diff --git a/src/main/java/com/sellbycar/marketplace/ad/AdvertisementController.java b/src/main/java/com/sellbycar/marketplace/ad/AdvertisementController.java index 95c6250..f354099 100644 --- a/src/main/java/com/sellbycar/marketplace/ad/AdvertisementController.java +++ b/src/main/java/com/sellbycar/marketplace/ad/AdvertisementController.java @@ -46,7 +46,7 @@ public ResponseEntity>> searchAdvertisement( pattern = "^(cheap|expensive|new|old)$" ) ) - @PathParam("sort") String sortBy, + @RequestParam("sort") String sortBy, @Parameter( description = "Page number", schema = @Schema(implementation = Integer.class) diff --git a/src/main/java/com/sellbycar/marketplace/auth/AuthController.java b/src/main/java/com/sellbycar/marketplace/auth/AuthController.java index b1a933c..05720c9 100644 --- a/src/main/java/com/sellbycar/marketplace/auth/AuthController.java +++ b/src/main/java/com/sellbycar/marketplace/auth/AuthController.java @@ -7,7 +7,6 @@ import io.swagger.v3.oas.annotations.media.Schema; import io.swagger.v3.oas.annotations.responses.ApiResponse; import io.swagger.v3.oas.annotations.responses.ApiResponses; -import io.swagger.v3.oas.annotations.security.SecurityRequirement; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.mail.MessagingException; import jakarta.security.auth.message.AuthException; @@ -87,7 +86,6 @@ public ResponseEntity registerUser(@RequestBody SignupRequest signUpRequest) }), @ApiResponse(responseCode = "401", description = "Unauthorized") }) - @SecurityRequirement(name = "Bearer Authentication") public ResponseEntity getNewAccessToken(@RequestBody JwtResponse response) throws AuthException { final JwtResponse token = authService.getJwtAccessToken(response.getJwtRefreshToken()); return ResponseUtil.ok("Access Token", token); @@ -101,7 +99,6 @@ public ResponseEntity getNewAccessToken(@RequestBody JwtResponse response) th }), @ApiResponse(responseCode = "401", description = "Unauthorized") }) - @SecurityRequirement(name = "Bearer Authentication") public ResponseEntity getNewRefreshToken(@RequestBody JwtResponse response) throws AuthException { final JwtResponse token = authService.getJwtRefreshToken(response.getJwtRefreshToken()); return ResponseUtil.create("Refresh token", HttpStatus.OK, token); diff --git a/src/main/java/com/sellbycar/marketplace/auth/AuthServiceImpl.java b/src/main/java/com/sellbycar/marketplace/auth/AuthServiceImpl.java index 346a083..5c63b4a 100644 --- a/src/main/java/com/sellbycar/marketplace/auth/AuthServiceImpl.java +++ b/src/main/java/com/sellbycar/marketplace/auth/AuthServiceImpl.java @@ -26,10 +26,13 @@ public void saveJwtRefreshToken(String email, String jwtRefreshToken) { refreshStorage.put(email, jwtRefreshToken); } - public JwtResponse getJwtAccessToken(@NotNull String refreshToken) { - Authentication authentication = authenticateWithRefreshToken(refreshToken); - String accessToken = jwtUtils.generateJwtToken(authentication); - return new JwtResponse(accessToken, refreshToken); + public JwtResponse getJwtAccessToken(@NotNull String refreshToken) throws AuthException { + if (jwtUtils.validateRefreshToken(refreshToken)) { + Authentication authentication = authenticateWithRefreshToken(refreshToken); + String accessToken = jwtUtils.generateJwtToken(authentication); + return new JwtResponse(accessToken, null); + } + throw new AuthException("Invalid token"); } public JwtResponse getJwtRefreshToken(@NotNull String refreshToken) { diff --git a/src/main/java/com/sellbycar/marketplace/config/SecurityConfig.java b/src/main/java/com/sellbycar/marketplace/config/SecurityConfig.java index a4e4fc0..7fcf9d6 100644 --- a/src/main/java/com/sellbycar/marketplace/config/SecurityConfig.java +++ b/src/main/java/com/sellbycar/marketplace/config/SecurityConfig.java @@ -69,7 +69,6 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .requestMatchers( HttpMethod.POST, "/advertisement", - "/auth/refresh/**", "/image" ) .authenticated() @@ -77,7 +76,6 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { HttpMethod.PUT, "/advertisement/{id}", "/user/me", - "/user/password", "/user/me/photo" ) .authenticated() diff --git a/src/main/java/com/sellbycar/marketplace/user/UserServiceImpl.java b/src/main/java/com/sellbycar/marketplace/user/UserServiceImpl.java index b234f7f..faef10c 100644 --- a/src/main/java/com/sellbycar/marketplace/user/UserServiceImpl.java +++ b/src/main/java/com/sellbycar/marketplace/user/UserServiceImpl.java @@ -91,7 +91,7 @@ public Authentication userAuthentication(UserDAO user) { public void forgotPassword(ForgotPasswordRequest request) { UserDAO user = userRepository.findByEmail(request.getEmail()) .orElseThrow(() -> RequestException.notFound("User not found.")); - user.setUniqueCode(UUID.randomUUID().toString()); + user.setUniqueCode(String.valueOf(new Random().nextInt(999999))); userRepository.save(user); try { mailService.sendResetPasswordMail(user); diff --git a/src/main/resources/db/migration/V0001__init_db.sql b/src/main/resources/db/migration/V0001__init_db.sql index 3cdf7f2..57a1c4a 100644 --- a/src/main/resources/db/migration/V0001__init_db.sql +++ b/src/main/resources/db/migration/V0001__init_db.sql @@ -20,7 +20,7 @@ CREATE TABLE users phone VARCHAR(20), photo BIGINT REFERENCES images (id), enabled BOOLEAN NOT NULL, - unique_code VARCHAR(20) UNIQUE, + unique_code VARCHAR(10) UNIQUE, authorities VARCHAR(20)[] NOT NULL DEFAULT '{}'::VARCHAR(20)[], created_timestamp TIMESTAMP WITH TIME ZONE NOT NULL ); diff --git a/src/main/resources/templates/forgot_password_message_ua.html b/src/main/resources/templates/reset_password_message_ua.html similarity index 100% rename from src/main/resources/templates/forgot_password_message_ua.html rename to src/main/resources/templates/reset_password_message_ua.html