Examples with User - amu.zhcet.data.user.User

Example 1 with User

use of amu.zhcet.data.user.User in project zhcet-web by zhcet-amu.

the class PasswordChangeController method changePassword.

@GetMapping
public String changePassword(Model model) {
    User user = userService.getLoggedInUser().orElseThrow(UserNotFoundException::new);
    if (!user.isEmailVerified()) {
        log.warn("User not verified and tried to change the password!");
        model.addAttribute("error", "The user is not verified, and hence can't change the password");
    } else {
        if (!model.containsAttribute("password")) {
            PasswordChange passwordChange = new PasswordChange();
            model.addAttribute("password", passwordChange);
        }
        model.addAttribute("blacklist", Arrays.asList(user.getName(), user.getEmail(), user.getUserId()));
    }
    return "user/change_password";
}

Also used : UserNotFoundException(amu.zhcet.data.user.UserNotFoundException) User(amu.zhcet.data.user.User) PasswordChange(amu.zhcet.auth.password.PasswordChange) GetMapping(org.springframework.web.bind.annotation.GetMapping)

Example 2 with User

use of amu.zhcet.data.user.User in project zhcet-web by zhcet-amu.

the class PasswordResetController method savePassword.

@PostMapping
@PreAuthorize("hasAuthority('PASSWORD_CHANGE_PRIVILEGE')")
public String savePassword(@Valid PasswordReset passwordReset, BindingResult bindingResult, RedirectAttributes redirectAttributes) {
    Optional<User> optionalUser = Auditor.getLoggedInAuthentication().map(Authentication::getPrincipal).filter(principal -> !principal.getClass().isAssignableFrom(User.class)).map(principal -> ((User) principal).getUserId()).flatMap(userService::findById);
    if (!optionalUser.isPresent()) {
        redirectAttributes.addAttribute("error", "Unknown Error");
    } else {
        User user = optionalUser.get();
        if (bindingResult.hasErrors()) {
            redirectAttributes.addFlashAttribute("password", passwordReset);
            redirectAttributes.addFlashAttribute("org.springframework.validation.BindingResult.password", bindingResult);
        } else {
            try {
                passwordResetService.resetPassword(user, passwordReset);
                redirectAttributes.addFlashAttribute("reset_success", true);
                return "redirect:/login";
            } catch (TokenValidationException tve) {
                log.warn("Token Verification : Password Reset : {}", tve.getMessage());
                redirectAttributes.addAttribute("error", tve.getMessage());
            } catch (PasswordValidationException pve) {
                log.debug("Password Verification Exception", pve);
                redirectAttributes.addFlashAttribute("pass_errors", pve.getMessage());
            }
        }
    }
    return String.format("redirect:/login/password/reset?hash=%s&auth=%s", passwordReset.getHash(), passwordReset.getToken());
}

Also used : User(amu.zhcet.data.user.User) RedirectAttributes(org.springframework.web.servlet.mvc.support.RedirectAttributes) PostMapping(org.springframework.web.bind.annotation.PostMapping) RequestParam(org.springframework.web.bind.annotation.RequestParam) PasswordValidationException(amu.zhcet.auth.password.PasswordValidationException) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) BindingResult(org.springframework.validation.BindingResult) Controller(org.springframework.stereotype.Controller) Valid(javax.validation.Valid) Slf4j(lombok.extern.slf4j.Slf4j) Model(org.springframework.ui.Model) PasswordReset(amu.zhcet.auth.password.PasswordReset) GetMapping(org.springframework.web.bind.annotation.GetMapping) Optional(java.util.Optional) UserService(amu.zhcet.data.user.UserService) Auditor(amu.zhcet.auth.Auditor) Authentication(org.springframework.security.core.Authentication) Collections(java.util.Collections) User(amu.zhcet.data.user.User) PasswordValidationException(amu.zhcet.auth.password.PasswordValidationException) PostMapping(org.springframework.web.bind.annotation.PostMapping) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 3 with User

use of amu.zhcet.data.user.User in project zhcet-web by zhcet-amu.

the class ResetTokenSender method sendMail.

private void sendMail(PasswordResetToken token) {
    User user = token.getUser();
    String relativeUrl = String.format("/login/password/reset?hash=%s&auth=%s", SecurityUtils.getHash(user.getUserId()), token.getToken());
    log.debug("Password reset link generated : {}", relativeUrl);
    LinkMessage linkMessage = getPayLoad(user, relativeUrl);
    linkMailService.sendEmail(linkMessage, false);
}

Also used : LinkMessage(amu.zhcet.email.LinkMessage) User(amu.zhcet.data.user.User)

Example 4 with User

use of amu.zhcet.data.user.User in project zhcet-web by zhcet-amu.

the class TwoFAService method generate2FASecret.

/**
 * Generates a random secret to be be seed of TOTP secret and QR Code URL
 * @return {@link TwoFASecret} enclosing the user ID and secret
 */
TwoFASecret generate2FASecret() {
    User user = userService.getLoggedInUser().orElseThrow(UserNotFoundException::new);
    if (user.getTotpSecret() != null) {
        log.warn("User {} is overwriting TOTP with new one", user.getUserId());
    }
    String secret = Base32.random();
    log.debug("Adding secret {} to user {}", secret, user.getUserId());
    TwoFASecret twoFASecret = new TwoFASecret(user.getUserId(), secret);
    log.debug("QR code URL: {}", twoFASecret.getQrUrl());
    return twoFASecret;
}

Also used : UserNotFoundException(amu.zhcet.data.user.UserNotFoundException) User(amu.zhcet.data.user.User)

Example 5 with User

use of amu.zhcet.data.user.User in project zhcet-web by zhcet-amu.

the class TwoFAService method disable2FA.

void disable2FA() {
    User user = userService.getLoggedInUser().orElseThrow(UserNotFoundException::new);
    user.setUsing2fa(false);
    user.setTotpSecret(null);
    userService.save(user);
}

Also used : UserNotFoundException(amu.zhcet.data.user.UserNotFoundException) User(amu.zhcet.data.user.User)

Aggregations

User (amu.zhcet.data.user.User)28 UserNotFoundException (amu.zhcet.data.user.UserNotFoundException)7 AccessDeniedException (org.springframework.security.access.AccessDeniedException)7 GetMapping (org.springframework.web.bind.annotation.GetMapping)7 PostMapping (org.springframework.web.bind.annotation.PostMapping)5 Transactional (javax.transaction.Transactional)3 PasswordValidationException (amu.zhcet.auth.password.PasswordValidationException)2 Notification (amu.zhcet.notification.Notification)2 Async (org.springframework.scheduling.annotation.Async)2 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)2 Auditor (amu.zhcet.auth.Auditor)1 PasswordChange (amu.zhcet.auth.password.PasswordChange)1 PasswordReset (amu.zhcet.auth.password.PasswordReset)1 DuplicateEmailEvent (amu.zhcet.auth.verification.DuplicateEmailEvent)1 EmailVerifiedEvent (amu.zhcet.auth.verification.EmailVerifiedEvent)1 DuplicateException (amu.zhcet.common.error.DuplicateException)1 InvalidEmailException (amu.zhcet.common.error.InvalidEmailException)1 UserService (amu.zhcet.data.user.UserService)1 LinkMessage (amu.zhcet.email.LinkMessage)1 Avatar (amu.zhcet.storage.image.upload.Avatar)1