ColorRecipesExplorer
/
Backend
1
1
Fork 0
Code Issues 7 Pull Requests Projects 1 Releases 2 Wiki Activity

#1 Fix getting app logo and icon returning HTTP 403
continuous-integration/drone/push Build is passing Details

This commit is contained in:
FyloZ 2021-08-20 17:29:45 -04:00
parent 7f2ce81354
commit 9a618258bf
Signed by: william
GPG Key ID: 835378AE9AF4AE97
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt
View File

@ -8,7 +8,10 @@ import dev.fyloz.colorrecipesexplorer.service.CreUserDetailsService
import dev.fyloz.colorrecipesexplorer.service.UserService import dev.fyloz.colorrecipesexplorer.service.UserService
import org.slf4j.Logger import org.slf4j.Logger
import org.springframework.boot.context.properties.EnableConfigurationProperties import org.springframework.boot.context.properties.EnableConfigurationProperties
import org.springframework.context.annotation.* import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.Lazy
import org.springframework.context.annotation.Profile
import org.springframework.core.env.Environment import org.springframework.core.env.Environment
import org.springframework.http.HttpMethod import org.springframework.http.HttpMethod
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
@ -99,11 +102,9 @@ class SecurityConfig(
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
if (!debugMode) { if (!debugMode) {
http.authorizeRequests() http
.antMatchers("/api/login").permitAll() .authorizeRequests()
.antMatchers("/api/logout").fullyAuthenticated() .anyRequest().permitAll()
.antMatchers("/api/user/current").fullyAuthenticated()
.anyRequest().fullyAuthenticated()
} else { } else {
http http
.cors() .cors()

2
src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt
View File

@ -32,6 +32,7 @@ class UserController(private val userService: UserService) {
ok(userService.getByIdForOutput(id)) ok(userService.getByIdForOutput(id))
@GetMapping("current") @GetMapping("current")
@PreAuthorize("isFullyAuthenticated()")
fun getCurrent(loggedInUser: Principal?) = fun getCurrent(loggedInUser: Principal?) =
if (loggedInUser != null) if (loggedInUser != null)
ok( ok(
@ -161,6 +162,7 @@ class GroupsController(
@Profile("!emergency") @Profile("!emergency")
class LogoutController(private val userService: UserService) { class LogoutController(private val userService: UserService) {
@GetMapping("logout") @GetMapping("logout")
@PreAuthorize("isFullyAuthenticated()")
fun logout(request: HttpServletRequest) = fun logout(request: HttpServletRequest) =
ok { ok {
userService.logout(request) userService.logout(request)