package fr.ippon.tatami.web.rest;
import com.yammer.metrics.annotation.Timed;
import fr.ippon.tatami.domain.User;
import fr.ippon.tatami.security.AuthenticationService;
import fr.ippon.tatami.service.UserService;
import fr.ippon.tatami.service.util.DomainUtil;
import fr.ippon.tatami.web.rest.dto.Preferences;
import fr.ippon.tatami.web.rest.dto.UserPassword;
import org.apache.commons.lang.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.password.StandardPasswordEncoder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.inject.Inject;
import javax.servlet.http.HttpServletResponse;
import javax.validation.ConstraintViolationException;
/*
* REST controller for managing users.
* @author Arthur Weber
*/
@Controller
public class AccountController {
private static final Logger log = LoggerFactory.getLogger(AccountController.class);
@Inject
private UserService userService;
@Inject
private AuthenticationService authenticationService;
@Inject
Environment env;
/*
* GET /account/admin -> Determines if the current account is an admin
*/
@RequestMapping(value = "/rest/account/admin",
method = RequestMethod.GET,
produces = "application/json")
@ResponseBody
@Timed
public String isAdmin() {
log.debug("REST request to determine if user is an admin");
org.springframework.security.core.userdetails.User securityUser =
(org.springframework.security.core.userdetails.User)
SecurityContextHolder.getContext().getAuthentication().getPrincipal();
return "{ \"roles\": \"" + securityUser.getAuthorities().toString() + "\" }";
}
/**
* GET /account/profile -> get account's profile
*/
@RequestMapping(value = "/rest/account/profile",
method = RequestMethod.GET,
produces = "application/json")
@ResponseBody
@Timed
public User getProfile() {
log.debug("REST request to get account's profile");
User currentUser = authenticationService.getCurrentUser();
return userService.getUserByLogin(currentUser.getLogin());
}
/**
* PUT /account/profile -> get account's profile
*/
@RequestMapping(value = "/rest/account/profile",
method = RequestMethod.PUT)
@ResponseBody
@Timed
public User updateUserProfile(@RequestBody User updatedUser, HttpServletResponse response) {
User currentUser = authenticationService.getCurrentUser();
currentUser.setFirstName(updatedUser.getFirstName().replace("<", " "));
currentUser.setLastName(updatedUser.getLastName().replace("<", " "));
currentUser.setJobTitle(StringEscapeUtils.escapeHtml(updatedUser.getJobTitle().replace("<", " ")));
currentUser.setPhoneNumber(updatedUser.getPhoneNumber().replace("<", " "));
try {
userService.updateUser(currentUser);
} catch (ConstraintViolationException cve) {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return null;
}
log.debug("User updated : {}", currentUser);
return currentUser;
}
@RequestMapping(value = "/rest/account/profile",
method = RequestMethod.DELETE)
@Timed
public void suppressUserProfile() {
User currentUser = authenticationService.getCurrentUser();
log.debug("Suppression du compte utilisateur : {}", currentUser);
userService.deleteUser(currentUser);
}
/**
* GET /account/preferences -> get account's preferences
*/
@RequestMapping(value = "/rest/account/preferences",
method = RequestMethod.GET,
produces = "application/json")
@ResponseBody
@Timed
public Preferences getPreferences() {
log.debug("REST request to get account's preferences");
User currentUser = authenticationService.getCurrentUser();
User user = userService.getUserByLogin(currentUser.getLogin());
return new Preferences(user);
}
/**
* POST /account/preferences -> update account's preferences
*/
@RequestMapping(value = "/rest/account/preferences",
method = RequestMethod.POST,
produces = "application/json")
@ResponseBody
@Timed
public Preferences updatePreferences(@RequestBody Preferences newPreferences, HttpServletResponse response) {
log.debug("REST request to set account's preferences");
Preferences preferences = null;
try {
User currentUser = authenticationService.getCurrentUser();
currentUser.setPreferencesMentionEmail(newPreferences.getMentionEmail());
currentUser.setDailyDigestSubscription(newPreferences.getDailyDigest());
currentUser.setWeeklyDigestSubscription(newPreferences.getWeeklyDigest());
String rssUid = userService.updateRssTimelinePreferences(newPreferences.getRssUidActive());
currentUser.setRssUid(rssUid);
preferences = new Preferences(currentUser);
userService.updateUser(currentUser);
userService.updateDailyDigestRegistration(newPreferences.getDailyDigest());
userService.updateWeeklyDigestRegistration(newPreferences.getWeeklyDigest());
org.springframework.security.core.userdetails.User securityUser =
(org.springframework.security.core.userdetails.User)
SecurityContextHolder.getContext().getAuthentication().getPrincipal();
log.debug("User roles : {}", securityUser);
Authentication authentication =
new UsernamePasswordAuthenticationToken(securityUser,
securityUser.getPassword(),
securityUser.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
log.debug("User updated : {}", currentUser);
} catch (Exception e) {
log.debug("Error during setting preferences", e);
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
return preferences;
}
/**
* GET /account/password -> throws an error if the password is managed by LDAP
*/
@RequestMapping(value = "/rest/account/password",
method = RequestMethod.GET,
produces = "application/json")
@ResponseBody
@Timed
public UserPassword isPasswordManagedByLDAP(HttpServletResponse response) {
User currentUser = authenticationService.getCurrentUser();
String domain = DomainUtil.getDomainFromLogin(currentUser.getLogin());
if (userService.isDomainHandledByLDAP(domain)) {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return null;
} else {
return new UserPassword();
}
}
/**
* GET /account/preferences -> get account's preferences
*/
@RequestMapping(value = "/rest/account/password",
method = RequestMethod.POST,
produces = "application/json")
@ResponseBody
@Timed
public UserPassword setPassword(@RequestBody UserPassword userPassword, HttpServletResponse response) {
log.debug("REST request to set account's password");
try {
User currentUser = authenticationService.getCurrentUser();
StandardPasswordEncoder encoder = new StandardPasswordEncoder();
if (!encoder.matches(userPassword.getOldPassword(), currentUser.getPassword())) {
log.debug("The old password is incorrect : {}", userPassword.getOldPassword());
throw new Exception("oldPassword");
}
if (!userPassword.getNewPassword().equals(userPassword.getNewPasswordConfirmation())) {
throw new Exception("newPasswordConfirmation");
}
currentUser.setPassword(userPassword.getNewPassword());
userService.updatePassword(currentUser);
log.debug("User password updated : {}", currentUser);
return new UserPassword();
} catch (Exception e) {
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return null;
}
}
}