AccountController.java example

Explorer
documentr-master
- de.blizzy.documentr
  - src
/*
documentr - Edit, maintain, and present software documentation on the web.
Copyright (C) 2012-2013 Maik Schreiber

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/
package de.blizzy.documentr.web.account;

import java.io.IOException;

import javax.validation.Valid;

import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

import de.blizzy.documentr.access.OpenId;
import de.blizzy.documentr.access.User;
import de.blizzy.documentr.access.UserStore;

@Controller
@RequestMapping("/account")
public class AccountController {
	@Autowired
	private UserStore userStore;
	@Autowired
	private PasswordEncoder passwordEncoder;

	@RequestMapping(value="/myAccount", method=RequestMethod.GET)
	@PreAuthorize("isAuthenticated()")
	public String getMyAccount(Model model) {
		AccountForm form = new AccountForm(null, null, null);
		model.addAttribute("accountForm", form); //$NON-NLS-1$
		return "/account/index"; //$NON-NLS-1$
	}

	@RequestMapping(value="/openId", method=RequestMethod.GET)
	@PreAuthorize("isAuthenticated()")
	public String getMyOpenIds() {
		return "/account/openId"; //$NON-NLS-1$
	}

	@RequestMapping(value="/removeOpenId", method=RequestMethod.GET)
	@PreAuthorize("isAuthenticated()")
	public String removeOpenId(@RequestParam String openId, Authentication authentication) throws IOException {
		String loginName = authentication.getName();
		User user = userStore.getUser(loginName);
		user.removeOpenId(openId);
		userStore.saveUser(user, user);
		return "redirect:/account/openId"; //$NON-NLS-1$
	}

	@RequestMapping(value="/save", method=RequestMethod.POST)
	@PreAuthorize("isAuthenticated()")
	public String saveMyAccount(@ModelAttribute @Valid AccountForm form, BindingResult bindingResult, Model model,
			Authentication authentication) throws IOException {

		if (StringUtils.isNotBlank(form.getNewPassword1()) || StringUtils.isNotBlank(form.getNewPassword2())) {
			User user = userStore.getUser(authentication.getName());
			if (StringUtils.isBlank(form.getPassword())) {
				bindingResult.rejectValue("password", "user.password.blank"); //$NON-NLS-1$ //$NON-NLS-2$
			} else if (!passwordEncoder.matches(form.getPassword(), user.getPassword())) {
				bindingResult.rejectValue("password", "user.password.wrong"); //$NON-NLS-1$ //$NON-NLS-2$
			}
			if (!StringUtils.equals(form.getNewPassword1(), form.getNewPassword2())) {
				bindingResult.rejectValue("newPassword1", "user.password.passwordsNotEqual"); //$NON-NLS-1$ //$NON-NLS-2$
			}

			if (!bindingResult.hasErrors()) {
				String encodedPassword = passwordEncoder.encode(form.getNewPassword1());
				User newUser = new User(user.getLoginName(), encodedPassword, user.getEmail(), user.isDisabled());
				for (OpenId openId : user.getOpenIds()) {
					newUser.addOpenId(openId);
				}
				userStore.saveUser(newUser, user);
			}
		}

		if (!bindingResult.hasErrors()) {
			model.addAttribute("messageKey", "dataSaved"); //$NON-NLS-1$ //$NON-NLS-2$
		}
		return "/account/index"; //$NON-NLS-1$
	}

	@ModelAttribute
	public AccountForm createAccountForm(@RequestParam(required=false) String password,
			@RequestParam(required=false) String newPassword1, @RequestParam(required=false) String newPassword2) {

		return new AccountForm(password, newPassword1, newPassword2);
	}
}