From ab39783534f9e09564258db9195063bf58739caa Mon Sep 17 00:00:00 2001
From: Corow <90448778+CorentinDenoulet@users.noreply.github.com>
Date: Mon, 16 Jan 2023 17:04:26 +0100
Subject: [PATCH 1/8] Init

---
 pw/pw-jwt-oauth/client/package-lock.json | 14 ++++++++++++++
 pw/pw-jwt-oauth/client/package.json      |  3 ++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/pw/pw-jwt-oauth/client/package-lock.json b/pw/pw-jwt-oauth/client/package-lock.json
index 36175dd2..3fec65d1 100644
--- a/pw/pw-jwt-oauth/client/package-lock.json
+++ b/pw/pw-jwt-oauth/client/package-lock.json
@@ -16,6 +16,7 @@
         "@angular/platform-browser": "~13.0.0",
         "@angular/platform-browser-dynamic": "~13.0.0",
         "@angular/router": "~13.0.0",
+        "maven": "^5.0.0",
         "ngx-webstorage": "^9.0.0",
         "rxjs": "~7.4.0",
         "tslib": "^2.3.0",
@@ -7448,6 +7449,14 @@
         "node": ">= 10"
       }
     },
+    "node_modules/maven": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/maven/-/maven-5.0.0.tgz",
+      "integrity": "sha512-GFor/ZwWLCYXTY5GnuH2l78O21FBLzTHA37kZNHH8MuahcLTQGHXTgC2x7dp+IQyEHGt4RrI/vCcy6lL8PqNoA==",
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
     "node_modules/media-typer": {
       "version": "0.3.0",
       "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
@@ -18172,6 +18181,11 @@
         "ssri": "^8.0.0"
       }
     },
+    "maven": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/maven/-/maven-5.0.0.tgz",
+      "integrity": "sha512-GFor/ZwWLCYXTY5GnuH2l78O21FBLzTHA37kZNHH8MuahcLTQGHXTgC2x7dp+IQyEHGt4RrI/vCcy6lL8PqNoA=="
+    },
     "media-typer": {
       "version": "0.3.0",
       "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
diff --git a/pw/pw-jwt-oauth/client/package.json b/pw/pw-jwt-oauth/client/package.json
index 5b9af23d..ebbfaa6f 100644
--- a/pw/pw-jwt-oauth/client/package.json
+++ b/pw/pw-jwt-oauth/client/package.json
@@ -18,6 +18,7 @@
     "@angular/platform-browser": "~13.0.0",
     "@angular/platform-browser-dynamic": "~13.0.0",
     "@angular/router": "~13.0.0",
+    "maven": "^5.0.0",
     "ngx-webstorage": "^9.0.0",
     "rxjs": "~7.4.0",
     "tslib": "^2.3.0",
@@ -37,4 +38,4 @@
     "karma-jasmine-html-reporter": "~1.7.0",
     "typescript": "~4.4.3"
   }
-}
\ No newline at end of file
+}

From 870841076f0bb39552892aa5da8e8d1311ff1883 Mon Sep 17 00:00:00 2001
From: Marie Pivette <58333036+mariePivette@users.noreply.github.com>
Date: Mon, 6 Feb 2023 16:06:11 +0100
Subject: [PATCH 2/8] Coding authenticateSuccess

---
 .../src/app/services/auth/auth-jwt.service.ts | 22 ++++++++++++-------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.service.ts b/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.service.ts
index f192227d..f18038d3 100644
--- a/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.service.ts
+++ b/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.service.ts
@@ -35,15 +35,21 @@ export class AuthServerProvider {
   // In case of authentication success , get the JWT from the response and store it in client storage
   authenticateSuccess(resp: HttpResponse<any>, rememberMe: boolean) {
     // BearerToken to retrieve from Authorization Header ( use resp.headers.get )
-    //  let bearerToken = resp.headers.get('....');
-    // Verify the content of the authorization header is indeed a bearer token  and not null ( use slice on string)
-    //  if (bearerToken && ...)
-    // retrieve the token by removing the "Bearer" string with slice function
-    //  let jwt = bearerToken.slice(.....);
-    // store the jwt in the credentials ( use  storeAuthenticationToken )
-    // this.storeAuthenticationToken(.....);
+    let bearerToken = resp.headers.get("Authorization");
+    console.log(bearerToken)
+
+    let jwt;
+
+    // Verify the content of the authorization header is indeed a bearer token and not null ( use slice on string)
+    if(bearerToken?.slice(0,6) == "Bearer"){
+      // retrieve the token by removing the "Bearer" string with slice function
+      jwt = bearerToken.slice(7);
+
+      // store the jwt in the credentials ( use  storeAuthenticationToken )
+      this.storeAuthenticationToken(jwt, rememberMe)
+    }
     // return the jwt
-    return resp;
+    return jwt;
   }
 
   loginWithToken(jwt: string, rememberMe: boolean) {

From f6b04d7e2b59f3551aca7a3737bed2efddcbb1b9 Mon Sep 17 00:00:00 2001
From: Corow <90448778+CorentinDenoulet@users.noreply.github.com>
Date: Mon, 6 Feb 2023 16:10:36 +0100
Subject: [PATCH 3/8] JWT configurer is active

Activation of the JWT configurer.
---
 .../com/worldline/bookstore/config/SecurityConfiguration.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pw/pw-jwt-oauth/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java b/pw/pw-jwt-oauth/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java
index 4ce8239d..bb75ddba 100644
--- a/pw/pw-jwt-oauth/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java
+++ b/pw/pw-jwt-oauth/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java
@@ -100,8 +100,8 @@ protected void configure(HttpSecurity http) throws Exception {
                 .antMatchers("/management/health").permitAll()
                 .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
                 .antMatchers("/v2/api-docs/**").hasAuthority(AuthoritiesConstants.ADMIN)
-        // .and()
-        // .apply(securityConfigurerAdapter())
+                .and()
+                .apply(securityConfigurerAdapter())
         ;
         // TODO uncomment this line to activate JWT filter
 

From 10c1eb72bb1f302dbc1df983419d5317a697204a Mon Sep 17 00:00:00 2001
From: Corow <90448778+CorentinDenoulet@users.noreply.github.com>
Date: Mon, 6 Feb 2023 16:42:32 +0100
Subject: [PATCH 4/8] HttpInterceptor function

Coding HttpInterceptor function
---
 .../app/services/auth/auth-jwt.interceptor.ts  | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.interceptor.ts b/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.interceptor.ts
index fdc4d6da..fbc3aff4 100644
--- a/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.interceptor.ts
+++ b/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.interceptor.ts
@@ -25,15 +25,17 @@ export class JwtInterceptor implements HttpInterceptor {
     next: HttpHandler
   ): Observable<HttpEvent<any>> {
     //  retrieve jwt token from client storage (local or session) with the key 'authenticationToken'
-    // let token = this.ng2localStorage.retrieve(....) || this.ng2sessionStorage.retrieve(....);
+    let token = this.ng2localStorage.retrieve('authenticationToken') || this.ng2sessionStorage.retrieve('authenticationToken');
+
     //  verify token is present
-    // if (...){
-    //  set authorization header in the request with the token : 'Authorization: Bearer __token__'
-    // req = req.clone({
-    //   setHeaders: {
-    //     Authorization: ....
-    //   }
-    // });
+    if (token) {
+      //  set authorization header in the request with the token : 'Authorization: Bearer __token__'
+      req = req.clone({
+        setHeaders: {
+          Authorization: `Bearer ${token}`
+        }
+      });
+    }
 
     return next.handle(req).pipe(
       tap(

From 76ab7d36ba3e6476e89311932257928dcb2c7cc6 Mon Sep 17 00:00:00 2001
From: Corow <90448778+CorentinDenoulet@users.noreply.github.com>
Date: Wed, 8 Feb 2023 10:34:16 +0100
Subject: [PATCH 5/8] Comment

Comment the changes
---
 .../com/worldline/bookstore/config/SecurityConfiguration.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pw/pw-jwt-oauth/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java b/pw/pw-jwt-oauth/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java
index bb75ddba..52a9dfaf 100644
--- a/pw/pw-jwt-oauth/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java
+++ b/pw/pw-jwt-oauth/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java
@@ -103,7 +103,7 @@ protected void configure(HttpSecurity http) throws Exception {
                 .and()
                 .apply(securityConfigurerAdapter())
         ;
-        // TODO uncomment this line to activate JWT filter
+        // Uncomment line 103 & 104 to activate the JWT configurer
 
     }
 

From 15d51f14b61ef642007252fcb39553138842dae1 Mon Sep 17 00:00:00 2001
From: Corow <90448778+CorentinDenoulet@users.noreply.github.com>
Date: Wed, 8 Feb 2023 10:52:14 +0100
Subject: [PATCH 6/8] Comments

Comment the HTTP interceptor function
---
 .../client/src/app/services/auth/auth-jwt.interceptor.ts   | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.interceptor.ts b/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.interceptor.ts
index fbc3aff4..a40080db 100644
--- a/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.interceptor.ts
+++ b/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.interceptor.ts
@@ -24,15 +24,14 @@ export class JwtInterceptor implements HttpInterceptor {
     req: HttpRequest<any>,
     next: HttpHandler
   ): Observable<HttpEvent<any>> {
-    //  retrieve jwt token from client storage (local or session) with the key 'authenticationToken'
     let token = this.ng2localStorage.retrieve('authenticationToken') || this.ng2sessionStorage.retrieve('authenticationToken');
-
-    //  verify token is present
+    // get the JWT token from the client's storage
     if (token) {
-      //  set authorization header in the request with the token : 'Authorization: Bearer __token__'
+      // check if the token is present
       req = req.clone({
         setHeaders: {
           Authorization: `Bearer ${token}`
+          // set authorization header
         }
       });
     }

From 0017e30839b9fcf56b87e92e225e93b1b970c213 Mon Sep 17 00:00:00 2001
From: Marie Pivette <marie.pivette@student.junia.com>
Date: Thu, 9 Feb 2023 15:47:29 +0100
Subject: [PATCH 7/8] comments

---
 .idea/workspace.xml                           | 84 +++++++++++++++++++
 .../app/services/auth/auth-jwt.interceptor.ts | 21 +++--
 .../src/app/services/auth/auth-jwt.service.ts | 15 ++--
 .../config/SecurityConfiguration.java         |  4 +-
 4 files changed, 104 insertions(+), 20 deletions(-)
 create mode 100644 .idea/workspace.xml

diff --git a/.idea/workspace.xml b/.idea/workspace.xml
new file mode 100644
index 00000000..6a4237c5
--- /dev/null
+++ b/.idea/workspace.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="AutoImportSettings">
+    <option name="autoReloadType" value="SELECTIVE" />
+  </component>
+  <component name="ChangeListManager">
+    <list default="true" id="d41ac8fc-4cb2-4d39-b3a8-7db513bce353" name="Changes" comment="">
+      <change beforePath="$PROJECT_DIR$/package-lock.json" beforeDir="false" afterPath="$PROJECT_DIR$/package-lock.json" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/package.json" beforeDir="false" afterPath="$PROJECT_DIR$/package.json" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pw/pw-jwt-oauth/client/package-lock.json" beforeDir="false" afterPath="$PROJECT_DIR$/pw/pw-jwt-oauth/client/package-lock.json" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pw/pw-jwt-oauth/client/package.json" beforeDir="false" afterPath="$PROJECT_DIR$/pw/pw-jwt-oauth/client/package.json" afterDir="false" />
+    </list>
+    <option name="SHOW_DIALOG" value="false" />
+    <option name="HIGHLIGHT_CONFLICTS" value="true" />
+    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
+    <option name="LAST_RESOLUTION" value="IGNORE" />
+  </component>
+  <component name="Git.Settings">
+    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
+  </component>
+  <component name="MarkdownSettingsMigration">
+    <option name="stateVersion" value="1" />
+  </component>
+  <component name="MavenImportPreferences">
+    <option name="generalSettings">
+      <MavenGeneralSettings>
+        <option name="useMavenConfig" value="true" />
+      </MavenGeneralSettings>
+    </option>
+    <option name="importingSettings">
+      <MavenImportingSettings>
+        <option name="workspaceImportEnabled" value="true" />
+      </MavenImportingSettings>
+    </option>
+  </component>
+  <component name="ProjectId" id="2KPcTQWvqCY82vEHG7GhWrg893d" />
+  <component name="ProjectViewState">
+    <option name="hideEmptyMiddlePackages" value="true" />
+    <option name="showLibraryContents" value="true" />
+  </component>
+  <component name="PropertiesComponent"><![CDATA[{
+  "keyToString": {
+    "RunOnceActivity.OpenProjectViewOnStart": "true",
+    "RunOnceActivity.ShowReadmeOnStart": "true",
+    "WebServerToolWindowFactoryState": "false",
+    "jdk.selected.JAVA_MODULE": "azul-11",
+    "last_opened_file_path": "C:/Users/pivet/Documents/2022-2023/Approche qualité/angular-security-training/pw/pw-jwt-oauth/client",
+    "node.js.detected.package.eslint": "true",
+    "node.js.detected.package.tslint": "true",
+    "node.js.selected.package.eslint": "(autodetect)",
+    "node.js.selected.package.tslint": "(autodetect)",
+    "nodejs_package_manager_path": "npm",
+    "project.structure.last.edited": "Artifacts",
+    "project.structure.proportion": "0.15",
+    "project.structure.side.proportion": "0.2",
+    "settings.editor.selected.configurable": "MavenSettings",
+    "ts.external.directory.path": "C:\\Users\\pivet\\Documents\\2022-2023\\Approche qualité\\angular-security-training\\pw\\pw-jwt-oauth\\client\\node_modules\\typescript\\lib",
+    "vue.rearranger.settings.migration": "true"
+  }
+}]]></component>
+  <component name="SpellCheckerSettings" RuntimeDictionaries="0" Folders="0" CustomDictionaries="0" DefaultDictionary="application-level" UseSingleDictionary="true" transferred="true" />
+  <component name="TaskManager">
+    <task active="true" id="Default" summary="Default task">
+      <changelist id="d41ac8fc-4cb2-4d39-b3a8-7db513bce353" name="Changes" comment="" />
+      <created>1673879665682</created>
+      <option name="number" value="Default" />
+      <option name="presentableId" value="Default" />
+      <updated>1673879665682</updated>
+      <workItem from="1673879666800" duration="3035000" />
+      <workItem from="1673885032801" duration="1076000" />
+      <workItem from="1673886134052" duration="763000" />
+      <workItem from="1675674341537" duration="246000" />
+      <workItem from="1675688592641" duration="16000" />
+    </task>
+    <servers />
+  </component>
+  <component name="TypeScriptGeneratedFilesManager">
+    <option name="version" value="3" />
+  </component>
+  <component name="XSLT-Support.FileAssociations.UIState">
+    <expand />
+    <select />
+  </component>
+</project>
\ No newline at end of file
diff --git a/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.interceptor.ts b/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.interceptor.ts
index fdc4d6da..3d52ada8 100644
--- a/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.interceptor.ts
+++ b/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.interceptor.ts
@@ -18,22 +18,25 @@ export class JwtInterceptor implements HttpInterceptor {
     private ng2localStorage: LocalStorageService,
     private ng2sessionStorage: SessionStorageService,
     private router: Router
-  ) {}
+  ) {
+  }
 
   intercept(
     req: HttpRequest<any>,
     next: HttpHandler
   ): Observable<HttpEvent<any>> {
     //  retrieve jwt token from client storage (local or session) with the key 'authenticationToken'
-    // let token = this.ng2localStorage.retrieve(....) || this.ng2sessionStorage.retrieve(....);
+    let token = this.ng2localStorage.retrieve('authenticationToken') || this.ng2sessionStorage.retrieve('authenticationToken');
+
     //  verify token is present
-    // if (...){
-    //  set authorization header in the request with the token : 'Authorization: Bearer __token__'
-    // req = req.clone({
-    //   setHeaders: {
-    //     Authorization: ....
-    //   }
-    // });
+    if (token) {
+      //  set authorization header in the request with the token : 'Authorization: Bearer __token__'
+      req = req.clone({
+        setHeaders: {
+          Authorization: `Bearer ${token}`
+        }
+      });
+    }
 
     return next.handle(req).pipe(
       tap(
diff --git a/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.service.ts b/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.service.ts
index f18038d3..b0dcf711 100644
--- a/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.service.ts
+++ b/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.service.ts
@@ -30,25 +30,22 @@ export class AuthServerProvider {
         map((resp) => this.authenticateSuccess(resp, credentials.rememberMe))
       );
   }
-
-  // TODO PW-JWT-auth
-  // In case of authentication success , get the JWT from the response and store it in client storage
+  
+  // Get JWT in case of authentication success and store it in client storage
   authenticateSuccess(resp: HttpResponse<any>, rememberMe: boolean) {
-    // BearerToken to retrieve from Authorization Header ( use resp.headers.get )
     let bearerToken = resp.headers.get("Authorization");
     console.log(bearerToken)
-
     let jwt;
 
-    // Verify the content of the authorization header is indeed a bearer token and not null ( use slice on string)
+    // Verify the bearerToken
     if(bearerToken?.slice(0,6) == "Bearer"){
-      // retrieve the token by removing the "Bearer" string with slice function
+
+      // Retrieve the token from bearerToken
       jwt = bearerToken.slice(7);
 
-      // store the jwt in the credentials ( use  storeAuthenticationToken )
+      // Store the jwt in the credentials
       this.storeAuthenticationToken(jwt, rememberMe)
     }
-    // return the jwt
     return jwt;
   }
 
diff --git a/pw/pw-jwt-oauth/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java b/pw/pw-jwt-oauth/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java
index 4ce8239d..bb75ddba 100644
--- a/pw/pw-jwt-oauth/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java
+++ b/pw/pw-jwt-oauth/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java
@@ -100,8 +100,8 @@ protected void configure(HttpSecurity http) throws Exception {
                 .antMatchers("/management/health").permitAll()
                 .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
                 .antMatchers("/v2/api-docs/**").hasAuthority(AuthoritiesConstants.ADMIN)
-        // .and()
-        // .apply(securityConfigurerAdapter())
+                .and()
+                .apply(securityConfigurerAdapter())
         ;
         // TODO uncomment this line to activate JWT filter
 

From 364c26c4d2009bbc20ad6cad925fb5908ef3d7dd Mon Sep 17 00:00:00 2001
From: Marie Pivette <58333036+mariePivette@users.noreply.github.com>
Date: Mon, 13 Feb 2023 15:10:11 +0100
Subject: [PATCH 8/8] No need for console.log and not secure

---
 pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.service.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.service.ts b/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.service.ts
index b0dcf711..98213e61 100644
--- a/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.service.ts
+++ b/pw/pw-jwt-oauth/client/src/app/services/auth/auth-jwt.service.ts
@@ -34,7 +34,6 @@ export class AuthServerProvider {
   // Get JWT in case of authentication success and store it in client storage
   authenticateSuccess(resp: HttpResponse<any>, rememberMe: boolean) {
     let bearerToken = resp.headers.get("Authorization");
-    console.log(bearerToken)
     let jwt;
 
     // Verify the bearerToken