finish back-end sending mail to reset password with the token

Author: JEstebanC

pom.xml

@@ -70,7 +70,12 @@
 			<artifactId>java-jwt</artifactId>
 			<version>3.18.3</version>
 		</dependency>
-
+		
+		<!-- send email -->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-mail</artifactId>
+		</dependency>
 
 	</dependencies>
 

src/main/java/JEstebanC/FastFoodApp/controller/OrdersController.java

@@ -3,7 +3,6 @@
 import java.time.Instant;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
 
 import org.springframework.beans.factory.annotation.Autowired;
@@ -69,8 +68,7 @@ public ResponseEntity<Response> getOrder() {
 //	UPDATE
 	@PreAuthorize("hasRole('ROLE_ADMIN') OR hasRole('ROLE_EMPLOYEE')")
 	@PutMapping(value = "/{id}")
-	public ResponseEntity<Response> updateOrder(@PathVariable("id") Long id, @RequestBody @Valid Orders order,
-			HttpServletRequest request) {
+	public ResponseEntity<Response> updateOrder(@PathVariable("id") Long id, @RequestBody @Valid Orders order) {
 		if (serviceImp.exist(id)) {
 			return ResponseEntity.ok(Response.builder().timeStamp(Instant.now())
 					.data(Map.of("order", serviceImp.update(id, order))).message("Update order with id:" + id)

src/main/java/JEstebanC/FastFoodApp/controller/RecoverPasswordController.java

@@ -0,0 +1,72 @@
+/**
+ * 
+ */
+package JEstebanC.FastFoodApp.controller;
+
+import java.time.Instant;
+import java.util.Map;
+
+import javax.mail.MessagingException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import JEstebanC.FastFoodApp.dto.UserDTO;
+import JEstebanC.FastFoodApp.model.Response;
+import JEstebanC.FastFoodApp.service.UserServiceImp;
+import lombok.RequiredArgsConstructor;
+
+/**
+ * @author Juan Esteban Castaño Holguin castanoesteban9@gmail.com 2022-02-16
+ */
+@RestController
+@RequiredArgsConstructor
+public class RecoverPasswordController {
+
+	@Autowired
+	private final UserServiceImp serviceImp;
+
+	@GetMapping(value = "/recover-password")
+	public ResponseEntity<Response> recoverPassword(HttpServletRequest request, HttpServletResponse response,
+			@RequestParam(name = "email") String email) throws MessagingException {
+		UserDTO user = serviceImp.findByEmail(email);
+		if (user != null) {
+			return ResponseEntity.ok(Response.builder().timeStamp(Instant.now())
+					.data(Map.of("product",
+							serviceImp.sendMail(request, response, email, user.getUsername(), user.getName())))
+					.message("Mail sent").status(HttpStatus.OK).statusCode(HttpStatus.OK.value()).build());
+		} else {
+			return ResponseEntity.ok(Response.builder().timeStamp(Instant.now()).message("The email do not exist")
+					.status(HttpStatus.BAD_REQUEST).statusCode(HttpStatus.BAD_REQUEST.value()).build());
+		}
+	}
+
+	@PostMapping("/reset-password")
+	public ResponseEntity<Response> resetPassword(HttpServletRequest request,
+			@RequestParam(name = "token") String token) {
+		String newPassword = request.getParameter("newPassword");
+		String repeatNewPassword = request.getParameter("repeatNewPassword");
+		if (newPassword.equals(repeatNewPassword)) {
+			String username = serviceImp.validationToken(token);
+			if (username != null) {
+				return ResponseEntity.ok(Response.builder().timeStamp(Instant.now())
+						.data(Map.of("product", serviceImp.updatePasswordClient(username, newPassword)))
+						.message("Create product").status(HttpStatus.OK).statusCode(HttpStatus.OK.value()).build());
+			} else {
+				return ResponseEntity.ok(
+						Response.builder().timeStamp(Instant.now()).message("The Token's Signature resulted invalid!")
+								.status(HttpStatus.UNAUTHORIZED).statusCode(HttpStatus.UNAUTHORIZED.value()).build());
+			}
+		} else {
+			return ResponseEntity.ok(Response.builder().timeStamp(Instant.now()).message("Passwords must be the same")
+					.status(HttpStatus.BAD_REQUEST).statusCode(HttpStatus.BAD_REQUEST.value()).build());
+		}
+	}
+}

src/main/java/JEstebanC/FastFoodApp/controller/RefreshTokenController.java

@@ -1,6 +1,4 @@
-/**
- * 
- */
+
 package JEstebanC.FastFoodApp.controller;
 
 import javax.servlet.http.HttpServletRequest;
@@ -60,14 +58,13 @@ public void refreshToken(HttpServletRequest request, HttpServletResponse respons
 					User user = serviceImp.findByUsername(username);
 
 					String access_token = JWT.create().withSubject(user.getUsername())
-							.withExpiresAt(new Date(System.currentTimeMillis() + 15 * 60 * 1000))
+							.withExpiresAt(new Date(System.currentTimeMillis() + 30 * 60 * 1000))
 							.withIssuer(request.getRequestURL().toString())
 							.withClaim("roles",user.getUserRoles().getAuthority())
 							.sign(algorithm);
 
 					Map<String, String> tokens = new HashMap<>();
 					tokens.put("access_token", access_token);
-					tokens.put("refresh_token", refresh_token);
 					response.setContentType(MimeTypeUtils.APPLICATION_JSON_VALUE);
 					new ObjectMapper().writeValue(response.getOutputStream(), tokens);
 				} else {
@@ -77,10 +74,11 @@ public void refreshToken(HttpServletRequest request, HttpServletResponse respons
 			} catch (Exception e) {
 				log.error("Error logging in AuthorizationFilter: " + e.getMessage());
 				response.setHeader("Error", e.getMessage());
-				response.setStatus(403);
+				response.setStatus(401);
 				Map<String, String> error = new HashMap<>();
 				error.put("error_message", e.getMessage());
 				response.setContentType(MimeTypeUtils.APPLICATION_JSON_VALUE);
+
 				new ObjectMapper().writeValue(response.getOutputStream(), error);
 			}
 
@@ -89,4 +87,4 @@ public void refreshToken(HttpServletRequest request, HttpServletResponse respons
 		}
 	}
 
-}
+}

src/main/java/JEstebanC/FastFoodApp/security/CustomAuthenticationFilter.java

@@ -25,12 +25,10 @@
 import com.auth0.jwt.algorithms.Algorithm;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
-import lombok.extern.slf4j.Slf4j;
 
 /**
  * @author Juan Esteban Castaño Holguin castanoesteban9@gmail.com 2022-02-02
  */
-@Slf4j
 public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
 
 	private final AuthenticationManager authenticationManager;
@@ -45,11 +43,9 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ
 
 		String username = request.getParameter("username");
 		String password = request.getParameter("password");
-
-		log.info("Username is " + username + " Password is " + password);
 		UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username,
 				password);
-
+	
 		return authenticationManager.authenticate(authenticationToken);
 	}
 
@@ -61,15 +57,15 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR
 		Algorithm algorithm = Algorithm.HMAC256(OperationUtil.keyValue().getBytes());
 		String access_token = JWT.create().withSubject(user.getUsername())
 				//give 10 minutes for the token to expire
-				.withExpiresAt(new Date(System.currentTimeMillis() + 30 * 60 * 1000))
+				.withExpiresAt(new Date(System.currentTimeMillis() + 10 * 60 * 1000))
 				.withIssuer(request.getRequestURL().toString())
 				.withClaim("roles",
 						user.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()))
 				.sign(algorithm);
 
 		String refresh_token = JWT.create().withSubject(user.getUsername())
 				//give 30 minutes for the token to expire
-				.withExpiresAt(new Date(System.currentTimeMillis() + 40 * 60 * 1000))
+				.withExpiresAt(new Date(System.currentTimeMillis() + 30 * 60 * 1000))
 				.withIssuer(request.getRequestURL().toString())
 				.withClaim("roles",
 						user.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()))
@@ -80,6 +76,7 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR
 		tokens.put("refresh_token", refresh_token);
 		response.setContentType(MimeTypeUtils.APPLICATION_JSON_VALUE);
 		new ObjectMapper().writeValue(response.getOutputStream(), tokens);
+		
 	}
 
 }

src/main/java/JEstebanC/FastFoodApp/security/CustomAuthorizationFilter.java

@@ -35,46 +35,55 @@
 @Slf4j
 public class CustomAuthorizationFilter extends OncePerRequestFilter {
 
+	
+	
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
 
-		// here is where I start to check if the user has permission
-		String authorizationHeader = request.getHeader(AUTHORIZATION);
-		if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
-			try {
-				// Remove the word Bearer, because we just want the token
-				String token = authorizationHeader.substring("Bearer ".length());
-				// Reference to the keyValue
-				Algorithm algorithm = Algorithm.HMAC256(OperationUtil.keyValue().getBytes());
-				JWTVerifier verifier = JWT.require(algorithm).build();
-				DecodedJWT decodeJWT = verifier.verify(token);
-				
-				String username = decodeJWT.getSubject();
-				
-				String[] roles = decodeJWT.getClaim("roles").asArray(String.class);
-				
-				Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
-				authorities.add(new SimpleGrantedAuthority(roles[0]));
-			
-				UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
-						username, null,authorities);
-				SecurityContextHolder.getContext().setAuthentication(authenticationToken);
-				filterChain.doFilter(request, response);
+		if(request.getServletPath().equals("/api/v1/login/") || request.getServletPath().equals("/api/v1/token-refresh/")) {
+			filterChain.doFilter(request, response);
+		}else {
+			// here is where I start to check if the user has permission
+			String authorizationHeader = request.getHeader(AUTHORIZATION);
+			if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
+				try {
+					// Remove the word Bearer, because we just want the token
+					String token = authorizationHeader.substring("Bearer ".length());
+					// Reference to the keyValue
+					Algorithm algorithm = Algorithm.HMAC256(OperationUtil.keyValue().getBytes());
+					JWTVerifier verifier = JWT.require(algorithm).build();
+					DecodedJWT decodeJWT = verifier.verify(token);
+					
+					String username = decodeJWT.getSubject();
+					
+					String[] roles = decodeJWT.getClaim("roles").asArray(String.class);
+					
+					Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
+					authorities.add(new SimpleGrantedAuthority(roles[0]));
+					
+					UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
+							username, null,authorities);
+					SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+					filterChain.doFilter(request, response);
 
-			} catch (Exception e) {
-				log.error("Error logging in AuthorizationFilter: " + e.getMessage());
-				response.setHeader("Error", e.getMessage());
-				response.setStatus(403);
-				Map<String, String> error = new HashMap<>();
-				error.put("error_message", e.getMessage());
-				response.setContentType("application/json");
-				new ObjectMapper().writeValue(response.getOutputStream(), error);
-			}
+				} catch (Exception e) {
+					log.error("Error logging in AuthorizationFilter: " + e.getMessage());
+					response.setHeader("Error", e.getMessage());
+					response.setStatus(401);
+					Map<String, String> error = new HashMap<>();
+					error.put("error_message", e.getMessage());
+					response.setContentType("application/json");
+					new ObjectMapper().writeValue(response.getOutputStream(), error);
+					
+				}
 
-		} else {
-			filterChain.doFilter(request, response);
+			} else {
+				filterChain.doFilter(request, response);
+			}
 		}
+			
+		
 
 	}
 

src/main/java/JEstebanC/FastFoodApp/security/SecurityConfig.java

@@ -42,7 +42,7 @@ protected void configure(HttpSecurity http) throws Exception {
 		http.csrf().disable();
 		// No session will be created or used by spring security
 		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
-		http.authorizeRequests().antMatchers("/api/v1/login/", "/api/v1/token-refresh/").permitAll();
+		http.authorizeRequests().antMatchers("/api/v1/login/", "/api/v1/token-refresh/", "/api/v1/recover-password/", "/api/v1/reset-password/**").permitAll();
 		http.addFilter(new CustomAuthenticationFilter(authenticationManagerBean()));
 		http.addFilterBefore(new CustomAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
 	}

src/main/java/JEstebanC/FastFoodApp/service/UserServiceImp.java

@@ -5,21 +5,32 @@
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Date;
 import java.util.stream.Collectors;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.transaction.Transactional;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mail.SimpleMailMessage;
+import org.springframework.mail.javamail.JavaMailSender;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTVerifier;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.interfaces.DecodedJWT;
+
 import JEstebanC.FastFoodApp.dto.UserDTO;
 import JEstebanC.FastFoodApp.model.User;
 import JEstebanC.FastFoodApp.repository.IUserRepository;
+import JEstebanC.FastFoodApp.security.OperationUtil;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 
@@ -34,6 +45,8 @@ public class UserServiceImp implements IUserService, UserDetailsService {
 	@Autowired
 	private IUserRepository userRepository;
 	private final BCryptPasswordEncoder bCryptPasswordEncoder;
+	@Autowired
+	private JavaMailSender javaMailSender;
 
 	@Override
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
@@ -88,6 +101,27 @@ public User updateClient(User user, long id) {
 		return userRepository.save(userOld);
 	}
 
+	public String validationToken(String token) {
+		try {
+			Algorithm algorithm = Algorithm.HMAC256(OperationUtil.keyValue().getBytes());
+			JWTVerifier verifier = JWT.require(algorithm).build();
+			DecodedJWT decodeJWT = verifier.verify(token);
+			String username = decodeJWT.getSubject();
+			return username;
+		} catch (Exception e) {
+			log.error("Error logging in AuthorizationFilter: " + e.getMessage());
+		}
+		return null;
+	}
+
+	public User updatePasswordClient(String username, String password) {
+		log.info("Updating password username: " + username);
+		User user = userRepository.findByUsername(username);
+
+		user.setPassword(bCryptPasswordEncoder.encode(password));
+		return userRepository.save(user);
+	}
+
 	@Override
 	public Boolean delete(Long iduser) {
 		log.info("Deleting the user with id: " + iduser);
@@ -153,4 +187,27 @@ public User findByUsername(String username) {
 
 	}
 
+	public Boolean sendMail(HttpServletRequest request, HttpServletResponse response, String email, String userName,
+			String name) {
+
+		// Reference to the keyValue
+		Algorithm algorithm = Algorithm.HMAC256(OperationUtil.keyValue().getBytes());
+		String token = JWT.create().withSubject(userName)
+				// give 10 minutes for the token to expire
+				.withExpiresAt(new Date(System.currentTimeMillis() + 20 * 60 * 1000))
+				.withIssuer(request.getRequestURL().toString()).sign(algorithm);
+
+		SimpleMailMessage message = new SimpleMailMessage();
+		message.setTo(email);
+
+		message.setSubject("Burger App");
+		String html = "Hola " + name + "! \n" + "¿olvidaste tu contraseña? \n"
+				+ "Recibimos una petición para restablecer tu contraseña\n"
+				+ "Para restablecer tu contraseña por favor presiona clic en el siguiente enlace \n"
+				+ "http://localhost:8081/api/v1/reset-password?token=" + token;
+		message.setText(html);
+		javaMailSender.send(message);
+		return true;
+	}
+
 }