add validation

2023-11-15 09:16:27 +02:00
parent 2d981c5af8
commit fb2695e58a
23 changed files with 314 additions and 62 deletions
--- a/src/main/java/com/faf223/expensetrackerfaf/service/AuthenticationService.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/service/AuthenticationService.java
@@ -10,11 +10,12 @@ import com.faf223.expensetrackerfaf.model.User;
 import com.faf223.expensetrackerfaf.repository.CredentialRepository;
 import com.faf223.expensetrackerfaf.repository.UserRepository;
 import com.faf223.expensetrackerfaf.security.PersonDetails;
+import com.faf223.expensetrackerfaf.util.exceptions.UserNotAuthenticatedException;
+import com.faf223.expensetrackerfaf.util.exceptions.UserNotFoundException;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;

@@ -55,7 +56,7 @@ public class AuthenticationService {
    public AuthenticationResponse authenticate(AuthenticationRequest request) {
        authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(request.getEmail(), request.getPassword()));

-        Credential credential = credentialRepository.findByEmail(request.getEmail()).orElseThrow((() -> new UsernameNotFoundException("User not found")));
+        Credential credential = credentialRepository.findByEmail(request.getEmail()).orElseThrow((() -> new UserNotFoundException("User not found")));

        UserDetails userDetails = new PersonDetails(credential);
        String jwtToken = jwtService.generateToken(userDetails);
@@ -79,7 +80,7 @@ public class AuthenticationService {
                    .refreshToken(refreshToken)
                    .build();
        } else {
-            throw new RuntimeException("Invalid or expired refresh token");
+            throw new UserNotAuthenticatedException("Invalid or expired refresh token");
        }
    }

--- a/src/main/java/com/faf223/expensetrackerfaf/service/ExpenseService.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/service/ExpenseService.java
@@ -1,11 +1,15 @@
 package com.faf223.expensetrackerfaf.service;

-import com.faf223.expensetrackerfaf.model.Credential;
-import com.faf223.expensetrackerfaf.model.Expense;
-import com.faf223.expensetrackerfaf.model.IMoneyTransaction;
+import com.faf223.expensetrackerfaf.model.*;
 import com.faf223.expensetrackerfaf.repository.CredentialRepository;
 import com.faf223.expensetrackerfaf.repository.ExpenseRepository;
+import com.faf223.expensetrackerfaf.repository.UserRepository;
+import com.faf223.expensetrackerfaf.util.exceptions.UserNotAuthenticatedException;
+import com.faf223.expensetrackerfaf.util.exceptions.UserNotFoundException;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Service;

 import java.time.LocalDate;
@@ -20,6 +24,7 @@ public class ExpenseService implements ITransactionService {

    private final ExpenseRepository expenseRepository;
    private final CredentialRepository credentialRepository;
+    private final UserRepository userRepository;

    public void createOrUpdate(IMoneyTransaction expense) {
        expenseRepository.save((Expense) expense);
@@ -40,6 +45,19 @@ public class ExpenseService implements ITransactionService {
        return expenseRepository.findByDate(date);
    }

+    @Override
+    public List<Expense> getTransactionsByDate(LocalDate date, String email) {
+        return getTransactionsByDate(date)
+                .stream()
+                .filter(transaction -> {
+                    Optional<Credential> credential = credentialRepository.findByEmail(email);
+                    if(credential.isEmpty())
+                        throw new UserNotFoundException("The user has not been found");
+                    return credential.get().getUser().equals(transaction.getUser());
+                })
+                .toList();
+    }
+
    // TODO: store transaction month in a separate field in the DB and change this logic
    @Override
    public List<Expense> getTransactionsByMonth(Month month) {
@@ -49,6 +67,19 @@ public class ExpenseService implements ITransactionService {
        return expenseRepository.findByDateBetween(startOfMonth, endOfMonth);
    }

+    @Override
+    public List<Expense> getTransactionsByMonth(Month month, String email) {
+        return getTransactionsByMonth(month)
+                .stream()
+                .filter(transaction -> {
+                    Optional<Credential> credential = credentialRepository.findByEmail(email);
+                    if(credential.isEmpty())
+                        throw new UserNotFoundException("The user has not been found");
+                    return credential.get().getUser().equals(transaction.getUser());
+                })
+                .toList();
+    }
+
    public List<Expense> getTransactions() {
        return expenseRepository.findAll();
    }
@@ -60,4 +91,26 @@ public class ExpenseService implements ITransactionService {
    public void deleteTransactionById(long id) {
        expenseRepository.deleteById(id);
    }
+
+    @Override
+    public boolean belongsToUser(IMoneyTransaction transaction) {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication != null && authentication.getPrincipal() instanceof UserDetails userDetails) {
+
+            if(authentication.getAuthorities().stream().noneMatch(authority -> authority.getAuthority().equals("ADMIN"))) {
+
+                Optional<Credential> credential = credentialRepository.findByEmail(userDetails.getUsername());
+                if(credential.isEmpty()) throw new UserNotFoundException("The user has not been found");
+                Optional<User> user = userRepository.findById(credential.get().getUser().getUserUuid());
+                if(user.isEmpty()) throw new UserNotFoundException("The user has not been found");
+
+                return user.get().getExpenses().contains((Expense) transaction);
+
+            }
+
+        }
+
+        throw new UserNotAuthenticatedException("You are not authenticated");
+    }
 }
--- a/src/main/java/com/faf223/expensetrackerfaf/service/ITransactionService.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/service/ITransactionService.java
@@ -1,6 +1,8 @@
 package com.faf223.expensetrackerfaf.service;

 import com.faf223.expensetrackerfaf.model.IMoneyTransaction;
+import com.faf223.expensetrackerfaf.model.Income;
+import com.faf223.expensetrackerfaf.model.User;

 import java.time.LocalDate;
 import java.time.Month;
@@ -12,8 +14,10 @@ public interface ITransactionService {
    List<? extends IMoneyTransaction> getTransactions();
    List<? extends IMoneyTransaction> getTransactionsByEmail(String email);
    List<? extends IMoneyTransaction> getTransactionsByDate(LocalDate date);
+    List<? extends IMoneyTransaction> getTransactionsByDate(LocalDate date, String email);
    List<? extends IMoneyTransaction> getTransactionsByMonth(Month month);
+    List<? extends IMoneyTransaction> getTransactionsByMonth(Month month, String email);
    IMoneyTransaction getTransactionById(long id);
    void deleteTransactionById(long it);
-
+    boolean belongsToUser(IMoneyTransaction transaction);
 }
--- a/src/main/java/com/faf223/expensetrackerfaf/service/IncomeService.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/service/IncomeService.java
@@ -1,12 +1,18 @@
 package com.faf223.expensetrackerfaf.service;

 import com.faf223.expensetrackerfaf.model.Credential;
-import com.faf223.expensetrackerfaf.model.Expense;
 import com.faf223.expensetrackerfaf.model.IMoneyTransaction;
 import com.faf223.expensetrackerfaf.model.Income;
+import com.faf223.expensetrackerfaf.model.User;
 import com.faf223.expensetrackerfaf.repository.CredentialRepository;
 import com.faf223.expensetrackerfaf.repository.IncomeRepository;
+import com.faf223.expensetrackerfaf.repository.UserRepository;
+import com.faf223.expensetrackerfaf.util.exceptions.UserNotAuthenticatedException;
+import com.faf223.expensetrackerfaf.util.exceptions.UserNotFoundException;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Service;

 import java.time.LocalDate;
@@ -21,6 +27,7 @@ public class IncomeService implements ITransactionService {

    private final IncomeRepository incomeRepository;
    private final CredentialRepository credentialRepository;
+    private final UserRepository userRepository;

    public void createOrUpdate(IMoneyTransaction income) {
        incomeRepository.save((Income) income);
@@ -45,6 +52,19 @@ public class IncomeService implements ITransactionService {
        return incomeRepository.findByDate(date);
    }

+    @Override
+    public List<Income> getTransactionsByDate(LocalDate date, String email) {
+        return getTransactionsByDate(date)
+                .stream()
+                .filter(transaction -> {
+                    Optional<Credential> credential = credentialRepository.findByEmail(email);
+                    if(credential.isEmpty())
+                        throw new UserNotFoundException("The user has not been found");
+                    return credential.get().getUser().equals(transaction.getUser());
+                })
+                .toList();
+    }
+
    // TODO: store transaction month in a separate field in the DB and change this logic
    @Override
    public List<Income> getTransactionsByMonth(Month month) {
@@ -54,6 +74,19 @@ public class IncomeService implements ITransactionService {
        return incomeRepository.findByDateBetween(startOfMonth, endOfMonth);
    }

+    @Override
+    public List<Income> getTransactionsByMonth(Month month, String email) {
+        return getTransactionsByMonth(month)
+                .stream()
+                .filter(transaction -> {
+                    Optional<Credential> credential = credentialRepository.findByEmail(email);
+                    if(credential.isEmpty())
+                        throw new UserNotFoundException("The user has not been found");
+                    return credential.get().getUser().equals(transaction.getUser());
+                })
+                .toList();
+    }
+
    public Income getTransactionById(long id) {
        return incomeRepository.findById(id).orElse(null);
    }
@@ -61,4 +94,26 @@ public class IncomeService implements ITransactionService {
    public void deleteTransactionById(long id) {
        incomeRepository.deleteById(id);
    }
+
+    @Override
+    public boolean belongsToUser(IMoneyTransaction transaction) {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication != null && authentication.getPrincipal() instanceof UserDetails userDetails) {
+
+            if(authentication.getAuthorities().stream().noneMatch(authority -> authority.getAuthority().equals("ADMIN"))) {
+
+                Optional<Credential> credential = credentialRepository.findByEmail(userDetails.getUsername());
+                if(credential.isEmpty()) throw new UserNotFoundException("The user has not been found");
+                Optional<User> user = userRepository.findById(credential.get().getUser().getUserUuid());
+                if(user.isEmpty()) throw new UserNotFoundException("The user has not been found");
+
+                return user.get().getIncomes().contains((Income) transaction);
+
+            }
+
+        }
+
+        throw new UserNotAuthenticatedException("You are not authenticated");
+    }
 }