diff --git a/employee/src/main/java/com/hart/Supermarket/employee/api/AuthenticationController.java b/employee/src/main/java/com/hart/Supermarket/employee/api/AuthenticationController.java index 2096e8f..3e72ff0 100644 --- a/employee/src/main/java/com/hart/Supermarket/employee/api/AuthenticationController.java +++ b/employee/src/main/java/com/hart/Supermarket/employee/api/AuthenticationController.java @@ -7,6 +7,7 @@ import com.hart.Supermarket.employee.security.MyUserDetailService; import com.hart.Supermarket.employee.security.models.AuthenticationRequest; import com.hart.Supermarket.employee.security.models.AuthenticationResponse; +import com.hart.Supermarket.employee.security.models.TwoFactorAuthenticationRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -91,32 +92,44 @@ private void sendEmailForTwoFactorAuthentication(String to, String text) { @PostMapping(value= "/login/2fa", produces = { "application/json" } ) public ResponseEntity authenticateSecondFactor( - @RequestBody AuthenticationRequest authenticationRequest) throws Exception { - - try { - authenticationManager.authenticate( - new UsernamePasswordAuthenticationToken( - authenticationRequest.getUsername(), - authenticationRequest.getPassword()) - ); - } - catch (BadCredentialsException e) { - throw new Exception("Incorrect username or password", e); - } + @RequestBody TwoFactorAuthenticationRequest twoFactorAuthenticationRequest) throws Exception { + + Employee empl = employeeRepository.findEmployeeByEmail( + twoFactorAuthenticationRequest.getUsername()); + logger.info(empl.toString()); + + if (twoFactorAuthenticationRequest.getTwoFactorAuthCode() + .equals(empl.getTwoFactorString())) { - final UserDetails userDetails = userDetailsService - .loadUserByUsername(authenticationRequest.getUsername()); + try { + authenticationManager.authenticate( + new UsernamePasswordAuthenticationToken( + twoFactorAuthenticationRequest.getUsername(), + twoFactorAuthenticationRequest.getPassword()) + ); + } + catch (BadCredentialsException e) { + throw new Exception("Incorrect username and/or password", e); + } - final String jwt = jwtTokenUtil.generateToken(userDetails); + final UserDetails userDetails = userDetailsService + .loadUserByUsername(twoFactorAuthenticationRequest.getUsername()); - return ResponseEntity.ok(new AuthenticationResponse(jwt)); + final String jwt = jwtTokenUtil.generateToken(userDetails); + + return ResponseEntity.ok(new AuthenticationResponse(jwt)); + } + + return (ResponseEntity) ResponseEntity.badRequest(); } + @GetMapping(value= "/validate", produces = { "application/json" } ) public ResponseEntity validate() { return ResponseEntity.ok("Successfully Validated Token"); } + @PostMapping(value= "/login/changePassword", produces = { "application/json" } ) public ResponseEntity changePassword(@RequestParam String secAnswer) { return null; //will reset the users password after the correct question. diff --git a/employee/src/main/java/com/hart/Supermarket/employee/security/WebSecurityConfiguration.java b/employee/src/main/java/com/hart/Supermarket/employee/security/WebSecurityConfiguration.java index 75809f3..1b4a4be 100644 --- a/employee/src/main/java/com/hart/Supermarket/employee/security/WebSecurityConfiguration.java +++ b/employee/src/main/java/com/hart/Supermarket/employee/security/WebSecurityConfiguration.java @@ -41,6 +41,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/employees/authentication/login"); + web.ignoring().antMatchers("/employees/authentication/login/2fa"); web.ignoring().antMatchers("/employees/all"); //temporary web.ignoring().antMatchers("/employees/create"); web.ignoring().antMatchers("/employees/deleteall"); //temporary diff --git a/employee/src/main/java/com/hart/Supermarket/employee/security/models/TwoFactorAuthenticationRequest.java b/employee/src/main/java/com/hart/Supermarket/employee/security/models/TwoFactorAuthenticationRequest.java index 7585f5d..d0f0a2d 100644 --- a/employee/src/main/java/com/hart/Supermarket/employee/security/models/TwoFactorAuthenticationRequest.java +++ b/employee/src/main/java/com/hart/Supermarket/employee/security/models/TwoFactorAuthenticationRequest.java @@ -6,6 +6,7 @@ public class TwoFactorAuthenticationRequest implements Serializable { private String username; + private String password; private String twoFactorAuthCode; public String getUsername() { @@ -24,14 +25,23 @@ public void setTwoFactorAuthCode(String twoFactorAuthCode) { this.twoFactorAuthCode = twoFactorAuthCode; } + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + //need default constructor for JSON Parsing public TwoFactorAuthenticationRequest() { } - public TwoFactorAuthenticationRequest(String username, String twoFactorAuthCode) { + public TwoFactorAuthenticationRequest(String username, String twoFactorAuthCode, String password) { this.setUsername(username); this.setTwoFactorAuthCode(twoFactorAuthCode); + this.setPassword(password); } } \ No newline at end of file