From 036d4e52b40afb1bc3c8a1057d014e1d3fc8e119 Mon Sep 17 00:00:00 2001 From: samuelribeiroo Date: Fri, 17 Jan 2025 09:09:06 -0300 Subject: [PATCH] fix(bug): change the way that jwt is recovered --- src/main/java/auth/api/config/JWTService.java | 6 ++++-- .../auth/api/model/user/UserAuthenticationDTO.java | 8 +++++--- src/main/java/auth/api/model/user/Users.java | 2 +- src/main/java/auth/api/services/UserService.java | 13 +++++++------ 4 files changed, 17 insertions(+), 12 deletions(-) diff --git a/src/main/java/auth/api/config/JWTService.java b/src/main/java/auth/api/config/JWTService.java index ae9a47a..480c751 100644 --- a/src/main/java/auth/api/config/JWTService.java +++ b/src/main/java/auth/api/config/JWTService.java @@ -14,6 +14,8 @@ import java.time.Duration; import java.time.Instant; import java.util.Date; +import java.util.Set; +import java.util.stream.Collectors; @Service @@ -32,14 +34,14 @@ public void init() { } - public String generateToken(String username, String role) { + public String generateToken(String username, Set roles) { Instant now = Instant.now(); Instant expireAt = now.plus(Duration.ofDays(expiration)); String token = Jwts.builder() .setSubject(username) - .claim("role", role) + .claim("roles", roles.stream().map(UserRoles::name).collect(Collectors.joining(","))) .setIssuedAt(new Date()) .setExpiration(Date.from(expireAt)) .signWith(key) diff --git a/src/main/java/auth/api/model/user/UserAuthenticationDTO.java b/src/main/java/auth/api/model/user/UserAuthenticationDTO.java index 99a32be..b239ba5 100644 --- a/src/main/java/auth/api/model/user/UserAuthenticationDTO.java +++ b/src/main/java/auth/api/model/user/UserAuthenticationDTO.java @@ -1,11 +1,13 @@ package auth.api.model.user; +import jakarta.validation.constraints.*; + import java.util.*; public class UserAuthenticationDTO { private String username; private String password; - private UserRoles roles; + private Set roles; // Getters public String getUsername() { @@ -17,7 +19,7 @@ public String getPassword() { } public Set getRoles() { - return Collections.singleton(roles); + return roles; } // Setters @@ -29,7 +31,7 @@ public void setPassword(String password) { this.password = password; } - public void setRoles(UserRoles roles) { + public void setRoles(Set roles) { this.roles = roles; } } diff --git a/src/main/java/auth/api/model/user/Users.java b/src/main/java/auth/api/model/user/Users.java index bc23060..759aff7 100644 --- a/src/main/java/auth/api/model/user/Users.java +++ b/src/main/java/auth/api/model/user/Users.java @@ -27,7 +27,7 @@ public class Users { public String getPassword() { return password; } - public String getRoles() { return roles.toString(); } + public Set getRoles() { return roles; } // Setters public void setUsername(String username) { this.username = username; } diff --git a/src/main/java/auth/api/services/UserService.java b/src/main/java/auth/api/services/UserService.java index c364e29..a0c20d2 100644 --- a/src/main/java/auth/api/services/UserService.java +++ b/src/main/java/auth/api/services/UserService.java @@ -31,7 +31,7 @@ public UserService(UserRepository userRepository, PasswordEncoder passwordEncode public ResponseEntity registerUser(@Valid @RequestBody UserAuthenticationDTO registerDTO) { - if (registerDTO.getPassword() == null || registerDTO.getPassword().isEmpty()) { + if (registerDTO.getPassword() == null || registerDTO.getPassword().isBlank()) { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("O campo 'password' é obrigatório."); } @@ -59,17 +59,18 @@ public ResponseEntity registerUser(@Valid @RequestBody UserAuthenticationDTO public ResponseEntity login(@RequestBody UserAuthenticationDTO loginDTO) { var userExists = userRepository.findByUsername(loginDTO.getUsername()); - if (userExists.isEmpty()) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Usuário não encontrado"); + if (userExists.isEmpty()) { + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Usuário não encontrado"); + } Users user = userExists.get(); - if (!passwordEncoder.matches(loginDTO.getPassword(), user.getPassword())) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Usuário e senha não autorizados."); - + if (!passwordEncoder.matches(loginDTO.getPassword(), user.getPassword())) { + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Usuário e senha não autorizados."); + } String token = jwtService.generateToken(user.getUsername(), user.getRoles()); - - return ResponseEntity.status(HttpStatus.OK).body(new TokenDTO(token)); }