Two Factor Authentication

hart-james · Jul 19, 2021 · 8080cb0 · 8080cb0
1 parent 22f7763
commit 8080cb0
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 17 deletions.
diff --git a/employee/src/main/java/com/hart/Supermarket/employee/api/AuthenticationController.java b/employee/src/main/java/com/hart/Supermarket/employee/api/AuthenticationController.java
@@ -7,6 +7,7 @@
 import com.hart.Supermarket.employee.security.MyUserDetailService;
 import com.hart.Supermarket.employee.security.models.AuthenticationRequest;
 import com.hart.Supermarket.employee.security.models.AuthenticationResponse;
+import com.hart.Supermarket.employee.security.models.TwoFactorAuthenticationRequest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -91,32 +92,44 @@ private void sendEmailForTwoFactorAuthentication(String to, String text) {
 
     @PostMapping(value= "/login/2fa", produces = { "application/json" } )
     public ResponseEntity<?>  authenticateSecondFactor(
-            @RequestBody AuthenticationRequest authenticationRequest) throws Exception {
-
-        try {
-            authenticationManager.authenticate(
-                    new UsernamePasswordAuthenticationToken(
-                            authenticationRequest.getUsername(),
-                            authenticationRequest.getPassword())
-            );
-        }
-        catch (BadCredentialsException e) {
-            throw new Exception("Incorrect username or password", e);
-        }
+            @RequestBody TwoFactorAuthenticationRequest twoFactorAuthenticationRequest) throws Exception {
+
+            Employee empl = employeeRepository.findEmployeeByEmail(
+                    twoFactorAuthenticationRequest.getUsername());
+            logger.info(empl.toString());
+
+            if (twoFactorAuthenticationRequest.getTwoFactorAuthCode()
+                    .equals(empl.getTwoFactorString())) {
 
-        final UserDetails userDetails = userDetailsService
-                .loadUserByUsername(authenticationRequest.getUsername());
+                try {
+                    authenticationManager.authenticate(
+                            new UsernamePasswordAuthenticationToken(
+                                    twoFactorAuthenticationRequest.getUsername(),
+                                    twoFactorAuthenticationRequest.getPassword())
+                    );
+                }
+                catch (BadCredentialsException e) {
+                    throw new Exception("Incorrect username and/or password", e);
+                }
 
-        final String jwt = jwtTokenUtil.generateToken(userDetails);
+                final UserDetails userDetails = userDetailsService
+                        .loadUserByUsername(twoFactorAuthenticationRequest.getUsername());
 
-        return ResponseEntity.ok(new AuthenticationResponse(jwt));
+                final String jwt = jwtTokenUtil.generateToken(userDetails);
+
+                return ResponseEntity.ok(new AuthenticationResponse(jwt));
+            }
+
+            return (ResponseEntity<?>) ResponseEntity.badRequest();
     }
 
+
     @GetMapping(value= "/validate", produces = { "application/json" } )
     public ResponseEntity<String> validate() {
         return ResponseEntity.ok("Successfully Validated Token");
     }
 
+
     @PostMapping(value= "/login/changePassword", produces = { "application/json" } )
     public ResponseEntity<?> changePassword(@RequestParam String secAnswer) {
         return null; //will reset the users password after the correct question.

diff --git a/employee/src/main/java/com/hart/Supermarket/employee/security/WebSecurityConfiguration.java b/employee/src/main/java/com/hart/Supermarket/employee/security/WebSecurityConfiguration.java
@@ -41,6 +41,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
     @Override
     public void configure(WebSecurity web) throws Exception {
         web.ignoring().antMatchers("/employees/authentication/login");
+        web.ignoring().antMatchers("/employees/authentication/login/2fa");
         web.ignoring().antMatchers("/employees/all"); //temporary
         web.ignoring().antMatchers("/employees/create");
         web.ignoring().antMatchers("/employees/deleteall"); //temporary

diff --git a/...in/java/com/hart/Supermarket/employee/security/models/TwoFactorAuthenticationRequest.java b/...in/java/com/hart/Supermarket/employee/security/models/TwoFactorAuthenticationRequest.java
@@ -6,6 +6,7 @@ public class TwoFactorAuthenticationRequest implements Serializable {
 
 
     private String username;
+    private String password;
     private String twoFactorAuthCode;
 
     public String getUsername() {
@@ -24,14 +25,23 @@ public void setTwoFactorAuthCode(String twoFactorAuthCode) {
         this.twoFactorAuthCode = twoFactorAuthCode;
     }
 
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
     //need default constructor for JSON Parsing
     public TwoFactorAuthenticationRequest()
     {
 
     }
 
-    public TwoFactorAuthenticationRequest(String username, String twoFactorAuthCode) {
+    public TwoFactorAuthenticationRequest(String username, String twoFactorAuthCode, String password) {
         this.setUsername(username);
         this.setTwoFactorAuthCode(twoFactorAuthCode);
+        this.setPassword(password);
     }
 }