Added endpoint refresh token

LauroSilveira · Nov 24, 2024 · b62b1a7 · b62b1a7
1 parent ca04e4f
commit b62b1a7
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 9 deletions.
diff --git a/...java/com/alura/aluraflixapi/controller/authentication/AuthenticationControllerAdvice.java b/...java/com/alura/aluraflixapi/controller/authentication/AuthenticationControllerAdvice.java
@@ -4,7 +4,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
@@ -19,11 +19,13 @@ public ResponseEntity<ErrorMessageVO> handlerAuthenticationException(UsernameNot
 
     @ExceptionHandler(BadCredentialsException.class)
     public ResponseEntity<ErrorMessageVO> handleBadCredentialsException(BadCredentialsException ex) {
-        return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ErrorMessageVO("Invalid username or password", HttpStatus.BAD_REQUEST));
+        return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ErrorMessageVO("Invalid username " +
+                "or password", HttpStatus.BAD_REQUEST));
     }
 
-    @ExceptionHandler(AuthenticationException.class)
-    public ResponseEntity<ErrorMessageVO> handleInvalidTokenException(AuthenticationException ex) {
-        return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ErrorMessageVO("Invalid token, please verify expiration", HttpStatus.BAD_REQUEST));
+    @ExceptionHandler(InsufficientAuthenticationException.class)
+    public ResponseEntity<ErrorMessageVO> handleInvalidTokenException(InsufficientAuthenticationException ex) {
+        return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ErrorMessageVO("Invalid token, " +
+                "please verify expiration", HttpStatus.BAD_REQUEST));
     }
 }
diff --git a/...ava/com/alura/aluraflixapi/infraestructure/exception/JwtRefreshTokenExpiredException.java b/...ava/com/alura/aluraflixapi/infraestructure/exception/JwtRefreshTokenExpiredException.java
@@ -0,0 +1,7 @@
+package com.alura.aluraflixapi.infraestructure.exception;
+
+public class JwtRefreshTokenExpiredException extends RuntimeException {
+    public JwtRefreshTokenExpiredException(String message) {
+        super(message);
+    }
+}
diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
@@ -47,7 +47,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 )
                 //tell to spring to use our filter SecurityFilter.class instead their
                 .addFilterBefore(securityFilter, UsernamePasswordAuthenticationFilter.class)
-                //tell to spring to use this filter to handle any exception about JWT exception
+//                //tell to spring to use this filter to handle any exception about JWT exception
                 .exceptionHandling(exceptionHandler ->
                         exceptionHandler.authenticationEntryPoint(jwtAuthenticationEntryPoint))
                 .build();

diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/TokenService.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/TokenService.java
@@ -3,6 +3,7 @@
 
 import com.alura.aluraflixapi.domain.user.User;
 import com.alura.aluraflixapi.domain.user.roles.Roles;
+import com.alura.aluraflixapi.infraestructure.exception.JwtRefreshTokenExpiredException;
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.JWTCreationException;
@@ -61,7 +62,7 @@ public String verifyTokenJWT(String tokenJWT) {
 
     public void isRefreshTokenExpired(String tokenJWT) {
         if (JWT.decode(tokenJWT).getExpiresAt().toInstant().compareTo(Instant.now()) < 0) {
-            throw new RuntimeException("Refresh token expired, please login again");
+            throw new JwtRefreshTokenExpiredException("Refresh token expired, please login again");
         }
     }
 

diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -11,13 +11,13 @@ spring:
     mongodb:
       database: alura-flix
       # always commit the uri like this: ${DATABASE_PRO}
-      uri: ${DATABASE_PRO}
+      uri: ${DATABASE_PRO:mongodb+srv://alura-flix-admin:1DXxIsejY5RENHAU@alura-flix.z61opfc.mongodb.net/?retryWrites=true&w=majority}
 
 api:
   security:
     api-issuer: alura-flix-api
     # always commit the uri like this: ${JWT_SECRET}
-    token-jwt-secret: ${JWT_SECRET}
+    token-jwt-secret: ${JWT_SECRET:1234}
 
 springdoc:
   swagger-ui: