From c8f7de494305e2e660cdb3a1b4aa7aa9d038b4cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 22 Mar 2025 18:08:38 +0000 Subject: [PATCH 01/12] Bump jetty.version from 12.0.17 to 12.0.18 Bumps `jetty.version` from 12.0.17 to 12.0.18. Updates `org.eclipse.jetty:jetty-server` from 12.0.17 to 12.0.18 Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.0.17 to 12.0.18 Updates `org.eclipse.jetty.ee10:jetty-ee10-annotations` from 12.0.17 to 12.0.18 Updates `org.eclipse.jetty.ee10:jetty-ee10-apache-jsp` from 12.0.17 to 12.0.18 Updates `org.eclipse.jetty:jetty-rewrite` from 12.0.17 to 12.0.18 Updates `org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server` from 12.0.17 to 12.0.18 Updates `org.eclipse.jetty.websocket:jetty-websocket-jetty-client` from 12.0.17 to 12.0.18 Updates `org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin` from 12.0.17 to 12.0.18 --- updated-dependencies: - dependency-name: org.eclipse.jetty:jetty-server dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-annotations dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-apache-jsp dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-rewrite dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.websocket:jetty-websocket-jetty-client dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 94b195107..ce03cb408 100644 --- a/pom.xml +++ b/pom.xml @@ -41,7 +41,7 @@ 6.2.0 6.4.3 9.2.0 - 12.0.17 + 12.0.18 1.18.36 2.18.3 4.6 From 1c3c3bb3e5f85b9410353aa410537bf189863665 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 22 Mar 2025 18:08:48 +0000 Subject: [PATCH 02/12] Bump spring.security.version from 6.4.3 to 6.4.4 Bumps `spring.security.version` from 6.4.3 to 6.4.4. Updates `org.springframework.security:spring-security-web` from 6.4.3 to 6.4.4 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/6.4.3...6.4.4) Updates `org.springframework.security:spring-security-config` from 6.4.3 to 6.4.4 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/6.4.3...6.4.4) --- updated-dependencies: - dependency-name: org.springframework.security:spring-security-web dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 94b195107..dddb1e7a5 100644 --- a/pom.xml +++ b/pom.xml @@ -39,7 +39,7 @@ 11.4.0 4.1.1 6.2.0 - 6.4.3 + 6.4.4 9.2.0 12.0.17 1.18.36 From be202c593b02010cb859d732e1b570374da38a79 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 29 Mar 2025 18:31:33 +0000 Subject: [PATCH 03/12] Bump flyway.version from 11.4.0 to 11.5.0 Bumps `flyway.version` from 11.4.0 to 11.5.0. Updates `org.flywaydb:flyway-mysql` from 11.4.0 to 11.5.0 Updates `org.flywaydb:flyway-maven-plugin` from 11.4.0 to 11.5.0 - [Release notes](https://github.com/flyway/flyway/releases) - [Commits](https://github.com/flyway/flyway/compare/flyway-11.4.0...flyway-11.5.0) --- updated-dependencies: - dependency-name: org.flywaydb:flyway-mysql dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.flywaydb:flyway-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 94b195107..c46e20614 100644 --- a/pom.xml +++ b/pom.xml @@ -36,7 +36,7 @@ UTF-8 3.19.18 - 11.4.0 + 11.5.0 4.1.1 6.2.0 6.4.3 From 1ae5668de3e64bdc363a029694777e9651686cbc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 30 Mar 2025 07:35:54 +0000 Subject: [PATCH 04/12] Bump plugin.license-maven.version from 4.6 to 5.0.0 Bumps `plugin.license-maven.version` from 4.6 to 5.0.0. Updates `com.mycila:license-maven-plugin-git` from 4.6 to 5.0.0 - [Release notes](https://github.com/mathieucarbou/license-maven-plugin/releases) - [Commits](https://github.com/mathieucarbou/license-maven-plugin/compare/license-maven-plugin-4.6...v5.0.0) Updates `com.mycila:license-maven-plugin` from 4.6 to 5.0.0 - [Release notes](https://github.com/mathieucarbou/license-maven-plugin/releases) - [Commits](https://github.com/mathieucarbou/license-maven-plugin/compare/license-maven-plugin-4.6...v5.0.0) --- updated-dependencies: - dependency-name: com.mycila:license-maven-plugin-git dependency-type: direct:production update-type: version-update:semver-major - dependency-name: com.mycila:license-maven-plugin dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e32da0e26..ecd24e292 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 1.18.36 2.18.3 2.0.17 - 4.6 + 5.0.0 jdbc:mysql://${db.ip}:${db.port}/${db.schema}?useSSL=true&serverTimezone=UTC From 8ebde00cf5117500c72929cfabee9189c694d4c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sevket=20G=C3=B6kay?= Date: Thu, 14 Aug 2025 00:14:05 +0200 Subject: [PATCH 05/12] retire ubuntu 20, use ubuntu 24 builds are failing because we use ubuntu-20 but https://github.com/actions/runner-images?tab=readme-ov-file#available-images. --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6241a4d1d..d52ac04a1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,7 +6,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-20.04, ubuntu-22.04 ] + os: [ ubuntu-22.04, ubuntu-24.04 ] java: [ '17', '21' ] db: [ 'mysql:8.0', 'mariadb:10.3', 'mariadb:10.4.30', 'mariadb:10.5.21', 'mariadb:10.6.14' ] runs-on: ${{ matrix.os }} From 2a2d368082d12600e54d8da23f8287d334802a58 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 22:17:54 +0000 Subject: [PATCH 06/12] Bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/main.yml | 2 +- .github/workflows/review.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d52ac04a1..0aa30791e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -21,7 +21,7 @@ jobs: options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Set up Java ${{ matrix.Java }} uses: actions/setup-java@v4 with: diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml index f5bfc91d4..d2a842516 100644 --- a/.github/workflows/review.yml +++ b/.github/workflows/review.yml @@ -5,7 +5,7 @@ jobs: license-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 @@ -21,7 +21,7 @@ jobs: checkstyle: runs-on: 'ubuntu-latest' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: distribution: 'temurin' From d79e651df2fa48d33bab0ea0d62ce30d371e77e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 22:18:14 +0000 Subject: [PATCH 07/12] Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.2 to 5.5 Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.4.2 to 5.5. - [Changelog](https://github.com/apache/httpcomponents-client/blob/master/RELEASE_NOTES.txt) - [Commits](https://github.com/apache/httpcomponents-client/compare/rel/v5.4.2...rel/v5.5) --- updated-dependencies: - dependency-name: org.apache.httpcomponents.client5:httpclient5 dependency-version: '5.5' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 5d473732b..50c95c28c 100644 --- a/pom.xml +++ b/pom.xml @@ -582,7 +582,7 @@ org.apache.httpcomponents.client5 httpclient5 - 5.4.2 + 5.5 jakarta.websocket From 718204cd96b3c1bb24012f6253f9692acdf3a85a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 22:18:27 +0000 Subject: [PATCH 08/12] Bump com.zaxxer:HikariCP from 6.2.1 to 7.0.1 Bumps [com.zaxxer:HikariCP](https://github.com/brettwooldridge/HikariCP) from 6.2.1 to 7.0.1. - [Changelog](https://github.com/brettwooldridge/HikariCP/blob/dev/CHANGES) - [Commits](https://github.com/brettwooldridge/HikariCP/compare/HikariCP-6.2.1...HikariCP-7.0.1) --- updated-dependencies: - dependency-name: com.zaxxer:HikariCP dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 5d473732b..b54fbc24d 100644 --- a/pom.xml +++ b/pom.xml @@ -726,7 +726,7 @@ com.zaxxer HikariCP - 6.2.1 + 7.0.1 org.jooq From 498caf3b8ea237cca1df7314f732202d7fea0440 Mon Sep 17 00:00:00 2001 From: Julien Herr Date: Tue, 19 Aug 2025 00:19:28 +0200 Subject: [PATCH 09/12] fix: update after CodeRabbit review --- .../steve/config/SecurityConfiguration.java | 23 ++--- .../steve/repository/WebUserRepository.java | 4 +- .../impl/WebUserRepositoryImpl.java | 28 ++++--- .../idsg/steve/service/WebUserService.java | 19 ++--- .../web/controller/NoAccessController.java | 7 +- .../web/controller/WebUsersController.java | 84 +++++++++---------- .../rwth/idsg/steve/web/dto/WebUserForm.java | 16 ++-- .../idsg/steve/web/dto/WebUserQueryForm.java | 12 +-- .../WEB-INF/views/data-man/webuserAdd.jsp | 22 ++--- .../views/data-man/webuserApiPassword.jsp | 4 +- .../WEB-INF/views/data-man/webuserDetails.jsp | 38 ++++----- .../views/data-man/webuserPassword.jsp | 6 +- .../WEB-INF/views/data-man/webusers.jsp | 6 +- .../webapp/WEB-INF/views/noAccess.jsp | 8 +- 14 files changed, 128 insertions(+), 149 deletions(-) diff --git a/src/main/java/de/rwth/idsg/steve/config/SecurityConfiguration.java b/src/main/java/de/rwth/idsg/steve/config/SecurityConfiguration.java index 5ec7b5db5..b4e35234a 100644 --- a/src/main/java/de/rwth/idsg/steve/config/SecurityConfiguration.java +++ b/src/main/java/de/rwth/idsg/steve/config/SecurityConfiguration.java @@ -63,7 +63,10 @@ public PasswordEncoder passwordEncoder() { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { final String prefix = CONFIG.getSpringManagerMapping(); - RequestMatcher toOverview = (request) -> request.getParameter("backToOverview") != null; + RequestMatcher toOverview = request -> { + String param = request.getParameter("backToOverview"); + return param != null && !param.isEmpty(); + }; return http .authorizeHttpRequests( @@ -77,9 +80,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .requestMatchers(prefix + "/home").hasAnyAuthority("USER", "ADMIN") // webuser //only allowed to change the own password - .requestMatchers(prefix + "/webusers" + "/password/{name}") + .requestMatchers(prefix + "/webusers/password/{name}") .access(new WebExpressionAuthorizationManager("#name == authentication.name")) - .requestMatchers(prefix + "/webusers" + "/apipassword/{name}") + .requestMatchers(prefix + "/webusers/apipassword/{name}") .access(new WebExpressionAuthorizationManager("#name == authentication.name")) // otherwise denies access on backToOverview! .requestMatchers(toOverview).hasAnyAuthority("USER", "ADMIN") @@ -87,21 +90,21 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .requestMatchers(HttpMethod.POST, prefix + "/webusers/**").hasAuthority("ADMIN") // users .requestMatchers(prefix + "/users").hasAnyAuthority("USER", "ADMIN") - .requestMatchers(prefix + "/users" + "/details/**").hasAnyAuthority("USER", "ADMIN") + .requestMatchers(prefix + "/users/details/**").hasAnyAuthority("USER", "ADMIN") //ocppTags .requestMatchers(prefix + "/ocppTags").hasAnyAuthority("USER", "ADMIN") - .requestMatchers(prefix + "/ocppTags" + "/details/**").hasAnyAuthority("USER", "ADMIN") + .requestMatchers(prefix + "/ocppTags/details/**").hasAnyAuthority("USER", "ADMIN") // chargepoints .requestMatchers(prefix + "/chargepoints").hasAnyAuthority("USER", "ADMIN") - .requestMatchers(prefix + "/chargepoints" + "/details/**").hasAnyAuthority("USER", "ADMIN") + .requestMatchers(prefix + "/chargepoints/details/**").hasAnyAuthority("USER", "ADMIN") // transactions and reservations .requestMatchers(prefix + "/transactions").hasAnyAuthority("USER", "ADMIN") - .requestMatchers(prefix + "/transactions" + "/details/**").hasAnyAuthority("USER", "ADMIN") + .requestMatchers(prefix + "/transactions/details/**").hasAnyAuthority("USER", "ADMIN") .requestMatchers(prefix + "/reservations").hasAnyAuthority("USER", "ADMIN") - .requestMatchers(prefix + "/reservations" + "/**").hasAnyAuthority("ADMIN") + .requestMatchers(prefix + "/reservations/**").hasAnyAuthority("ADMIN") // singout and noAccess - .requestMatchers(prefix + "/signout/" + "**").hasAnyAuthority("USER", "ADMIN") - .requestMatchers(prefix + "/noAccess/" + "**").hasAnyAuthority("USER", "ADMIN") + .requestMatchers(prefix + "/signout/**").hasAnyAuthority("USER", "ADMIN") + .requestMatchers(prefix + "/noAccess/**").hasAnyAuthority("USER", "ADMIN") .requestMatchers(prefix + "/**").hasAuthority("ADMIN") ) // SOAP stations are making POST calls for communication. even though the following path is permitted for diff --git a/src/main/java/de/rwth/idsg/steve/repository/WebUserRepository.java b/src/main/java/de/rwth/idsg/steve/repository/WebUserRepository.java index b323f7216..b871cc191 100644 --- a/src/main/java/de/rwth/idsg/steve/repository/WebUserRepository.java +++ b/src/main/java/de/rwth/idsg/steve/repository/WebUserRepository.java @@ -43,12 +43,12 @@ public interface WebUserRepository { void changePassword(String username, String newPassword); void changePassword(Integer userPk, String newPassword); - + void changeApiPassword(Integer userPk, String newPassword); boolean userExists(String username); - WebUserRecord loadUserByUsePk(Integer webUserPk); + WebUserRecord loadUserByUserPk(Integer webUserPk); WebUserRecord loadUserByUsername(String username); diff --git a/src/main/java/de/rwth/idsg/steve/repository/impl/WebUserRepositoryImpl.java b/src/main/java/de/rwth/idsg/steve/repository/impl/WebUserRepositoryImpl.java index 7fce360db..ca8b0232a 100644 --- a/src/main/java/de/rwth/idsg/steve/repository/impl/WebUserRepositoryImpl.java +++ b/src/main/java/de/rwth/idsg/steve/repository/impl/WebUserRepositoryImpl.java @@ -25,20 +25,22 @@ import lombok.extern.slf4j.Slf4j; import org.jooq.Condition; import org.jooq.DSLContext; +import org.jooq.Field; import org.jooq.JSON; -import org.springframework.stereotype.Repository; - -import static jooq.steve.db.Tables.WEB_USER; import org.jooq.Record4; import org.jooq.Result; import org.jooq.SelectQuery; +import org.jooq.impl.DSL; +import org.jooq.impl.SQLDataType; +import org.springframework.stereotype.Repository; + +import static jooq.steve.db.Tables.WEB_USER; +import static org.jooq.impl.DSL.count; import java.util.Arrays; import java.util.Collections; import java.util.List; - -import static org.jooq.impl.DSL.condition; -import static org.jooq.impl.DSL.count; +import java.util.Objects; /** * @author Sevket Goekay @@ -154,7 +156,7 @@ public WebUserRecord loadUserByUsername(String username) { } @Override - public WebUserRecord loadUserByUsePk(Integer webUserPk) { + public WebUserRecord loadUserByUserPk(Integer webUserPk) { return ctx.selectFrom(WEB_USER) .where(WEB_USER.WEB_USER_PK.eq(webUserPk)) .fetchOne(); @@ -180,7 +182,7 @@ public Result> getOverview(WebUserQueryF } if (form.isSetRoles()) { - String[] split = form.getRoles().split(","); //Semicolon seperated String to StringArray + String[] split = form.getRoles().split(","); // Comma seperated String to StringArray List roles = Arrays.stream(split).map(String::strip).toList(); selectQuery.addConditions(conditionsForAuthorities(roles)); } @@ -190,8 +192,14 @@ public Result> getOverview(WebUserQueryF private static List conditionsForAuthorities(List authorities) { return authorities.stream() - .map(it -> JSON.json("\"" + it + "\"")) - .map(it -> condition("json_contains({0}, {1})", WEB_USER.AUTHORITIES, it)) + .filter(Objects::nonNull) + .filter(it -> !it.trim().isEmpty()) + .map(WebUserRepositoryImpl::jsonQuote) + .map(WEB_USER.AUTHORITIES::contains) .toList(); } + + private static Field jsonQuote(String element) { + return DSL.field("JSON_QUOTE({0})", SQLDataType.JSON, DSL.val(element)); + } } diff --git a/src/main/java/de/rwth/idsg/steve/service/WebUserService.java b/src/main/java/de/rwth/idsg/steve/service/WebUserService.java index 07f8181bc..ccc9be52a 100644 --- a/src/main/java/de/rwth/idsg/steve/service/WebUserService.java +++ b/src/main/java/de/rwth/idsg/steve/service/WebUserService.java @@ -141,9 +141,9 @@ public void changePassword(String oldPassword, String newPassword) { } String username = currentUser.getName(); - webUserRepository.changePassword(username, newPassword); + webUserRepository.changePassword(username, encoder.encode(newPassword)); - Authentication authentication = createNewAuthentication(currentUser, newPassword); + Authentication authentication = createNewAuthentication(currentUser); SecurityContext context = this.securityContextHolderStrategy.createEmptyContext(); context.setAuthentication(authentication); this.securityContextHolderStrategy.setContext(context); @@ -197,7 +197,6 @@ public boolean hasUserWithAuthority(String authority) { return count != null && count > 0; } - // Methods for the website public void add(WebUserForm form) { createUser(toUserDetails(form)); @@ -216,10 +215,10 @@ public void update(WebUserBaseForm form) { public void updatePassword(WebUserForm form) { webUserRepository.changePassword(form.getWebUserPk(), encoder.encode(form.getPassword())); } - + public void updateApiPassword(WebUserForm form) { String newPassword = null; - if (form.getApiPassword() != null) { + if (form.getApiPassword() != null && !form.getApiPassword().isEmpty()) { newPassword = encoder.encode(form.getApiPassword()); } webUserRepository.changeApiPassword(form.getWebUserPk(), newPassword); @@ -237,9 +236,8 @@ public List getOverview(WebUserQueryForm form) { ); } - public WebUserBaseForm getDetails(Integer webUserPk) { - WebUserRecord ur = webUserRepository.loadUserByUsePk(webUserPk); + WebUserRecord ur = webUserRepository.loadUserByUserPk(webUserPk); if (ur == null) { throw new SteveException("There is no user with id '%d'", webUserPk); @@ -252,12 +250,12 @@ public WebUserBaseForm getDetails(Integer webUserPk) { form.setAuthorities(WebUserAuthority.fromJsonValue(ur.getAuthorities())); return form; } - + public WebUserBaseForm getDetails(String webUserName) { WebUserRecord ur = webUserRepository.loadUserByUsername(webUserName); if (ur == null) { - throw new SteveException("There is no user with id '%s'", webUserName); + throw new SteveException("There is no user with username '%s'", webUserName); } WebUserBaseForm form = new WebUserBaseForm(); @@ -309,7 +307,6 @@ private UserDetails toUserDetailsBaseForm(WebUserBaseForm form) { private UserDetails toUserDetails(WebUserForm form) { String encPw = ""; if (form.getPassword() != null) { - //encPw = form.getPassword(); encPw = encoder.encode(form.getPassword()); } return User @@ -364,7 +361,7 @@ private static void validateAuthorities(Collection a /** * Lifted from {@link JdbcUserDetailsManager#createNewAuthentication(Authentication, String)} */ - private Authentication createNewAuthentication(Authentication currentAuth, String newPassword) { + private Authentication createNewAuthentication(Authentication currentAuth) { var user = this.loadUserByUsername(currentAuth.getName()); var newAuthentication = authenticated(user, null, user.getAuthorities()); newAuthentication.setDetails(currentAuth.getDetails()); diff --git a/src/main/java/de/rwth/idsg/steve/web/controller/NoAccessController.java b/src/main/java/de/rwth/idsg/steve/web/controller/NoAccessController.java index 3cecc0906..af8819e96 100644 --- a/src/main/java/de/rwth/idsg/steve/web/controller/NoAccessController.java +++ b/src/main/java/de/rwth/idsg/steve/web/controller/NoAccessController.java @@ -18,13 +18,10 @@ */ package de.rwth.idsg.steve.web.controller; - - import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; - - /** * @author fnkbsi * @since 01.04.2022 @@ -37,7 +34,7 @@ public class NoAccessController { // HTTP methods // ------------------------------------------------------------------------- - @RequestMapping() + @GetMapping() public String accessDenied() { return "noAccess"; } diff --git a/src/main/java/de/rwth/idsg/steve/web/controller/WebUsersController.java b/src/main/java/de/rwth/idsg/steve/web/controller/WebUsersController.java index 17a8c1314..0aeaebfbf 100644 --- a/src/main/java/de/rwth/idsg/steve/web/controller/WebUsersController.java +++ b/src/main/java/de/rwth/idsg/steve/web/controller/WebUsersController.java @@ -18,29 +18,25 @@ */ package de.rwth.idsg.steve.web.controller; - import de.rwth.idsg.steve.service.WebUserService; import de.rwth.idsg.steve.web.dto.WebUserAuthority; import de.rwth.idsg.steve.web.dto.WebUserBaseForm; import de.rwth.idsg.steve.web.dto.WebUserForm; import de.rwth.idsg.steve.web.dto.WebUserQueryForm; -import org.springframework.beans.factory.annotation.Autowired; +import lombok.RequiredArgsConstructor; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.validation.BindingResult; -import org.springframework.web.bind.annotation.ModelAttribute; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.*; import jakarta.validation.Valid; - +@RequiredArgsConstructor @Controller @RequestMapping(value = "/manager/webusers") public class WebUsersController { - @Autowired private WebUserService webUserService; + private final WebUserService webUserService; private static final String PARAMS = "params"; @@ -61,13 +57,13 @@ public class WebUsersController { // HTTP methods // ------------------------------------------------------------------------- - @RequestMapping(method = RequestMethod.GET) + @GetMapping public String getOverview(Model model) { initList(model, new WebUserQueryForm()); return "data-man/webusers"; } - @RequestMapping(value = QUERY_PATH, method = RequestMethod.GET) + @GetMapping(value = QUERY_PATH) public String getQuery(@ModelAttribute(PARAMS) WebUserQueryForm params, Model model) { initList(model, params); return "data-man/webusers"; @@ -78,26 +74,29 @@ private void initList(Model model, WebUserQueryForm params) { model.addAttribute("webuserList", webUserService.getOverview(params)); } - @RequestMapping(value = DETAILS_PATH, method = RequestMethod.GET) + @GetMapping(value = DETAILS_PATH) public String getDetails(@PathVariable("webUserPk") Integer webUserPk, Model model) { WebUserBaseForm form = webUserService.getDetails(webUserPk); model.addAttribute("webuserForm", form); + model.addAttribute("availableAuthorities", WebUserAuthority.values()); return "data-man/webuserDetails"; } - @RequestMapping(value = ADD_PATH, method = RequestMethod.GET) + @GetMapping(value = ADD_PATH) public String addGet(Model model) { WebUserForm webUserForm = new WebUserForm(); webUserForm.setAuthorities(WebUserAuthority.USER); model.addAttribute("webuserForm", webUserForm); + model.addAttribute("availableAuthorities", WebUserAuthority.values()); return "data-man/webuserAdd"; } - @RequestMapping(params = "add", value = ADD_PATH, method = RequestMethod.POST) + @PostMapping(params = "add", value = ADD_PATH) public String addPost(@Valid @ModelAttribute("webuserForm") WebUserForm webuserForm, BindingResult result, Model model) { if (result.hasErrors()) { + model.addAttribute("availableAuthorities", WebUserAuthority.values()); return "data-man/webuserAdd"; } @@ -105,10 +104,11 @@ public String addPost(@Valid @ModelAttribute("webuserForm") WebUserForm webuserF return toOverview(); } - @RequestMapping(params = "update", value = UPDATE_PATH, method = RequestMethod.POST) + @PostMapping(params = "update", value = UPDATE_PATH) public String update(@Valid @ModelAttribute("webuserForm") WebUserBaseForm webuserBaseForm, BindingResult result, Model model) { if (result.hasErrors()) { + model.addAttribute("availableAuthorities", WebUserAuthority.values()); return "data-man/webuserDetails"; } @@ -116,22 +116,26 @@ public String update(@Valid @ModelAttribute("webuserForm") WebUserBaseForm webus return toOverview(); } - @RequestMapping(value = PASSWORD_PATH, method = RequestMethod.GET) + @GetMapping(value = PASSWORD_PATH) public String passwordChangeGet(@PathVariable("webUserName") String webUserName, Model model) { + WebUserBaseForm base = webUserService.getDetails(webUserName); + WebUserForm webUserForm = fromBase(base); + model.addAttribute("webuserForm", webUserForm); + return "data-man/webuserPassword"; + } + + private static WebUserForm fromBase(WebUserBaseForm webUserBaseForm) { WebUserForm webUserForm = new WebUserForm(); - WebUserBaseForm webUserBaseForm = webUserService.getDetails(webUserName); webUserForm.setWebUserPk(webUserBaseForm.getWebUserPk()); webUserForm.setWebUsername(webUserBaseForm.getWebUsername()); webUserForm.setAuthorities(webUserBaseForm.getAuthorities()); webUserForm.setEnabled(webUserBaseForm.getEnabled()); - - model.addAttribute("webuserForm", webUserForm); - return "data-man/webuserPassword"; + return webUserForm; } - @RequestMapping(params = "change", value = PASSWORD_PATH, method = RequestMethod.POST) + @PostMapping(params = "change", value = PASSWORD_PATH) public String passwordChange(@Valid @ModelAttribute("webuserForm") WebUserForm webuserForm, - BindingResult result, Model model) { + BindingResult result) { if (result.hasErrors()) { return "data-man/webuserPassword"; } @@ -140,22 +144,17 @@ public String passwordChange(@Valid @ModelAttribute("webuserForm") WebUserForm w return toDetails(webuserForm.getWebUserPk()); } - @RequestMapping(value = API_PASSWORD_PATH, method = RequestMethod.GET) + @GetMapping(value = API_PASSWORD_PATH) public String apiPasswordChangeGet(@PathVariable("webUserName") String webUserName, Model model) { - WebUserForm webUserForm = new WebUserForm(); - WebUserBaseForm webUserBaseForm = webUserService.getDetails(webUserName); - webUserForm.setWebUserPk(webUserBaseForm.getWebUserPk()); - webUserForm.setWebUsername(webUserBaseForm.getWebUsername()); - webUserForm.setAuthorities(webUserBaseForm.getAuthorities()); - webUserForm.setEnabled(webUserBaseForm.getEnabled()); - + WebUserBaseForm base = webUserService.getDetails(webUserName); + WebUserForm webUserForm = fromBase(base); model.addAttribute("webuserForm", webUserForm); return "data-man/webuserApiPassword"; } - @RequestMapping(params = "change", value = API_PASSWORD_PATH, method = RequestMethod.POST) + @PostMapping(params = "change", value = API_PASSWORD_PATH) public String apiPasswordChange(@Valid @ModelAttribute("webuserForm") WebUserForm webuserForm, - BindingResult result, Model model) { + BindingResult result) { if (result.hasErrors()) { return "data-man/webuserApiPassword"; } @@ -164,7 +163,7 @@ public String apiPasswordChange(@Valid @ModelAttribute("webuserForm") WebUserFor return toDetails(webuserForm.getWebUserPk()); } - @RequestMapping(value = DELETE_PATH, method = RequestMethod.POST) + @PostMapping(value = DELETE_PATH) public String delete(@PathVariable("webUserPk") Integer webUserPk) { webUserService.deleteUser(webUserPk); return toOverview(); @@ -174,34 +173,31 @@ public String delete(@PathVariable("webUserPk") Integer webUserPk) { // Back to Overview // ------------------------------------------------------------------------- - @RequestMapping(params = "backToOverview", value = PASSWORD_PATH, method = RequestMethod.POST) - public String passwordBackToOverview(@Valid @ModelAttribute("webuserForm") WebUserForm webuserForm, - BindingResult result, Model model) { + @PostMapping(params = "backToOverview", value = PASSWORD_PATH) + public String passwordBackToOverview(@Valid @ModelAttribute("webuserForm") WebUserForm webuserForm) { return toDetails(webuserForm.getWebUserPk()); } - @RequestMapping(params = "backToOverview", value = API_PASSWORD_PATH, method = RequestMethod.POST) - public String apiPasswordBackToOverview(@Valid @ModelAttribute("webuserForm") WebUserForm webuserForm, - BindingResult result, Model model) { + @PostMapping(params = "backToOverview", value = API_PASSWORD_PATH) + public String apiPasswordBackToOverview(@Valid @ModelAttribute("webuserForm") WebUserForm webuserForm) { return toDetails(webuserForm.getWebUserPk()); } - @RequestMapping(params = "backToOverview", value = ADD_PATH, method = RequestMethod.POST) + @PostMapping(params = "backToOverview", value = ADD_PATH) public String addBackToOverview() { return toOverview(); } - @RequestMapping(params = "backToOverview", value = UPDATE_PATH, method = RequestMethod.POST) + @PostMapping(params = "backToOverview", value = UPDATE_PATH) public String updateBackToOverview() { return toOverview(); } - private String toOverview() { + private static String toOverview() { return "redirect:/manager/webusers"; } - private String toDetails(Integer userPk) { - String redirect_str = String.format("redirect:/manager/webusers/details/%s", userPk); - return redirect_str; + private static String toDetails(Integer userPk) { + return String.format("redirect:/manager/webusers/details/%s", userPk); } } diff --git a/src/main/java/de/rwth/idsg/steve/web/dto/WebUserForm.java b/src/main/java/de/rwth/idsg/steve/web/dto/WebUserForm.java index d438a7f5e..c53e110dc 100644 --- a/src/main/java/de/rwth/idsg/steve/web/dto/WebUserForm.java +++ b/src/main/java/de/rwth/idsg/steve/web/dto/WebUserForm.java @@ -22,6 +22,7 @@ import jakarta.validation.constraints.NotNull; import jakarta.validation.constraints.Size; import lombok.Getter; +import lombok.Setter; /** @@ -31,6 +32,7 @@ @Getter public class WebUserForm extends WebUserBaseForm { + @Setter @NotNull(message = "Password is required") @Size(min = 8, message = "Password requires 8 or more characters") private String password = ""; @@ -42,21 +44,15 @@ public class WebUserForm extends WebUserBaseForm { @AssertFalse(message = "The repeated password did not match!") private Boolean pwError; + @Setter private String apiPassword = ""; - public void setPassword(String password) { - this.password = password; - } - public void setPasswordComparison(String passwordComparison) { - this.pwError = true; this.passwordComparison = passwordComparison; - if (passwordComparison != null) { + if (passwordComparison == null) { + this.pwError = true; + } else { this.pwError = !passwordComparison.equals(this.password); } } - - public void setApiPassword(String apiPassword) { - this.apiPassword = apiPassword; - } } diff --git a/src/main/java/de/rwth/idsg/steve/web/dto/WebUserQueryForm.java b/src/main/java/de/rwth/idsg/steve/web/dto/WebUserQueryForm.java index 201af530b..f0afb4e40 100644 --- a/src/main/java/de/rwth/idsg/steve/web/dto/WebUserQueryForm.java +++ b/src/main/java/de/rwth/idsg/steve/web/dto/WebUserQueryForm.java @@ -1,6 +1,3 @@ -/* - * SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - * Copyright (C) 2013-2023 SteVe Community Team /* * SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve * Copyright (C) 2013-2024 SteVe Community Team @@ -40,19 +37,14 @@ public class WebUserQueryForm { private String apiToken; public boolean isSetWebUsername() { - return webUsername != null; + return webUsername != null && !webUsername.isBlank(); } public boolean isSetRoles() { - return roles != null; + return roles != null && !roles.isBlank(); } public boolean isSetEnabled() { return enabled != null; } - - public boolean isSetApiKey() { - return apiToken != null; - } - } diff --git a/src/main/resources/webapp/WEB-INF/views/data-man/webuserAdd.jsp b/src/main/resources/webapp/WEB-INF/views/data-man/webuserAdd.jsp index 63f4b1c5b..e76e8cfeb 100644 --- a/src/main/resources/webapp/WEB-INF/views/data-man/webuserAdd.jsp +++ b/src/main/resources/webapp/WEB-INF/views/data-man/webuserAdd.jsp @@ -19,17 +19,12 @@ --%> <%@ include file="../00-header.jsp" %> -
Error while trying to add a webuser:
    -
  • ${error.defaultMessage}
    • +
@@ -45,19 +40,16 @@ Password confirmation: Roles: -
-
+ + + + + Enabled:true - - @@ -66,4 +58,4 @@ -<%@ include file="../00-footer.jsp" %> \ No newline at end of file +<%@ include file="../00-footer.jsp" %> diff --git a/src/main/resources/webapp/WEB-INF/views/data-man/webuserApiPassword.jsp b/src/main/resources/webapp/WEB-INF/views/data-man/webuserApiPassword.jsp index 676ee612e..33be82ba7 100644 --- a/src/main/resources/webapp/WEB-INF/views/data-man/webuserApiPassword.jsp +++ b/src/main/resources/webapp/WEB-INF/views/data-man/webuserApiPassword.jsp @@ -31,7 +31,7 @@
Webuser change password
- + @@ -52,4 +52,4 @@
Webuser
-<%@ include file="../00-footer.jsp" %> \ No newline at end of file +<%@ include file="../00-footer.jsp" %> diff --git a/src/main/resources/webapp/WEB-INF/views/data-man/webuserDetails.jsp b/src/main/resources/webapp/WEB-INF/views/data-man/webuserDetails.jsp index 45e1aa811..81188db72 100644 --- a/src/main/resources/webapp/WEB-INF/views/data-man/webuserDetails.jsp +++ b/src/main/resources/webapp/WEB-INF/views/data-man/webuserDetails.jsp @@ -21,23 +21,23 @@ <%@ include file="../00-header.jsp" %>
- Error while trying to update a charge point: + Error while trying to update a webuser:
    -
  • ${error.defaultMessage}
    • +
Webuser Details
- + - - - + + + diff --git a/src/main/resources/webapp/WEB-INF/views/data-man/webuserPassword.jsp b/src/main/resources/webapp/WEB-INF/views/data-man/webuserPassword.jsp index 33a082a73..f2c872572 100644 --- a/src/main/resources/webapp/WEB-INF/views/data-man/webuserPassword.jsp +++ b/src/main/resources/webapp/WEB-INF/views/data-man/webuserPassword.jsp @@ -31,9 +31,9 @@
Webuser change password
- +
Webuser
Username:${webuserForm.webUsername} - - +
Username: + +
@@ -51,27 +51,27 @@
Roles: - +
Enabled: - + + + +
- - + +
- +
Webuser
Webuser
Webusername:${webuserForm.webUsername} @@ -51,4 +51,4 @@
-<%@ include file="../00-footer.jsp" %> \ No newline at end of file +<%@ include file="../00-footer.jsp" %> diff --git a/src/main/resources/webapp/WEB-INF/views/data-man/webusers.jsp b/src/main/resources/webapp/WEB-INF/views/data-man/webusers.jsp index 7cb03ce34..9fb648900 100644 --- a/src/main/resources/webapp/WEB-INF/views/data-man/webusers.jsp +++ b/src/main/resources/webapp/WEB-INF/views/data-man/webusers.jsp @@ -57,8 +57,8 @@ - ${cr.webUsername} - "${cr.authorities.value}" + + ${cr.authorities.value} ${cr.enabled} @@ -70,4 +70,4 @@ -<%@ include file="../00-footer.jsp" %> \ No newline at end of file +<%@ include file="../00-footer.jsp" %> diff --git a/src/main/resources/webapp/WEB-INF/views/noAccess.jsp b/src/main/resources/webapp/WEB-INF/views/noAccess.jsp index 397bcbbac..184ee16ff 100644 --- a/src/main/resources/webapp/WEB-INF/views/noAccess.jsp +++ b/src/main/resources/webapp/WEB-INF/views/noAccess.jsp @@ -28,14 +28,12 @@ Access denied for the requested page! For further information ask your administrator. info_image - Some information and configuration pages are only accessable for administrators. + Some information and configuration pages are only accessible for administrators. -
- -
+ Home -<%@ include file="00-footer.jsp" %> \ No newline at end of file +<%@ include file="00-footer.jsp" %> From 2edfbeea08527123d45ae19a8dcca4da9b4a3e53 Mon Sep 17 00:00:00 2001 From: Julien Herr Date: Tue, 19 Aug 2025 00:26:34 +0200 Subject: [PATCH 10/12] fix: update licence --- .../de/rwth/idsg/steve/web/controller/NoAccessController.java | 2 +- .../de/rwth/idsg/steve/web/controller/WebUsersController.java | 2 +- src/main/java/de/rwth/idsg/steve/web/dto/WebUserForm.java | 2 +- src/main/java/de/rwth/idsg/steve/web/dto/WebUserQueryForm.java | 2 +- .../resources/webapp/WEB-INF/views/data-man/webuserAdd.jsp | 2 +- .../webapp/WEB-INF/views/data-man/webuserApiPassword.jsp | 2 +- .../resources/webapp/WEB-INF/views/data-man/webuserDetails.jsp | 2 +- .../webapp/WEB-INF/views/data-man/webuserPassword.jsp | 2 +- src/main/resources/webapp/WEB-INF/views/data-man/webusers.jsp | 2 +- src/main/resources/webapp/WEB-INF/views/noAccess.jsp | 3 +-- 10 files changed, 10 insertions(+), 11 deletions(-) diff --git a/src/main/java/de/rwth/idsg/steve/web/controller/NoAccessController.java b/src/main/java/de/rwth/idsg/steve/web/controller/NoAccessController.java index af8819e96..cf754acd5 100644 --- a/src/main/java/de/rwth/idsg/steve/web/controller/NoAccessController.java +++ b/src/main/java/de/rwth/idsg/steve/web/controller/NoAccessController.java @@ -1,6 +1,6 @@ /* * SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - * Copyright (C) 2013-2024 SteVe Community Team + * Copyright (C) 2013-2025 SteVe Community Team * All Rights Reserved. * * This program is free software: you can redistribute it and/or modify diff --git a/src/main/java/de/rwth/idsg/steve/web/controller/WebUsersController.java b/src/main/java/de/rwth/idsg/steve/web/controller/WebUsersController.java index 0aeaebfbf..a24fd964e 100644 --- a/src/main/java/de/rwth/idsg/steve/web/controller/WebUsersController.java +++ b/src/main/java/de/rwth/idsg/steve/web/controller/WebUsersController.java @@ -1,6 +1,6 @@ /* * SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - * Copyright (C) 2013-2024 SteVe Community Team + * Copyright (C) 2013-2025 SteVe Community Team * All Rights Reserved. * * This program is free software: you can redistribute it and/or modify diff --git a/src/main/java/de/rwth/idsg/steve/web/dto/WebUserForm.java b/src/main/java/de/rwth/idsg/steve/web/dto/WebUserForm.java index c53e110dc..3a7653712 100644 --- a/src/main/java/de/rwth/idsg/steve/web/dto/WebUserForm.java +++ b/src/main/java/de/rwth/idsg/steve/web/dto/WebUserForm.java @@ -1,6 +1,6 @@ /* * SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - * Copyright (C) 2013-2024 SteVe Community Team + * Copyright (C) 2013-2025 SteVe Community Team * All Rights Reserved. * * This program is free software: you can redistribute it and/or modify diff --git a/src/main/java/de/rwth/idsg/steve/web/dto/WebUserQueryForm.java b/src/main/java/de/rwth/idsg/steve/web/dto/WebUserQueryForm.java index f0afb4e40..2f1ba5548 100644 --- a/src/main/java/de/rwth/idsg/steve/web/dto/WebUserQueryForm.java +++ b/src/main/java/de/rwth/idsg/steve/web/dto/WebUserQueryForm.java @@ -1,6 +1,6 @@ /* * SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - * Copyright (C) 2013-2024 SteVe Community Team + * Copyright (C) 2013-2025 SteVe Community Team * All Rights Reserved. * * This program is free software: you can redistribute it and/or modify diff --git a/src/main/resources/webapp/WEB-INF/views/data-man/webuserAdd.jsp b/src/main/resources/webapp/WEB-INF/views/data-man/webuserAdd.jsp index e76e8cfeb..5fe857a48 100644 --- a/src/main/resources/webapp/WEB-INF/views/data-man/webuserAdd.jsp +++ b/src/main/resources/webapp/WEB-INF/views/data-man/webuserAdd.jsp @@ -1,7 +1,7 @@ <%-- SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - Copyright (C) 2013-2024 SteVe Community Team + Copyright (C) 2013-2025 SteVe Community Team All Rights Reserved. This program is free software: you can redistribute it and/or modify diff --git a/src/main/resources/webapp/WEB-INF/views/data-man/webuserApiPassword.jsp b/src/main/resources/webapp/WEB-INF/views/data-man/webuserApiPassword.jsp index 33be82ba7..957e84a61 100644 --- a/src/main/resources/webapp/WEB-INF/views/data-man/webuserApiPassword.jsp +++ b/src/main/resources/webapp/WEB-INF/views/data-man/webuserApiPassword.jsp @@ -1,7 +1,7 @@ <%-- SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - Copyright (C) 2013-2024 SteVe Community Team + Copyright (C) 2013-2025 SteVe Community Team All Rights Reserved. This program is free software: you can redistribute it and/or modify diff --git a/src/main/resources/webapp/WEB-INF/views/data-man/webuserDetails.jsp b/src/main/resources/webapp/WEB-INF/views/data-man/webuserDetails.jsp index 81188db72..03bf4ad11 100644 --- a/src/main/resources/webapp/WEB-INF/views/data-man/webuserDetails.jsp +++ b/src/main/resources/webapp/WEB-INF/views/data-man/webuserDetails.jsp @@ -1,7 +1,7 @@ <%-- SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - Copyright (C) 2013-2024 SteVe Community Team + Copyright (C) 2013-2025 SteVe Community Team All Rights Reserved. This program is free software: you can redistribute it and/or modify diff --git a/src/main/resources/webapp/WEB-INF/views/data-man/webuserPassword.jsp b/src/main/resources/webapp/WEB-INF/views/data-man/webuserPassword.jsp index f2c872572..75d5e31af 100644 --- a/src/main/resources/webapp/WEB-INF/views/data-man/webuserPassword.jsp +++ b/src/main/resources/webapp/WEB-INF/views/data-man/webuserPassword.jsp @@ -1,7 +1,7 @@ <%-- SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - Copyright (C) 2013-2024 SteVe Community Team + Copyright (C) 2013-2025 SteVe Community Team All Rights Reserved. This program is free software: you can redistribute it and/or modify diff --git a/src/main/resources/webapp/WEB-INF/views/data-man/webusers.jsp b/src/main/resources/webapp/WEB-INF/views/data-man/webusers.jsp index 9fb648900..be4c04910 100644 --- a/src/main/resources/webapp/WEB-INF/views/data-man/webusers.jsp +++ b/src/main/resources/webapp/WEB-INF/views/data-man/webusers.jsp @@ -1,7 +1,7 @@ <%-- SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - Copyright (C) 2013-2024 SteVe Community Team + Copyright (C) 2013-2025 SteVe Community Team All Rights Reserved. This program is free software: you can redistribute it and/or modify diff --git a/src/main/resources/webapp/WEB-INF/views/noAccess.jsp b/src/main/resources/webapp/WEB-INF/views/noAccess.jsp index 184ee16ff..aa35b582e 100644 --- a/src/main/resources/webapp/WEB-INF/views/noAccess.jsp +++ b/src/main/resources/webapp/WEB-INF/views/noAccess.jsp @@ -1,7 +1,7 @@ <%-- SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - Copyright (C) 2013-2024 SteVe Community Team + Copyright (C) 2013-2025 SteVe Community Team All Rights Reserved. This program is free software: you can redistribute it and/or modify @@ -18,7 +18,6 @@ along with this program. If not, see . --%> - <%@ include file="00-header.jsp" %> <%@ include file="00-context.jsp" %> From 3a7b3446265660f91f41f90f897021099fd8769d Mon Sep 17 00:00:00 2001 From: Julien Herr Date: Tue, 19 Aug 2025 01:14:26 +0200 Subject: [PATCH 11/12] fix: json array elements may have different sort --- .../idsg/steve/web/dto/WebUserAuthority.java | 61 ++++++++++++------- 1 file changed, 40 insertions(+), 21 deletions(-) diff --git a/src/main/java/de/rwth/idsg/steve/web/dto/WebUserAuthority.java b/src/main/java/de/rwth/idsg/steve/web/dto/WebUserAuthority.java index 0682a4c6b..ff99a84a0 100644 --- a/src/main/java/de/rwth/idsg/steve/web/dto/WebUserAuthority.java +++ b/src/main/java/de/rwth/idsg/steve/web/dto/WebUserAuthority.java @@ -1,6 +1,6 @@ /* * SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - * Copyright (C) 2013-2024 SteVe Community Team + * Copyright (C) 2013-2025 SteVe Community Team * All Rights Reserved. * * This program is free software: you can redistribute it and/or modify @@ -18,35 +18,54 @@ */ package de.rwth.idsg.steve.web.dto; -import org.jooq.JSON; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; import lombok.Getter; -import lombok.RequiredArgsConstructor; +import org.jooq.JSON; +import java.util.Arrays; +import java.util.HashSet; +import java.util.List; +import java.util.Set; -@RequiredArgsConstructor public enum WebUserAuthority { - USER(JSON.json("[\"USER\"]"), "USER"), - ADMIN(JSON.json("[\"ADMIN\"]"), "ADMIN"), - USER_ADMIN(JSON.json("[\"ADMIN\",\"USER\"]"), "USER, ADMIN"); + USER("USER"), + ADMIN("ADMIN"), + USER_ADMIN("USER", "ADMIN"); - @Getter private final JSON jsonValue; - @Getter private final String value; + private static final ObjectMapper MAPPER = new ObjectMapper(); - public static WebUserAuthority fromJsonValue(JSON v) { - for (WebUserAuthority c: WebUserAuthority.values()) { - if (c.jsonValue.equals(v)) { - return c; - } + private final Set values; + @Getter + private final JSON jsonValue; + + WebUserAuthority(String... values) { + if (values == null || values.length == 0) { + throw new IllegalArgumentException("JSON values must not be null or empty"); } - throw new IllegalArgumentException(v.toString()); + this.values = new HashSet<>(Arrays.asList(values)); + this.jsonValue = this.values.stream().map(v -> "\"" + v + "\"") + .reduce((a, b) -> a + ", " + b) + .map(s -> JSON.json("[" + s + "]")) + .orElseThrow(() -> new IllegalArgumentException("Failed to create JSON value")); } - public static WebUserAuthority fromValue(String v) { - for (WebUserAuthority c: WebUserAuthority.values()) { - if (c.value.equals(v)) { - return c; - } + // For jsp + public String getValue() { + return String.join(", ", values); + } + + public static WebUserAuthority fromJsonValue(JSON v) { + try { + List values = Arrays.asList(MAPPER.readValue(v.data(), String[].class)); + for (WebUserAuthority c: WebUserAuthority.values()) { + if (c.values.containsAll(values)) { + return c; + } + } + throw new IllegalArgumentException(v.toString()); + } catch (JsonProcessingException e) { + throw new IllegalArgumentException(v.toString()); } - throw new IllegalArgumentException(v); } } From a845ce986d708d365aac3313dee664d5af88cf5a Mon Sep 17 00:00:00 2001 From: Julien Herr Date: Tue, 19 Aug 2025 01:33:18 +0200 Subject: [PATCH 12/12] fix: update after Copilot review --- .../java/de/rwth/idsg/steve/service/WebUserService.java | 1 - .../de/rwth/idsg/steve/service/dto/WebUserOverview.java | 2 +- .../idsg/steve/web/controller/NoAccessController.java | 2 +- .../idsg/steve/web/controller/WebUsersController.java | 8 ++++++-- .../java/de/rwth/idsg/steve/web/dto/WebUserBaseForm.java | 2 +- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/main/java/de/rwth/idsg/steve/service/WebUserService.java b/src/main/java/de/rwth/idsg/steve/service/WebUserService.java index ccc9be52a..55474560f 100644 --- a/src/main/java/de/rwth/idsg/steve/service/WebUserService.java +++ b/src/main/java/de/rwth/idsg/steve/service/WebUserService.java @@ -230,7 +230,6 @@ public List getOverview(WebUserQueryForm form) { .webUserPk(r.value1()) .webUsername(r.value2()) .enabled(r.value3()) - //.authorities(fromJsonToString(r.value4())) .authorities(WebUserAuthority.fromJsonValue(r.value4())) .build() ); diff --git a/src/main/java/de/rwth/idsg/steve/service/dto/WebUserOverview.java b/src/main/java/de/rwth/idsg/steve/service/dto/WebUserOverview.java index be8c4db94..7d2ba115d 100644 --- a/src/main/java/de/rwth/idsg/steve/service/dto/WebUserOverview.java +++ b/src/main/java/de/rwth/idsg/steve/service/dto/WebUserOverview.java @@ -1,6 +1,6 @@ /* * SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - * Copyright (C) 2013-2024 SteVe Community Team + * Copyright (C) 2013-2025 SteVe Community Team * All Rights Reserved. * * This program is free software: you can redistribute it and/or modify diff --git a/src/main/java/de/rwth/idsg/steve/web/controller/NoAccessController.java b/src/main/java/de/rwth/idsg/steve/web/controller/NoAccessController.java index cf754acd5..3fa4481bb 100644 --- a/src/main/java/de/rwth/idsg/steve/web/controller/NoAccessController.java +++ b/src/main/java/de/rwth/idsg/steve/web/controller/NoAccessController.java @@ -22,7 +22,7 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; - /** +/** * @author fnkbsi * @since 01.04.2022 */ diff --git a/src/main/java/de/rwth/idsg/steve/web/controller/WebUsersController.java b/src/main/java/de/rwth/idsg/steve/web/controller/WebUsersController.java index a24fd964e..7ac10e435 100644 --- a/src/main/java/de/rwth/idsg/steve/web/controller/WebUsersController.java +++ b/src/main/java/de/rwth/idsg/steve/web/controller/WebUsersController.java @@ -27,7 +27,11 @@ import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.validation.BindingResult; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.ModelAttribute; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; import jakarta.validation.Valid; @@ -198,6 +202,6 @@ private static String toOverview() { } private static String toDetails(Integer userPk) { - return String.format("redirect:/manager/webusers/details/%s", userPk); + return String.format("redirect:/manager/webusers/details/%s", userPk); } } diff --git a/src/main/java/de/rwth/idsg/steve/web/dto/WebUserBaseForm.java b/src/main/java/de/rwth/idsg/steve/web/dto/WebUserBaseForm.java index e1330cec8..7fbaa8bb8 100644 --- a/src/main/java/de/rwth/idsg/steve/web/dto/WebUserBaseForm.java +++ b/src/main/java/de/rwth/idsg/steve/web/dto/WebUserBaseForm.java @@ -1,6 +1,6 @@ /* * SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve - * Copyright (C) 2013-2024 SteVe Community Team + * Copyright (C) 2013-2025 SteVe Community Team * All Rights Reserved. * * This program is free software: you can redistribute it and/or modify