User Authentication and Survey Closure Mechanism related to issue #19 and issue #10

[adhambadawi]

1. User Registration and Login:

   • Registration Page (register.html): Created a form for new users to sign up.
   • Login Page (login.html): Developed a custom login form for user authentication.

2. Password Security:

   • BCrypt Password Encoder: Used to hash passwords before storing them in the database.

3. SecurityConfig Class:

   • Configured authentication and authorization rules.
   • Defined which endpoints are publicly accessible and which require authentication.
   • Implemented a CustomUserDetailsService to load user-specific data during authentication.

4. CSRF Protection:

   • Ensured all forms include CSRF tokens to protect against cross-site request forgery attacks.

5. Roles and Permissions:

   • Assigned a default role of ROLE_USER to all authenticated users.
   • Restricted access to survey creation and closure endpoints to users with ROLE_USER.

6. Survey Status Update:

   • isClosed Field in Survey Entity: Added a boolean field to track the survey's status.
   • Close Survey Endpoint: Implemented a POST endpoint (/survey/{id}/close) to allow authenticated survey creators to close their surveys.
   • Authorization Checks: Ensured only the survey creator can close their survey by verifying the user's identity.

7. Access Control for Participants: Participation Flow Adjustment:

   • Modified the participation endpoint to check if a survey is closed.
   • Redirected users to a surveyClosed.html page if they attempt to access a closed survey.

8. User Interface Enhancements:

   • Close Survey Button: Added a button on the survey details page (surveyDetails.html) for creators to close their survey.
   • Included CSRF tokens in the form for security.
   • Survey Status Display: Displayed the survey's status (Open or Closed) on the survey details and listing pages.

[AliEl-Khatib]

Looks good. Covers all login and registration needed.