search

Aalto-ng / PayCraft-Backend

This repository contains the server-side code for PayCraft, built using Java 17 and SpringBoot 3.3. It provides endpoints with which the client can interact.
0 stars 0 forks source link

Login Issue #21

Closed 3akare closed 1 week ago

3akare commented 1 week ago

Summary: The branch you created for the application has four issues that need to be addressed for proper functionality with the client-side:

  1. CORS Error: The current configuration doesn't work. If setAllowCredentials(true) is used, the allowedOrigin must be an exact client-side URL.

    // SecurityConfig.java
@Bean
public UrlBasedCorsConfigurationSource corsConfigurationSource() {
   CorsConfiguration configuration = new CorsConfiguration();
   configuration.addAllowedOrigin("http://client-side-url"); // This fixes the issue
   configuration.addAllowedMethod("*"); // Allows all methods
   configuration.addAllowedHeader("*"); // Allows all headers.
   configuration.setAllowCredentials(true);

   UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
   source.registerCorsConfiguration("/**", configuration);
   return source;
}

  2. Password Encryption: During user onboarding, the password isn't being encrypted, so during login, the passwords will never match.

    // CreateAccountServiceImpl.java
@Override
public DefaultApiResponse<UserAccountDto> createUserAccount(CreateAccountDto request) {
   DefaultApiResponse<UserAccountDto> response = new DefaultApiResponse<>();
   UserAccount userAccount = UserAccountMapper.mapToUserAccount(new UserAccount(), extractUserAccount(request));
   verifyRecord(userAccount);
   userAccount.setPassword(passwordEncoder.encode(request.getPassword())); // This solution resolves the issue
}

  3. Dependency Error: When attempting to run the app, I encountered this runtime error:

    An error occurred while performing authentication for USER bakaredavid009@gmail.com: Unable to load class named [io.jsonwebtoken.impl.DefaultJwtBuilder] from the thread context, current, or system/application ClassLoaders. All heuristics have been exhausted. Class could not be found. Have you remembered to include the jjwt-impl.jar in your runtime classpath?

    The solution (according to ChatGPT) is to add the following dependencies in the pom.xml file:

    // pom.xml
<dependency>
   <groupId>io.jsonwebtoken</groupId>
   <artifactId>jjwt-api</artifactId>
   <version>0.12.5</version>
</dependency>
<dependency>
   <groupId>io.jsonwebtoken</groupId>
   <artifactId>jjwt-impl</artifactId>
   <version>0.12.5</version>
</dependency>
<dependency>
   <groupId>io.jsonwebtoken</groupId>
   <artifactId>jjwt-jackson</artifactId> <!-- for JSON serialization/deserialization -->
   <version>0.12.5</version>
</dependency>

    Use version 0.12.5 for everything, as using a lower version could cause issues with the JWT service configuration.

  4. Tokens: Lastly, there is an issue when generating tokens. The error seems to be coming from this function: 

    private @NotNull AccessAndRefreshToken getGenerateAccessTokenAndRefreshToken(UserAccount user) // AuthenticationServiceImpl.java, line 138
devhnry commented 1 week ago

Will Look into it.