package de.rwth.idsg.bikeman.app.service;
import de.rwth.idsg.bikeman.app.dto.CreateCustomerDTO;
import de.rwth.idsg.bikeman.app.exception.AppException;
import de.rwth.idsg.bikeman.app.repository.AppCustomerRepository;
import de.rwth.idsg.bikeman.domain.ActivationKey;
import de.rwth.idsg.bikeman.domain.ActivationKeyType;
import de.rwth.idsg.bikeman.domain.Customer;
import de.rwth.idsg.bikeman.domain.User;
import de.rwth.idsg.bikeman.repository.UserRepository;
import de.rwth.idsg.bikeman.service.ActivationKeyService;
import de.rwth.idsg.bikeman.service.MailService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.Optional;
@Service
@Slf4j
public class AppCustomerService {
@Autowired
private AppCustomerRepository appCustomerRepository;
@Autowired
private UserRepository userRepository;
@Autowired
private ActivationKeyService activationKeyService;
@Autowired
private MailService mailService;
@Autowired
private PasswordEncoder passwordEncoder;
public CreateCustomerDTO create(CreateCustomerDTO dto) throws AppException {
CreateCustomerDTO obj = appCustomerRepository.create(dto);
//TODO: createActivationKey
//TODO: sendActivationEmail
return obj;
}
@Transactional
public Boolean requestPasswordReset(String login) {
Optional<Customer> customer = appCustomerRepository.findByLogin(login);
if (!customer.isPresent()) {
return false;
}
String key = activationKeyService.createForPasswordReset(customer.get());
mailService.sendPasswortResetEmail(customer.get(), key);
return true;
}
@Transactional
public Boolean changePassword(String login, String key, String password, String passwordConfirm) {
Optional<Customer> customer = appCustomerRepository.findByLogin(login);
Optional<ActivationKey> activationKey =
activationKeyService.getNotUsedAndValid(key, ActivationKeyType.PASSWORD_RESET);
if (!customer.isPresent()) {
log.debug("customer not present");
return false;
}
if (!activationKey.isPresent()) {
log.debug("activationkey not present");
return false;
}
if (!customer.get().equals(activationKey.get().getCustomer())) {
log.debug("customer hijacking");
return false;
}
if (password.compareTo(passwordConfirm) != 0) {
log.debug("passwords unequal");
return false;
}
if (!activationKeyService.markUsed(activationKey.get())) {
log.debug("activationkey double usage");
return false;
}
User user = customer.get();
String encryptedPassword = passwordEncoder.encode(password);
user.setPassword(encryptedPassword);
userRepository.save(customer.get());
return true;
}
public Boolean validatePasswordResetKey(String key) {
Optional<ActivationKey> activationKey =
activationKeyService.getNotUsedAndValid(key, ActivationKeyType.PASSWORD_RESET);
return activationKey.isPresent();
}
}