Fix authentication, add registration page

Author: gavlyukovskiy

src/main/java/net/hackyourfuture/coursehub/data/AuthenticatedUser.java

@@ -1,13 +1,37 @@
 package net.hackyourfuture.coursehub.data;
 
+import org.springframework.security.core.CredentialsContainer;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 
 import java.util.Collection;
 import java.util.List;
 
-public record AuthenticatedUser(Integer userId, String firstName, String lastName, String emailAddress, Role role) implements UserDetails {
+public final class AuthenticatedUser implements UserDetails,
+                                                CredentialsContainer {
+    private final Integer userId;
+    private final String firstName;
+    private final String lastName;
+    private final String emailAddress;
+    private final Role role;
+    private String passwordHash;
+
+    public AuthenticatedUser(
+            Integer userId,
+            String firstName,
+            String lastName,
+            String emailAddress,
+            String passwordHash,
+            Role role
+    ) {
+        this.userId = userId;
+        this.firstName = firstName;
+        this.lastName = lastName;
+        this.emailAddress = emailAddress;
+        this.passwordHash = passwordHash;
+        this.role = role;
+    }
 
     @Override
     public String getUsername() {
@@ -16,11 +40,36 @@ public String getUsername() {
 
     @Override
     public String getPassword() {
-        return null;
+        return passwordHash;
     }
 
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities() {
         return List.of(new SimpleGrantedAuthority("ROLE_" + role.name()));
     }
+
+    @Override
+    public void eraseCredentials() {
+        passwordHash = null;
+    }
+
+    public Integer getUserId() {
+        return userId;
+    }
+
+    public String getFirstName() {
+        return firstName;
+    }
+
+    public String getLastName() {
+        return lastName;
+    }
+
+    public String getEmailAddress() {
+        return emailAddress;
+    }
+
+    public Role getRole() {
+        return role;
+    }
 }

src/main/java/net/hackyourfuture/coursehub/service/UserAuthenticationService.java

@@ -10,22 +10,26 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
 @Service
 public class UserAuthenticationService implements UserDetailsService {
     private final UserAccountRepository userAccountRepository;
     private final StudentRepository studentRepository;
     private final InstructorRepository instructorRepository;
+    private final PasswordEncoder passwordEncoder;
 
     public UserAuthenticationService(
             UserAccountRepository userAccountRepository,
             StudentRepository studentRepository,
-            InstructorRepository instructorRepository
+            InstructorRepository instructorRepository,
+            PasswordEncoder passwordEncoder
     ) {
         this.userAccountRepository = userAccountRepository;
         this.studentRepository = studentRepository;
         this.instructorRepository = instructorRepository;
+        this.passwordEncoder = passwordEncoder;
     }
 
     @Override
@@ -38,11 +42,11 @@ public AuthenticatedUser loadUserByUsername(String emailAddress) throws Username
         return switch (user.role()) {
             case student -> {
                 StudentEntity student = studentRepository.findById(user.userId());
-                yield new AuthenticatedUser(user.userId(), student.firstName(), student.lastName(), user.emailAddress(), user.role());
+                yield new AuthenticatedUser(user.userId(), student.firstName(), student.lastName(), user.emailAddress(), user.passwordHash(), user.role());
             }
             case instructor -> {
                 InstructorEntity instructor = instructorRepository.findById(user.userId());
-                yield new AuthenticatedUser(user.userId(), instructor.firstName(), instructor.lastName(), user.emailAddress(), user.role());
+                yield new AuthenticatedUser(user.userId(), instructor.firstName(), instructor.lastName(), user.emailAddress(), user.passwordHash(), user.role());
             }
         };
     }
@@ -62,6 +66,7 @@ public void register(String firstName, String lastName, String emailAddress, Str
         // For simplicity, we will register every new user as a student
         // In a real-world application, you might want to allow registering as an instructor as well
         // and have an admin approve instructor accounts before they can log in
-        studentRepository.insertStudent(firstName, lastName, emailAddress, password);
+        var passwordHash = passwordEncoder.encode(password);
+        studentRepository.insertStudent(firstName, lastName, emailAddress, passwordHash);
     }
 }

src/main/java/net/hackyourfuture/coursehub/web/UserAuthenticationController.java

@@ -1,7 +1,6 @@
 package net.hackyourfuture.coursehub.web;
 
 import jakarta.servlet.http.HttpServletRequest;
-import net.hackyourfuture.coursehub.repository.InstructorRepository;
 import net.hackyourfuture.coursehub.repository.StudentRepository;
 import net.hackyourfuture.coursehub.service.UserAuthenticationService;
 import net.hackyourfuture.coursehub.web.model.HttpErrorResponse;
@@ -88,11 +87,11 @@ private LoginSuccessResponse authenticate(HttpServletRequest httpRequest, String
         // Retrieve the corresponding user data to return in a login response
         var authenticatedUser = userAuthenticationService.currentAuthenticatedUser();
         return new LoginSuccessResponse(
-                authenticatedUser.userId(),
-                authenticatedUser.firstName(),
-                authenticatedUser.lastName(),
-                authenticatedUser.emailAddress(),
-                authenticatedUser.role()
+                authenticatedUser.getUserId(),
+                authenticatedUser.getFirstName(),
+                authenticatedUser.getLastName(),
+                authenticatedUser.getEmailAddress(),
+                authenticatedUser.getRole()
         );
     }
 }