add userId to controller response (#1)

README.md

@@ -3,4 +3,4 @@
 Generic authentication service using spring boot security.
 
 ### Requirements
-Java 17 or newer
+Java 21 or newer

src/main/java/com/danielbohry/authservice/api/AuthController.java

@@ -23,14 +23,14 @@ public class AuthController {
     private final AuthService service;
 
     @PostMapping("register")
-    public ResponseEntity<AuthenticationResponse> signup(@RequestBody AuthenticationRequest request) {
+    public ResponseEntity<AuthenticationResponse> register(@RequestBody AuthenticationRequest request) {
         log.info("New signup for username [{}]", request.getUsername());
         var response = service.signup(request);
         return ResponseEntity.ok(response);
     }
 
     @PostMapping("authenticate")
-    public ResponseEntity<AuthenticationResponse> signin(@RequestBody AuthenticationRequest request) {
+    public ResponseEntity<AuthenticationResponse> authenticate(@RequestBody AuthenticationRequest request) {
         log.info("New signing for username [{}]", request.getUsername());
         var response = service.signin(request);
         return ResponseEntity.ok(response);

src/main/java/com/danielbohry/authservice/api/UserController.java

@@ -6,7 +6,6 @@ import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.CrossOrigin;
@@ -14,9 +13,6 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.ArrayList;
-import java.util.List;
-
 @Slf4j
 @RestController
 @AllArgsConstructor
@@ -25,7 +21,7 @@ import java.util.List;
 public class UserController {
 
     @GetMapping("current")
-    public ResponseEntity<?> get() {
+    public ResponseEntity<UserResponse> get() {
         SecurityContext context = SecurityContextHolder.getContext();
         Object principal = context.getAuthentication().getPrincipal();
         if (principal instanceof ApplicationUser user) {
@@ -34,11 +30,4 @@ public class UserController {
 
         return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
     }
-
-    @GetMapping
-    @PreAuthorize("hasAuthority('ADMIN')")
-    public ResponseEntity<List<Object>> getAll() {
-        return ResponseEntity.ok(new ArrayList<>());
-    }
-
 }

src/main/java/com/danielbohry/authservice/api/dto/AuthenticationResponse.java

@@ -10,9 +10,10 @@ import java.util.List;
 @Builder
 public class AuthenticationResponse {
 
+    private final String id;
+    private final String username;
     private final String token;
     private final Instant expirationDate;
-    private final String username;
     private final List<String> roles;
 
 }

src/main/java/com/danielbohry/authservice/service/auth/AuthService.java

@@ -35,26 +35,27 @@ public class AuthService implements UserDetailsService {
     }
 
     public AuthenticationResponse signup(AuthenticationRequest request) {
-        var user = User.builder().username(request.getUsername()).password(passwordEncoder.encode(request.getPassword())).build();
+        UserDetails user = User.builder().username(request.getUsername()).password(passwordEncoder.encode(request.getPassword())).build();
         ApplicationUser saved = service.create(convert(user));
-        var authentication = jwtService.generateToken(saved);
-        return buildResponse(authentication);
+        Authentication authentication = jwtService.generateToken(saved);
+        return buildResponse(saved.getId(), authentication);
     }
 
     public AuthenticationResponse signin(AuthenticationRequest request) {
         authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(
-                request.getUsername(), request.getPassword())
+            request.getUsername(), request.getPassword())
         );
-        var user = service.findByUsername(request.getUsername());
-        var authentication = jwtService.generateToken(user);
-        return buildResponse(authentication);
+        ApplicationUser user = service.findByUsername(request.getUsername());
+        Authentication authentication = jwtService.generateToken(user);
+        return buildResponse(user.getId(), authentication);
     }
 
-    private static AuthenticationResponse buildResponse(Authentication authentication) {
+    private static AuthenticationResponse buildResponse(String id, Authentication authentication) {
         return AuthenticationResponse.builder()
+            .id(id)
+            .username(authentication.username())
             .token(authentication.token())
             .expirationDate(authentication.expirationDate())
-            .username(authentication.username())
             .roles(authentication.authorities())
             .build();
     }

src/main/java/com/danielbohry/authservice/service/auth/JwtService.java

@@ -8,7 +8,6 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Service;
 
-import java.time.Instant;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -38,9 +37,9 @@ public class JwtService {
     public Authentication generateToken(UserDetails userDetails) {
         Map<String, Object> claims = new HashMap<>();
         claims.put(
-                "authorities", userDetails.getAuthorities().stream()
-                        .map(GrantedAuthority::getAuthority)
-                        .collect(toSet())
+            "authorities", userDetails.getAuthorities().stream()
+                .map(GrantedAuthority::getAuthority)
+                .collect(toSet())
         );
         return generateToken(claims, userDetails);
     }
@@ -52,12 +51,13 @@ public class JwtService {
 
     private Authentication generateToken(Map<String, Object> claims, UserDetails userDetails) {
         Date expirationDate = new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 48);
-
-        return new Authentication(Jwts.builder().setClaims(claims)
+        String token = Jwts.builder().setClaims(claims)
             .setSubject(userDetails.getUsername())
             .setIssuedAt(new Date(System.currentTimeMillis()))
             .setExpiration(expirationDate)
-            .signWith(SignatureAlgorithm.HS256, secret).compact(),
+            .signWith(SignatureAlgorithm.HS256, secret).compact();
+
+        return new Authentication(token,
             expirationDate.toInstant(),
             userDetails.getUsername(),
             userDetails.getAuthorities().stream().map(GrantedAuthority::getAuthority).toList()