Merge pull request #571 from ita-social-projects/feature/9272/automatic-secret-refresh-from-azure

Feature/9272/automatic secret refresh from azure

Author: SashaPog

core/src/main/java/greencity/security/controller/ManagementSecurityController.java

@@ -1,14 +1,14 @@
 package greencity.security.controller;
 
 import greencity.exception.exceptions.*;
+import greencity.properties.RemoteWebClientProperties;
 import greencity.security.dto.SuccessSignInDto;
 import greencity.security.dto.ownsecurity.OwnSignInDto;
 import greencity.security.service.OwnSecurityService;
 import greencity.service.UserService;
 import io.swagger.v3.oas.annotations.Hidden;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.BindingResult;
@@ -26,8 +26,7 @@ public class ManagementSecurityController {
     private static final String MANAGEMENT_LOGIN_PAGE = "core/management_login";
     private final OwnSecurityService service;
     private final UserService userService;
-    @Value("${greencity.server.address}")
-    private String greenCityServerAddress;
+    private final RemoteWebClientProperties remoteWebClientProperties;
 
     /**
      * Controller returns view for management log in.
@@ -83,6 +82,7 @@ public String signIn(@Valid @ModelAttribute("signInForm") OwnSignInDto dto,
             return MANAGEMENT_LOGIN_PAGE;
         }
 
-        return "redirect:" + greenCityServerAddress + "/token?accessToken=" + result.getAccessToken();
+        return "redirect:" + remoteWebClientProperties.getGreencityServerAddress() + "/token?accessToken="
+            + result.getAccessToken();
     }
 }

core/src/main/resources/application.properties

@@ -1,4 +1,5 @@
 spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=${KEY_VAULT_ENDPOINT}
+spring.cloud.azure.keyvault.secret.property-sources[0].refresh-interval=15m
 
 #Azure Connection
 spring.cloud.azure.credential.client-id=${AZURE_CLIENT_ID}

core/src/test/java/greencity/security/controller/ManagementSecurityControllerTest.java

@@ -7,6 +7,7 @@
 import greencity.exception.exceptions.UserDeactivatedException;
 import greencity.exception.exceptions.WrongEmailException;
 import greencity.exception.exceptions.WrongPasswordException;
+import greencity.properties.RemoteWebClientProperties;
 import greencity.security.dto.SuccessSignInDto;
 import greencity.security.dto.ownsecurity.OwnSignInDto;
 import greencity.security.service.OwnSecurityService;
@@ -47,6 +48,9 @@ class ManagementSecurityControllerTest {
     @Mock
     BindingResult bindingResult;
 
+    @Mock
+    private RemoteWebClientProperties remoteWebClientProperties;
+
     @BeforeEach
     void setUp() {
         InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();

service-api/pom.xml

@@ -194,5 +194,11 @@
             <artifactId>mockwebserver</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>io.github.hakky54</groupId>
+            <artifactId>logcaptor</artifactId>
+            <version>2.12.0</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 </project>

service-api/src/main/java/greencity/client/config/GreenCityRemoteWebClientConfig.java

@@ -9,11 +9,12 @@
 import greencity.exception.exceptions.ErrorParsingException;
 import greencity.exception.exceptions.GreenCityServiceException;
 import greencity.exception.exceptions.NotFoundException;
+import greencity.properties.EmailProperties;
+import greencity.properties.RemoteWebClientProperties;
 import greencity.security.jwt.JwtTool;
 import io.netty.channel.ChannelOption;
 import java.net.URI;
 import lombok.RequiredArgsConstructor;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpHeaders;
@@ -37,59 +38,46 @@ public class GreenCityRemoteWebClientConfig {
     private static final String EMAIL_QUERY_PARAMETER = "email";
     private static final String PLUS_SYMBOL = "+";
     private static final String ENCODED_PLUS_SYMBOL = "%2B";
-
-    @Value("${greencity.server.address}")
-    private String greenCityBaseUrl;
-
-    @Value("${greencityubs.server.address}")
-    private String greenCityUbsBaseUrl;
-
-    @Value("${contacts.authorization.system-email-address}")
-    private String systemEmail;
-
-    @Value("${webclient.connection-timeout-millis}")
-    private Integer connectionTimeoutMillis;
-
-    @Value("${webclient.response-timeout-millis}")
-    private Integer responseTimeoutMillis;
+    private final RemoteWebClientProperties remoteWebClientProperties;
+    private final EmailProperties emailProperties;
 
     private final JwtTool jwtTool;
 
     @Bean("greenCityWebClient")
     public WebClient webClient(WebClient.Builder builder) {
-        return builder.baseUrl(greenCityBaseUrl)
+        return builder.baseUrl(remoteWebClientProperties.getGreencityServerAddress())
             .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
             .filter(authorizationHeaderFilter())
             .filter(handlingWebClientExceptions())
             .filter(encodePlusInQuery())
             .clientConnector(
                 new ReactorClientHttpConnector(
                     HttpClient.create()
-                        .option(ChannelOption.CONNECT_TIMEOUT_MILLIS, connectionTimeoutMillis)
-                        .responseTimeout(Duration.ofMillis(responseTimeoutMillis))))
+                        .option(ChannelOption.CONNECT_TIMEOUT_MILLIS, remoteWebClientProperties.getConnectionTimeout())
+                        .responseTimeout(Duration.ofMillis(remoteWebClientProperties.getResponseTimeout()))))
             .build();
     }
 
     @Bean("greenCityUbsWebClient")
     public WebClient greenCityUbsWebClient(WebClient.Builder builder) {
-        return builder.baseUrl(greenCityUbsBaseUrl)
+        return builder.baseUrl(remoteWebClientProperties.getGreencityUbsServerAddress())
             .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
             .filter(authorizationHeaderFilterForGreenCityUbs())
             .filter(handlingWebClientExceptions())
             .filter(encodePlusInQuery())
             .clientConnector(
                 new ReactorClientHttpConnector(
                     HttpClient.create()
-                        .option(ChannelOption.CONNECT_TIMEOUT_MILLIS, connectionTimeoutMillis)
-                        .responseTimeout(Duration.ofMillis(responseTimeoutMillis))))
+                        .option(ChannelOption.CONNECT_TIMEOUT_MILLIS, remoteWebClientProperties.getConnectionTimeout())
+                        .responseTimeout(Duration.ofMillis(remoteWebClientProperties.getResponseTimeout()))))
             .build();
     }
 
     private ExchangeFilterFunction authorizationHeaderFilter() {
         List<Role> roles = List.of(Role.ROLE_USER, Role.ROLE_ADMIN);
 
         return ExchangeFilterFunction.ofRequestProcessor(clientRequest -> {
-            String jwt = jwtTool.createAccessToken(systemEmail, roles);
+            String jwt = jwtTool.createAccessToken(emailProperties.getSystemEmailAddress(), roles);
             String authHeader = AppConstant.TOKEN_PREFIX + jwt;
 
             ClientRequest authorizedRequest = ClientRequest.from(clientRequest)
@@ -104,7 +92,7 @@ private ExchangeFilterFunction authorizationHeaderFilterForGreenCityUbs() {
         List<Role> roles = List.of(Role.ROLE_USER, Role.ROLE_EMPLOYEE, Role.ROLE_UBS_EMPLOYEE);
 
         return ExchangeFilterFunction.ofRequestProcessor(clientRequest -> {
-            String jwt = jwtTool.createAccessToken(systemEmail, roles);
+            String jwt = jwtTool.createAccessToken(emailProperties.getSystemEmailAddress(), roles);
             String authHeader = AppConstant.TOKEN_PREFIX + jwt;
 
             ClientRequest authorizedRequest = ClientRequest.from(clientRequest)

service-api/src/main/java/greencity/constant/ErrorMessage.java

@@ -62,4 +62,23 @@ public class ErrorMessage {
         "Can`t convert To Multipart Image. Bad inputted image string : ";
     public static final String PARSING_URL_FAILED = "Can't parse image's url: ";
     public static final String AUTHORITY_CATEGORY_NOT_FOUND = "The authority category does not exist by this id: %s";
+    public static final String ACCESS_TOKEN_EXPIRATION_NOT_SET = "access token expiration not set.";
+    public static final String REFRESH_TOKEN_EXPIRATION_NOT_SET = "refresh token expiration not set.";
+    public static final String ACCESS_TOKEN_NOT_SET = "access token key not set.";
+    public static final String VERIFY_EMAIL_EXPIRATION_NOT_SET = "verify email expiration not set.";
+    public static final String BRUTEFORCE_MAX_ATTEMPTS_NOT_SET = "security bruteforce max attempts not set.";
+    public static final String BRUTEFORCE_BLOCK_TIME_NOT_SET = "security bruteforce block time not set.";
+    public static final String TESTER_SIGN_IN_TOKEN_NOT_SET = "tester signin token not set.";
+    public static final String GREENCITY_SERVER_ADDRESS_NOT_SET = "greencity server address not set.";
+    public static final String GREENCITY_UBS_SERVER_ADDRESS_NOT_SET = "greencity ubs server address not set.";
+    public static final String WEBCLIENT_CONNECTION_TIMEOUT_NOT_SET = "webclient connection timeout not set.";
+    public static final String WEBCLIENT_RESPONSE_TIMEOUT_NOT_SET = "webclient response timeout not set.";
+    public static final String CLIENT_ADDRESS_NOT_SET = "client address not set.";
+    public static final String AZURE_CONNECTION_STRING_NOT_SET = "azure connection string not set.";
+    public static final String AZURE_CONTAINER_NAME_NOT_SET = "azure container name not set.";
+    public static final String GOOGLE_API_KEY_NOT_SET = "google api key not set.";
+    public static final String SENDER_EMAIL_ADDRESS_NOT_SET = "sender email address not set.";
+    public static final String GREENCITY_OFFICE_EMAIL_ADDRESS_NOT_SET = "greencity office email address not set.";
+    public static final String TELEGRAM_EMAIL_ADDRESS_NOT_SET = "telegram email address not set.";
+    public static final String SYSTEM_EMAIL_ADDRESS_NOT_SET = "system email address not set.";
 }

service-api/src/main/java/greencity/properties/AzureProperties.java

@@ -0,0 +1,48 @@
+package greencity.properties;
+
+import greencity.constant.ErrorMessage;
+import jakarta.annotation.PostConstruct;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+
+/**
+ * Сlass for retrieving configuration values from the runtime environment. Used
+ * to access dynamic properties. Provides a flexible alternative to @Value,
+ * always getting the latest values without having to restart the application or
+ * use /actuator/refresh.
+ */
+
+@Component
+@RequiredArgsConstructor
+@Slf4j
+public class AzureProperties {
+    private final Environment environment;
+
+    @PostConstruct
+    public void validateProperties() {
+        getAzureConnectionString();
+        getAzureContainerName();
+        log.info("All azure properties validated successfully.");
+    }
+
+    public String getAzureConnectionString() {
+        String connectionString = environment.getProperty("azure.connection.string");
+        if (!StringUtils.hasText(connectionString)) {
+            log.error(ErrorMessage.AZURE_CONNECTION_STRING_NOT_SET);
+            throw new IllegalStateException(ErrorMessage.AZURE_CONNECTION_STRING_NOT_SET);
+        }
+        return connectionString;
+    }
+
+    public String getAzureContainerName() {
+        String containerName = environment.getProperty("azure.container.name");
+        if (!StringUtils.hasText(containerName)) {
+            log.error(ErrorMessage.AZURE_CONTAINER_NAME_NOT_SET);
+            throw new IllegalStateException(ErrorMessage.AZURE_CONTAINER_NAME_NOT_SET);
+        }
+        return containerName;
+    }
+}

service-api/src/main/java/greencity/properties/EmailProperties.java

@@ -0,0 +1,68 @@
+package greencity.properties;
+
+import greencity.constant.ErrorMessage;
+import jakarta.annotation.PostConstruct;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+
+/**
+ * Сlass for retrieving configuration values from the runtime environment. Used
+ * to access dynamic properties. Provides a flexible alternative to @Value,
+ * always getting the latest values without having to restart the application or
+ * use /actuator/refresh.
+ */
+
+@Component
+@RequiredArgsConstructor
+@Slf4j
+public class EmailProperties {
+    private final Environment environment;
+
+    @PostConstruct
+    public void validateProperties() {
+        getSenderEmailAddress();
+        getGreenCityOfficeEmailAddress();
+        getTelegramFeedbackEmailAddress();
+        getSystemEmailAddress();
+        log.info("All Email properties validated successfully.");
+    }
+
+    public String getSenderEmailAddress() {
+        String senderEmail = environment.getProperty("contacts.sender.email-address");
+        if (!StringUtils.hasText(senderEmail)) {
+            log.error(ErrorMessage.SENDER_EMAIL_ADDRESS_NOT_SET);
+            throw new IllegalStateException(ErrorMessage.SENDER_EMAIL_ADDRESS_NOT_SET);
+        }
+        return senderEmail;
+    }
+
+    public String getGreenCityOfficeEmailAddress() {
+        String officeEmailAddress = environment.getProperty("contacts.greenoffice.email-address");
+        if (!StringUtils.hasText(officeEmailAddress)) {
+            log.error(ErrorMessage.GREENCITY_OFFICE_EMAIL_ADDRESS_NOT_SET);
+            throw new IllegalStateException(ErrorMessage.GREENCITY_OFFICE_EMAIL_ADDRESS_NOT_SET);
+        }
+        return officeEmailAddress;
+    }
+
+    public String getTelegramFeedbackEmailAddress() {
+        String feedbackEmailAddress = environment.getProperty("contacts.tgbot.feedbacks-email-address");
+        if (!StringUtils.hasText(feedbackEmailAddress)) {
+            log.error(ErrorMessage.TELEGRAM_EMAIL_ADDRESS_NOT_SET);
+            throw new IllegalStateException(ErrorMessage.TELEGRAM_EMAIL_ADDRESS_NOT_SET);
+        }
+        return feedbackEmailAddress;
+    }
+
+    public String getSystemEmailAddress() {
+        String systemEmailAddress = environment.getProperty("contacts.authorization.system-email-address");
+        if (!StringUtils.hasText(systemEmailAddress)) {
+            log.error(ErrorMessage.SYSTEM_EMAIL_ADDRESS_NOT_SET);
+            throw new IllegalStateException(ErrorMessage.SYSTEM_EMAIL_ADDRESS_NOT_SET);
+        }
+        return systemEmailAddress;
+    }
+}

service-api/src/main/java/greencity/properties/GoogleProperties.java

@@ -0,0 +1,38 @@
+package greencity.properties;
+
+import greencity.constant.ErrorMessage;
+import jakarta.annotation.PostConstruct;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+
+/**
+ * Сlass for retrieving configuration values from the runtime environment. Used
+ * to access dynamic properties. Provides a flexible alternative to @Value,
+ * always getting the latest values without having to restart the application or
+ * use /actuator/refresh.
+ */
+
+@Component
+@RequiredArgsConstructor
+@Slf4j
+public class GoogleProperties {
+    private final Environment environment;
+
+    @PostConstruct
+    public void validateProperties() {
+        getGoogleApiKey();
+        log.info("All google properties validated successfully.");
+    }
+
+    public String getGoogleApiKey() {
+        String googleApiKey = environment.getProperty("external.google.api-key");
+        if (!StringUtils.hasText(googleApiKey)) {
+            log.error(ErrorMessage.GOOGLE_API_KEY_NOT_SET);
+            throw new IllegalStateException(ErrorMessage.GOOGLE_API_KEY_NOT_SET);
+        }
+        return googleApiKey;
+    }
+}