Stirling-PDF/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java

package stirling.software.SPDF.config.security;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.List;
import java.util.UUID;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import jakarta.annotation.PostConstruct;
import stirling.software.SPDF.model.ApplicationProperties;
import stirling.software.SPDF.model.Role;

@Component
public class InitialSecuritySetup {

    @Autowired private UserService userService;

    @Autowired ApplicationProperties applicationProperties;

    private static final Logger logger = LoggerFactory.getLogger(InitialSecuritySetup.class);

    @PostConstruct
    public void init() {
        if (!userService.hasUsers()) {

            String initialUsername =
                    applicationProperties.getSecurity().getInitialLogin().getUsername();
            String initialPassword =
                    applicationProperties.getSecurity().getInitialLogin().getPassword();
            if (initialUsername != null && initialPassword != null) {
                try {
                    // https://github.com/Stirling-Tools/Stirling-PDF/issues/976
                    userService.isUsernameValidWithReturn(initialUsername);
                } catch (IllegalArgumentException e) {
                    Path pathToFile = Paths.get("configs/settings.yml");

                    if (Files.exists(pathToFile)) {
                        logger.error(
                                "Invalid initial username provided , username can only contain letters, numbers and the following special characters @._+- or must be a valid email address.");
                        System.exit(1);
                    }
                    throw e;
                }
                userService.saveUser(initialUsername, initialPassword, Role.ADMIN.getRoleId());
            } else {
                initialUsername = "admin";
                initialPassword = "stirling";
                userService.saveUser(
                        initialUsername, initialPassword, Role.ADMIN.getRoleId(), true);
            }
        }
        if (!userService.usernameExistsIgnoreCase(Role.INTERNAL_API_USER.getRoleId())) {
            userService.saveUser(
                    Role.INTERNAL_API_USER.getRoleId(),
                    UUID.randomUUID().toString(),
                    Role.INTERNAL_API_USER.getRoleId());
            userService.addApiKeyToUser(Role.INTERNAL_API_USER.getRoleId());
        }
    }

    @PostConstruct
    public void initSecretKey() throws IOException {
        String secretKey = applicationProperties.getAutomaticallyGenerated().getKey();
        if (!isValidUUID(secretKey)) {
            secretKey = UUID.randomUUID().toString(); // Generating a random UUID as the secret key
            saveKeyToConfig(secretKey);
        }
    }

    private void saveKeyToConfig(String key) throws IOException {
        Path path = Paths.get("configs", "settings.yml"); // Target the configs/settings.yml
        List<String> lines = Files.readAllLines(path);
        boolean keyFound = false;

        // Search for the existing key to replace it or place to add it
        for (int i = 0; i < lines.size(); i++) {
            if (lines.get(i).startsWith("AutomaticallyGenerated:")) {
                keyFound = true;
                if (i + 1 < lines.size() && lines.get(i + 1).trim().startsWith("key:")) {
                    lines.set(i + 1, "  key: " + key);
                    break;
                } else {
                    lines.add(i + 1, "  key: " + key);
                    break;
                }
            }
        }

        // If the section doesn't exist, append it
        if (!keyFound) {
            lines.add("# Automatically Generated Settings (Do Not Edit Directly)");
            lines.add("AutomaticallyGenerated:");
            lines.add("  key: " + key);
        }

        // Write back to the file
        Files.write(path, lines);
    }

    private boolean isValidUUID(String uuid) {
        if (uuid == null) {
            return false;
        }
        try {
            UUID.fromString(uuid);
            return true;
        } catch (IllegalArgumentException e) {
            return false;
        }
    }
}
Create InitialSetup.java 2023-08-13 01:14:14 +01:00			`package stirling.software.SPDF.config.security;`

cleanup imports 2023-08-27 00:39:22 +01:00			`import java.io.IOException;`
			`import java.nio.file.Files;`
			`import java.nio.file.Path;`
			`import java.nio.file.Paths;`
			`import java.util.List;`
			`import java.util.UUID;`

extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`import org.slf4j.Logger;`
			`import org.slf4j.LoggerFactory;`
Create InitialSetup.java 2023-08-13 01:14:14 +01:00			`import org.springframework.beans.factory.annotation.Autowired;`
			`import org.springframework.stereotype.Component;`

			`import jakarta.annotation.PostConstruct;`
configs and app setup stuff 2023-08-26 17:30:49 +01:00			`import stirling.software.SPDF.model.ApplicationProperties;`
Create InitialSetup.java 2023-08-13 01:14:14 +01:00			`import stirling.software.SPDF.model.Role;`
formatting 2023-12-30 19:11:27 +00:00
Create InitialSetup.java 2023-08-13 01:14:14 +01:00			`@Component`
test 2023-08-27 11:59:08 +01:00			`public class InitialSecuritySetup {`
Create InitialSetup.java 2023-08-13 01:14:14 +01:00
configs and app setup stuff 2023-08-26 17:30:49 +01:00			`@Autowired private UserService userService;`
itext changes 2023-09-02 00:05:50 +01:00
rename to settins.yml 2023-08-26 22:33:23 +01:00			`@Autowired ApplicationProperties applicationProperties;`
configs and app setup stuff 2023-08-26 17:30:49 +01:00
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`private static final Logger logger = LoggerFactory.getLogger(InitialSecuritySetup.class);`

configs and app setup stuff 2023-08-26 17:30:49 +01:00			`@PostConstruct`
			`public void init() {`
			`if (!userService.hasUsers()) {`
rename to settins.yml 2023-08-26 22:33:23 +01:00
updates 2023-09-29 23:58:37 +01:00			`String initialUsername =`
			`applicationProperties.getSecurity().getInitialLogin().getUsername();`
			`String initialPassword =`
			`applicationProperties.getSecurity().getInitialLogin().getPassword();`
Update InitialSecuritySetup.java 2024-05-12 20:17:46 +02:00			`if (initialUsername != null && initialPassword != null) {`
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`try {`
Update InitialSecuritySetup.java 2024-05-12 20:17:46 +02:00			`// https://github.com/Stirling-Tools/Stirling-PDF/issues/976`
			`userService.isUsernameValidWithReturn(initialUsername);`
			`} catch (IllegalArgumentException e) {`
			`Path pathToFile = Paths.get("configs/settings.yml");`
Update InitialSecuritySetup.java 2024-05-18 19:38:39 +01:00
			`if (Files.exists(pathToFile)) {`
			`logger.error(`
			`"Invalid initial username provided , username can only contain letters, numbers and the following special characters @._+- or must be a valid email address.");`
			`System.exit(1);`
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`}`
Update InitialSecuritySetup.java 2024-05-12 20:17:46 +02:00			`throw e;`
extends the functionality of oauth in Stirling PDF 2024-05-12 19:58:34 +02:00			`}`
updates 2023-09-29 23:58:37 +01:00			`userService.saveUser(initialUsername, initialPassword, Role.ADMIN.getRoleId());`
formatting 2023-12-30 19:11:27 +00:00			`} else {`
updates 2023-09-29 23:58:37 +01:00			`initialUsername = "admin";`
			`initialPassword = "stirling";`
			`userService.saveUser(`
			`initialUsername, initialPassword, Role.ADMIN.getRoleId(), true);`
formatting 2023-12-30 19:11:27 +00:00			`}`
			`}`
Fix: Resolve Username Case Sensitivity Issue in Login Flow (#1070) * Fix: Username changing The only situation where the username must be unique is when changing the username. * Update UserController.java 2024-04-14 23:07:03 +02:00			`if (!userService.usernameExistsIgnoreCase(Role.INTERNAL_API_USER.getRoleId())) {`
Role stuff 2023-12-25 12:58:49 +00:00			`userService.saveUser(`
			`Role.INTERNAL_API_USER.getRoleId(),`
			`UUID.randomUUID().toString(),`
			`Role.INTERNAL_API_USER.getRoleId());`
internal API plus brute force security 2023-12-24 17:12:32 +00:00			`userService.addApiKeyToUser(Role.INTERNAL_API_USER.getRoleId());`
formatting 2023-12-30 19:11:27 +00:00			`}`
			`}`
configs and app setup stuff 2023-08-26 17:30:49 +01:00
			`@PostConstruct`
			`public void initSecretKey() throws IOException {`
			`String secretKey = applicationProperties.getAutomaticallyGenerated().getKey();`
introduces custom settings file (#1158) * Introducing a custom settings file * formats * chnages * Update README.md 2024-05-03 20:43:48 +01:00			`if (!isValidUUID(secretKey)) {`
configs and app setup stuff 2023-08-26 17:30:49 +01:00			`secretKey = UUID.randomUUID().toString(); // Generating a random UUID as the secret key`
			`saveKeyToConfig(secretKey);`
			`}`
			`}`

			`private void saveKeyToConfig(String key) throws IOException {`
rename to settins.yml 2023-08-26 22:33:23 +01:00			`Path path = Paths.get("configs", "settings.yml"); // Target the configs/settings.yml`
configs and app setup stuff 2023-08-26 17:30:49 +01:00			`List<String> lines = Files.readAllLines(path);`
			`boolean keyFound = false;`

			`// Search for the existing key to replace it or place to add it`
			`for (int i = 0; i < lines.size(); i++) {`
			`if (lines.get(i).startsWith("AutomaticallyGenerated:")) {`
			`keyFound = true;`
			`if (i + 1 < lines.size() && lines.get(i + 1).trim().startsWith("key:")) {`
			`lines.set(i + 1, " key: " + key);`
			`break;`
			`} else {`
			`lines.add(i + 1, " key: " + key);`
			`break;`
			`}`
			`}`
			`}`

			`// If the section doesn't exist, append it`
			`if (!keyFound) {`
			`lines.add("# Automatically Generated Settings (Do Not Edit Directly)");`
			`lines.add("AutomaticallyGenerated:");`
			`lines.add(" key: " + key);`
			`}`

			`// Write back to the file`
			`Files.write(path, lines);`
			`}`
flatten (#1167) 2024-05-05 13:33:17 +01:00
introduces custom settings file (#1158) * Introducing a custom settings file * formats * chnages * Update README.md 2024-05-03 20:43:48 +01:00			`private boolean isValidUUID(String uuid) {`
			`if (uuid == null) {`
			`return false;`
			`}`
			`try {`
			`UUID.fromString(uuid);`
			`return true;`
			`} catch (IllegalArgumentException e) {`
			`return false;`
			`}`
			`}`
configs and app setup stuff 2023-08-26 17:30:49 +01:00			`}`