diff --git a/pom.xml b/pom.xml
index d221a81..c5c8dac 100644
--- a/pom.xml
+++ b/pom.xml
@@ -79,17 +79,13 @@
spring-boot-starter-webmvc-test
test
-
- org.springframework.boot
- spring-boot-starter-actuator
-
org.springframework.boot
spring-boot-starter-security
- jakarta.validation
- jakarta.validation-api
+ org.springframework.boot
+ spring-boot-starter-validation
diff --git a/src/main/java/local/epul4a/fotosharing/controller/AuthController.java b/src/main/java/local/epul4a/fotosharing/controller/AuthController.java
index bacef49..00052f1 100644
--- a/src/main/java/local/epul4a/fotosharing/controller/AuthController.java
+++ b/src/main/java/local/epul4a/fotosharing/controller/AuthController.java
@@ -2,6 +2,7 @@ package local.epul4a.fotosharing.controller;
import local.epul4a.fotosharing.model.Utilisateur;
import local.epul4a.fotosharing.repository.UtilisateurRepository;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
@@ -13,7 +14,9 @@ import jakarta.validation.Valid;
@Controller
public class AuthController {
+ @Autowired
private final UtilisateurRepository utilisateurRepository;
+ @Autowired
private final PasswordEncoder passwordEncoder;
public AuthController(UtilisateurRepository utilisateurRepository, PasswordEncoder passwordEncoder) {
@@ -37,21 +40,19 @@ public class AuthController {
}
@PostMapping("/register")
- public String doRegister(@ModelAttribute("utilisateur") @Valid Utilisateur utilisateur,
- BindingResult bindingResult, Model model) {
- if (bindingResult.hasErrors()) {
- return "register";
- }
-
+ public String register(@ModelAttribute Utilisateur utilisateur, Model model) {
+ // Vérifier si l'email existe déjà
if (utilisateurRepository.findByEmail(utilisateur.getEmail()).isPresent()) {
- model.addAttribute("error", "Email déjà utilisé");
+ model.addAttribute("error", "Cet email est déjà utilisé");
return "register";
}
- // encoder le mot de passe puis sauvegarder
+ // CRUCIAL : Encoder le mot de passe avant de sauvegarder
utilisateur.setMotDePasse(passwordEncoder.encode(utilisateur.getMotDePasse()));
utilisateur.setActif(true);
+
utilisateurRepository.save(utilisateur);
+
return "redirect:/login?registered";
}
}
\ No newline at end of file
diff --git a/src/main/java/local/epul4a/fotosharing/security/CustomUserDetailsService.java b/src/main/java/local/epul4a/fotosharing/security/CustomUserDetailsService.java
index 77cb8f8..0f66256 100644
--- a/src/main/java/local/epul4a/fotosharing/security/CustomUserDetailsService.java
+++ b/src/main/java/local/epul4a/fotosharing/security/CustomUserDetailsService.java
@@ -2,6 +2,9 @@ package local.epul4a.fotosharing.security;
import local.epul4a.fotosharing.model.Utilisateur;
import local.epul4a.fotosharing.repository.UtilisateurRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Service;
@@ -9,16 +12,19 @@ import org.springframework.stereotype.Service;
@Service
public class CustomUserDetailsService implements UserDetailsService {
- private final UtilisateurRepository utilisateurRepository;
-
- public CustomUserDetailsService(UtilisateurRepository utilisateurRepository) {
- this.utilisateurRepository = utilisateurRepository;
- }
+ @Autowired
+ private UtilisateurRepository utilisateurRepository;
@Override
- public CustomUserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
- Utilisateur u = utilisateurRepository.findByEmail(username)
- .orElseThrow(() -> new UsernameNotFoundException("Utilisateur introuvable: " + username));
- return new CustomUserDetails(u);
+ public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
+ Utilisateur utilisateur = utilisateurRepository.findByEmail(email)
+ .orElseThrow(() -> new UsernameNotFoundException("Utilisateur non trouvé : " + email));
+
+ return User.builder()
+ .username(utilisateur.getEmail())
+ .password(utilisateur.getMotDePasse()) // Le hash BCrypt depuis la BD
+ .disabled(!utilisateur.isActif())
+ .authorities("USER")
+ .build();
}
}
\ No newline at end of file
diff --git a/src/main/java/local/epul4a/fotosharing/security/SecurityConfig.java b/src/main/java/local/epul4a/fotosharing/security/SecurityConfig.java
index 254b9db..0cefae8 100644
--- a/src/main/java/local/epul4a/fotosharing/security/SecurityConfig.java
+++ b/src/main/java/local/epul4a/fotosharing/security/SecurityConfig.java
@@ -1,63 +1,59 @@
package local.epul4a.fotosharing.security;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.Customizer;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
+import java.io.DataOutput;
+
@Configuration
@EnableMethodSecurity
+@EnableWebSecurity
public class SecurityConfig {
- private final CustomUserDetailsService customUserDetailsService;
-
- public SecurityConfig(CustomUserDetailsService customUserDetailsService) {
- this.customUserDetailsService = customUserDetailsService;
- }
-
- @Bean
- public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-
- http
- .authorizeHttpRequests(auth -> auth
- .requestMatchers("/login", "/register", "/css/**", "/js/**").permitAll()
- .anyRequest().authenticated()
- )
- .formLogin(form -> form
- .loginPage("/login")
- .defaultSuccessUrl("/", true)
- .permitAll()
- )
- .logout(logout -> logout
- .logoutSuccessUrl("/login?logout=true")
- .permitAll()
- )
- .csrf(csrf -> csrf.disable());
-
- return http.build();
- }
-
- @Bean
- public UserDetailsService userDetailsService() {
- // Spring Security 6.2 utilise ce bean automatiquement
- return customUserDetailsService;
- }
-
- @Bean
- public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
- // Spring Boot crée automatiquement un DaoAuthenticationProvider interne
- return config.getAuthenticationManager();
- }
+ @Autowired
+ private CustomUserDetailsService customUserDetailsService;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
+
+ @Bean
+ public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
+ return config.getAuthenticationManager();
+ }
+
+ @Bean
+ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+ http
+ .userDetailsService(customUserDetailsService) // Utiliser directement le UserDetailsService
+ .authorizeHttpRequests(auth -> auth
+ .requestMatchers("/register", "/login", "/css/**", "/js/**").permitAll()
+ .anyRequest().authenticated()
+ )
+ .formLogin(form -> form
+ .loginPage("/login")
+ .defaultSuccessUrl("/", true)
+ .failureUrl("/login?error=true")
+ .permitAll()
+ )
+ .logout(logout -> logout
+ .logoutSuccessUrl("/login?logout")
+ .permitAll()
+ );
+
+ return http.build();
+ }
}
+
diff --git a/target/classes/local/epul4a/fotosharing/controller/AuthController.class b/target/classes/local/epul4a/fotosharing/controller/AuthController.class
index 97793d6..c59934b 100644
Binary files a/target/classes/local/epul4a/fotosharing/controller/AuthController.class and b/target/classes/local/epul4a/fotosharing/controller/AuthController.class differ
diff --git a/target/classes/local/epul4a/fotosharing/security/CustomUserDetailsService.class b/target/classes/local/epul4a/fotosharing/security/CustomUserDetailsService.class
index b9e9184..6cbfc95 100644
Binary files a/target/classes/local/epul4a/fotosharing/security/CustomUserDetailsService.class and b/target/classes/local/epul4a/fotosharing/security/CustomUserDetailsService.class differ
diff --git a/target/classes/local/epul4a/fotosharing/security/SecurityConfig.class b/target/classes/local/epul4a/fotosharing/security/SecurityConfig.class
index 1bdaef2..410a6e2 100644
Binary files a/target/classes/local/epul4a/fotosharing/security/SecurityConfig.class and b/target/classes/local/epul4a/fotosharing/security/SecurityConfig.class differ