diff --git a/183_12_1_tresorbackend_rupe-master/pom.xml b/183_12_1_tresorbackend_rupe-master/pom.xml
index b0dc20d..0b8aba1 100644
--- a/183_12_1_tresorbackend_rupe-master/pom.xml
+++ b/183_12_1_tresorbackend_rupe-master/pom.xml
@@ -66,6 +66,28 @@
jasypt-spring-boot-starter
3.0.5
+
+
+
+ org.bouncycastle
+ bcprov-jdk18on
+ 1.76
+
+
+
+
+ org.springframework.security
+ spring-security-crypto
+ 6.1.2
+
+
+
+
+ commons-codec
+ commons-codec
+ 1.16.0
+
+
diff --git a/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/controller/UserController.java b/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/controller/UserController.java
index 758102b..4d5e7bc 100644
--- a/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/controller/UserController.java
+++ b/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/controller/UserController.java
@@ -32,150 +32,153 @@ import java.util.stream.Collectors;
@RequestMapping("api/users")
public class UserController {
- private UserService userService;
- private PasswordEncryptionService passwordService;
- private final ConfigProperties configProperties;
- private static final Logger logger = LoggerFactory.getLogger(UserController.class);
+ private UserService userService;
+ private PasswordEncryptionService passwordService;
+ private final ConfigProperties configProperties;
+ private static final Logger logger = LoggerFactory.getLogger(UserController.class);
- @Autowired
- public UserController(ConfigProperties configProperties, UserService userService,
- PasswordEncryptionService passwordService) {
- this.configProperties = configProperties;
- System.out.println("UserController.UserController: cross origin: " + configProperties.getOrigin());
- // Logging in the constructor
- logger.info("UserController initialized: " + configProperties.getOrigin());
- logger.debug("UserController.UserController: Cross Origin Config: {}", configProperties.getOrigin());
- this.userService = userService;
- this.passwordService = passwordService;
- }
+ @Autowired
+ public UserController(ConfigProperties configProperties, UserService userService,
+ PasswordEncryptionService passwordService) {
+ this.configProperties = configProperties;
+ System.out.println("UserController.UserController: cross origin: " + configProperties.getOrigin());
+ // Logging in the constructor
+ logger.info("UserController initialized: " + configProperties.getOrigin());
+ logger.debug("UserController.UserController: Cross Origin Config: {}", configProperties.getOrigin());
+ this.userService = userService;
+ this.passwordService = passwordService;
+ }
- // build create User REST API
- @CrossOrigin(origins = "${CROSS_ORIGIN}")
- @PostMapping
- public ResponseEntity createUser(@Valid @RequestBody RegisterUser registerUser, BindingResult bindingResult) {
- //captcha
- //todo ergänzen
+ // build create User REST API
+ @CrossOrigin(origins = "${CROSS_ORIGIN}")
+ @PostMapping
+ public ResponseEntity createUser(@Valid @RequestBody RegisterUser registerUser, BindingResult bindingResult) {
+ //captcha
+ //todo ergänzen
- System.out.println("UserController.createUser: captcha passed.");
+ System.out.println("UserController.createUser: captcha passed.");
- //input validation
- if (bindingResult.hasErrors()) {
- List errors = bindingResult.getFieldErrors().stream()
- .map(fieldError -> fieldError.getField() + ": " + fieldError.getDefaultMessage())
- .collect(Collectors.toList());
- System.out.println("UserController.createUser " + errors);
+ //input validation
+ if (bindingResult.hasErrors()) {
+ List errors = bindingResult.getFieldErrors().stream()
+ .map(fieldError -> fieldError.getField() + ": " + fieldError.getDefaultMessage())
+ .collect(Collectors.toList());
+ System.out.println("UserController.createUser " + errors);
- JsonArray arr = new JsonArray();
- errors.forEach(arr::add);
- JsonObject obj = new JsonObject();
- obj.add("message", arr);
- String json = new Gson().toJson(obj);
+ JsonArray arr = new JsonArray();
+ errors.forEach(arr::add);
+ JsonObject obj = new JsonObject();
+ obj.add("message", arr);
+ String json = new Gson().toJson(obj);
- System.out.println("UserController.createUser, validation fails: " + json);
- return ResponseEntity.badRequest().body(json);
- }
- System.out.println("UserController.createUser: input validation passed");
+ System.out.println("UserController.createUser, validation fails: " + json);
+ return ResponseEntity.badRequest().body(json);
+ }
+ System.out.println("UserController.createUser: input validation passed");
- //password validation
- //todo ergänzen
- System.out.println("UserController.createUser, password validation passed");
+ //password validation
+ //todo ergänzen
+ System.out.println("UserController.createUser, password validation passed");
- //transform registerUser to user
- User user = new User(
- null,
- registerUser.getFirstName(),
- registerUser.getLastName(),
- registerUser.getEmail(),
- passwordService.hashPassword(registerUser.getPassword())
- );
+ //transform registerUser to user
+ String salt = PasswordEncryptionService.generateSalt();
- User savedUser = userService.createUser(user);
- System.out.println("UserController.createUser, user saved in db");
- JsonObject obj = new JsonObject();
- obj.addProperty("answer", "User Saved");
- String json = new Gson().toJson(obj);
- System.out.println("UserController.createUser " + json);
- return ResponseEntity.accepted().body(json);
- }
+ User user = new User(
+ null,
+ registerUser.getFirstName(),
+ registerUser.getLastName(),
+ registerUser.getEmail(),
+ passwordService.hashPassword(registerUser.getPassword(), salt),
+ salt
+ );
- // build get user by id REST API
- // http://localhost:8080/api/users/1
- @CrossOrigin(origins = "${CROSS_ORIGIN}")
- @GetMapping("{id}")
- public ResponseEntity getUserById(@PathVariable("id") Long userId) {
- User user = userService.getUserById(userId);
- return new ResponseEntity<>(user, HttpStatus.OK);
- }
+ User savedUser = userService.createUser(user);
+ System.out.println("UserController.createUser, user saved in db");
+ JsonObject obj = new JsonObject();
+ obj.addProperty("answer", "User Saved");
+ String json = new Gson().toJson(obj);
+ System.out.println("UserController.createUser " + json);
+ return ResponseEntity.accepted().body(json);
+ }
- // Build Get All Users REST API
- // http://localhost:8080/api/users
- @CrossOrigin(origins = "${CROSS_ORIGIN}")
- @GetMapping
- public ResponseEntity> getAllUsers() {
- List users = userService.getAllUsers();
- return new ResponseEntity<>(users, HttpStatus.OK);
- }
+ // build get user by id REST API
+ // http://localhost:8080/api/users/1
+ @CrossOrigin(origins = "${CROSS_ORIGIN}")
+ @GetMapping("{id}")
+ public ResponseEntity getUserById(@PathVariable("id") Long userId) {
+ User user = userService.getUserById(userId);
+ return new ResponseEntity<>(user, HttpStatus.OK);
+ }
- // Build Update User REST API
- // http://localhost:8080/api/users/1
- @CrossOrigin(origins = "${CROSS_ORIGIN}")
- @PutMapping("{id}")
- public ResponseEntity updateUser(@PathVariable("id") Long userId,
- @RequestBody User user) {
- user.setId(userId);
- User updatedUser = userService.updateUser(user);
- return new ResponseEntity<>(updatedUser, HttpStatus.OK);
- }
+ // Build Get All Users REST API
+ // http://localhost:8080/api/users
+ @CrossOrigin(origins = "${CROSS_ORIGIN}")
+ @GetMapping
+ public ResponseEntity> getAllUsers() {
+ List users = userService.getAllUsers();
+ return new ResponseEntity<>(users, HttpStatus.OK);
+ }
- // Build Delete User REST API
- @CrossOrigin(origins = "${CROSS_ORIGIN}")
- @DeleteMapping("{id}")
- public ResponseEntity deleteUser(@PathVariable("id") Long userId) {
- userService.deleteUser(userId);
- return new ResponseEntity<>("User successfully deleted!", HttpStatus.OK);
- }
+ // Build Update User REST API
+ // http://localhost:8080/api/users/1
+ @CrossOrigin(origins = "${CROSS_ORIGIN}")
+ @PutMapping("{id}")
+ public ResponseEntity updateUser(@PathVariable("id") Long userId,
+ @RequestBody User user) {
+ user.setId(userId);
+ User updatedUser = userService.updateUser(user);
+ return new ResponseEntity<>(updatedUser, HttpStatus.OK);
+ }
+
+ // Build Delete User REST API
+ @CrossOrigin(origins = "${CROSS_ORIGIN}")
+ @DeleteMapping("{id}")
+ public ResponseEntity deleteUser(@PathVariable("id") Long userId) {
+ userService.deleteUser(userId);
+ return new ResponseEntity<>("User successfully deleted!", HttpStatus.OK);
+ }
- // get user id by email
- @CrossOrigin(origins = "${CROSS_ORIGIN}")
- @PostMapping("/byemail")
- public ResponseEntity getUserIdByEmail(@RequestBody EmailAdress email, BindingResult bindingResult) {
- System.out.println("UserController.getUserIdByEmail: " + email);
- //input validation
- if (bindingResult.hasErrors()) {
- List errors = bindingResult.getFieldErrors().stream()
- .map(fieldError -> fieldError.getField() + ": " + fieldError.getDefaultMessage())
- .collect(Collectors.toList());
- System.out.println("UserController.createUser " + errors);
+ // get user id by email
+ @CrossOrigin(origins = "${CROSS_ORIGIN}")
+ @PostMapping("/byemail")
+ public ResponseEntity getUserIdByEmail(@RequestBody EmailAdress email, BindingResult bindingResult) {
+ System.out.println("UserController.getUserIdByEmail: " + email);
+ //input validation
+ if (bindingResult.hasErrors()) {
+ List errors = bindingResult.getFieldErrors().stream()
+ .map(fieldError -> fieldError.getField() + ": " + fieldError.getDefaultMessage())
+ .collect(Collectors.toList());
+ System.out.println("UserController.createUser " + errors);
- JsonArray arr = new JsonArray();
- errors.forEach(arr::add);
- JsonObject obj = new JsonObject();
- obj.add("message", arr);
- String json = new Gson().toJson(obj);
+ JsonArray arr = new JsonArray();
+ errors.forEach(arr::add);
+ JsonObject obj = new JsonObject();
+ obj.add("message", arr);
+ String json = new Gson().toJson(obj);
- System.out.println("UserController.createUser, validation fails: " + json);
- return ResponseEntity.badRequest().body(json);
- }
+ System.out.println("UserController.createUser, validation fails: " + json);
+ return ResponseEntity.badRequest().body(json);
+ }
- System.out.println("UserController.getUserIdByEmail: input validation passed");
+ System.out.println("UserController.getUserIdByEmail: input validation passed");
- User user = userService.findByEmail(email.getEmail());
- if (user == null) {
- System.out.println("UserController.getUserIdByEmail, no user found with email: " + email);
- JsonObject obj = new JsonObject();
- obj.addProperty("message", "No user found with this email");
- String json = new Gson().toJson(obj);
+ User user = userService.findByEmail(email.getEmail());
+ if (user == null) {
+ System.out.println("UserController.getUserIdByEmail, no user found with email: " + email);
+ JsonObject obj = new JsonObject();
+ obj.addProperty("message", "No user found with this email");
+ String json = new Gson().toJson(obj);
- System.out.println("UserController.getUserIdByEmail, fails: " + json);
- return ResponseEntity.badRequest().body(json);
- }
- System.out.println("UserController.getUserIdByEmail, user find by email");
- JsonObject obj = new JsonObject();
- obj.addProperty("answer", user.getId());
- String json = new Gson().toJson(obj);
- System.out.println("UserController.getUserIdByEmail " + json);
- return ResponseEntity.accepted().body(json);
- }
+ System.out.println("UserController.getUserIdByEmail, fails: " + json);
+ return ResponseEntity.badRequest().body(json);
+ }
+ System.out.println("UserController.getUserIdByEmail, user find by email");
+ JsonObject obj = new JsonObject();
+ obj.addProperty("answer", user.getId());
+ String json = new Gson().toJson(obj);
+ System.out.println("UserController.getUserIdByEmail " + json);
+ return ResponseEntity.accepted().body(json);
+ }
}
diff --git a/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/model/User.java b/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/model/User.java
index 01d4f6c..cccf563 100644
--- a/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/model/User.java
+++ b/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/model/User.java
@@ -32,4 +32,7 @@ public class User {
@Column(nullable = false)
private String password;
+
+ @Column(nullable = false)
+ private String salt;
}
\ No newline at end of file
diff --git a/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/service/PasswordEncryptionService.java b/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/service/PasswordEncryptionService.java
index 95586db..2f78da7 100644
--- a/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/service/PasswordEncryptionService.java
+++ b/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/service/PasswordEncryptionService.java
@@ -1,21 +1,37 @@
package ch.bbw.pr.tresorbackend.service;
+import lombok.Value;
+import org.bouncycastle.util.encoders.Hex;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
+import java.security.SecureRandom;
+
/**
* PasswordEncryptionService
+ *
* @author Peter Rutschmann
*/
@Service
public class PasswordEncryptionService {
- //todo ergänzen!
- public PasswordEncryptionService() {
- //todo anpassen!
- }
+ public PasswordEncryptionService() {
+ //todo anpassen!
+ }
- public String hashPassword(String password) {
- //todo anpassen!
- return password;
- }
+ public static String generateSalt() {
+ byte[] salt = new byte[5];
+ new SecureRandom().nextBytes(salt);
+ return Hex.toHexString(salt);
+ }
+
+ public String hashPassword(String password, String salt) {
+ BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+ String pepper = new PepperService().getPepper();
+
+ return encoder.encode(pepper + password );
+ }
}
+
+record PasswordBean(String hashedPassword, String Salt) {
+}
\ No newline at end of file
diff --git a/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/service/PepperService.java b/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/service/PepperService.java
new file mode 100644
index 0000000..0c71054
--- /dev/null
+++ b/183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/service/PepperService.java
@@ -0,0 +1,19 @@
+package ch.bbw.pr.tresorbackend.service;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PepperService {
+
+ @Value("${pepper}")
+ private String pepper;
+
+ public String getPepper() {
+ return pepper;
+ }
+
+ public void printPepper() {
+ System.out.println("Pepper value: " + pepper);
+ }
+}
\ No newline at end of file
diff --git a/183_12_1_tresorbackend_rupe-master/src/main/resources/application.properties b/183_12_1_tresorbackend_rupe-master/src/main/resources/application.properties
index 8d10bd5..bf97cfd 100644
--- a/183_12_1_tresorbackend_rupe-master/src/main/resources/application.properties
+++ b/183_12_1_tresorbackend_rupe-master/src/main/resources/application.properties
@@ -8,4 +8,6 @@ spring.datasource.password=1234
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect
spring.jpa.hibernate.ddl-auto=update
-CROSS_ORIGIN=http://localhost:3000
\ No newline at end of file
+CROSS_ORIGIN=http://localhost:3000
+
+pepper=VfQqM
\ No newline at end of file