piair/MyINPulse
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix 403 errors #12

Merged
piair merged 5 commits from backend-test into main 2025-05-07 11:08:57 +02:00
Conversation 4 Commits 5 Files Changed 11 +2766 -21
11 changed files with 2766 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile
View File

@ -2,6 +2,7 @@ help:
@echo "make [clean dev-front prod dev-back dev]"
clean:
pkill -9 node
@cp config/frontdev.env front/MyINPulse-front/.env
@cp config/frontdev.env .env
@cp config/frontdev.env MyINPulse-back/.env

12
MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java
View File

@ -56,12 +56,18 @@ public class WebSecurityCustomConfiguration {
http.authorizeHttpRequests(
authorize ->
authorize
.requestMatchers("/entrepreneur/**", "/shared/**")
.requestMatchers("/entrepreneur/**")
.access(hasRole("REALM_MyINPulse-entrepreneur"))
.requestMatchers("/admin/**", "/shared/**")
.requestMatchers("/admin/**")
.access(hasRole("REALM_MyINPulse-admin"))
.requestMatchers("/shared/**")
.hasAnyRole(
"REALM_MyINPulse-admin",
"REALM_MyINPulse-entrepreneur")
.requestMatchers("/unauth/**")
.authenticated())
.authenticated()
.anyRequest()
.denyAll())
.oauth2ResourceServer(
oauth2 ->
oauth2.jwt(

4
MyINPulse-back/src/main/resources/application.properties
View File

@ -1,6 +1,6 @@
spring.application.name=myinpulse
spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://localhost:7080/realms/test/protocol/openid-connect/certs
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:7080/realms/test
spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://localhost:7080/realms/${VITE_KEYCLOAK_REALM}/protocol/openid-connect/certs
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:7080/realms/${VITE_KEYCLOAK_REALM}
spring.datasource.url=jdbc:postgresql://${DATABASE_URL}/${BACKEND_DB}
spring.datasource.username=${BACKEND_USER}
spring.datasource.password=${BACKEND_PASSWORD}

4
config/dev.env
View File

@ -16,7 +16,7 @@ BACKEND_PASSWORD=backend_db_user_password
DATABASE_URL=localhost:5433
VITE_KEYCLOAK_URL=http://localhost:7080
VITE_KEYCLOAK_CLIENT_ID=myinpulse-dev
VITE_KEYCLOAK_REALM=test
VITE_KEYCLOAK_CLIENT_ID=MyINPulse-vite
VITE_KEYCLOAK_REALM=MyINPulse
VITE_APP_URL=http://localhost:5173
VITE_BACKEND_URL=http://localhost:8081/

29
documentation/openapi/src/adminApi.yaml
View File

@ -22,6 +22,8 @@ paths:
description: Bad Request - Invalid project data provided (e.g., missing required fields).
"401":
description: Unauthorized - Authentication required or invalid token.
"403":
description: Bad Token - Invalid Keycloack configuration.
post:
operationId: addProjectManually
@ -49,6 +51,8 @@ paths:
description: Bad Request - Project already exists.
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.
/admin/projects/pending:
@ -71,6 +75,8 @@ paths:
$ref: "./main.yaml#/components/schemas/project" # Assuming pending projects use the same schema
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.
/admin/request-join:
get:
@ -92,6 +98,8 @@ paths:
$ref: "./main.yaml#/components/schemas/joinRequest"
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.
/admin/request-join/decision/{joinRequestId}:
post:
@ -122,6 +130,8 @@ paths:
description: Bad Request - Invalid input (e.g., missing decision).
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.
/admin/projects/pending/decision:
@ -150,6 +160,8 @@ paths:
description: Bad Request - Invalid input (e.g., missing decision).
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.
/admin/pending-accounts: # Path updated
@ -172,6 +184,8 @@ paths:
$ref: "./main.yaml#/components/schemas/user-entrepreneur"
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.
/admin/accounts/validate/{userId}:
post: # Changed to POST as it changes state
@ -195,7 +209,8 @@ paths:
description: No Content - Account validated successfully.
"400":
description: Bad Request - Invalid user ID format.
"403":
description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@ -217,6 +232,8 @@ paths:
type: array
items:
$ref: "./main.yaml#/components/schemas/appointment"
"403":
description: Bad Token - Invalid Keycloack configuration.
"404":
description: no appointments found.
"401":
@ -254,6 +271,8 @@ paths:
schema: { $ref: "./main.yaml#/components/schemas/report" }
"400":
description: Bad Request - Invalid input (e.g., missing content, invalid appointment ID format).
"403":
description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@ -288,6 +307,8 @@ paths:
schema: { $ref: "./main.yaml#/components/schemas/report" }
"400":
description: Bad Request - Invalid input (e.g., missing content).
"403":
description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@ -314,6 +335,8 @@ paths:
description: No Content - Project removed successfully.
"400":
description: Bad Request - Invalid project ID format.
"403":
description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@ -341,6 +364,8 @@ paths:
description: No Content - Admin rights granted successfully.
"400":
description: Bad Request - Invalid user ID format or user is already an admin.
"403":
description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@ -358,3 +383,5 @@ paths:
description: No Content - Admin user created successfully.
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.

54
documentation/openapi/src/bundled.yaml
View File

@ -257,6 +257,8 @@ paths:
description: Bad Request - Problem processing the token or user data derived from it.
'401':
description: Unauthorized - Valid authentication token required.
'403':
description: Bad Token - Invalid Keycloack configuration.
'/unauth/request-join/{projectId}':
post:
summary: Request to join an existing project
@ -278,6 +280,8 @@ paths:
description: Bad Request - Invalid project ID format
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
'409':
description: Already member/request pending.
/admin/pending-accounts:
@ -301,6 +305,8 @@ paths:
$ref: '#/components/schemas/user-entrepreneur'
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
'/admin/accounts/validate/{userId}':
post:
operationId: validateUserAccount
@ -326,6 +332,8 @@ paths:
description: Bad Request - Invalid user ID format.
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
/admin/request-join:
get:
operationId: getPendingProjects
@ -347,6 +355,8 @@ paths:
$ref: '#/components/schemas/joinRequest'
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
'/admin/request-join/decision/{joinRequestId}':
post:
summary: Approve or reject a pending project join request
@ -376,6 +386,8 @@ paths:
description: 'Bad Request - Invalid input (e.g., missing decision).'
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
/admin/projects:
get:
operationId: getAdminProjects
@ -399,6 +411,8 @@ paths:
description: 'Bad Request - Invalid project data provided (e.g., missing required fields).'
'401':
description: Unauthorized - Authentication required or invalid token.
'403':
description: Bad Token - Invalid Keycloack configuration.
post:
operationId: addProjectManually
summary: Manually add a new project
@ -424,6 +438,8 @@ paths:
$ref: '#/components/schemas/project'
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
'409':
description: Bad Request - Project already exists.
/admin/projects/pending:
@ -447,6 +463,8 @@ paths:
$ref: '#/components/schemas/project'
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
/admin/projects/pending/decision:
post:
operationId: decidePendingProject
@ -474,6 +492,8 @@ paths:
description: 'Bad Request - Invalid input (e.g., missing decision).'
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
'/admin/appointments/report/{appointmentId}':
post:
operationId: createAppointmentReport
@ -510,6 +530,8 @@ paths:
description: 'Bad Request - Invalid input (e.g., missing content, invalid appointment ID format).'
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
put:
operationId: updateAppointmentReport
summary: Update an existing appointment report
@ -545,6 +567,8 @@ paths:
description: 'Bad Request - Invalid input (e.g., missing content).'
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
/admin/appointments/upcoming:
get:
operationId: getUpcomingAppointments
@ -566,6 +590,8 @@ paths:
$ref: '#/components/schemas/appointment'
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
'404':
description: no appointments found.
'/admin/projects/{projectId}':
@ -593,6 +619,8 @@ paths:
description: Bad Request - Invalid project ID format.
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
'/admin/make-admin/{userId}':
post:
operationId: grantAdminRights
@ -618,6 +646,8 @@ paths:
description: Bad Request - Invalid user ID format or user is already an admin.
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
/admin/create-account:
post:
summary: Creates Admin out Jwt Token
@ -632,6 +662,8 @@ paths:
description: No Content - Admin user created successfully.
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
'/shared/projects/sectionCells/{projectId}/{sectionId}/{date}':
get:
operationId: getSectionCellsByDate
@ -676,6 +708,8 @@ paths:
description: Bad Request - Invalid parameter format.
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
'/shared/projects/entrepreneurs/{projectId}':
get:
operationId: getProjectEntrepreneurs
@ -706,7 +740,7 @@ paths:
'401':
description: Unauthorized.
'403':
description: Forbidden - User does not have access to this project.
description: Forbidden - User does not have access to this project or invalid Keycloack configuration.
'404':
description: Not Found - Project not found.
'/shared/projects/admin/{projectId}':
@ -737,7 +771,7 @@ paths:
'401':
description: Unauthorized.
'403':
description: Forbidden - User does not have access to this project.
description: Forbidden - User does not have access to this project or invalid Keycloack configuration.
'404':
description: Not Found - Project not found.
'/shared/projects/appointments/{projectId}':
@ -769,6 +803,8 @@ paths:
$ref: '#/components/schemas/appointment'
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
'/shared/appointments/report/{appointmentId}':
get:
operationId: getAppointmentReport
@ -798,6 +834,8 @@ paths:
format: binary
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
/shared/appointments/request:
post:
operationId: requestAppointment
@ -823,6 +861,8 @@ paths:
description: Bad Request - Invalid appointment details.
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
/entrepreneur/projects:
get:
summary: gets the projectId of the project associated with the entrepreneur
@ -844,6 +884,8 @@ paths:
$ref: '#/components/schemas/project'
'401':
description: Unauthorized or identity not found
'403':
description: Bad Token - Invalid Keycloack configuration.
'404':
description: Bad Request - Invalid input or ID mismatch.
/entrepreneur/projects/request:
@ -873,6 +915,8 @@ paths:
description: 'Bad Request - Invalid input (e.g., missing name).'
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
/entrepreneur/sectionCells:
post:
operationId: addSectionCell
@ -897,6 +941,8 @@ paths:
description: 'Bad Request - Invalid input (e.g., missing content or sectionId).'
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
'/entrepreneur/sectionCells/{sectionCellId}':
put:
operationId: modifySectionCell
@ -927,6 +973,8 @@ paths:
description: OK - Section cell updated successfully. Returns the updated cell.
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
'404':
description: Bad Request - Invalid input or ID mismatch.
delete:
@ -953,5 +1001,7 @@ paths:
description: Bad Request - Invalid ID format.
'401':
description: Unauthorized.
'403':
description: Bad Token - Invalid Keycloack configuration.
'404':
description: Bad Request - sectionCell not found.

10
documentation/openapi/src/entrepreneurApi.yaml
View File

@ -27,6 +27,8 @@ paths:
description: Bad Request - Invalid input (e.g., missing name).
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.
/entrepreneur/sectionCells: # Base path
post:
@ -52,6 +54,8 @@ paths:
description: Bad Request - Invalid input (e.g., missing content or sectionId).
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.
/entrepreneur/sectionCells/{sectionCellId}:
put:
@ -84,6 +88,8 @@ paths:
description: Bad Request - Invalid input or ID mismatch.
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.
delete:
operationId: removeSectionCell
@ -110,6 +116,8 @@ paths:
description: Bad Request - sectionCell not found.
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.
/entrepreneur/projects:
@ -134,3 +142,5 @@ paths:
description: Bad Request - Invalid input or ID mismatch.
"401":
description: Unauthorized or identity not found
"403":
description: Bad Token - Invalid Keycloack configuration.

13
documentation/openapi/src/sharedApi.yaml
View File

@ -37,6 +37,8 @@ paths:
$ref: "./main.yaml#/components/schemas/sectionCell"
"400":
description: Bad Request - Invalid parameter format.
"403":
description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@ -68,7 +70,7 @@ paths:
"401":
description: Unauthorized.
"403":
description: Forbidden - User does not have access to this project.
description: Forbidden - User does not have access to this project or invalid Keycloack configuration.
"404":
description: Not Found - Project not found.
@ -97,7 +99,7 @@ paths:
"401":
description: Unauthorized.
"403":
description: Forbidden - User does not have access to this project.
description: Forbidden - User does not have access to this project or invalid Keycloack configuration.
"404":
description: Not Found - Project not found.
@ -126,6 +128,8 @@ paths:
type: array
items:
$ref: "./main.yaml#/components/schemas/appointment"
"403":
description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@ -156,6 +160,8 @@ paths:
format: binary
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.
/shared/appointments/request:
@ -180,7 +186,8 @@ paths:
description: Accepted - Appointment request submitted.
"400":
description: Bad Request - Invalid appointment details.
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.

6
documentation/openapi/src/unauthApi.yaml
View File

@ -24,6 +24,8 @@ paths:
description: Bad Request - Problem processing the token or user data derived from it.
"401":
description: Unauthorized - Valid authentication token required.
"403":
description: Bad Token - Invalid Keycloack configuration.
/unauth/request-join/{projectId}:
post:
summary: Request to join an existing project
@ -47,6 +49,8 @@ paths:
description: Already member/request pending.
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.
/unauth/request-admin-role:
post:
summary: Request to join an existing project
@ -60,3 +64,5 @@ paths:
description: Bad Request - Invalid project ID format or already member/request pending.
"401":
description: Unauthorized.
"403":
description: Bad Token - Invalid Keycloack configuration.

2
front/MyINPulse-front/src/views/testComponent.vue
View File

@ -58,7 +58,7 @@ const USERID = ref("");
<tr>
<td>Get Pending Accounts</td>
<td>
<button @click="callApi('admin/get_pending_accounts')">
<button @click="callApi('/admin/pending-accounts')">
call
</button>
</td>

2638
keycloak/realm.json Normal file
View File

File diff suppressed because it is too large Load Diff