added recover request route

NIAEFEUP · Feb 20, 2023 · b838bc2 · b838bc2
1 parent e3023a0
commit b838bc2
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 1 deletion.
diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/config/auth/AuthConfigProperties.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/config/auth/AuthConfigProperties.kt
@@ -9,5 +9,6 @@ data class AuthConfigProperties(
     val publicKey: RSAPublicKey,
     val privateKey: RSAPrivateKey,
     val jwtAccessExpirationMinutes: Long,
-    val jwtRefreshExpirationDays: Long
+    val jwtRefreshExpirationDays: Long,
+    val jwtRecoveryExpirationMinutes: Long
 )
diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AuthController.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AuthController.kt
@@ -2,6 +2,7 @@ package pt.up.fe.ni.website.backend.controller
 
 import org.springframework.security.access.prepost.PreAuthorize
 import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.PostMapping
 import org.springframework.web.bind.annotation.RequestBody
 import org.springframework.web.bind.annotation.RequestMapping
@@ -27,6 +28,12 @@ class AuthController(val authService: AuthService) {
         return mapOf("access_token" to accessToken)
     }
 
+    @PostMapping("/recoverPassword/{id}")
+    fun generateRecoveryToken(@PathVariable id: Long): Map<String, String> {
+        val recoveryToken = authService.generateRecoveryToken(id)
+        return mapOf("recovery_token" to recoveryToken)
+    }
+
     @GetMapping
     @PreAuthorize("hasRole('MEMBER')")
     fun checkAuthentication(): Map<String, String> {

diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/service/AuthService.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/service/AuthService.kt
@@ -57,6 +57,11 @@ class AuthService(
         return generateAccessToken(account)
     }
 
+    fun generateRecoveryToken(id: Long): String {
+        val account = accountService.getAccountById(id)
+        return generateToken(account, Duration.ofMinutes(authConfigProperties.jwtRecoveryExpirationMinutes))
+    }
+
     fun getAuthenticatedAccount(): Account {
         val authentication = SecurityContextHolder.getContext().authentication
         return accountService.getAccountByEmail(authentication.name)

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -24,6 +24,7 @@ auth.private-key=classpath:certs/private.pem
 auth.public-key=classpath:certs/public.pem
 auth.jwt-access-expiration-minutes=60
 auth.jwt-refresh-expiration-days=7
+auth.jwt-recovery-expiration-minutes=15
 
 # Due to a problem with Hibernate, which is using a deprecated property. This should be removed when fixed
 # See https://github.com/spring-projects/spring-data-jpa/issues/2717 for more information