRequest authRequest)
             @ApiResponse(responseCode = "200", description = "Ok"),
         }
     )
-    public void updatePassword(@RequestParam final String jwt,
+    public void updatePassword(@RequestHeader(AUTHORIZATION) final String jwt,
                                @RequestBody @Validated final PasswordRequest passwordRequest) {
         authService.formUpdatePassword(jwt, passwordRequest);
     }
@@ -117,7 +118,7 @@ public void requestEmailUpdatePassword(@RequestBody @Validated final EmailReques
             ),
         }
     )
-    public void activeUser(@RequestParam final String jwt) {
+    public void activeUser(@RequestHeader(AUTHORIZATION) final String jwt) {
         authService.activeUser(jwt);
     }
 }
diff --git a/src/main/java/com/example/backend/security/jwt/JwtAuthFilter.java b/src/main/java/com/example/backend/security/jwt/JwtAuthFilter.java
@@ -37,7 +37,7 @@ protected void doFilterInternal(
         if (authHeader != null && authHeader.startsWith(BEARER)) {
 
             jwt = authHeader.substring(7);
-            userEmail = jwtService.extractUserEmail(jwt);
+            userEmail = jwtService.extractUserData(jwt);
 
             if (userEmail != null && SecurityContextHolder.getContext().getAuthentication() == null) {
 
@@ -54,9 +54,11 @@ protected void doFilterInternal(
                     authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
 
                     SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+
+                    response.addHeader(AUTHORIZATION, BEARER + jwt);
                 }
             }
         }
         filterChain.doFilter(request, response);
     }
-}
+}
diff --git a/src/main/java/com/example/backend/security/service/JwtService.java b/src/main/java/com/example/backend/security/service/JwtService.java
@@ -8,12 +8,12 @@
 
 public interface JwtService {
     /**
-     * Extracts the user email from the provided JWT token.
+     * Extracts the userData from the provided JWT token.
      *
      * @param token The JWT token from which the user email needs to be extracted
      * @return The user email extracted from the JWT token
      */
-    String extractUserEmail(String token);
+    String extractUserData(String token);
     /**
      * Extracts a specific claim from the provided JWT token.
      *
@@ -38,12 +38,12 @@ public interface JwtService {
      */
     String generateRefreshToken(Authentication authentication);
     /**
-     * Generates a new password token and activates the user associated with the provided email.
+     * Generates a new password token and activates the user associated with the provided userData.
      *
      * @param email The email of the user to generate the token for and activate
      * @return The generated token
      */
-    String generateNewPasswordTokenAndActiveUser(String email);
+    String generateNewPasswordTokenAndActiveUser(String userData);
     /**
      * Checks if the provided token is valid for the given user details.
      *

diff --git a/src/main/java/com/example/backend/security/service/impl/JwtServiceImpl.java b/src/main/java/com/example/backend/security/service/impl/JwtServiceImpl.java
@@ -24,7 +24,7 @@ public class JwtServiceImpl implements JwtService {
     private final JwtProperties jwtProperties;
 
     @Override
-    public String extractUserEmail(final String token) {
+    public String extractUserData(final String token) {
         return extractClaim(token, Claims::getSubject);
     }
 
@@ -45,8 +45,8 @@ public String generateRefreshToken(final Authentication authentication) {
     }
 
     @Override
-    public String generateNewPasswordTokenAndActiveUser(final String email) {
-        return generateJwtNewPasswordTokenAndActiveUser(email);
+    public String generateNewPasswordTokenAndActiveUser(final String userData) {
+        return generateJwtNewPasswordTokenAndActiveUser(userData);
     }
 
     private String generateJwtNewPasswordTokenAndActiveUser(final String userData) {
@@ -83,7 +83,7 @@ private String generateJwtRefreshToken(final Map<String, Object> extraClaims, fi
 
     @Override
     public boolean isTokenValid(final String token, final MyUserDetails userDetails) {
-        final String userEmail = extractUserEmail(token);
+        final String userEmail = extractUserData(token);
         return userEmail.equals(userDetails.getUsername()) && !isTokenExpired(token);
     }
 

diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
@@ -61,4 +61,4 @@ jwt:
   key: ${JWT_KEY}
   jwtAccessExpiration: 604800000
   jwtRefreshExpiration: 2592000000
-  jwtNewPasswordExpirationAndActiveUser: 120000
+  jwtNewPasswordExpirationAndActiveUser: 86400000