UserService.java

/*
 * Copyright 2013-2017 Simba Open Source
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */
package org.simbasecurity.core.service.user;

import static org.simbasecurity.common.request.RequestConstants.SIMBA_SSO_TOKEN;
import static org.simbasecurity.core.service.ErrorSender.sendError;
import static org.simbasecurity.core.service.ErrorSender.sendUnauthorizedError;

import javax.servlet.http.HttpServletResponse;

import org.simbasecurity.api.service.thrift.AuthorizationService;
import org.simbasecurity.api.service.thrift.SSOToken;
import org.simbasecurity.core.config.ConfigurationService;
import org.simbasecurity.core.domain.Session;
import org.simbasecurity.core.domain.User;
import org.simbasecurity.core.domain.repository.SessionRepository;
import org.simbasecurity.core.domain.repository.UserRepository;
import org.simbasecurity.core.exception.SimbaException;
import org.simbasecurity.core.service.ErrorSender;
import org.simbasecurity.core.service.manager.dto.ChangePasswordDTO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.CookieValue;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

/**
 * Can be called via rest by the user itself, not the admin or manager.
 */
@Transactional
@Controller
@RequestMapping("myDetails")
public class UserService {

	@Autowired
	private AuthorizationService.Iface authorizationService;

	@Autowired
	private UserRepository userRepository;

	@Autowired
	private SessionRepository sessionRepository;

	@Autowired
	private ConfigurationService configurationService;

	@RequestMapping("changePassword")
	@ResponseBody
	public void changePassword(@RequestHeader(value = SIMBA_SSO_TOKEN, required = false) String ssoTokenFromHeader,
			@CookieValue(value = SIMBA_SSO_TOKEN, required = false) String ssoTokenFromCookie, @RequestBody ChangePasswordDTO changePasswordDTO,
			HttpServletResponse response) {

		String ssoToken = (ssoTokenFromHeader != null ? ssoTokenFromHeader : ssoTokenFromCookie);
		if (ssoToken == null || changePasswordDTO.getUserName() == null) {
			sendUnauthorizedError(response);
			return;
		}

		Session activeSession = sessionRepository.findBySSOToken(new SSOToken(ssoToken));
		if (activeSession == null) {
			sendUnauthorizedError(response);
			return;

		} else {

			User sessionUser = activeSession.getUser();
			User userThatNeedsPasswordChange = userRepository.findByName(changePasswordDTO.getUserName());
			if (!sessionUser.getUserName().equals(userThatNeedsPasswordChange.getUserName())) {
				sendUnauthorizedError(response);
				return;

			} else {
				try {
					userThatNeedsPasswordChange.changePassword(changePasswordDTO.getNewPassword(), changePasswordDTO.getNewPasswordConfirmation());
				} catch (SimbaException ex) {
					sendError(ErrorSender.UNABLE_TO_CHANGE_PASSWORD_ERROR_CODE, response, ex.getMessage());
					return;
				}

				userRepository.flush();
			}
		}
	}

}