Example 1 with JSONUtil
use of gemma.gsec.util.JSONUtil in project Gemma by PavlidisLab.
the class UserFormMultiActionController method editUser.
/**
* Entry point for updates.
*/
@RequestMapping("/editUser.html")
public void editUser(HttpServletRequest request, HttpServletResponse response) throws Exception {
String email = request.getParameter("email");
String password = request.getParameter("password");
String passwordConfirm = request.getParameter("passwordConfirm");
String oldPassword = request.getParameter("oldpassword");
/*
* I had this idea we could let users change their user names, but this turns out to be a PITA.
*/
String originalUserName = request.getParameter("username");
String jsonText = null;
JSONUtil jsonUtil = new JSONUtil(request, response);
try {
/*
* Pulling username out of security context to ensure users are logged in and can only update themselves.
*/
String username = SecurityContextHolder.getContext().getAuthentication().getName();
if (!username.equals(originalUserName)) {
throw new RuntimeException("You must be logged in to edit your profile.");
}
UserDetailsImpl user = (UserDetailsImpl) userManager.loadUserByUsername(username);
boolean changed = false;
if (StringUtils.isNotBlank(email) && !user.getEmail().equals(email)) {
if (!EmailValidator.getInstance().isValid(email)) {
jsonText = "{success:false,message:'The email address does not look valid'}";
jsonUtil.writeToResponse(jsonText);
return;
}
user.setEmail(email);
changed = true;
}
if (password.length() > 0) {
if (!StringUtils.equals(password, passwordConfirm)) {
throw new RuntimeException("Passwords do not match.");
}
String encryptedPassword = passwordEncoder.encodePassword(password, user.getUsername());
userManager.changePassword(oldPassword, encryptedPassword);
}
if (changed) {
userManager.updateUser(user);
}
saveMessage(request, "Changes saved.");
jsonText = "{success:true}";
} catch (Exception e) {
log.error(e.getLocalizedMessage());
jsonText = jsonUtil.getJSONErrorMessage(e);
log.info(jsonText);
} finally {
jsonUtil.writeToResponse(jsonText);
}
}
Also used :
UserDetailsImpl(gemma.gsec.authentication.UserDetailsImpl)
JSONUtil(gemma.gsec.util.JSONUtil)
IOException(java.io.IOException)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 2 with JSONUtil
use of gemma.gsec.util.JSONUtil in project Gemma by PavlidisLab.
the class UserFormMultiActionController method loadUser.
/**
* AJAX entry point. Loads a user.
*/
@RequestMapping("/loadUser.html")
public void loadUser(HttpServletRequest request, HttpServletResponse response) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
boolean isAuthenticated = authentication.isAuthenticated();
if (!isAuthenticated) {
log.error("User not authenticated. Cannot populate user data.");
return;
}
Object o = authentication.getPrincipal();
String username;
if (o instanceof UserDetails) {
username = ((UserDetails) o).getUsername();
} else {
username = o.toString();
}
User user = userManager.findByUserName(username);
JSONUtil jsonUtil = new JSONUtil(request, response);
String jsonText = null;
try {
if (user == null) {
// this shouldn't happen.
jsonText = "{success:false,message:'No user with name " + username + "}";
} else {
jsonText = "{success:true, data:{username:" + "\"" + username + "\"" + ",email:" + "\"" + user.getEmail() + "\"" + "}}";
}
} catch (Exception e) {
jsonText = "{success:false,message:" + e.getLocalizedMessage() + "}";
} finally {
try {
jsonUtil.writeToResponse(jsonText);
} catch (IOException e) {
e.printStackTrace();
}
}
}
Also used :
UserDetails(org.springframework.security.core.userdetails.UserDetails)
User(gemma.gsec.model.User)
JSONUtil(gemma.gsec.util.JSONUtil)
Authentication(org.springframework.security.core.Authentication)
IOException(java.io.IOException)
IOException(java.io.IOException)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 3 with JSONUtil
use of gemma.gsec.util.JSONUtil in project Gemma by PavlidisLab.
the class SignupController method signup.
/*
* Used when a user signs themselves up.
*/
@RequestMapping(value = "/signup.html", method = RequestMethod.POST)
public void signup(HttpServletRequest request, HttpServletResponse response) throws Exception {
JSONUtil jsonUtil = new JSONUtil(request, response);
String jsonText = null;
String password = request.getParameter("password");
String cPass = request.getParameter("passwordConfirm");
if (reCaptcha.isPrivateKeySet()) {
if (!reCaptcha.validateRequest(request).isValid()) {
jsonText = "{success:false,message:'Captcha was not entered correctly.'}";
jsonUtil.writeToResponse(jsonText);
return;
}
} else {
log.warn("No recaptcha private key is configured, skipping validation");
}
if (password.length() < UserFormMultiActionController.MIN_PASSWORD_LENGTH || !password.equals(cPass)) {
jsonText = "{success:false,message:'Password was not valid or didn't match'}";
jsonUtil.writeToResponse(jsonText);
return;
}
String username = request.getParameter("username");
String encodedPassword = passwordEncoder.encodePassword(password, username);
String email = request.getParameter("email");
String cEmail = request.getParameter("emailConfirm");
/*
* Validate that it is a valid email....this regex adapted from extjs; a word possibly containing '-', '+' or
* '.', following by '@', followed by up to 5 chunks separated by '.', finally a 2-4 letter alphabetic suffix.
*/
if (!email.matches("^(\\w+)([-+.][\\w]+)*@(\\w[-\\w]*\\.){1,5}([A-Za-z]){2,4}$") || !email.equals(cEmail)) {
jsonText = "{success:false,message:'Email was not valid or didn't match'}";
jsonUtil.writeToResponse(jsonText);
return;
}
String key = userManager.generateSignupToken(username);
Date now = new Date();
UserDetailsImpl u = new UserDetailsImpl(encodedPassword, username, false, null, email, key, now);
try {
userManager.createUser(u);
sendSignupConfirmationEmail(request, u);
jsonText = "{success:true}";
} catch (Exception e) {
/*
* Most common cause: user exists already.
*/
log.error(e, e);
jsonText = jsonUtil.getJSONErrorMessage(e);
log.info(jsonText);
} finally {
jsonUtil.writeToResponse(jsonText);
}
}
Also used :
UserDetailsImpl(gemma.gsec.authentication.UserDetailsImpl)
JSONUtil(gemma.gsec.util.JSONUtil)
Date(java.util.Date)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 4 with JSONUtil
use of gemma.gsec.util.JSONUtil in project Gemma by PavlidisLab.
the class SignupController method ajaxLoginCheck.
@RequestMapping(value = "/ajaxLoginCheck.html")
public void ajaxLoginCheck(HttpServletRequest request, HttpServletResponse response) throws Exception {
JSONUtil jsonUtil = new JSONUtil(request, response);
String jsonText = "{success:false}";
String userName;
try {
if (userManager.loggedIn()) {
userName = userManager.getCurrentUsername();
jsonText = "{success:true,user:\'" + userName + "\',isAdmin:" + SecurityUtil.isUserAdmin() + "}";
} else {
jsonText = "{success:false}";
}
} catch (Exception e) {
log.error(e, e);
jsonText = jsonUtil.getJSONErrorMessage(e);
log.info(jsonText);
} finally {
jsonUtil.writeToResponse(jsonText);
}
}
Also used :
JSONUtil(gemma.gsec.util.JSONUtil)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 5 with JSONUtil
use of gemma.gsec.util.JSONUtil in project Gemma by PavlidisLab.
the class UserFormMultiActionController method resetPassword.
/**
* Resets the password to a random alphanumeric (of length MIN_PASSWORD_LENGTH).
*/
@RequestMapping("/resetPassword.html")
public void resetPassword(HttpServletRequest request, HttpServletResponse response) {
if (log.isDebugEnabled()) {
log.debug("entering 'resetPassword' method...");
}
String email = request.getParameter("email");
String username = request.getParameter("username");
JSONUtil jsonUtil = new JSONUtil(request, response);
String txt;
String jsonText = null;
/* look up the user's information and reset password. */
try {
/* make sure the email and username has been sent */
if (StringUtils.isEmpty(email) || StringUtils.isEmpty(username)) {
txt = "Email or username not specified. These are required fields.";
log.warn(txt);
throw new RuntimeException(txt);
}
/* Change the password. */
String pwd = RandomStringUtils.randomAlphanumeric(UserFormMultiActionController.MIN_PASSWORD_LENGTH).toLowerCase();
String token = userManager.changePasswordForUser(email, username, passwordEncoder.encodePassword(pwd, username));
sendResetConfirmationEmail(request, token, username, pwd, email);
jsonText = "{success:true}";
} catch (Exception e) {
log.error(e, e);
jsonText = jsonUtil.getJSONErrorMessage(e);
} finally {
try {
jsonUtil.writeToResponse(jsonText);
} catch (IOException e) {
e.printStackTrace();
}
}
}
Also used :
JSONUtil(gemma.gsec.util.JSONUtil)
IOException(java.io.IOException)
IOException(java.io.IOException)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Aggregations
JSONUtil (gemma.gsec.util.JSONUtil)5
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)5
IOException (java.io.IOException)3
UserDetailsImpl (gemma.gsec.authentication.UserDetailsImpl)2
User (gemma.gsec.model.User)1
Date (java.util.Date)1
Authentication (org.springframework.security.core.Authentication)1
UserDetails (org.springframework.security.core.userdetails.UserDetails)1
