Updated Security

jioo · jioo · commit 48e689500b91 · 2018-08-09T23:06:05.000+08:00
-- WEB API --
-Added authorize attribute to controllers
-Deleted readme.me

-- WEB CLIENT --
-Removed default login credential in login form
-Updated footer
diff --git a/WebApi/Controllers/AccountsController.cs b/WebApi/Controllers/AccountsController.cs
@@ -15,7 +15,7 @@
 
 namespace WebApi.Controllers
 {
-    // [Authorize(Roles = "Admin")]
+    [Authorize(Roles = "Admin")]
     [Route("api/[controller]")]
     public class AccountsController : ControllerBase
     {
diff --git a/WebApi/Controllers/ConfigController.cs b/WebApi/Controllers/ConfigController.cs
@@ -15,6 +15,7 @@
 
 namespace WebApi.Controllers
 {
+    [Authorize(Roles = "Admin")]
     [Route("api/[controller]")]
     [ApiController]
     public class ConfigController : ControllerBase
diff --git a/WebApi/Controllers/EmployeeController.cs b/WebApi/Controllers/EmployeeController.cs
@@ -15,6 +15,7 @@
 
 namespace WebApi.Controllers
 {
+    [Authorize(Roles = "Admin")]
     [Route("api/[controller]")]
     [ApiController]
     public class EmployeeController : ControllerBase
@@ -43,6 +44,7 @@ public async Task<IActionResult> Find(Guid id)
             return new OkObjectResult( JsonConvert.SerializeObject(res, settings) );
         }
         
+        
         // PUT api/employee
         [HttpPut]
         public async Task<IActionResult> Update([FromBody]EmployeeViewModel model)
diff --git a/WebApi/Controllers/LogController.cs b/WebApi/Controllers/LogController.cs
@@ -15,6 +15,7 @@
 
 namespace WebApi.Controllers
 {
+    [Authorize]
     [Route("api/[controller]")]
     [ApiController]
     public class LogController : ControllerBase
@@ -37,6 +38,7 @@ public async Task<IActionResult> Index()
 
         // POST api/log
         [HttpPost]
+        [AllowAnonymous]
         public async Task<IActionResult> Log([FromBody] LogInOutViewModel model)
         {
             var user = await _service.CheckCardNo(model);
@@ -51,6 +53,7 @@ public async Task<IActionResult> Log([FromBody] LogInOutViewModel model)
 
         // PUT api/log
         [HttpPut]
+        [Authorize(Roles = "Admin")]
         public async Task<IActionResult> Update([FromBody]LogEditViewModel model)
         {
             try
diff --git a/WebApi/Repositories/ContextRepository.cs b/WebApi/Repositories/ContextRepository.cs
@@ -19,11 +19,6 @@ public ContextRepository(DbContext context)
             _dbSet = context.Set<TEntity>();
         }
 
-        private static object GetPropValue(object src, string propName)
-        {
-            return src.GetType().GetProperty(propName).GetValue(src, null);
-        }
-
         public TEntity GetFirstOrDefault(Expression<Func<TEntity, bool>> filter = null, params Expression<Func<TEntity, object>>[] includes)
         {
             IQueryable<TEntity> query = _dbSet;
diff --git a/WebApi/Startup.cs b/WebApi/Startup.cs
@@ -45,8 +45,8 @@ public Startup(IConfiguration configuration, IHostingEnvironment env)
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
-            // string SecretKey = Configuration["AppSecret"];
-            string SecretKey = "141FE29A91D7FA1A13F3C713BB789";
+            string SecretKey = Configuration["AppSecret"];
+            // string SecretKey = "141FE29A91D7FA1A13F3C713BB789";
             SymmetricSecurityKey _signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(SecretKey));
 
             // Add framework services.
diff --git a/WebApi/appsettings.json b/WebApi/appsettings.json
@@ -13,12 +13,12 @@
     "Audience": "http://localhost:5000/"
   },
   "DefaultAdminCredentials": {
-    "UserName": "superadmin",
+    "UserName": "admin",
     "Password": "123456"
   },
   "AttendanceConfig": {
     "TimeIn": "9:00",
     "TimeOut": "18:00",
-    "GracePeriod": "15"
+    "GraceTime": "15"
   }
 }
diff --git a/WebClient/README.md b/WebClient/README.md
diff --git a/WebClient/src/App.vue b/WebClient/src/App.vue
@@ -1,27 +1,28 @@
 <template>
     <div id="app">
         <v-app dark>
-          <app-header />
-          <v-content>
-              <!-- <transition name="fade-transition"> -->
-                  <router-view />
-              <!-- </transition> -->
-              <notifications />
-          </v-content>
-          <v-footer app>
-            <span>&copy; 2018</span>
-          </v-footer>
+            <app-header />
+            <v-content>
+                <router-view />
+                <notifications />
+            </v-content>
+            <app-footer />
+            <!-- <v-footer app>
+                <span>&copy; 2018</span>
+            </v-footer> -->
         </v-app>
     </div>
 </template>
 
 <script>
 import AppHeader from '@/views/app-header'
+import AppFooter from '@/views/app-footer'
 
 export default {
     name: 'App',
     components: {
-        AppHeader
+        AppHeader,
+        AppFooter
     }
 }
 </script>
@@ -30,7 +31,6 @@ export default {
     .vue-notification {
         padding: 10px;
         margin: 12px 5px 0 5px;
-
         font-size: 14px;
     }
 </style>
diff --git a/WebClient/src/components/log-employee-form.vue b/WebClient/src/components/log-employee-form.vue
@@ -24,7 +24,6 @@
 <script>
 import { LOG_EMPLOYEE } from '@/store/actions-type'
 import { mapGetters } from 'vuex'
-// import { HubConnection } from '@aspnet/signalr'
 import * as signalR from "@aspnet/signalr";
 
 
diff --git a/WebClient/src/components/login-form.vue b/WebClient/src/components/login-form.vue
@@ -29,8 +29,8 @@ export default {
         return {
             valid: false,
             form: {
-                username: 'superadmin',
-                password: '123456'
+                username: '',
+                password: ''
             },
             required: (value) => !!value || 'This field is required.'
         }
diff --git a/WebClient/src/components/nav-bar.vue b/WebClient/src/components/nav-bar.vue
@@ -2,7 +2,7 @@
     <div>
         <v-toolbar app fixed clipped-left>
             <v-toolbar-side-icon @click.stop="drawer = !drawer"></v-toolbar-side-icon>
-            <v-toolbar-title>BDF ATTENDANCE SYSTEM</v-toolbar-title>
+            <v-toolbar-title>ATTENDANCE SYSTEM</v-toolbar-title>
             <v-spacer></v-spacer>
         </v-toolbar>
         
diff --git a/WebClient/src/views/app-footer.vue b/WebClient/src/views/app-footer.vue
@@ -0,0 +1,34 @@
+<template>
+    <!-- <v-footer class="py-4 text-xs-center" height="auto">
+        <div class="white--text ml-3 body-2 text-xs-center">
+            <v-icon small class="white--text">code</v-icon>
+            with
+            <v-icon small class="red--text">favorite</v-icon>
+            by Justine Joshua Quiazon
+            <v-icon small class="white--text">copyright</v-icon>
+                2018
+        </div>
+    </v-footer> -->
+     <v-footer class="py-3 text-xs-center" height="auto">
+        <v-layout>
+            <v-flex xs12>
+                <v-icon small class="white--text">code</v-icon>
+                with
+                <v-icon small class="red--text">favorite</v-icon>
+                by Justine Joshua Quiazon
+                <v-icon small class="white--text">copyright</v-icon>
+                2018
+            </v-flex>
+        </v-layout>
+    </v-footer>
+</template>
+
+<script>
+    export default {
+        
+    }
+</script>
+
+<style scoped>
+
+</style>

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@`
`15`	`15`
`16`	`16`	`namespace WebApi.Controllers`
`17`	`17`	`{`
`18`		`- // [Authorize(Roles = "Admin")]`
	`18`	`+ [Authorize(Roles = "Admin")]`
`19`	`19`	`[Route("api/[controller]")]`
`20`	`20`	`public class AccountsController : ControllerBase`
`21`	`21`	`{`
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@`
`15`	`15`
`16`	`16`	`namespace WebApi.Controllers`
`17`	`17`	`{`
	`18`	`+ [Authorize(Roles = "Admin")]`
`18`	`19`	`[Route("api/[controller]")]`
`19`	`20`	`[ApiController]`
`20`	`21`	`public class ConfigController : ControllerBase`
Original file line number	Diff line number	Diff line change
`@@ -19,11 +19,6 @@ public ContextRepository(DbContext context)`
`19`	`19`	`_dbSet = context.Set<TEntity>();`
`20`	`20`	`}`
`21`	`21`
`22`		`- private static object GetPropValue(object src, string propName)`
`23`		`- {`
`24`		`- return src.GetType().GetProperty(propName).GetValue(src, null);`
`25`		`- }`
`26`		`-`
`27`	`22`	`public TEntity GetFirstOrDefault(Expression<Func<TEntity, bool>> filter = null, params Expression<Func<TEntity, object>>[] includes)`
`28`	`23`	`{`
`29`	`24`	`IQueryable<TEntity> query = _dbSet;`