Finished user authentication and logging-in frontend/backend

Breus · Breus · commit f56eaa64ed4f · 2025-09-18T13:09:56.000+02:00
diff --git a/src/main/java/net/hackyourfuture/coursehub/SecurityConfig.java b/src/main/java/net/hackyourfuture/coursehub/SecurityConfig.java
@@ -1,6 +1,5 @@
 package net.hackyourfuture.coursehub;
 
-import net.hackyourfuture.coursehub.service.UserAuthenticationService;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -9,7 +8,6 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
@@ -30,10 +28,14 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                     config.addAllowedMethod("*");
                     return config;
                 }))
-                .authorizeHttpRequests(auth -> auth.requestMatchers("/login", "/register")
+                .authorizeHttpRequests(auth -> auth.requestMatchers(HttpMethod.POST, "/login", "/register")
+                        .permitAll()
+                        .requestMatchers(HttpMethod.OPTIONS, "/login", "/register")
                         .permitAll()
                         .requestMatchers(HttpMethod.GET, "/courses")
                         .permitAll()
+                        .requestMatchers(HttpMethod.OPTIONS, "/courses")
+                        .permitAll()
                         .anyRequest()
                         .authenticated())
                 .build();
@@ -44,11 +46,6 @@ public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
 
-    @Bean
-    public UserDetailsService userDetailsService(UserAuthenticationService userAuthenticationService) {
-        return userAuthenticationService;
-    }
-
     @Bean
     public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
             throws Exception {
diff --git a/src/main/java/net/hackyourfuture/coursehub/data/UserAccountEntity.java b/src/main/java/net/hackyourfuture/coursehub/data/UserAccountEntity.java
@@ -1,3 +1,3 @@
 package net.hackyourfuture.coursehub.data;
 
-public record UserAccountEntity(Integer userId, String passwordHash, String emailAddress, Role role) {}
+public record UserAccountEntity(Integer userId, String emailAddress, String passwordHash, Role role) {}
diff --git a/src/main/java/net/hackyourfuture/coursehub/service/CourseService.java b/src/main/java/net/hackyourfuture/coursehub/service/CourseService.java
@@ -27,7 +27,13 @@ public List<CourseDto> getAllCourses() {
                     }
                     String instructorName = instructor.firstName() + " " + instructor.lastName();
                     return new CourseDto(
-                            c.name(), c.description(), instructorName, c.startDate(), c.endDate(), c.maxEnrollments());
+                            c.courseId(),
+                            c.name(),
+                            c.description(),
+                            instructorName,
+                            c.startDate(),
+                            c.endDate(),
+                            c.maxEnrollments());
                 })
                 .toList();
     }
diff --git a/src/main/java/net/hackyourfuture/coursehub/web/UserAuthenticationController.java b/src/main/java/net/hackyourfuture/coursehub/web/UserAuthenticationController.java
@@ -1,49 +1,93 @@
 package net.hackyourfuture.coursehub.web;
 
+import jakarta.servlet.http.HttpServletRequest;
+import net.hackyourfuture.coursehub.data.InstructorEntity;
+import net.hackyourfuture.coursehub.data.StudentEntity;
 import net.hackyourfuture.coursehub.data.UserAccountEntity;
+import net.hackyourfuture.coursehub.repository.InstructorRepository;
+import net.hackyourfuture.coursehub.repository.StudentRepository;
 import net.hackyourfuture.coursehub.repository.UserAccountRepository;
+import net.hackyourfuture.coursehub.web.model.HttpErrorResponse;
 import net.hackyourfuture.coursehub.web.model.LoginRequest;
-import net.hackyourfuture.coursehub.web.model.LoginResponse;
+import net.hackyourfuture.coursehub.web.model.LoginSuccessResponse;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
 
+@Validated // will make sure that every request body annotated with @RequestBody is validated
 @RestController
 public class UserAuthenticationController {
     private final AuthenticationManager authenticationManager;
     private final UserAccountRepository userAccountRepository;
+    private final StudentRepository studentRepository;
+    private final InstructorRepository instructorRepository;
 
     public UserAuthenticationController(
             AuthenticationManager authenticationManager,
-            UserAccountRepository userAccountRepository) {
+            UserAccountRepository userAccountRepository,
+            StudentRepository studentRepository,
+            InstructorRepository instructorRepository) {
         this.authenticationManager = authenticationManager;
         this.userAccountRepository = userAccountRepository;
+        this.studentRepository = studentRepository;
+        this.instructorRepository = instructorRepository;
     }
 
     @PostMapping("/login")
-    public LoginResponse login(@RequestBody LoginRequest request) {
+    public ResponseEntity<Object> login(@RequestBody LoginRequest request, HttpServletRequest httpRequest) {
         try {
+            // Authenticate the user with the provided credentials (email and password)
             Authentication authentication = authenticationManager.authenticate(
                     new UsernamePasswordAuthenticationToken(request.emailAddress(), request.password()));
+            // Save the authenticated user in the Spring security context
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+            // Ensure a session is created for the authenticated user
+            httpRequest.getSession(true);
+
+            // Retrieve the corresponding user data from the database to return
             UserAccountEntity user = userAccountRepository.findByEmailAddress(request.emailAddress());
             if (user == null) {
-                return new LoginResponse(null, false, "No user found for provided email address");
+                return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                        .body(new HttpErrorResponse("No user found for provided email address"));
+            }
+
+            String firstName = null;
+            String lastName = null;
+            switch (user.role()) {
+                case student -> {
+                    StudentEntity student = studentRepository.findById(user.userId());
+                    firstName = student.firstName();
+                    lastName = student.lastName();
+                }
+                case instructor -> {
+                    InstructorEntity instructor = instructorRepository.findById(user.userId());
+                    firstName = instructor.firstName();
+                    lastName = instructor.lastName();
+                }
             }
-            return new LoginResponse(user.userId(), authentication.isAuthenticated(), null);
+            return ResponseEntity.ok(
+                    new LoginSuccessResponse(user.userId(), firstName, lastName, user.emailAddress(), user.role()));
         } catch (AuthenticationException e) {
             if (e instanceof BadCredentialsException) {
-                return new LoginResponse(null, false, "Invalid credentials provided");
+                return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                        .body(new HttpErrorResponse("Invalid credentials provided"));
             }
             if (e instanceof AuthenticationCredentialsNotFoundException) {
-                return new LoginResponse(null, false, "No user found for provided email address");
+                return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                        .body(new HttpErrorResponse("No user found for provided email address"));
             }
-            return new LoginResponse(null, false, "Something went wrong");
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+                    .body(new HttpErrorResponse("Something went wrong"));
         }
     }
-}
+}
diff --git a/src/main/java/net/hackyourfuture/coursehub/web/model/CourseDto.java b/src/main/java/net/hackyourfuture/coursehub/web/model/CourseDto.java
@@ -3,6 +3,7 @@
 import java.time.LocalDate;
 
 public record CourseDto(
+        Integer courseId,
         String name,
         String description,
         String instructor,
diff --git a/src/main/java/net/hackyourfuture/coursehub/web/model/HttpErrorResponse.java b/src/main/java/net/hackyourfuture/coursehub/web/model/HttpErrorResponse.java
@@ -0,0 +1,3 @@
+package net.hackyourfuture.coursehub.web.model;
+
+public record HttpErrorResponse(String message) {}
diff --git a/src/main/java/net/hackyourfuture/coursehub/web/model/LoginResponse.java b/src/main/java/net/hackyourfuture/coursehub/web/model/LoginResponse.java
diff --git a/src/main/java/net/hackyourfuture/coursehub/web/model/LoginSuccessResponse.java b/src/main/java/net/hackyourfuture/coursehub/web/model/LoginSuccessResponse.java
@@ -0,0 +1,5 @@
+package net.hackyourfuture.coursehub.web.model;
+
+import net.hackyourfuture.coursehub.data.Role;
+
+public record LoginSuccessResponse(Integer userId, String firstName, String lastName, String emailAddress, Role role) {}
diff --git a/src/test/java/net/hackyourfuture/coursehub/service/CourseServiceIntegrationTest.java b/src/test/java/net/hackyourfuture/coursehub/service/CourseServiceIntegrationTest.java
@@ -68,22 +68,34 @@ void setUp() {
 
     @Test
     void shouldReturnCourses() {
+        var allCourses = courseRepository.findAll();
+        var course1 = allCourses.stream()
+                .filter(c -> "Test Course 1".equals(c.name()))
+                .findFirst()
+                .orElseThrow();
+        var course2 = allCourses.stream()
+                .filter(c -> "Test Course 2".equals(c.name()))
+                .findFirst()
+                .orElseThrow();
+
         var courses = courseService.getAllCourses();
 
         assertThat(courses)
                 .contains(new CourseDto(
+                        course1.courseId(),
                         "Test Course 1",
                         "Description 1",
                         "Artur Havliukovskyi",
-                        LocalDate.now(),
-                        LocalDate.now().plusDays(30),
+                        course1.startDate(),
+                        course1.endDate(),
                         30))
                 .contains(new CourseDto(
+                        course2.courseId(),
                         "Test Course 2",
                         "Description 2",
                         "Breus Blaauwendraad",
-                        LocalDate.now(),
-                        LocalDate.now().plusDays(60),
+                        course2.startDate(),
+                        course2.endDate(),
                         50));
     }
 }
diff --git a/src/test/java/net/hackyourfuture/coursehub/service/CourseServiceTest.java b/src/test/java/net/hackyourfuture/coursehub/service/CourseServiceTest.java
@@ -61,14 +61,14 @@ void shouldReturnCoursesWithInstructorNames() {
 
         assertThat(courses)
                 .hasSize(2)
-                .contains(new CourseDto(
+                .contains(new CourseDto(1,
                         "Testing course",
                         "A course about testing",
                         "Alice Smith",
                         LocalDate.of(2026, Month.JANUARY, 15),
                         LocalDate.of(2026, Month.MARCH, 1),
                         30))
-                .contains(new CourseDto(
+                .contains(new CourseDto(2,
                         "Spring course",
                         "A course about using Spring Boot",
                         "Bob Johnson",
diff --git a/ui/src/App.tsx b/ui/src/App.tsx
@@ -1,20 +1,34 @@
-import { createBrowserRouter, RouterProvider } from 'react-router'
+import React, {useEffect, useState} from "react";
+import {createBrowserRouter, RouterProvider} from 'react-router'
 import HomePage from './pages/HomePage'
 import Login from './pages/Login'
-
-const router = createBrowserRouter([
-    {
-        path: '/',
-        element: <HomePage />
-    },
-    {
-        path: '/login',
-        element: <Login />
-    },
-])
+import type {User} from './types/User';
 
 function App() {
-    return <RouterProvider router={router} />
+    const [user, setUser] = useState<User | null>(null);
+
+    const router = createBrowserRouter([
+        {
+            path: '/',
+            element: <HomePage user={user} setUser={setUser}/>
+        },
+        {
+            path: '/login',
+            element: <Login user={user} setUser={setUser}/>
+        },
+    ]);
+
+    useEffect(() => {
+        // Try to load user from localStorage on app start
+        const storedUser = localStorage.getItem("user");
+        if (storedUser) {
+            setUser(JSON.parse(storedUser));
+        }
+    }, []);
+
+    return (
+        <RouterProvider router={router}/>
+    );
 }
 
-export default App
+export default App;
diff --git a/ui/src/components/Header.tsx b/ui/src/components/Header.tsx
@@ -1,6 +1,24 @@
-import {Link} from 'react-router'
+import {Link} from "react-router";
+import {User} from "../types/User";
+
+function Header({user, setUser}: {
+    user: User | null;
+    setUser: (user: User | null) => void;
+}) {
+
+    const logout = async () => {
+        try {
+            await fetch("http://localhost:8080/logout", {
+                method: "POST",
+                credentials: "include",
+            });
+        } catch (e) {
+            // Optionally handle error
+        }
+        setUser(null);
+        localStorage.removeItem("user");
+    };
 
-function Header() {
     return (
         <header className="bg-white shadow-md py-4 px-8 flex items-center justify-between">
             <div className="flex items-center gap-8">
@@ -12,14 +30,32 @@ function Header() {
                         Courses</Link>
                 </nav>
             </div>
-            <Link
-                to="/login"
-                className="bg-blue-600 text-white px-5 py-2 rounded-full font-semibold shadow hover:bg-blue-700 transition"
-            >
-                Log In
-            </Link>
+            <div>
+                {user ? (
+                    <div className="flex items-center gap-4">
+                        <span>
+                            {user.firstName} {user.lastName} ({user.role})
+                        </span>
+                        <button
+                            onClick={logout}
+                            className="bg-blue-600 text-white px-5 py-2 rounded-full font-semibold shadow hover:bg-blue-700 transition"
+                        >
+                            Log out
+                        </button>
+                    </div>
+                ) : (
+                    <Link
+                        to="/login"
+                        className="bg-blue-600 text-white px-5 py-2 rounded-full font-semibold shadow hover:bg-blue-700 transition"
+                    >
+                        Log In
+                    </Link>
+
+                )}
+            </div>
         </header>
     )
 }
 
 export default Header
+
diff --git a/ui/src/pages/HomePage.tsx b/ui/src/pages/HomePage.tsx
@@ -1,11 +1,13 @@
 import {useEffect, useState} from 'react'
 import '../App.css'
+import type {Course} from '../types/Course';
+import {User} from "../types/User";
 import Header from '../components/Header'
-import { useConfig } from '../ConfigContext';
+import {useConfig} from '../ConfigContext';
 
-function HomePage() {
+function HomePage({user, setUser}: { user: User | null, setUser: (user: User | null) => void }) {
+    const [courses, setCourses] = useState<Course[]>([]);
     const { backendUrl } = useConfig();
-    const [courses, setCourses] = useState([])
 
     useEffect(() => {
         fetch(`${backendUrl}/courses`)
@@ -16,7 +18,7 @@ function HomePage() {
 
     return (
         <div className="min-h-screen bg-gray-50">
-            <Header/>
+            <Header user={user} setUser={setUser}/>
             <div className="max-w-5xl mx-auto mt-10 pb-5">
                 <h1 className="text-4xl font-extrabold mb-8 text-gray-800">All Courses</h1>
                 <div className="overflow-x-auto">
@@ -56,3 +58,5 @@ function HomePage() {
 }
 
 export default HomePage
+
+
diff --git a/ui/src/pages/Login.tsx b/ui/src/pages/Login.tsx
diff --git a/ui/src/types/Course.ts b/ui/src/types/Course.ts
diff --git a/ui/src/types/User.ts b/ui/src/types/User.ts
diff --git a/ui/tsconfig.json b/ui/tsconfig.json

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`package net.hackyourfuture.coursehub.data;`
`2`	`2`
`3`		`-public record UserAccountEntity(Integer userId, String passwordHash, String emailAddress, Role role) {}`
	`3`	`+public record UserAccountEntity(Integer userId, String emailAddress, String passwordHash, Role role) {}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+package net.hackyourfuture.coursehub.web.model;`
	`2`	`+`
	`3`	`+public record HttpErrorResponse(String message) {}`