registro y fallos en la seguridad

CodeURJC-DAW-2019-20 · Feb 24, 2020 · fde7006 · fde7006
1 parent 98a10ef
commit fde7006
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 8 deletions.
diff --git a/practica/src/main/java/com/practica/demo/WebController.java b/practica/src/main/java/com/practica/demo/WebController.java
@@ -161,16 +161,20 @@ public String goProfile(Model model, @RequestParam(required = false) int id) {
 		model.addAttribute("player",player);
 
 		if (team != null) {
-		model.addAttribute("team", team);
+			model.addAttribute("team", team);
+		}
+		else {
+			model.addAttribute("team.name", " ");
 		}
-
-
-
 		return "profile";
 	}	
 
 	@RequestMapping("/editProfile")
 	public String tournaments(Model model) {
+
+		model.addAttribute("noloaded", !userComponent.isLoggedUser());
+		model.addAttribute("user",userComponent.getLoggedUser());
+
 		return "userConfig";
 	}
 
@@ -222,8 +226,17 @@ public String newUser(Model model, User user, @RequestParam("confirm") String co
 		ValidatorFactory factory = Validation.buildDefaultValidatorFactory();
 		Validator validator = factory.getValidator();
 	    Set<ConstraintViolation<User>> violations = validator.validate(user);
-
+	       
 	    if(violations.isEmpty()) {	
+
+	    	if(userRepository.findByemailOrusername(user.getEmail(), user.getUsername())!=null) {
+	    		model.addAttribute("wrongemail",true);
+	    		model.addAttribute("email","Already exits");
+	    		model.addAttribute("wrongusername",true);
+	    		model.addAttribute("username","Already exits");
+		    	return "/register";
+	    	}
+
 	    	if(user.getPassword().contentEquals(confirmpass)) {
 	    		return generateUser(model,user);
 	    	}
@@ -250,7 +263,7 @@ private String generateUser(Model model,User user) {
 
 			player.setUser(user);
 
-			playerRepository.save(player);
+	//		playerRepository.save(player);
 
 			User useraux = userRepository.findByemail(user.getEmail());
 	    	userComponent.setLoggedUser(useraux);

diff --git a/practica/src/main/java/com/practica/demo/data/user/RespositoryUser.java b/practica/src/main/java/com/practica/demo/data/user/RespositoryUser.java
@@ -1,11 +1,17 @@
 package com.practica.demo.data.user;
 
+import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.CrudRepository;
 
 public interface RespositoryUser extends CrudRepository<User, Integer> {
 
 	User findByusername(String username);
 
 	User findByemail(String email);
+
+	@Query(
+			 value = "select * from user where email = ?1 or UserName = ?2",
+			 nativeQuery = true)
+	User findByemailOrusername(String email, String username);
 
 }
diff --git a/practica/src/main/java/com/practica/demo/security/WebSecurityConfig.java b/practica/src/main/java/com/practica/demo/security/WebSecurityConfig.java
@@ -97,8 +97,9 @@ public void destroy() {
         // Private pages (all other pages)
        // http.authorizeRequests().antMatchers("/newbook").hasAnyRole("USER"); //a la espera de una pagina decente
 
-        http.authorizeRequests().antMatchers("/profile").hasAnyRole("user");
-        http.authorizeRequests().antMatchers("/profile").hasAnyRole("Admin");
+        http.authorizeRequests().anyRequest().authenticated();
+        //http.authorizeRequests().antMatchers("/profile").hasAnyRole("User");
+        //http.authorizeRequests().antMatchers("/profile").hasAnyRole("Admin");
 
         // Login form
         http.formLogin().loginPage("/login");