From ad35c6b3616553abe5d23d01be504c97e9a395c3 Mon Sep 17 00:00:00 2001
From: fatima ezzahra majidi <fatima-ezzahra.majidi.etu@univ-lille.fr>
Date: Fri, 7 Mar 2025 06:20:18 +0000
Subject: [PATCH] renforcement des roles

---
 .../config/SecurityConfig.java                | 24 +++++++++----------
 .../controllers/AuthController.java           | 22 +++++++++++------
 2 files changed, 27 insertions(+), 19 deletions(-)

diff --git a/src/main/java/com/example/gestionstagesbackend/config/SecurityConfig.java b/src/main/java/com/example/gestionstagesbackend/config/SecurityConfig.java
index 26b1c00..4d5645e 100644
--- a/src/main/java/com/example/gestionstagesbackend/config/SecurityConfig.java
+++ b/src/main/java/com/example/gestionstagesbackend/config/SecurityConfig.java
@@ -42,18 +42,18 @@ public class SecurityConfig {
                         .requestMatchers("/**").permitAll()
 
                         // Role-based access
-                        .requestMatchers("/api/students").hasRole("ETUDIANT")
-                        .requestMatchers("/api/students/**").hasRole("ETUDIANT")
-                        .requestMatchers("/api/stages").hasRole("ETUDIANT")
-                        .requestMatchers("/api/stages/**").hasRole("ENTREPRISE")
-                        .requestMatchers("/api/students").hasRole("SUPERVISEUR")
-                        .requestMatchers("/api/students/**").hasRole("SUPERVISEUR")
-                        .requestMatchers("/api/stages").hasRole("SUPERVISEUR")
-                        .requestMatchers("/api/stages/**").hasRole("SUPERVISEUR")
-                        .requestMatchers("/api/enterprises/add").hasRole("ENTREPRISE")
-                        .requestMatchers("/api/enterprises/update").hasRole("ENTREPRISE")
-                        .requestMatchers("/api/enterprises/delete").hasRole("ENTREPRISE")
-                        .requestMatchers("/**").hasRole("ADMIN")
+                        .requestMatchers("/api/students").hasAuthority("ROLE_ETUDIANT")
+                        .requestMatchers("/api/students/**").hasAuthority("ROLE_ETUDIANT")
+                        .requestMatchers("/api/stages").hasAuthority("ROLE_ETUDIANT")
+                        .requestMatchers("/api/stages/**").hasAuthority("ROLE_ENTREPRISE")
+                        .requestMatchers("/api/students").hasAuthority("ROLE_SUPERVISEUR")
+                        .requestMatchers("/api/students/**").hasAuthority("ROLE_SUPERVISEUR")
+                        .requestMatchers("/api/stages").hasAuthority("ROLE_SUPERVISEUR")
+                        .requestMatchers("/api/stages/**").hasAuthority("ROLE_SUPERVISEUR")
+                        .requestMatchers("/api/enterprises/add").hasAuthority("ROLE_ENTREPRISE")
+                        .requestMatchers("/api/enterprises/update").hasAuthority("ROLE_ENTREPRISE")
+                        .requestMatchers("/api/enterprises/delete").hasAuthority("ROLE_ENTREPRISE")
+                        .requestMatchers("/**").hasAuthority("ROLE_ADMIN")
 
                         // Any other request requires authentication
                         .anyRequest().authenticated()
diff --git a/src/main/java/com/example/gestionstagesbackend/controllers/AuthController.java b/src/main/java/com/example/gestionstagesbackend/controllers/AuthController.java
index 04135e8..e8f5cc2 100644
--- a/src/main/java/com/example/gestionstagesbackend/controllers/AuthController.java
+++ b/src/main/java/com/example/gestionstagesbackend/controllers/AuthController.java
@@ -58,15 +58,16 @@ public class AuthController {
 
         if (username == null || password == null) {
             System.out.println("❌ Username or password is missing in the request.");
-            return ResponseEntity.status(400).body("Username and password are required");
+            return ResponseEntity.status(400).body(Map.of("error", "Username and password are required"));
         }
 
-        Optional<User> user = userService.findByUsername(username);
-        if (user.isEmpty()) {
+        Optional<User> userOptional = userService.findByUsername(username);
+        if (userOptional.isEmpty()) {
             System.out.println("❌ User not found!");
-            return ResponseEntity.status(401).body("Invalid credentials");
+            return ResponseEntity.status(401).body(Map.of("error", "Invalid credentials"));
         }
 
+        User user = userOptional.get();
         System.out.println("✅ User found: " + username);
 
         try {
@@ -77,13 +78,20 @@ public class AuthController {
             // Update security context on successful authentication
             SecurityContextHolder.getContext().setAuthentication(authentication);
             System.out.println("✅ Login successful for user: " + username);
-            return ResponseEntity.ok("Login successful");
+
+            // ✅ 🔥 Renvoie les rôles de l'utilisateur dans la réponse
+            return ResponseEntity.ok(Map.of(
+                    "message", "Login successful",
+                    "username", user.getUsername(),
+                    "roles", user.getRoles() // Retourne les rôles ici
+            ));
+
         } catch (Exception e) {
             System.out.println("❌ Authentication failed for user " + username + ": " + e.getMessage());
-            return ResponseEntity.status(401).body("Invalid username or password");
+            return ResponseEntity.status(401).body(Map.of("error", "Invalid username or password"));
         }
-
     }
+
     /** LOGOUT USER **/
     @PostMapping("/logout")
     public ResponseEntity<?> logoutUser(HttpServletRequest request, HttpServletResponse response) {
-- 
GitLab