use of com.infiniteautomation.mango.rest.latest.model.user.UserModel in project ma-modules-public by infiniteautomation.
the class LoginRestController method exitSwitchUser.
/**
* The actual authentication for the exit user occurs in the core by the SwitchUserFilter,
* by the time this end point is actually reached the user is either already authenticated or not
* The Spring Security authentication success handler forwards the request here
*
* Ensure that the URLs in MangoSecurityConfiguration are changed if you change the @RequestMapping value
*/
@ApiOperation(value = "Exit Switch User", notes = "Used to switch User using POST")
@RequestMapping(method = RequestMethod.POST, value = "/exit-su")
public ResponseEntity<UserModel> exitSwitchUser(@AuthenticationPrincipal User user, HttpServletRequest request, HttpServletResponse response) throws IOException {
AuthenticationException ex = (AuthenticationException) request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
if (ex != null) {
// return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
response.sendError(HttpStatus.UNAUTHORIZED.value(), ex.getMessage());
return null;
}
if (user == null) {
return new ResponseEntity<>(HttpStatus.OK);
} else {
LoginUriInfo info = pageResolver.getDefaultUriInfo(request, response, user);
response.setHeader(LOGIN_DEFAULT_URI_HEADER, info.getUri());
response.setHeader(LOGIN_LAST_UPGRADE_HEADER, Long.toString(installedModulesDao.lastUpgradeTime().toEpochMilli() / 1000));
if (info.isRequired())
response.setHeader(LOGIN_DEFAULT_URI_REQUIRED_HEADER, Boolean.TRUE.toString());
return new ResponseEntity<>(new UserModel(user), HttpStatus.OK);
}
}
use of com.infiniteautomation.mango.rest.latest.model.user.UserModel in project ma-modules-public by infiniteautomation.
the class LoginRestController method loginPost.
/**
* <p>The actual authentication for the login occurs in the core, by the time this
* end point is actually reached the user is either already authenticated or not.
* The Spring Security authentication success handler forwards the request here.</p>
*
* <p>Authentication exceptions are re-thrown and mapped to rest bodies in {@link com.infiniteautomation.mango.rest.latest.exception.RestExceptionHandler MangoSpringExceptionHandler}</p>
*
* <p>Ensure that the URLs in MangoSecurityConfiguration are changed if you change the @RequestMapping value</p>
*/
@ApiOperation(value = "Login", notes = "Used to login using POST and JSON credentials")
@RequestMapping(method = RequestMethod.POST)
@AnonymousAccess
public ResponseEntity<UserModel> loginPost(@AuthenticationPrincipal User user, HttpServletRequest request, HttpServletResponse response) {
AuthenticationException ex = (AuthenticationException) request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
if (ex != null) {
throw ex;
}
if (user == null) {
return new ResponseEntity<>(HttpStatus.OK);
} else {
LoginUriInfo info = pageResolver.getDefaultUriInfo(request, response, user);
response.setHeader(LOGIN_DEFAULT_URI_HEADER, info.getUri());
response.setHeader(LOGIN_LAST_UPGRADE_HEADER, Long.toString(installedModulesDao.lastUpgradeTime().toEpochMilli() / 1000));
if (info.isRequired())
response.setHeader(LOGIN_DEFAULT_URI_REQUIRED_HEADER, Boolean.TRUE.toString());
return new ResponseEntity<>(new UserModel(user), HttpStatus.OK);
}
}
use of com.infiniteautomation.mango.rest.latest.model.user.UserModel in project ma-modules-public by infiniteautomation.
the class LoginRestController method switchUser.
/**
* The actual authentication for the switch user occurs in the core by the SwitchUserFilter,
* by the time this end point is actually reached the user is either already authenticated or not
* The Spring Security authentication success handler forwards the request here
*
* Ensure that the URLs in MangoSecurityConfiguration are changed if you change the @RequestMapping value
*/
@ApiOperation(value = "Switch User", notes = "Used to switch User using GET")
@RequestMapping(method = RequestMethod.POST, value = "/su")
public ResponseEntity<UserModel> switchUser(@ApiParam(value = "Username to switch to", required = true, allowMultiple = false) @RequestParam(required = true) String username, @AuthenticationPrincipal User user, HttpServletRequest request, HttpServletResponse response) throws IOException {
AuthenticationException ex = (AuthenticationException) request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
if (ex != null) {
// TODO
// return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
response.sendError(HttpStatus.UNAUTHORIZED.value(), ex.getMessage());
return null;
}
if (user == null) {
return new ResponseEntity<>(HttpStatus.OK);
} else {
LoginUriInfo info = pageResolver.getDefaultUriInfo(request, response, user);
response.setHeader(LOGIN_DEFAULT_URI_HEADER, info.getUri());
response.setHeader(LOGIN_LAST_UPGRADE_HEADER, Long.toString(installedModulesDao.lastUpgradeTime().toEpochMilli() / 1000));
if (info.isRequired())
response.setHeader(LOGIN_DEFAULT_URI_REQUIRED_HEADER, Boolean.TRUE.toString());
return new ResponseEntity<>(new UserModel(user), HttpStatus.OK);
}
}
use of com.infiniteautomation.mango.rest.latest.model.user.UserModel in project ma-modules-public by infiniteautomation.
the class PasswordResetController method systemSetup.
@ApiOperation(value = "Change admin password and set system locale, system timezone", notes = "Superadmin permission required")
@RequestMapping(method = RequestMethod.POST, value = "/system-setup")
@PreAuthorize("isPasswordAuthenticated()")
public ResponseEntity<UserModel> systemSetup(HttpServletRequest request, @RequestBody SystemSetupRequest body) {
body.ensureValid();
User update = passwordResetService.systemSetup(body.getPassword(), body.getSystemSettings());
sessionRegistry.userUpdated(request, update);
return new ResponseEntity<UserModel>(new UserModel(update), HttpStatus.OK);
}
use of com.infiniteautomation.mango.rest.latest.model.user.UserModel in project ma-modules-public by infiniteautomation.
the class UserRestController method updateUser.
@ApiOperation(value = "Update User", notes = "Admin or Update Self only", response = UserModel.class)
@RequestMapping(method = RequestMethod.PUT, value = "/{username}")
public ResponseEntity<UserModel> updateUser(@PathVariable String username, @ApiParam(value = "User", required = true) @RequestBody UserModel model, @AuthenticationPrincipal PermissionHolder user, HttpServletRequest request, UriComponentsBuilder builder, Authentication authentication) {
User existing = service.get(username);
User currentUser = user.getUser();
if (currentUser != null && existing.getId() == currentUser.getId() && !(authentication instanceof UsernamePasswordAuthenticationToken))
throw new PermissionException(new TranslatableMessage("rest.error.usernamePasswordOnly"), user);
User update = service.update(existing.getId(), model.toVO());
sessionRegistry.userUpdated(request, update);
URI location = builder.path("/users/{username}").buildAndExpand(update.getUsername()).toUri();
HttpHeaders headers = new HttpHeaders();
headers.setLocation(location);
return new ResponseEntity<>(new UserModel(update), headers, HttpStatus.OK);
}
Aggregations