Added website stuff for Web-User administarion and additional requestMatchers

Author: fnkbsi

src/main/java/de/rwth/idsg/steve/config/SecurityConfiguration.java

@@ -86,6 +86,27 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         "/WEB-INF/views/**" // https://github.com/spring-projects/spring-security/issues/13285#issuecomment-1579097065
                     ).permitAll()
                     .requestMatchers(prefix + "/**").hasAuthority("ADMIN")
+                    .requestMatchers(prefix + "/home").hasAnyAuthority("USER", "ADMIN")
+                     // webuser
+                    .requestMatchers(prefix + "/webusers").hasAnyAuthority("USER", "ADMIN")
+                    .requestMatchers(prefix + "/webusers" + "/details/**").hasAnyAuthority("USER", "ADMIN")
+                    // users
+                    .requestMatchers(prefix + "/users").hasAnyAuthority("USER", "ADMIN")
+                    .requestMatchers(prefix + "/users" + "/details/**").hasAnyAuthority("USER", "ADMIN")
+                     //ocppTags
+                    .requestMatchers(prefix + "/ocppTags").hasAnyAuthority("USER", "ADMIN")
+                    .requestMatchers(prefix + "/ocppTags" + "/details/**").hasAnyAuthority("USER", "ADMIN")
+                     // chargepoints
+                    .requestMatchers(prefix + "/chargepoints").hasAnyAuthority("USER", "ADMIN")
+                    .requestMatchers(prefix + "/chargepoints" + "/details/**").hasAnyAuthority("USER", "ADMIN")
+                     // transactions and reservations
+                    .requestMatchers(prefix + "/transactions").hasAnyAuthority("USER", "ADMIN")
+                    .requestMatchers(prefix + "/transactions" + "/details/**").hasAnyAuthority("USER", "ADMIN")
+                    .requestMatchers(prefix + "/reservations").hasAnyAuthority("USER", "ADMIN")
+                    .requestMatchers(prefix + "/reservations" + "/**").hasAnyAuthority("ADMIN")
+                     // singout and noAccess
+                    .requestMatchers(prefix + "/signout/" + "**").hasAnyAuthority("USER", "ADMIN")
+                    .requestMatchers(prefix + "/noAccess/" + "**").hasAnyAuthority("USER", "ADMIN")
             )
             // SOAP stations are making POST calls for communication. even though the following path is permitted for
             // all access, there is a global default behaviour from spring security: enable CSRF for all POSTs.
@@ -100,6 +121,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
             .logout(
                 req -> req.logoutUrl(prefix + "/signout")
             )
+            .exceptionHandling(
+                req -> req.accessDeniedPage(prefix + "/noAccess")
+            )
             .build();
     }
 

src/main/java/de/rwth/idsg/steve/repository/WebUserRepository.java

@@ -19,6 +19,9 @@
 package de.rwth.idsg.steve.repository;
 
 import jooq.steve.db.tables.records.WebUserRecord;
+import de.rwth.idsg.steve.repository.dto.WebUserOverview;
+import de.rwth.idsg.steve.web.dto.WebUserQueryForm;
+import java.util.List;
 
 public interface WebUserRepository  {
 
@@ -38,5 +41,9 @@ public interface WebUserRepository  {
 
     boolean userExists(String username);
 
+    WebUserRecord loadUserByUsePk(Integer webUserPk);
     WebUserRecord loadUserByUsername(String username);
-}
+
+    List<WebUserOverview> getOverview(WebUserQueryForm form);
+
+}

src/main/java/de/rwth/idsg/steve/repository/dto/WebUserOverview.java

@@ -0,0 +1,31 @@
+/*
+ * SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve
+ * Copyright (C) 2013-2024 SteVe Community Team
+ * All Rights Reserved.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package de.rwth.idsg.steve.repository.dto;
+import lombok.Builder;
+import lombok.Getter;
+
+@Getter
+@Builder
+public final class WebUserOverview {
+
+    private final Integer webUserPk;
+    private final Boolean enabled;
+    private final String webusername;
+    private final String[] autorithies;
+}

src/main/java/de/rwth/idsg/steve/repository/impl/GenericRepositoryImpl.java

@@ -28,7 +28,7 @@
 import org.jooq.DSLContext;
 import org.jooq.Field;
 import org.jooq.Record2;
-import org.jooq.Record8;
+import org.jooq.Record9;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Repository;
 
@@ -39,6 +39,7 @@
 import static jooq.steve.db.tables.OcppTag.OCPP_TAG;
 import static jooq.steve.db.tables.SchemaVersion.SCHEMA_VERSION;
 import static jooq.steve.db.tables.User.USER;
+import static jooq.steve.db.tables.WebUser.WEB_USER;
 import static org.jooq.impl.DSL.max;
 import static org.jooq.impl.DSL.select;
 
@@ -103,7 +104,12 @@ public Statistics getStats() {
                    .where(date(CHARGE_BOX.LAST_HEARTBEAT_TIMESTAMP).lessThan(date(yesterdaysNow)))
                    .asField("heartbeats_earlier");
 
-        Record8<Integer, Integer, Integer, Integer, Integer, Integer, Integer, Integer> gs =
+        Field<Integer> numWebUsers =
+                ctx.selectCount()
+                   .from(WEB_USER)
+                   .asField("num_webusers");
+
+        Record9<Integer, Integer, Integer, Integer, Integer, Integer, Integer, Integer, Integer> gs =
                 ctx.select(
                         numChargeBoxes,
                         numOcppTags,
@@ -112,7 +118,8 @@ public Statistics getStats() {
                         numTransactions,
                         heartbeatsToday,
                         heartbeatsYesterday,
-                        heartbeatsEarlier
+                        heartbeatsEarlier,
+                        numWebUsers
                 ).fetchOne();
 
         return Statistics.builder()
@@ -124,6 +131,7 @@ public Statistics getStats() {
                          .heartbeatToday(gs.value6())
                          .heartbeatYesterday(gs.value7())
                          .heartbeatEarlier(gs.value8())
+                         .numWebUsers(gs.value9())
                          .build();
     }
 

src/main/java/de/rwth/idsg/steve/repository/impl/WebUserRepositoryImpl.java

@@ -18,7 +18,12 @@
  */
 package de.rwth.idsg.steve.repository.impl;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import de.rwth.idsg.steve.repository.WebUserRepository;
+import de.rwth.idsg.steve.repository.dto.WebUserOverview;
+import de.rwth.idsg.steve.web.dto.WebUserQueryForm;
+import java.util.List;
 import jooq.steve.db.tables.records.WebUserRecord;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -27,6 +32,9 @@
 import org.springframework.stereotype.Repository;
 
 import static jooq.steve.db.Tables.WEB_USER;
+import org.jooq.Record4;
+import org.jooq.Result;
+import org.jooq.SelectQuery;
 import static org.jooq.impl.DSL.condition;
 import static org.jooq.impl.DSL.count;
 
@@ -40,6 +48,7 @@
 public class WebUserRepositoryImpl implements WebUserRepository {
 
     private final DSLContext ctx;
+    private final ObjectMapper jacksonObjectMapper;
 
     @Override
     public void createUser(WebUserRecord user) {
@@ -53,12 +62,22 @@ public void createUser(WebUserRecord user) {
 
     @Override
     public void updateUser(WebUserRecord user) {
-        ctx.update(WEB_USER)
-            .set(WEB_USER.PASSWORD, user.getPassword())
-            .set(WEB_USER.ENABLED, user.getEnabled())
-            .set(WEB_USER.AUTHORITIES, user.getAuthorities())
-            .where(WEB_USER.USERNAME.eq(user.getUsername()))
-            .execute();
+        // There is not alway the need to change the password
+        if (user.getPassword().isBlank()) {
+            ctx.update(WEB_USER)
+                .set(WEB_USER.USERNAME, user.getUsername())
+                .set(WEB_USER.ENABLED, user.getEnabled())
+                .set(WEB_USER.AUTHORITIES, user.getAuthorities())
+                .where(WEB_USER.USERNAME.eq(user.getUsername()))
+                .execute();
+        } else {
+            ctx.update(WEB_USER)
+                .set(WEB_USER.PASSWORD, user.getPassword())
+                .set(WEB_USER.ENABLED, user.getEnabled())
+                .set(WEB_USER.AUTHORITIES, user.getAuthorities())
+                .where(WEB_USER.USERNAME.eq(user.getUsername()))
+                .execute();
+        }
     }
 
     @Override
@@ -115,4 +134,61 @@ public WebUserRecord loadUserByUsername(String username) {
             .where(WEB_USER.USERNAME.eq(username))
             .fetchOne();
     }
-}
+
+    @Override
+    public WebUserRecord loadUserByUsePk(Integer webUserPk) {
+        return ctx.selectFrom(WEB_USER)
+            .where(WEB_USER.WEB_USER_PK.eq(webUserPk))
+            .fetchOne();
+    }
+
+    @Override
+    public List<WebUserOverview> getOverview(WebUserQueryForm form) {
+        return getOverviewInternal(form)
+                .map(r -> WebUserOverview.builder()
+                        .webUserPk(r.value1())
+                        .webusername(r.value2())
+                        .enabled(r.value3())
+                        .autorithies(fromJson(r.value4()))
+                        .build()
+                );
+    }
+
+     private String[] fromJson(JSON jsonArray) {
+        try {
+            return jacksonObjectMapper.readValue(jsonArray.data(), String[].class);
+        } catch (JsonProcessingException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    @SuppressWarnings("unchecked")
+    private Result<Record4<Integer, String, Boolean, JSON>> getOverviewInternal(WebUserQueryForm form) {
+        SelectQuery selectQuery = ctx.selectQuery();
+        selectQuery.addFrom(WEB_USER);
+        selectQuery.addSelect(
+                WEB_USER.WEB_USER_PK,
+                WEB_USER.USERNAME,
+                WEB_USER.ENABLED,
+                WEB_USER.AUTHORITIES
+        );
+
+        if (form.isSetWebusername()) {
+            selectQuery.addConditions(WEB_USER.USERNAME.eq(form.getWebusername()));
+        }
+
+        if (form.isSetEnabled()) {
+            selectQuery.addConditions(WEB_USER.ENABLED.eq(form.getEnabled()));
+        }
+
+        if (form.isSetRoles()) {
+            String[] roles = form.getRoles().split(","); //Semicolon seperated String to StringArray
+            for (String role : roles) {
+                JSON authValue = JSON.json("\"" + role.strip() + "\"");
+                selectQuery.addConditions(condition("json_contains({0}, {1})", WEB_USER.AUTHORITIES, authValue)); // strip--> No Withspace
+            }
+        }
+
+        return selectQuery.fetch();
+    }
+}

src/main/java/de/rwth/idsg/steve/service/WebUserService.java

@@ -21,7 +21,12 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import de.rwth.idsg.steve.SteveConfiguration;
+import de.rwth.idsg.steve.SteveException;
 import de.rwth.idsg.steve.repository.WebUserRepository;
+import de.rwth.idsg.steve.repository.dto.WebUserOverview;
+import de.rwth.idsg.steve.web.dto.WebUserForm;
+import de.rwth.idsg.steve.web.dto.WebUserQueryForm;
+import java.util.ArrayList;
 import jooq.steve.db.tables.records.WebUserRecord;
 import lombok.RequiredArgsConstructor;
 import org.jooq.JSON;
@@ -42,10 +47,13 @@
 
 import java.util.Collection;
 import java.util.LinkedHashSet;
+import java.util.List;
 import java.util.stream.Collectors;
 
 import static org.springframework.security.authentication.UsernamePasswordAuthenticationToken.authenticated;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import static org.springframework.security.core.context.SecurityContextHolder.getContextHolderStrategy;
+import org.springframework.security.crypto.password.PasswordEncoder;
 
 /**
  * Inspired by {@link org.springframework.security.provisioning.JdbcUserDetailsManager}
@@ -60,6 +68,7 @@ public class WebUserService implements UserDetailsManager {
     private final ObjectMapper jacksonObjectMapper;
     private final WebUserRepository webUserRepository;
     private final SecurityContextHolderStrategy securityContextHolderStrategy = getContextHolderStrategy();
+    private final PasswordEncoder encoder;
 
     @EventListener
     public void afterStart(ContextRefreshedEvent event) {
@@ -153,6 +162,53 @@ public boolean hasUserWithAuthority(String authority) {
         return count != null && count > 0;
     }
 
+    // Methods for the website
+    public void add(WebUserForm form) {
+        createUser(toUserDetails(form));
+    }
+
+
+    public void update(WebUserForm form) {
+        updateUser(toUserDetails(form));
+    }
+
+    public List<WebUserOverview> getOverview(WebUserQueryForm form) {
+        return webUserRepository.getOverview(form);
+    }
+
+    public WebUserForm getDetails(Integer webuserpk) {
+        WebUserRecord ur = webUserRepository.loadUserByUsePk(webuserpk);
+
+        if (ur == null) {
+            throw new SteveException("There is no user with id '%d'", webuserpk);
+        }
+
+        WebUserForm form = new WebUserForm();
+
+        form.setEnabled(ur.getEnabled());
+        form.setWebusername(ur.getUsername());
+        form.setPassword(ur.getPassword());
+        form.setApitoken(ur.getApiToken());
+        form.setAuthorities(rolesStr(fromJson(ur.getAuthorities())));
+
+        return form;
+    }
+
+    private static String rolesStr(String[] authorities) {
+        String roles = "";
+
+        for (String ar : authorities) {
+            roles = roles + ar + ", ";
+        }
+        roles = roles.strip();
+        if (!roles.isBlank()) { //(roles.endsWith(","))
+            roles = roles.substring(0, roles.length() - 1);
+        }
+
+        return roles;
+    }
+
+    // Helpers
     private WebUserRecord toWebUserRecord(UserDetails user) {
         return new WebUserRecord()
             .setUsername(user.getUsername())
@@ -161,6 +217,22 @@ private WebUserRecord toWebUserRecord(UserDetails user) {
             .setAuthorities(toJson(user.getAuthorities()));
     }
 
+    private UserDetails toUserDetails(WebUserForm form) {
+        String encPw = "";
+        if (form.getPassword()!= null) {
+            //encPw = form.getPassword();
+            encPw = encoder.encode(form.getPassword());
+        }
+        var user = User
+                .withUsername(form.getWebusername())
+                .password(encPw)
+                .disabled(!form.getEnabled())
+                .authorities(toAuthorities(form.getAuthorities()))
+                .build();
+        return user;
+    }
+
+
     private String[] fromJson(JSON jsonArray) {
         try {
             return jacksonObjectMapper.readValue(jsonArray.data(), String[].class);
@@ -169,6 +241,15 @@ private String[] fromJson(JSON jsonArray) {
         }
     }
 
+    private Collection<? extends GrantedAuthority> toAuthorities(String authoritiesStr) {
+        String[] authoritiesList = authoritiesStr.split(",");
+        List<GrantedAuthority> authorities = new ArrayList<>();
+        for (String authStr: authoritiesList) {
+            authorities.add(new SimpleGrantedAuthority(authStr.strip()));
+        }
+        return authorities;
+    }
+
     private JSON toJson(Collection<? extends GrantedAuthority> authorities) {
         Collection<String> auths = authorities.stream()
             .map(GrantedAuthority::getAuthority)