Skip to content
Snippets Groups Projects
Commit 5c61bf49 authored by Joshua Gill's avatar Joshua Gill
Browse files

Logging fixed

parent 7079052d
Branches
No related tags found
1 merge request!114LoggingService service class, new method to add a log to the "Logs" table when...
......@@ -23,15 +23,13 @@ import java.util.Map;
public class MiscQueriesImpl implements MiscQueries{
private final JdbcTemplate jdbcTemplate;
private final RowMapper<UserFavouriteTags> userFavouriteTagsRowMapper;
@Autowired
LoggingService loggingService;
private LoggingService loggingService;
/**
* Constructor
* @param aJdbcTemplate - the JDBC Template to pass in
*/
public MiscQueriesImpl(JdbcTemplate aJdbcTemplate) {
public MiscQueriesImpl(JdbcTemplate aJdbcTemplate, LoggingService aLoggingService) {
this.jdbcTemplate = aJdbcTemplate;
userFavouriteTagsRowMapper = (rs, i) -> new UserFavouriteTags(
......@@ -39,6 +37,8 @@ public class MiscQueriesImpl implements MiscQueries{
rs.getLong("User_Id"),
rs.getLong("Tag_Id")
);
loggingService = aLoggingService;
}
/**
......
......@@ -43,7 +43,8 @@ public class LoggingService {
* @param details - details of the event
*/
public void logEvent(String event, HttpSession session, String details) {
if(!jwtUtils.getLoggedInUserRow(session).isPresent()){
// If the user attempting to log is not logged in
if (!jwtUtils.getLoggedInUserId(session).isPresent()) {
return;
}
......
......@@ -9,12 +9,14 @@ import javax.servlet.http.HttpSession;
@Service
public class ShopDeleter {
@Autowired
JdbcTemplate jdbc;
@Autowired
LoggingService loggingService;
public ShopDeleter(JdbcTemplate jdbc, LoggingService loggingService) {
this.jdbc = jdbc;
this.loggingService = loggingService;
}
/**
* @param shopId - the shopID of the shop that the stored procedure is going to delete
*/
......
......@@ -6,6 +6,7 @@ import com.example.clientproject.data.shops.ShopsRepo;
import com.example.clientproject.data.userPermissions.UserPermissionsRepo;
import com.example.clientproject.data.users.Users;
import com.example.clientproject.exceptions.ForbiddenErrorException;
import com.example.clientproject.service.LoggingService;
import com.example.clientproject.service.Utils.JWTUtils;
import com.example.clientproject.service.dtos.UsersDTO;
import com.example.clientproject.service.searches.UsersSearch;
......@@ -29,29 +30,26 @@ import java.util.*;
@Controller
public class SignInController {
public static boolean loggedIn = false;
private UsersSearch usersSearch;
private BusinessRegisterSaver saveBusiness;
private JWTUtils jwtUtils;
private UserLinked userLinked;
private UserPermissionsRepo userPermissionsRepo;
private CategoriesRepo catRepo;
private LoggingService loggingService;
public SignInController(UsersSearch aUsersSearch, BusinessRegisterSaver sBusiness, JWTUtils ajwtUtils,
UserLinked aUserShopLinked,
UserPermissionsRepo aUserPermissionsRepo,
CategoriesRepo aCatRepo) {
CategoriesRepo aCatRepo,
LoggingService aLoggingService) {
usersSearch = aUsersSearch;
saveBusiness = sBusiness;
jwtUtils = ajwtUtils;
userLinked = aUserShopLinked;
userPermissionsRepo = aUserPermissionsRepo;
catRepo = aCatRepo;
loggingService = aLoggingService;
}
@PostMapping("/businessRegister")
......@@ -140,14 +138,34 @@ public class SignInController {
(int) usersDTOOptional.get().getUserId(),
session);
loggedIn = true;
// Log the successful login
loggingService.logEvent(
"Successful Login",
session,
"Successful login with User Id: " + usersDTOOptional.get().getUserId()
);
// Otherwise, throw an exception with the correct error message
} else {
// Log the failed login
loggingService.logEvent(
"Failed Login",
session,
"Failed login with User Email: " + usersDTOOptional.get().getUserEmail() +
" due to incorrect password"
);
//Changed this as it is a security risk exposing which field is incorrect
//throw new ForbiddenErrorException("Password Incorrect");
throw new ForbiddenErrorException("Details Incorrect");
}
// Else - assumes that the email is incorrect
} else {
// Log the successful login
loggingService.logEvent(
"Failed Login",
session,
"Failed login with Email: " + loginForm.getLoginEmail() +
" due to incorrect email"
);
//Changed this as it is a security risk exposing which field is incorrect
//throw new ForbiddenErrorException("Email Incorrect");
throw new ForbiddenErrorException("Details Incorrect");
......
......@@ -3,6 +3,7 @@ package com.example.clientproject.web.controllers.signUpAndIn;
import com.example.clientproject.data.twoFactorMethods.TwoFactorMethods;
import com.example.clientproject.data.users.Users;
import com.example.clientproject.data.users.UsersRepo;
import com.example.clientproject.service.LoggingService;
import com.example.clientproject.service.Utils.JWTUtils;
import com.example.clientproject.service.dtos.UsersDTO;
import com.example.clientproject.service.searches.UsersSearch;
......@@ -25,11 +26,13 @@ public class SignUpController {
private UsersSearch usersSearch;
private UsersRepo usersRepo;
private JWTUtils jwtUtils;
private LoggingService loggingService;
public SignUpController(UsersSearch aUsersSearch, UsersRepo aUsersRepo, JWTUtils jwt) {
public SignUpController(UsersSearch aUsersSearch, UsersRepo aUsersRepo, JWTUtils jwt, LoggingService aLoggingService) {
this.usersSearch = aUsersSearch;
this.usersRepo = aUsersRepo;
this.jwtUtils = jwt;
this.loggingService = aLoggingService;
}
@GetMapping("/signUp")
......@@ -79,12 +82,22 @@ public class SignUpController {
// Save the new user
usersRepo.save(newUser);
System.out.println(newUser.getUserEmail());
// Get the user
usersDTOOptional = usersSearch.findByEmail(signUpForm.getNewUserEmail().toLowerCase());
// Create a JWTSession
jwtUtils.makeUserJWT(
(int) usersDTOOptional.get().getUserId(),
httpSession);
// Log the change
loggingService.logEvent(
"New User",
httpSession,
"New user created with Email: " + newUser.getUserEmail() +
" in SignUpController.signUpPost()"
);
// Redirect to the dashboard
return "redirect:/dashboard";
}
......
......@@ -23,9 +23,10 @@ public class loginAPI {
private JWTUtils jwtUtils;
LoggingService loggingService;
public loginAPI(UsersSearch aUsersSearch, JWTUtils jwt) {
public loginAPI(UsersSearch aUsersSearch, JWTUtils jwt, LoggingService aLoggingService) {
usersSearch = aUsersSearch;
jwtUtils = jwt;
loggingService = aLoggingService;
}
@PostMapping("login_api")
......
......@@ -273,7 +273,7 @@ CREATE TABLE IF NOT EXISTS `mydb`.`Logs` (
`Log_Id` INT NOT NULL AUTO_INCREMENT,
`Event_Id` INT NOT NULL,
`User_Id` INT NOT NULL,
`Log_Details` VARCHAR(150) NOT NULL,
`Log_Details` VARCHAR(250) NOT NULL,
`Log_Date_Time` DATETIME NOT NULL,
`Log_Super_Admin` TINYINT NOT NULL,
PRIMARY KEY(`Log_Id`, `Event_Id`, `User_Id`),
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment