AppCustomerService.java

package de.rwth.idsg.bikeman.app.service;

import de.rwth.idsg.bikeman.app.dto.CreateCustomerDTO;
import de.rwth.idsg.bikeman.app.exception.AppException;
import de.rwth.idsg.bikeman.app.repository.AppCustomerRepository;
import de.rwth.idsg.bikeman.domain.ActivationKey;
import de.rwth.idsg.bikeman.domain.ActivationKeyType;
import de.rwth.idsg.bikeman.domain.Customer;
import de.rwth.idsg.bikeman.domain.User;
import de.rwth.idsg.bikeman.repository.UserRepository;
import de.rwth.idsg.bikeman.service.ActivationKeyService;
import de.rwth.idsg.bikeman.service.MailService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import java.util.Optional;

@Service
@Slf4j
public class AppCustomerService {
    @Autowired
    private AppCustomerRepository appCustomerRepository;

    @Autowired
    private UserRepository userRepository;

    @Autowired
    private ActivationKeyService activationKeyService;

    @Autowired
    private MailService mailService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    public CreateCustomerDTO create(CreateCustomerDTO dto) throws AppException {
        CreateCustomerDTO obj = appCustomerRepository.create(dto);

        //TODO: createActivationKey
        //TODO: sendActivationEmail

        return obj;
    }

    @Transactional
    public Boolean requestPasswordReset(String login) {
        Optional<Customer> customer = appCustomerRepository.findByLogin(login);

        if (!customer.isPresent()) {
            return false;
        }

        String key = activationKeyService.createForPasswordReset(customer.get());
        mailService.sendPasswortResetEmail(customer.get(), key);

        return true;
    }

    @Transactional
    public Boolean changePassword(String login, String key, String password, String passwordConfirm) {
        Optional<Customer> customer = appCustomerRepository.findByLogin(login);
        Optional<ActivationKey> activationKey =
                activationKeyService.getNotUsedAndValid(key, ActivationKeyType.PASSWORD_RESET);

        if (!customer.isPresent()) {
            log.debug("customer not present");
            return false;
        }

        if (!activationKey.isPresent()) {
            log.debug("activationkey not present");
            return false;
        }

        if (!customer.get().equals(activationKey.get().getCustomer())) {
            log.debug("customer hijacking");
            return false;
        }

        if (password.compareTo(passwordConfirm) != 0) {
            log.debug("passwords unequal");
            return false;
        }

        if (!activationKeyService.markUsed(activationKey.get())) {
            log.debug("activationkey double usage");
            return false;
        }

        User user = customer.get();
        String encryptedPassword = passwordEncoder.encode(password);

        user.setPassword(encryptedPassword);
        userRepository.save(customer.get());

        return true;
    }

    public Boolean validatePasswordResetKey(String key) {
        Optional<ActivationKey> activationKey =
                activationKeyService.getNotUsedAndValid(key, ActivationKeyType.PASSWORD_RESET);

        return activationKey.isPresent();
    }

}