Merge pull request #487 from it-at-m/174-bereitstellung-datenstrukturen

174 bereitstellung datenstrukturen

docs/src/features/auth-service/index.md

@@ -4,4 +4,54 @@ Zuständig für die Authentifizierung und Verwaltung der Rechte der User des Sys
 
 ## Abhängigkeiten
 
-Der Service hat keine Abhängigkeiten zu anderen Services.
+Der Service hat keine Abhängigkeiten zu anderen Services.
+
+## Datenmodell
+
+```mermaid
+
+erDiagram
+    User 1--0+ Authority : hat
+    Authority 1--0+ Permission : hat
+    User 1--|o LoginAttempt : unternahm
+    
+    User {
+        String username
+        boolean userEnabled
+        boolean accountNonLocked
+        String wahltagID
+        LocalDate wahltag
+        String wahlbezirkID
+        String wahlbezirkNummer
+        Wahlbezirksart wahlbezirksArt
+        String pin
+        String wbid_wahlnummer
+    }
+    
+    Authority {
+        String authority
+    }
+    
+    Permission {
+        String permission
+    }
+    
+    LoginAttempt {
+        int attempts
+        LocalDateTime lastModified
+    }
+```
+
+> [!IMPORTANT]
+> Der Benutzername liegt in der Datenbank nur verschlüsselt vor.
+
+
+## Konfigrationsparameter
+
+Alle Konfigurationsparameter beginnen mit dem Prefix `serviceauth`
+
+| Name | Beschreibung                                                                           | Default |
+| ---- |----------------------------------------------------------------------------------------| ------- |
+| crypto.encryptionPrefix | String vor dem verschlüssten Wert. Auf diese Weise sind verschlüsselte Werte erkennbar | ENCRYPTED: |
+| crypto.key | Schlüssel zum ver- und entschlüsseln                                                   | |
+| maxLoginAttempts | Maximale Anzahl an Fehlersuchen bis der Account gesperrt wird.                         | 5 |

wls-auth-service/pom.xml

@@ -36,6 +36,7 @@
         <!-- Version muss mit der in den spring-boot-dependencies bereitgestellten Lombok-Version übereinstimmen -->
         <org.projectlombok.lombok.version>1.18.30</org.projectlombok.lombok.version>
         <org.projectlombok.mapstructbinding.version>0.2.0</org.projectlombok.mapstructbinding.version>
+        <org.mapstruct.version>1.6.2</org.mapstruct.version>
         <org.springdoc.version>2.6.0</org.springdoc.version>
     </properties>
 
@@ -165,6 +166,11 @@
             <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
             <version>${org.springdoc.version}</version>
         </dependency>
+        <dependency>
+            <groupId>de.muenchen.oss.wahllokalsystem.wls-common</groupId>
+            <artifactId>security</artifactId>
+            <version>1.1.0</version>
+        </dependency>
 
         <!-- Validation -->
         <dependency>
@@ -176,6 +182,13 @@
             <artifactId>hibernate-validator</artifactId>
         </dependency>
 
+        <!-- Mapping -->
+        <dependency>
+            <groupId>org.mapstruct</groupId>
+            <artifactId>mapstruct</artifactId>
+            <version>${org.mapstruct.version}</version>
+        </dependency>
+
         <!-- Testing -->
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -306,6 +319,12 @@
                         <goals>
                             <goal>start</goal>
                         </goals>
+                        <configuration>
+                            <environmentVariables>
+                                <SPRING_PROFILES_ACTIVE>db-h2</SPRING_PROFILES_ACTIVE>
+                                <SERVICEAUTH.CRYPTO.KEY>secret</SERVICEAUTH.CRYPTO.KEY>
+                            </environmentVariables>
+                        </configuration>
                     </execution>
                     <execution>
                         <id>post-integration-test</id>
@@ -328,12 +347,25 @@
                             <artifactId>lombok</artifactId>
                             <version>${org.projectlombok.lombok.version}</version>
                         </path>
+                        <path>
+                            <groupId>org.mapstruct</groupId>
+                            <artifactId>mapstruct-processor</artifactId>
+                            <version>${org.mapstruct.version}</version>
+                        </path>
                         <path>
                             <groupId>org.projectlombok</groupId>
                             <artifactId>lombok-mapstruct-binding</artifactId>
                             <version>${org.projectlombok.mapstructbinding.version}</version>
                         </path>
                     </annotationProcessorPaths>
+                    <compilerArgs>
+                        <compilerArg>
+                            -Amapstruct.defaultComponentModel=spring
+                        </compilerArg>
+                        <compilerArg>
+                            -Amapstruct.unmappedTargetPolicy=ERROR
+                        </compilerArg>
+                    </compilerArgs>
                 </configuration>
             </plugin>
             <plugin>

wls-auth-service/src/main/java/de/muenchen/oss/wahllokalsystem/authservice/MicroServiceApplication.java

@@ -18,7 +18,8 @@
 @ComponentScan(
         basePackages = {
                 "org.springframework.data.jpa.convert.threeten",
-                "de.muenchen.oss.wahllokalsystem.authservice"
+                "de.muenchen.oss.wahllokalsystem.authservice",
+                "de.muenchen.oss.wahllokalsystem.wls.common.exception"
         }
 )
 @EntityScan(

wls-auth-service/src/main/java/de/muenchen/oss/wahllokalsystem/authservice/configuration/EncryptionConfiguration.java

@@ -0,0 +1,20 @@
+package de.muenchen.oss.wahllokalsystem.authservice.configuration;
+
+import de.muenchen.oss.wahllokalsystem.wls.common.exception.util.ServiceIDFormatter;
+import de.muenchen.oss.wahllokalsystem.wls.common.security.EncryptionBuilder;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import javax.crypto.NoSuchPaddingException;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class EncryptionConfiguration {
+
+    @Bean
+    public EncryptionBuilder encryptionBuilder(@Value("{serviceauth.crypto.key}") final String cryptoKey, final ServiceIDFormatter serviceIDFormatter)
+            throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException {
+        return new EncryptionBuilder(cryptoKey.getBytes(), serviceIDFormatter);
+    }
+}

wls-auth-service/src/main/java/de/muenchen/oss/wahllokalsystem/authservice/domain/Authority.java

@@ -0,0 +1,37 @@
+package de.muenchen.oss.wahllokalsystem.authservice.domain;
+
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.JoinTable;
+import jakarta.persistence.ManyToMany;
+import java.util.Set;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.NoArgsConstructor;
+import lombok.ToString;
+import org.hibernate.annotations.NaturalId;
+
+@Entity
+@Data
+@EqualsAndHashCode(callSuper = true)
+@NoArgsConstructor
+@AllArgsConstructor
+@ToString(onlyExplicitlyIncluded = true)
+public class Authority extends BaseEntity {
+
+    @ToString.Exclude
+    @NaturalId
+    private String authority;
+
+    @ManyToMany(cascade = { CascadeType.PERSIST, CascadeType.REFRESH }, fetch = FetchType.EAGER)
+    @JoinTable(
+            name = "secauthorities_secpermissions", joinColumns = @JoinColumn(name = "authority_oid"), inverseJoinColumns = @JoinColumn(name = "permission_oid")
+    )
+    private Set<Permission> permissions;
+
+    @ManyToMany(mappedBy = "authorities", cascade = CascadeType.ALL)
+    private Set<User> users;
+}

wls-auth-service/src/main/java/de/muenchen/oss/wahllokalsystem/authservice/domain/AuthorityRepository.java

@@ -0,0 +1,11 @@
+package de.muenchen.oss.wahllokalsystem.authservice.domain;
+
+import java.util.Optional;
+import java.util.UUID;
+import org.springframework.data.repository.CrudRepository;
+
+public interface AuthorityRepository extends CrudRepository<Authority, UUID> {
+
+    Optional<Authority> findByAuthority(String authority);
+
+}

wls-auth-service/src/main/java/de/muenchen/oss/wahllokalsystem/authservice/domain/LoginAttempt.java

@@ -0,0 +1,36 @@
+package de.muenchen.oss.wahllokalsystem.authservice.domain;
+
+import jakarta.persistence.Entity;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Pattern;
+import jakarta.validation.constraints.Size;
+import java.time.LocalDateTime;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.NoArgsConstructor;
+import lombok.ToString;
+import org.hibernate.annotations.NaturalId;
+
+@Entity
+@Data
+@EqualsAndHashCode(callSuper = true)
+@NoArgsConstructor
+@AllArgsConstructor
+@ToString(onlyExplicitlyIncluded = true)
+public class LoginAttempt extends BaseEntity {
+
+    @NaturalId
+    @NotNull
+    @Pattern(regexp = "[a-zA-Z0-9_\\.-]*")
+    @Size(min = 1)
+    @ToString.Include
+    private String username;
+
+    @NotNull
+    @ToString.Include
+    private int attempts;
+
+    @ToString.Include
+    private LocalDateTime lastModified;
+}

wls-auth-service/src/main/java/de/muenchen/oss/wahllokalsystem/authservice/domain/LoginAttemptRepository.java

@@ -0,0 +1,11 @@
+package de.muenchen.oss.wahllokalsystem.authservice.domain;
+
+import java.util.Optional;
+import java.util.UUID;
+import org.springframework.data.repository.CrudRepository;
+
+public interface LoginAttemptRepository extends CrudRepository<LoginAttempt, UUID> {
+
+    Optional<LoginAttempt> findByUsername(String username);
+
+}

wls-auth-service/src/main/java/de/muenchen/oss/wahllokalsystem/authservice/domain/Permission.java

@@ -0,0 +1,21 @@
+package de.muenchen.oss.wahllokalsystem.authservice.domain;
+
+import jakarta.persistence.Entity;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.NoArgsConstructor;
+import lombok.ToString;
+
+@Entity
+@Data
+@EqualsAndHashCode(callSuper = true)
+@NoArgsConstructor
+@AllArgsConstructor
+@ToString(onlyExplicitlyIncluded = true)
+public class Permission extends BaseEntity {
+
+    @ToString.Include
+    private String permission;
+
+}

wls-auth-service/src/main/java/de/muenchen/oss/wahllokalsystem/authservice/domain/PermissionRepository.java

@@ -0,0 +1,10 @@
+package de.muenchen.oss.wahllokalsystem.authservice.domain;
+
+import java.util.Optional;
+import java.util.UUID;
+import org.springframework.data.repository.CrudRepository;
+
+public interface PermissionRepository extends CrudRepository<Permission, UUID> {
+
+    Optional<Permission> findByPermission(String permission);
+}

wls-auth-service/src/main/java/de/muenchen/oss/wahllokalsystem/authservice/domain/User.java

@@ -0,0 +1,77 @@
+package de.muenchen.oss.wahllokalsystem.authservice.domain;
+
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.JoinTable;
+import jakarta.persistence.ManyToMany;
+import jakarta.persistence.Table;
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
+import java.time.LocalDate;
+import java.util.Set;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.NoArgsConstructor;
+import lombok.ToString;
+import org.hibernate.annotations.NaturalId;
+
+@Entity
+@Table(name = "Wlsuser") //user as table name is already in use by h2
+@Data
+@EqualsAndHashCode(callSuper = true)
+@NoArgsConstructor
+@AllArgsConstructor
+@ToString(onlyExplicitlyIncluded = true)
+public class User extends BaseEntity {
+
+    @NaturalId
+    @NotNull
+    @Size(min = 1)
+    @ToString.Include
+    private String username;
+
+    @ToString.Include
+    private String password;
+
+    @Email
+    @ToString.Include
+    private String email;
+
+    @ToString.Include
+    private boolean userEnabled;
+
+    @ToString.Include
+    private boolean accountNonLocked;
+
+    @ToString.Include
+    private String wahltagID;
+
+    @ToString.Include
+    private LocalDate wahltag;
+
+    @ToString.Include
+    private String wahlbezirkID;
+
+    @ToString.Include
+    private String wahlbezirkNummer;
+
+    @ToString.Include
+    @Enumerated(EnumType.STRING)
+    private Wahlbezirksart wahlbezirksArt;
+
+    @ToString.Include
+    private String pin;
+
+    @ManyToMany(fetch = FetchType.EAGER, cascade = CascadeType.PERSIST)
+    @JoinTable(name = "Secusers_Secauthorities", joinColumns = { @JoinColumn(name = "user_oid") }, inverseJoinColumns = { @JoinColumn(name = "authority_oid") })
+    private Set<Authority> authorities;
+
+    @ToString.Include
+    private String wbid_wahlnummer;
+}

wls-auth-service/src/main/java/de/muenchen/oss/wahllokalsystem/authservice/domain/UserRepository.java

@@ -0,0 +1,22 @@
+package de.muenchen.oss.wahllokalsystem.authservice.domain;
+
+import java.util.Collection;
+import java.util.Optional;
+import java.util.UUID;
+
+public interface UserRepository {
+
+    Optional<User> findByUsername(final String username);
+
+    Collection<User> findByWahltagID(final String wahltagID);
+
+    Optional<User> findById(final UUID oid);
+
+    boolean exists(final String username);
+
+    User save(final User user);
+
+    Iterable<User> saveAll(final Iterable<User> users);
+
+    void deleteUsersByWahltagID(final String wahltagid);
+}