package org.abcgo.web.rest; import com.codahale.metrics.annotation.Timed; import org.abcgo.domain.Authority; import org.abcgo.domain.User; import org.abcgo.repository.UserRepository; import org.abcgo.security.SecurityUtils; import org.abcgo.service.MailService; import org.abcgo.service.UserService; import org.abcgo.web.rest.dto.UserDTO; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; import javax.validation.Valid; import java.io.UnsupportedEncodingException; import java.net.URLDecoder; import java.util.*; /** * REST controller for managing the current user's account. */ @RestController @RequestMapping("/api") public class AccountResource { private final Logger log = LoggerFactory.getLogger(AccountResource.class); @Inject private UserRepository userRepository; @Inject private UserService userService; @Inject private MailService mailService; /** * POST /register -> register the user. */ @RequestMapping(value = "/register", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE) @Timed public ResponseEntity<?> registerAccount(@Valid @RequestBody UserDTO userDTO, HttpServletRequest request) { User user = userRepository.findOneByLogin(userDTO.getLogin()); if (user != null) { return ResponseEntity.badRequest().contentType(MediaType.TEXT_PLAIN).body("login already in use"); } else { if (userRepository.findOneByEmail(userDTO.getEmail()) != null) { return ResponseEntity.badRequest().contentType(MediaType.TEXT_PLAIN).body("e-mail address already in use"); } user = userService.createUserInformation(userDTO.getLogin(), userDTO.getPassword(), userDTO.getFirstName(), userDTO.getLastName(), userDTO.getEmail().toLowerCase(), userDTO.getLangKey()); String baseUrl = request.getScheme() + // "http" "://" + // "://" request.getServerName() + // "myhost" ":" + // ":" request.getServerPort(); // "80" mailService.sendActivationEmail(user, baseUrl); return new ResponseEntity<>(HttpStatus.CREATED); } } /** * GET /activate -> activate the registered user. */ @RequestMapping(value = "/activate", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @Timed public ResponseEntity<String> activateAccount(@RequestParam(value = "key") String key) { User user = userService.activateRegistration(key); if (user == null) { return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); } return new ResponseEntity<String>(HttpStatus.OK); } /** * GET /authenticate -> check if the user is authenticated, and return its login. */ @RequestMapping(value = "/authenticate", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @Timed public String isAuthenticated(HttpServletRequest request) { log.debug("REST request to check if the current user is authenticated"); return request.getRemoteUser(); } /** * GET /account -> get the current user. */ @RequestMapping(value = "/account", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @Timed public ResponseEntity<UserDTO> getAccount() { User user = userService.getUserWithAuthorities(); if (user == null) { return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); } List<String> roles = new ArrayList<>(); for (Authority authority : user.getAuthorities()) { roles.add(authority.getName()); } return new ResponseEntity<>( new UserDTO( user.getLogin(), null, user.getFirstName(), user.getLastName(), user.getEmail(), user.getLangKey(), roles), HttpStatus.OK); } /** * POST /account -> update the current user information. */ @RequestMapping(value = "/account", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) @Timed public ResponseEntity<String> saveAccount(@RequestBody UserDTO userDTO) { User userHavingThisLogin = userRepository.findOneByLogin(userDTO.getLogin()); if (userHavingThisLogin != null && !userHavingThisLogin.getLogin().equals(SecurityUtils.getCurrentLogin())) { return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); } userService.updateUserInformation(userDTO.getFirstName(), userDTO.getLastName(), userDTO.getEmail(), userDTO.getLangKey()); return new ResponseEntity<>(HttpStatus.OK); } /** * POST /change_password -> changes the current user's password */ @RequestMapping(value = "/account/change_password", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) @Timed public ResponseEntity<?> changePassword(@RequestBody String password) { if (!checkPasswordLength(password)) { return new ResponseEntity<>("Incorrect password", HttpStatus.BAD_REQUEST); } userService.changePassword(password); return new ResponseEntity<>(HttpStatus.OK); } @RequestMapping(value = "/account/reset_password/init", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE) @Timed public ResponseEntity<?> requestPasswordReset(@RequestBody String mail, HttpServletRequest request) { User user = userService.requestPasswordReset(mail); if (user != null) { String baseUrl = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort(); mailService.sendPasswordResetMail(user, baseUrl); return new ResponseEntity<>("e-mail was sent", HttpStatus.OK); } else { return new ResponseEntity<>("e-mail address not registered", HttpStatus.BAD_REQUEST); } } @RequestMapping(value = "/account/reset_password/finish", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) @Timed public ResponseEntity<String> finishPasswordReset(@RequestParam(value = "key") String key, @RequestParam(value = "newPassword") String newPassword) { if (!checkPasswordLength(newPassword)) { return new ResponseEntity<>("Incorrect password", HttpStatus.BAD_REQUEST); } User user = userService.completePasswordReset(newPassword, key); if (user != null) { return new ResponseEntity<String>(HttpStatus.OK); } else { return new ResponseEntity<String>(HttpStatus.INTERNAL_SERVER_ERROR); } } private boolean checkPasswordLength(String password) { return (!StringUtils.isEmpty(password) && password.length() >= UserDTO.PASSWORD_MIN_LENGTH && password.length() <= UserDTO.PASSWORD_MAX_LENGTH); } }