Api related to logout,reset and change password in user api controller

2024-08-26 12:27:12 +05:30
parent 0f7574499c
commit a45dd56432
17 changed files with 393 additions and 36 deletions
--- a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
+++ b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
@@ -39,13 +39,12 @@ import net.gepafin.tendermanagement.config.jwt.TokenProvider;
 public class SecurityConfig {

    private final TokenProvider tokenProvider;
-    
-    private final CorsFilter corsFilter;
+    private final CorsConfigurationSource corsConfigurationSource;

    @Autowired
-    public SecurityConfig(TokenProvider tokenProvider, CorsFilter corsFilter) {
+    public SecurityConfig(TokenProvider tokenProvider, CorsConfigurationSource corsConfigurationSource) {
        this.tokenProvider = tokenProvider;
-        this.corsFilter = corsFilter;
+        this.corsConfigurationSource = corsConfigurationSource;
    }

    @Bean
@@ -59,20 +58,19 @@ public class SecurityConfig {
    }

    @Bean
-    MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
+    public MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
        return new MvcRequestMatcher.Builder(introspector);
    }
-    
+
    @Bean
    public WebSecurityCustomizer webSecurityCustomizer(MvcRequestMatcher.Builder mvc) {
        return (web) -> web.ignoring().requestMatchers(mvc.pattern(HttpMethod.OPTIONS, "/**"))
-        		.requestMatchers(new AntPathRequestMatcher("/i18n/**"))
-        		.requestMatchers(new AntPathRequestMatcher("/content/**"))
-        		.requestMatchers(new AntPathRequestMatcher("/swagger-ui/index.html"))
-        		.requestMatchers(new AntPathRequestMatcher("/swagger-ui/**"));
+                .requestMatchers(new AntPathRequestMatcher("/i18n/**"))
+                .requestMatchers(new AntPathRequestMatcher("/content/**"))
+                .requestMatchers(new AntPathRequestMatcher("/swagger-ui/index.html"))
+                .requestMatchers(new AntPathRequestMatcher("/swagger-ui/**"));
    }

-
 //    @Bean
 //    public CorsConfigurationSource corsConfigurationSource() {
 //        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
@@ -85,9 +83,14 @@ public class SecurityConfig {
 //        return source;
 //    }

+    @Bean
+    public CorsFilter corsFilter() {
+        return new CorsFilter(corsConfigurationSource);
+    }
+
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
-    			http
+        http
                .csrf(AbstractHttpConfigurer::disable)
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers(mvc.pattern(HttpMethod.POST, "/v1/user/login")).permitAll()
@@ -99,7 +102,7 @@ public class SecurityConfig {
                .sessionManagement(session -> session
                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                )
-                .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(corsFilter(), UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(new JWTFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class);

        return http.build();
--- a/src/main/java/net/gepafin/tendermanagement/config/jwt/TokenProvider.java
+++ b/src/main/java/net/gepafin/tendermanagement/config/jwt/TokenProvider.java
@@ -48,6 +48,7 @@ public class TokenProvider {

    public static final String INVALID_USER = "invalid_user";
    static final  String AUTH_SECRET = "X-Api-Secret";
+    private final Set<String> invalidatedTokens = new HashSet<>();

    @PostConstruct
    public void init() {
@@ -113,6 +114,10 @@ public class TokenProvider {

    public boolean validateToken(String authToken) {
        try {
+            if (isTokenInvalid(authToken)) {
+                log.warn("Token is invalidated.");
+                return false;
+            }
            Jwts.parserBuilder()
                    .setSigningKey(key)
                    .build()
@@ -124,6 +129,15 @@ public class TokenProvider {
            return false;
        }
    }
+
+    public void invalidateToken(String token) {
+        invalidatedTokens.add(token);
+        log.info("Token invalidated: {}", token);
+    }
+
+    public boolean isTokenInvalid(String token) {
+        return invalidatedTokens.contains(token);
+    }
    public Map<String, Object> getUserInfoAndUserIdFromToken(HttpServletRequest request) {
        Map<String, Object> userInfo = new HashMap<>();
        String authSecretHeader=request.getHeader(AUTH_SECRET);
@@ -196,4 +210,12 @@ public class TokenProvider {
        Claims claims = Jwts.parser().setSigningKey(key).parseClaimsJws(token).getBody();
        return claims.getSubject();
    }
+    public String extractTokenFromRequest(HttpServletRequest request) {
+        String bearerToken = request.getHeader("Authorization");
+        if (bearerToken != null && bearerToken.startsWith("Bearer ")) {
+            return bearerToken.substring(7); // Remove "Bearer " prefix
+        }
+        return null; // Return null if token is not found or not in Bearer format
+    }
+
 }