Added basic authentication on api POST routes.

2018-10-08 11:42:13 +01:00 · 2018-10-08 11:42:13 +01:00 · 65070275a3
commit 65070275a3
parent 72e8b095c8
6 changed files with 146 additions and 58 deletions
--- a/backend/pom.xml
+++ b/backend/pom.xml
@ -39,6 +39,10 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.module</groupId>
            <artifactId>jackson-module-kotlin</artifactId>
--- a/backend/src/main/kotlin/uk/co/neviyn/observationdatabase/Security.kt
+++ b/backend/src/main/kotlin/uk/co/neviyn/observationdatabase/Security.kt
@ -0,0 +1,72 @@
+package uk.co.neviyn.observationdatabase
+
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.http.HttpMethod
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.core.AuthenticationException
+import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.stereotype.Component
+import java.io.IOException
+import javax.servlet.ServletException
+import javax.servlet.http.HttpServletRequest
+import javax.servlet.http.HttpServletResponse
+
+
+@Configuration
+@EnableWebSecurity
+class CustomWebSecurityConfigurerAdapter : WebSecurityConfigurerAdapter() {
+
+    @Autowired
+    lateinit var authenticationEntryPoint: MyBasicAuthenticationEntryPoint
+
+    @Autowired
+    @Throws(Exception::class)
+    fun configureGlobal(auth: AuthenticationManagerBuilder) {
+        auth.inMemoryAuthentication()
+                .withUser("admin").password(passwordEncoder().encode("admin"))
+                .authorities("ROLE_USER")
+    }
+
+    @Throws(Exception::class)
+    override fun configure(http: HttpSecurity) {
+        http.csrf().disable().authorizeRequests()
+                .antMatchers(HttpMethod.POST, "/api/**").authenticated()
+                .anyRequest().permitAll()
+                .and()
+                .httpBasic()
+                .authenticationEntryPoint(authenticationEntryPoint)
+                .and()
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+    }
+
+    @Bean
+    fun passwordEncoder(): PasswordEncoder {
+        return BCryptPasswordEncoder()
+    }
+}
+
+@Component
+class MyBasicAuthenticationEntryPoint: BasicAuthenticationEntryPoint() {
+
+    @Throws(IOException::class, ServletException::class)
+    override fun commence
+    (request: HttpServletRequest, response: HttpServletResponse, authEx: AuthenticationException) {
+        response.addHeader("WWW-Authenticate", "Basic realm=\"$realmName\"")
+        response.status = HttpServletResponse.SC_UNAUTHORIZED
+        response.writer.println("HTTP Status 401 - " + authEx.message)
+    }
+
+    @Throws
+    override fun afterPropertiesSet() {
+        realmName = "Security"
+        super.afterPropertiesSet()
+    }
+}
--- a/backend/src/test/kotlin/uk/co/neviyn/observationdatabase/ControllerTest.kt
+++ b/backend/src/test/kotlin/uk/co/neviyn/observationdatabase/ControllerTest.kt
@ -144,7 +144,7 @@ class ControllerTest {
        val observation = Observation(1, site, LocalDate.now(), TrainingType.INITIAL, "An Observation", "Group A", 5.0, 5.0, 5.0, .05, 5.0, newData.entries, setOf(tutor))
        doReturn(observation).`when`(observationRepository).save(ArgumentMatchers.any())
        val result = controller.addObservation(newData)
-        assertEquals(1, result)
+        assertEquals(1L, result)
    }

 }
--- a/frontend/src/views/Home.vue
+++ b/frontend/src/views/Home.vue
@ -144,7 +144,7 @@
                console.log("submit");
                e.preventDefault();
                e.stopPropagation();
-                var form = document.getElementById("submission-form");
+                let form = document.getElementById("submission-form");
                if (form.checkValidity()) {
                    this.$router.push("/observation");
                }
--- a/frontend/src/views/NewSite.vue
+++ b/frontend/src/views/NewSite.vue
@ -1,59 +1,71 @@
 <template>
-  <b-container>
-    <h2>New Site</h2>
-    <b-form @submit="onSubmit" id="submission-form">
-      <b-form-group horizontal label="Site Name">
-        <b-form-input v-model="siteName" type="text" style="text-align:center;" />
-      </b-form-group>
-      <b-button type="submit" size="lg" variant="primary">Submit</b-button>
-    </b-form>
-    <br />
-    <b-alert :show="dismissCountDown" dismissible fade :variant="alertVariant" @dismissed="dismissCountDown=0" @dismiss-count-down="countDownChanged">
-      {{ alertText }}
-    </b-alert>
-  </b-container>
+    <b-container>
+        <h2>New Site</h2>
+        <b-form @submit="onSubmit" id="submission-form">
+            <b-form-group horizontal label="Site Name">
+                <b-form-input v-model="siteName" type="text" style="text-align:center;"/>
+            </b-form-group>
+            <b-form-group horizontal label="Password">
+                <b-form-input v-model="submissionPassword" type="password" style="text-align:center;" />
+            </b-form-group>
+            <b-button type="submit" size="lg" variant="primary">Submit</b-button>
+        </b-form>
+        <br/>
+        <b-alert :show="dismissCountDown" dismissible fade :variant="alertVariant" @dismissed="dismissCountDown=0"
+                 @dismiss-count-down="countDownChanged">
+            {{ alertText }}
+        </b-alert>
+    </b-container>
 </template>

 <script>
-import Vue from "vue";
-export default {
-  name: "newSite",
-  data: function() {
-    return {
-      siteName: null,
-      dismissSecs: 5,
-      dismissCountDown: 0,
-      alertVariant: "info",
-      alertText: ""
+    import Vue from "vue";
+
+    export default {
+        name: "newSite",
+        data: function () {
+            return {
+                siteName: null,
+                dismissSecs: 5,
+                dismissCountDown: 0,
+                alertVariant: "info",
+                alertText: "",
+                submissionPassword: ""
+            };
+        },
+        methods: {
+            countDownChanged: function (dismissCountDown) {
+                this.dismissCountDown = dismissCountDown;
+            },
+            showAlert: function () {
+                this.dismissCountDown = this.dismissSecs;
+            },
+            onSubmit: function (e) {
+                e.preventDefault();
+                e.stopPropagation();
+                var form = document.getElementById("submission-form");
+                let axiosConfig = {
+                    auth: {
+                        username: "admin",
+                        password: this.submissionPassword
+                    }
+                };
+                if (form.checkValidity()) {
+                    Vue.axios
+                        .post("/site", {'name': this.siteName}, axiosConfig)
+                        .then(response => {
+                            this.alertVariant = "success";
+                            this.alertText = "Successfully added " + response.data.text;
+                            this.showAlert();
+                        })
+                        .catch(error => {
+                            this.alertVariant = "danger";
+                            this.alertText = "Failed to add Site";
+                            this.showAlert();
+                            console.log(error);
+                        });
+                }
+            }
+        }
    };
-  },
-  methods: {
-    countDownChanged: function(dismissCountDown) {
-      this.dismissCountDown = dismissCountDown;
-    },
-    showAlert: function() {
-      this.dismissCountDown = this.dismissSecs;
-    },
-    onSubmit: function(e) {
-      e.preventDefault();
-      e.stopPropagation();
-      var form = document.getElementById("submission-form");
-      if (form.checkValidity()) {
-        Vue.axios
-          .post("/site", { 'name':this.siteName })
-          .then(response => {
-            this.alertVariant = "success";
-            this.alertText = "Successfully added " + response.data.text;
-            this.showAlert();
-          })
-          .catch(error => {
-            this.alertVariant = "danger";
-            this.alertText = "Failed to add Site";
-            this.showAlert();
-            console.log(error);
-          });
-      }
-    }
-  }
-};
 </script>
--- a/frontend/src/views/NewTutor.vue
+++ b/frontend/src/views/NewTutor.vue
@ -60,7 +60,7 @@ export default {
      var form = document.getElementById("submission-form");
      let axiosConfig = {
        auth: {
-          username: "test",
+          username: "admin",
          password: this.submissionPassword
        }
      };
@ -69,7 +69,7 @@ export default {
          .post("/tutor", {
            'siteId': this.siteSelection,
            'name': this.tutorName
-          })
+          }, axiosConfig)
          .then(response => {
            this.alertVariant = "success";
            this.alertText = "Successfully added " + response.data.text;
@ -80,7 +80,7 @@ export default {
            this.alertText = "Failed to add Tutor";
            this.showAlert();
            console.log(error);
-          }, axiosConfig);
+          });
      }
    }
  }