From f02e4179fdbdf793771544f4c303f1f04d17e02a Mon Sep 17 00:00:00 2001
From: FyloZ <fylozdev@gmail.com>
Date: Tue, 16 Feb 2021 13:59:25 -0500
Subject: [PATCH 1/3] =?UTF-8?q?JwtAuthorizationFilter.getAuthenticationTok?=
 =?UTF-8?q?en(String)=20retourne=20null=20si=20aucun=20employ=C3=A9=20avec?=
 =?UTF-8?q?=20l'identifiant=20donn=C3=A9=20n'a=20=C3=A9t=C3=A9=20trouv?=
 =?UTF-8?q?=C3=A9.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../colorrecipesexplorer/config/WebSecurityConfig.kt      | 8 +++++---
 .../trial/colorrecipesexplorer/service/AccountService.kt  | 3 +--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/config/WebSecurityConfig.kt b/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/config/WebSecurityConfig.kt
index 928c7e9..7f3e210 100644
--- a/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/config/WebSecurityConfig.kt
+++ b/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/config/WebSecurityConfig.kt
@@ -1,6 +1,7 @@
 package dev.fyloz.trial.colorrecipesexplorer.config
 
 import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
+import dev.fyloz.trial.colorrecipesexplorer.exception.model.EntityNotFoundRestException
 import dev.fyloz.trial.colorrecipesexplorer.model.Employee
 import dev.fyloz.trial.colorrecipesexplorer.model.EmployeeLoginRequest
 import dev.fyloz.trial.colorrecipesexplorer.model.EmployeePermission
@@ -53,7 +54,6 @@ import javax.servlet.http.HttpServletResponse
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 @EnableConfigurationProperties(SecurityConfigurationProperties::class)
 class WebSecurityConfig(
-    val restAuthenticationEntryPoint: RestAuthenticationEntryPoint,
     val securityConfigurationProperties: SecurityConfigurationProperties,
     @Lazy val userDetailsService: EmployeeUserDetailsServiceImpl,
     @Lazy val employeeService: EmployeeServiceImpl,
@@ -288,9 +288,11 @@ class JwtAuthorizationFilter(
         }
     }
 
-    private fun getAuthenticationToken(employeeId: String): UsernamePasswordAuthenticationToken {
+    private fun getAuthenticationToken(employeeId: String): UsernamePasswordAuthenticationToken? = try {
         val employeeDetails = userDetailsService.loadUserByEmployeeId(employeeId.toLong(), false)
-        return UsernamePasswordAuthenticationToken(employeeDetails.username, null, employeeDetails.authorities)
+        UsernamePasswordAuthenticationToken(employeeDetails.username, null, employeeDetails.authorities)
+    } catch (_: EntityNotFoundRestException) {
+        null
     }
 }
 
diff --git a/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/service/AccountService.kt b/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/service/AccountService.kt
index fbd32d0..366bc19 100644
--- a/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/service/AccountService.kt
+++ b/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/service/AccountService.kt
@@ -322,8 +322,7 @@ class EmployeeGroupServiceImpl(
 
 @Service
 class EmployeeUserDetailsServiceImpl(
-    val employeeService: EmployeeService,
-    val securityConfigurationProperties: SecurityConfigurationProperties
+    val employeeService: EmployeeService
 ) :
     EmployeeUserDetailsService {
     override fun loadUserByUsername(username: String): UserDetails {

From 329b883a6a561050c390659de61638a4ecde230d Mon Sep 17 00:00:00 2001
From: FyloZ <fylozdev@gmail.com>
Date: Tue, 16 Feb 2021 14:11:40 -0500
Subject: [PATCH 2/3] Correction des tests

---
 .../colorrecipesexplorer/service/AccountsServiceTest.kt    | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/test/kotlin/dev/fyloz/trial/colorrecipesexplorer/service/AccountsServiceTest.kt b/src/test/kotlin/dev/fyloz/trial/colorrecipesexplorer/service/AccountsServiceTest.kt
index 70c60f8..1fc7d60 100644
--- a/src/test/kotlin/dev/fyloz/trial/colorrecipesexplorer/service/AccountsServiceTest.kt
+++ b/src/test/kotlin/dev/fyloz/trial/colorrecipesexplorer/service/AccountsServiceTest.kt
@@ -398,12 +398,7 @@ class EmployeeGroupServiceTest : AbstractExternalModelServiceTest<EmployeeGroup,
 
 class EmployeeUserDetailsServiceTest {
     private val employeeService: EmployeeService = mock()
-    private val securityConfigurationProperties = SecurityConfigurationProperties().apply {
-        jwtSecret = "secret"
-        jwtDuration = 1000L
-        root = SecurityConfigurationProperties.SystemUserCredentials(999L, "root")
-    }
-    private val service = spy(EmployeeUserDetailsServiceImpl(employeeService, securityConfigurationProperties))
+    private val service = spy(EmployeeUserDetailsServiceImpl(employeeService))
 
     private val employee = employee(id = 0L)
 

From a026c4a7a07e8a70092afc061920b4a44b146bcd Mon Sep 17 00:00:00 2001
From: FyloZ <fylozdev@gmail.com>
Date: Tue, 16 Feb 2021 14:20:16 -0500
Subject: [PATCH 3/3] =?UTF-8?q?Correction=20du=20endpoint=20/employee/curr?=
 =?UTF-8?q?ent=20qui=20ne=20fonctionnait=20pas=20lorsque=20aucun=20employ?=
 =?UTF-8?q?=C3=A9=20n'=C3=A9tait=20connect=C3=A9=20parce=20que=20le=20para?=
 =?UTF-8?q?m=C3=AAtre=20"loggedInEmployee"=20n'=C3=A9tait=20pas=20nullable?=
 =?UTF-8?q?.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../rest/AccountControllers.kt                | 60 +++++++++++++------
 1 file changed, 41 insertions(+), 19 deletions(-)

diff --git a/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/rest/AccountControllers.kt b/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/rest/AccountControllers.kt
index 5307066..a405685 100644
--- a/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/rest/AccountControllers.kt
+++ b/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/rest/AccountControllers.kt
@@ -19,36 +19,54 @@ private const val EMPLOYEE_GROUP_CONTROLLER_PATH = "api/employee/group"
 @RequestMapping(EMPLOYEE_CONTROLLER_PATH)
 @Profile("rest")
 class EmployeeController(employeeService: EmployeeServiceImpl) :
-        AbstractModelRestApiController<Employee, EmployeeSaveDto, EmployeeUpdateDto, EmployeeServiceImpl>(employeeService, EMPLOYEE_CONTROLLER_PATH) {
+    AbstractModelRestApiController<Employee, EmployeeSaveDto, EmployeeUpdateDto, EmployeeServiceImpl>(
+        employeeService,
+        EMPLOYEE_CONTROLLER_PATH
+    ) {
     @GetMapping("current")
     @ResponseStatus(HttpStatus.OK)
-    fun getCurrent(loggedInEmployee: Principal): ResponseEntity<Employee> = ResponseEntity.ok(service.getById(loggedInEmployee.name.toLong(), ignoreDefaultGroupUsers = false, ignoreSystemUsers = false))
+    fun getCurrent(loggedInEmployee: Principal?): ResponseEntity<Employee> = if (loggedInEmployee != null)
+        ResponseEntity.ok(
+            service.getById(
+                loggedInEmployee.name.toLong(),
+                ignoreDefaultGroupUsers = false,
+                ignoreSystemUsers = false
+            )
+        )
+    else
+        ResponseEntity.status(HttpStatus.FORBIDDEN).build()
 
     @PutMapping("{id}/password", consumes = [MediaType.TEXT_PLAIN_VALUE])
     @ResponseStatus(HttpStatus.NO_CONTENT)
     fun updatePassword(@PathVariable id: Long, @RequestBody password: String): ResponseEntity<Void> {
         service.updatePassword(id, password)
         return ResponseEntity
-                .noContent()
-                .build()
+            .noContent()
+            .build()
     }
 
     @PutMapping("{employeeId}/permissions/{permission}")
     @ResponseStatus(HttpStatus.NO_CONTENT)
-    fun addPermission(@PathVariable employeeId: Long, @PathVariable permission: EmployeePermission): ResponseEntity<Void> {
+    fun addPermission(
+        @PathVariable employeeId: Long,
+        @PathVariable permission: EmployeePermission
+    ): ResponseEntity<Void> {
         service.addPermission(employeeId, permission)
         return ResponseEntity
-                .noContent()
-                .build()
+            .noContent()
+            .build()
     }
 
     @DeleteMapping("{employeeId}/permissions/{permission}")
     @ResponseStatus(HttpStatus.NO_CONTENT)
-    fun removePermission(@PathVariable employeeId: Long, @PathVariable permission: EmployeePermission): ResponseEntity<Void> {
+    fun removePermission(
+        @PathVariable employeeId: Long,
+        @PathVariable permission: EmployeePermission
+    ): ResponseEntity<Void> {
         service.removePermission(employeeId, permission)
         return ResponseEntity
-                .noContent()
-                .build()
+            .noContent()
+            .build()
     }
 
     @GetMapping("logout")
@@ -63,32 +81,36 @@ class EmployeeController(employeeService: EmployeeServiceImpl) :
 @RequestMapping(EMPLOYEE_GROUP_CONTROLLER_PATH)
 @Profile("rest")
 class GroupsController(groupService: EmployeeGroupServiceImpl) :
-        AbstractModelRestApiController<EmployeeGroup, EmployeeGroupSaveDto, EmployeeGroupUpdateDto, EmployeeGroupServiceImpl>(groupService, EMPLOYEE_GROUP_CONTROLLER_PATH) {
+    AbstractModelRestApiController<EmployeeGroup, EmployeeGroupSaveDto, EmployeeGroupUpdateDto, EmployeeGroupServiceImpl>(
+        groupService,
+        EMPLOYEE_GROUP_CONTROLLER_PATH
+    ) {
     @GetMapping("{id}/employees")
     @ResponseStatus(HttpStatus.OK)
-    fun getEmployeesForGroup(@PathVariable id: Long): ResponseEntity<Collection<Employee>> = ResponseEntity.ok(service.getEmployeesForGroup(id))
+    fun getEmployeesForGroup(@PathVariable id: Long): ResponseEntity<Collection<Employee>> =
+        ResponseEntity.ok(service.getEmployeesForGroup(id))
 
     @PostMapping("default/{groupId}")
     @ResponseStatus(HttpStatus.NO_CONTENT)
     fun setDefaultGroup(@PathVariable groupId: Long, response: HttpServletResponse): ResponseEntity<Void> {
         service.setResponseDefaultGroup(groupId, response)
         return ResponseEntity
-                .noContent()
-                .build()
+            .noContent()
+            .build()
     }
 
     @GetMapping("default")
     @ResponseStatus(HttpStatus.OK)
     fun getRequestDefaultGroup(request: HttpServletRequest): ResponseEntity<EmployeeGroup> =
-            ResponseEntity.ok(service.getRequestDefaultGroup(request))
+        ResponseEntity.ok(service.getRequestDefaultGroup(request))
 
     @PutMapping("{groupId}/{employeeId}")
     @ResponseStatus(HttpStatus.NO_CONTENT)
     fun addEmployeeToGroup(@PathVariable groupId: Long, @PathVariable employeeId: Long): ResponseEntity<Void> {
         service.addEmployeeToGroup(groupId, employeeId)
         return ResponseEntity
-                .noContent()
-                .build()
+            .noContent()
+            .build()
     }
 
     @DeleteMapping("{groupId}/{employeeId}")
@@ -96,7 +118,7 @@ class GroupsController(groupService: EmployeeGroupServiceImpl) :
     fun removeEmployeeFromGroup(@PathVariable groupId: Long, @PathVariable employeeId: Long): ResponseEntity<Void> {
         service.removeEmployeeFromGroup(groupId, employeeId)
         return ResponseEntity
-                .noContent()
-                .build()
+            .noContent()
+            .build()
     }
 }