Merge pull request #363 from softwaremagico/358-qr-code-session-close…

…d-after-accessing

Fixing QR code access

README.md

@@ -8,7 +8,7 @@
 [![GitHub commit activity](https://img.shields.io/github/commit-activity/y/softwaremagico/KendoTournamentManager)](https://github.com/softwaremagico/KendoTournamentManager)
 [![GitHub last commit](https://img.shields.io/github/last-commit/softwaremagico/KendoTournamentManager)](https://github.com/softwaremagico/KendoTournamentManager)
 [![CircleCI](https://circleci.com/gh/softwaremagico/KendoTournamentManager.svg?style=shield)](https://circleci.com/gh/softwaremagico/KendoTournamentManager)
-[![Time](https://img.shields.io/badge/development-592h-blueviolet.svg)]()
+[![Time](https://img.shields.io/badge/development-593h-blueviolet.svg)]()
 
 [![Powered by](https://img.shields.io/badge/powered%20by%20java-orange.svg?logo=OpenJDK&logoColor=white)]()
 [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=kendo-tournament-backend&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=kendo-tournament-backend)

backend/kendo-tournament-core/src/main/java/com/softwaremagico/kt/core/providers/ParticipantProvider.java

@@ -113,10 +113,16 @@ public Participant generateToken(Participant participant) {
     }
 
     public Optional<Participant> findByTemporalToken(String token) {
-        return getRepository().findByTemporalToken(token);
+        if (token != null) {
+            return getRepository().findByTemporalToken(token);
+        }
+        return Optional.empty();
     }
 
     public Optional<Participant> findByTokenUsername(String tokenUsername) {
+        if (tokenUsername == null) {
+            return Optional.empty();
+        }
         if (tokenUsername.contains(ParticipantProvider.TOKEN_NAME_SEPARATOR)) {
             final String[] fields = tokenUsername.split(ParticipantProvider.TOKEN_NAME_SEPARATOR);
             try {

backend/kendo-tournament-rest/src/main/java/com/softwaremagico/kt/rest/services/BasicServices.java

@@ -61,6 +61,15 @@ protected CONTROLLER getController() {
         return controller;
     }
 
+    /**
+     * This method is done due to @PreAuthorize cannot be overriden. TournamentService need to set a GUEST permission to it.
+     *
+     * @return an array of roles.
+     */
+    public String[] requiredRoleForEntityById() {
+        return new String[]{"ROLE_VIEWER", "ROLE_EDITOR", "ROLE_ADMIN"};
+    }
+
     @PreAuthorize("hasAnyRole('ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN')")
     @Operation(summary = "Gets all", security = @SecurityRequirement(name = "bearerAuth"))
     @GetMapping(value = "", produces = MediaType.APPLICATION_JSON_VALUE)
@@ -75,10 +84,10 @@ public long count(HttpServletRequest request) {
         return controller.count();
     }
 
-    @PreAuthorize("hasAnyRole('ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN')")
+    @PreAuthorize("hasAnyRole(#root.this.requiredRoleForEntityById())")
     @Operation(summary = "Gets an entity.", security = @SecurityRequirement(name = "bearerAuth"))
     @GetMapping(value = "/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
-    public DTO get(@Parameter(description = "Id of an existing application", required = true) @PathVariable("id") Integer id,
+    public DTO get(@Parameter(description = "Id of an existing entity", required = true) @PathVariable("id") Integer id,
                    HttpServletRequest request) {
         return controller.get(id);
     }

backend/kendo-tournament-rest/src/main/java/com/softwaremagico/kt/rest/services/FrontendLoggerServices.java

@@ -42,23 +42,23 @@ private static String sanitize(Object parameter) {
         return parameter.toString().replaceAll("[\n\r\t]", "_");
     }
 
-    @PreAuthorize("hasAnyRole('ROLE_GUEST', 'ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN')")
+    @PreAuthorize("hasAnyRole('ROLE_GUEST', 'ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN', 'ROLE_PARTICIPANT')")
     @Operation(summary = "Register an action that must be logged.", security = @SecurityRequirement(name = "bearerAuth"))
     @PostMapping(value = "/info")
     @ResponseStatus(HttpStatus.OK)
     public void info(@RequestBody LogDTO log, HttpServletRequest request) {
         FrontendLogger.info(this.getClass(), sanitize(log.getMessage()));
     }
 
-    @PreAuthorize("hasAnyRole('ROLE_GUEST', 'ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN')")
+    @PreAuthorize("hasAnyRole('ROLE_GUEST', 'ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN', 'ROLE_PARTICIPANT')")
     @Operation(summary = "Register a warning that must be logged.", security = @SecurityRequirement(name = "bearerAuth"))
     @PostMapping(value = "/warning")
     @ResponseStatus(HttpStatus.OK)
     public void warning(@RequestBody LogDTO log, HttpServletRequest request) {
         FrontendLogger.warning(this.getClass(), sanitize(log.getMessage()));
     }
 
-    @PreAuthorize("hasAnyRole('ROLE_GUEST', 'ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN')")
+    @PreAuthorize("hasAnyRole('ROLE_GUEST', 'ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN', 'ROLE_PARTICIPANT')")
     @Operation(summary = "Register an error that must be logged.", security = @SecurityRequirement(name = "bearerAuth"))
     @PostMapping(value = "/error")
     @ResponseStatus(HttpStatus.OK)

backend/kendo-tournament-rest/src/main/java/com/softwaremagico/kt/rest/services/GroupLinkServices.java

@@ -51,7 +51,7 @@ public GroupLinkServices(GroupLinkController groupController) {
     }
 
 
-    @PreAuthorize("hasAnyRole('ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN')")
+    @PreAuthorize("hasAnyRole('ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN', 'ROLE_GUEST')")
     @Operation(summary = "Gets all groups links.", security = @SecurityRequirement(name = "bearerAuth"))
     @GetMapping(value = "/tournament/{tournamentId}", produces = MediaType.APPLICATION_JSON_VALUE)
     public List<GroupLinkDTO> getAll(@Parameter(description = "Id of an existing tournament", required = true)

backend/kendo-tournament-rest/src/main/java/com/softwaremagico/kt/rest/services/GroupServices.java

@@ -71,7 +71,7 @@ public GroupServices(GroupController groupController, PdfController pdfControlle
         this.tournamentController = tournamentController;
     }
 
-    @PreAuthorize("hasAnyRole('ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN')")
+    @PreAuthorize("hasAnyRole('ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN', 'ROLE_GUEST')")
     @Operation(summary = "Gets all groups.", security = @SecurityRequirement(name = "bearerAuth"))
     @GetMapping(value = "/tournaments/{tournamentId}", produces = MediaType.APPLICATION_JSON_VALUE)
     public List<GroupDTO> getAll(@Parameter(description = "Id of an existing tournament", required = true) @PathVariable("tournamentId") Integer tournamentId,

backend/kendo-tournament-rest/src/main/java/com/softwaremagico/kt/rest/services/ParticipantServices.java

@@ -51,6 +51,16 @@ public ParticipantServices(ParticipantController participantController) {
         super(participantController);
     }
 
+    /**
+     * This method is done due to @PreAuthorize cannot be overriden. TournamentService need to set a GUEST permission to it.
+     *
+     * @return an array of roles.
+     */
+    @Override
+    public String[] requiredRoleForEntityById() {
+        return new String[]{"ROLE_VIEWER", "ROLE_EDITOR", "ROLE_ADMIN", "ROLE_PARTICIPANT"};
+    }
+
 
     @PreAuthorize("hasAnyRole('ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN', 'ROLE_GUEST', 'ROLE_PARTICIPANT')")
     @Operation(summary = "Gets the participant data from the jwt token username.", security = @SecurityRequirement(name = "bearerAuth"))

backend/kendo-tournament-rest/src/main/java/com/softwaremagico/kt/rest/services/TeamServices.java

@@ -77,7 +77,7 @@ public TeamServices(TeamController teamController, TournamentController tourname
     }
 
 
-    @PreAuthorize("hasAnyRole('ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN')")
+    @PreAuthorize("hasAnyRole('ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN', 'ROLE_GUEST')")
     @Operation(summary = "Gets all teams from a tournament.", security = @SecurityRequirement(name = "bearerAuth"))
     @GetMapping(value = "/tournaments/{tournamentId}", produces = MediaType.APPLICATION_JSON_VALUE)
     public List<TeamDTO> getAll(@Parameter(description = "Id of an existing tournament", required = true) @PathVariable("tournamentId") Integer tournamentId,

backend/kendo-tournament-rest/src/main/java/com/softwaremagico/kt/rest/services/TournamentExtraPropertiesServices.java

@@ -52,7 +52,7 @@ public TournamentExtraPropertiesServices(TournamentExtraPropertyController tourn
         this.tournamentExtraPropertyController = tournamentExtraPropertyController;
     }
 
-    @PreAuthorize("hasAnyRole('ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN')")
+    @PreAuthorize("hasAnyRole('ROLE_VIEWER', 'ROLE_EDITOR', 'ROLE_ADMIN', 'ROLE_GUEST')")
     @Operation(summary = "Gets tournament's properties.", security = @SecurityRequirement(name = "bearerAuth"))
     @GetMapping(value = "/tournaments/{tournamentId}", produces = MediaType.APPLICATION_JSON_VALUE)
     public List<TournamentExtraPropertyDTO> get(@Parameter(description = "Id of an existing tournament", required = true) @PathVariable("tournamentId")

backend/kendo-tournament-rest/src/main/java/com/softwaremagico/kt/rest/services/TournamentServices.java

@@ -74,6 +74,23 @@ public TournamentServices(TournamentController tournamentController, PdfControll
         this.pdfController = pdfController;
     }
 
+    /**
+     * This method is done due to @PreAuthorize cannot be overriden. TournamentService need to set a GUEST permission to it.
+     *
+     * @return an array of roles.
+     */
+    @Override
+    public String[] requiredRoleForEntityById() {
+        return new String[]{"ROLE_VIEWER", "ROLE_EDITOR", "ROLE_ADMIN", "ROLE_GUEST"};
+    }
+
+    @Operation(summary = "Gets a tournament.", security = @SecurityRequirement(name = "bearerAuth"))
+    @GetMapping(value = "/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
+    public TournamentDTO get(@Parameter(description = "Id of an existing tournament", required = true) @PathVariable("id") Integer id,
+                             HttpServletRequest request) {
+        return super.get(id, request);
+    }
+
     @Operation(summary = "Gets all", security = @SecurityRequirement(name = "bearerAuth"))
     @GetMapping(value = "", produces = MediaType.APPLICATION_JSON_VALUE)
     public List<TournamentDTO> getAll(HttpServletRequest request) {

frontend/src/app/components/participant-qr-code/participant-qr-code.component.html

@@ -4,7 +4,7 @@
   </div>
   <div *ngIf="qrCode && (RbacActivity.SEE_QR_CODE | rbac : this.rbacService.getActivities())" class="qr-container">
     <img alt="QR Code" class="qr-code" src="{{ qrCode }}"/>
-    <a class="link" *ngIf="link" href="{{link}}">{{'orClickHere' | translate}}</a>
+    <a class="link" target=”_blank” *ngIf="link" href="{{link}}">{{'orClickHere' | translate}}</a>
   </div>
 </div>
 <div class="button-container" mat-dialog-actions>

frontend/src/app/components/tournament-qr-code/tournament-qr-code.component.html

@@ -4,8 +4,9 @@
   </div>
   <div *ngIf="qrCode" class="qr-container">
     <img alt="QR Code" class="qr-code" src="{{ qrCode }}"/>
-    <a class="link" *ngIf="link" href="{{link}}">{{'orClickHere' | translate}}</a>
-    <button (click)="downloadQrAsPdf()" *ngIf="(RbacActivity.DOWNLOAD_QR_CODE | rbac : this.rbacService.getActivities())"
+    <a class="link" target=”_blank” *ngIf="link" href="{{link}}">{{'orClickHere' | translate}}</a>
+    <button (click)="downloadQrAsPdf()"
+            *ngIf="(RbacActivity.DOWNLOAD_QR_CODE | rbac : this.rbacService.getActivities())"
             class="floating-button"
             color="picture"
             mat-flat-button

frontend/src/app/interceptors/logged-in.service.ts

@@ -35,7 +35,6 @@ export class LoggedInService implements CanActivate {
 
   userLoginPageDependingOnRoles(context: string): boolean {
     if (this.loginService.getJwtValue()) {
-      debugger
       this.loginService.getUserRoles().subscribe((_roles: String[]): void => {
         if (_roles.includes("viewer") || _roles.includes("editor") || _roles.includes("admin")) {
           // Do nothing and navigate as usual.

frontend/src/app/services/models/temporal-token.ts

@@ -1,8 +1,8 @@
 export class TemporalToken {
-  public temporalToken: string;
+  public content: string;
   public temporalTokenExpirationTime?: Date;
 
-  constructor(temporalToken: string) {
-    this.temporalToken = temporalToken;
+  constructor(content: string) {
+    this.content = content;
   }
 }

frontend/src/app/views/participant-statistics/participant-statistics.component.ts

@@ -111,7 +111,6 @@ export class ParticipantStatisticsComponent extends RbacBasedComponent implement
       this.participantService.getByUsername().subscribe({
         next: (_participant: Participant): void => {
           this.participantId = _participant.id;
-          debugger
           this.participant = _participant;
           this.generateStatistics();
         },