redact stuff, login page, lang and remember me

2023-08-25 23:39:18 +01:00
parent cd0e1a3962
commit 41bd801e0d
12 changed files with 324 additions and 209 deletions
--- a/src/main/java/stirling/software/SPDF/config/CleanUrlInterceptor.java
+++ b/src/main/java/stirling/software/SPDF/config/CleanUrlInterceptor.java
@@ -24,7 +24,7 @@ import org.springframework.web.servlet.ModelAndView;

 public class CleanUrlInterceptor implements HandlerInterceptor {

-	private static final List<String> ALLOWED_PARAMS = Arrays.asList("lang", "endpoint", "endpoints", "logout", "error");
+	private static final List<String> ALLOWED_PARAMS = Arrays.asList("lang", "endpoint", "endpoints", "logout", "error", "file");

 	
 	@Override
@@ -40,11 +40,9 @@ public class CleanUrlInterceptor implements HandlerInterceptor {
 			String[] queryParameters = queryString.split("&");
 			for (String param : queryParameters) {
 				String[] keyValue = param.split("=");
-				System.out.print("astirli " + keyValue[0]);
 				if (keyValue.length != 2) {
 					continue;
 				}
-				System.out.print("astirli2 " + keyValue[0]);

 				if (ALLOWED_PARAMS.contains(keyValue[0])) {
 					parameters.put(keyValue[0], keyValue[1]);
--- a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
+++ b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
@@ -15,7 +15,11 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+import stirling.software.SPDF.repository.JPATokenRepositoryImpl;
+
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
@Configuration
 public class SecurityConfiguration {

@@ -43,7 +47,7 @@ public class SecurityConfiguration {
        
    	if(loginEnabledValue) {
    		
-	    	http.csrf().disable();
+    		http.csrf(csrf -> csrf.disable());
 	        http
 	            .formLogin(formLogin -> formLogin
 	                .loginPage("/login")
@@ -55,8 +59,12 @@ public class SecurityConfiguration {
 	            		.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
 	                    .logoutSuccessUrl("/login?logout=true")
 	                    .invalidateHttpSession(true)        // Invalidate session
-	                    .deleteCookies("JSESSIONID") 
-	            )
+	                    .deleteCookies("JSESSIONID", "remember-me") 
+	            ).rememberMe(rememberMeConfigurer -> rememberMeConfigurer // Use the configurator directly
+                    .key("uniqueAndSecret")
+                    .tokenRepository(persistentTokenRepository())
+                    .tokenValiditySeconds(1209600) // 2 weeks
+                )
 	            .authorizeHttpRequests(authz -> authz
 	                    .requestMatchers(req -> req.getRequestURI().startsWith("/login") || req.getRequestURI().endsWith(".svg") || req.getRequestURI().startsWith("/register") || req.getRequestURI().startsWith("/error") || req.getRequestURI().startsWith("/images/") ||  req.getRequestURI().startsWith("/public/") || req.getRequestURI().startsWith("/css/") || req.getRequestURI().startsWith("/js/"))
 	                    .permitAll()
@@ -65,8 +73,7 @@ public class SecurityConfiguration {
 	            .userDetailsService(userDetailsService)
 	            .authenticationProvider(authenticationProvider());
    	} else {
-    		 http
-             .csrf().disable()
+    		 http.csrf(csrf -> csrf.disable())
             .authorizeHttpRequests(authz -> authz
                 .anyRequest().permitAll()
             );
@@ -84,7 +91,12 @@ public class SecurityConfiguration {
        return authProvider;
    }
    
+    @Bean
+    public PersistentTokenRepository persistentTokenRepository() {
+        return new JPATokenRepositoryImpl();
+    }
    
+
    
 }

--- a/src/main/java/stirling/software/SPDF/model/PersistentLogin.java
+++ b/src/main/java/stirling/software/SPDF/model/PersistentLogin.java
@@ -0,0 +1,60 @@
+package stirling.software.SPDF.model;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+import java.util.Date;
+
+@Entity
+@Table(name = "persistent_logins")
+public class PersistentLogin {
+
+    @Id
+    @Column(name = "series")
+    private String series;
+
+    @Column(name = "username", length = 64, nullable = false)
+    private String username;
+
+    @Column(name = "token", length = 64, nullable = false)
+    private String token;
+
+    @Column(name = "last_used", nullable = false)
+    private Date lastUsed;
+
+	public String getSeries() {
+		return series;
+	}
+
+	public void setSeries(String series) {
+		this.series = series;
+	}
+
+	public String getUsername() {
+		return username;
+	}
+
+	public void setUsername(String username) {
+		this.username = username;
+	}
+
+	public String getToken() {
+		return token;
+	}
+
+	public void setToken(String token) {
+		this.token = token;
+	}
+
+	public Date getLastUsed() {
+		return lastUsed;
+	}
+
+	public void setLastUsed(Date lastUsed) {
+		this.lastUsed = lastUsed;
+	}
+
+    
+    // Getters, setters, etc.
+}
--- a/src/main/java/stirling/software/SPDF/repository/JPATokenRepositoryImpl.java
+++ b/src/main/java/stirling/software/SPDF/repository/JPATokenRepositoryImpl.java
@@ -0,0 +1,53 @@
+package stirling.software.SPDF.repository;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken;
+import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
+import stirling.software.SPDF.model.PersistentLogin;
+import stirling.software.SPDF.repository.PersistentLoginRepository;
+
+import java.util.Date;
+
+public class JPATokenRepositoryImpl implements PersistentTokenRepository {
+
+    @Autowired
+    private PersistentLoginRepository persistentLoginRepository;
+
+    @Override
+    public void createNewToken(PersistentRememberMeToken token) {
+        PersistentLogin newToken = new PersistentLogin();
+        newToken.setSeries(token.getSeries());
+        newToken.setUsername(token.getUsername());
+        newToken.setToken(token.getTokenValue());
+        newToken.setLastUsed(token.getDate());
+        persistentLoginRepository.save(newToken);
+    }
+
+    @Override
+    public void updateToken(String series, String tokenValue, Date lastUsed) {
+        PersistentLogin existingToken = persistentLoginRepository.findById(series).orElse(null);
+        if (existingToken != null) {
+            existingToken.setToken(tokenValue);
+            existingToken.setLastUsed(lastUsed);
+            persistentLoginRepository.save(existingToken);
+        }
+    }
+
+    @Override
+    public PersistentRememberMeToken getTokenForSeries(String seriesId) {
+        PersistentLogin token = persistentLoginRepository.findById(seriesId).orElse(null);
+        if (token != null) {
+            return new PersistentRememberMeToken(token.getUsername(), token.getSeries(), token.getToken(), token.getLastUsed());
+        }
+        return null;
+    }
+
+    @Override
+    public void removeUserTokens(String username) {
+        for (PersistentLogin token : persistentLoginRepository.findAll()) {
+            if (token.getUsername().equals(username)) {
+                persistentLoginRepository.delete(token);
+            }
+        }
+    }
+}
--- a/src/main/java/stirling/software/SPDF/repository/PersistentLoginRepository.java
+++ b/src/main/java/stirling/software/SPDF/repository/PersistentLoginRepository.java
@@ -0,0 +1,7 @@
+package stirling.software.SPDF.repository;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import stirling.software.SPDF.model.PersistentLogin;
+
+public interface PersistentLoginRepository extends JpaRepository<PersistentLogin, String> {
+}