Merge pull request 'Fix 403 errors' (#12) from backend-test into main

Reviewed-on: #12
Reviewed-by: adnane <adnane.alami@bordeaux-inp.fr>
Reviewed-by: omar <omar.el_alaoui_el_ismaili@bordeaux-inp.fr>
Reviewed-by: Theo <tlelez@enseirb-matmeca.fr>
Reviewed-by: anas <anas.maillal@bordeaux-inp.fr>

Makefile

@@ -2,6 +2,7 @@ help:
 	@echo "make [clean dev-front prod dev-back dev]"
 
 clean: 
+	pkill -9 node
 	@cp config/frontdev.env front/MyINPulse-front/.env
 	@cp config/frontdev.env .env
 	@cp config/frontdev.env MyINPulse-back/.env

MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java

@@ -56,12 +56,18 @@ public class WebSecurityCustomConfiguration {
         http.authorizeHttpRequests(
                         authorize ->
                                 authorize
-                                        .requestMatchers("/entrepreneur/**", "/shared/**")
+                                        .requestMatchers("/entrepreneur/**")
                                         .access(hasRole("REALM_MyINPulse-entrepreneur"))
-                                        .requestMatchers("/admin/**", "/shared/**")
+                                        .requestMatchers("/admin/**")
                                         .access(hasRole("REALM_MyINPulse-admin"))
+                                        .requestMatchers("/shared/**")
+                                        .hasAnyRole(
+                                                "REALM_MyINPulse-admin",
+                                                "REALM_MyINPulse-entrepreneur")
                                         .requestMatchers("/unauth/**")
-                                        .authenticated())
+                                        .authenticated()
+                                        .anyRequest()
+                                        .denyAll())
                 .oauth2ResourceServer(
                         oauth2 ->
                                 oauth2.jwt(

MyINPulse-back/src/main/resources/application.properties

@@ -1,6 +1,6 @@
 spring.application.name=myinpulse
-spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://localhost:7080/realms/test/protocol/openid-connect/certs
+spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://localhost:7080/realms/${VITE_KEYCLOAK_REALM}/protocol/openid-connect/certs
-spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:7080/realms/test
+spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:7080/realms/${VITE_KEYCLOAK_REALM}
 spring.datasource.url=jdbc:postgresql://${DATABASE_URL}/${BACKEND_DB}
 spring.datasource.username=${BACKEND_USER}
 spring.datasource.password=${BACKEND_PASSWORD}

config/dev.env

@@ -16,7 +16,7 @@ BACKEND_PASSWORD=backend_db_user_password
 DATABASE_URL=localhost:5433
 
 VITE_KEYCLOAK_URL=http://localhost:7080
-VITE_KEYCLOAK_CLIENT_ID=myinpulse-dev
+VITE_KEYCLOAK_CLIENT_ID=MyINPulse-vite
-VITE_KEYCLOAK_REALM=test
+VITE_KEYCLOAK_REALM=MyINPulse
 VITE_APP_URL=http://localhost:5173
 VITE_BACKEND_URL=http://localhost:8081/

documentation/openapi/src/adminApi.yaml

@@ -22,6 +22,8 @@ paths:
           description: Bad Request - Invalid project data provided (e.g., missing required fields).
         "401":
           description: Unauthorized - Authentication required or invalid token.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
           
     post:
       operationId: addProjectManually
@@ -49,6 +51,8 @@ paths:
           description: Bad Request - Project already exists.
         "401":
           description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
           
 
   /admin/projects/pending:
@@ -70,7 +74,9 @@ paths:
                 items:
                   $ref: "./main.yaml#/components/schemas/project" # Assuming pending projects use the same schema
         "401":
-          description: Unauthorized.        
+          description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.      
 
   /admin/request-join:
     get:
@@ -92,6 +98,8 @@ paths:
                   $ref: "./main.yaml#/components/schemas/joinRequest"
         "401":
           description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
   
   /admin/request-join/decision/{joinRequestId}:
     post:
@@ -121,7 +129,9 @@ paths:
         "400":
           description: Bad Request - Invalid input (e.g., missing decision).
         "401":
-          description: Unauthorized.     
+          description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.   
 
 
   /admin/projects/pending/decision:
@@ -150,6 +160,8 @@ paths:
           description: Bad Request - Invalid input (e.g., missing decision).
         "401":
           description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
           
 
   /admin/pending-accounts: # Path updated
@@ -172,6 +184,8 @@ paths:
                   $ref: "./main.yaml#/components/schemas/user-entrepreneur"
         "401":
           description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
 
   /admin/accounts/validate/{userId}:
     post: # Changed to POST as it changes state
@@ -195,7 +209,8 @@ paths:
           description: No Content - Account validated successfully.
         "400":
           description: Bad Request - Invalid user ID format.
-          
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.  
         "401":
           description: Unauthorized.
 
@@ -217,6 +232,8 @@ paths:
                 type: array
                 items:
                   $ref: "./main.yaml#/components/schemas/appointment"
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
         "404":
           description: no appointments found.
         "401":
@@ -254,6 +271,8 @@ paths:
                 schema: { $ref: "./main.yaml#/components/schemas/report" }
         "400":
           description: Bad Request - Invalid input (e.g., missing content, invalid appointment ID format).
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
         "401":
           description: Unauthorized.
           
@@ -288,6 +307,8 @@ paths:
                 schema: { $ref: "./main.yaml#/components/schemas/report" }
         "400":
           description: Bad Request - Invalid input (e.g., missing content).
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
         "401":
           description: Unauthorized.
 
@@ -314,6 +335,8 @@ paths:
           description: No Content - Project removed successfully.
         "400":
           description: Bad Request - Invalid project ID format.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
         "401":
           description: Unauthorized.
           
@@ -340,7 +363,9 @@ paths:
         "200": # Use 200 No Content
           description: No Content - Admin rights granted successfully.
         "400":
-          description: Bad Request - Invalid user ID format or user is already an admin.     
+          description: Bad Request - Invalid user ID format or user is already an admin.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
         "401":
           description: Unauthorized.
         
@@ -357,4 +382,6 @@ paths:
         "200": 
           description: No Content - Admin user created successfully.
         "401":
-          description: Unauthorized.
+          description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.

documentation/openapi/src/bundled.yaml

@@ -257,6 +257,8 @@ paths:
           description: Bad Request - Problem processing the token or user data derived from it.
         '401':
           description: Unauthorized - Valid authentication token required.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   '/unauth/request-join/{projectId}':
     post:
       summary: Request to join an existing project
@@ -278,6 +280,8 @@ paths:
           description: Bad Request - Invalid project ID format
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
         '409':
           description: Already member/request pending.
   /admin/pending-accounts:
@@ -301,6 +305,8 @@ paths:
                   $ref: '#/components/schemas/user-entrepreneur'
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   '/admin/accounts/validate/{userId}':
     post:
       operationId: validateUserAccount
@@ -326,6 +332,8 @@ paths:
           description: Bad Request - Invalid user ID format.
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   /admin/request-join:
     get:
       operationId: getPendingProjects
@@ -347,6 +355,8 @@ paths:
                   $ref: '#/components/schemas/joinRequest'
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   '/admin/request-join/decision/{joinRequestId}':
     post:
       summary: Approve or reject a pending project join request
@@ -376,6 +386,8 @@ paths:
           description: 'Bad Request - Invalid input (e.g., missing decision).'
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   /admin/projects:
     get:
       operationId: getAdminProjects
@@ -399,6 +411,8 @@ paths:
           description: 'Bad Request - Invalid project data provided (e.g., missing required fields).'
         '401':
           description: Unauthorized - Authentication required or invalid token.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
     post:
       operationId: addProjectManually
       summary: Manually add a new project
@@ -424,6 +438,8 @@ paths:
                 $ref: '#/components/schemas/project'
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
         '409':
           description: Bad Request - Project already exists.
   /admin/projects/pending:
@@ -447,6 +463,8 @@ paths:
                   $ref: '#/components/schemas/project'
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   /admin/projects/pending/decision:
     post:
       operationId: decidePendingProject
@@ -474,6 +492,8 @@ paths:
           description: 'Bad Request - Invalid input (e.g., missing decision).'
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   '/admin/appointments/report/{appointmentId}':
     post:
       operationId: createAppointmentReport
@@ -510,6 +530,8 @@ paths:
           description: 'Bad Request - Invalid input (e.g., missing content, invalid appointment ID format).'
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
     put:
       operationId: updateAppointmentReport
       summary: Update an existing appointment report
@@ -545,6 +567,8 @@ paths:
           description: 'Bad Request - Invalid input (e.g., missing content).'
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   /admin/appointments/upcoming:
     get:
       operationId: getUpcomingAppointments
@@ -566,6 +590,8 @@ paths:
                   $ref: '#/components/schemas/appointment'
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
         '404':
           description: no appointments found.
   '/admin/projects/{projectId}':
@@ -593,6 +619,8 @@ paths:
           description: Bad Request - Invalid project ID format.
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   '/admin/make-admin/{userId}':
     post:
       operationId: grantAdminRights
@@ -618,6 +646,8 @@ paths:
           description: Bad Request - Invalid user ID format or user is already an admin.
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   /admin/create-account:
     post:
       summary: Creates Admin out Jwt Token
@@ -632,6 +662,8 @@ paths:
           description: No Content - Admin user created successfully.
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   '/shared/projects/sectionCells/{projectId}/{sectionId}/{date}':
     get:
       operationId: getSectionCellsByDate
@@ -676,6 +708,8 @@ paths:
           description: Bad Request - Invalid parameter format.
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   '/shared/projects/entrepreneurs/{projectId}':
     get:
       operationId: getProjectEntrepreneurs
@@ -706,7 +740,7 @@ paths:
         '401':
           description: Unauthorized.
         '403':
-          description: Forbidden - User does not have access to this project.
+          description: Forbidden - User does not have access to this project or invalid Keycloack configuration.
         '404':
           description: Not Found - Project not found.
   '/shared/projects/admin/{projectId}':
@@ -737,7 +771,7 @@ paths:
         '401':
           description: Unauthorized.
         '403':
-          description: Forbidden - User does not have access to this project.
+          description: Forbidden - User does not have access to this project or invalid Keycloack configuration.
         '404':
           description: Not Found - Project not found.
   '/shared/projects/appointments/{projectId}':
@@ -769,6 +803,8 @@ paths:
                   $ref: '#/components/schemas/appointment'
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   '/shared/appointments/report/{appointmentId}':
     get:
       operationId: getAppointmentReport
@@ -798,6 +834,8 @@ paths:
                 format: binary
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   /shared/appointments/request:
     post:
       operationId: requestAppointment
@@ -823,6 +861,8 @@ paths:
           description: Bad Request - Invalid appointment details.
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   /entrepreneur/projects:
     get:
       summary: gets the projectId of the project associated with the entrepreneur
@@ -844,6 +884,8 @@ paths:
                   $ref: '#/components/schemas/project'
         '401':
           description: Unauthorized or identity not found
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
         '404':
           description: Bad Request - Invalid input or ID mismatch.
   /entrepreneur/projects/request:
@@ -873,6 +915,8 @@ paths:
           description: 'Bad Request - Invalid input (e.g., missing name).'
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   /entrepreneur/sectionCells:
     post:
       operationId: addSectionCell
@@ -897,6 +941,8 @@ paths:
           description: 'Bad Request - Invalid input (e.g., missing content or sectionId).'
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
   '/entrepreneur/sectionCells/{sectionCellId}':
     put:
       operationId: modifySectionCell
@@ -927,6 +973,8 @@ paths:
           description: OK - Section cell updated successfully. Returns the updated cell.
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
         '404':
           description: Bad Request - Invalid input or ID mismatch.
     delete:
@@ -953,5 +1001,7 @@ paths:
           description: Bad Request - Invalid ID format.
         '401':
           description: Unauthorized.
+        '403':
+          description: Bad Token - Invalid Keycloack configuration.
         '404':
           description: Bad Request - sectionCell not found.

documentation/openapi/src/entrepreneurApi.yaml

@@ -27,6 +27,8 @@ paths:
           description: Bad Request - Invalid input (e.g., missing name).
         "401":
           description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
         
   /entrepreneur/sectionCells: # Base path
     post:
@@ -52,6 +54,8 @@ paths:
           description: Bad Request - Invalid input (e.g., missing content or sectionId).
         "401":
           description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
           
   /entrepreneur/sectionCells/{sectionCellId}:
     put:
@@ -84,6 +88,8 @@ paths:
           description: Bad Request - Invalid input or ID mismatch.
         "401":
           description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
 
     delete:
       operationId: removeSectionCell
@@ -110,6 +116,8 @@ paths:
           description: Bad Request - sectionCell not found.
         "401":
           description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
 
 
   /entrepreneur/projects:
@@ -133,4 +141,6 @@ paths:
         "404":
           description: Bad Request - Invalid input or ID mismatch.
         "401":
-          description: Unauthorized or identity not found
+          description: Unauthorized or identity not found
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.

documentation/openapi/src/sharedApi.yaml

@@ -36,7 +36,9 @@ paths:
                 items:
                   $ref: "./main.yaml#/components/schemas/sectionCell"
         "400":
-          description: Bad Request - Invalid parameter format.         
+          description: Bad Request - Invalid parameter format.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
         "401":
           description: Unauthorized.
           
@@ -68,7 +70,7 @@ paths:
         "401":
           description: Unauthorized.       
         "403":
-          description: Forbidden - User does not have access to this project.         
+          description: Forbidden - User does not have access to this project or invalid Keycloack configuration.         
         "404":
           description: Not Found - Project not found.       
 
@@ -97,7 +99,7 @@ paths:
         "401":
           description: Unauthorized.       
         "403":
-          description: Forbidden - User does not have access to this project.    
+          description: Forbidden - User does not have access to this project or invalid Keycloack configuration.    
         "404":
           description: Not Found - Project not found.
           
@@ -126,6 +128,8 @@ paths:
                 type: array
                 items:
                   $ref: "./main.yaml#/components/schemas/appointment"
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
         "401":
           description: Unauthorized.
           
@@ -156,6 +160,8 @@ paths:
                 format: binary
         "401":
           description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
           
 
   /shared/appointments/request:
@@ -180,7 +186,8 @@ paths:
           description: Accepted - Appointment request submitted.
         "400":
           description: Bad Request - Invalid appointment details.
-          
         "401":
           description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
           

documentation/openapi/src/unauthApi.yaml

@@ -24,6 +24,8 @@ paths:
           description: Bad Request - Problem processing the token or user data derived from it.
         "401":
           description: Unauthorized - Valid authentication token required.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
   /unauth/request-join/{projectId}:
     post:
       summary: Request to join an existing project
@@ -47,6 +49,8 @@ paths:
           description: Already member/request pending.
         "401":
           description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.
   /unauth/request-admin-role:
     post:
       summary: Request to join an existing project
@@ -59,4 +63,6 @@ paths:
         "400":
           description: Bad Request - Invalid project ID format or already member/request pending.
         "401":
-          description: Unauthorized.
+          description: Unauthorized.
+        "403":
+          description: Bad Token - Invalid Keycloack configuration.

front/MyINPulse-front/src/views/testComponent.vue

@@ -58,7 +58,7 @@ const USERID = ref("");
             <tr>
                 <td>Get Pending Accounts</td>
                 <td>
-                    <button @click="callApi('admin/get_pending_accounts')">
+                    <button @click="callApi('/admin/pending-accounts')">
                         call
                     </button>
                 </td>