Add Authorisation and integrate sign up for users #22
Conversation
DashDeipayan
commented
Sep 22, 2023
DashDeipayan
commented
- Build CRUD APIs #21
skill-tree /src/main/java/com/RDS/skilltree/Filters/JWTAuthenticationFilter.java
Outdated
Show resolved
Hide resolved
| } else { | ||
| CompletableFuture<Response> userResponse = fetchAPI.getRDSUserData(rdsUserId); | ||
| CompletableFuture.allOf(userResponse).join(); | ||
| Response rdsUserResponse = userResponse.get(); |
There was a problem hiding this comment.
get() method throws an exception if the CompletableFuture does not complete successfully. This means that if the getRDSUserData() method fails, the entire request will fail.
There was a problem hiding this comment.
should we handle this using timeouts? @iamitprakash, so that we don't perform the operation for too long and return TimeoutException in case of service taking higher time?
There was a problem hiding this comment.
If there is any exception in making the call to the RDS backend we return an exception.
skill-tree /src/main/java/com/RDS/skilltree/Filters/JWTAuthenticationFilter.java
Show resolved
Hide resolved
skill-tree /src/main/java/com/RDS/skilltree/utils/JWTUtils.java
Outdated
Show resolved
Hide resolved
skill-tree /src/main/java/com/RDS/skilltree/utils/JWTUtils.java
Outdated
Show resolved
Hide resolved
| return (RSAPublicKey) keyFactory.generatePublic(keySpec); | ||
| } | ||
|
|
||
| public String getRDSUserId(String token) throws Exception { |
There was a problem hiding this comment.
getRDSUserId() method is that the method does not handle the case where the token is invalid or expired. The Jwts.parser().parseClaimsJws() method will throw a JwtException if the token is invalid or expired. To handle this exception, you should catch it and return a meaningful error message to the caller.
There was a problem hiding this comment.
Hi Tejas, we found this exception AuthenticationCredentialsNotFoundException and its being caught in the caller method.
There was a problem hiding this comment.
Try refreshing the token here
| * @return the RSAPublicKey object converted from the public key string | ||
| * @throws Exception if there is an error during the conversion process | ||
| */ | ||
| private RSAPublicKey convertToRSAPublicKey(String publicKeyString) throws Exception { |
There was a problem hiding this comment.
optimize on below points please
Use a try-with-resources block. The KeyFactory.getInstance() method throws a NoSuchAlgorithmException if the specified algorithm is not supported. To handle this exception, you can use a try-with-resources block. This will ensure that the KeyFactory object is automatically closed, even if an exception is thrown.
Use a catch block to handle specific exceptions. The KeyFactory.generatePublic() method throws an InvalidKeySpecException if the specified key spec is invalid. To handle this exception, you can use a catch block. This will allow you to return a more specific error message to the caller.
Cache the public key. The convertToRSAPublicKey() method is likely to be called multiple times with the same public key string. To improve performance, you can cache the public key so that it does not need to be generated each time.
There was a problem hiding this comment.
Use a try-with-resources block. The KeyFactory.getInstance() method throws a NoSuchAlgorithmException if the specified algorithm is not supported. To handle this exception, you can use a try-with-resources block. This will ensure that the KeyFactory object is automatically closed, even if an exception is thrown.
Cache the public key. The convertToRSAPublicKey() method is likely to be called multiple times with the same public key string. To improve performance, you can cache the public key so that it does not need to be generated each time.
Tried caching this value, but the values are getting flushed from the ConcurrentHashMap the reason to be debugged.
There was a problem hiding this comment.
I tried caching the public key, since this is used in the filter the values were getting refreshed, will once check this
skill-tree /src/main/java/com/RDS/skilltree/utils/JWTUtils.java
Outdated
Show resolved
Hide resolved
|
@DashDeipayan please link Test setup ticket here |
iamitprakash
modified the milestone:
https://github.com/Real-Dev-Squad/skill-tree-backend/issues/23
|
TEST setup task details #23 |
skill-tree /src/main/java/com/RDS/skilltree/utils/FetchAPI.java
Outdated
Show resolved
Hide resolved
|
Here in this code when ever we throw an custom exception, the middleware is catching the exception and returning 401 |
skill-tree /src/main/java/com/RDS/skilltree/utils/JWTUtils.java
Outdated
Show resolved
Hide resolved
skill-tree /src/main/java/com/RDS/skilltree/utils/JWTUtils.java
Outdated
Show resolved
Hide resolved
skill-tree /src/main/java/com/RDS/skilltree/Filters/JWTAuthenticationFilter.java
Show resolved
Hide resolved
skill-tree /src/main/java/com/RDS/skilltree/User/UserServiceImpl.java
Outdated
Show resolved
Hide resolved
skill-tree /src/main/java/com/RDS/skilltree/utils/JWTUtils.java
Outdated
Show resolved
Hide resolved
skill-tree /src/main/java/com/RDS/skilltree/Filters/JWTAuthenticationFilter.java
Show resolved
Hide resolved
|
We will require this file for this PR #49 |
skill-tree /src/main/java/com/RDS/skilltree/Filters/JWTAuthenticationFilter.java
Show resolved
Hide resolved
…ill-tree-backend into jpa-entity-rel .
