Merge branch 'master' into chiarasWork

chia030 · Jun 2, 2021 · 6804bb2 · 6804bb2
2 parents 074486a + 3ca7ece
commit 6804bb2
Show file tree

Hide file tree

Showing 11 changed files with 221 additions and 66 deletions.
diff --git a/src/main/java/com/cpd/coronapreventiondivision/AppConfig.java b/src/main/java/com/cpd/coronapreventiondivision/AppConfig.java
@@ -1,40 +1,77 @@
 package com.cpd.coronapreventiondivision;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
+import javax.sql.DataSource;
 import java.util.Arrays;
 
 
 @Configuration
 @EnableWebSecurity
 public class AppConfig extends WebSecurityConfigurerAdapter {
 
+    //This allows only specific pages to be accessed without logging in
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.ignoring().antMatchers("/");
+        web.ignoring().antMatchers("/test");
+        web.ignoring().antMatchers("/vaccine");
+        web.ignoring().antMatchers("/email-verification");
+        web.ignoring().antMatchers("/confirm-booking");
+        web.ignoring().antMatchers("/get-google-maps-link");
+        web.ignoring().antMatchers("/get-available-times");
+        web.ignoring().antMatchers("/get-available-days");
+        web.ignoring().antMatchers("/get-center-appointments");
+        web.ignoring().antMatchers("/update-appointment-report");
+    }
+
+    @Autowired
+    private DataSource dataSource;
+
+    @Autowired
+    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
+//        auth.jdbcAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance())
+        auth.jdbcAuthentication().passwordEncoder(new BCryptPasswordEncoder())
+                .dataSource(dataSource)
+                .usersByUsernameQuery("SELECT username, password, enabled FROM cpd1.users WHERE username = ?")
+                .authoritiesByUsernameQuery("SELECT username, level FROM users WHERE username = ?");
+    }
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.cors().and().csrf().disable();
         http.authorizeRequests()
-//                .antMatchers("")
-                .anyRequest()//allow all urls
-//                .authenticated()//all URLs are allowed by any authenticated user, no role restrictions.
-//                .and()
-//                .formLogin()//enable form based authentication
-//                .loginPage("/my-login")//use a custom login URI
-//                .permitAll(true)//login URI can be accessed by anyone
-//                .and()
-//                .logout()//default logout handling
-//                .logoutSuccessUrl("/my-login?logout")//our new logout success url, we are not replacing other defaults.
-                .permitAll();//allow all as it will be accessed when user is not logged in anymore
-
+                .antMatchers("/admin").hasAuthority("ADMIN")
+                .antMatchers("/create-center").hasAuthority("ADMIN")
+                .antMatchers("/update-center").hasAuthority("ADMIN")
+                .antMatchers("/submit-center").hasAuthority("ADMIN")
+                .antMatchers("/secretary").hasAuthority("SECRETARY")
+                .antMatchers("/get-center-appointments").hasAuthority("SECRETARY")
+                .antMatchers("/update-appointment-report").hasAuthority("SECRETARY")
+                .antMatchers("/**").permitAll()
+                .and()
+                .formLogin().permitAll()
+                .and()
+                .logout().logoutSuccessUrl("/")
+                .and()
+                .formLogin()
+                .loginPage("/login")
+                .and()
+                .exceptionHandling().accessDeniedPage("/index.html");
     }
 
+    //Disabling some security measures to allow async POST calls from javascript to java
     @Bean
     CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
@@ -46,26 +83,4 @@ CorsConfigurationSource corsConfigurationSource() {
         source.registerCorsConfiguration("/**", configuration);
         return source;
     }
-
-//    @Override
-//    public void configure(AuthenticationManagerBuilder builder)
-//            throws Exception {
-//        builder.inMemoryAuthentication()
-//                .withUser("joe")
-//                .password("123")
-//                .roles("ADMIN");
-//    }
-
-//    @Bean
-//    WebMvcConfigurer myWebMvcConfigurer() {
-//        return new WebMvcConfigurerAdapter() {
-//
-//            @Override
-//            public void addViewControllers(ViewControllerRegistry registry) {
-//                ViewControllerRegistration r = registry.addViewController("/my-login");
-//                r.setViewName("my-login-page");
-//            }
-//        };
-//    }
-
 }
diff --git a/src/main/java/com/cpd/coronapreventiondivision/Controller/AdminController.java b/src/main/java/com/cpd/coronapreventiondivision/Controller/AdminController.java
@@ -44,12 +44,12 @@ public String homeAdmin(@RequestParam(name = "user", value="user", required = fa
 
     @GetMapping("/create-center")
     public String createCenter(Model model){
-        //Administrator selects to create a new center,
-        //and is redirected to an empty form page to fill
-        //out all the info about the center
-
         model.addAttribute("title", "Declare a new center");
-        model.addAttribute("center", new Center(-1, Center.CenterType.UNKNOWN, new Address(), new WorkWeek()));
+        model.addAttribute("center", new Center(
+                -1,
+                Center.CenterType.UNKNOWN,
+                new Address(),
+                new WorkWeek()));
 
         return "admin/center";
     }

diff --git a/src/main/java/com/cpd/coronapreventiondivision/Controller/BookingController.java b/src/main/java/com/cpd/coronapreventiondivision/Controller/BookingController.java
@@ -148,5 +148,7 @@ public String vaccineBooking(Model model){
         return "booking/booking";
     }
 
+    @GetMapping("/locations")
+    public String locations(){ return "booking/locations"; }
 
 }
diff --git a/src/main/java/com/cpd/coronapreventiondivision/Controller/LoginController.java b/src/main/java/com/cpd/coronapreventiondivision/Controller/LoginController.java
@@ -21,25 +21,19 @@ public String loginForm(Model model) {
     }
 
     @PostMapping("/login")
-    public String login(@ModelAttribute(name = "user") User user, Model model) {
-
-        user = loginService.verifyCredentials(user);
+    public String login(){
+        return "redirect:/";
+    }
 
-        if (user != null) {
-            switch ((user.getLevel())) {
-                case ADMIN:
-                    model.addAttribute("user", user);
-                    System.out.println(user.toString());
-                    return "redirect:/admin?user=" + user;
-                case SECRETARY:
-                    model.addAttribute("user", user);
-                    return "redirect:/secretary?user=" + user;
-                default:
-                    return "redirect:/";
-            }
-        }
+    @PostMapping("/logout")
+    public String logout(){
+        return "redirect:/";
+    }
 
-        return "login";
+    @GetMapping("/error")
+    public String error(Model model){
+        model.addAttribute("message", "There was an unexpected error. please try again later.");
+        return "clue";
     }
 
 //    @GetMapping("/redirect/{username}")

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -3,3 +3,4 @@ spring.datasource.url=jdbc:mysql://den1.mysql2.gear.host:3306/cpd1
 spring.datasource.username=cpd1
 spring.datasource.password=Vy9lkT_BxHJ!
 server.port=9090
+server.error.whitelabel.enabled=false
diff --git a/src/main/resources/static/booking-style.css b/src/main/resources/static/booking-style.css
@@ -475,4 +475,24 @@ select#select-google-maps {
     font-size: 20px;
     padding: 20px;
     border: 2px solid #AFAFAF;
+}
+
+#filter input, select{
+    margin: 10px 20px;
+}
+
+#filter {
+    font-size: 15px;
+}
+
+.table-container {
+    margin: 20px;
+}
+
+.table-container form {
+    width: 100%;
+}
+
+.table-container form table tr td {
+    text-align: center;
 }
diff --git a/src/main/resources/templates/admin/admin-landing.html b/src/main/resources/templates/admin/admin-landing.html
@@ -12,7 +12,10 @@
 </head>
 <body>
 <div class="booking-content">
-    <h1 class="title" style="margin-bottom: 0px;">Admin Dashboard</h1>
+    <form th:action="@{/logout}" method="post">
+        <button class="small-cta" style="margin-left: 50px;" type="submit">Log out</button>
+    </form>
+    <h1 class="title" style="margin-bottom: 0px; margin-top: 0px; padding-top: 0px;">Admin Dashboard</h1>
     <div>
         <div style="padding:50px 50px 20px 50px;">
             <form th:action="@{/create-center}" method="get">

diff --git a/src/main/resources/templates/error/404.html b/src/main/resources/templates/error/404.html
@@ -0,0 +1,113 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Booking</title>
+    <link rel="stylesheet" href="//code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css">
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
+    <script src="https://code.jquery.com/jquery-1.12.4.js"></script>
+    <link rel="stylesheet" href="/booking-style.css">
+    <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
+    <script src="/permanent.js"></script>
+    <title>Email confirmation</title>
+    <style>
+        @import url('https://fonts.googleapis.com/css?family=Oxanium&display=swap');
+        @import url('https://fonts.googleapis.com/css?family=Roboto+Slab&display=swap');
+        @media only screen and (max-width: 768px) { .content { width: 100%; } }
+        a:link { color: #AFAFAF; !important; }
+        a:visited { color: #AFAFAF; !important; }
+
+        body {
+            font-family: Roboto Slab, serif;
+            font-size: 20px;
+        }
+
+        .horizontal-border {
+            height: 20px;
+            background-color: #EFEFEF;
+        }
+
+        .vertical-border {
+            width: 20px;
+            height: auto;
+            background-color: #EFEFEF;
+        }
+
+        .content {
+            width: 40%;
+            height: auto;
+            margin-left: auto;
+            margin-right: auto;
+        }
+
+        .center {
+            width: 100%;
+            background-color: white;
+            margin: 20px;
+        }
+
+        label {
+            /*float: left;*/
+            width: 50%;
+        }
+
+        input {
+            width: 50%;
+            font-family: Roboto Slab, serif, Roboto, Verdana;
+            font-size: 20px;
+            float: right;
+        }
+
+        button {
+            font-family: Oxanium, serif, Helvetica;
+            font-size: 20px;
+            width: auto;
+            margin-top: 50px;
+            margin-left: auto;
+            margin-right: auto;
+            background-color: #FF6219;
+            color: white;
+            border: 0;
+            padding: 12px 40px;
+            display: flex;
+            align-self: center;
+        }
+
+        .separator {
+            width: 100%;
+            height: 20px;
+        }
+    </style>
+</head>
+<body style="background-color: white;">
+<div class="content">
+    <!-- logos -->
+    <div >
+        <img src="https://i.ibb.co/VMQ8rtj/corona-prevention-logo.png" alt="Corona Prevention logo" style="margin-top: 20px; width: auto; height: 60px;"/>
+        <img src="https://i.ibb.co/fncfghn/kobenhavns-kommune-logo.png" alt="Kobenhavns kommune" style="margin-top: 20px; width: auto; height: 60px; float: right;"/>
+    </div>
+
+    <!--Top-->
+    <div class="horizontal-border"></div>
+
+    <!--Middle-->
+    <div style="display: flex; justify-content: space-between;">
+        <!--Left-->
+        <div class="vertical-border" style="float: left;"></div>
+
+        <!--Center-->
+        <div class="center">
+            <h2 style="text-align: center; margin: 100px 10px;">Oh no! Looks like this page doesn't exist, or you do not have access to it.</h2>
+            <button class="cta" onclick="window.location.href='/'">Go back</button>
+        </div>
+
+        <!--Right-->
+        <div class="vertical-border" style="float: right;"></div>
+    </div>
+
+    <!--Bottom-->
+    <div class="horizontal-border" />
+</div>
+</body>
+</html>
diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html
@@ -83,7 +83,7 @@ <h2>What are the benefits of getting vaccinated?</h2>
                 or elderly adults, and people with other medical conditions.</p>
             <br>
             <br>
-            <button class="cta" onclick="window.location.href='/test'">Book vaccination appointment</button>
+            <button class="cta" onclick="window.location.href='/vaccine'">Book vaccination appointment</button>
         </div>
     </div>
-Original file line number
+Diff line change
@@ Expand Up / @@ -83,7 +83,7 @@ <h2>What are the benefits of getting vaccinated?</h2> @@
                     or elderly adults, and people with other medical conditions.</p>
                 <br>
                 <br>
-                <button class="cta" onclick="window.location.href='/test'">Book vaccination appointment</button>
+                <button class="cta" onclick="window.location.href='/vaccine'">Book vaccination appointment</button>
             </div>
         </div>
@@ Expand Down @@