force authoritization

Author: Wassim-Rached

src/main/java/com/example/usermanagement/dto/permissions/CreatePermissionDTO.java

@@ -1,13 +1,13 @@
-package com.example.usermanagement;
+package com.ics;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 
 @SpringBootApplication
-public class UserManagementApplication {
+public class IcsApplication {
 
     public static void main(String[] args) {
-        SpringApplication.run(UserManagementApplication.class, args);
+        SpringApplication.run(IcsApplication.class, args);
     }
 
 }

src/main/java/com/example/usermanagement/dto/roles/CreateRoleDTO.java

@@ -1,9 +1,9 @@
-package com.example.usermanagement.advices;
+package com.ics.advices;
 
 
-import com.example.usermanagement.exceptions.BadRequestException;
-import com.example.usermanagement.exceptions.ForbiddenException;
-import com.example.usermanagement.exceptions.InputValidationException;
+import com.ics.exceptions.BadRequestException;
+import com.ics.exceptions.ForbiddenException;
+import com.ics.exceptions.InputValidationException;
 import jakarta.persistence.EntityExistsException;
 import jakarta.persistence.EntityNotFoundException;
 import org.springframework.dao.DataIntegrityViolationException;

…anagement/UserManagementApplication.java src/main/java/com/ics/IcsApplication.javasrc/main/java/com/example/usermanagement/UserManagementApplication.java renamed to src/main/java/com/ics/IcsApplication.java src/main/java/com/example/usermanagement/UserManagementApplication.java renamed to src/main/java/com/ics/IcsApplication.java

@@ -1,4 +1,4 @@
-package com.example.usermanagement.advices;
+package com.ics.advices;
 
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Profile;

…/advices/ControllerExceptionHandler.java …/advices/ControllerExceptionHandler.javasrc/main/java/com/example/usermanagement/advices/ControllerExceptionHandler.java renamed to src/main/java/com/ics/advices/ControllerExceptionHandler.java src/main/java/com/example/usermanagement/advices/ControllerExceptionHandler.java renamed to src/main/java/com/ics/advices/ControllerExceptionHandler.java

@@ -1,4 +1,4 @@
-package com.example.usermanagement.configuration;
+package com.ics.configuration;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

…/advices/ProductionExceptionHandler.java …/advices/ProductionExceptionHandler.javasrc/main/java/com/example/usermanagement/advices/ProductionExceptionHandler.java renamed to src/main/java/com/ics/advices/ProductionExceptionHandler.java src/main/java/com/example/usermanagement/advices/ProductionExceptionHandler.java renamed to src/main/java/com/ics/advices/ProductionExceptionHandler.java

@@ -1,11 +1,13 @@
-package com.example.usermanagement.configuration;
+package com.ics.configuration;
 
-import com.example.usermanagement.filters.JwtAuthenticationFilter;
+import com.ics.filters.JwtAuthenticationFilter;
+import com.ics.handlers.CustomAccessDeniedHandler;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -20,9 +22,11 @@
 
 @Configuration
 @RequiredArgsConstructor
+@EnableMethodSecurity
 public class SecurityConfiguration {
 
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
+    private final CustomAccessDeniedHandler accessDeniedHandler;
 
     @Bean
     public PasswordEncoder passwordEncoder() {
@@ -47,18 +51,24 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
             http
                     .cors(Customizer.withDefaults())
                     .csrf(AbstractHttpConfigurer::disable)
+                    .exceptionHandling(exceptionHandling ->
+                            exceptionHandling
+                                    .accessDeniedHandler(accessDeniedHandler)
+                    )
                     .authorizeHttpRequests(authorizeRequests ->
                             authorizeRequests
-                                    .requestMatchers(HttpMethod.OPTIONS,"/**").permitAll()
+                                    // allow all preflight requests
+                                    .requestMatchers(HttpMethod.OPTIONS).permitAll()
+                                    // allow all public endpoints
                                     .requestMatchers("/","/api/health").permitAll()
-                                    .requestMatchers(HttpMethod.POST,
-                                            "/api/accounts",
-                                            "/api/accounts/verify-email/resend"
-                                            ).permitAll()
-                                    .requestMatchers(HttpMethod.GET,
-                                            "/api/accounts/verify-email",
-                                            "/api/accounts/reset-password/request"
-                                    ).permitAll()
+                                    // account creation
+                                    .requestMatchers(HttpMethod.POST, "/api/accounts").permitAll()
+                                    // email verification
+                                    .requestMatchers(HttpMethod.GET, "/api/accounts/verify-email").permitAll()
+                                    .requestMatchers(HttpMethod.POST, "/api/accounts/verify-email/resend").permitAll()
+                                    // password resetting
+                                    .requestMatchers(HttpMethod.POST, "/api/accounts/reset-password","/api/accounts/reset-password/resend").permitAll()
+                                    // others require authentication
                                     .anyRequest().authenticated()
                     );
 

…ent/configuration/MainConfiguration.java …ics/configuration/MainConfiguration.javasrc/main/java/com/example/usermanagement/configuration/MainConfiguration.java renamed to src/main/java/com/ics/configuration/MainConfiguration.java src/main/java/com/example/usermanagement/configuration/MainConfiguration.java renamed to src/main/java/com/ics/configuration/MainConfiguration.java

@@ -1,13 +1,12 @@
-package com.example.usermanagement.controllers;
-
-import com.example.usermanagement.dto.accounts.*;
-import com.example.usermanagement.entities.Account;
-import com.example.usermanagement.events.publishers.emails.EmailVerificationTokenGeneratedEvent;
-import com.example.usermanagement.events.publishers.emails.PasswordResetGeneratedEvent;
-import com.example.usermanagement.interfaces.services.IAccountService;
-import com.example.usermanagement.interfaces.services.IEmailService;
-import com.example.usermanagement.interfaces.services.IEmailVerificationTokenService;
-import com.example.usermanagement.interfaces.services.IPasswordResetTokenService;
+package com.ics.controllers;
+
+import com.ics.dto.accounts.*;
+import com.ics.entities.Account;
+import com.ics.events.publishers.emails.EmailVerificationTokenGeneratedEvent;
+import com.ics.events.publishers.emails.PasswordResetGeneratedEvent;
+import com.ics.interfaces.services.IAccountService;
+import com.ics.interfaces.services.IEmailVerificationTokenService;
+import com.ics.interfaces.services.IPasswordResetTokenService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.data.domain.Page;
@@ -118,10 +117,24 @@ public ResponseEntity<String> requestResetPassword(@RequestParam String email) {
         return new ResponseEntity<>("Password reset token sent", HttpStatus.OK);
     }
 
+    @GetMapping("/reset-password")
+    public ResponseEntity<String> isResetPasswordTokenValid(@RequestParam String token, @RequestParam String newPassword) {
+        String email =  passwordResetTokenService.validatePasswordResetToken(token);
+        return new ResponseEntity<>(email, HttpStatus.OK);
+    }
+
     @PostMapping("/reset-password")
-    public ResponseEntity<String> confirmResetPassword(@RequestBody ResetPasswordRequest requestBody) {
-        accountService.resetPassword(requestBody.getToken(), requestBody.getNewPassword());
-        return new ResponseEntity<>("Password reset", HttpStatus.OK);
+    public ResponseEntity<String> consumeResetPassword(@RequestBody ResetPasswordRequest requestBody) {
+        String newPassword = requestBody.getNewPassword();
+        String email =  passwordResetTokenService.consumePasswordResetToken(requestBody.getToken());
+
+        Account account = accountService.getAccountByEmail(email);
+
+        accountService.resetPassword(account,newPassword);
+
+        eventPublisher.publishEvent(new PasswordResetGeneratedEvent(this, email, newPassword));
+
+        return new ResponseEntity<>(email + " password reset", HttpStatus.OK);
     }
 
     @PostMapping("/change-password")
@@ -130,7 +143,6 @@ public ResponseEntity<String> changePassword(@RequestBody ChangePasswordRequest
         return new ResponseEntity<>("Password changed", HttpStatus.OK);
     }
 
-
     // special info management related
     @PostMapping("/{accountId}/identity-verification")
     public ResponseEntity<String> verifyIdentity(@RequestParam boolean verify, @PathVariable UUID accountId) {

…configuration/SecurityConfiguration.java …configuration/SecurityConfiguration.javasrc/main/java/com/example/usermanagement/configuration/SecurityConfiguration.java renamed to src/main/java/com/ics/configuration/SecurityConfiguration.java src/main/java/com/example/usermanagement/configuration/SecurityConfiguration.java renamed to src/main/java/com/ics/configuration/SecurityConfiguration.java

@@ -1,7 +1,7 @@
-package com.example.usermanagement.controllers;
+package com.ics.controllers;
 
-import com.example.usermanagement.dto.DependencyStatus;
-import com.example.usermanagement.dto.HealthCheckResponse;
+import com.ics.dto.DependencyStatus;
+import com.ics.dto.HealthCheckResponse;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;

…ement/controllers/AccountController.java …m/ics/controllers/AccountController.javasrc/main/java/com/example/usermanagement/controllers/AccountController.java renamed to src/main/java/com/ics/controllers/AccountController.java src/main/java/com/example/usermanagement/controllers/AccountController.java renamed to src/main/java/com/ics/controllers/AccountController.java

@@ -1,10 +1,10 @@
-package com.example.usermanagement.controllers;
+package com.ics.controllers;
 
-import com.example.usermanagement.dto.permissions.CreatePermissionDTO;
-import com.example.usermanagement.dto.permissions.DetailedPermissionDTO;
-import com.example.usermanagement.dto.permissions.GeneralPermissionDTO;
-import com.example.usermanagement.entities.Permission;
-import com.example.usermanagement.interfaces.services.IPermissionService;
+import com.ics.dto.permissions.CreatePermissionDTO;
+import com.ics.dto.permissions.DetailedPermissionDTO;
+import com.ics.dto.permissions.GeneralPermissionDTO;
+import com.ics.entities.Permission;
+import com.ics.interfaces.services.IPermissionService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.data.domain.Page;
 import org.springframework.http.ResponseEntity;