SignUpController.java example

Explorer
activityinfo-master
package org.activityinfo.server.login;

/*
 * #%L
 * ActivityInfo Server
 * %%
 * Copyright (C) 2009 - 2013 UNICEF
 * %%
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, either version 3 of the 
 * License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public 
 * License along with this program.  If not, see
 * <http://www.gnu.org/licenses/gpl-3.0.html>.
 * #L%
 */

import com.google.common.base.Strings;
import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.sun.jersey.api.view.Viewable;
import org.activityinfo.server.database.hibernate.dao.Transactional;
import org.activityinfo.server.database.hibernate.dao.UserDAO;
import org.activityinfo.server.database.hibernate.dao.UserDAOImpl;
import org.activityinfo.server.database.hibernate.entity.Domain;
import org.activityinfo.server.database.hibernate.entity.User;
import org.activityinfo.server.login.model.SignUpAddressExistsPageModel;
import org.activityinfo.server.login.model.SignUpPageModel;
import org.activityinfo.server.mail.MailSender;
import org.activityinfo.server.mail.SignUpConfirmationMessage;
import org.activityinfo.server.util.logging.LogException;

import javax.inject.Provider;
import javax.persistence.EntityManager;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.*;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import java.io.IOException;
import java.net.URI;
import java.util.logging.Level;
import java.util.logging.Logger;

@Path("/signUp")
public class SignUpController {
    public static final String ENDPOINT = "/signUp*";

    private static final Logger LOGGER = Logger.getLogger(SignUpController.class.getName());

    private static final int MAX_PARAM_LENGTH = 200;

    @Inject
    private MailSender mailer;

    @Inject
    private Provider<UserDAO> userDAO;

    @Inject
    private EntityManager entityManager;

    @Inject
    private Provider<Domain> domainProvider;

    @GET @Produces(MediaType.TEXT_HTML) @LogException(emailAlert = true)
    public Viewable getPage(@Context HttpServletRequest req) throws ServletException, IOException {
        return new SignUpPageModel().asViewable();
    }

    @GET @Path("/sent") @Produces(MediaType.TEXT_HTML)
    public Viewable getPage() {
        return new Viewable("/page/SignUpEmailSent.ftl", Maps.newHashMap());
    }

    @POST @Produces(MediaType.TEXT_HTML) @LogException(emailAlert = true) @Transactional
    public Response signUp(@FormParam("name") String name,
                           @FormParam("organization") String organization,
                           @FormParam("jobtitle") String jobtitle,
                           @FormParam("email") String email,
                           @FormParam("locale") String locale) {

        LOGGER.info("New user signing up! [name: " + name + ", email: " + email + ", locale: " + locale +
                    ", organization: " + organization + ", job title: " + jobtitle + "]");

        if (!domainProvider.get().isSignUpAllowed()) {
            LOGGER.severe("Blocked attempt to signup via " + domainProvider.get().getHost());
            return Response.status(Status.FORBIDDEN).build();
        }

        // checking parameter values
        try {
            checkParam(name, true);
            checkParam(organization, false);
            checkParam(jobtitle, false);
            checkParam(email, true);
            checkParam(locale, true);
        } catch (IllegalArgumentException e) {
            LOGGER.log(Level.INFO, "User " + name + " (" + email + ") failed to sign up", e);
            return Response.ok(SignUpPageModel.formErrorModel()
                                              .set(email, name, organization, jobtitle, locale)
                                              .asViewable()).build();
        }

        try {
            // check duplicate email
            if (userDAO.get().doesUserExist(email)) {
                return Response.ok(new SignUpAddressExistsPageModel(email).asViewable())
                               .type(MediaType.TEXT_HTML)
                               .build();
            }

            // persist new user
            User user = UserDAOImpl.createNewUser(email, name, organization, jobtitle, locale);
            userDAO.get().persist(user);

            // send confirmation email
            mailer.send(new SignUpConfirmationMessage(user));

            // return to page with positive result
            return Response.seeOther(new URI("/signUp/sent")).build();

        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "User " + name + " (" + email + ") failed to sign up", e);
            entityManager.getTransaction().rollback();
            return Response.ok(SignUpPageModel.genericErrorModel()
                                              .set(email, name, organization, jobtitle, locale)
                                              .asViewable()).build();
        }
    }

    private void checkParam(String value, boolean required) {
        boolean illegal = false;
        illegal |= (required && Strings.isNullOrEmpty(value));
        illegal |= (value != null && value.length() > MAX_PARAM_LENGTH); // sanity check

        if (illegal) {
            throw new IllegalArgumentException();
        }
    }
}