/*
Copyright 2013 Josh Drummond
This file is part of WebPasswordSafe.
WebPasswordSafe is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
WebPasswordSafe is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with WebPasswordSafe; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
package net.webpasswordsafe.server.webservice.rest;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.webpasswordsafe.client.remote.LoginService;
import net.webpasswordsafe.client.remote.UserService;
import net.webpasswordsafe.common.model.User;
import net.webpasswordsafe.common.util.Constants;
import net.webpasswordsafe.common.util.Constants.AuthenticationStatus;
import net.webpasswordsafe.common.util.Utils;
import net.webpasswordsafe.server.ServerSessionUtil;
import net.webpasswordsafe.server.report.JasperReportServlet;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.View;
/**
* Set of user related REST webservices
*
* @author Josh Drummond
*
*/
@Controller
public class UserController
{
@Autowired
private UserService userService;
@Autowired
protected LoginService loginService;
@Autowired
private View jsonView;
private static Logger LOG = Logger.getLogger(UserController.class);
@RequestMapping(value = "/reports", method = RequestMethod.GET)
public void getReport(HttpServletRequest request, HttpServletResponse response,
@RequestHeader(Constants.REST_AUTHN_USERNAME) String authnUsername,
@RequestHeader(Constants.REST_AUTHN_PASSWORD) String authnPassword,
@RequestHeader(Constants.REST_AUTHN_TOTP) String authnTOTP)
{
try
{
ServerSessionUtil.setIP(request.getRemoteAddr());
AuthenticationStatus authStatus = loginService.login(authnUsername, Utils.buildCredentials(authnPassword, authnTOTP));
if (AuthenticationStatus.SUCCESS == authStatus)
{
JasperReportServlet servlet = new JasperReportServlet();
servlet.doPost(request, response);
}
else
{
}
loginService.logout();
}
catch (Exception e)
{
LOG.error(e.getMessage(), e);
}
}
@RequestMapping(value = "/users", method = RequestMethod.POST)
public ModelAndView addUser(@RequestBody Map<String, Object> userMap,
HttpServletRequest request,
@RequestHeader(Constants.REST_AUTHN_USERNAME) String authnUsername,
@RequestHeader(Constants.REST_AUTHN_PASSWORD) String authnPassword,
@RequestHeader(Constants.REST_AUTHN_TOTP) String authnTOTP)
{
boolean isSuccess = false;
String message = "";
String userId = "";
try
{
ServerSessionUtil.setIP(request.getRemoteAddr());
AuthenticationStatus authStatus = loginService.login(authnUsername, Utils.buildCredentials(authnPassword, authnTOTP));
if (AuthenticationStatus.SUCCESS == authStatus)
{
User user = new User();
user.setUsername(Utils.safeString(userMap.get("username")));
user.updateAuthnPasswordValue(Utils.safeString(userMap.get("password")));
user.setFullname(Utils.safeString(userMap.get("fullname")));
user.setEmail(Utils.safeString(userMap.get("email")));
String activeFlag = Utils.safeString(userMap.get("active")).toLowerCase();
user.setActiveFlag(activeFlag.equals("true") || activeFlag.equals("yes") || activeFlag.equals("y"));
boolean isUserTaken = userService.isUserTaken(user.getUsername());
if (!isUserTaken)
{
userService.addUser(user);
userId = String.valueOf(user.getId());
isSuccess = true;
}
else
{
message = "Username already exists";
}
}
else
{
message = "Invalid authentication";
}
loginService.logout();
}
catch (Exception e)
{
LOG.error(e.getMessage(), e);
isSuccess = false;
message = e.getMessage();
}
return createModelAndView(isSuccess, message, "userId", userId);
}
private ModelAndView createModelAndView(boolean isSuccess, String message, String dataKey, Object dataValue)
{
ModelAndView mv = new ModelAndView(jsonView);
mv.addObject("success", isSuccess);
mv.addObject("message", message);
mv.addObject(dataKey, dataValue);
return mv;
}
}