From 499156f90bb730f4e0b21c3013d1b422d6457821 Mon Sep 17 00:00:00 2001
From: Gregory Rudolph <rudi@nightmare.haus>
Date: Wed, 30 Sep 2020 13:33:36 -0400
Subject: [PATCH] Setup for Secure Auth via MySQL

---
 pom.xml                                       |  6 ++++-
 src/main/java/MTGClone/WebSecurityConfig.java | 22 ++++++++++++++++
 .../MTGClone/controller/CardController.java   | 25 +++++++++----------
 src/main/webapp/WEB-INF/jsp/card.jsp          | 15 ++++-------
 4 files changed, 44 insertions(+), 24 deletions(-)
 create mode 100644 src/main/java/MTGClone/WebSecurityConfig.java

diff --git a/pom.xml b/pom.xml
index c9d17a9..4d96524 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,11 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
-		</dependency>
+    </dependency>
+    <dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+    </dependency>
 <!-- jstl -->
     <dependency>
         <groupId>jstl</groupId>
diff --git a/src/main/java/MTGClone/WebSecurityConfig.java b/src/main/java/MTGClone/WebSecurityConfig.java
new file mode 100644
index 0000000..120092e
--- /dev/null
+++ b/src/main/java/MTGClone/WebSecurityConfig.java
@@ -0,0 +1,22 @@
+package MTGClone;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        System.out.println("Called configure(HttpSecurity http);");
+        http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated().and().formLogin().and()
+                .csrf().disable().logout();
+    }
+
+    // TODO: Login using SQLDriver.authenticateUser(username, password)
+ 
+
+}
\ No newline at end of file
diff --git a/src/main/java/MTGClone/controller/CardController.java b/src/main/java/MTGClone/controller/CardController.java
index 39d97a5..fa01930 100644
--- a/src/main/java/MTGClone/controller/CardController.java
+++ b/src/main/java/MTGClone/controller/CardController.java
@@ -1,5 +1,6 @@
 package MTGClone.controller;
 
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.ui.ModelMap;
@@ -14,24 +15,22 @@ import java.util.ArrayList;
 @Controller
 public class CardController {
     @GetMapping({"/card", "/"})
-    public String hello(Model model) {
+    public String showCards(Model model) {
         ArrayList<Card> allCards = (new SQLDriver()).getAllCards();
         model.addAttribute("allcards", allCards);
-        
         return "card";
     }
-    
-    
-    
-    @PostMapping({"/card"})
-    public String greet(@RequestParam("cardname") String cardname, @RequestParam("manacost") int manacost, 
-    @RequestParam("power") int power, @RequestParam("toughness") int toughness, @RequestParam("description") String description, @RequestParam("creaturetype") String creaturetype,
-    @RequestParam("username") String username, @RequestParam("password") String password, ModelMap modelMap) {
+
+    @PostMapping({"/card", "/"})
+    public String newCard(@RequestParam("cardname") String cardname, @RequestParam("manacost") int manacost, 
+    @RequestParam("power") int power, @RequestParam("toughness") int toughness, @RequestParam("description") String description,
+    @RequestParam("creaturetype") String creaturetype, ModelMap modelMap) {
         SQLDriver d = new SQLDriver();
-        if (d.authenticateUser(username, password)) {
-            Card newCard = new Card(cardname, manacost, power, toughness, description, "", creaturetype);
-            d.insertCard(newCard);
-        }        
+        System.out.println(creaturetype);
+        System.out.println("Posting to /card detected");
+        Card newCard = new Card(cardname, manacost, power, toughness, description, "", creaturetype);
+        d.insertCard(newCard);
+        //modelMap.addAttribute("allcards", d.getAllCards()); 
         return "card";
     }
     
diff --git a/src/main/webapp/WEB-INF/jsp/card.jsp b/src/main/webapp/WEB-INF/jsp/card.jsp
index 99fa0e0..a7c6679 100644
--- a/src/main/webapp/WEB-INF/jsp/card.jsp
+++ b/src/main/webapp/WEB-INF/jsp/card.jsp
@@ -1,6 +1,6 @@
 <!DOCTYPE html>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<html lang="en">
+<html lang="en" xmlns:th="http://www.thymeleaf.org">
    <head>
      <link href="https://fonts.googleapis.com/css2?family=Ubuntu&display=swap" rel="stylesheet">
     <style>
@@ -25,7 +25,7 @@ table, td, th{
 .container label {
   position: relative;font-size:20px;
   }
-  .container input, textarea{
+  .container input, textarea, select{
     background-color:#CFCACA;position:relative;border-radius:5px;font-size:20px;
   }
     </style>
@@ -38,7 +38,7 @@ table, td, th{
    
     <div class="container">
     
-    <form action="/card" method="post">
+    <form action="#" method="post" th:action="@{/card}" >
         <br><br><label style="left:210px;font-size:26px;"for="cardname">Card Name:</label>
         <input style="left:210px;font-size:24px;width:300px;"placeholder="Card Title"type="text" id="cardname" name="cardname"><br><br>
         <label style="left:150px;"for="manacost">Mana Cost:</label>
@@ -48,7 +48,7 @@ table, td, th{
         <label style="left:350px;"for="toughness">Toughness:</label>
         <input style="left:350px;"type="text" id="toughness"name="toughness">
         <label style="left:450px;"for="creaturetype">Spell Type:</label>
-        <select style="background-color:#CFCACA;position:relative;border-radius:4px;left:450px;font-size:20px;width:250px;"id="creaturetype"name="creaturetype">
+        <select style="left:450px;width:250px;"id="creaturetype"name="creaturetype">
           <option value="Evocation">Evocation</option>
           <option value="Ward">Ward</option>
           <option value="Curse">Curse</option>
@@ -56,12 +56,7 @@ table, td, th{
         <br><br>
         <label style="vertical-align:middle;left:145px;"for="description">Description:</label>
         <textarea style="border-radius:5px;vertical-align:middle;left:145px;font-size:18px;width:658px;height:120px;"placeholder="Flavor text, etc."type="text" id="description" name="description"></textarea>
-       
-        <label style="left:245px;font-size:14px;"for="username">Username:</label>
-        <input style="left:245px;font-size:14px;"type="text" id="username" name="username">
-        <label style="left:300px;font-size:14px;"for="password">Password:</label>
-        <input style="left:300px;font-size:14px;"type="password" id="password" name="password"><br>
-        
+       <br><input type="hidden" name="_csrf" th:value="${_csrf.token}"/>
         <br> <input style="height:40px;width:15%;display:block;margin:0 auto;" type="submit" value="Submit"><br><br>
       </form>
       </div>