Examples with User - won.owner.model.User

Example 41 with User

use of won.owner.model.User in project webofneeds by researchstudio-sat.

the class RestUserController method transferUser.

/**
 * transfers a privateId user to a registered user
 *
 * @param errors
 * @return ResponseEntity with Http Status Code
 */
@ResponseBody
@RequestMapping(value = "/transfer", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
@Transactional(propagation = Propagation.REQUIRED)
public ResponseEntity transferUser(@RequestBody TransferUserPojo transferUserPojo, Errors errors, WebRequest request) {
    logger.debug("processing request to /transfer");
    String username = SecurityContextHolder.getContext().getAuthentication().getName();
    // cannot use user object from context since hw doesn't know about created in
    // this session atom,
    // therefore, we have to retrieve the user object from the user repository
    User user = userService.getByUsername(username);
    if (user == null && !transferUserPojo.getPrivateUsername().equals(user.getUsername())) {
        return generateStatusResponse(RestStatusResponse.USERNAME_MISMATCH);
    }
    try {
        userRegisterValidator.validate(transferUserPojo, errors);
        if (errors.hasErrors()) {
            if (errors.getFieldErrorCount() > 0) {
                // someone trying to go around js validation
                return generateStatusResponse(RestStatusResponse.SIGNUP_FAILED);
            } else {
                // username is already in database
                return generateStatusResponse(RestStatusResponse.USER_ALREADY_EXISTS);
            }
        }
        User transferUser = userService.transferUser(transferUserPojo.getUsername(), transferUserPojo.getPassword(), transferUserPojo.getPrivateUsername(), transferUserPojo.getPrivatePassword());
        if (!transferUser.isEmailVerified()) {
            eventPublisher.publishEvent(new OnRegistrationCompleteEvent(transferUser, request.getLocale(), request.getContextPath()));
            String recoveryKey;
            try {
                recoveryKey = userService.generateRecoveryKey(transferUserPojo.getUsername(), transferUserPojo.getPassword());
                eventPublisher.publishEvent(new OnRecoveryKeyGeneratedEvent(transferUser, recoveryKey));
            } catch (UserNotFoundException e) {
                return generateStatusResponse(RestStatusResponse.RECOVERY_KEYGEN_USER_NOT_FOUND);
            } catch (IncorrectPasswordException e) {
                return generateStatusResponse(RestStatusResponse.RECOVERY_KEYGEN_WRONG_PASSWORD);
            }
        }
    } catch (UserAlreadyExistsException e) {
        // username is already in database
        return generateStatusResponse(RestStatusResponse.USER_ALREADY_EXISTS);
    } catch (UserNotFoundException e) {
        return generateStatusResponse(RestStatusResponse.TRANSFERUSER_NOT_FOUND);
    }
    return generateStatusResponse(RestStatusResponse.USER_TRANSFERRED);
}

Also used : OnRecoveryKeyGeneratedEvent(won.owner.web.events.OnRecoveryKeyGeneratedEvent) UserNotFoundException(won.owner.service.impl.UserNotFoundException) User(won.owner.model.User) IncorrectPasswordException(won.owner.service.impl.IncorrectPasswordException) OnRegistrationCompleteEvent(won.owner.web.events.OnRegistrationCompleteEvent) UserAlreadyExistsException(won.owner.service.impl.UserAlreadyExistsException) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) Transactional(org.springframework.transaction.annotation.Transactional)

Example 42 with User

use of won.owner.model.User in project webofneeds by researchstudio-sat.

the class UserRegisterValidator method validate.

@Override
public void validate(final Object target, final Errors errors) {
    UserPojo user = (UserPojo) target;
    validator.validate(target, errors);
    if (user.getPassword().length() < 6) {
        errors.rejectValue("password", "passwordTooShort", "Password needs to be at least 6 Characters long");
    }
    if (errors.getFieldError("username") != null) {
        User userInDb = (User) wonUserDetailService.loadUserByUsername(user.getUsername());
        if (userInDb != null) {
            errors.reject("userIsAlreadyInDb", "Username already exists, please choose a different one");
        }
    }
}

Also used : User(won.owner.model.User) UserPojo(won.owner.pojo.UserPojo)

Example 43 with User

use of won.owner.model.User in project webofneeds by researchstudio-sat.

the class ResetPasswordValidator method validate.

@Override
public void validate(final Object target, final Errors errors) {
    ResetPasswordPojo changePasswordPojo = (ResetPasswordPojo) target;
    validator.validate(target, errors);
    if (changePasswordPojo.getNewPassword().length() < 6) {
        errors.rejectValue("newPassword", "passwordTooShort", "Password needs to be at least 6 Characters long");
    }
    if (errors.getFieldError("username") != null) {
        User userInDb = (User) wonUserDetailService.loadUserByUsername(changePasswordPojo.getUsername());
        if (userInDb == null) {
            errors.reject("userNotFound", "Username does not exist");
        }
    }
}

Also used : ResetPasswordPojo(won.owner.pojo.ResetPasswordPojo) User(won.owner.model.User)

Example 44 with User

use of won.owner.model.User in project webofneeds by researchstudio-sat.

the class UserService method useRecoveryKey.

/**
 * Uses the recoveryKey to unlock the keystore password, then generates a new
 * keystore password and if that all works, changes the user's password and
 * deletes the recovery key.
 */
@Transactional(propagation = Propagation.REQUIRED)
public User useRecoveryKey(String username, String newPassword, String recoveryKey) throws UserNotFoundException, KeyStoreIOException, IncorrectPasswordException {
    logger.debug("using recoery key to reset password for user {}", username);
    PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    User user = getByUsernameWithKeystorePassword(username);
    if (user == null) {
        throw new UserNotFoundException("cannot change password: user not found");
    }
    KeystorePasswordHolder keystorePasswordHolder = user.getRecoverableKeystorePasswordHolder();
    String oldKeystorePassword = keystorePasswordHolder.getPassword(recoveryKey);
    logger.debug("re-encrypting keystore for user {} with new keystore password", username);
    String newKeystorePassword = changeKeystorePassword(user, oldKeystorePassword);
    user.setKeystorePasswordHolder(keystorePasswordHolder);
    user.getKeystorePasswordHolder().setPassword(newKeystorePassword, newPassword);
    // everything has worked so far, now we can also change the user's password
    user.setPassword(passwordEncoder.encode(newPassword));
    // we delete the recoverable keystore key as it will no longer work
    user.setRecoverableKeystorePasswordHolder(null);
    save(user);
    logger.debug("password changed for user {}", username);
    // persistent logins won't work any more as we changed the keystore password, so
    // let's delete them
    persistentLoginRepository.deleteByUsername(username);
    return user;
}

Also used : User(won.owner.model.User) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) ExpensiveSecureRandomString(won.protocol.util.ExpensiveSecureRandomString) KeystorePasswordHolder(won.owner.model.KeystorePasswordHolder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) Transactional(org.springframework.transaction.annotation.Transactional)

Example 45 with User

use of won.owner.model.User in project webofneeds by researchstudio-sat.

the class UserService method transferUser.

/**
 * Transfers the specific user to a non existant new user with password and an
 * optional role.
 *
 * @param newEmail
 * @param newPassword
 * @param privateUsername
 * @param privatePassword
 * @param role
 * @throws UserAlreadyExistsException when the new User already exists
 * @throws won.owner.service.impl.UserNotFoundException when the private User is
 * not found
 */
public User transferUser(String newEmail, String newPassword, String privateUsername, String privatePassword, String role) throws UserAlreadyExistsException, UserNotFoundException {
    User user = getByUsername(newEmail);
    if (user != null) {
        throw new UserAlreadyExistsException();
    }
    try {
        PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        User privateUser = getByUsernameWithKeystorePassword(privateUsername);
        if (privateUser == null) {
            throw new UserNotFoundException();
        }
        // change the username/email and keystorpw holder
        privateUser.setUsername(newEmail);
        privateUser.setPassword(passwordEncoder.encode(newPassword));
        privateUser.setEmail(newEmail);
        privateUser.setEmailVerified(false);
        privateUser.setPrivateId(null);
        // transfer only available when flag is set therefore we can
        privateUser.setAcceptedTermsOfService(true);
        // this to true (i think)
        if (role != null) {
            privateUser.setRole(role);
        }
        KeystorePasswordHolder privateKeystorePassword = privateUser.getKeystorePasswordHolder();
        String keystorePassword = privateKeystorePassword.getPassword(privatePassword);
        // ************************************************
        KeystorePasswordHolder newKeystorePassword = new KeystorePasswordHolder();
        // generate a newPassword for the keystore and save it in the database,
        // encrypted with a symmetric key
        // derived from the user's new password
        newKeystorePassword.setPassword(keystorePassword, newPassword);
        privateUser.setKeystorePasswordHolder(newKeystorePassword);
        // we delete the recoverable keystore key as it will no longer work
        privateUser.setRecoverableKeystorePasswordHolder(null);
        save(privateUser);
        return privateUser;
    } catch (DataIntegrityViolationException e) {
        throw new UserAlreadyExistsException();
    }
}

Also used : User(won.owner.model.User) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) ExpensiveSecureRandomString(won.protocol.util.ExpensiveSecureRandomString) KeystorePasswordHolder(won.owner.model.KeystorePasswordHolder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException)

Aggregations

User (won.owner.model.User)47 Transactional (org.springframework.transaction.annotation.Transactional)19 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)18 URI (java.net.URI)17 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)15 KeystorePasswordHolder (won.owner.model.KeystorePasswordHolder)9 UserAtom (won.owner.model.UserAtom)8 BCryptPasswordEncoder (org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)7 PasswordEncoder (org.springframework.security.crypto.password.PasswordEncoder)7 Draft (won.owner.model.Draft)7 KeystoreHolder (won.owner.model.KeystoreHolder)6 URISyntaxException (java.net.URISyntaxException)5 Authentication (org.springframework.security.core.Authentication)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 Autowired (org.springframework.beans.factory.annotation.Autowired)4 CreateDraftPojo (won.owner.pojo.CreateDraftPojo)4 IncorrectPasswordException (won.owner.service.impl.IncorrectPasswordException)4 UserNotFoundException (won.owner.service.impl.UserNotFoundException)4 OnRecoveryKeyGeneratedEvent (won.owner.web.events.OnRecoveryKeyGeneratedEvent)4 ExpensiveSecureRandomString (won.protocol.util.ExpensiveSecureRandomString)4