Ajout d'un mode debug pour désactivé le mode "secure" des cookies.

2021-01-12 16:13:20 -05:00 · 2021-01-12 16:13:20 -05:00 · 59c5369030
parent b3facdc7db
commit 59c5369030
5 changed files with 18 additions and 9 deletions
--- a/src/main/java/dev/fyloz/trial/colorrecipesexplorer/model/Mix.java
+++ b/src/main/java/dev/fyloz/trial/colorrecipesexplorer/model/Mix.java
@ -34,7 +34,7 @@ public class Mix implements Model {

    @OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
    @JoinColumn(name = "mix")
-    private List<MixMaterial> mixQuantities;
+    private List<MixMaterial> mixMaterials;

    // Casier
    private String location;
--- a/src/main/java/dev/fyloz/trial/colorrecipesexplorer/service/model/MixService.java
+++ b/src/main/java/dev/fyloz/trial/colorrecipesexplorer/service/model/MixService.java
@ -123,13 +123,13 @@ public class MixService extends AbstractJavaService<Mix, MixRepository> {

    @Deprecated(since = "1.3.0", forRemoval = true)
    public void deleteMix(Mix mix) {
-        mixQuantityService.deleteAll(mix.getMixQuantities());
+        mixQuantityService.deleteAll(mix.getMixMaterials());
        delete(mix);
    }

    @Override
    public void delete(Mix mix) {
-        mixQuantityService.deleteAll(mix.getMixQuantities());
+        mixQuantityService.deleteAll(mix.getMixMaterials());

        super.delete(mix);
    }
--- a/src/main/java/dev/fyloz/trial/colorrecipesexplorer/utils/MixBuilder.java
+++ b/src/main/java/dev/fyloz/trial/colorrecipesexplorer/utils/MixBuilder.java
@ -31,7 +31,7 @@ public class MixBuilder {
        this.recipe = mix.getRecipe();
        this.mixType = mix.getMixType();
        this.location = mix.getLocation();
-        this.mixQuantities = mix.getMixQuantities();
+        this.mixQuantities = mix.getMixMaterials();

        return this;
    }
@ -100,7 +100,7 @@ public class MixBuilder {

        mix.setId(this.id);
        mix.setLocation(this.location);
-        mix.setMixQuantities(this.mixQuantities);
+        mix.setMixMaterials(this.mixQuantities);

        return mix;
    }
--- a/src/main/java/dev/fyloz/trial/colorrecipesexplorer/xlsx/XlsxExporter.java
+++ b/src/main/java/dev/fyloz/trial/colorrecipesexplorer/xlsx/XlsxExporter.java
@ -62,12 +62,12 @@ public class XlsxExporter {
            sheet.registerCell(new SectionTitleCell("Recette"));

            for (Mix mix : recipeMixes) {
-                Table mixTable = new Table(4, mix.getMixQuantities().size() + 1, mix.getMixType().getName());
+                Table mixTable = new Table(4, mix.getMixMaterials().size() + 1, mix.getMixType().getName());
                mixTable.setColumnName(0, "Quantité");
                mixTable.setColumnName(2, "Unités");

                int row = 0;
-                for (MixMaterial mixMaterial : mix.getMixQuantities()) {
+                for (MixMaterial mixMaterial : mix.getMixMaterials()) {
                    mixTable.setRowName(row, mixMaterial.getMaterial().getName());
                    mixTable.setContent(new Position(1, row + 1), mixMaterial.getQuantity());
                    mixTable.setContent(new Position(3, row + 1), mixMaterial.getMaterial().getMaterialType().getUsePercentages() ? "%" : "mL");
--- a/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/config/WebSecurityConfig.kt
+++ b/src/main/kotlin/dev/fyloz/trial/colorrecipesexplorer/config/WebSecurityConfig.kt
@ -4,6 +4,7 @@ import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
 import dev.fyloz.trial.colorrecipesexplorer.model.Employee
 import dev.fyloz.trial.colorrecipesexplorer.model.EmployeeLoginRequest
 import dev.fyloz.trial.colorrecipesexplorer.model.EmployeePermission
+import dev.fyloz.trial.colorrecipesexplorer.service.EmployeeService
 import dev.fyloz.trial.colorrecipesexplorer.service.EmployeeServiceImpl
 import dev.fyloz.trial.colorrecipesexplorer.service.EmployeeUserDetailsServiceImpl
 import io.jsonwebtoken.Jwts
@ -14,6 +15,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties
 import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.core.env.Environment
 import org.springframework.http.HttpMethod
 import org.springframework.security.authentication.AuthenticationManager
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
@ -197,11 +199,15 @@ val blacklistedJwtTokens = mutableListOf<String>()

 class JwtAuthenticationFilter(
    val authManager: AuthenticationManager,
-    val employeeService: EmployeeServiceImpl,
+    val employeeService: EmployeeService,
    val securityConfigurationProperties: SecurityConfigurationProperties
 ) : UsernamePasswordAuthenticationFilter() {
+    private var debugMode = false
+
    init {
        setFilterProcessesUrl("/api/login")
+        debugMode = "debug" in environment.activeProfiles
+        if (debugMode) logger.warn("Debug mode is enabled, cookies will not be secured!")
    }

    override fun attemptAuthentication(request: HttpServletRequest, response: HttpServletResponse): Authentication {
@ -229,9 +235,12 @@ class JwtAuthenticationFilter(
            .signWith(SignatureAlgorithm.HS512, jwtSecret!!.toByteArray())
            .compact()
        response.addHeader("Access-Control-Expose-Headers", "X-Authentication-Expiration")
+        var bearerCookie =
+            "$authorizationCookieName=Bearer$token; Max-Age=${jwtDuration / 1000}; HttpOnly; SameSite=strict"
+        if (!debugMode) bearerCookie += "; Secure;"
        response.addHeader(
            "Set-Cookie",
-            "$authorizationCookieName=Bearer$token; Max-Age=${jwtDuration / 1000}; HttpOnly; Secure; SameSite=strict"
+            bearerCookie
        )
        response.addHeader(authorizationCookieName, "Bearer $token")
        response.addHeader("X-Authentication-Expiration", "$expirationMs")