use of amu.zhcet.data.user.User in project zhcet-web by zhcet-amu.
the class PasswordChangeController method changePassword.
@GetMapping
public String changePassword(Model model) {
User user = userService.getLoggedInUser().orElseThrow(UserNotFoundException::new);
if (!user.isEmailVerified()) {
log.warn("User not verified and tried to change the password!");
model.addAttribute("error", "The user is not verified, and hence can't change the password");
} else {
if (!model.containsAttribute("password")) {
PasswordChange passwordChange = new PasswordChange();
model.addAttribute("password", passwordChange);
}
model.addAttribute("blacklist", Arrays.asList(user.getName(), user.getEmail(), user.getUserId()));
}
return "user/change_password";
}
use of amu.zhcet.data.user.User in project zhcet-web by zhcet-amu.
the class PasswordResetController method savePassword.
@PostMapping
@PreAuthorize("hasAuthority('PASSWORD_CHANGE_PRIVILEGE')")
public String savePassword(@Valid PasswordReset passwordReset, BindingResult bindingResult, RedirectAttributes redirectAttributes) {
Optional<User> optionalUser = Auditor.getLoggedInAuthentication().map(Authentication::getPrincipal).filter(principal -> !principal.getClass().isAssignableFrom(User.class)).map(principal -> ((User) principal).getUserId()).flatMap(userService::findById);
if (!optionalUser.isPresent()) {
redirectAttributes.addAttribute("error", "Unknown Error");
} else {
User user = optionalUser.get();
if (bindingResult.hasErrors()) {
redirectAttributes.addFlashAttribute("password", passwordReset);
redirectAttributes.addFlashAttribute("org.springframework.validation.BindingResult.password", bindingResult);
} else {
try {
passwordResetService.resetPassword(user, passwordReset);
redirectAttributes.addFlashAttribute("reset_success", true);
return "redirect:/login";
} catch (TokenValidationException tve) {
log.warn("Token Verification : Password Reset : {}", tve.getMessage());
redirectAttributes.addAttribute("error", tve.getMessage());
} catch (PasswordValidationException pve) {
log.debug("Password Verification Exception", pve);
redirectAttributes.addFlashAttribute("pass_errors", pve.getMessage());
}
}
}
return String.format("redirect:/login/password/reset?hash=%s&auth=%s", passwordReset.getHash(), passwordReset.getToken());
}
use of amu.zhcet.data.user.User in project zhcet-web by zhcet-amu.
the class ResetTokenSender method sendMail.
private void sendMail(PasswordResetToken token) {
User user = token.getUser();
String relativeUrl = String.format("/login/password/reset?hash=%s&auth=%s", SecurityUtils.getHash(user.getUserId()), token.getToken());
log.debug("Password reset link generated : {}", relativeUrl);
LinkMessage linkMessage = getPayLoad(user, relativeUrl);
linkMailService.sendEmail(linkMessage, false);
}
use of amu.zhcet.data.user.User in project zhcet-web by zhcet-amu.
the class TwoFAService method generate2FASecret.
/**
* Generates a random secret to be be seed of TOTP secret and QR Code URL
* @return {@link TwoFASecret} enclosing the user ID and secret
*/
TwoFASecret generate2FASecret() {
User user = userService.getLoggedInUser().orElseThrow(UserNotFoundException::new);
if (user.getTotpSecret() != null) {
log.warn("User {} is overwriting TOTP with new one", user.getUserId());
}
String secret = Base32.random();
log.debug("Adding secret {} to user {}", secret, user.getUserId());
TwoFASecret twoFASecret = new TwoFASecret(user.getUserId(), secret);
log.debug("QR code URL: {}", twoFASecret.getQrUrl());
return twoFASecret;
}
use of amu.zhcet.data.user.User in project zhcet-web by zhcet-amu.
the class TwoFAService method disable2FA.
void disable2FA() {
User user = userService.getLoggedInUser().orElseThrow(UserNotFoundException::new);
user.setUsing2fa(false);
user.setTotpSecret(null);
userService.save(user);
}
Aggregations