Fix/security merge conflicts

[cris-eci]

security function

[Copilot]

Pull Request Overview

This PR addresses security merge conflicts while adding new reporting endpoints and improving user and goal management features. Key changes include:

• Introducing a JwtUtil class to extract JWT claims and new security filters.
• Implementing various report generators and endpoints for user progress, gym usage, and attendance.
• Enhancing user, recommendation, and goal services with additional methods and endpoints.

Reviewed Changes

Copilot reviewed 80 out of 80 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
JwtUtil.java	New JWT utility class for extracting claims with a hard-coded secret key.
ReportGenerator.java	Addition of generic report generation methods for PDF, CSV, XLSX, and JSON.
UserServiceImpl.java	Inclusion of a user existence check method.
ReportServiceImpl.java	Implementation of report generation logic for progress, gym usage, and attendance.
RecommendationServiceImpl.java	Updates to recommendation logic and added helper methods with improved documentation.
GoalServiceImpl.java	Added documentation and minor refactoring for goal management.
UserService.java	Interface update to include method for checking user existence.
ReportService.java	Updated interface to support new ReportFormat-based report generation.
RecommendationService.java	Minor updates to Javadoc and method signature consistency.
GoalService.java	Added Javadoc for clarity on goal management methods.
UserRepository.java	Added method to check existence by institutional ID.
ReportFormat.java	New enum for specifying report formats.
UserController.java	New endpoints for user creation and report generation with refined request logging.
SecurityConfig.java	Revised security configuration with JWT and logging filters.
LoggingFilter.java	New filter implementation for logging HTTP request details.
JwtRequestFilter.java	JWT filter for extracting token claims and setting authentication attributes.
pom.xml	Updated dependencies and SonarCloud configuration.
CI/CD Workflows	Adjusted Maven verify steps by skipping tests in certain stages.

[Copilot]

Avoid hard-coding secret keys in the code; instead, externalize it using environment variables or secure configuration management.

Suggested change

	private final String SECRET_KEY = "supersecretpassword1234567891011121314"; // Debe ser la misma que usa el microservicio de usuarios
	public Claims extractClaims(String token) {
	private final String SECRET_KEY = System.getenv("JWT_SECRET_KEY");
	public JwtUtil() {
	if (SECRET_KEY == null || SECRET_KEY.isEmpty()) {
	throw new IllegalStateException("Environment variable JWT_SECRET_KEY is not set or is empty.");
	}
	}
	public Claims extractClaims(String token) {

[Copilot]

[nitpick] Consider replacing System.out.println with a logging framework (e.g., SLF4J) to improve performance and manageability of logs in production.

[sonarqubecloud]

Quality Gate failed

Failed conditions
B Maintainability Rating on New Code (required ≥ A)
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE