Adición de mecanismos de seguridad

2f44b761 · Alvaro Ordóñez Romero · 960cfc8f · 2f44b761 · 2f44b761 · 2f44b761
Commit 2f44b761 authored Dec 21, 2023 by Alvaro Ordóñez Romero
Showing with 49 additions and 25 deletions
src/main/java/com/carpooling/carpoolingaoraha/entidades/Usuario.java
src/main/java/com/carpooling/carpoolingaoraha/seguridad/ServicioSeguridadCarpooling.java
src/main/java/com/carpooling/carpoolingaoraha/services/ServicioCarPooling.java
src/main/resources/application.properties
src/test/java/com/carpooling/carpoolingaoraha/ControladorRESTEST/ControladorRESTTEST.java
src/test/java/com/carpooling/carpoolingaoraha/services/ServicioCarPoolingTest.java
--- a/src/main/java/com/carpooling/carpoolingaoraha/entidades/Usuario.java
+++ b/src/main/java/com/carpooling/carpoolingaoraha/entidades/Usuario.java
@@ -4,6 +4,7 @@ import com.carpooling.carpoolingaoraha.excepciones.ReservaNoRegistrada;
 import com.carpooling.carpoolingaoraha.excepciones.SolicitudYaExistente;
 import com.carpooling.carpoolingaoraha.excepciones.ViajeNoRegistrado;
 import com.carpooling.carpoolingaoraha.services.ServicioCarPooling;
+import com.carpooling.carpoolingaoraha.utils.CodificadorPassword;
 import com.carpooling.carpoolingaoraha.utils.ExprReg;
 import jakarta.persistence.*;
 import org.antlr.v4.runtime.misc.NotNull;
@@ -90,7 +91,7 @@ public class Usuario {
        this.DNI = DNI;
        this.telefono = telefono;
        this.email = email;
-        this.claveAcceso = claveAcceso;
+        this.claveAcceso = (claveAcceso != null ? CodificadorPassword.codificar(claveAcceso) : null);
        this.puntuacion = new ArrayList<>();
        this.rol = rol;
        this.viajesOfertados = new ArrayList<>();
@@ -385,4 +386,9 @@ public class Usuario {
    public void setHistoricoSolicitudes(List<Solicitud> historicoSolicitudes) {
        this.historicoSolicitudes = historicoSolicitudes;
    }
+    public boolean claveValida(String clave) {
+        return CodificadorPassword.igual(clave, this.claveAcceso);
+        //return this.clave.equals(clave);
+    }
 }
--- a/src/main/java/com/carpooling/carpoolingaoraha/seguridad/ServicioSeguridadCarpooling.java
+++ b/src/main/java/com/carpooling/carpoolingaoraha/seguridad/ServicioSeguridadCarpooling.java
 package com.carpooling.carpoolingaoraha.seguridad;
-import com.carpooling.carpoolingaoraha.utils.CachedBCryptPasswordEncoder;
 import org.springframework.context.annotation.Bean;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -9,11 +8,6 @@ import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.expression.WebExpressionAuthorizationManager;
 public class ServicioSeguridadCarpooling {
-    @Bean
-    PasswordEncoder passwordEncoder() {
-        //return new BCryptPasswordEncoder();
-        return new CachedBCryptPasswordEncoder();
-    }
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
@@ -21,10 +15,9 @@ public class ServicioSeguridadCarpooling {
                .httpBasic(httpBasic -> httpBasic.realmName("carpooling"))
                .csrf(csrf -> csrf.disable())
                .sessionManagement(session -> session.disable())
-                .authorizeHttpRequests(request -> request.requestMatchers(HttpMethod.POST, "http://localhost:8080/")
+                .authorizeHttpRequests(request -> request.requestMatchers(HttpMethod.POST, "/carpooling/usuarios")
-                        .permitAll())
+                        .permitAll());
-                .authorizeHttpRequests(request -> request.requestMatchers("http://localhost:8080/**")
-                        .access(new WebExpressionAuthorizationManager("hasRole('USUARIO') and #dni == principal.username")));
        return httpSecurity.build();
    }

--- a/src/main/java/com/carpooling/carpoolingaoraha/services/ServicioCarPooling.java
+++ b/src/main/java/com/carpooling/carpoolingaoraha/services/ServicioCarPooling.java
@@ -12,7 +12,6 @@ import com.carpooling.carpoolingaoraha.repositorios.ViajeRepository;
 import jakarta.transaction.Transactional;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.annotation.CacheEvict;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.validation.annotation.Validated;
@@ -126,20 +125,13 @@ public class ServicioCarPooling {
        return usuarioLogin;
    }
-    @Transactional
+    public Optional<Usuario> login(@NotBlank String dni, @NotBlank String clave) {
-    public Optional<Usuario> login(@NotBlank String dni,@NotBlank String password) {
+        Optional<Usuario> clienteLogin = repositorioUsuario.buscar(dni)
-        Optional<Usuario> usuarioLogin = repositorioUsuario.buscar(dni);
+                .filter((cliente)->cliente.claveValida(clave));
-        if (usuarioLogin.isPresent()) {
-            Usuario usuario = usuarioLogin.get();
-            BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
-            // Verificar la contraseña
+        return clienteLogin;
-            if (passwordEncoder.matches(password, usuario.getClaveAcceso())) {
-                return usuarioLogin; // La contraseña es correcta
-            }
-        }
-        return usuarioLogin;
    }
    @Transactional
    public Optional<Viaje> verViaje(@NotBlank int id) {
        Optional<Viaje> viaje = repositorioViajes.buscar(id);

--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -9,3 +9,4 @@ spring.jpa.show-sql=true
 spring.jpa.database-platform=org.hibernate.dialect.MySQLDialect
 spring.cache.type=NONE
 spring.security.enabled=false
+loggin.level.org.springframework.security=DEBUG
\ No newline at end of file
--- a/src/test/java/com/carpooling/carpoolingaoraha/ControladorRESTEST/ControladorRESTTEST.java
+++ b/src/test/java/com/carpooling/carpoolingaoraha/ControladorRESTEST/ControladorRESTTEST.java
@@ -45,7 +45,7 @@ public class ControladorRESTTEST {
    @DirtiesContext(methodMode = DirtiesContext.MethodMode.AFTER_METHOD)
    public void altaUsuario(){
        Date fecha = new Date(2000, 12, 1);
-        DTOUsuario usuario = new DTOUsuario("Fernando", "Alonso Diaz",fecha, "78062640S", 670988953, "hola@gmail.com", "1234", Usuario.Rol.CONDUCTOR);
+        DTOUsuario usuario = new DTOUsuario("Fernando", "Alonso Diaz",fecha, "78062640S", 670988953, "hola@gmail.com", "clave", Usuario.Rol.CONDUCTOR);
        ResponseEntity<DTOUsuario> respuesta = restTemplate.postForEntity
                (
                "/usuarios", usuario, DTOUsuario.class

--- a/src/test/java/com/carpooling/carpoolingaoraha/services/ServicioCarPoolingTest.java
+++ b/src/test/java/com/carpooling/carpoolingaoraha/services/ServicioCarPoolingTest.java
@@ -2,12 +2,15 @@ package com.carpooling.carpoolingaoraha.services;
 import com.carpooling.carpoolingaoraha.entidades.*;
 import com.carpooling.carpoolingaoraha.entidades.Usuario.*;
+import org.assertj.core.api.Assertions;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.annotation.DirtiesContext;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+import java.time.LocalDate;
 import java.util.Date;
 import java.util.List;
 import java.util.Optional;
@@ -318,4 +321,32 @@ public class ServicioCarPoolingTest
        assertTrue(viajes.size() > 0);
    }
+    @Test
+    @DirtiesContext(methodMode = DirtiesContext.MethodMode.AFTER_METHOD)
+    public void testAltaYLoginClienteCuenta() throws ParseException {
+        int length = 9;
+        String characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+        // Inicializar el generador de números aleatorios
+        Random random = new Random();
+        StringBuilder sb = new StringBuilder(length);
+        // Generar la cadena aleatoria
+        for (int i = 0; i < length; i++) {
+            int randomIndex = random.nextInt(characters.length());
+            char randomChar = characters.charAt(randomIndex);
+            sb.append(randomChar);
+        }
+        SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
+        java.util.Date yourDate = sdf.parse("1992-07-26");
+        Usuario usuario = new Usuario("Perico", "Alonso", yourDate, "78162640S", 670988953, "aor00039@red.ujaen.es", "clave", Rol.PASAJERO);
+        Usuario usuarioGuardado = servicio.registrarUsuario(usuario);
+        Optional<Usuario> clienteLogin = servicio.login(usuarioGuardado.getDNI(), "clave");
+        Assertions.assertThat(clienteLogin.isPresent()).isTrue();
+        Assertions.assertThat(clienteLogin.get().getDNI().equals(usuario.getDNI()));
+    }
 }