From b838bc24d42d07c0424b2a5295a4cb120916073b Mon Sep 17 00:00:00 2001 From: Joaquim Cunha Date: Mon, 20 Feb 2023 15:39:06 +0000 Subject: [PATCH] added recover request route --- .../ni/website/backend/config/auth/AuthConfigProperties.kt | 3 ++- .../up/fe/ni/website/backend/controller/AuthController.kt | 7 +++++++ .../pt/up/fe/ni/website/backend/service/AuthService.kt | 5 +++++ src/main/resources/application.properties | 1 + 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/config/auth/AuthConfigProperties.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/config/auth/AuthConfigProperties.kt index 18c9484a..eb76c213 100644 --- a/src/main/kotlin/pt/up/fe/ni/website/backend/config/auth/AuthConfigProperties.kt +++ b/src/main/kotlin/pt/up/fe/ni/website/backend/config/auth/AuthConfigProperties.kt @@ -9,5 +9,6 @@ data class AuthConfigProperties( val publicKey: RSAPublicKey, val privateKey: RSAPrivateKey, val jwtAccessExpirationMinutes: Long, - val jwtRefreshExpirationDays: Long + val jwtRefreshExpirationDays: Long, + val jwtRecoveryExpirationMinutes: Long ) diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AuthController.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AuthController.kt index 2239a3f7..49d54e1a 100644 --- a/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AuthController.kt +++ b/src/main/kotlin/pt/up/fe/ni/website/backend/controller/AuthController.kt @@ -2,6 +2,7 @@ package pt.up.fe.ni.website.backend.controller import org.springframework.security.access.prepost.PreAuthorize import org.springframework.web.bind.annotation.GetMapping +import org.springframework.web.bind.annotation.PathVariable import org.springframework.web.bind.annotation.PostMapping import org.springframework.web.bind.annotation.RequestBody import org.springframework.web.bind.annotation.RequestMapping @@ -27,6 +28,12 @@ class AuthController(val authService: AuthService) { return mapOf("access_token" to accessToken) } + @PostMapping("/recoverPassword/{id}") + fun generateRecoveryToken(@PathVariable id: Long): Map { + val recoveryToken = authService.generateRecoveryToken(id) + return mapOf("recovery_token" to recoveryToken) + } + @GetMapping @PreAuthorize("hasRole('MEMBER')") fun checkAuthentication(): Map { diff --git a/src/main/kotlin/pt/up/fe/ni/website/backend/service/AuthService.kt b/src/main/kotlin/pt/up/fe/ni/website/backend/service/AuthService.kt index f5fb93fe..6e9168f0 100644 --- a/src/main/kotlin/pt/up/fe/ni/website/backend/service/AuthService.kt +++ b/src/main/kotlin/pt/up/fe/ni/website/backend/service/AuthService.kt @@ -57,6 +57,11 @@ class AuthService( return generateAccessToken(account) } + fun generateRecoveryToken(id: Long): String { + val account = accountService.getAccountById(id) + return generateToken(account, Duration.ofMinutes(authConfigProperties.jwtRecoveryExpirationMinutes)) + } + fun getAuthenticatedAccount(): Account { val authentication = SecurityContextHolder.getContext().authentication return accountService.getAccountByEmail(authentication.name) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 12a8773f..141dda9e 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -24,6 +24,7 @@ auth.private-key=classpath:certs/private.pem auth.public-key=classpath:certs/public.pem auth.jwt-access-expiration-minutes=60 auth.jwt-refresh-expiration-days=7 +auth.jwt-recovery-expiration-minutes=15 # Due to a problem with Hibernate, which is using a deprecated property. This should be removed when fixed # See https://github.com/spring-projects/spring-data-jpa/issues/2717 for more information