Examples with User com.sanctionco.thunder.models.User used on opensource projects

Example 26 with User

use of com.sanctionco.thunder.models.User in project thunder by RohanNagar.

the class VerificationResource method sendEmail.

/**
 * Sends an email message to the given email address. The email message will contain
 * a custom URL that can be called to verify the email address. This method will update the user
 * in the database to include the generated verification token.
 *
 * @param uriInfo the HTTP metadata of the incoming request
 * @param response the async response object used to notify that the operation has completed
 * @param auth the auth principal required to access the resource
 * @param email the message recipient's email address
 * @param password the user's password
 *
 * @see VerificationResource#verifyEmail(AsyncResponse, String, String, ResponseType)
 */
@POST
@Metered(name = "send-email-requests")
@SwaggerAnnotations.Methods.Email
public void sendEmail(@Context UriInfo uriInfo, @Suspended AsyncResponse response, @Parameter(hidden = true) @Auth Principal auth, @Parameter(hidden = true) @QueryParam("email") String email, @Parameter(hidden = true) @HeaderParam("password") String password) {
    requestOptions.setTimeout(response, sendEmailTimeoutCounter);
    try {
        requestValidator.validate(password, email, false);
    } catch (RequestValidationException e) {
        response.resume(e.response(email));
        return;
    }
    LOG.info("Attempting to send verification email to user {}", email);
    usersDao.findByEmail(email).thenApply(user -> {
        // Check that the supplied password is correct for the user's account
        requestValidator.verifyPasswordHeader(password, user.getPassword());
        // Generate the unique verification token
        String token = generateVerificationToken();
        // Update the user's verification token
        return new User(new Email(user.getEmail().getAddress(), false, token), user.getPassword(), user.getProperties());
    }).thenCompose(user -> usersDao.update(user.getEmail().getAddress(), user)).thenCompose(result -> {
        // Build the verification URL
        String verificationUrl = uriInfo.getBaseUriBuilder().path("/verify").queryParam("email", result.getEmail().getAddress()).queryParam("token", result.getEmail().getVerificationToken()).queryParam("response_type", "html").build().toString();
        LOG.info("Built verification URL {}", verificationUrl);
        // Send the email to the user's email address
        return emailService.sendVerificationEmail(result.getEmail(), verificationUrl).thenApply(success -> {
            if (!success) {
                LOG.error("Error sending email to address {}", result.getEmail().getAddress());
                throw new ThunderException("An error occurred while attempting to send email.");
            }
            return result;
        });
    }).whenComplete((result, throwable) -> {
        if (Objects.isNull(throwable)) {
            LOG.info("Successfully sent verification email to user {}.", email);
            response.resume(Response.ok(result).build());
        } else {
            LOG.error("Error sending email to {}. Caused by: {}", email, throwable.getMessage());
            response.resume(ThunderException.responseFromThrowable(throwable, email));
        }
    });
}

Example 27 with User

use of com.sanctionco.thunder.models.User in project thunder by RohanNagar.

the class VerificationResource method verifyEmail.

/**
 * Verifies the given email, marking it as verified in the database if the token matches the
 * stored verification token. Depending on the given response type, the method will either return
 * a response that contains the updated verified user or will redirect to an HTML success page.
 *
 * @param response the async response object used to notify that the operation has completed
 * @param email the email to verify
 * @param token the verification token associated with the email
 * @param responseType the type of object to include in the HTTP response. Either JSON or HTML.
 *
 * @see VerificationResource#sendEmail(UriInfo, AsyncResponse, Principal, String, String)
 * @see VerificationResource#getSuccessHtml()
 */
@GET
@Metered(name = "verify-email-requests")
@SwaggerAnnotations.Methods.Verify
public void verifyEmail(@Suspended AsyncResponse response, @Parameter(hidden = true) @QueryParam("email") String email, @Parameter(hidden = true) @QueryParam("token") String token, @Parameter(hidden = true) @QueryParam("response_type") @DefaultValue("json") ResponseType responseType) {
    requestOptions.setTimeout(response, verifyTimeoutCounter);
    try {
        requestValidator.validate(token, email, true);
    } catch (RequestValidationException e) {
        response.resume(e.response(email));
        return;
    }
    LOG.info("Attempting to verify email {}", email);
    usersDao.findByEmail(email).thenApply(user -> {
        String verificationToken = user.getEmail().getVerificationToken();
        if (verificationToken == null || verificationToken.isEmpty()) {
            LOG.warn("Tried to read null or empty verification token");
            throw RequestValidationException.tokenNotSet("Bad value found for user verification token.");
        }
        if (!token.equals(verificationToken)) {
            LOG.warn("User provided verification token does not match DB verification token.");
            throw RequestValidationException.incorrectToken("Incorrect verification token.");
        }
        // Create the verified user
        return new User(user.getEmail().verifiedCopy(), user.getPassword(), user.getProperties());
    }).thenCompose(updatedUser -> usersDao.update(email, updatedUser)).whenComplete((result, throwable) -> {
        if (Objects.isNull(throwable)) {
            LOG.info("Successfully verified email {}.", email);
            if (responseType.equals(ResponseType.JSON)) {
                LOG.info("Returning JSON in the response.");
                response.resume(Response.ok(result).build());
            } else {
                LOG.info("Redirecting to /verify/success in order to return HTML.");
                URI uri = UriBuilder.fromUri("/verify/success").build();
                response.resume(Response.seeOther(uri).build());
            }
        } else {
            LOG.error("Error verifying email {}. Caused by: {}", email, throwable.getMessage());
            response.resume(ThunderException.responseFromThrowable(throwable, email));
        }
    });
}

Example 28 with User

use of com.sanctionco.thunder.models.User in project thunder by RohanNagar.

the class DynamoDbUsersDao method insert.

@Override
public CompletableFuture<User> insert(User user) {
    Objects.requireNonNull(user);
    long now = Instant.now().toEpochMilli();
    Map<String, AttributeValue> item = Map.of("email", AttributeValue.builder().s(user.getEmail().getAddress()).build(), "id", AttributeValue.builder().s(UUID.randomUUID().toString()).build(), "version", AttributeValue.builder().s(UUID.randomUUID().toString()).build(), "creation_time", AttributeValue.builder().n(String.valueOf(now)).build(), "update_time", AttributeValue.builder().n(String.valueOf(now)).build(), "document", AttributeValue.builder().s(UsersDao.toJson(mapper, user)).build());
    PutItemRequest putItemRequest = PutItemRequest.builder().tableName(tableName).item(item).expected(Collections.singletonMap("email", ExpectedAttributeValue.builder().exists(false).build())).build();
    return dynamoDbClient.putItem(putItemRequest).thenApply(response -> user.withTime(now, now)).exceptionally(throwable -> {
        throw convertToDatabaseException(throwable.getCause(), user.getEmail().getAddress());
    });
}

Example 29 with User

use of com.sanctionco.thunder.models.User in project thunder by RohanNagar.

the class UserResourceTest method create_shouldHashUserPassword.

@Test
void create_shouldHashUserPassword() {
    // Setup the test object
    var hashService = mock(HashService.class);
    when(hashService.hash(anyString())).thenReturn("hashedpassword");
    var resource = new UserResource(usersDao, OPTIONS, validator, hashService, METRICS);
    // Setup captors and expected values
    var asyncResponse = mock(AsyncResponse.class);
    var captor = ArgumentCaptor.forClass(Response.class);
    var insertCaptor = ArgumentCaptor.forClass(User.class);
    var expectedUser = new User(Email.unverified("test@test.com"), "hashedpassword", Collections.emptyMap());
    when(usersDao.insert(insertCaptor.capture())).thenReturn(CompletableFuture.completedFuture(expectedUser));
    resource.postUser(asyncResponse, key, USER);
    verify(asyncResponse, timeout(100).times(1)).resume(captor.capture());
    User result = (User) captor.getValue().getEntity();
    assertAll("Assert successful user creation and password hash", () -> assertEquals(Response.Status.CREATED, captor.getValue().getStatusInfo()), () -> assertEquals("hashedpassword", insertCaptor.getValue().getPassword()), () -> assertNotEquals("password", result.getPassword()), () -> assertEquals(expectedUser, result));
}

Example 30 with User

use of com.sanctionco.thunder.models.User in project thunder by RohanNagar.

the class UserResourceTest method testUpdateUserServerSideHashNoPasswordChange.

@Test
void testUpdateUserServerSideHashNoPasswordChange() {
    var hashService = HashAlgorithm.SHA256.newHashService(true, false);
    var validator = new RequestValidator(EMAIL_VALIDATOR, propertyValidator, hashService, true);
    var resource = new UserResource(usersDao, OPTIONS, validator, hashService, METRICS);
    // Set up the user that should already exist in the database
    var existingEmail = new Email("existing@test.com", true, "token");
    var existingUser = new User(existingEmail, "saltysaltysalt226cb4d24e21a9955515d52d6dc86449202f55f5b1463a800d2803cdda90298530", Collections.emptyMap());
    // Define the updated user with the same password
    var updatedUser = new User(new Email(existingEmail.getAddress(), true, "token"), // hashes to the above
    "password", Collections.singletonMap("ID", 80));
    // Expect that the password stays the same
    var expectedResponse = new User(new Email(updatedUser.getEmail().getAddress(), true, "token"), "saltysaltysalt226cb4d24e21a9955515d52d6dc86449202f55f5b1463a800d2803cdda90298530", updatedUser.getProperties());
    var userCaptor = ArgumentCaptor.forClass(User.class);
    var asyncResponse = mock(AsyncResponse.class);
    when(usersDao.findByEmail(existingEmail.getAddress())).thenReturn(CompletableFuture.completedFuture(existingUser));
    when(usersDao.update(eq(null), userCaptor.capture())).thenReturn(CompletableFuture.completedFuture(expectedResponse));
    resource.updateUser(asyncResponse, key, "password", null, updatedUser);
    var responseCaptor = ArgumentCaptor.forClass(Response.class);
    verify(asyncResponse, timeout(100).times(1)).resume(responseCaptor.capture());
    var result = (User) responseCaptor.getValue().getEntity();
    assertAll("Assert successful user update", () -> assertEquals(Response.Status.OK, responseCaptor.getValue().getStatusInfo()), () -> assertNotEquals("password", result.getPassword()), () -> assertEquals(expectedResponse, userCaptor.getValue()), () -> assertEquals(expectedResponse, result));
}