Refactor authentication, add logout and registration endpoints

Author: gavlyukovskiy

src/main/java/net/hackyourfuture/coursehub/data/AuthenticatedUser.java

@@ -0,0 +1,26 @@
+package net.hackyourfuture.coursehub.data;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.List;
+
+public record AuthenticatedUser(Integer userId, String firstName, String lastName, String emailAddress, Role role) implements UserDetails {
+
+    @Override
+    public String getUsername() {
+        return emailAddress;
+    }
+
+    @Override
+    public String getPassword() {
+        return null;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return List.of(new SimpleGrantedAuthority("ROLE_" + role.name()));
+    }
+}

src/main/java/net/hackyourfuture/coursehub/service/UserAuthenticationService.java

@@ -1,32 +1,67 @@
 package net.hackyourfuture.coursehub.service;
 
+import net.hackyourfuture.coursehub.data.AuthenticatedUser;
+import net.hackyourfuture.coursehub.data.InstructorEntity;
+import net.hackyourfuture.coursehub.data.StudentEntity;
 import net.hackyourfuture.coursehub.data.UserAccountEntity;
+import net.hackyourfuture.coursehub.repository.InstructorRepository;
+import net.hackyourfuture.coursehub.repository.StudentRepository;
 import net.hackyourfuture.coursehub.repository.UserAccountRepository;
-import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.stereotype.Service;
-import java.util.Collections;
 
 @Service
 public class UserAuthenticationService implements UserDetailsService {
     private final UserAccountRepository userAccountRepository;
+    private final StudentRepository studentRepository;
+    private final InstructorRepository instructorRepository;
 
-    public UserAuthenticationService(UserAccountRepository userAccountRepository) {
+    public UserAuthenticationService(
+            UserAccountRepository userAccountRepository,
+            StudentRepository studentRepository,
+            InstructorRepository instructorRepository
+    ) {
         this.userAccountRepository = userAccountRepository;
+        this.studentRepository = studentRepository;
+        this.instructorRepository = instructorRepository;
     }
 
     @Override
-    public UserDetails loadUserByUsername(String emailAddress) throws UsernameNotFoundException {
+    public AuthenticatedUser loadUserByUsername(String emailAddress) throws UsernameNotFoundException {
         UserAccountEntity user = userAccountRepository.findByEmailAddress(emailAddress);
         if (user == null) {
             throw new UsernameNotFoundException("No user found for provided emailAddress address");
         }
-        return new org.springframework.security.core.userdetails.User(
-                user.emailAddress(),
-                user.passwordHash(),
-                Collections.singletonList(
-                        new SimpleGrantedAuthority("ROLE_" + user.role().name())));
+
+        return switch (user.role()) {
+            case student -> {
+                StudentEntity student = studentRepository.findById(user.userId());
+                yield new AuthenticatedUser(user.userId(), student.firstName(), student.lastName(), user.emailAddress(), user.role());
+            }
+            case instructor -> {
+                InstructorEntity instructor = instructorRepository.findById(user.userId());
+                yield new AuthenticatedUser(user.userId(), instructor.firstName(), instructor.lastName(), user.emailAddress(), user.role());
+            }
+        };
+    }
+
+    public AuthenticatedUser currentAuthenticatedUser() {
+        var authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (authentication != null && authentication.isAuthenticated()) {
+            var principal = authentication.getPrincipal();
+            if (principal instanceof AuthenticatedUser user) {
+                return user;
+            }
+        }
+        throw new IllegalStateException("No AuthenticatedUser");
+    }
+
+    public void register(String firstName, String lastName, String emailAddress, String password) {
+        // For simplicity, we will register every new user as a student
+        // In a real-world application, you might want to allow registering as an instructor as well
+        // and have an admin approve instructor accounts before they can log in
+        studentRepository.insertStudent(firstName, lastName, emailAddress, password);
     }
 }

src/main/java/net/hackyourfuture/coursehub/web/UserAuthenticationController.java

@@ -1,15 +1,13 @@
 package net.hackyourfuture.coursehub.web;
 
 import jakarta.servlet.http.HttpServletRequest;
-import net.hackyourfuture.coursehub.data.InstructorEntity;
-import net.hackyourfuture.coursehub.data.StudentEntity;
-import net.hackyourfuture.coursehub.data.UserAccountEntity;
 import net.hackyourfuture.coursehub.repository.InstructorRepository;
 import net.hackyourfuture.coursehub.repository.StudentRepository;
-import net.hackyourfuture.coursehub.repository.UserAccountRepository;
+import net.hackyourfuture.coursehub.service.UserAuthenticationService;
 import net.hackyourfuture.coursehub.web.model.HttpErrorResponse;
 import net.hackyourfuture.coursehub.web.model.LoginRequest;
 import net.hackyourfuture.coursehub.web.model.LoginSuccessResponse;
+import net.hackyourfuture.coursehub.web.model.RegisterRequest;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
@@ -28,55 +26,23 @@
 @RestController
 public class UserAuthenticationController {
     private final AuthenticationManager authenticationManager;
-    private final UserAccountRepository userAccountRepository;
+    private final UserAuthenticationService userAuthenticationService;
     private final StudentRepository studentRepository;
-    private final InstructorRepository instructorRepository;
 
     public UserAuthenticationController(
             AuthenticationManager authenticationManager,
-            UserAccountRepository userAccountRepository,
-            StudentRepository studentRepository,
-            InstructorRepository instructorRepository) {
+            UserAuthenticationService userAuthenticationService,
+            StudentRepository studentRepository) {
         this.authenticationManager = authenticationManager;
-        this.userAccountRepository = userAccountRepository;
+        this.userAuthenticationService = userAuthenticationService;
         this.studentRepository = studentRepository;
-        this.instructorRepository = instructorRepository;
     }
 
     @PostMapping("/login")
     public ResponseEntity<Object> login(@RequestBody LoginRequest request, HttpServletRequest httpRequest) {
         try {
-            // Authenticate the user with the provided credentials (email and password)
-            Authentication authentication = authenticationManager.authenticate(
-                    new UsernamePasswordAuthenticationToken(request.emailAddress(), request.password()));
-            // Save the authenticated user in the Spring security context
-            SecurityContextHolder.getContext().setAuthentication(authentication);
-            // Ensure a session is created for the authenticated user
-            httpRequest.getSession(true);
-
-            // Retrieve the corresponding user data from the database to return
-            UserAccountEntity user = userAccountRepository.findByEmailAddress(request.emailAddress());
-            if (user == null) {
-                return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
-                        .body(new HttpErrorResponse("No user found for provided email address"));
-            }
-
-            String firstName = null;
-            String lastName = null;
-            switch (user.role()) {
-                case student -> {
-                    StudentEntity student = studentRepository.findById(user.userId());
-                    firstName = student.firstName();
-                    lastName = student.lastName();
-                }
-                case instructor -> {
-                    InstructorEntity instructor = instructorRepository.findById(user.userId());
-                    firstName = instructor.firstName();
-                    lastName = instructor.lastName();
-                }
-            }
-            return ResponseEntity.ok(
-                    new LoginSuccessResponse(user.userId(), firstName, lastName, user.emailAddress(), user.role()));
+            var response = authenticate(httpRequest, request.emailAddress(), request.password());
+            return ResponseEntity.ok(response);
         } catch (AuthenticationException e) {
             if (e instanceof BadCredentialsException) {
                 return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
@@ -90,4 +56,43 @@ public ResponseEntity<Object> login(@RequestBody LoginRequest request, HttpServl
                     .body(new HttpErrorResponse("Something went wrong"));
         }
     }
-}
+
+    @PostMapping("/logout")
+    public ResponseEntity<?> logout(HttpServletRequest httpRequest) {
+        SecurityContextHolder.clearContext();
+        httpRequest.getSession().invalidate();
+        return ResponseEntity.ok().build();
+    }
+
+    @PostMapping("/register")
+    public LoginSuccessResponse register(@RequestBody RegisterRequest request, HttpServletRequest httpRequest) {
+        userAuthenticationService.register(
+                request.firstName(),
+                request.lastName(),
+                request.emailAddress(),
+                request.password()
+        );
+
+        return authenticate(httpRequest, request.emailAddress(), request.password());
+    }
+
+    private LoginSuccessResponse authenticate(HttpServletRequest httpRequest, String email, String password) {
+        // Authenticate the user with the provided credentials (email and password)
+        Authentication authentication = authenticationManager.authenticate(
+                new UsernamePasswordAuthenticationToken(email, password));
+        // Save the authenticated user in the Spring security context
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+        // Ensure a session is created for the authenticated user
+        httpRequest.getSession(true);
+
+        // Retrieve the corresponding user data to return in a login response
+        var authenticatedUser = userAuthenticationService.currentAuthenticatedUser();
+        return new LoginSuccessResponse(
+                authenticatedUser.userId(),
+                authenticatedUser.firstName(),
+                authenticatedUser.lastName(),
+                authenticatedUser.emailAddress(),
+                authenticatedUser.role()
+        );
+    }
+}

src/main/java/net/hackyourfuture/coursehub/web/model/RegisterRequest.java

@@ -0,0 +1,9 @@
+package net.hackyourfuture.coursehub.web.model;
+
+public record RegisterRequest(
+        String firstName,
+        String lastName,
+        String emailAddress,
+        String password
+) {
+}