diff --git a/server/src/main/java/com/vpr/server/controller/EventController.java b/server/src/main/java/com/vpr/server/controller/EventController.java index c642393..8132ef0 100644 --- a/server/src/main/java/com/vpr/server/controller/EventController.java +++ b/server/src/main/java/com/vpr/server/controller/EventController.java @@ -8,6 +8,7 @@ import com.vpr.server.repository.UserEventRepository; import com.vpr.server.repository.UserRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; @@ -34,7 +35,7 @@ public class EventController { @PostMapping(path = "/add") public @ResponseBody - String addEvent( + ResponseEntity addEvent( @RequestParam Integer userId, @RequestParam String date, @RequestParam String name, @@ -53,7 +54,7 @@ public class EventController { event.setName(name); } else { System.out.println("NAME IST ZU KURZ"); - throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Format nicht korrekt"); + return new ResponseEntity<>("Der Name ist zu kurz", HttpStatus.BAD_REQUEST); } try { @@ -84,7 +85,7 @@ public class EventController { userEvent.setDate(new java.sql.Date(simpleDateFormat.parse(date).getTime())); } catch (Exception e) { System.out.println("DATE FORMAT NOT CORRECT"); - throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Format nicht korrekt"); + return new ResponseEntity<>("Datumformat nicht korrekt", HttpStatus.BAD_REQUEST); } userEvent.setEvent(event); @@ -97,15 +98,15 @@ public class EventController { eventRepository.save(event); userEventRepository.save(userEvent); - return ""; + return new ResponseEntity<>("", HttpStatus.OK); } @PostMapping(path = "/del") public @ResponseBody - String delEvent(@RequestParam Integer eventId) { + ResponseEntity delEvent(@RequestParam Integer eventId) { eventRepository.deleteUserEventsById(Long.valueOf(eventId)); eventRepository.deleteById(Long.valueOf(eventId)); - return "Deleted"; + return new ResponseEntity<>("", HttpStatus.OK); } @PostMapping(path = "/all") diff --git a/server/src/main/java/com/vpr/server/controller/MainController.java b/server/src/main/java/com/vpr/server/controller/MainController.java index 368ce48..7435fbb 100644 --- a/server/src/main/java/com/vpr/server/controller/MainController.java +++ b/server/src/main/java/com/vpr/server/controller/MainController.java @@ -33,4 +33,10 @@ public class MainController { public String statusTest(){ throw new ResponseStatusException(HttpStatus.I_AM_A_TEAPOT, "TestTestTest"); } + + @PostMapping(path = "/header-test") + public ResponseEntity headerTest(@RequestHeader("Authorization") String authorizationHeader){ + System.out.println("authorizationHeader: " + authorizationHeader); + return new ResponseEntity<>(authorizationHeader, HttpStatus.OK); + } } \ No newline at end of file diff --git a/server/src/main/java/com/vpr/server/controller/UserController.java b/server/src/main/java/com/vpr/server/controller/UserController.java index e1ce3d9..f48ed43 100644 --- a/server/src/main/java/com/vpr/server/controller/UserController.java +++ b/server/src/main/java/com/vpr/server/controller/UserController.java @@ -6,6 +6,7 @@ import com.vpr.server.security.Hasher; import com.vpr.server.security.Token; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.*; import org.springframework.web.server.ResponseStatusException; @@ -26,15 +27,21 @@ public class UserController { @PostMapping(path = "/add") public @ResponseBody - String addNewUser( + ResponseEntity addNewUser( + @RequestHeader("Authorization") String authorizationHeader, @RequestParam String name, @RequestParam String forename, @RequestParam String login, @RequestParam String password, @RequestParam Boolean isAdmin ) { + User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]); + if(authUser == null || authUser.isAdmin()){ + return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED); + } + if(userRepository.findByLogin(login) != null){ - throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Login exestiert bereits!"); + return new ResponseEntity<>( "Login exestiert bereits", HttpStatus.BAD_REQUEST); } byte[] salt = Hasher.GenerateSalt(); @@ -43,7 +50,7 @@ public class UserController { hash = Hasher.HashPassword(password, salt); } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { e.printStackTrace(); - throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, "Fehler beim hashen"); + return new ResponseEntity<>( "Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR); } User user = new User(); @@ -57,12 +64,12 @@ public class UserController { user.setAdmin(isAdmin); userRepository.save(user); - return "" + user.getId(); + return new ResponseEntity<>( "" + user.getId(), HttpStatus.OK); } @PostMapping(path = "/login") public @ResponseBody - String login( + ResponseEntity login( @RequestParam String login, @RequestParam String password ) { @@ -70,7 +77,7 @@ public class UserController { User user = userRepository.findByLogin(login); if (user == null) { System.out.println("Login for " + login + " failed."); - throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Falscher login"); + return new ResponseEntity<>( "Falscher login", HttpStatus.UNAUTHORIZED); } byte[] salt = user.getSalt(); @@ -79,7 +86,7 @@ public class UserController { hash = Hasher.HashPassword(password, salt); } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { e.printStackTrace(); - throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, "Fehler beim hashen"); + return new ResponseEntity<>( "Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR); } if (Arrays.equals(user.getPassword(), hash)) { @@ -90,19 +97,26 @@ public class UserController { System.out.println(user.getLogin() + " is now logged in."); System.out.println(Token.Verify(Token.Generate(user.getLogin()), user.getLogin())); - return token + " " + user.getId(); + return new ResponseEntity<>( token + " " + user.getId(), HttpStatus.OK); } System.out.println(user.getLogin() + " failed to logged in."); System.out.println("entered : " + javax.xml.bind.DatatypeConverter.printHexBinary(hash)); System.out.println("required: " + javax.xml.bind.DatatypeConverter.printHexBinary(user.getPassword())); - throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Falscher login"); + return new ResponseEntity<>( "Falscher login", HttpStatus.UNAUTHORIZED); } @PostMapping(path = "/del") - public @ResponseBody String deleteUser(@RequestParam Integer userId) { + public @ResponseBody ResponseEntity deleteUser( + @RequestHeader("Authorization") String authorizationHeader, + @RequestParam Integer userId + ) { + User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]); + if(authUser == null || authUser.isAdmin()){ + return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED); + } userRepository.deleteById(Long.valueOf(userId)); - return "Deleted"; + return new ResponseEntity<>( "", HttpStatus.OK); } /***************** diff --git a/server/src/main/java/com/vpr/server/repository/UserRepository.java b/server/src/main/java/com/vpr/server/repository/UserRepository.java index cf8dd1f..c80d801 100644 --- a/server/src/main/java/com/vpr/server/repository/UserRepository.java +++ b/server/src/main/java/com/vpr/server/repository/UserRepository.java @@ -20,4 +20,6 @@ public interface UserRepository extends CrudRepository { User findByLoginAndPassword(String login, byte[] password); void deleteById(long id); + + User findByToken(String token); } \ No newline at end of file