From bf2d2a7773b313af5315ceab7a23ee9c636eb95e Mon Sep 17 00:00:00 2001
From: PEDSF <pe.dsf@free.fr>
Date: Sat, 28 Nov 2020 18:05:45 +0100
Subject: [PATCH] solve bug of fechType

---
 .../configuration/SocketSecurityConfig.java   | 31 ++++++++
 .../configuration/WebSecurityConfig.java      | 13 ++--
 .../configuration/WebSocketConfig.java        |  8 +--
 .../petclinic/controller/OwnerController.java |  7 +-
 .../controller/common/WebSocketSender.java    |  1 +
 src/main/resources/application.properties     | 16 +----
 src/main/resources/db/h2/schema.sql           |  5 --
 src/main/resources/db/hsqldb/schema.sql       | 72 +++++++++++++++++++
 src/main/resources/db/mysql/schema.sql        | 66 +++++++++++++++++
 src/main/resources/oauth2.properties          | 18 +++++
 .../static/resources/js/notification.js       |  3 +-
 11 files changed, 208 insertions(+), 32 deletions(-)
 create mode 100644 src/main/java/org/springframework/samples/petclinic/configuration/SocketSecurityConfig.java
 create mode 100644 src/main/resources/oauth2.properties

diff --git a/src/main/java/org/springframework/samples/petclinic/configuration/SocketSecurityConfig.java b/src/main/java/org/springframework/samples/petclinic/configuration/SocketSecurityConfig.java
new file mode 100644
index 000000000..64b071d4f
--- /dev/null
+++ b/src/main/java/org/springframework/samples/petclinic/configuration/SocketSecurityConfig.java
@@ -0,0 +1,31 @@
+package org.springframework.samples.petclinic.configuration;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.messaging.simp.SimpMessageType;
+import org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry;
+import org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer;
+
+@Configuration
+public class SocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
+
+	@Override
+	protected void configureInbound(MessageSecurityMetadataSourceRegistry message) {
+		// @formatter:off
+
+		// message types other than MESSAGE and SUBSCRIBE
+		message.simpDestMatchers("/app/**").permitAll()
+			.simpSubscribeDestMatchers("/topic/**").permitAll()
+			// catch all
+			.anyMessage().denyAll();
+
+		// @formatter:on
+	}
+
+	/**
+	 * Disables CSRF for Websockets.
+	 */
+	@Override
+	protected boolean sameOriginDisabled() {
+		return true;
+	}
+}
diff --git a/src/main/java/org/springframework/samples/petclinic/configuration/WebSecurityConfig.java b/src/main/java/org/springframework/samples/petclinic/configuration/WebSecurityConfig.java
index 9998e2aa0..8c8492d56 100644
--- a/src/main/java/org/springframework/samples/petclinic/configuration/WebSecurityConfig.java
+++ b/src/main/java/org/springframework/samples/petclinic/configuration/WebSecurityConfig.java
@@ -6,6 +6,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 
 import org.springframework.core.env.Environment;
+import org.springframework.samples.petclinic.common.CommonAttribute;
 import org.springframework.samples.petclinic.common.CommonEndPoint;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -26,8 +27,8 @@ import java.util.List;
 import java.util.stream.Collectors;
 
 @Configuration
-@EnableWebSecurity
-@PropertySource("classpath:application.properties")
+@EnableWebSecurity(debug = true)
+@PropertySource("classpath:oauth2.properties")
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
 	private static final String CLIENT_PROPERTY_KEY = "spring.security.oauth2.client.registration.";
@@ -71,8 +72,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 				.loginPage(CommonEndPoint.LOGIN)
 				.loginProcessingUrl(CommonEndPoint.LOGIN)
 				.defaultSuccessUrl(CommonEndPoint.LOGIN_SUCCESS, true)
-				.usernameParameter("email")
-				.passwordParameter("password")
+				.usernameParameter(CommonAttribute.EMAIL)
+				.passwordParameter(CommonAttribute.PASSWORD)
 				.failureUrl(CommonEndPoint.LOGIN)
 				.permitAll()
 			.and()
@@ -124,6 +125,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 			return CommonOAuth2Provider.GITHUB.getBuilder(client).clientId(clientId).clientSecret(clientSecret).build();
 		}
 
+		if (client.equals("twitter")) {
+			return ClientRegistration.withRegistrationId("twitter").clientId(clientId).clientSecret(clientSecret).build();
+		}
+
 		return null;
 	}
 
diff --git a/src/main/java/org/springframework/samples/petclinic/configuration/WebSocketConfig.java b/src/main/java/org/springframework/samples/petclinic/configuration/WebSocketConfig.java
index af9b02a4d..43fe18d44 100644
--- a/src/main/java/org/springframework/samples/petclinic/configuration/WebSocketConfig.java
+++ b/src/main/java/org/springframework/samples/petclinic/configuration/WebSocketConfig.java
@@ -30,7 +30,7 @@ public class WebSocketConfig extends AbstractSecurityWebSocketMessageBrokerConfi
 
 	@Override
 	public void configureMessageBroker(MessageBrokerRegistry config) {
-		config.enableSimpleBroker("/topic");
+		config.enableSimpleBroker("/topic/public");
 		config.setApplicationDestinationPrefixes("/app");
 	}
 
@@ -39,11 +39,7 @@ public class WebSocketConfig extends AbstractSecurityWebSocketMessageBrokerConfi
 		registry.addEndpoint("/websocket").setAllowedOrigins("*").withSockJS();
 	}
 
-	@Override
-	protected void configureInbound(MessageSecurityMetadataSourceRegistry message) {
-		message.nullDestMatcher().permitAll().simpDestMatchers("/app/**").permitAll()
-				.simpSubscribeDestMatchers("/topic/**").permitAll().anyMessage().denyAll();
-	}
+
 
 	@Override
 	protected boolean sameOriginDisabled() {
diff --git a/src/main/java/org/springframework/samples/petclinic/controller/OwnerController.java b/src/main/java/org/springframework/samples/petclinic/controller/OwnerController.java
index e2ca50e54..e26f377ab 100644
--- a/src/main/java/org/springframework/samples/petclinic/controller/OwnerController.java
+++ b/src/main/java/org/springframework/samples/petclinic/controller/OwnerController.java
@@ -80,7 +80,7 @@ class OwnerController extends WebSocketSender {
 	@GetMapping(CommonEndPoint.OWNERS_FIND)
 	public String initFindForm(Map<String, Object> model) {
 		model.put(CommonAttribute.OWNER, new OwnerDTO());
-
+		sendSuccessMessage("TEST WEBSOCKET");
 		return CommonView.OWNER_FIND_OWNERS;
 	}
 
@@ -105,12 +105,13 @@ class OwnerController extends WebSocketSender {
 		else if (results.size() == 1) {
 			// 1 owner found
 			owner = results.iterator().next();
+			sendSuccessMessage("TEST WEBSOCKET");
 			return CommonView.OWNER_OWNERS_R + owner.getId();
 		}
 		else {
 			// multiple owners found
 			model.put(CommonAttribute.SELECTIONS, results);
-
+			sendSuccessMessage("TEST WEBSOCKET");
 			return CommonView.OWNER_OWNERS_LIST;
 		}
 	}
@@ -119,6 +120,7 @@ class OwnerController extends WebSocketSender {
 	public String initUpdateOwnerForm(@PathVariable("ownerId") int ownerId, Model model) {
 		OwnerDTO ownerDTO = this.ownerService.findById(ownerId);
 		model.addAttribute(CommonAttribute.OWNER, ownerDTO);
+		sendSuccessMessage("TEST WEBSOCKET");
 		return CommonView.OWNER_CREATE_OR_UPDATE;
 	}
 
@@ -153,6 +155,7 @@ class OwnerController extends WebSocketSender {
 		}
 
 		modelAndView.addObject(CommonAttribute.OWNER, owner);
+		sendSuccessMessage("TEST WEBSOCKET");
 		return modelAndView;
 	}
 
diff --git a/src/main/java/org/springframework/samples/petclinic/controller/common/WebSocketSender.java b/src/main/java/org/springframework/samples/petclinic/controller/common/WebSocketSender.java
index 57673ecf3..ae528d212 100644
--- a/src/main/java/org/springframework/samples/petclinic/controller/common/WebSocketSender.java
+++ b/src/main/java/org/springframework/samples/petclinic/controller/common/WebSocketSender.java
@@ -16,6 +16,7 @@ public class WebSocketSender {
 	@Autowired
 	SimpMessagingTemplate simpMessagingTemplate;
 
+
 	public void sendMessage(String message, String type) {
 		// Send message asynchronously
 		new Thread(new Runnable() {
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index e7d2a66d5..58265a9b7 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -29,6 +29,8 @@ spring.resources.cache.cachecontrol.max-age=12h
 #logging.level.org.springframework.web: DEBUG
 #logging.level.org.hibernate: DEBUG
 #logging.level.org.springframework.context.annotation=TRACE
+logging.level.org.springframework.security=TRACE
+logging.level.org.springframework.web=TRACE
 
 spring.datasource.hikari.connectionTimeout=20000
 spring.datasource.hikari.maximumPoolSize=5
@@ -40,20 +42,6 @@ spring.datasource.password=
 spring.h2.console.enabled=true
 spring.h2.console.path=/h2-console
 
-######################################################################### OAUTH2
-spring.security.oauth2.client.registration.google.client-id=${OAUTH2_GOOGLE_CLIENT_ID}
-spring.security.oauth2.client.registration.google.client-secret=${OAUTH2_GOOGLE_CLIENT_SECRET}
-
-#spring.security.oauth2.client.registration.github.client-id=${OAUTH2_GITHUB_CLIENT_ID}
-#spring.security.oauth2.client.registration.github.client-secret=${OAUTH2_GITHUB_CLIENT_SECRET}
-spring.security.oauth2.client.registration.github.client-id=d3e47fc2ddd966fa4352
-spring.security.oauth2.client.registration.github.client-secret=3bc0f6b8332f93076354c2a5bada2f5a05aea60d
-
-
-spring.security.oauth2.client.registration.facebook.client-id=121189305185277
-spring.security.oauth2.client.registration.facebook.client-secret=42ffe5aa7379e8326387e0fe16f34132
-
-
 #################################################################### SPRING MAIL
 spring.mail.host=smtp.mailtrap.io
 spring.mail.port=2525
diff --git a/src/main/resources/db/h2/schema.sql b/src/main/resources/db/h2/schema.sql
index 691718fc6..02d11325f 100644
--- a/src/main/resources/db/h2/schema.sql
+++ b/src/main/resources/db/h2/schema.sql
@@ -1,6 +1,3 @@
-
-
-
 DROP TABLE vets IF EXISTS;
 CREATE TABLE vets (
   id         INTEGER IDENTITY PRIMARY KEY,
@@ -78,7 +75,6 @@ CREATE TABLE privileges (
 );
 CREATE INDEX privileges_name ON privileges (name);
 
-
 DROP TABLE users IF EXISTS;
 CREATE TABLE users (
   id         INTEGER IDENTITY PRIMARY KEY,
@@ -115,7 +111,6 @@ CREATE TABLE roles_privileges (
     privilege_id INTEGER NOT NULL
 );
 
-
 DROP TABLE auth_providers IF EXISTS;
 CREATE TABLE auth_providers (
   id   INTEGER IDENTITY PRIMARY KEY,
diff --git a/src/main/resources/db/hsqldb/schema.sql b/src/main/resources/db/hsqldb/schema.sql
index f3c6947b7..4845d1bc4 100644
--- a/src/main/resources/db/hsqldb/schema.sql
+++ b/src/main/resources/db/hsqldb/schema.sql
@@ -62,3 +62,75 @@ CREATE TABLE visits (
 );
 ALTER TABLE visits ADD CONSTRAINT fk_visits_pets FOREIGN KEY (pet_id) REFERENCES pets (id);
 CREATE INDEX visits_pet_id ON visits (pet_id);
+
+DROP TABLE roles IF EXISTS;
+CREATE TABLE roles (
+  id          INTEGER IDENTITY PRIMARY KEY,
+  name        VARCHAR(20) NOT NULL
+);
+CREATE INDEX roles_name ON roles (name);
+
+DROP TABLE privileges IF EXISTS;
+CREATE TABLE privileges (
+  id          INTEGER IDENTITY PRIMARY KEY,
+  name        VARCHAR(20) NOT NULL
+);
+CREATE INDEX privileges_name ON privileges (name);
+
+
+DROP TABLE users IF EXISTS;
+CREATE TABLE users (
+  id         INTEGER IDENTITY PRIMARY KEY,
+  first_name VARCHAR(30) NOT NULL,
+  last_name  VARCHAR_IGNORECASE(30) NOT NULL,
+  email      VARCHAR(50) NOT NULL,
+  password   VARCHAR(255) NOT NULL,
+  enabled    BOOLEAN NOT NULL,
+  account_unexpired    BOOLEAN NOT NULL DEFAULT true,
+  account_unlocked     BOOLEAN NOT NULL DEFAULT true,
+  credential_unexpired BOOLEAN NOT NULL DEFAULT true,
+  telephone  VARCHAR(20),
+  street1    VARCHAR(50),
+  street2    VARCHAR(50),
+  street3    VARCHAR(50),
+  zip_code   VARCHAR(6),
+  city       VARCHAR(80),
+  country    VARCHAR(50)
+);
+CREATE INDEX users_email ON users (email);
+
+DROP TABLE users_roles IF EXISTS;
+CREATE TABLE users_roles (
+    user_id INTEGER NOT NULL,
+    role_id INTEGER NOT NULL
+);
+ALTER TABLE users_roles ADD CONSTRAINT fk_users_roles_user_id FOREIGN KEY (user_id) REFERENCES users (id);
+ALTER TABLE users_roles ADD CONSTRAINT fk_users_roles_role_id FOREIGN KEY (role_id) REFERENCES roles (id);
+CREATE INDEX users_roles_user_id ON users_roles (user_id);
+
+DROP TABLE roles_privileges IF EXISTS;
+CREATE TABLE roles_privileges (
+    role_id INTEGER NOT NULL,
+    privilege_id INTEGER NOT NULL
+);
+
+
+DROP TABLE auth_providers IF EXISTS;
+CREATE TABLE auth_providers (
+  id   INTEGER IDENTITY PRIMARY KEY,
+  name VARCHAR(20) NOT NULL
+);
+CREATE INDEX auth_providers_name ON auth_providers (name);
+
+DROP TABLE credentials IF EXISTS;
+CREATE TABLE credentials (
+  id          INTEGER IDENTITY PRIMARY KEY,
+  provider_id INTEGER NOT NULL,
+  email       VARCHAR(50) NOT NULL,
+  password    VARCHAR(255) NOT NULL,
+  verified    BOOLEAN NOT NULL,
+  token       VARCHAR(255) DEFAULT NULL,
+  expiration  DATE DEFAULT NULL
+);
+ALTER TABLE credentials ADD CONSTRAINT fk_credentials_provider_id FOREIGN KEY (provider_id) REFERENCES auth_providers (id);
+CREATE INDEX credentials_email ON credentials (email);
diff --git a/src/main/resources/db/mysql/schema.sql b/src/main/resources/db/mysql/schema.sql
index eb5d7d5d0..ef95c470a 100644
--- a/src/main/resources/db/mysql/schema.sql
+++ b/src/main/resources/db/mysql/schema.sql
@@ -53,3 +53,69 @@ CREATE TABLE IF NOT EXISTS visits (
   description VARCHAR(255),
   FOREIGN KEY (pet_id) REFERENCES pets(id)
 ) engine=InnoDB;
+
+CREATE TABLE IF NOT EXISTS roles (
+  id INT(4) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
+  name        VARCHAR(20) NOT NULL,
+  INDEX(name)
+) engine=InnoDB;
+
+CREATE TABLE IF NOT EXISTS privileges (
+  id INT(4) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
+  name        VARCHAR(20) NOT NULL,
+  INDEX(name)
+) engine=InnoDB;
+
+CREATE TABLE IF NOT EXISTS users (
+  id INT(4) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
+  first_name VARCHAR(30) NOT NULL,
+  last_name  VARCHAR_IGNORECASE(30) NOT NULL,
+  email      VARCHAR(50) NOT NULL,
+  password   VARCHAR(255) NOT NULL,
+  enabled    BOOLEAN NOT NULL,
+  account_unexpired    BOOLEAN NOT NULL DEFAULT true,
+  account_unlocked     BOOLEAN NOT NULL DEFAULT true,
+  credential_unexpired BOOLEAN NOT NULL DEFAULT true,
+  telephone  VARCHAR(20),
+  street1    VARCHAR(50),
+  street2    VARCHAR(50),
+  street3    VARCHAR(50),
+  zip_code   VARCHAR(6),
+  city       VARCHAR(80),
+  country    VARCHAR(50),
+  INDEX(email)
+) engine=InnoDB;
+
+CREATE TABLE IF NOT EXISTS users_roles (
+  user_id INTEGER NOT NULL,
+  role_id INTEGER NOT NULL,
+  FOREIGN KEY (user_id) REFERENCES users(id),
+  FOREIGN KEY (role_id) REFERENCES roles(id),
+  INDEX(user_role)
+) engine=InnoDB;
+
+CREATE TABLE IF NOT EXISTS roles_privileges (
+  role_id INTEGER NOT NULL,
+  privilege_id INTEGER NOT NULL,
+  FOREIGN KEY (role_id) REFERENCES roles(id),
+  FOREIGN KEY (privilege_id) REFERENCES privileges(id),
+  INDEX(role_id)
+) engine=InnoDB;
+
+CREATE TABLE IF NOT EXISTS auth_providers (
+  id INT(4) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
+  name        VARCHAR(20) NOT NULL,
+  INDEX(name)
+) engine=InnoDB;
+
+CREATE TABLE IF NOT EXISTS credentials (
+  id INT(4) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
+  provider_id INTEGER NOT NULL,
+  email       VARCHAR(50) NOT NULL,
+  password    VARCHAR(255) NOT NULL,
+  verified    BOOLEAN NOT NULL,
+  token       VARCHAR(255) DEFAULT NULL,
+  expiration  DATE DEFAULT NULL,
+  FOREIGN KEY (provider_id) REFERENCES auth_providers(id),
+  INDEX(email)
+) engine=InnoDB;
diff --git a/src/main/resources/oauth2.properties b/src/main/resources/oauth2.properties
new file mode 100644
index 000000000..11a92be04
--- /dev/null
+++ b/src/main/resources/oauth2.properties
@@ -0,0 +1,18 @@
+
+spring.security.oauth2.client.registration.google.client-id=${OAUTH2_GOOGLE_CLIENT_ID}
+spring.security.oauth2.client.registration.google.client-secret=${OAUTH2_GOOGLE_CLIENT_SECRET}
+
+#spring.security.oauth2.client.registration.github.client-id=${OAUTH2_GITHUB_CLIENT_ID}
+#spring.security.oauth2.client.registration.github.client-secret=${OAUTH2_GITHUB_CLIENT_SECRET}
+spring.security.oauth2.client.registration.github.client-id=d3e47fc2ddd966fa4352
+spring.security.oauth2.client.registration.github.client-secret=3bc0f6b8332f93076354c2a5bada2f5a05aea60d
+
+spring.security.oauth2.client.registration.facebook.client-id=121189305185277
+spring.security.oauth2.client.registration.facebook.client-secret=42ffe5aa7379e8326387e0fe16f34132
+
+#spring.security.oauth2.client.registration.twitter.client-id=YrtJmnJJjpxEH3289eVyFxCNt
+#spring.security.oauth2.client.registration.twitter.client-secret=aMMFcgJlGpSKvAuiwBgWSXCzjzcOezLgGZtkdmGISUPk7CIzcB
+
+#spring.security.oauth2.client.registration.linkedin.client-id=121189305185277
+#spring.security.oauth2.client.registration.linkedin.client-secret=42ffe5aa7379e8326387e0fe16f34132
+
diff --git a/src/main/resources/static/resources/js/notification.js b/src/main/resources/static/resources/js/notification.js
index 681ee9fa1..6074f25f7 100644
--- a/src/main/resources/static/resources/js/notification.js
+++ b/src/main/resources/static/resources/js/notification.js
@@ -1,7 +1,8 @@
+var stompClient = null;
 
 function displayMessage() {
     var socket = new SockJS('/websocket');
-    var stompClient = Stomp.over(socket);
+    stompClient = Stomp.over(socket);
 
     stompClient.connect({}, function (frame) {
         stompClient.subscribe('/topic/public', function (socketMessage) {