Markellowww
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/main/java/com/markelloww/projectmanagement/config/WebSecurityConfig.java‎
Lines changed: 27 additions & 15 deletions b/‎src/main/java/com/markelloww/projectmanagement/config/WebSecurityConfig.java‎
Lines changed: 27 additions & 15 deletions
diff --git a/‎src/main/java/com/markelloww/projectmanagement/controller/AuthController.java‎
Lines changed: 6 additions & 8 deletions b/‎src/main/java/com/markelloww/projectmanagement/controller/AuthController.java‎
Lines changed: 6 additions & 8 deletions
diff --git a/‎src/main/java/com/markelloww/projectmanagement/controller/ProfileController.java‎
Lines changed: 45 additions & 24 deletions b/‎src/main/java/com/markelloww/projectmanagement/controller/ProfileController.java‎
Lines changed: 45 additions & 24 deletions
diff --git a/‎src/main/java/com/markelloww/projectmanagement/controller/ProjectController.java‎
Lines changed: 5 additions & 8 deletions b/‎src/main/java/com/markelloww/projectmanagement/controller/ProjectController.java‎
Lines changed: 5 additions & 8 deletions
diff --git a/‎src/main/java/com/markelloww/projectmanagement/controller/TaskController.java‎
Lines changed: 6 additions & 8 deletions b/‎src/main/java/com/markelloww/projectmanagement/controller/TaskController.java‎
Lines changed: 6 additions & 8 deletions
diff --git a/‎src/main/java/com/markelloww/projectmanagement/controller/TeamController.java‎
Lines changed: 5 additions & 9 deletions b/‎src/main/java/com/markelloww/projectmanagement/controller/TeamController.java‎
Lines changed: 5 additions & 9 deletions
diff --git a/‎src/main/java/com/markelloww/projectmanagement/model/Project.java‎
Lines changed: 0 additions & 4 deletions b/‎src/main/java/com/markelloww/projectmanagement/model/Project.java‎
Lines changed: 0 additions & 4 deletions
@@ -3,6 +3,7 @@ target/
 !.mvn/wrapper/maven-wrapper.jar
 !**/src/main/**/target/
 !**/src/test/**/target/
+/src/main/resources/application.properties
 
 ### IntelliJ IDEA ###
 .idea/
 
@@ -6,51 +6,63 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 
-/**
- * @Author: Markelloww
- */
-
 @Configuration
 @EnableWebSecurity
 @RequiredArgsConstructor
 public class WebSecurityConfig {
+    public static final String LOGIN_ENDPOINT = "/login";
+    public static final String LOGOUT_ENDPOINT = "/logout";
+    public static final String REG_ENDPOINT = "/reg";
+
     private final NewUserDetailsService userDetailsService;
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
-                .authorizeHttpRequests((requests) -> requests
-                        .requestMatchers("/login", "/reg", "/css/auth.css").permitAll()
+                .headers(headers -> headers
+                        .contentSecurityPolicy(csp -> csp
+                                .policyDirectives("default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'")
+                        )
+                        .frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)
+                )
+                .sessionManagement(session -> session
+                        .sessionFixation().migrateSession()
+                        .maximumSessions(1)
+                        .expiredUrl(LOGIN_ENDPOINT + "?expired")
+                )
+                .authorizeHttpRequests(requests -> requests
+                        .requestMatchers(LOGIN_ENDPOINT, REG_ENDPOINT, "/css/auth.css").permitAll()
                         .anyRequest().authenticated()
                 )
                 .userDetailsService(userDetailsService)
-                .formLogin((form) -> form
-                        .loginPage("/login")
-                        .loginProcessingUrl("/login")
+                .formLogin(form -> form
+                        .loginPage(LOGIN_ENDPOINT)
+                        .loginProcessingUrl(LOGIN_ENDPOINT)
                         .defaultSuccessUrl("/", true)
                         .permitAll()
                 )
-                .logout((logout) -> logout
-                        .logoutUrl("/logout")
-                        .logoutSuccessUrl("/login")
+                .logout(logout -> logout
+                        .logoutUrl(LOGOUT_ENDPOINT)
+                        .logoutSuccessUrl(LOGIN_ENDPOINT)
                         .invalidateHttpSession(true)
                         .deleteCookies("JSESSIONID")
                         .permitAll()
                 )
-                .exceptionHandling((exception) -> exception
-                        .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
+                .exceptionHandling(exception -> exception
+                        .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint(LOGIN_ENDPOINT))
                 );
 
         return http.build();
     }
 
     @Bean
     public PasswordEncoder passwordEncoder() {
-        return new BCryptPasswordEncoder();
+        return new BCryptPasswordEncoder(12);
     }
 }
@@ -12,29 +12,27 @@
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 
-/**
- * @Author: Markelloww
- */
-
 @Controller
 @RequiredArgsConstructor
 public class AuthController {
+    public static final String ERROR = "error";
+
     private final UserRepository userRepository;
     private final PasswordEncoder passwordEncoder;
 
     @GetMapping("/login")
-    public String loginPage(@RequestParam(value = "error", required = false) String error,
+    public String loginPage(@RequestParam(value = ERROR, required = false) String error,
                             Model model) {
         if (error != null) {
-            model.addAttribute("error", "Неверный e-mail или пароль");
+            model.addAttribute(ERROR, "Неверный e-mail или пароль");
         }
         return "login";
     }
 
     @GetMapping("/reg")
     public String regPage(@RequestParam(value = "msg", required = false) String error, Model model) {
         if (error != null) {
-            model.addAttribute("error", "Пользователь с таким e-mail уже зарегистрирован!");
+            model.addAttribute(ERROR, "Пользователь с таким e-mail уже зарегистрирован!");
         }
         return "reg";
     }
@@ -47,7 +45,7 @@ public String regUser(@RequestParam("username") String username,
                                @RequestParam("lastname") String lastname,
                                RedirectAttributes redirectAttributes) {
         if (userRepository.findByEmail(username).isPresent()) {
-            redirectAttributes.addAttribute("msg", "error");
+            redirectAttributes.addAttribute("msg", ERROR);
             return "redirect:/reg";
         }
 
 
@@ -4,7 +4,6 @@
 import com.markelloww.projectmanagement.repository.UserRepository;
 import com.markelloww.projectmanagement.service.UserService;
 import lombok.RequiredArgsConstructor;
-import org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -15,17 +14,14 @@
 
 import java.security.Principal;
 
-/**
- * @Author: Markelloww
- */
-
 @Controller
 @RequiredArgsConstructor
 public class ProfileController {
+    public static final String ERROR = "error";
+    public static final String REDIRECT_PROFILE = "redirect:/profile";
     private final UserService userService;
     private final PasswordEncoder passwordEncoder;
     private final UserRepository userRepository;
-    private final DataSourceTransactionManagerAutoConfiguration dataSourceTransactionManagerAutoConfiguration;
 
     @GetMapping("/profile")
     public String profilePage(Model model, Principal principal) {
@@ -44,28 +40,53 @@ public String updateProfile(
             Principal principal,
             RedirectAttributes redirectAttributes) {
         User user = userService.getUserByEmail(principal.getName());
-        if (!passwordEncoder.matches(currentPassword, user.getPassword())) {
-            redirectAttributes.addFlashAttribute("error", "Введен неверный пароль");
-            return "redirect:/profile";
-        }
-        if (!email.equalsIgnoreCase(user.getEmail())) {
-            if (userRepository.existsByEmail(email.toLowerCase())) {
-                redirectAttributes.addFlashAttribute("error", "Такой e-mail уже занят");
-                return "redirect:/profile";
-            }
-            user.setEmail(email);
+
+        if (!hasValidationErrors(user, email, newPassword, confirmPassword, currentPassword, redirectAttributes)) {
+            updateUser(user, email, firstname, lastname, newPassword);
+            redirectAttributes.addFlashAttribute("success", "Профиль успешно обновлен");
         }
+
+        return REDIRECT_PROFILE;
+    }
+
+    private void updateUser(User user, String email, String firstname,
+                            String lastname, String newPassword) {
+        user.setEmail(email);
+        user.setFirstname(firstname);
+        user.setLastname(lastname);
+
         if (newPassword != null && !newPassword.isEmpty()) {
-            if (!newPassword.equals(confirmPassword)) {
-                redirectAttributes.addFlashAttribute("error", "Новый пароль и подтверждение не совпадают");
-                return "redirect:/profile";
-            }
             user.setPassword(passwordEncoder.encode(newPassword));
         }
-        user.setFirstname(firstname);
-        user.setLastname(lastname);
+
         userRepository.save(user);
-        redirectAttributes.addFlashAttribute("success", "Профиль успешно обновлен");
-        return "redirect:/profile";
     }
+
+    private boolean hasValidationErrors(User user, String email, String newPassword,
+                                        String confirmPassword, String currentPassword,
+                                        RedirectAttributes redirectAttributes) {
+        if (!passwordEncoder.matches(currentPassword, user.getPassword())) {
+            redirectAttributes.addFlashAttribute(ERROR, "Введен неверный пароль");
+            return true;
+        }
+
+        if (!email.equalsIgnoreCase(user.getEmail()) &&
+                userRepository.existsByEmail(email.toLowerCase())) {
+            redirectAttributes.addFlashAttribute(ERROR, "Такой e-mail уже занят");
+            return true;
+        }
+
+        if (newPassword != null && !newPassword.isEmpty()) {
+            redirectAttributes.addFlashAttribute(ERROR, "Пароль не может быть пустым");
+            return true;
+        }
+
+        if (newPassword != null && !newPassword.equals(confirmPassword)) {
+            redirectAttributes.addFlashAttribute(ERROR, "Новый пароль и подтверждение не совпадают");
+            return true;
+        }
+
+        return false;
+    }
+
 }
@@ -12,20 +12,17 @@
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;
 
-/**
- * @Author: Markelloww
- */
-
 @Controller
 @RequiredArgsConstructor
 @RequestMapping("/team/{teamId}/project")
 public class ProjectController {
+    public static final String REDIRECT = "redirect:/";
+
     private final TeamService teamService;
     private final ProjectService projectService;
     private final DateTimeFormatter formatter = DateTimeFormatter.ofPattern("dd.MM.yyyy");
     private final TaskStatusService taskStatusService;
     private final TaskService taskService;
-    private final UserService userService;
 
 
     @GetMapping("/{projectId}")
@@ -34,7 +31,7 @@ public String projectInfo(@PathVariable Long projectId,
                               Principal principal,
                               Model model) {
         if (!teamService.checkUser(teamId, principal.getName())) {
-            return "redirect:/";
+            return REDIRECT;
         }
 
         Project project = projectService.getProjectById(projectId);
@@ -58,7 +55,7 @@ public String projectInfo(@PathVariable Long projectId,
     @GetMapping("/new")
     public String showProjectCreate(@PathVariable Long teamId, Model model, Principal principal) {
         if (!teamService.checkUser(teamId, principal.getName())) {
-            return "redirect:/";
+            return REDIRECT;
         }
         model.addAttribute("team", teamService.getTeamById(teamId));
         return "project-new";
@@ -67,7 +64,7 @@ public String showProjectCreate(@PathVariable Long teamId, Model model, Principa
     @PostMapping("/new")
     public String createProject(@PathVariable Long teamId, Project project, Principal principal) {
         if (!teamService.checkUser(teamId, principal.getName())) {
-            return "redirect:/";
+            return REDIRECT;
         }
         projectService.createProject(project, teamId, principal);
         return "redirect:/team/" + teamId;
 
@@ -1,6 +1,5 @@
 package com.markelloww.projectmanagement.controller;
 
-import com.markelloww.projectmanagement.model.Project;
 import com.markelloww.projectmanagement.model.Task;
 import com.markelloww.projectmanagement.service.ProjectService;
 import com.markelloww.projectmanagement.service.TaskService;
@@ -11,14 +10,13 @@
 
 import java.security.Principal;
 
-/**
- * @Author: Markelloww
- */
-
 @Controller
 @RequiredArgsConstructor
 @RequestMapping("/team/{teamId}/project/{projectId}/task")
 public class TaskController {
+    public static final String REDIRECT_TEAM = "redirect:/team/";
+    public static final String PROJECT = "/project/";
+
     private final TaskService taskService;
     private final ProjectService projectService;
 
@@ -33,20 +31,20 @@ public String showCreateTask(@PathVariable Long projectId, @PathVariable Long te
     public String createTask(@PathVariable Long projectId, @PathVariable Long teamId,
                              Task task, Principal principal) {
         taskService.createTask(task, projectId, principal.getName());
-        return "redirect:/team/" + teamId + "/project/" + projectId;
+        return REDIRECT_TEAM + teamId + PROJECT + projectId;
     }
 
     @PostMapping("/update")
     public String updateTaskStatus(@PathVariable Long teamId, @PathVariable Long projectId,
                                    @RequestParam Long taskId, @RequestParam Long statusId ) {
         taskService.updateStatus(taskId, statusId);
-        return "redirect:/team/" + teamId + "/project/" + projectId;
+        return REDIRECT_TEAM + teamId + PROJECT + projectId;
     }
 
     @PostMapping("/delete")
     public String deleteTask(@PathVariable Long teamId, @PathVariable Long projectId, Principal principal,
                              @RequestParam Long taskId) {
         taskService.deleteTask(taskService.getTaskById(taskId), principal.getName());
-        return "redirect:/team/" + teamId + "/project/" + projectId;
+        return REDIRECT_TEAM + teamId + PROJECT + projectId;
     }
 }
@@ -2,11 +2,9 @@
 
 import com.markelloww.projectmanagement.model.Team;
 import com.markelloww.projectmanagement.model.User;
-import com.markelloww.projectmanagement.repository.UserRepository;
 import com.markelloww.projectmanagement.service.TeamService;
 import com.markelloww.projectmanagement.service.UserService;
 import lombok.RequiredArgsConstructor;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 
@@ -16,13 +14,11 @@
 
 import java.security.Principal;
 
-/**
- * @Author: Markelloww
- */
-
 @Controller
 @RequiredArgsConstructor
 public class TeamController {
+    public static final String REDIRECT_TEAM = "redirect:/team/";
+
     private final UserService userService;
     private final TeamService teamService;
 
@@ -67,18 +63,18 @@ public String deleteTeam(@PathVariable Long teamId, Principal principal) {
     @PostMapping("/team/{teamId}/join")
     public String joinTeam(@PathVariable Long teamId, Principal principal) {
         teamService.joinTeam(teamId, userService.getUserByEmail(principal.getName()));
-        return "redirect:/team/" + teamId;
+        return REDIRECT_TEAM + teamId;
     }
 
     @PostMapping("/team/{teamId}/leave")
     public String leaveTeam(@PathVariable Long teamId, Principal principal) {
         teamService.leaveTeam(teamId, userService.getUserByEmail(principal.getName()));
-        return "redirect:/team/" + teamId;
+        return REDIRECT_TEAM + teamId;
     }
 
     @PostMapping("/team/{teamId}/kick/{userId}")
     public String removeMember(@PathVariable Long teamId, @PathVariable Long userId) {
         teamService.leaveTeam(teamId, userService.getUserById(userId));
-        return "redirect:/team/" + teamId;
+        return REDIRECT_TEAM + teamId;
     }
 }
@@ -7,10 +7,6 @@
 import java.util.HashSet;
 import java.util.Set;
 
-/**
- * @Author: Markelloww
- */
-
 @Entity
 @Table(name = "projects")
 @Data