From 3bc9a9281392bac3d84cd85b31f539b2f777655d Mon Sep 17 00:00:00 2001 From: Carolina Lopez Date: Tue, 6 May 2025 10:11:15 -0500 Subject: [PATCH 01/11] Fix build.gradle --- build.gradle | 10 ++++------ gradle/wrapper/gradle-wrapper.properties | 4 ++-- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/build.gradle b/build.gradle index 9c12013..f9fcb82 100644 --- a/build.gradle +++ b/build.gradle @@ -1,17 +1,15 @@ plugins { id 'java' - id 'org.gretty' version '3.0.4' + id 'org.gretty' version '4.1.6' id 'idea' id 'war' id 'groovy' - id 'com.github.joselion.pretty-jupiter' version '1.3.4' } sourceCompatibility = 1.8 targetCompatibility = 1.8 ext['springBootVer'] = '2.2.6.RELEASE' - repositories { jcenter() } @@ -19,7 +17,7 @@ repositories { gretty { springBootVersion = '2.2.6.RELEASE' springBoot = true - servletContainer = 'jetty9.4' + servletContainer = 'jetty11' contextPath = '' } @@ -61,8 +59,8 @@ dependencies { test { useJUnitPlatform() reports { - junitXml.enabled = false - html.enabled = false + junitXml.required = false + html.required = false } testLogging { exceptionFormat = "full" diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 6970548..e839e01 100755 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ -#Thu Dec 17 10:00:49 ECT 2015 +#Tue May 06 10:00:42 ECT 2025 distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-6.2.2-bin.zip From f0d6ed130319e4ed2cb4ee314ae5f3bf531d794a Mon Sep 17 00:00:00 2001 From: Carolina Lopez Date: Tue, 6 May 2025 15:53:10 -0500 Subject: [PATCH 02/11] Upgrade --- .github/workflows/gradle.yml | 4 ++-- build.gradle | 17 ++++++++--------- .../controllers/LoginController.java | 6 +++--- .../PhoneVerificationController.java | 2 +- .../controllers/RegisterController.java | 4 ++-- .../controllers/TokenController.java | 4 ++-- .../accountsecurity/filters/TwoFAFilter.java | 8 ++++---- .../services/PhoneVerificationService.java | 2 +- .../controllers/RegisterControllerSpec.groovy | 4 ++-- .../controllers/TokenControllerSpec.groovy | 4 ++-- 10 files changed, 27 insertions(+), 28 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index f89f354..898a4e1 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -20,10 +20,10 @@ jobs: steps: - uses: actions/checkout@v2 - - name: Set up JDK 11 + - name: Set up JDK 17 uses: actions/setup-java@v1 with: - java-version: 11.0 + java-version: 17.0 - name: Grant execute permission for gradlew run: chmod +x gradlew - name: Build with Gradle diff --git a/build.gradle b/build.gradle index f9fcb82..71c0cff 100644 --- a/build.gradle +++ b/build.gradle @@ -6,16 +6,14 @@ plugins { id 'groovy' } -sourceCompatibility = 1.8 -targetCompatibility = 1.8 -ext['springBootVer'] = '2.2.6.RELEASE' +ext['springBootVer'] = '2.7.18' repositories { - jcenter() + mavenCentral() } gretty { - springBootVersion = '2.2.6.RELEASE' + springBootVersion = '2.7.18' springBoot = true servletContainer = 'jetty11' contextPath = '' @@ -26,16 +24,17 @@ configurations { } dependencies { - implementation(group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1') - implementation(group: 'javax.el', name:'javax.el-api', version:'3.0.0') + implementation(group: 'jakarta.xml.bind', name: 'jakarta.xml.bind-api', version: '4.0.2') + implementation(group: 'jakarta.servlet', name:'jakarta.servlet-api', version:'6.1.0') // Spring implementation(group:'org.springframework.boot', name:'spring-boot-starter-data-jpa', version:"${springBootVer}") implementation(group:'org.springframework.boot', name:'spring-boot-starter-security', version:"${springBootVer}") + implementation(group:'org.springframework.boot', name:'spring-boot-starter-validation', version:"${springBootVer}") implementation(group:'net.rakugakibox.spring.boot', name:'logback-access-spring-boot-starter', version:'2.11.0') implementation(group:'com.authy', name:'authy-java', version:'1.5.1') - implementation(group:'com.twilio.sdk', name:'twilio', version:'8.31.1') + implementation(group:'com.twilio.sdk', name:'twilio', version:'10.6.8') implementation(group:'org.xerial', name:'sqlite-jdbc', version:'3.41.2.2') testImplementation(group: 'junit', name:'junit', version:'4.13.2') @@ -65,4 +64,4 @@ test { testLogging { exceptionFormat = "full" } -} \ No newline at end of file +} diff --git a/src/main/java/com/twilio/accountsecurity/controllers/LoginController.java b/src/main/java/com/twilio/accountsecurity/controllers/LoginController.java index 1127774..1329f49 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/LoginController.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/LoginController.java @@ -11,9 +11,9 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import javax.validation.Valid; import java.io.IOException; diff --git a/src/main/java/com/twilio/accountsecurity/controllers/PhoneVerificationController.java b/src/main/java/com/twilio/accountsecurity/controllers/PhoneVerificationController.java index fdf7abc..05806f4 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/PhoneVerificationController.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/PhoneVerificationController.java @@ -11,7 +11,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import javax.servlet.http.HttpSession; +import jakarta.servlet.http.HttpSession; import javax.validation.Valid; @RestController diff --git a/src/main/java/com/twilio/accountsecurity/controllers/RegisterController.java b/src/main/java/com/twilio/accountsecurity/controllers/RegisterController.java index 4a339f6..12478cc 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/RegisterController.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/RegisterController.java @@ -15,8 +15,8 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; import javax.validation.Valid; @RestController diff --git a/src/main/java/com/twilio/accountsecurity/controllers/TokenController.java b/src/main/java/com/twilio/accountsecurity/controllers/TokenController.java index 8c1b250..b7651c7 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/TokenController.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/TokenController.java @@ -12,8 +12,8 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpSession; import javax.validation.Valid; @RestController diff --git a/src/main/java/com/twilio/accountsecurity/filters/TwoFAFilter.java b/src/main/java/com/twilio/accountsecurity/filters/TwoFAFilter.java index e689012..e0a6870 100644 --- a/src/main/java/com/twilio/accountsecurity/filters/TwoFAFilter.java +++ b/src/main/java/com/twilio/accountsecurity/filters/TwoFAFilter.java @@ -3,10 +3,10 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.web.filter.OncePerRequestFilter; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; public class TwoFAFilter extends OncePerRequestFilter { diff --git a/src/main/java/com/twilio/accountsecurity/services/PhoneVerificationService.java b/src/main/java/com/twilio/accountsecurity/services/PhoneVerificationService.java index 97ad8ba..0b431b5 100644 --- a/src/main/java/com/twilio/accountsecurity/services/PhoneVerificationService.java +++ b/src/main/java/com/twilio/accountsecurity/services/PhoneVerificationService.java @@ -35,7 +35,7 @@ public void start(String phoneNumber, String via) { } public VerificationCheckCreator getVerificationCheckCreator(String verificationSid, String phoneNumber, String token) { - return VerificationCheck.creator(verificationSid, token).setTo(phoneNumber); + return VerificationCheck.creator(verificationSid).setTo(phoneNumber); } public void verify(String phoneNumber, String token) { diff --git a/src/test/groovy/com/twilio/accountsecurity/controllers/RegisterControllerSpec.groovy b/src/test/groovy/com/twilio/accountsecurity/controllers/RegisterControllerSpec.groovy index 64b2a83..27d3ff2 100644 --- a/src/test/groovy/com/twilio/accountsecurity/controllers/RegisterControllerSpec.groovy +++ b/src/test/groovy/com/twilio/accountsecurity/controllers/RegisterControllerSpec.groovy @@ -7,8 +7,8 @@ import org.springframework.test.web.servlet.MockMvc import spock.lang.Specification import spock.lang.Subject -import javax.servlet.ServletException -import javax.servlet.http.HttpServletRequest +import jakarta.servlet.ServletException +import jakarta.servlet.http.HttpServletRequest import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup diff --git a/src/test/groovy/com/twilio/accountsecurity/controllers/TokenControllerSpec.groovy b/src/test/groovy/com/twilio/accountsecurity/controllers/TokenControllerSpec.groovy index f464a02..e0cc2fd 100644 --- a/src/test/groovy/com/twilio/accountsecurity/controllers/TokenControllerSpec.groovy +++ b/src/test/groovy/com/twilio/accountsecurity/controllers/TokenControllerSpec.groovy @@ -7,8 +7,8 @@ import org.springframework.test.web.servlet.MockMvc import spock.lang.Specification import spock.lang.Subject -import javax.servlet.http.HttpServletRequest -import javax.servlet.http.HttpSession +import jakarta.servlet.http.HttpServletRequest +import jakarta.servlet.http.HttpSession import java.security.Principal import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post From fda1e7780e47b67b899591e0a588451ba6b90981 Mon Sep 17 00:00:00 2001 From: Carolina Lopez Date: Tue, 6 May 2025 22:22:37 -0500 Subject: [PATCH 03/11] remove unused and deprecaded war --- build.gradle | 1 - 1 file changed, 1 deletion(-) diff --git a/build.gradle b/build.gradle index 71c0cff..8c2b3d4 100644 --- a/build.gradle +++ b/build.gradle @@ -2,7 +2,6 @@ plugins { id 'java' id 'org.gretty' version '4.1.6' id 'idea' - id 'war' id 'groovy' } From 776bfaf16aa971eae4676d50583f26de749ad6d6 Mon Sep 17 00:00:00 2001 From: Carolina Lopez Date: Wed, 7 May 2025 00:18:31 -0500 Subject: [PATCH 04/11] Fixes --- build.gradle | 10 +- .../accountsecurity/config/SQLiteDialect.java | 161 ------------------ .../config/WebSecurityConfig.java | 32 ++-- .../controllers/LoginController.java | 2 +- .../PhoneVerificationController.java | 2 +- .../controllers/RegisterController.java | 2 +- .../controllers/TokenController.java | 2 +- .../controllers/requests/LoginRequest.java | 2 +- .../PhoneVerificationStartRequest.java | 2 +- .../PhoneVerificationVerifyRequest.java | 2 +- .../requests/UserRegisterRequest.java | 2 +- .../requests/VerifyTokenRequest.java | 2 +- .../accountsecurity/models/UserModel.java | 10 +- 13 files changed, 33 insertions(+), 198 deletions(-) delete mode 100644 src/main/java/com/twilio/accountsecurity/config/SQLiteDialect.java diff --git a/build.gradle b/build.gradle index 8c2b3d4..5e7348e 100644 --- a/build.gradle +++ b/build.gradle @@ -1,18 +1,24 @@ plugins { + id 'org.springframework.boot' version '3.3.2' id 'java' id 'org.gretty' version '4.1.6' id 'idea' id 'groovy' } -ext['springBootVer'] = '2.7.18' +java { + sourceCompatibility = JavaVersion.VERSION_17 + targetCompatibility = JavaVersion.VERSION_17 +} + +ext['springBootVer'] = '3.3.2' repositories { mavenCentral() } gretty { - springBootVersion = '2.7.18' + springBootVersion = '3.3.2' springBoot = true servletContainer = 'jetty11' contextPath = '' diff --git a/src/main/java/com/twilio/accountsecurity/config/SQLiteDialect.java b/src/main/java/com/twilio/accountsecurity/config/SQLiteDialect.java deleted file mode 100644 index 1fc2046..0000000 --- a/src/main/java/com/twilio/accountsecurity/config/SQLiteDialect.java +++ /dev/null @@ -1,161 +0,0 @@ -package com.twilio.accountsecurity.config; - -import java.sql.Types; - -import org.hibernate.dialect.Dialect; -import org.hibernate.dialect.function.SQLFunctionTemplate; -import org.hibernate.dialect.function.StandardSQLFunction; -import org.hibernate.dialect.function.VarArgsSQLFunction; -import org.hibernate.dialect.identity.IdentityColumnSupport; -import org.hibernate.type.StringType; - -public class SQLiteDialect extends Dialect { - public SQLiteDialect() { - registerColumnType(Types.BIT, "integer"); - registerColumnType(Types.TINYINT, "tinyint"); - registerColumnType(Types.SMALLINT, "smallint"); - registerColumnType(Types.INTEGER, "integer"); - registerColumnType(Types.BIGINT, "bigint"); - registerColumnType(Types.FLOAT, "float"); - registerColumnType(Types.REAL, "real"); - registerColumnType(Types.DOUBLE, "double"); - registerColumnType(Types.NUMERIC, "numeric"); - registerColumnType(Types.DECIMAL, "decimal"); - registerColumnType(Types.CHAR, "char"); - registerColumnType(Types.VARCHAR, "varchar"); - registerColumnType(Types.LONGVARCHAR, "longvarchar"); - registerColumnType(Types.DATE, "date"); - registerColumnType(Types.TIME, "time"); - registerColumnType(Types.TIMESTAMP, "timestamp"); - registerColumnType(Types.BINARY, "blob"); - registerColumnType(Types.VARBINARY, "blob"); - registerColumnType(Types.LONGVARBINARY, "blob"); - // registerColumnType(Types.NULL, "null"); - registerColumnType(Types.BLOB, "blob"); - registerColumnType(Types.CLOB, "clob"); - registerColumnType(Types.BOOLEAN, "integer"); - - registerFunction("concat", new VarArgsSQLFunction(StringType.INSTANCE, "", "||", "")); - registerFunction("mod", new SQLFunctionTemplate(StringType.INSTANCE, "?1 % ?2")); - registerFunction("substr", new StandardSQLFunction("substr", StringType.INSTANCE)); - registerFunction("substring", new StandardSQLFunction("substr", StringType.INSTANCE)); - } - - public boolean supportsIdentityColumns() { - return true; - } - - /* - public boolean supportsInsertSelectIdentity() { - return true; // As specify in NHibernate dialect - } - */ - - public boolean hasDataTypeInIdentityColumn() { - return false; // As specify in NHibernate dialect - } - - /* - public String appendIdentitySelectToInsert(String insertString) { - return new StringBuffer(insertString.length()+30). // As specify in NHibernate dialect - append(insertString). - append("; ").append(getIdentitySelectString()). - toString(); - } - */ - - public String getIdentityColumnString() { - // return "integer primary key autoincrement"; - return "integer"; - } - - public String getIdentitySelectString() { - return "select last_insert_rowid()"; - } - - public boolean supportsLimit() { - return true; - } - - protected String getLimitString(String query, boolean hasOffset) { - return new StringBuffer(query.length() + 20). - append(query). - append(hasOffset ? " limit ? offset ?" : " limit ?"). - toString(); - } - - public boolean supportsTemporaryTables() { - return true; - } - - public String getCreateTemporaryTableString() { - return "create temporary table if not exists"; - } - - public boolean dropTemporaryTableAfterUse() { - return false; - } - - public boolean supportsCurrentTimestampSelection() { - return true; - } - - public boolean isCurrentTimestampSelectStringCallable() { - return false; - } - - public String getCurrentTimestampSelectString() { - return "select current_timestamp"; - } - - public boolean supportsUnionAll() { - return true; - } - - public boolean hasAlterTable() { - return false; // As specify in NHibernate dialect - } - - public boolean dropConstraints() { - return false; - } - - public String getAddColumnString() { - return "add column"; - } - - public String getForUpdateString() { - return ""; - } - - public boolean supportsOuterJoinForUpdate() { - return false; - } - - public String getDropForeignKeyString() { - throw new UnsupportedOperationException("No drop foreign key syntax supported by SQLiteDialect"); - } - - public String getAddForeignKeyConstraintString(String constraintName, - String[] foreignKey, String referencedTable, String[] primaryKey, - boolean referencesPrimaryKey) { - throw new UnsupportedOperationException("No add foreign key syntax supported by SQLiteDialect"); - } - - public String getAddPrimaryKeyConstraintString(String constraintName) { - throw new UnsupportedOperationException("No add primary key syntax supported by SQLiteDialect"); - } - - public boolean supportsIfExistsBeforeTableName() { - return true; - } - - public boolean supportsCascadeDelete() { - return false; - } - - @Override - public IdentityColumnSupport getIdentityColumnSupport() { - return new SQLiteIdentityColumnSupport(); - } -} \ No newline at end of file diff --git a/src/main/java/com/twilio/accountsecurity/config/WebSecurityConfig.java b/src/main/java/com/twilio/accountsecurity/config/WebSecurityConfig.java index 8c3b4fa..74269b6 100644 --- a/src/main/java/com/twilio/accountsecurity/config/WebSecurityConfig.java +++ b/src/main/java/com/twilio/accountsecurity/config/WebSecurityConfig.java @@ -6,39 +6,29 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @Configuration -@EnableWebSecurity -public class WebSecurityConfig extends WebSecurityConfigurerAdapter { - - @Override - protected void configure(HttpSecurity http) throws Exception { - http.addFilterAfter(new TwoFAFilter(), UsernamePasswordAuthenticationFilter.class) - .csrf().disable().authorizeRequests() - .antMatchers("/protected/**", "/2fa/**").authenticated() - .antMatchers("/", "/register/**", "/api/**", "/**.js", "/**.html").permitAll() - .and() - .logout().permitAll(); - } +public class WebSecurityConfig { @Autowired private UserDetailsServiceImpl userDetailsService; - @Autowired private PasswordEncoder encoder; - @Override - protected void configure(AuthenticationManagerBuilder auth) - throws Exception { - auth.userDetailsService(userDetailsService); - auth.authenticationProvider(authProvider()); + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http + .addFilterAfter(new TwoFAFilter(), UsernamePasswordAuthenticationFilter.class) + .authorizeHttpRequests((authz) -> authz + .requestMatchers("/protected/**", "/2fa/**").authenticated() + .requestMatchers("/", "/register/**", "/api/**", "/**.js", "/**.html").permitAll() + ); + return http.build(); } @Bean diff --git a/src/main/java/com/twilio/accountsecurity/controllers/LoginController.java b/src/main/java/com/twilio/accountsecurity/controllers/LoginController.java index 1329f49..9c7eaef 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/LoginController.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/LoginController.java @@ -14,7 +14,7 @@ import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -import javax.validation.Valid; +import jakarta.validation.Valid; import java.io.IOException; @RestController diff --git a/src/main/java/com/twilio/accountsecurity/controllers/PhoneVerificationController.java b/src/main/java/com/twilio/accountsecurity/controllers/PhoneVerificationController.java index 05806f4..ac0db68 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/PhoneVerificationController.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/PhoneVerificationController.java @@ -12,7 +12,7 @@ import org.springframework.web.bind.annotation.RestController; import jakarta.servlet.http.HttpSession; -import javax.validation.Valid; +import jakarta.validation.Valid; @RestController @RequestMapping(path = "/api/phone-verification") diff --git a/src/main/java/com/twilio/accountsecurity/controllers/RegisterController.java b/src/main/java/com/twilio/accountsecurity/controllers/RegisterController.java index 12478cc..33516dd 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/RegisterController.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/RegisterController.java @@ -17,7 +17,7 @@ import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; -import javax.validation.Valid; +import jakarta.validation.Valid; @RestController public class RegisterController { diff --git a/src/main/java/com/twilio/accountsecurity/controllers/TokenController.java b/src/main/java/com/twilio/accountsecurity/controllers/TokenController.java index b7651c7..9d1657f 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/TokenController.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/TokenController.java @@ -14,7 +14,7 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpSession; -import javax.validation.Valid; +import jakarta.validation.Valid; @RestController @RequestMapping(value = "/api/token") diff --git a/src/main/java/com/twilio/accountsecurity/controllers/requests/LoginRequest.java b/src/main/java/com/twilio/accountsecurity/controllers/requests/LoginRequest.java index d064b83..fa7b925 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/requests/LoginRequest.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/requests/LoginRequest.java @@ -1,6 +1,6 @@ package com.twilio.accountsecurity.controllers.requests; -import javax.validation.constraints.NotNull; +import jakarta.validation.constraints.NotNull; public class LoginRequest { diff --git a/src/main/java/com/twilio/accountsecurity/controllers/requests/PhoneVerificationStartRequest.java b/src/main/java/com/twilio/accountsecurity/controllers/requests/PhoneVerificationStartRequest.java index 1b72035..63e7005 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/requests/PhoneVerificationStartRequest.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/requests/PhoneVerificationStartRequest.java @@ -1,6 +1,6 @@ package com.twilio.accountsecurity.controllers.requests; -import javax.validation.constraints.NotNull; +import jakarta.validation.constraints.NotNull; public class PhoneVerificationStartRequest { diff --git a/src/main/java/com/twilio/accountsecurity/controllers/requests/PhoneVerificationVerifyRequest.java b/src/main/java/com/twilio/accountsecurity/controllers/requests/PhoneVerificationVerifyRequest.java index ea5354f..32b1840 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/requests/PhoneVerificationVerifyRequest.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/requests/PhoneVerificationVerifyRequest.java @@ -1,6 +1,6 @@ package com.twilio.accountsecurity.controllers.requests; -import javax.validation.constraints.NotNull; +import jakarta.validation.constraints.NotNull; public class PhoneVerificationVerifyRequest { @NotNull diff --git a/src/main/java/com/twilio/accountsecurity/controllers/requests/UserRegisterRequest.java b/src/main/java/com/twilio/accountsecurity/controllers/requests/UserRegisterRequest.java index 25840d7..c84839b 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/requests/UserRegisterRequest.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/requests/UserRegisterRequest.java @@ -2,7 +2,7 @@ import com.twilio.accountsecurity.models.UserModel; -import javax.validation.constraints.NotNull; +import jakarta.validation.constraints.NotNull; public class UserRegisterRequest { @NotNull diff --git a/src/main/java/com/twilio/accountsecurity/controllers/requests/VerifyTokenRequest.java b/src/main/java/com/twilio/accountsecurity/controllers/requests/VerifyTokenRequest.java index ebfd97f..331e3cc 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/requests/VerifyTokenRequest.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/requests/VerifyTokenRequest.java @@ -1,6 +1,6 @@ package com.twilio.accountsecurity.controllers.requests; -import javax.validation.constraints.NotNull; +import jakarta.validation.constraints.NotNull; public class VerifyTokenRequest { diff --git a/src/main/java/com/twilio/accountsecurity/models/UserModel.java b/src/main/java/com/twilio/accountsecurity/models/UserModel.java index db0eea3..905862b 100644 --- a/src/main/java/com/twilio/accountsecurity/models/UserModel.java +++ b/src/main/java/com/twilio/accountsecurity/models/UserModel.java @@ -1,11 +1,11 @@ package com.twilio.accountsecurity.models; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Table; +import jakarta.persistence.Entity; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.Table; @Entity @Table(name = "User") From 2ffae1bcbe1aff5cfa9ce7d0afd4101a4f34451a Mon Sep 17 00:00:00 2001 From: Carolina Lopez Date: Wed, 7 May 2025 10:55:29 -0500 Subject: [PATCH 05/11] Latest fixes :corssed_fingers: --- build.gradle | 7 ++++--- .../controllers/PhoneVerificationController.java | 2 +- .../controllers/PhoneVerificationControllerSpec.groovy | 9 ++++----- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/build.gradle b/build.gradle index 5e7348e..c60c99e 100644 --- a/build.gradle +++ b/build.gradle @@ -45,7 +45,7 @@ dependencies { testImplementation(group: 'junit', name:'junit', version:'4.13.2') testImplementation(group:'org.springframework.boot', name:'spring-boot-starter-test', version:"${springBootVer}") // Groovy - testImplementation (group: 'org.apache.groovy', name: 'groovy-all', version: '4.0.15', ext: 'pom') + testImplementation (group: 'org.apache.groovy', name: 'groovy-all', version: '4.0.26', ext: 'pom') // Constraints constraints { @@ -55,9 +55,10 @@ dependencies { } // Spock - testImplementation(group:'org.spockframework', name:'spock-core', version:'2.0-M4-groovy-3.0') - testImplementation(group:'org.spockframework', name:'spock-spring', version:'2.0-M4-groovy-3.0') + testImplementation(group:'org.spockframework', name:'spock-core', version:'2.4-M6-groovy-4.0') + testImplementation(group:'org.spockframework', name:'spock-spring', version:'2.4-M6-groovy-4.0') testRuntimeOnly(group:'cglib', name:'cglib-nodep', version:'3.3.0') + testRuntimeOnly('org.junit.platform:junit-platform-launcher') } test { diff --git a/src/main/java/com/twilio/accountsecurity/controllers/PhoneVerificationController.java b/src/main/java/com/twilio/accountsecurity/controllers/PhoneVerificationController.java index ac0db68..7715326 100644 --- a/src/main/java/com/twilio/accountsecurity/controllers/PhoneVerificationController.java +++ b/src/main/java/com/twilio/accountsecurity/controllers/PhoneVerificationController.java @@ -26,7 +26,7 @@ public PhoneVerificationController(PhoneVerificationService phoneVerificationSer } @RequestMapping(path = "start", method = RequestMethod.POST, - consumes = MediaType.APPLICATION_JSON_UTF8_VALUE) + consumes = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity start(@Valid @RequestBody PhoneVerificationStartRequest requestBody) { return runWithCatch(() -> { phoneVerificationService.start( diff --git a/src/test/groovy/com/twilio/accountsecurity/controllers/PhoneVerificationControllerSpec.groovy b/src/test/groovy/com/twilio/accountsecurity/controllers/PhoneVerificationControllerSpec.groovy index bed92ca..37583af 100644 --- a/src/test/groovy/com/twilio/accountsecurity/controllers/PhoneVerificationControllerSpec.groovy +++ b/src/test/groovy/com/twilio/accountsecurity/controllers/PhoneVerificationControllerSpec.groovy @@ -1,6 +1,5 @@ package com.twilio.accountsecurity.controllers -import com.fasterxml.jackson.core.JsonFactoryBuilder import com.twilio.accountsecurity.controllers.requests.PhoneVerificationStartRequest import com.twilio.accountsecurity.controllers.requests.PhoneVerificationVerifyRequest import com.twilio.accountsecurity.exceptions.PhoneVerificationException @@ -37,7 +36,7 @@ class PhoneVerificationControllerSpec extends Specification { when: def response = mockMvc.perform(post('/api/phone-verification/start') .content(requestBody) - .contentType(MediaType.APPLICATION_JSON_UTF8)) + .contentType(MediaType.APPLICATION_JSON)) .andReturn().response then: @@ -55,7 +54,7 @@ class PhoneVerificationControllerSpec extends Specification { when: def response = mockMvc.perform(post('/api/phone-verification/start') .content(requestBody) - .contentType(MediaType.APPLICATION_JSON_UTF8)) + .contentType(MediaType.APPLICATION_JSON)) .andReturn().response then: @@ -73,7 +72,7 @@ class PhoneVerificationControllerSpec extends Specification { mockMvc .perform(post('/api/phone-verification/verify') .content(requestBody) - .contentType(MediaType.APPLICATION_JSON_UTF8)) + .contentType(MediaType.APPLICATION_JSON)) .andExpect(status().isOk()) .andExpect(request().sessionAttribute("ph_verified", true)) } @@ -89,7 +88,7 @@ class PhoneVerificationControllerSpec extends Specification { when: def response = mockMvc.perform(post('/api/phone-verification/verify') .content(requestBody) - .contentType(MediaType.APPLICATION_JSON_UTF8)) + .contentType(MediaType.APPLICATION_JSON)) .andReturn().response then: From debd91420cf19169d3d21a76fc9f11604366fb43 Mon Sep 17 00:00:00 2001 From: Carolina Lopez Date: Wed, 7 May 2025 11:14:55 -0500 Subject: [PATCH 06/11] Latest versions (dependabot) --- build.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index c60c99e..a930ba9 100644 --- a/build.gradle +++ b/build.gradle @@ -39,8 +39,8 @@ dependencies { implementation(group:'net.rakugakibox.spring.boot', name:'logback-access-spring-boot-starter', version:'2.11.0') implementation(group:'com.authy', name:'authy-java', version:'1.5.1') - implementation(group:'com.twilio.sdk', name:'twilio', version:'10.6.8') - implementation(group:'org.xerial', name:'sqlite-jdbc', version:'3.41.2.2') + implementation(group:'com.twilio.sdk', name:'twilio', version:'10.8.0') + implementation(group:'org.xerial', name:'sqlite-jdbc', version:'3.49.1.0') testImplementation(group: 'junit', name:'junit', version:'4.13.2') testImplementation(group:'org.springframework.boot', name:'spring-boot-starter-test', version:"${springBootVer}") From b8cce58e4d30d08555605413a8b6d63232ce0057 Mon Sep 17 00:00:00 2001 From: Carolina Lopez Date: Wed, 7 May 2025 11:46:34 -0500 Subject: [PATCH 07/11] Revert not needed changes --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index a930ba9..7bffb3b 100644 --- a/build.gradle +++ b/build.gradle @@ -1,9 +1,9 @@ plugins { - id 'org.springframework.boot' version '3.3.2' id 'java' id 'org.gretty' version '4.1.6' id 'idea' id 'groovy' + id 'io.github.joselion.pretty-jupiter' version '3.5.0' } java { From e412ecca9a7d7eacd642b7374d2a177c70c14aec Mon Sep 17 00:00:00 2001 From: Carolina Lopez Date: Wed, 7 May 2025 12:05:22 -0500 Subject: [PATCH 08/11] Use SQLDialiect form hibernate --- build.gradle | 2 ++ src/main/resources/application.properties | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 7bffb3b..c12a1c7 100644 --- a/build.gradle +++ b/build.gradle @@ -38,6 +38,8 @@ dependencies { implementation(group:'org.springframework.boot', name:'spring-boot-starter-validation', version:"${springBootVer}") implementation(group:'net.rakugakibox.spring.boot', name:'logback-access-spring-boot-starter', version:'2.11.0') + implementation group: 'org.hibernate.orm', name: 'hibernate-community-dialects', version: '6.6.13.Final' + implementation(group:'com.authy', name:'authy-java', version:'1.5.1') implementation(group:'com.twilio.sdk', name:'twilio', version:'10.8.0') implementation(group:'org.xerial', name:'sqlite-jdbc', version:'3.49.1.0') diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index d867643..6a68ad7 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,4 +1,4 @@ -spring.jpa.database-platform=com.twilio.accountsecurity.config.SQLiteDialect +spring.jpa.database-platform=org.hibernate.community.dialect.SQLiteDialect #spring.jpa.hibernate.ddl-auto=create-drop spring.jpa.hibernate.ddl-auto=update spring.jpa.show-sql=true From 31c77d50b5c77e3a4ffadc5597da51feed17ce2c Mon Sep 17 00:00:00 2001 From: Carolina Lopez Date: Wed, 7 May 2025 15:52:05 -0500 Subject: [PATCH 09/11] Spring new version manages servlet --- Makefile | 2 +- build.gradle | 30 +++++++++---------- .../config/WebSecurityConfig.java | 2 ++ 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index 16db6aa..dc8c54a 100644 --- a/Makefile +++ b/Makefile @@ -4,4 +4,4 @@ install: ./gradlew build serve: - ./gradlew appRun + ./gradlew bootRun diff --git a/build.gradle b/build.gradle index c12a1c7..6141129 100644 --- a/build.gradle +++ b/build.gradle @@ -1,41 +1,38 @@ plugins { id 'java' - id 'org.gretty' version '4.1.6' + id 'io.spring.dependency-management' version '1.1.7' + id 'org.springframework.boot' version '3.3.11' id 'idea' id 'groovy' id 'io.github.joselion.pretty-jupiter' version '3.5.0' } java { + toolchain { + languageVersion = JavaLanguageVersion.of(17) + } sourceCompatibility = JavaVersion.VERSION_17 targetCompatibility = JavaVersion.VERSION_17 } -ext['springBootVer'] = '3.3.2' - repositories { mavenCentral() } -gretty { - springBootVersion = '3.3.2' - springBoot = true - servletContainer = 'jetty11' - contextPath = '' -} - configurations { providedRuntime } dependencies { implementation(group: 'jakarta.xml.bind', name: 'jakarta.xml.bind-api', version: '4.0.2') - implementation(group: 'jakarta.servlet', name:'jakarta.servlet-api', version:'6.1.0') + providedRuntime(group: 'jakarta.servlet', name:'jakarta.servlet-api', version:'6.1.0') // Spring - implementation(group:'org.springframework.boot', name:'spring-boot-starter-data-jpa', version:"${springBootVer}") - implementation(group:'org.springframework.boot', name:'spring-boot-starter-security', version:"${springBootVer}") - implementation(group:'org.springframework.boot', name:'spring-boot-starter-validation', version:"${springBootVer}") + implementation 'org.springframework.boot:spring-boot-starter-data-jpa' + implementation 'org.springframework.boot:spring-boot-starter-security' + implementation 'org.springframework.boot:spring-boot-starter-validation' + implementation 'org.springframework.boot:spring-boot-starter-web' + implementation(group:'net.rakugakibox.spring.boot', name:'logback-access-spring-boot-starter', version:'2.11.0') implementation group: 'org.hibernate.orm', name: 'hibernate-community-dialects', version: '6.6.13.Final' @@ -43,9 +40,12 @@ dependencies { implementation(group:'com.authy', name:'authy-java', version:'1.5.1') implementation(group:'com.twilio.sdk', name:'twilio', version:'10.8.0') implementation(group:'org.xerial', name:'sqlite-jdbc', version:'3.49.1.0') + implementation 'org.springframework.boot:spring-boot-starter-actuator' testImplementation(group: 'junit', name:'junit', version:'4.13.2') - testImplementation(group:'org.springframework.boot', name:'spring-boot-starter-test', version:"${springBootVer}") + testImplementation 'org.springframework.boot:spring-boot-starter-test' + testImplementation 'org.springframework.security:spring-security-test' + // Groovy testImplementation (group: 'org.apache.groovy', name: 'groovy-all', version: '4.0.26', ext: 'pom') diff --git a/src/main/java/com/twilio/accountsecurity/config/WebSecurityConfig.java b/src/main/java/com/twilio/accountsecurity/config/WebSecurityConfig.java index 74269b6..0a9b9fe 100644 --- a/src/main/java/com/twilio/accountsecurity/config/WebSecurityConfig.java +++ b/src/main/java/com/twilio/accountsecurity/config/WebSecurityConfig.java @@ -7,12 +7,14 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @Configuration +@EnableWebSecurity public class WebSecurityConfig { @Autowired From bd0e01b1291b6b28d0b36e51ffdf4f2a57ed47e4 Mon Sep 17 00:00:00 2001 From: Carolina Lopez Date: Wed, 7 May 2025 16:04:18 -0500 Subject: [PATCH 10/11] Update WebSecurityConfig.java --- .../twilio/accountsecurity/config/WebSecurityConfig.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/twilio/accountsecurity/config/WebSecurityConfig.java b/src/main/java/com/twilio/accountsecurity/config/WebSecurityConfig.java index 0a9b9fe..a372f3e 100644 --- a/src/main/java/com/twilio/accountsecurity/config/WebSecurityConfig.java +++ b/src/main/java/com/twilio/accountsecurity/config/WebSecurityConfig.java @@ -26,10 +26,10 @@ public class WebSecurityConfig { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http .addFilterAfter(new TwoFAFilter(), UsernamePasswordAuthenticationFilter.class) - .authorizeHttpRequests((authz) -> authz - .requestMatchers("/protected/**", "/2fa/**").authenticated() - .requestMatchers("/", "/register/**", "/api/**", "/**.js", "/**.html").permitAll() - ); + .authorizeRequests() + .requestMatchers("/protected/**", "/2fa/**").authenticated() + .requestMatchers("/", "/register/**", "/api/**", "/**.js", "/**.html").permitAll() + .and().logout().permitAll(); return http.build(); } From 561d66def73661e64935475e9fc16d44c39237cd Mon Sep 17 00:00:00 2001 From: Carolina Lopez Date: Wed, 7 May 2025 16:17:10 -0500 Subject: [PATCH 11/11] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9a18c39..54019ac 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ Implementations in other languages: ### Requirements -- [Java Development Kit](https://adoptopenjdk.net/) version 11 or later. +- [Java Development Kit](https://adoptopenjdk.net/) version 17 or later. - A Twilio account - [sign up](https://www.twilio.com/try-twilio) ### Twilio Account Settings