Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spring security #10

Merged
merged 6 commits into from
Sep 23, 2024
Merged

Spring security #10

merged 6 commits into from
Sep 23, 2024

Conversation

ChabVlad
Copy link
Owner

No description provided.

ahoienko
ahoienko suggested changes Sep 20, 2024
View reviewed changes
Copy link

@ahoienko ahoienko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job! left minor comments

src/main/java/project/bookstore/controller/BookController.java Outdated
@@ -23,6 +24,7 @@
@Tag(name = "Book controller", description = "endpoints for managing library")
@RequiredArgsConstructor
@RestController
//@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don`t push commented code on remote

src/main/resources/application.properties Outdated
@@ -2,8 +2,10 @@ spring.application.name=BookStore
spring.datasource.url=jdbc:mysql://localhost/book_store?serverTimezone=UTC
spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
spring.datasource.username=root
spring.datasource.password=pass
spring.datasource.password=!Vladius080197
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is unsafe to push passwords on git, you should left this field blank or use env variable

src/main/java/project/bookstore/service/impl/UserServiceImpl.java Outdated

@Override
public UserResponseDto register(UserRegistrationRequestDto requestDto) {
if (userRepository.existsUserByEmail(requestDto.getEmail())) {
Role role = roleRepo.findByRole(RoleName.ROLE_ADMIN);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why any user that registers is admin?

liliia-ponomarenko
liliia-ponomarenko suggested changes Sep 21, 2024
View reviewed changes
Copy link

@liliia-ponomarenko liliia-ponomarenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job! Let's improve your solution ;)

src/main/java/project/bookstore/model/User.java

@Entity
@Table(name = "users")
@Getter
@Setter
public class User {
public class User implements UserDetails {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is better to override all methods with UserDetails. In particular, the isEnabled method will have its own implementation in your solution ;)

src/main/java/project/bookstore/repository/role/RoleRepo.java Outdated
import project.bookstore.model.Role;
import project.bookstore.model.RoleName;

public interface RoleRepo extends JpaRepository<Role, Integer> {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
public interface RoleRepo extends JpaRepository<Role, Integer> {
public interface RoleRepository extends JpaRepository<Role, Long> {

Don't use abbreviations in the names of variables, classes, and methods.
Also, you used Long as an id variable type.

src/main/java/project/bookstore/repository/user/UserRepo.java Outdated
@Repository
public interface UserRepo extends JpaRepository<User, Integer> {
Boolean existsUserByEmail(String email);
public interface UserRepo extends JpaRepository<User, Long> {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
public interface UserRepo extends JpaRepository<User, Long> {
public interface UserRepository extends JpaRepository<User, Long> {

src/main/resources/db/changelog/changes/06-add-isDeleted-to-users.yaml Outdated
type: tinyint
defaultValueBoolean: false
constraints:
nullable: false
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left one empty line at the end of the file ;)

Elena-Bruyako
Elena-Bruyako suggested changes Sep 22, 2024
View reviewed changes
Copy link

@Elena-Bruyako Elena-Bruyako left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one comment

src/main/java/project/bookstore/config/SecurityConfig.java Outdated
.authorizeHttpRequests(
auth -> auth
.requestMatchers(
HttpMethod.POST,
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
HttpMethod.POST,

liliia-ponomarenko
liliia-ponomarenko approved these changes Sep 23, 2024
View reviewed changes
Copy link

@liliia-ponomarenko liliia-ponomarenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome 😎

@ChabVlad ChabVlad merged commit 33768cb into main Sep 23, 2024
2 checks passed
@ChabVlad ChabVlad deleted the spring_security branch September 23, 2024 11:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Elena-Bruyako Elena-Bruyako Elena-Bruyako requested changes

@liliia-ponomarenko liliia-ponomarenko liliia-ponomarenko approved these changes

@ahoienko ahoienko Awaiting requested review from ahoienko

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ChabVlad @Elena-Bruyako @liliia-ponomarenko @ahoienko