fix change password

pom.xml

@@ -38,7 +38,6 @@
 			<groupId>org.jetbrains.kotlin</groupId>
 			<artifactId>kotlin-stdlib</artifactId>
 		</dependency>
-
 		<dependency>
 			<groupId>com.mysql</groupId>
 			<artifactId>mysql-connector-j</artifactId>
@@ -59,11 +58,16 @@
             <artifactId>jakarta.validation-api</artifactId>
             <version>3.0.2</version>
         </dependency>
-        <!--        <dependency>-->
-<!--            <groupId>org.springframework.security</groupId>-->
-<!--            <artifactId>spring-security-config</artifactId>-->
-<!--            <version>6.1.5</version>-->
-<!--        </dependency>-->
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<version>6.1.5</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-web</artifactId>
+			<version>6.1.5</version>
+		</dependency>
     </dependencies>
 
 	<build>

src/main/kotlin/com/swagger/rest/configuration/WebSecurityConfig.kt

@@ -0,0 +1,56 @@
+package com.swagger.rest.configuration
+
+import com.swagger.rest.services.UserDetailsServiceImpl
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.http.HttpStatus
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider
+import org.springframework.security.config.Customizer
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.authentication.HttpStatusEntryPoint
+
+@Configuration
+@EnableWebSecurity
+class WebSecurityConfig {
+
+    @Bean
+    @Throws(Exception::class)
+    fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        http.authorizeHttpRequests { requests ->
+            requests.anyRequest().authenticated()
+        }.httpBasic(Customizer.withDefaults())
+            .exceptionHandling { it.authenticationEntryPoint(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)) }
+            .csrf { it.disable() }
+        return http.build()
+    }
+
+    @Bean
+    fun passwordEncoder(): BCryptPasswordEncoder {
+        return BCryptPasswordEncoder()
+    }
+
+    @Bean
+    fun userDetailsService(): UserDetailsService {
+        return UserDetailsServiceImpl()
+    }
+
+    @Bean
+    fun authenticationProvider(): DaoAuthenticationProvider {
+        val authProvider = DaoAuthenticationProvider()
+        authProvider.setUserDetailsService(userDetailsService())
+        authProvider.setPasswordEncoder(passwordEncoder())
+        return authProvider
+    }
+
+
+    @Throws(Exception::class)
+    protected fun configure(auth: AuthenticationManagerBuilder) {
+        auth.authenticationProvider(authenticationProvider())
+    }
+
+}

src/main/kotlin/com/swagger/rest/controllers/PlatformController.kt

@@ -63,7 +63,7 @@ class PlatformController(
                     ResponseEntity<Platform>(HttpStatus.CONFLICT)
                 } else {
                     val newPlatform = Platform()
-                    newPlatform.name = trim(platform.name)
+                    newPlatform.name = platform.name!!.trim()
                     newPlatform.project_id = projectRepository.findById(platform.project_id!!).get()
                     ResponseEntity<Platform>(platformRepository.save(newPlatform), HttpStatus.CREATED)
                 }
@@ -89,7 +89,7 @@ class PlatformController(
                 if (check!!.isEmpty() || (input.name == platformExist.get().name && input.project_id.toString() == platformExist.get().project_id!!.id.toString())) {//tidak ada yg sama
                     val savePlatform = platformExist.get()
                     savePlatform.project_id = targetProject.get()
-                    savePlatform.name = trim(input.name!!)
+                    savePlatform.name = input.name!!.trim()
                     ResponseEntity<Platform>(platformRepository.save(savePlatform), HttpStatus.OK)
                 } else {
                     ResponseEntity<Platform>(HttpStatus.CONFLICT)

src/main/kotlin/com/swagger/rest/controllers/ProjectController.kt

@@ -51,7 +51,7 @@ class ProjectController(
                 } else if (found > 0) {//duplicate
                     ResponseEntity<Project>(HttpStatus.CONFLICT)
                 } else {
-                    project.name = trim(project.name)
+                    project.name = project.name.trim()
                     val saveProject: Project = projectRepository.save(project)
                     ResponseEntity<Project>(saveProject, HttpStatus.CREATED)
                 }
@@ -73,7 +73,7 @@ class ProjectController(
             } else if (projectData.isPresent) {
                 if ((project.name == projectData.get().name && found > 0) || (project.name !== projectData.get().name && found == 0)) {
                     val saveProject = projectData.get()
-                    saveProject.name = trim(project.name)
+                    saveProject.name = project.name.trim()
                     saveProject.description = project.description
                     ResponseEntity<Any?>(projectRepository.save(saveProject), HttpStatus.OK)
                 } else {//duplicate

src/main/kotlin/com/swagger/rest/controllers/UserController.kt

@@ -0,0 +1,130 @@
+package com.swagger.rest.controllers
+
+import com.swagger.rest.models.User
+import com.swagger.rest.models.UserInput
+import com.swagger.rest.repositories.UserRepository
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.http.HttpStatus
+import org.springframework.http.ResponseEntity
+import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.web.bind.annotation.*
+import java.util.*
+
+@RestController
+@RequestMapping("/api/v1")
+class UserController(private val userRepository: UserRepository) {
+    @Autowired
+    private val passwordEncoder: PasswordEncoder? = null
+
+    @GetMapping("/users")
+    fun getUser(@RequestParam(required = false) username: String?): Any {
+        return try {
+            val users: List<User> = if (username == null) {
+                userRepository.findAll() as List<User>
+            } else {
+                userRepository.findByUsernameContaining(username) as List<User>
+            }
+            if (users.isNotEmpty()) {
+                ResponseEntity<List<User>?>(users, HttpStatus.OK)
+            } else {
+                arrayOf<String>()
+            }
+        } catch (e: Exception) {
+            ResponseEntity<List<User>?>(null, HttpStatus.INTERNAL_SERVER_ERROR)
+        }
+    }
+
+    @GetMapping("/users/{id}")
+    fun getUserById(@PathVariable("id") id: Long): ResponseEntity<User> {
+        val userData: Optional<User?> = userRepository.findById(id)
+        return if (userData.isPresent) {
+            ResponseEntity<User>(userData.get(), HttpStatus.OK)
+        } else {
+            ResponseEntity<User>(HttpStatus.NOT_FOUND)
+        }
+    }
+
+    @PostMapping("/users")
+    fun AddUser(@RequestBody user: User): ResponseEntity<User> {
+        return try {
+            val found = userRepository.findByUsernameContaining(user.username).size
+            if (user.username.isNotBlank()) {
+                if (user.username.length > 100 || user.password.length > 100 || user.name.length > 255) {
+                    ResponseEntity<User>(HttpStatus.PAYLOAD_TOO_LARGE)
+                } else if (found > 0) {
+                    ResponseEntity<User>(HttpStatus.CONFLICT)
+                } else {
+                    user.username = user.username.trim()
+                    user.password = passwordEncoder!!.encode(user.password)
+                    val saveUser = userRepository.save(user)
+                    ResponseEntity<User>(saveUser, HttpStatus.CREATED)
+                }
+            } else {
+                ResponseEntity<User>(HttpStatus.BAD_REQUEST)
+            }
+        } catch (e: Exception) {
+            ResponseEntity<User>(null, HttpStatus.INTERNAL_SERVER_ERROR)
+        }
+    }
+
+    @PutMapping("/users/{id}")
+    fun updateUserById(@PathVariable("id") id: Long, @RequestBody user: User): ResponseEntity<out Any?> {
+        val userData = userRepository.findById(id)
+        val found = userRepository.findByUsernameContaining(user.username).size
+        return if (user.username.isNotBlank()) {
+            if (user.username.length > 100 || user.name.length > 255) {
+                ResponseEntity<User>(HttpStatus.PAYLOAD_TOO_LARGE)
+            } else if (userData.isPresent) {
+                if ((user.username == userData.get().username && found > 0) || (user.username !== userData.get().username && found == 0)) {
+                    val saveUser = userData.get()
+                    saveUser.username = user.username.trim()
+                    saveUser.name = user.name
+                    ResponseEntity<Any?>(userRepository.save(saveUser), HttpStatus.OK)
+                } else {
+                    ResponseEntity<User>(HttpStatus.CONFLICT)
+                }
+            } else {
+                ResponseEntity<User>(HttpStatus.NOT_FOUND)
+            }
+        } else {
+            ResponseEntity<User?>(HttpStatus.BAD_REQUEST)
+        }
+    }
+
+    @DeleteMapping("/users/{id}")
+    fun deleteUserById(@PathVariable("id") id: Long): ResponseEntity<HttpStatus> {
+        val find = userRepository.findById(id)
+        return try {
+            if (find.isPresent) {
+                userRepository.deleteById(id)
+                ResponseEntity(HttpStatus.OK)
+            } else {
+                ResponseEntity(HttpStatus.NOT_FOUND)
+            }
+        } catch (e: Exception) {
+            ResponseEntity(HttpStatus.INTERNAL_SERVER_ERROR)
+        }
+    }
+
+    @PutMapping("/users/{id}/password")
+    fun updatePassword(@PathVariable("id") id: Long, @RequestBody userInput: UserInput): ResponseEntity<out Any?> {
+        val userData = userRepository.findById(id)
+        return if (userInput.newPassword!!.isNotBlank() || userInput.oldPassword!!.isNotBlank()) {
+            if (userInput.newPassword!!.length > 100) {
+                ResponseEntity<User>(HttpStatus.PAYLOAD_TOO_LARGE)
+            } else if (userData.isPresent) {
+                if (passwordEncoder!!.matches(userInput.oldPassword, userData.get().password)) {
+                    val saveUser = userData.get()
+                    saveUser.password = passwordEncoder.encode(userInput.newPassword)
+                    ResponseEntity<Any?>(userRepository.save(saveUser), HttpStatus.OK)
+                } else {
+                    ResponseEntity<User>(HttpStatus.FORBIDDEN)
+                }
+            } else {
+                ResponseEntity<User>(HttpStatus.NOT_FOUND)
+            }
+        } else {
+            ResponseEntity<User>(HttpStatus.BAD_REQUEST)
+        }
+    }
+}

src/main/kotlin/com/swagger/rest/models/UserInput.kt

@@ -0,0 +1,8 @@
+package com.swagger.rest.models
+
+class UserInput {
+
+    var oldPassword: String? = ""
+
+    var newPassword: String? = ""
+}

src/main/kotlin/com/swagger/rest/repositories/UserRepository.kt

@@ -0,0 +1,12 @@
+package com.swagger.rest.repositories
+
+import com.swagger.rest.models.User
+import org.springframework.data.jpa.repository.JpaRepository
+import org.springframework.data.jpa.repository.Query
+
+interface UserRepository:JpaRepository<User, Long> {
+    @Query("SELECT u FROM User u WHERE u.username = :username")
+    fun getUserByUsername(username: String): User
+
+    fun findByUsernameContaining(username:String?):List<User>
+}

src/main/kotlin/com/swagger/rest/services/MyUserDetails.kt

@@ -0,0 +1,48 @@
+package com.swagger.rest.services
+
+import com.swagger.rest.models.User
+import org.springframework.security.core.GrantedAuthority
+import org.springframework.security.core.authority.SimpleGrantedAuthority
+import org.springframework.security.core.userdetails.UserDetails
+
+class MyUserDetails(user: User) : UserDetails {
+    private val user: User
+
+    init {
+        this.user = user
+    }
+
+    override fun getAuthorities(): Collection<GrantedAuthority?> {
+//        val roles: Set<Role> = user.roles
+        val authorities: MutableList<SimpleGrantedAuthority?> = ArrayList()
+//        for (role in roles) {
+//            authorities.add(SimpleGrantedAuthority(role.name))
+//        }
+        return authorities
+    }
+
+    override fun getPassword(): String {
+        return user.password
+    }
+
+    override fun getUsername(): String {
+        return user.username
+    }
+
+    override fun isAccountNonExpired(): Boolean {
+        return true
+    }
+
+    override fun isAccountNonLocked(): Boolean {
+        return true
+    }
+
+    override fun isCredentialsNonExpired(): Boolean {
+        return true
+    }
+
+    override fun isEnabled(): Boolean {
+//        return user.isEnabled
+        return true
+    }
+}

src/main/kotlin/com/swagger/rest/services/UserDetailsServiceImpl.kt

@@ -0,0 +1,18 @@
+package com.swagger.rest.services
+
+import com.swagger.rest.repositories.UserRepository
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.security.core.userdetails.UserDetails
+import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.security.core.userdetails.UsernameNotFoundException
+
+class UserDetailsServiceImpl : UserDetailsService {
+    @Autowired
+    private val userRepository: UserRepository? = null
+
+    @Throws(UsernameNotFoundException::class)
+    override fun loadUserByUsername(username: String): UserDetails {
+        val user = userRepository!!.getUserByUsername(username)
+        return MyUserDetails(user)
+    }
+}

swagger3 project.yml

@@ -23,6 +23,8 @@ paths:
       responses:
         200:
           $ref: '#/components/responses/200AP'
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
       security: 
       - basicAuth: []
     post:
@@ -38,6 +40,8 @@ paths:
           $ref: '#/components/responses/201'
         400:
           $ref: '#/components/responses/400'
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
         409:
           $ref: '#/components/responses/409'
         413:
@@ -56,6 +60,8 @@ paths:
       responses:
         200:
           $ref: '#/components/responses/200SP'
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
         404:
           $ref: '#/components/responses/404'
       security: 
@@ -75,6 +81,8 @@ paths:
           $ref: '#/components/responses/200AP'
         400:
           $ref: '#/components/responses/400'
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
         404:
           $ref: '#/components/responses/404'
         409:
@@ -96,6 +104,8 @@ paths:
           description: successful operation
         205:
           description: Unable to delete. Data is used.
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
         404:
           $ref: '#/components/responses/404'
       security: 
@@ -118,6 +128,8 @@ paths:
                 type: array
                 items: 
                   $ref: '#/components/schemas/Platform'
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
       security: 
       - basicAuth: []
     post:
@@ -149,6 +161,8 @@ paths:
                 $ref: '#/components/schemas/Platform'
         400:
           $ref: '#/components/responses/400'
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
         404:
           $ref: '#/components/responses/404'
         409:
@@ -173,6 +187,8 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Platform'
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
         404:
           $ref: '#/components/responses/404'
       security: 
@@ -208,6 +224,8 @@ paths:
                 $ref: '#/components/schemas/Platform'
         400:
           $ref: '#/components/responses/400'
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
         404:
           $ref: '#/components/responses/404'
         409:
@@ -227,6 +245,8 @@ paths:
       responses:
         200:
           description: successful operation
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
         404:
           $ref: '#/components/responses/404'
       security: 
@@ -245,10 +265,12 @@ paths:
             application/json:
               schema:
                 type: array
-                items:
+                items: 
                   $ref: '#/components/schemas/User'
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
       security: 
-      - basicAuth: []
+      - basicAuth: [] 
     post:
       tags: 
       - users
@@ -268,10 +290,10 @@ paths:
                   example: abi
                 password:
                   type: string
-                  example: abi
+                  example: abi123
                 name:
                   type: string
-                  example: abi
+                  example: abidzar
       responses:
         201:
           description: record successfully added
@@ -281,17 +303,21 @@ paths:
                 $ref: '#/components/schemas/User'
         400:
           $ref: '#/components/responses/400'
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
         409:
           $ref: '#/components/responses/409'
         413:  
           $ref: '#/components/responses/413'
+      security: 
+        - basicAuth: []
   /users/{userId}:
     get:
       tags: 
       - users
       summary: find user by userId
       description: return user by userId
-      operationId: getUserByUserId
+      operationId: getUserById
       parameters: 
         - $ref: '#/components/parameters/UserPath'
       responses:
@@ -301,6 +327,8 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/User'
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
         404:
           $ref: '#/components/responses/404'
       security: 
@@ -310,7 +338,7 @@ paths:
       - users
       summary:  update existing user except password
       description: update user
-      operationId: updateUserByUserId
+      operationId: updateUserById
       parameters: 
         - $ref: '#/components/parameters/UserPath'
       requestBody:
@@ -336,6 +364,8 @@ paths:
                 $ref: '#/components/schemas/User'
         400:
           $ref: '#/components/responses/400'
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
         404:
           $ref: '#/components/responses/404'
         409:
@@ -355,6 +385,8 @@ paths:
       responses:
         200:
           description: successful operation
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
         404:
           $ref: '#/components/responses/404'
       security: 
@@ -376,9 +408,12 @@ paths:
             schema:
               type: object
               properties:
-                password:
+                oldPassword:
                   type: string
                   example: abi123
+                newPassword:
+                  type: string
+                  example: abi456
       responses:
         200:
           description: successful operation
@@ -388,6 +423,10 @@ paths:
                 $ref: '#/components/schemas/User'
         400:
           $ref: '#/components/responses/400'
+        401:
+          $ref: '#/components/responses/UnauthorizedError'
+        403:
+          description: wrong old password
         404:
           $ref: '#/components/responses/404'
       security: 
@@ -506,6 +545,12 @@ components:
             $ref: '#/components/schemas/Project'
     400:
       description: invalid data
+    UnauthorizedError:
+      description: Authentication information is missing or invalid
+      headers:
+        WWW_Authenticate:
+          schema:
+            type: string
     404:
       description: not found
     409: