From 2805bb061e400d5e7d265136a8e1b0d4365ec014 Mon Sep 17 00:00:00 2001
From: Andrew Lalis <andrewlalisofficial@gmail.com>
Date: Wed, 29 May 2019 13:32:37 +0200
Subject: [PATCH] Added comments to web security confit, added registration
 pages to whitelist.

---
 .../config/WebSecurityConfig.java             | 13 +++++--
 .../controllers/LoginController.java          |  2 --
 .../register/StudentRegisterController.java   | 19 +++++++++++
 .../resources/templates/register/student.html | 34 ++++++++++++++++---
 4 files changed, 59 insertions(+), 9 deletions(-)
 create mode 100644 src/main/java/nl/andrewlalis/teaching_assistant_assistant/controllers/register/StudentRegisterController.java

diff --git a/src/main/java/nl/andrewlalis/teaching_assistant_assistant/config/WebSecurityConfig.java b/src/main/java/nl/andrewlalis/teaching_assistant_assistant/config/WebSecurityConfig.java
index 6c0b290..4b5e133 100644
--- a/src/main/java/nl/andrewlalis/teaching_assistant_assistant/config/WebSecurityConfig.java
+++ b/src/main/java/nl/andrewlalis/teaching_assistant_assistant/config/WebSecurityConfig.java
@@ -10,6 +10,15 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 
+/**
+ * Security configuration for the TAA application.
+ *
+ * This configuration makes use of the custom user details service provided by the application for database-persistent
+ * user accounts.
+ *
+ * Login, logout, and registration pages are set so that all users, authenticated and unauthenticated, may access them,
+ * while actual site content is only visible to authenticated users.
+ */
 @Configuration
 @EnableWebSecurity
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@@ -31,8 +40,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         http
                 .csrf().disable() // So that we can GET the logout page.
 
-                .authorizeRequests() // Let anyone view the login and logout pages.
-                    .antMatchers("/login*", "/logout*", "/register*")
+                .authorizeRequests() // Let anyone view the login and logout pages, as well as various registration pages.
+                    .antMatchers("/login*", "/logout*", "/register*", "/register/**")
                         .permitAll()
                         .and()
 
diff --git a/src/main/java/nl/andrewlalis/teaching_assistant_assistant/controllers/LoginController.java b/src/main/java/nl/andrewlalis/teaching_assistant_assistant/controllers/LoginController.java
index c33ee37..fdc59eb 100644
--- a/src/main/java/nl/andrewlalis/teaching_assistant_assistant/controllers/LoginController.java
+++ b/src/main/java/nl/andrewlalis/teaching_assistant_assistant/controllers/LoginController.java
@@ -15,8 +15,6 @@ public class LoginController {
 
     @GetMapping("/login")
     public String get() {
-        logger.info("User got login page.");
-
         return "login";
     }
 }
diff --git a/src/main/java/nl/andrewlalis/teaching_assistant_assistant/controllers/register/StudentRegisterController.java b/src/main/java/nl/andrewlalis/teaching_assistant_assistant/controllers/register/StudentRegisterController.java
new file mode 100644
index 0000000..9f95bd6
--- /dev/null
+++ b/src/main/java/nl/andrewlalis/teaching_assistant_assistant/controllers/register/StudentRegisterController.java
@@ -0,0 +1,19 @@
+package nl.andrewlalis.teaching_assistant_assistant.controllers.register;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+
+/**
+ * Controller for the registration form for new students.
+ */
+@Controller
+public class StudentRegisterController {
+
+    @GetMapping("/register/student")
+    public String get() {
+
+
+        return "/register/student";
+    }
+
+}
diff --git a/src/main/resources/templates/register/student.html b/src/main/resources/templates/register/student.html
index 566549b..6804cb8 100644
--- a/src/main/resources/templates/register/student.html
+++ b/src/main/resources/templates/register/student.html
@@ -1,10 +1,34 @@
 <!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <title>Title</title>
-</head>
+<html xmlns:th="http://www.thymeleaf.org" th:replace="~{layouts/basic_page :: layout (title='Register as a New Student', content=~{::#content})}" lang="en">
 <body>
 
+<section id="content" class="container">
+    <div class="row">
+        <div class="col">
+            <p>
+                Here you can register to create a new account to access the information provided by this application, whether you are a professor, teaching assistant, or student. After filling out this submission form, you'll receive an email with a link to verify that you are who you say you are, after which your account will be activated.
+            </p>
+        </div>
+    </div>
+
+    <div class="row justify-content-center">
+        <h3>I am a ...</h3>
+    </div>
+
+    <div class="row justify-content-center">
+        <div class="col text-center">
+            <a class="btn btn-primary" th:href="@{/register/student}">Student</a>
+        </div>
+        <div class="col text-center">
+            <a class="btn btn-primary" th:href="@{/register/teaching_assistant}">Teaching Assistant</a>
+        </div>
+        <div class="col text-center">
+            <a class="btn btn-primary" th:href="@{/register/administrator}">Administrator</a>
+        </div>
+    </div>
+
+
+</section>
+
 </body>
 </html>
\ No newline at end of file