From dc1e1eaf806fa2aa0fe5a97ae7b265a86f12cd0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakob=20Gr=C3=B8nhaug?= <jakob@gronha.ug>
Date: Thu, 4 May 2023 12:29:27 +0200
Subject: [PATCH] =?UTF-8?q?Fjern=20autentiseringskrav=20fra=20=C3=A5=20hen?=
 =?UTF-8?q?te=20profilbilder?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../matsvinnbackend/controller/FileController.java    | 11 ++---------
 .../matsvinnbackend/security/SecurityConfig.java      |  2 +-
 2 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/src/main/java/edu/ntnu/idatt210602/matsvinnbackend/controller/FileController.java b/src/main/java/edu/ntnu/idatt210602/matsvinnbackend/controller/FileController.java
index 31b1ba0..2e8235f 100644
--- a/src/main/java/edu/ntnu/idatt210602/matsvinnbackend/controller/FileController.java
+++ b/src/main/java/edu/ntnu/idatt210602/matsvinnbackend/controller/FileController.java
@@ -99,26 +99,19 @@ public class FileController {
 
     @GetMapping("/{profileId}")
     public ResponseEntity<Resource> get(@PathVariable Integer profileId) {
-        String authenticatedUsername = SecurityContextHolder.getContext().getAuthentication().getName();
-        Account loggedInAccount = accountRepo.findByEmail(authenticatedUsername).orElseThrow();
 
         // Ensure that the provided profile ID is valid
-        Profile profile = profileRepo.findById(profileId).orElseThrow(() -> {
+        profileRepo.findById(profileId).orElseThrow(() -> {
             return new ResponseStatusException(HttpStatus.BAD_REQUEST);
         });
 
-        // Ensure that the profile is part of the authenticated account
-        if (!loggedInAccount.getId().equals(profile.getAccountId())) {
-            throw new ResponseStatusException(HttpStatus.FORBIDDEN);
-        }
-
         Path path = Paths.get(basePath, String.format("%d.jpeg", profileId));
 
         if (!path.toFile().exists()) {
             throw new ResponseStatusException(HttpStatus.NOT_FOUND);
         }
 
-        Resource file = null;
+        Resource file;
 
         try {
             file = new UrlResource(path.toUri());
diff --git a/src/main/java/edu/ntnu/idatt210602/matsvinnbackend/security/SecurityConfig.java b/src/main/java/edu/ntnu/idatt210602/matsvinnbackend/security/SecurityConfig.java
index 1d431e2..38124d0 100644
--- a/src/main/java/edu/ntnu/idatt210602/matsvinnbackend/security/SecurityConfig.java
+++ b/src/main/java/edu/ntnu/idatt210602/matsvinnbackend/security/SecurityConfig.java
@@ -67,7 +67,7 @@ public class SecurityConfig {
 
 
                 //FILE ENDPOINTS
-                .requestMatchers(HttpMethod.GET, "/img/*").authenticated()
+                .requestMatchers(HttpMethod.GET, "/img/*").permitAll()
                 .requestMatchers(HttpMethod.POST, "/img").authenticated()
                 .requestMatchers(HttpMethod.DELETE, "/img/*").authenticated()
 
-- 
GitLab