MeController.java
/*
* Copyright 2019 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.genesys.server.api.v2.impl;
import io.swagger.annotations.Api;
import org.genesys.blocks.security.UserException;
import org.genesys.blocks.security.service.PasswordPolicy;
import org.genesys.server.api.ApiBaseController;
import org.genesys.server.api.v2.facade.UserApiService;
import org.genesys.server.api.v2.model.impl.UserDTO;
import org.genesys.server.service.EMailVerificationService;
import org.genesys.server.service.TokenVerificationService;
import org.genesys.server.service.UserService;
import org.genesys.spring.CaptchaChecker;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
/**
* Me API v2
*/
@RestController("meApi2")
@RequestMapping(MeController.CONTROLLER_URL)
@PreAuthorize("isAuthenticated() && (hasRole('USER') || hasRole('ADMINISTRATOR'))") // Don't allow OAuth clients here
@Api(tags = { "me" })
public class MeController extends ApiBaseController {
/** The Constant CONTROLLER_URL. */
public static final String CONTROLLER_URL = ApiBaseController.APIv2_BASE + "/me";
@Autowired
private UserApiService userService;
@Autowired
private EMailVerificationService emailVerificationService;
@Autowired
private CaptchaChecker captchaChecker;
/**
* Gets the profile.
*
* @return the profile
*/
@PreAuthorize("isAuthenticated()") // Available for OAuth clients
@GetMapping(value = "/profile")
public UserDTO getProfile() {
return userService.getProfile();
}
/**
* Change password.
*
* @param oldPassword the old password
* @param newPassword the new password
* @return the string
* @throws UserException the user exception
*/
@PostMapping(value = "/password")
public String changePassword(@RequestParam(name = "old", required = true) final String oldPassword, @RequestParam(name = "new", required = true) final String newPassword)
throws UserException {
return userService.changePassword(oldPassword, newPassword);
}
@PreAuthorize("isAuthenticated()")
@PostMapping(value = "/password/reset")
public boolean resetPassword(HttpServletRequest req, @RequestParam(value = "g-recaptcha-response", required = false) String response, @RequestParam("email") String email) throws UserException {
// Validate the reCAPTCHA
captchaChecker.assureValidResponseForClient(response, req.getRemoteAddr());
return userService.resetPassword(email);
}
@PreAuthorize("isAuthenticated()")
@PostMapping(value = "/{tokenUuid:.+}/pwdreset")
public boolean updatePassword(@PathVariable("tokenUuid") String tokenUuid, HttpServletRequest req, @RequestParam(value = "g-recaptcha-response", required = false) String response,
@RequestParam(value = "key", required = true) String key, @RequestParam("password") String password) throws UserException {
// Validate the reCAPTCHA
captchaChecker.assureValidResponseForClient(response, req.getRemoteAddr());
try {
emailVerificationService.changePassword(tokenUuid, key, password);
return true;
} catch (final TokenVerificationService.NoSuchVerificationTokenException e) {
throw new UserException("No such verification token!");
} catch (PasswordPolicy.PasswordPolicyException e) {
throw new UserException("Password for disabled user accounts can't be reset!");
} catch (TokenVerificationService.TokenExpiredException e) {
throw new UserException("Your token expired!");
}
}
@PreAuthorize("isAuthenticated()")
@PostMapping(value = "/{tokenUuid:.+}/cancel")
public boolean cancelValidation(@PathVariable("tokenUuid") String tokenUuid, HttpServletRequest req, @RequestParam(value = "g-recaptcha-response", required = false) String response) throws IOException, UserException, TokenVerificationService.NoSuchVerificationTokenException {
// Validate the reCAPTCHA
captchaChecker.assureValidResponseForClient(response, req.getRemoteAddr());
emailVerificationService.cancelPasswordReset(tokenUuid);
return true;
}
@PreAuthorize("isAuthenticated()")
@PostMapping(value = "/delete/request")
public boolean deleteAccountRequest() throws UserException {
return userService.deleteAccountRequest();
}
@PreAuthorize("isAuthenticated()")
@DeleteMapping(value = "/{tokenUuid:.+}")
public boolean deleteAccount(@PathVariable("tokenUuid") String tokenUuid, HttpServletRequest req, @RequestParam(value = "g-recaptcha-response", required = false) String response,
@RequestParam(value = "key", required = true) String key) throws UserException {
// Validate the reCAPTCHA
captchaChecker.assureValidResponseForClient(response, req.getRemoteAddr());
try {
emailVerificationService.archiveUserByToken(tokenUuid, key);
// logout(); TODO
return true;
} catch (final TokenVerificationService.NoSuchVerificationTokenException e) {
throw new UserException("No such verification token!");
} catch (TokenVerificationService.TokenExpiredException e) {
throw new UserException("Your token expired!");
}
}
@PreAuthorize("isAuthenticated()")
@PostMapping(value = "/settings")
public UserDTO updateUserPreferences(@RequestBody UserService.UserPreferences preferences) throws UserException {
return userService.updateUserPreferences(preferences);
}
@PreAuthorize("isAuthenticated()")
@PostMapping(value = "/settings/{setting}")
public UserDTO updateUserPreferences(@PathVariable String setting, @RequestBody boolean value) throws UserException {
return userService.updateUserPreference(setting, value);
}
}