Example 21 with ApiToken
use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenController method postJsonObject.
@PostMapping(consumes = "application/json")
@ResponseBody
public WebMessage postJsonObject(HttpServletRequest request) throws Exception {
final ApiToken apiToken = deserializeJsonEntity(request);
User user = currentUserService.getCurrentUser();
if (!aclService.canCreate(user, getEntityClass())) {
throw new CreateAccessDeniedException("You don't have the proper permissions to create this object.");
}
apiToken.getTranslations().clear();
// Validate input values is ok
validateBeforeCreate(apiToken);
// We only make personal access tokens for now
apiToken.setType(ApiTokenType.PERSONAL_ACCESS_TOKEN);
// Generate key and set default values
apiTokenService.initToken(apiToken);
// Save raw key to send in response
final String rawKey = apiToken.getKey();
// Hash the raw token key and overwrite value in the entity to persist
final String hashedKey = apiTokenService.hashKey(apiToken.getKey());
apiToken.setKey(hashedKey);
// Continue POST import as usual
MetadataImportParams params = importService.getParamsFromMap(contextService.getParameterValuesMap()).setImportReportMode(ImportReportMode.FULL).setUser(user).setImportStrategy(ImportStrategy.CREATE).addObject(apiToken);
final ObjectReport objectReport = importService.importMetadata(params).getFirstObjectReport();
final String uid = objectReport.getUid();
WebMessage webMessage = objectReport(objectReport);
if (webMessage.getStatus() == Status.OK) {
webMessage.setHttpStatus(HttpStatus.CREATED);
webMessage.setLocation(getSchema().getRelativeApiEndpoint() + "/" + uid);
// Set our custom web response object that includes the new
// generated key.
webMessage.setResponse(new ApiTokenCreationResponse(objectReport, rawKey));
} else {
webMessage.setStatus(Status.ERROR);
}
return webMessage;
}
Also used :
CurrentUser(org.hisp.dhis.user.CurrentUser)
User(org.hisp.dhis.user.User)
MetadataImportParams(org.hisp.dhis.dxf2.metadata.MetadataImportParams)
CreateAccessDeniedException(org.hisp.dhis.hibernate.exception.CreateAccessDeniedException)
ApiToken(org.hisp.dhis.security.apikey.ApiToken)
ObjectReport(org.hisp.dhis.feedback.ObjectReport)
WebMessage(org.hisp.dhis.dxf2.webmessage.WebMessage)
PostMapping(org.springframework.web.bind.annotation.PostMapping)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
Aggregations
ApiToken (org.hisp.dhis.security.apikey.ApiToken)21
Test (org.junit.jupiter.api.Test)17
DhisControllerConvenienceTest (org.hisp.dhis.webapi.DhisControllerConvenienceTest)13
JsonApiToken (org.hisp.dhis.webapi.json.domain.JsonApiToken)13
DhisControllerWithApiTokenAuthTest (org.hisp.dhis.webapi.DhisControllerWithApiTokenAuthTest)4
JsonUser (org.hisp.dhis.webapi.json.domain.JsonUser)3
User (org.hisp.dhis.user.User)2
MetadataImportParams (org.hisp.dhis.dxf2.metadata.MetadataImportParams)1
WebMessage (org.hisp.dhis.dxf2.webmessage.WebMessage)1
ObjectReport (org.hisp.dhis.feedback.ObjectReport)1
CreateAccessDeniedException (org.hisp.dhis.hibernate.exception.CreateAccessDeniedException)1
JsonObject (org.hisp.dhis.jsontree.JsonObject)1
CurrentUser (org.hisp.dhis.user.CurrentUser)1
PostMapping (org.springframework.web.bind.annotation.PostMapping)1
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)1
