Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Otp login + profile create or fetch #9

Merged
merged 40 commits into from
Nov 15, 2024
Merged

Otp login + profile create or fetch #9

merged 40 commits into from
Nov 15, 2024

Conversation

Arkmati
Copy link
Contributor

@Arkmati Arkmati commented Oct 25, 2024

No description provided.

Arkmati added 24 commits October 26, 2024 00:41
@Arkmati
added service annotation in Utils
1846dd7
@Arkmati
minor changes to store userId properly in redis and read sessionId fr…
0b042ac 
…om cookies only.
@Arkmati
minor changes.
49aee87
@Arkmati
minor change in logs in controller
6c5056f
@Arkmati
minor change in session management
808c7e3
@Arkmati
changed sessionId cookie name, profile controller methods and check f…
82750c3 
…or admin email id matching.
@Arkmati
changed generateOtp controllers to POST methods.
fe5ad84
@Arkmati
added sessionId cookie in header.
865ceaf
@Arkmati
changed setHeader to addHeader.
dd83ccc
@Arkmati
changes in session and userId cookies.
b31df0c
@Arkmati
change in WSUtils to handle plain text response.
064cb4d
@Arkmati
change in WSUtils to accept different responses.
c19e3c2
@Arkmati
Support for string and object type WS call.
a3c15ac
@Arkmati
changed way to parse string data.
e62de87
@Arkmati
default value of object for returnClass.
4fd0873
@Arkmati
support for uuid WS calls.
961b9e3
@Arkmati
support for uuid WS calls.
d865531
@Arkmati
minor change
23b5ae6
@Arkmati
change for handling errors in WSUtils
540d11a
@Arkmati
minor change in create profile flow.
4154e8a
@Arkmati
reading UserId from message in WSUtils response.
dafd77d
@Arkmati
minor change.
7d5172c
@Arkmati
using textValue instead of asText
0a5fe8e
@Arkmati
error fix
49fcee3
@Arkmati
Merge remote-tracking branch 'origin/Main' into feature/opt_login_and…
c11755b 
…_auth

# Conflicts:
#	src/main/java/sg/edu/nus/iss/shopsmart_backend/utils/WSUtils.java
@Arkmati
removed comments and resolved merged conflicts.
d989752
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 14, 2024
View reviewed changes
src/main/java/sg/edu/nus/iss/shopsmart_backend/controller/ProfileController.java
@PostMapping("/register/generateOtp/{profileType}")
public CompletableFuture<ResponseEntity<JsonNode>> generateOtpForRegister(@PathVariable String profileType, @RequestBody JsonNode requestBody,
HttpServletRequest request, HttpServletResponse response){
log.info("Starting flow for generate OTP for registration for profileType: {}", profileType);

Check notice

Code scanning / SonarCloud

Logging should not be vulnerable to injection attacks Low

Change this code to not log user-controlled data. See more on SonarQube Cloud
src/main/java/sg/edu/nus/iss/shopsmart_backend/controller/ProfileController.java
@PostMapping("/register/verifyOtp/{profileType}")
public CompletableFuture<ResponseEntity<JsonNode>> verifyOtpForRegister(@PathVariable String profileType, @RequestBody JsonNode requestBody,
HttpServletRequest request, HttpServletResponse response){
log.info("Starting flow for validate OTP and createProfile for registration for profileType: {}", profileType);

Check notice

Code scanning / SonarCloud

Logging should not be vulnerable to injection attacks Low

Change this code to not log user-controlled data. See more on SonarQube Cloud
src/main/java/sg/edu/nus/iss/shopsmart_backend/controller/ProfileController.java
@PostMapping("/login/generateOtp/{profileType}")
public CompletableFuture<ResponseEntity<JsonNode>> generateOtpForLogin(@PathVariable String profileType, @RequestBody JsonNode requestBody,
HttpServletRequest request, HttpServletResponse response){
log.info("Starting flow for generate OTP for login for profileType: {}", profileType);

Check notice

Code scanning / SonarCloud

Logging should not be vulnerable to injection attacks Low

Change this code to not log user-controlled data. See more on SonarQube Cloud
src/main/java/sg/edu/nus/iss/shopsmart_backend/controller/ProfileController.java
@PostMapping("/login/verifyOtp/{profileType}")
public CompletableFuture<ResponseEntity<JsonNode>> verifyOtpForLogin(@PathVariable String profileType, @RequestBody JsonNode requestBody,
HttpServletRequest request, HttpServletResponse response){
log.info("Starting flow for validate OTP and createProfile for login for profileType: {}", profileType);

Check notice

Code scanning / SonarCloud

Logging should not be vulnerable to injection attacks Low

Change this code to not log user-controlled data. See more on SonarQube Cloud
src/main/java/sg/edu/nus/iss/shopsmart_backend/service/CommonService.java
@@ -54,25 +49,116 @@
apiRequestResolver.setHeaders(headers);

// Extract query parameters
log.info("{} Extracting query parameters from request {}", apiRequestResolver.getCorrelationId(), request.getParameterMap());

Check notice

Code scanning / SonarCloud

Logging should not be vulnerable to injection attacks Low

Change this code to not log user-controlled data. See more on SonarQube Cloud
src/main/java/sg/edu/nus/iss/shopsmart_backend/service/ProfileService.java
});
}
private CompletableFuture<String> fetchUserIdForEmail(ApiRequestResolver apiRequestResolver, String email, String profileType){
log.info("{} fetching user id for email {} for profileType {}", apiRequestResolver.getLoggerString(), email, profileType);

Check notice

Code scanning / SonarCloud

Logging should not be vulnerable to injection attacks Low

Change this code to not log user-controlled data. See more on SonarQube Cloud
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
10.0% Duplication on New Code (required ≤ 10%)

See analysis details on SonarQube Cloud

@Arkmati Arkmati merged commit d5de241 into Main Nov 15, 2024
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thoriritu thoriritu thoriritu approved these changes

@yathu25 yathu25 yathu25 approved these changes

@Anvisimi Anvisimi Anvisimi approved these changes

@Aakashdarsi Aakashdarsi Awaiting requested review from Aakashdarsi

@Krishna-Rishi Krishna-Rishi Awaiting requested review from Krishna-Rishi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Arkmati @Anvisimi @yathu25 @thoriritu