diff --git a/build.gradle.kts b/build.gradle.kts index 574ac80..d0df0f4 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -2,13 +2,13 @@ import org.jetbrains.kotlin.gradle.tasks.KotlinCompile group = "dev.fyloz.colorrecipesexplorer" -val kotlinVersion = "1.5.21" -val springBootVersion = "2.3.4.RELEASE" +val kotlinVersion = "1.6.0" +val springBootVersion = "2.5.6" plugins { // Outer scope variables can't be accessed in the plugins section, so we have to redefine them here - val kotlinVersion = "1.5.21" - val springBootVersion = "2.3.4.RELEASE" + val kotlinVersion = "1.6.0" + val springBootVersion = "2.5.6" id("java") id("org.jetbrains.kotlin.jvm") version kotlinVersion @@ -30,9 +30,11 @@ dependencies { implementation(platform("org.jetbrains.kotlin:kotlin-bom:${kotlinVersion}")) implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8:${kotlinVersion}") implementation("org.jetbrains.kotlin:kotlin-reflect:${kotlinVersion}") - implementation("com.fasterxml.jackson.module:jackson-module-kotlin:2.11.3") + implementation("com.fasterxml.jackson.module:jackson-module-kotlin:2.13.0") implementation("javax.xml.bind:jaxb-api:2.3.0") - implementation("io.jsonwebtoken:jjwt:0.9.1") + implementation("io.jsonwebtoken:jjwt-api:0.11.2") + implementation("io.jsonwebtoken:jjwt-impl:0.11.2") + implementation("io.jsonwebtoken:jjwt-jackson:0.11.2") implementation("org.apache.poi:poi-ooxml:4.1.0") implementation("org.apache.pdfbox:pdfbox:2.0.4") implementation("dev.fyloz.colorrecipesexplorer:database-manager:5.2.1") @@ -45,10 +47,9 @@ dependencies { implementation("org.springframework.boot:spring-boot-configuration-processor:${springBootVersion}") implementation("org.springframework.boot:spring-boot-devtools:${springBootVersion}") - testImplementation("org.springframework:spring-test:5.1.6.RELEASE") - testImplementation("org.mockito:mockito-inline:3.12.4") + testImplementation("org.springframework:spring-test:5.3.13") + testImplementation("org.mockito:mockito-inline:3.11.2") testImplementation("com.nhaarman.mockitokotlin2:mockito-kotlin:2.2.0") - testImplementation("org.junit.jupiter:junit-jupiter-api:5.7.2") testImplementation("io.mockk:mockk:1.12.0") testImplementation("org.springframework.boot:spring-boot-starter-test:${springBootVersion}") testImplementation("org.springframework.boot:spring-boot-test-autoconfigure:${springBootVersion}") @@ -58,8 +59,6 @@ dependencies { runtimeOnly("mysql:mysql-connector-java:8.0.22") runtimeOnly("org.postgresql:postgresql:42.2.16") runtimeOnly("com.microsoft.sqlserver:mssql-jdbc:9.2.1.jre11") - - implementation("org.springframework.cloud:spring-cloud-starter:2.2.8.RELEASE") } springBoot { diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index e708b1c..7454180 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 69a9715..ffed3a2 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew index 4f906e0..1b6c787 100755 --- a/gradlew +++ b/gradlew @@ -1,7 +1,7 @@ -#!/usr/bin/env sh +#!/bin/sh # -# Copyright 2015 the original author or authors. +# Copyright © 2015-2021 the original authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,67 +17,101 @@ # ############################################################################## -## -## Gradle start up script for UN*X -## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# ############################################################################## # Attempt to set APP_HOME + # Resolve links: $0 may be a link -PRG="$0" -# Need this for relative symlinks. -while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`"/$link" - fi +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac done -SAVED="`pwd`" -cd "`dirname \"$PRG\"`/" >/dev/null -APP_HOME="`pwd -P`" -cd "$SAVED" >/dev/null + +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit APP_NAME="Gradle" -APP_BASE_NAME=`basename "$0"` +APP_BASE_NAME=${0##*/} # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' # Use the maximum available, or set MAX_FD != -1 to use that value. -MAX_FD="maximum" +MAX_FD=maximum warn () { echo "$*" -} +} >&2 die () { echo echo "$*" echo exit 1 -} +} >&2 # OS specific support (must be 'true' or 'false'). cygwin=false msys=false darwin=false nonstop=false -case "`uname`" in - CYGWIN* ) - cygwin=true - ;; - Darwin* ) - darwin=true - ;; - MINGW* ) - msys=true - ;; - NONSTOP* ) - nonstop=true - ;; +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; esac CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar @@ -87,9 +121,9 @@ CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then # IBM's JDK on AIX uses strange locations for the executables - JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACMD=$JAVA_HOME/jre/sh/java else - JAVACMD="$JAVA_HOME/bin/java" + JAVACMD=$JAVA_HOME/bin/java fi if [ ! -x "$JAVACMD" ] ; then die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME @@ -98,7 +132,7 @@ Please set the JAVA_HOME variable in your environment to match the location of your Java installation." fi else - JAVACMD="java" + JAVACMD=java which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. Please set the JAVA_HOME variable in your environment to match the @@ -106,80 +140,95 @@ location of your Java installation." fi # Increase the maximum file descriptors if we can. -if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then - MAX_FD_LIMIT=`ulimit -H -n` - if [ $? -eq 0 ] ; then - if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then - MAX_FD="$MAX_FD_LIMIT" - fi - ulimit -n $MAX_FD - if [ $? -ne 0 ] ; then - warn "Could not set maximum file descriptor limit: $MAX_FD" - fi - else - warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" - fi -fi - -# For Darwin, add options to specify how the application appears in the dock -if $darwin; then - GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" -fi - -# For Cygwin or MSYS, switch paths to Windows format before running java -if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then - APP_HOME=`cygpath --path --mixed "$APP_HOME"` - CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` - - JAVACMD=`cygpath --unix "$JAVACMD"` - - # We build the pattern for arguments to be converted via cygpath - ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` - SEP="" - for dir in $ROOTDIRSRAW ; do - ROOTDIRS="$ROOTDIRS$SEP$dir" - SEP="|" - done - OURCYGPATTERN="(^($ROOTDIRS))" - # Add a user-defined pattern to the cygpath arguments - if [ "$GRADLE_CYGPATTERN" != "" ] ; then - OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" - fi - # Now convert the arguments - kludge to limit ourselves to /bin/sh - i=0 - for arg in "$@" ; do - CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` - CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option - - if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition - eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` - else - eval `echo args$i`="\"$arg\"" - fi - i=`expr $i + 1` - done - case $i in - 0) set -- ;; - 1) set -- "$args0" ;; - 2) set -- "$args0" "$args1" ;; - 3) set -- "$args0" "$args1" "$args2" ;; - 4) set -- "$args0" "$args1" "$args2" "$args3" ;; - 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" esac fi -# Escape application args -save () { - for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done - echo " " -} -APP_ARGS=`save "$@"` +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. -# Collect all arguments for the java command, following the shell quoting and substitution rules -eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' exec "$JAVACMD" "$@" diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/TypeAliases.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/TypeAliases.kt new file mode 100644 index 0000000..b56a00d --- /dev/null +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/TypeAliases.kt @@ -0,0 +1,5 @@ +package dev.fyloz.colorrecipesexplorer + +typealias SpringUser = org.springframework.security.core.userdetails.User +typealias SpringUserDetails = org.springframework.security.core.userdetails.UserDetails +typealias SpringUserDetailsService = org.springframework.security.core.userdetails.UserDetailsService diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/JwtFilters.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/JwtFilters.kt index bca86e3..16523e8 100644 --- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/JwtFilters.kt +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/JwtFilters.kt @@ -3,32 +3,33 @@ package dev.fyloz.colorrecipesexplorer.config.security import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper import dev.fyloz.colorrecipesexplorer.config.properties.CreSecurityProperties import dev.fyloz.colorrecipesexplorer.exception.NotFoundException +import dev.fyloz.colorrecipesexplorer.model.account.UserDetails import dev.fyloz.colorrecipesexplorer.model.account.UserLoginRequest +import dev.fyloz.colorrecipesexplorer.model.account.UserOutputDto +import dev.fyloz.colorrecipesexplorer.model.account.toAuthorities +import dev.fyloz.colorrecipesexplorer.service.users.JwtService +import dev.fyloz.colorrecipesexplorer.service.users.UserDetailsService +import dev.fyloz.colorrecipesexplorer.utils.addCookie import io.jsonwebtoken.ExpiredJwtException -import io.jsonwebtoken.Jwts -import io.jsonwebtoken.SignatureAlgorithm import org.springframework.security.authentication.AuthenticationManager import org.springframework.security.authentication.UsernamePasswordAuthenticationToken import org.springframework.security.core.Authentication import org.springframework.security.core.context.SecurityContextHolder -import org.springframework.security.core.userdetails.User -import org.springframework.security.core.userdetails.UserDetails import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter import org.springframework.security.web.authentication.www.BasicAuthenticationFilter -import org.springframework.util.Assert import org.springframework.web.util.WebUtils -import java.util.* import javax.servlet.FilterChain import javax.servlet.http.HttpServletRequest import javax.servlet.http.HttpServletResponse const val authorizationCookieName = "Authorization" const val defaultGroupCookieName = "Default-Group" -val blacklistedJwtTokens = mutableListOf() +val blacklistedJwtTokens = mutableListOf() // Not working, move to a cache or something class JwtAuthenticationFilter( private val authManager: AuthenticationManager, - private val securityConfigurationProperties: CreSecurityProperties, + private val jwtService: JwtService, + private val securityProperties: CreSecurityProperties, private val updateUserLoginTime: (Long) -> Unit ) : UsernamePasswordAuthenticationFilter() { private var debugMode = false @@ -47,38 +48,27 @@ class JwtAuthenticationFilter( request: HttpServletRequest, response: HttpServletResponse, chain: FilterChain, - authResult: Authentication + auth: Authentication ) { - val jwtSecret = securityConfigurationProperties.jwtSecret - val jwtDuration = securityConfigurationProperties.jwtDuration - Assert.notNull(jwtSecret, "No JWT secret has been defined.") - Assert.notNull(jwtDuration, "No JWT duration has been defined.") - val userId = (authResult.principal as User).username - updateUserLoginTime(userId.toLong()) - val expirationMs = System.currentTimeMillis() + jwtDuration - val expirationDate = Date(expirationMs) - val token = Jwts.builder() - .setSubject(userId) - .setExpiration(expirationDate) - .signWith(SignatureAlgorithm.HS512, jwtSecret.toByteArray()) - .compact() - response.addHeader("Access-Control-Expose-Headers", "X-Authentication-Expiration") - var bearerCookie = - "$authorizationCookieName=Bearer$token; Max-Age=${jwtDuration / 1000}; HttpOnly; SameSite=strict" - if (!debugMode) bearerCookie += "; Secure;" - response.addHeader( - "Set-Cookie", - bearerCookie - ) + val userDetails = auth.principal as UserDetails + val token = jwtService.buildJwt(userDetails) + response.addHeader(authorizationCookieName, "Bearer $token") - response.addHeader("X-Authentication-Expiration", "$expirationMs") + response.addCookie(authorizationCookieName, "Bearer$token") { + httpOnly = true + sameSite = true + secure = !debugMode + maxAge = securityProperties.jwtDuration / 1000 + } + + updateUserLoginTime(userDetails.user.id) } } class JwtAuthorizationFilter( - private val securityConfigurationProperties: CreSecurityProperties, + private val jwtService: JwtService, authenticationManager: AuthenticationManager, - private val loadUserById: (Long) -> UserDetails + private val userDetailsService: UserDetailsService ) : BasicAuthenticationFilter(authenticationManager) { override fun doFilterInternal(request: HttpServletRequest, response: HttpServletResponse, chain: FilterChain) { fun tryLoginFromBearer(): Boolean { @@ -112,24 +102,24 @@ class JwtAuthorizationFilter( } private fun getAuthentication(token: String): UsernamePasswordAuthenticationToken? { - val jwtSecret = securityConfigurationProperties.jwtSecret - Assert.notNull(jwtSecret, "No JWT secret has been defined.") return try { - val userId = Jwts.parser() - .setSigningKey(jwtSecret.toByteArray()) - .parseClaimsJws(token.replace("Bearer", "")) - .body - .subject - if (userId != null) getAuthenticationToken(userId) else null + val user = jwtService.parseJwt(token.replace("Bearer", "")) + getAuthenticationToken(user) } catch (_: ExpiredJwtException) { null } } - private fun getAuthenticationToken(userId: String): UsernamePasswordAuthenticationToken? = try { - val userDetails = loadUserById(userId.toLong()) + private fun getAuthenticationToken(user: UserOutputDto) = + UsernamePasswordAuthenticationToken(user.id, null, user.permissions.toAuthorities()) + + private fun getAuthenticationToken(userId: Long): UsernamePasswordAuthenticationToken? = try { + val userDetails = userDetailsService.loadUserById(userId) UsernamePasswordAuthenticationToken(userDetails.username, null, userDetails.authorities) } catch (_: NotFoundException) { null } + + private fun getAuthenticationToken(userId: String) = + getAuthenticationToken(userId.toLong()) } diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt index 72fcbd0..7272775 100644 --- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt @@ -4,8 +4,9 @@ import dev.fyloz.colorrecipesexplorer.config.properties.CreSecurityProperties import dev.fyloz.colorrecipesexplorer.emergencyMode import dev.fyloz.colorrecipesexplorer.model.account.Permission import dev.fyloz.colorrecipesexplorer.model.account.User -import dev.fyloz.colorrecipesexplorer.service.CreUserDetailsService -import dev.fyloz.colorrecipesexplorer.service.UserService +import dev.fyloz.colorrecipesexplorer.service.users.JwtService +import dev.fyloz.colorrecipesexplorer.service.users.UserDetailsService +import dev.fyloz.colorrecipesexplorer.service.users.UserService import org.slf4j.Logger import org.springframework.boot.context.properties.EnableConfigurationProperties import org.springframework.context.annotation.Bean @@ -21,67 +22,52 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter import org.springframework.security.config.http.SessionCreationPolicy import org.springframework.security.core.AuthenticationException -import org.springframework.security.core.authority.SimpleGrantedAuthority -import org.springframework.security.core.userdetails.UserDetails -import org.springframework.security.core.userdetails.UsernameNotFoundException import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder -import org.springframework.security.crypto.password.PasswordEncoder import org.springframework.security.web.AuthenticationEntryPoint import org.springframework.stereotype.Component -import org.springframework.util.Assert import org.springframework.web.cors.CorsConfiguration import org.springframework.web.cors.UrlBasedCorsConfigurationSource import javax.annotation.PostConstruct import javax.servlet.http.HttpServletRequest import javax.servlet.http.HttpServletResponse -import org.springframework.security.core.userdetails.User as SpringUser -@Configuration -@Profile("!emergency") -@EnableWebSecurity -@EnableGlobalMethodSecurity(prePostEnabled = true) -@EnableConfigurationProperties(CreSecurityProperties::class) -class SecurityConfig( - private val securityProperties: CreSecurityProperties, - @Lazy private val userDetailsService: CreUserDetailsService, - @Lazy private val userService: UserService, +private const val angularDevServerOrigin = "http://localhost:4200" +private const val rootUserFirstName = "Root" +private const val rootUserLastName = "User" + +abstract class BaseSecurityConfig( + private val userDetailsService: UserDetailsService, + private val jwtService: JwtService, private val environment: Environment, - private val logger: Logger + protected val logger: Logger, + protected val securityProperties: CreSecurityProperties ) : WebSecurityConfigurerAdapter() { + protected val passwordEncoder = BCryptPasswordEncoder() var debugMode = false + @Bean + open fun passwordEncoder() = + passwordEncoder + + @Bean + open fun corsConfigurationSource() = + UrlBasedCorsConfigurationSource().apply { + registerCorsConfiguration("/**", CorsConfiguration().apply { + allowedOrigins = listOf(angularDevServerOrigin) + allowedMethods = listOf( + HttpMethod.GET.name, + HttpMethod.POST.name, + HttpMethod.PUT.name, + HttpMethod.DELETE.name, + HttpMethod.OPTIONS.name, + HttpMethod.HEAD.name + ) + allowCredentials = true + }.applyPermitDefaultValues()) + } + override fun configure(authBuilder: AuthenticationManagerBuilder) { - authBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()) - } - - @Bean - fun passwordEncoder() = - getPasswordEncoder() - - @Bean - fun corsConfigurationSource() = - getCorsConfigurationSource() - - @PostConstruct - fun initWebSecurity() { - if (emergencyMode) { - logger.error("Emergency mode is enabled, system users will not be created") - return - } - - debugMode = "debug" in environment.activeProfiles - if (debugMode) logger.warn("Debug mode is enabled, security will be decreased!") - - // Create Root user - assertRootUserNotNull(securityProperties) - createSystemUser( - securityProperties.root!!, - userService, - passwordEncoder(), - "Root", - "User", - listOf(Permission.ADMIN) - ) + authBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder) } override fun configure(http: HttpSecurity) { @@ -90,73 +76,15 @@ class SecurityConfig( .and() .csrf().disable() .addFilter( - JwtAuthenticationFilter(authenticationManager(), securityProperties) { - userService.updateLastLoginTime(it) - } + JwtAuthenticationFilter( + authenticationManager(), + jwtService, + securityProperties, + this::updateUserLoginTime + ) ) .addFilter( - JwtAuthorizationFilter(securityProperties, authenticationManager()) { - userDetailsService.loadUserById(it, false) - } - ) - .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) - - if (!debugMode) { - http - .authorizeRequests() - .anyRequest().permitAll() - } else { - http - .cors() - .and() - .authorizeRequests() - .antMatchers("**").permitAll() - } - } -} - -@Configuration -@Profile("emergency") -@EnableConfigurationProperties(CreSecurityProperties::class) -class EmergencySecurityConfig( - private val securityProperties: CreSecurityProperties, - private val environment: Environment -) : WebSecurityConfigurerAdapter() { - private val rootUserRole = Permission.ADMIN.name - - init { - emergencyMode = true - } - - @Bean - fun corsConfigurationSource() = - getCorsConfigurationSource() - - @Bean - fun passwordEncoder() = - getPasswordEncoder() - - override fun configure(auth: AuthenticationManagerBuilder) { - assertRootUserNotNull(securityProperties) - // Create in-memory root user - auth.inMemoryAuthentication() - .withUser(securityProperties.root!!.id.toString()) - .password(passwordEncoder().encode(securityProperties.root!!.password)) - .authorities(SimpleGrantedAuthority(rootUserRole)) - } - - override fun configure(http: HttpSecurity) { - val debugMode = "debug" in environment.activeProfiles - - http - .headers().frameOptions().disable() - .and() - .csrf().disable() - .addFilter( - JwtAuthenticationFilter(authenticationManager(), securityProperties) { } - ) - .addFilter( - JwtAuthorizationFilter(securityProperties, authenticationManager(), this::loadUserById) + JwtAuthorizationFilter(jwtService, authenticationManager(), userDetailsService) ) .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() @@ -165,20 +93,82 @@ class EmergencySecurityConfig( .antMatchers("/api/login").permitAll() if (debugMode) { - http.cors() + http + .cors() } } - private fun loadUserById(id: Long): UserDetails { - assertRootUserNotNull(securityProperties) - if (id == securityProperties.root!!.id) { - return SpringUser( - id.toString(), - securityProperties.root!!.password, - listOf(SimpleGrantedAuthority(rootUserRole)) - ) + @PostConstruct + fun initDebugMode() { + debugMode = "debug" in environment.activeProfiles + if (debugMode) logger.warn("Debug mode is enabled, security will be decreased!") + } + + protected open fun updateUserLoginTime(userId: Long) { + } +} + +@Configuration +@Profile("!emergency") +@EnableWebSecurity +@EnableGlobalMethodSecurity(prePostEnabled = true) +@EnableConfigurationProperties(CreSecurityProperties::class) +class SecurityConfig( + @Lazy userDetailsService: UserDetailsService, + @Lazy private val userService: UserService, + jwtService: JwtService, + environment: Environment, + logger: Logger, + securityProperties: CreSecurityProperties +) : BaseSecurityConfig(userDetailsService, jwtService, environment, logger, securityProperties) { + @PostConstruct + fun initWebSecurity() { + if (emergencyMode) { + logger.error("Emergency mode is enabled, system users will not be created") + return } - throw UsernameNotFoundException(id.toString()) + + createRootUser() + } + + override fun updateUserLoginTime(userId: Long) { + userService.updateLastLoginTime(userId) + } + + private fun createRootUser() { + if (securityProperties.root == null) { + throw InvalidSystemUserException("root", "cre.security.root configuration is not defined") + } + + with(securityProperties.root!!) { + if (!userService.existsById(this.id)) { + userService.save( + User( + id = this.id, + firstName = rootUserFirstName, + lastName = rootUserLastName, + password = passwordEncoder.encode(this.password), + isSystemUser = true, + permissions = mutableSetOf(Permission.ADMIN) + ) + ) + } + } + } +} + +@Configuration +@Profile("emergency") +@EnableConfigurationProperties(CreSecurityProperties::class) +class EmergencySecurityConfig( + userDetailsService: UserDetailsService, + jwtService: JwtService, + environment: Environment, + logger: Logger, + securityProperties: CreSecurityProperties +) : BaseSecurityConfig(userDetailsService, jwtService, environment, logger, securityProperties) { + init { + emergencyMode = true } } @@ -191,50 +181,5 @@ class RestAuthenticationEntryPoint : AuthenticationEntryPoint { ) = response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized") } -fun createSystemUser( - credentials: CreSecurityProperties.SystemUserCredentials, - userService: UserService, - passwordEncoder: PasswordEncoder, - firstName: String, - lastName: String, - permissions: List -) { - Assert.notNull(credentials.id, "A system user has no identifier defined") - Assert.notNull(credentials.password, "A system user has no password defined") - - if (!userService.existsById(credentials.id)) { - userService.save( - User( - id = credentials.id, - firstName = firstName, - lastName = lastName, - password = passwordEncoder.encode(credentials.password), - isSystemUser = true, - permissions = permissions.toMutableSet() - ) - ) - } -} - -fun getPasswordEncoder() = - BCryptPasswordEncoder() - -fun getCorsConfigurationSource() = - UrlBasedCorsConfigurationSource().apply { - registerCorsConfiguration("/**", CorsConfiguration().apply { - allowedOrigins = listOf("http://localhost:4200") // Angular development server - allowedMethods = listOf( - HttpMethod.GET.name, - HttpMethod.POST.name, - HttpMethod.PUT.name, - HttpMethod.DELETE.name, - HttpMethod.OPTIONS.name, - HttpMethod.HEAD.name - ) - allowCredentials = true - }.applyPermitDefaultValues()) - } - -private fun assertRootUserNotNull(securityProperties: CreSecurityProperties) { - Assert.notNull(securityProperties.root, "cre.security.root should be defined") -} +private class InvalidSystemUserException(userType: String, message: String) : + RuntimeException("Invalid $userType user: $message") diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/model/account/User.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/model/account/User.kt index 3f4a64a..ac6f5d6 100644 --- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/model/account/User.kt +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/model/account/User.kt @@ -1,12 +1,12 @@ package dev.fyloz.colorrecipesexplorer.model.account +import dev.fyloz.colorrecipesexplorer.SpringUserDetails import dev.fyloz.colorrecipesexplorer.exception.AlreadyExistsException import dev.fyloz.colorrecipesexplorer.exception.NotFoundException import dev.fyloz.colorrecipesexplorer.model.EntityDto import dev.fyloz.colorrecipesexplorer.model.Model import org.hibernate.annotations.Fetch import org.hibernate.annotations.FetchMode -import org.springframework.security.core.GrantedAuthority import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder import org.springframework.security.crypto.password.PasswordEncoder import java.time.LocalDateTime @@ -59,9 +59,6 @@ data class User( .apply { if (group != null) this.addAll(group!!.flatPermissions) } - - val authorities: Set - get() = flatPermissions.map { it.toAuthority() }.toMutableSet() } open class UserSaveDto( @@ -110,13 +107,23 @@ data class UserOutputDto( data class UserLoginRequest(val id: Long, val password: String) +data class UserDetails(val user: User) : SpringUserDetails { + override fun getPassword() = user.password + override fun getUsername() = user.id.toString() + override fun getAuthorities() = user.flatPermissions.toAuthorities() + + override fun isAccountNonExpired() = true + override fun isAccountNonLocked() = true + override fun isCredentialsNonExpired() = true + override fun isEnabled() = true +} + // ==== DSL ==== fun user( - passwordEncoder: PasswordEncoder = BCryptPasswordEncoder(), id: Long = 0L, firstName: String = "firstName", lastName: String = "lastName", - password: String = passwordEncoder.encode("password"), + password: String = "password", isDefaultGroupUser: Boolean = false, isSystemUser: Boolean = false, group: Group? = null, @@ -135,6 +142,30 @@ fun user( lastLoginTime ).apply(op) +fun user( + id: Long = 0L, + firstName: String = "firstName", + lastName: String = "lastName", + plainPassword: String = "password", + isDefaultGroupUser: Boolean = false, + isSystemUser: Boolean = false, + group: Group? = null, + permissions: MutableSet = mutableSetOf(), + lastLoginTime: LocalDateTime? = null, + passwordEncoder: PasswordEncoder = BCryptPasswordEncoder(), + op: User.() -> Unit = {} +) = User( + id, + firstName, + lastName, + passwordEncoder.encode(plainPassword), + isDefaultGroupUser, + isSystemUser, + group, + permissions, + lastLoginTime +).apply(op) + fun userSaveDto( passwordEncoder: PasswordEncoder = BCryptPasswordEncoder(), id: Long = 0L, @@ -155,6 +186,21 @@ fun userUpdateDto( op: UserUpdateDto.() -> Unit = {} ) = UserUpdateDto(id, firstName, lastName, groupId, permissions).apply(op) +// ==== Extensions ==== +fun Set.toAuthorities() = + this.map { it.toAuthority() }.toMutableSet() + +fun User.toOutputDto() = + UserOutputDto( + this.id, + this.firstName, + this.lastName, + this.group, + this.flatPermissions, + this.permissions, + this.lastLoginTime + ) + // ==== Exceptions ==== private const val USER_NOT_FOUND_EXCEPTION_TITLE = "User not found" private const val USER_ALREADY_EXISTS_EXCEPTION_TITLE = "User already exists" diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt index 2230093..42ab55e 100644 --- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt @@ -3,8 +3,8 @@ package dev.fyloz.colorrecipesexplorer.rest import dev.fyloz.colorrecipesexplorer.config.annotations.PreAuthorizeEditUsers import dev.fyloz.colorrecipesexplorer.config.annotations.PreAuthorizeViewUsers import dev.fyloz.colorrecipesexplorer.model.account.* -import dev.fyloz.colorrecipesexplorer.service.UserService -import dev.fyloz.colorrecipesexplorer.service.GroupService +import dev.fyloz.colorrecipesexplorer.service.users.GroupService +import dev.fyloz.colorrecipesexplorer.service.users.UserService import org.springframework.context.annotation.Profile import org.springframework.http.MediaType import org.springframework.security.access.prepost.PreAuthorize diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeService.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeService.kt index 4361728..dd9eccd 100644 --- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeService.kt +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeService.kt @@ -6,6 +6,7 @@ import dev.fyloz.colorrecipesexplorer.model.validation.or import dev.fyloz.colorrecipesexplorer.repository.RecipeRepository import dev.fyloz.colorrecipesexplorer.service.config.ConfigurationService import dev.fyloz.colorrecipesexplorer.service.files.WriteableFileService +import dev.fyloz.colorrecipesexplorer.service.users.GroupService import dev.fyloz.colorrecipesexplorer.utils.setAll import org.springframework.context.annotation.Lazy import org.springframework.context.annotation.Profile diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/config/ConfigurationService.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/config/ConfigurationService.kt index 302c3b3..f6db17e 100644 --- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/config/ConfigurationService.kt +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/config/ConfigurationService.kt @@ -239,7 +239,7 @@ class ConfigurationServiceImpl( private fun getGeneratedSalt(): String { logger.warn("Sensitives configurations encryption salt was not configured, using generated salt") - logger.warn("Consider configuring the encryption salt. More details at: https://git.fyloz.dev/color-recipes-explorer/backend/-/wikis/Configuration/S%C3%A9curit%C3%A9/#sel") + logger.warn("Consider configuring the encryption salt. More details at: https://cre.fyloz.dev/docs/Configuration/S%C3%A9curit%C3%A9/#sel") var saltConfiguration = configurationSource.get(saltConfigurationType) if (saltConfiguration == null) { diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/users/GroupService.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/users/GroupService.kt new file mode 100644 index 0000000..62ac1f0 --- /dev/null +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/users/GroupService.kt @@ -0,0 +1,97 @@ +package dev.fyloz.colorrecipesexplorer.service.users + +import dev.fyloz.colorrecipesexplorer.config.security.defaultGroupCookieName +import dev.fyloz.colorrecipesexplorer.model.account.* +import dev.fyloz.colorrecipesexplorer.repository.GroupRepository +import dev.fyloz.colorrecipesexplorer.service.AbstractExternalNamedModelService +import dev.fyloz.colorrecipesexplorer.service.ExternalNamedModelService +import org.springframework.context.annotation.Profile +import org.springframework.stereotype.Service +import org.springframework.web.util.WebUtils +import javax.servlet.http.HttpServletRequest +import javax.servlet.http.HttpServletResponse +import javax.transaction.Transactional + +const val defaultGroupCookieMaxAge = 10 * 365 * 24 * 60 * 60 // 10 ans + +interface GroupService : + ExternalNamedModelService { + /** Gets all the users of the group with the given [id]. */ + fun getUsersForGroup(id: Long): Collection + + /** Gets the default group from a cookie in the given HTTP [request]. */ + fun getRequestDefaultGroup(request: HttpServletRequest): Group + + /** Sets the default group cookie for the given HTTP [response]. */ + fun setResponseDefaultGroup(groupId: Long, response: HttpServletResponse) +} + +@Service +@Profile("!emergency") +class GroupServiceImpl( + private val userService: UserService, + groupRepository: GroupRepository +) : AbstractExternalNamedModelService( + groupRepository +), + GroupService { + override fun idNotFoundException(id: Long) = groupIdNotFoundException(id) + override fun idAlreadyExistsException(id: Long) = groupIdAlreadyExistsException(id) + override fun nameNotFoundException(name: String) = groupNameNotFoundException(name) + override fun nameAlreadyExistsException(name: String) = groupNameAlreadyExistsException(name) + + override fun Group.toOutput() = GroupOutputDto( + this.id!!, + this.name, + this.permissions, + this.flatPermissions + ) + + override fun existsByName(name: String): Boolean = repository.existsByName(name) + override fun getUsersForGroup(id: Long): Collection = + userService.getByGroup(getById(id)) + + @Transactional + override fun save(entity: Group): Group { + return super.save(entity).apply { + userService.saveDefaultGroupUser(this) + } + } + + override fun update(entity: GroupUpdateDto): Group { + val persistedGroup by lazy { getById(entity.id) } + return update(with(entity) { + Group( + entity.id, + if (name.isNotBlank()) entity.name else persistedGroup.name, + if (permissions.isNotEmpty()) entity.permissions else persistedGroup.permissions + ) + }) + } + + @Transactional + override fun delete(entity: Group) { + userService.delete(userService.getDefaultGroupUser(entity)) + super.delete(entity) + } + + override fun getRequestDefaultGroup(request: HttpServletRequest): Group { + val defaultGroupCookie = WebUtils.getCookie(request, defaultGroupCookieName) + ?: throw NoDefaultGroupException() + val defaultGroupUser = userService.getById( + defaultGroupCookie.value.toLong(), + ignoreDefaultGroupUsers = false, + ignoreSystemUsers = true + ) + return defaultGroupUser.group!! + } + + override fun setResponseDefaultGroup(groupId: Long, response: HttpServletResponse) { + val group = getById(groupId) + val defaultGroupUser = userService.getDefaultGroupUser(group) + response.addHeader( + "Set-Cookie", + "$defaultGroupCookieName=${defaultGroupUser.id}; Max-Age=$defaultGroupCookieMaxAge; Path=/api; HttpOnly; Secure; SameSite=strict" + ) + } +} diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/users/JwtService.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/users/JwtService.kt new file mode 100644 index 0000000..282d6ba --- /dev/null +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/users/JwtService.kt @@ -0,0 +1,79 @@ +package dev.fyloz.colorrecipesexplorer.service.users + +import com.fasterxml.jackson.databind.ObjectMapper +import com.fasterxml.jackson.module.kotlin.readValue +import dev.fyloz.colorrecipesexplorer.config.properties.CreSecurityProperties +import dev.fyloz.colorrecipesexplorer.model.account.User +import dev.fyloz.colorrecipesexplorer.model.account.UserDetails +import dev.fyloz.colorrecipesexplorer.model.account.UserOutputDto +import dev.fyloz.colorrecipesexplorer.model.account.toOutputDto +import dev.fyloz.colorrecipesexplorer.utils.base64encode +import dev.fyloz.colorrecipesexplorer.utils.toDate +import io.jsonwebtoken.Jwts +import io.jsonwebtoken.jackson.io.JacksonDeserializer +import io.jsonwebtoken.jackson.io.JacksonSerializer +import org.springframework.stereotype.Service +import java.time.Instant +import java.util.* + +const val jwtClaimUser = "user" + +interface JwtService { + /** Build a JWT token for the given [userDetails]. */ + fun buildJwt(userDetails: UserDetails): String + + /** Build a JWT token for the given [user]. */ + fun buildJwt(user: User): String + + /** Parses a user from the given [jwt] token. */ + fun parseJwt(jwt: String): UserOutputDto +} + +@Service +class JwtServiceImpl( + val objectMapper: ObjectMapper, + val securityProperties: CreSecurityProperties +) : JwtService { + private val secretKey by lazy { + securityProperties.jwtSecret.base64encode() + } + + private val jwtBuilder by lazy { + Jwts.builder() + .serializeToJsonWith(JacksonSerializer>(objectMapper)) + .signWith(secretKey) + } + + private val jwtParser by lazy { + Jwts.parserBuilder() + .deserializeJsonWith(JacksonDeserializer>(objectMapper)) + .setSigningKey(secretKey) + .build() + } + + override fun buildJwt(userDetails: UserDetails) = + buildJwt(userDetails.user) + + override fun buildJwt(user: User): String = + jwtBuilder + .setSubject(user.id.toString()) + .setExpiration(getCurrentExpirationDate()) + .claim(jwtClaimUser, user.serialize()) + .compact() + + override fun parseJwt(jwt: String): UserOutputDto = + with( + jwtParser.parseClaimsJws(jwt) + .body.get(jwtClaimUser, String::class.java) + ) { + objectMapper.readValue(this) + } + + private fun getCurrentExpirationDate(): Date = + Instant.now() + .plusSeconds(securityProperties.jwtDuration) + .toDate() + + private fun User.serialize(): String = + objectMapper.writeValueAsString(this.toOutputDto()) +} diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/users/UserDetailsService.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/users/UserDetailsService.kt new file mode 100644 index 0000000..923abed --- /dev/null +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/users/UserDetailsService.kt @@ -0,0 +1,77 @@ +package dev.fyloz.colorrecipesexplorer.service.users + +import dev.fyloz.colorrecipesexplorer.SpringUserDetails +import dev.fyloz.colorrecipesexplorer.SpringUserDetailsService +import dev.fyloz.colorrecipesexplorer.config.properties.CreSecurityProperties +import dev.fyloz.colorrecipesexplorer.exception.NotFoundException +import dev.fyloz.colorrecipesexplorer.model.account.Permission +import dev.fyloz.colorrecipesexplorer.model.account.User +import dev.fyloz.colorrecipesexplorer.model.account.UserDetails +import dev.fyloz.colorrecipesexplorer.model.account.user +import org.springframework.context.annotation.Profile +import org.springframework.security.core.userdetails.UsernameNotFoundException +import org.springframework.stereotype.Service + +interface UserDetailsService : SpringUserDetailsService { + /** Loads an [User] for the given [id]. */ + fun loadUserById(id: Long, ignoreDefaultGroupUsers: Boolean = false): UserDetails +} + +@Service +@Profile("!emergency") +class UserDetailsServiceImpl( + private val userService: UserService +) : UserDetailsService { + override fun loadUserByUsername(username: String): UserDetails { + try { + return loadUserById(username.toLong(), true) + } catch (ex: NotFoundException) { + throw UsernameNotFoundException(username) + } + } + + override fun loadUserById(id: Long, ignoreDefaultGroupUsers: Boolean): UserDetails { + val user = userService.getById( + id, + ignoreDefaultGroupUsers = ignoreDefaultGroupUsers, + ignoreSystemUsers = false + ) + return UserDetails(user) + } +} + +@Service +@Profile("emergency") +class EmergencyUserDetailsServiceImpl( + securityProperties: CreSecurityProperties +) : UserDetailsService { + private val users: Set + + init { + if (securityProperties.root == null) { + throw NullPointerException("The root user has not been configured") + } + + users = setOf( + // Add root user + with(securityProperties.root!!) { + user( + id = this.id, + plainPassword = this.password, + permissions = mutableSetOf(Permission.ADMIN) + ) + } + ) + } + + override fun loadUserByUsername(username: String): SpringUserDetails { + return loadUserById(username.toLong(), true) + } + + override fun loadUserById(id: Long, ignoreDefaultGroupUsers: Boolean): UserDetails { + val user = users.firstOrNull { it.id == id } + ?: throw UsernameNotFoundException(id.toString()) + + return UserDetails(user) + } +} diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/AccountService.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/users/UserService.kt similarity index 57% rename from src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/AccountService.kt rename to src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/users/UserService.kt index 9373ecb..04add2b 100644 --- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/AccountService.kt +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/service/users/UserService.kt @@ -1,25 +1,18 @@ -package dev.fyloz.colorrecipesexplorer.service +package dev.fyloz.colorrecipesexplorer.service.users import dev.fyloz.colorrecipesexplorer.config.security.blacklistedJwtTokens -import dev.fyloz.colorrecipesexplorer.config.security.defaultGroupCookieName -import dev.fyloz.colorrecipesexplorer.exception.NotFoundException import dev.fyloz.colorrecipesexplorer.model.account.* import dev.fyloz.colorrecipesexplorer.model.validation.or -import dev.fyloz.colorrecipesexplorer.repository.GroupRepository import dev.fyloz.colorrecipesexplorer.repository.UserRepository +import dev.fyloz.colorrecipesexplorer.service.AbstractExternalModelService +import dev.fyloz.colorrecipesexplorer.service.ExternalModelService import org.springframework.context.annotation.Lazy import org.springframework.context.annotation.Profile -import org.springframework.security.core.userdetails.UserDetails -import org.springframework.security.core.userdetails.UserDetailsService -import org.springframework.security.core.userdetails.UsernameNotFoundException import org.springframework.security.crypto.password.PasswordEncoder import org.springframework.stereotype.Service import org.springframework.web.util.WebUtils import java.time.LocalDateTime import javax.servlet.http.HttpServletRequest -import javax.servlet.http.HttpServletResponse -import javax.transaction.Transactional -import org.springframework.security.core.userdetails.User as SpringUser interface UserService : ExternalModelService { @@ -57,29 +50,11 @@ interface UserService : fun logout(request: HttpServletRequest) } -interface GroupService : - ExternalNamedModelService { - /** Gets all the users of the group with the given [id]. */ - fun getUsersForGroup(id: Long): Collection - - /** Gets the default group from a cookie in the given HTTP [request]. */ - fun getRequestDefaultGroup(request: HttpServletRequest): Group - - /** Sets the default group cookie for the given HTTP [response]. */ - fun setResponseDefaultGroup(groupId: Long, response: HttpServletResponse) -} - -interface CreUserDetailsService : UserDetailsService { - /** Loads an [User] for the given [id]. */ - fun loadUserById(id: Long, ignoreDefaultGroupUsers: Boolean = false): UserDetails -} - @Service @Profile("!emergency") class UserServiceImpl( userRepository: UserRepository, @Lazy val groupService: GroupService, - @Lazy val passwordEncoder: PasswordEncoder, ) : AbstractExternalModelService( userRepository ), @@ -87,15 +62,7 @@ class UserServiceImpl( override fun idNotFoundException(id: Long) = userIdNotFoundException(id) override fun idAlreadyExistsException(id: Long) = userIdAlreadyExistsException(id) - override fun User.toOutput() = UserOutputDto( - this.id, - this.firstName, - this.lastName, - this.group, - this.flatPermissions, - this.permissions, - this.lastLoginTime - ) + override fun User.toOutput() = this.toOutputDto() override fun existsByFirstNameAndLastName(firstName: String, lastName: String): Boolean = repository.existsByFirstNameAndLastName(firstName, lastName) @@ -122,11 +89,11 @@ class UserServiceImpl( override fun save(entity: UserSaveDto): User = save(with(entity) { - User( - id, - firstName, - lastName, - passwordEncoder.encode(password), + user( + id = id, + firstName = firstName, + lastName = lastName, + plainPassword = password, isDefaultGroupUser = false, isSystemUser = false, group = if (groupId != null) groupService.getById(groupId) else null, @@ -148,7 +115,7 @@ class UserServiceImpl( id = 1000000L + group.id!!, firstName = group.name, lastName = "User", - password = passwordEncoder.encode(group.name), + plainPassword = group.name, group = group, isDefaultGroupUser = true ) @@ -197,11 +164,11 @@ class UserServiceImpl( override fun updatePassword(id: Long, password: String): User { val persistedUser = getById(id, ignoreDefaultGroupUsers = true, ignoreSystemUsers = true) return super.update(with(persistedUser) { - User( + user( id, firstName, lastName, - passwordEncoder.encode(password), + plainPassword = password, isDefaultGroupUser, isSystemUser, group, @@ -227,101 +194,3 @@ class UserServiceImpl( } } } - -const val defaultGroupCookieMaxAge = 10 * 365 * 24 * 60 * 60 // 10 ans - -@Service -@Profile("!emergency") -class GroupServiceImpl( - private val userService: UserService, - groupRepository: GroupRepository -) : AbstractExternalNamedModelService( - groupRepository -), - GroupService { - override fun idNotFoundException(id: Long) = groupIdNotFoundException(id) - override fun idAlreadyExistsException(id: Long) = groupIdAlreadyExistsException(id) - override fun nameNotFoundException(name: String) = groupNameNotFoundException(name) - override fun nameAlreadyExistsException(name: String) = groupNameAlreadyExistsException(name) - - override fun Group.toOutput() = GroupOutputDto( - this.id!!, - this.name, - this.permissions, - this.flatPermissions - ) - - override fun existsByName(name: String): Boolean = repository.existsByName(name) - override fun getUsersForGroup(id: Long): Collection = - userService.getByGroup(getById(id)) - - @Transactional - override fun save(entity: Group): Group { - return super.save(entity).apply { - userService.saveDefaultGroupUser(this) - } - } - - override fun update(entity: GroupUpdateDto): Group { - val persistedGroup by lazy { getById(entity.id) } - return update(with(entity) { - Group( - entity.id, - if (name.isNotBlank()) entity.name else persistedGroup.name, - if (permissions.isNotEmpty()) entity.permissions else persistedGroup.permissions - ) - }) - } - - @Transactional - override fun delete(entity: Group) { - userService.delete(userService.getDefaultGroupUser(entity)) - super.delete(entity) - } - - override fun getRequestDefaultGroup(request: HttpServletRequest): Group { - val defaultGroupCookie = WebUtils.getCookie(request, defaultGroupCookieName) - ?: throw NoDefaultGroupException() - val defaultGroupUser = userService.getById( - defaultGroupCookie.value.toLong(), - ignoreDefaultGroupUsers = false, - ignoreSystemUsers = true - ) - return defaultGroupUser.group!! - } - - override fun setResponseDefaultGroup(groupId: Long, response: HttpServletResponse) { - val group = getById(groupId) - val defaultGroupUser = userService.getDefaultGroupUser(group) - response.addHeader( - "Set-Cookie", - "$defaultGroupCookieName=${defaultGroupUser.id}; Max-Age=${defaultGroupCookieMaxAge}; Path=/api; HttpOnly; Secure; SameSite=strict" - ) - } -} - -@Service -@Profile("!emergency") -class CreUserDetailsServiceImpl( - private val userService: UserService -) : - CreUserDetailsService { - override fun loadUserByUsername(username: String): UserDetails { - try { - return loadUserById(username.toLong(), true) - } catch (ex: NotFoundException) { - throw UsernameNotFoundException(username) - } catch (ex: NotFoundException) { - throw UsernameNotFoundException(username) - } - } - - override fun loadUserById(id: Long, ignoreDefaultGroupUsers: Boolean): UserDetails { - val user = userService.getById( - id, - ignoreDefaultGroupUsers = ignoreDefaultGroupUsers, - ignoreSystemUsers = false - ) - return SpringUser(user.id.toString(), user.password, user.authorities) - } -} diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/utils/Crypto.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/utils/Crypto.kt index a8206e6..1c27b76 100644 --- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/utils/Crypto.kt +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/utils/Crypto.kt @@ -1,5 +1,7 @@ package dev.fyloz.colorrecipesexplorer.utils +import io.jsonwebtoken.io.Encoders +import io.jsonwebtoken.security.Keys import org.springframework.security.crypto.encrypt.Encryptors import org.springframework.security.crypto.encrypt.TextEncryptor @@ -15,3 +17,8 @@ fun String.decrypt(password: String, salt: String): String = private fun withTextEncryptor(password: String, salt: String, op: (TextEncryptor) -> String) = op(Encryptors.text(password, salt)) + +fun String.base64encode() = + with(Encoders.BASE64.encode(this.toByteArray())) { + Keys.hmacShaKeyFor(this.toByteArray()) + } diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/utils/Http.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/utils/Http.kt new file mode 100644 index 0000000..b9af339 --- /dev/null +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/utils/Http.kt @@ -0,0 +1,55 @@ +package dev.fyloz.colorrecipesexplorer.utils + +import javax.servlet.http.HttpServletResponse + +private const val defaultCookieMaxAge = 3600L +private const val defaultCookieHttpOnly = true +private const val defaultCookieSameSite = true +private const val defaultCookieSecure = true + +data class CookieBuilderOptions( + /** HTTP Only cookies cannot be access by Javascript clients. */ + var httpOnly: Boolean = defaultCookieHttpOnly, + + /** SameSite cookies are only sent in requests to their origin location. */ + var sameSite: Boolean = defaultCookieSameSite, + + /** Secure cookies are only sent in HTTPS requests. */ + var secure: Boolean = defaultCookieSecure, + + /** Cookie's maximum age in seconds. */ + var maxAge: Long = defaultCookieMaxAge +) + +private enum class CookieBuilderOption(val optionName: String) { + HTTP_ONLY("HttpOnly"), + SAME_SITE("SameSite"), + SECURE("Secure"), + MAX_AGE("Max-Age") +} + +fun HttpServletResponse.addCookie(name: String, value: String, optionsBuilder: CookieBuilderOptions.() -> Unit) { + this.addHeader("Set-Cookie", buildCookie(name, value, optionsBuilder)) +} + +private fun buildCookie(name: String, value: String, optionsBuilder: CookieBuilderOptions.() -> Unit): String { + val options = CookieBuilderOptions().apply(optionsBuilder) + val cookie = StringBuilder("$name=$value;") + + fun addBoolOption(option: CookieBuilderOption, enabled: Boolean) { + if (enabled) { + cookie.append("${option.optionName};") + } + } + + fun addOption(option: CookieBuilderOption, value: Any) { + cookie.append("${option.optionName}=$value;") + } + + addBoolOption(CookieBuilderOption.HTTP_ONLY, options.httpOnly) + addBoolOption(CookieBuilderOption.SAME_SITE, options.sameSite) + addBoolOption(CookieBuilderOption.SECURE, options.secure) + addOption(CookieBuilderOption.MAX_AGE, options.maxAge) + + return cookie.toString() +} diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/utils/Time.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/utils/Time.kt index 9889865..272ad29 100644 --- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/utils/Time.kt +++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/utils/Time.kt @@ -1,9 +1,18 @@ package dev.fyloz.colorrecipesexplorer.utils +import java.time.Instant import java.time.Period +import java.util.* fun period(days: Int = 0, months: Int = 0, years: Int = 0): Period = Period.of(days, months, years) +fun Instant.toDate(): Date = + Date.from(this) + +/** Checks if a [Instant] is around the given [other] Instant, with an allowed [offset] in seconds. */ +fun Instant.isAround(other: Instant, offset: Long = 1L) = + this.isAfter(other.minusSeconds(offset)) && this.isBefore(other.plusSeconds(offset)) + val Int.months: Period get() = period(months = this) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index e796dda..18852ab 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -3,7 +3,7 @@ server.port=9090 # CRE cre.server.data-directory=data cre.server.config-directory=config -cre.security.jwt-secret=CtnvGQjgZ44A1fh295gE +cre.security.jwt-secret=CtnvGQjgZ44A1fh295gE78WWOgl8InrbwBgQsMy0 cre.security.jwt-duration=18000000 cre.security.aes-secret=blabla # Root user diff --git a/src/test/kotlin/dev/fyloz/colorrecipesexplorer/repository/MaterialRepositoryTest.kt b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/repository/MaterialRepositoryTest.kt index 7394f85..fa622f0 100644 --- a/src/test/kotlin/dev/fyloz/colorrecipesexplorer/repository/MaterialRepositoryTest.kt +++ b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/repository/MaterialRepositoryTest.kt @@ -10,8 +10,8 @@ import kotlin.test.assertEquals @DataJpaTest(excludeAutoConfiguration = [LiquibaseAutoConfiguration::class]) class MaterialRepositoryTest @Autowired constructor( - private val materialRepository: MaterialRepository, - private val entityManager: TestEntityManager + private val materialRepository: MaterialRepository, + private val entityManager: TestEntityManager ) { // updateInventoryQuantityById() diff --git a/src/test/kotlin/dev/fyloz/colorrecipesexplorer/repository/MixRepositoryTest.kt b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/repository/MixRepositoryTest.kt index 2362e33..e87c425 100644 --- a/src/test/kotlin/dev/fyloz/colorrecipesexplorer/repository/MixRepositoryTest.kt +++ b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/repository/MixRepositoryTest.kt @@ -10,8 +10,8 @@ import kotlin.test.assertEquals @DataJpaTest(excludeAutoConfiguration = [LiquibaseAutoConfiguration::class]) class MixRepositoryTest @Autowired constructor( - private val mixRepository: MixRepository, - private val entityManager: TestEntityManager + private val mixRepository: MixRepository, + private val entityManager: TestEntityManager ) { // updateLocationById() diff --git a/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/AccountsServiceTest.kt b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/AccountsServiceTest.kt index a9979b7..7fd9b53 100644 --- a/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/AccountsServiceTest.kt +++ b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/AccountsServiceTest.kt @@ -5,8 +5,9 @@ import dev.fyloz.colorrecipesexplorer.config.security.defaultGroupCookieName import dev.fyloz.colorrecipesexplorer.exception.AlreadyExistsException import dev.fyloz.colorrecipesexplorer.exception.NotFoundException import dev.fyloz.colorrecipesexplorer.model.account.* -import dev.fyloz.colorrecipesexplorer.repository.UserRepository import dev.fyloz.colorrecipesexplorer.repository.GroupRepository +import dev.fyloz.colorrecipesexplorer.repository.UserRepository +import dev.fyloz.colorrecipesexplorer.service.users.* import org.junit.jupiter.api.* import org.springframework.mock.web.MockHttpServletResponse import org.springframework.security.core.userdetails.UsernameNotFoundException @@ -18,24 +19,23 @@ import kotlin.test.assertEquals import kotlin.test.assertFalse import kotlin.test.assertNotNull import kotlin.test.assertTrue -import org.springframework.security.core.userdetails.User as SpringUser @TestInstance(TestInstance.Lifecycle.PER_CLASS) class UserServiceTest : AbstractExternalModelServiceTest() { private val passwordEncoder = BCryptPasswordEncoder() - override val entity: User = user(passwordEncoder, id = 0L) - override val anotherEntity: User = user(passwordEncoder, id = 1L) - private val entityDefaultGroupUser = user(passwordEncoder, id = 2L, isDefaultGroupUser = true) - private val entitySystemUser = user(passwordEncoder, id = 3L, isSystemUser = true) + override val entity: User = user(id = 0L, passwordEncoder = passwordEncoder) + override val anotherEntity: User = user(id = 1L, passwordEncoder = passwordEncoder) + private val entityDefaultGroupUser = user(id = 2L, isDefaultGroupUser = true, passwordEncoder = passwordEncoder) + private val entitySystemUser = user(id = 3L, isSystemUser = true, passwordEncoder = passwordEncoder) private val group = group(id = 0L) override val entitySaveDto: UserSaveDto = spy(userSaveDto(passwordEncoder, id = 0L)) override val entityUpdateDto: UserUpdateDto = spy(userUpdateDto(id = 0L)) override val repository: UserRepository = mock() private val groupService: GroupService = mock() - override val service: UserService = spy(UserServiceImpl(repository, groupService, passwordEncoder)) + override val service: UserService = spy(UserServiceImpl(repository, groupService)) private val entitySaveDtoUser = User( entitySaveDto.id, @@ -210,7 +210,7 @@ class GroupServiceTest : override val entityWithEntityName: Group = group(id = 2L, name = entity.name) private val groupUserId = 1000000L + entity.id!! - private val groupUser = user(BCryptPasswordEncoder(), id = groupUserId, group = entity) + private val groupUser = user(passwordEncoder = BCryptPasswordEncoder(), id = groupUserId, group = entity) @BeforeEach override fun afterEach() { @@ -303,7 +303,7 @@ class GroupServiceTest : @TestInstance(TestInstance.Lifecycle.PER_CLASS) class UserUserDetailsServiceTest { private val userService: UserService = mock() - private val service = spy(CreUserDetailsServiceImpl(userService)) + private val service = spy(UserDetailsServiceImpl(userService)) private val user = user(id = 0L) @@ -317,8 +317,8 @@ class UserUserDetailsServiceTest { @Test fun `loadUserByUsername() calls loadUserByUserId() with the given username as an id`() { whenever(userService.getById(eq(user.id), any(), any())).doReturn(user) - doReturn(SpringUser(user.id.toString(), user.password, listOf())).whenever(service) - .loadUserById(user.id) + doReturn(UserDetails(user(id = user.id, plainPassword = user.password))) + .whenever(service).loadUserById(user.id) service.loadUserByUsername(user.id.toString()) diff --git a/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/JwtServiceTest.kt b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/JwtServiceTest.kt new file mode 100644 index 0000000..8a0a241 --- /dev/null +++ b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/JwtServiceTest.kt @@ -0,0 +1,99 @@ +package dev.fyloz.colorrecipesexplorer.service + +import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper +import com.fasterxml.jackson.module.kotlin.readValue +import dev.fyloz.colorrecipesexplorer.config.properties.CreSecurityProperties +import dev.fyloz.colorrecipesexplorer.model.account.UserDetails +import dev.fyloz.colorrecipesexplorer.model.account.UserOutputDto +import dev.fyloz.colorrecipesexplorer.model.account.toOutputDto +import dev.fyloz.colorrecipesexplorer.model.account.user +import dev.fyloz.colorrecipesexplorer.service.users.JwtServiceImpl +import dev.fyloz.colorrecipesexplorer.service.users.jwtClaimUser +import dev.fyloz.colorrecipesexplorer.utils.base64encode +import dev.fyloz.colorrecipesexplorer.utils.isAround +import io.jsonwebtoken.Jwts +import io.jsonwebtoken.jackson.io.JacksonDeserializer +import io.mockk.spyk +import org.junit.jupiter.api.BeforeEach +import org.junit.jupiter.api.Test +import java.time.Instant +import kotlin.test.assertEquals +import kotlin.test.assertTrue + +class JwtServiceTest { + private val objectMapper = jacksonObjectMapper() + private val securityProperties = CreSecurityProperties().apply { + jwtSecret = "XRRm7OflmFuCrOB2Xvmfsercih9DCKom" + jwtDuration = 1000000L + } + private val jwtParser by lazy { + Jwts.parserBuilder() + .deserializeJsonWith(JacksonDeserializer>(objectMapper)) + .setSigningKey(securityProperties.jwtSecret.base64encode()) + .build() + } + + private val jwtService = spyk(JwtServiceImpl(objectMapper, securityProperties)) + + private val user = user() + private val userOutputDto = user.toOutputDto() + + // buildJwt() + + private fun withParsedUserOutputDto(jwt: String, test: (UserOutputDto) -> Unit) { + val serializedUser = jwtParser.parseClaimsJws(jwt) + .body.get(jwtClaimUser, String::class.java) + + test(objectMapper.readValue(serializedUser)) + } + + @Test + fun `buildJwt(userDetails) returns jwt string with valid user`() { + val userDetails = UserDetails(user) + + val builtJwt = jwtService.buildJwt(userDetails) + + withParsedUserOutputDto(builtJwt) { parsedUser -> + assertEquals(user.toOutputDto(), parsedUser) + } + } + + @Test + fun `buildJwt() returns jwt string with valid user`() { + val builtJwt = jwtService.buildJwt(user) + + withParsedUserOutputDto(builtJwt) { parsedUser -> + assertEquals(user.toOutputDto(), parsedUser) + } + } + + @Test + fun `buildJwt() returns jwt string with valid subject`() { + val builtJwt = jwtService.buildJwt(user) + val jwtSubject = jwtParser.parseClaimsJws(builtJwt).body.subject + + assertEquals(user.id.toString(), jwtSubject) + } + + @Test + fun `buildJwt() returns jwt with valid expiration date`() { + val jwtExpectedExpirationDate = Instant.now().plusSeconds(securityProperties.jwtDuration) + + val builtJwt = jwtService.buildJwt(user) + val jwtExpiration = jwtParser.parseClaimsJws(builtJwt) + .body.expiration.toInstant() + + // Check if it's between 1 second + assertTrue { jwtExpiration.isAround(jwtExpectedExpirationDate) } + } + + // parseJwt() + + @Test + fun `parseJwt() returns expected user`() { + val jwt = jwtService.buildJwt(user) + val parsedUser = jwtService.parseJwt(jwt) + + assertEquals(userOutputDto, parsedUser) + } +} diff --git a/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/MixServiceTest.kt b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/MixServiceTest.kt index a9debc1..707da9f 100644 --- a/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/MixServiceTest.kt +++ b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/MixServiceTest.kt @@ -87,9 +87,9 @@ class MixServiceTest : AbstractExternalModelServiceTest Unit + scope: MixUpdateDtoTestScope = MixUpdateDtoTestScope(), + sharedMixType: Boolean = false, + op: MixUpdateDtoTestScope.() -> Unit ) { with(scope) { doReturn(true).whenever(service).existsById(mix.id!!) diff --git a/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeServiceTest.kt b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeServiceTest.kt index d27a78c..ede2dce 100644 --- a/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeServiceTest.kt +++ b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeServiceTest.kt @@ -7,6 +7,7 @@ import dev.fyloz.colorrecipesexplorer.model.account.group import dev.fyloz.colorrecipesexplorer.repository.RecipeRepository import dev.fyloz.colorrecipesexplorer.service.config.ConfigurationService import dev.fyloz.colorrecipesexplorer.service.files.WriteableFileService +import dev.fyloz.colorrecipesexplorer.service.users.GroupService import io.mockk.* import org.junit.jupiter.api.AfterEach import org.junit.jupiter.api.Test diff --git a/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeStepServiceTest.kt b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeStepServiceTest.kt index b0f9c73..31933b0 100644 --- a/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeStepServiceTest.kt +++ b/src/test/kotlin/dev/fyloz/colorrecipesexplorer/service/RecipeStepServiceTest.kt @@ -1,8 +1,11 @@ package dev.fyloz.colorrecipesexplorer.service import com.nhaarman.mockitokotlin2.* -import dev.fyloz.colorrecipesexplorer.model.* +import dev.fyloz.colorrecipesexplorer.model.RecipeGroupInformation +import dev.fyloz.colorrecipesexplorer.model.RecipeStep import dev.fyloz.colorrecipesexplorer.model.account.group +import dev.fyloz.colorrecipesexplorer.model.recipeGroupInformation +import dev.fyloz.colorrecipesexplorer.model.recipeStep import dev.fyloz.colorrecipesexplorer.repository.RecipeStepRepository import org.junit.jupiter.api.Test import org.junit.jupiter.api.TestInstance