Search in sources :

Example 21 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenController method postJsonObject.

@PostMapping(consumes = "application/json")
@ResponseBody
public WebMessage postJsonObject(HttpServletRequest request) throws Exception {
    final ApiToken apiToken = deserializeJsonEntity(request);
    User user = currentUserService.getCurrentUser();
    if (!aclService.canCreate(user, getEntityClass())) {
        throw new CreateAccessDeniedException("You don't have the proper permissions to create this object.");
    }
    apiToken.getTranslations().clear();
    // Validate input values is ok
    validateBeforeCreate(apiToken);
    // We only make personal access tokens for now
    apiToken.setType(ApiTokenType.PERSONAL_ACCESS_TOKEN);
    // Generate key and set default values
    apiTokenService.initToken(apiToken);
    // Save raw key to send in response
    final String rawKey = apiToken.getKey();
    // Hash the raw token key and overwrite value in the entity to persist
    final String hashedKey = apiTokenService.hashKey(apiToken.getKey());
    apiToken.setKey(hashedKey);
    // Continue POST import as usual
    MetadataImportParams params = importService.getParamsFromMap(contextService.getParameterValuesMap()).setImportReportMode(ImportReportMode.FULL).setUser(user).setImportStrategy(ImportStrategy.CREATE).addObject(apiToken);
    final ObjectReport objectReport = importService.importMetadata(params).getFirstObjectReport();
    final String uid = objectReport.getUid();
    WebMessage webMessage = objectReport(objectReport);
    if (webMessage.getStatus() == Status.OK) {
        webMessage.setHttpStatus(HttpStatus.CREATED);
        webMessage.setLocation(getSchema().getRelativeApiEndpoint() + "/" + uid);
        // Set our custom web response object that includes the new
        // generated key.
        webMessage.setResponse(new ApiTokenCreationResponse(objectReport, rawKey));
    } else {
        webMessage.setStatus(Status.ERROR);
    }
    return webMessage;
}
Also used : CurrentUser(org.hisp.dhis.user.CurrentUser) User(org.hisp.dhis.user.User) MetadataImportParams(org.hisp.dhis.dxf2.metadata.MetadataImportParams) CreateAccessDeniedException(org.hisp.dhis.hibernate.exception.CreateAccessDeniedException) ApiToken(org.hisp.dhis.security.apikey.ApiToken) ObjectReport(org.hisp.dhis.feedback.ObjectReport) WebMessage(org.hisp.dhis.dxf2.webmessage.WebMessage) PostMapping(org.springframework.web.bind.annotation.PostMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Aggregations

ApiToken (org.hisp.dhis.security.apikey.ApiToken)21 Test (org.junit.jupiter.api.Test)17 DhisControllerConvenienceTest (org.hisp.dhis.webapi.DhisControllerConvenienceTest)13 JsonApiToken (org.hisp.dhis.webapi.json.domain.JsonApiToken)13 DhisControllerWithApiTokenAuthTest (org.hisp.dhis.webapi.DhisControllerWithApiTokenAuthTest)4 JsonUser (org.hisp.dhis.webapi.json.domain.JsonUser)3 User (org.hisp.dhis.user.User)2 MetadataImportParams (org.hisp.dhis.dxf2.metadata.MetadataImportParams)1 WebMessage (org.hisp.dhis.dxf2.webmessage.WebMessage)1 ObjectReport (org.hisp.dhis.feedback.ObjectReport)1 CreateAccessDeniedException (org.hisp.dhis.hibernate.exception.CreateAccessDeniedException)1 JsonObject (org.hisp.dhis.jsontree.JsonObject)1 CurrentUser (org.hisp.dhis.user.CurrentUser)1 PostMapping (org.springframework.web.bind.annotation.PostMapping)1 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)1