Fixed bug with PUBLIC_URIs and liquibase script error when connecting to MariaDB

README.md

@@ -189,4 +189,4 @@ To keep things organized please follow the steps below:
     - Request a review from maintainers
     - Be open to feedback and ready to make revisions 
 
-You can also watch an overview of how to contribute to OSS via Pull Requests here: [GitHub Pull Request Tutorial](https://www.youtube.com/watch?v=dLRA1lffWBw)
+You can also watch an overview of how to contribute to OSS via Pull Requests here: [GitHub Pull Request Tutorial](https://www.youtube.com/watch?v=dLRA1lffWBw)

qlack-base-application-server/src/main/java/com/eurodyn/qlack/baseapplication/config/WebSecurityConfig.java

@@ -1,6 +1,8 @@
 package com.eurodyn.qlack.baseapplication.config;
 
+import com.eurodyn.qlack.util.csrf.filter.CustomCookieFilter;
 import com.eurodyn.qlack.util.jwt.filter.JwtAuthenticationFilter;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -9,33 +11,39 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
-import com.eurodyn.qlack.util.csrf.filter.CustomCookieFilter;
 
 @Configuration
 public class WebSecurityConfig {
 
-  private static final String[] PUBLIC_URIS =
-    {"/users/auth", "/ping", "/i18n/*","/error"};
-  private final JwtAuthenticationFilter jwtAuthenticationFilter;
+    @Value("${qlack.util.csrf.ignore-paths:#{new ArrayList()}}")
+    private List<String> IGNORED_PATHS;
 
-    private final CustomCookieFilter customCookieFilter;
+    @Value("${qlack.util.csrf.login-path:#{null}}")
+    private String LOGIN_PATH;
 
-  public WebSecurityConfig(JwtAuthenticationFilter jwtAuthenticationFilter, CustomCookieFilter customCsrfCookieFilter) {
-    this.jwtAuthenticationFilter = jwtAuthenticationFilter;
-    this.customCookieFilter = customCsrfCookieFilter;
-  }
+    private final JwtAuthenticationFilter jwtAuthenticationFilter;
 
-  @Bean
-  public SecurityFilterChain configure(HttpSecurity http) throws Exception {
-    http.csrf(AbstractHttpConfigurer::disable)
-        .authorizeHttpRequests(requests -> requests
-            .requestMatchers(PUBLIC_URIS).permitAll()
-            .anyRequest().authenticated())
-        .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-        .addFilterBefore(customCookieFilter, BasicAuthenticationFilter.class)
-        .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
-
-    return http.build();
+    private final CustomCookieFilter customCookieFilter;
 
-  }
+    public WebSecurityConfig(JwtAuthenticationFilter jwtAuthenticationFilter, CustomCookieFilter customCsrfCookieFilter) {
+        this.jwtAuthenticationFilter = jwtAuthenticationFilter;
+        this.customCookieFilter = customCsrfCookieFilter;
+    }
+
+    @Bean
+    public SecurityFilterChain configure(HttpSecurity http) throws Exception {
+        if (LOGIN_PATH != null) {
+            IGNORED_PATHS.add(LOGIN_PATH);
+        }
+        final String[] PUBLIC_URIS = IGNORED_PATHS.stream().toArray(String[]::new);
+        http.csrf(AbstractHttpConfigurer::disable)
+                .authorizeHttpRequests(requests -> requests
+                        .requestMatchers(PUBLIC_URIS).permitAll()
+                        .anyRequest().authenticated()
+                )
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .addFilterBefore(customCookieFilter, BasicAuthenticationFilter.class)
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+        return http.build();
+    }
 }

qlack-base-application-server/src/main/resources/application.yml

@@ -32,13 +32,14 @@ qlack:
   util:
     jwt:
       issuer: qlack_demo
-      validity: 1440
+      validity: 1440 # in minutes, default validity is 1 day
     csrf:
       cookie-name: COOKIE-TOKEN # the name of the cookie
       cookie-timer: 60 # per seconds, the timer for keep old cookies alive for multiple requests
       cookie-cache-clean-timer: 0 * * ? * * # the scheduler where we clean cache from non-valid cookies
       login-path: '/users/auth'
       logout-path: '/users/logout'
+      ignore-paths: '/i18n/*, /error'
 
 logging:
   level:

qlack-base-application-server/src/main/resources/db/changelog/changes/qba_00003.xml

@@ -25,7 +25,7 @@
         <constraints nullable="false"/>
       </column>
       <column name="department" type="VARCHAR(255)"/>
-      <column defaultValueComputed="NULL" name="hiring_date" type="DATETIME">
+      <column name="hiring_date" type="DATETIME">
         <constraints nullable="false"/>
       </column>
     </createTable>