Feature/auth

src/main/kotlin/pt/up/fe/ni/website/backend/controller/AuthController.kt

@@ -7,7 +7,6 @@ import org.springframework.web.bind.annotation.RequestBody
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
 import pt.up.fe.ni.website.backend.service.AuthService
-import javax.servlet.http.HttpServletRequest
 
 data class LoginDto(
     val email: String,
@@ -37,7 +36,7 @@ class AuthController(val authService: AuthService) {
 
     @GetMapping
     @PreAuthorize("hasRole('MEMBER')")
-    fun checkAuthentication(request: HttpServletRequest): Map<String, String> {
+    fun checkAuthentication(): Map<String, String> {
         val account = authService.getAuthenticatedAccount()
         return mapOf("authenticated_user" to account.email)
     }

src/main/kotlin/pt/up/fe/ni/website/backend/controller/ErrorController.kt

@@ -13,8 +13,6 @@ import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.ResponseStatus
 import org.springframework.web.bind.annotation.RestController
 import org.springframework.web.bind.annotation.RestControllerAdvice
-import org.springframework.web.server.ResponseStatusException
-import javax.servlet.http.HttpServletResponse
 import javax.validation.ConstraintViolationException
 
 data class SimpleError(
@@ -110,12 +108,6 @@ class ErrorController : ErrorController {
         return wrapSimpleError(e.message ?: "invalid authentication")
     }
 
-    @ExceptionHandler(ResponseStatusException::class)
-    fun expectedError(e: ResponseStatusException, response: HttpServletResponse): CustomError {
-        response.status = e.status.value()
-        return wrapSimpleError(e.reason ?: (e.message))
-    }
-
     fun wrapSimpleError(msg: String, param: String? = null, value: Any? = null) = CustomError(
         mutableListOf(SimpleError(msg, param, value))
     )

src/main/kotlin/pt/up/fe/ni/website/backend/service/AuthService.kt

@@ -1,6 +1,5 @@
 package pt.up.fe.ni.website.backend.service
 
-import org.springframework.http.HttpStatus
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.GrantedAuthority
 import org.springframework.security.core.authority.SimpleGrantedAuthority
@@ -10,8 +9,8 @@ import org.springframework.security.oauth2.jwt.JwtClaimsSet
 import org.springframework.security.oauth2.jwt.JwtDecoder
 import org.springframework.security.oauth2.jwt.JwtEncoder
 import org.springframework.security.oauth2.jwt.JwtEncoderParameters
+import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException
 import org.springframework.stereotype.Service
-import org.springframework.web.server.ResponseStatusException
 import pt.up.fe.ni.website.backend.config.auth.AuthConfigProperties
 import pt.up.fe.ni.website.backend.model.Account
 import java.time.Duration
@@ -29,9 +28,9 @@ class AuthService(
     fun authenticate(email: String, password: String): Account {
         val account = accountService.getAccountByEmail(email)
         if (!passwordEncoder.matches(password, account.password)) {
-            throw ResponseStatusException(HttpStatus.UNPROCESSABLE_ENTITY, "invalid credentials")
+            throw InvalidBearerTokenException("invalid credentials")
         }
-        val authentication = UsernamePasswordAuthenticationToken(email, password, getAuthorities(account))
+        val authentication = UsernamePasswordAuthenticationToken(email, password, getAuthorities())
         SecurityContextHolder.getContext().authentication = authentication
         return account
     }
@@ -49,10 +48,10 @@ class AuthService(
             try {
                 jwtDecoder.decode(refreshToken)
             } catch (e: Exception) {
-                throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "invalid refresh token")
+                throw InvalidBearerTokenException("invalid refresh token")
             }
         if (jwt.expiresAt?.isBefore(Instant.now()) != false) {
-            throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "refresh token has expired")
+            throw InvalidBearerTokenException("refresh token has expired")
         }
         val account = accountService.getAccountByEmail(jwt.subject)
         return generateAccessToken(account)
@@ -64,7 +63,7 @@ class AuthService(
     }
 
     private fun generateToken(account: Account, expiration: Duration, isRefresh: Boolean = false): String {
-        val roles = if (isRefresh) emptyList() else getAuthorities(account)
+        val roles = if (isRefresh) emptyList() else getAuthorities() // TODO: Pass account to getAuthorities()
         val scope = roles
             .stream()
             .map(GrantedAuthority::getAuthority)
@@ -81,7 +80,7 @@ class AuthService(
         return jwtEncoder.encode(JwtEncoderParameters.from(claims)).tokenValue
     }
 
-    private fun getAuthorities(account: Account): List<GrantedAuthority> {
+    private fun getAuthorities(): List<GrantedAuthority> {
         return listOf("BOARD", "MEMBER").stream() // TODO: get roles from account
             .map { role -> SimpleGrantedAuthority(role) }
             .collect(Collectors.toList())

src/test/kotlin/pt/up/fe/ni/website/backend/controller/AccountControllerTest.kt

@@ -401,16 +401,10 @@ class AccountControllerTest @Autowired constructor(
         // password is ignored on serialization, so add it manually
         // for account creation test cases
         return objectMapper.writeValueAsString(
-            mapOf(
-                "name" to this?.name,
-                "email" to this?.email,
-                "password" to this?.password,
-                "bio" to this?.bio,
-                "birthDate" to this?.birthDate.toJson(),
-                "photoPath" to this?.photoPath,
-                "linkedin" to this?.linkedin,
-                "github" to this?.github,
-                "websites" to this?.websites
+            objectMapper.convertValue(this, Map::class.java).plus(
+                mapOf(
+                    "password" to this?.password
+                )
             )
         )
     }

src/test/kotlin/pt/up/fe/ni/website/backend/controller/AuthControllerTest.kt

@@ -60,7 +60,7 @@ class AuthControllerTest @Autowired constructor(
         }
 
         @Test
-        fun `should fail when email is invalid`() {
+        fun `should fail when email is not registered`() {
             mockMvc.post("/auth/new") {
                 contentType = MediaType.APPLICATION_JSON
                 content = objectMapper.writeValueAsString(
@@ -81,7 +81,7 @@ class AuthControllerTest @Autowired constructor(
                 contentType = MediaType.APPLICATION_JSON
                 content = objectMapper.writeValueAsString(LoginDto(testAccount.email, "wrong_password"))
             }.andExpect {
-                status { isUnprocessableEntity() }
+                status { isUnauthorized() }
                 jsonPath("$.errors[0].message") { value("invalid credentials") }
             }
         }
@@ -179,7 +179,5 @@ class AuthControllerTest @Autowired constructor(
                 }
             }
         }
-
-        // TODO: Add tests for role access when implemented
     }
 }