Search in sources :

Example 1 with OnRecoveryKeyGeneratedEvent

use of won.owner.web.events.OnRecoveryKeyGeneratedEvent in project webofneeds by researchstudio-sat.

the class RestUserController method changePassword.

/**
 * Changes the user's password
 *
 * @param changePasswordPojo password changing data
 * @param errors
 * @return ResponseEntity with Http Status Code
 */
@ResponseBody
@RequestMapping(value = "/changePassword", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
// TODO: move transactionality annotation into the service layer
@Transactional(propagation = Propagation.REQUIRED)
public ResponseEntity changePassword(@RequestBody ChangePasswordPojo changePasswordPojo, Errors errors, HttpServletRequest request, HttpServletResponse response) {
    logger.debug("processing request to /changePassword");
    String username = SecurityContextHolder.getContext().getAuthentication().getName();
    if (username == null) {
        return generateStatusResponse(RestStatusResponse.USER_NOT_SIGNED_IN);
    }
    if (!username.equals(changePasswordPojo.getUsername())) {
        return generateStatusResponse(RestStatusResponse.USERNAME_MISMATCH);
    }
    try {
        passwordChangeValidator.validate(changePasswordPojo, errors);
        if (errors.hasErrors()) {
            if (errors.getFieldErrorCount() > 0) {
                return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_BAD_PASSWORD);
            } else {
                // username is not found
                return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_USER_NOT_FOUND);
            }
        }
        User user = userService.changePassword(changePasswordPojo.getUsername(), changePasswordPojo.getNewPassword(), changePasswordPojo.getOldPassword());
        eventPublisher.publishEvent(new OnPasswordChangedEvent(user, request.getLocale(), request.getContextPath()));
        String recoveryKey = userService.generateRecoveryKey(changePasswordPojo.getUsername(), changePasswordPojo.getNewPassword());
        eventPublisher.publishEvent(new OnRecoveryKeyGeneratedEvent(user, recoveryKey));
        return generateUserResponse(user);
    } catch (IncorrectPasswordException e) {
        return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_WRONG_OLD_PASSWORD);
    } catch (UserNotFoundException e) {
        return generateStatusResponse(RestStatusResponse.USER_NOT_FOUND);
    } catch (KeyStoreIOException e) {
        return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_KEYSTORE_PROBLEM);
    }
}
Also used : OnRecoveryKeyGeneratedEvent(won.owner.web.events.OnRecoveryKeyGeneratedEvent) UserNotFoundException(won.owner.service.impl.UserNotFoundException) KeyStoreIOException(won.owner.model.KeyStoreIOException) User(won.owner.model.User) OnPasswordChangedEvent(won.owner.web.events.OnPasswordChangedEvent) IncorrectPasswordException(won.owner.service.impl.IncorrectPasswordException) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) Transactional(org.springframework.transaction.annotation.Transactional)

Example 2 with OnRecoveryKeyGeneratedEvent

use of won.owner.web.events.OnRecoveryKeyGeneratedEvent in project webofneeds by researchstudio-sat.

the class RestUserController method registerUser.

/**
 * registers user
 *
 * @param user registration data of a user
 * @param errors
 * @return ResponseEntity with Http Status Code
 */
@ResponseBody
@RequestMapping(value = "/", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
// TODO: move transactionality annotation into the service layer
@Transactional(propagation = Propagation.REQUIRED)
public ResponseEntity registerUser(@RequestBody UserPojo user, Errors errors, WebRequest request) {
    logger.debug("processing POST request to / (registers user)");
    try {
        userRegisterValidator.validate(user, errors);
        if (errors.hasErrors()) {
            if (errors.getFieldErrorCount() > 0) {
                // someone trying to go around js validation
                return generateStatusResponse(RestStatusResponse.SIGNUP_FAILED);
            } else {
                // username is already in database
                return generateStatusResponse(RestStatusResponse.USER_ALREADY_EXISTS);
            }
        }
        User createdUser = userService.registerUser(user.getUsername(), user.getPassword(), null, user.getPrivateId());
        if (!createdUser.isAnonymous() && !createdUser.isEmailVerified()) {
            eventPublisher.publishEvent(new OnRegistrationCompleteEvent(createdUser, request.getLocale(), request.getContextPath()));
            String recoveryKey;
            try {
                recoveryKey = userService.generateRecoveryKey(user.getUsername(), user.getPassword());
                eventPublisher.publishEvent(new OnRecoveryKeyGeneratedEvent(createdUser, recoveryKey));
            } catch (UserNotFoundException e) {
                return generateStatusResponse(RestStatusResponse.RECOVERY_KEYGEN_USER_NOT_FOUND);
            } catch (IncorrectPasswordException e) {
                return generateStatusResponse(RestStatusResponse.RECOVERY_KEYGEN_WRONG_PASSWORD);
            }
        }
    } catch (UserAlreadyExistsException e) {
        // username is already in database
        return generateStatusResponse(RestStatusResponse.USER_ALREADY_EXISTS);
    }
    return generateStatusResponse(RestStatusResponse.USER_CREATED);
}
Also used : OnRecoveryKeyGeneratedEvent(won.owner.web.events.OnRecoveryKeyGeneratedEvent) UserNotFoundException(won.owner.service.impl.UserNotFoundException) User(won.owner.model.User) IncorrectPasswordException(won.owner.service.impl.IncorrectPasswordException) OnRegistrationCompleteEvent(won.owner.web.events.OnRegistrationCompleteEvent) UserAlreadyExistsException(won.owner.service.impl.UserAlreadyExistsException) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) Transactional(org.springframework.transaction.annotation.Transactional)

Example 3 with OnRecoveryKeyGeneratedEvent

use of won.owner.web.events.OnRecoveryKeyGeneratedEvent in project webofneeds by researchstudio-sat.

the class RestUserController method resetPassword.

/**
 * Resets the user's password using the recovery key.
 *
 * @param resetPasswordPojo password changing data
 * @param errors
 * @return ResponseEntity with Http Status Code
 */
@ResponseBody
@RequestMapping(value = "/resetPassword", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
// TODO: move transactionality annotation into the service layer
@Transactional(propagation = Propagation.REQUIRED)
public ResponseEntity resetPassword(@RequestBody ResetPasswordPojo resetPasswordPojo, Errors errors, HttpServletRequest request, HttpServletResponse response) {
    logger.debug("processing request to /resetPassword");
    try {
        resetPasswordValidator.validate(resetPasswordPojo, errors);
        if (errors.hasErrors()) {
            if (errors.getFieldErrorCount() > 0) {
                return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_BAD_PASSWORD);
            } else {
                // username is not found
                return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_USER_NOT_FOUND);
            }
        }
        User user = userService.useRecoveryKey(resetPasswordPojo.getUsername(), resetPasswordPojo.getNewPassword(), resetPasswordPojo.getRecoveryKey());
        eventPublisher.publishEvent(new OnPasswordChangedEvent(user, request.getLocale(), request.getContextPath()));
        String recoveryKey = userService.generateRecoveryKey(resetPasswordPojo.getUsername(), resetPasswordPojo.getNewPassword());
        eventPublisher.publishEvent(new OnRecoveryKeyGeneratedEvent(user, recoveryKey));
        return generateUserResponse(user);
    } catch (IncorrectPasswordException e) {
        return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_WRONG_OLD_PASSWORD);
    } catch (UserNotFoundException e) {
        return generateStatusResponse(RestStatusResponse.USER_NOT_FOUND);
    } catch (KeyStoreIOException e) {
        return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_KEYSTORE_PROBLEM);
    }
}
Also used : OnRecoveryKeyGeneratedEvent(won.owner.web.events.OnRecoveryKeyGeneratedEvent) UserNotFoundException(won.owner.service.impl.UserNotFoundException) KeyStoreIOException(won.owner.model.KeyStoreIOException) User(won.owner.model.User) OnPasswordChangedEvent(won.owner.web.events.OnPasswordChangedEvent) IncorrectPasswordException(won.owner.service.impl.IncorrectPasswordException) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) Transactional(org.springframework.transaction.annotation.Transactional)

Example 4 with OnRecoveryKeyGeneratedEvent

use of won.owner.web.events.OnRecoveryKeyGeneratedEvent in project webofneeds by researchstudio-sat.

the class RestUserController method transferUser.

/**
 * transfers a privateId user to a registered user
 *
 * @param errors
 * @return ResponseEntity with Http Status Code
 */
@ResponseBody
@RequestMapping(value = "/transfer", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
@Transactional(propagation = Propagation.REQUIRED)
public ResponseEntity transferUser(@RequestBody TransferUserPojo transferUserPojo, Errors errors, WebRequest request) {
    logger.debug("processing request to /transfer");
    String username = SecurityContextHolder.getContext().getAuthentication().getName();
    // cannot use user object from context since hw doesn't know about created in
    // this session atom,
    // therefore, we have to retrieve the user object from the user repository
    User user = userService.getByUsername(username);
    if (user == null && !transferUserPojo.getPrivateUsername().equals(user.getUsername())) {
        return generateStatusResponse(RestStatusResponse.USERNAME_MISMATCH);
    }
    try {
        userRegisterValidator.validate(transferUserPojo, errors);
        if (errors.hasErrors()) {
            if (errors.getFieldErrorCount() > 0) {
                // someone trying to go around js validation
                return generateStatusResponse(RestStatusResponse.SIGNUP_FAILED);
            } else {
                // username is already in database
                return generateStatusResponse(RestStatusResponse.USER_ALREADY_EXISTS);
            }
        }
        User transferUser = userService.transferUser(transferUserPojo.getUsername(), transferUserPojo.getPassword(), transferUserPojo.getPrivateUsername(), transferUserPojo.getPrivatePassword());
        if (!transferUser.isEmailVerified()) {
            eventPublisher.publishEvent(new OnRegistrationCompleteEvent(transferUser, request.getLocale(), request.getContextPath()));
            String recoveryKey;
            try {
                recoveryKey = userService.generateRecoveryKey(transferUserPojo.getUsername(), transferUserPojo.getPassword());
                eventPublisher.publishEvent(new OnRecoveryKeyGeneratedEvent(transferUser, recoveryKey));
            } catch (UserNotFoundException e) {
                return generateStatusResponse(RestStatusResponse.RECOVERY_KEYGEN_USER_NOT_FOUND);
            } catch (IncorrectPasswordException e) {
                return generateStatusResponse(RestStatusResponse.RECOVERY_KEYGEN_WRONG_PASSWORD);
            }
        }
    } catch (UserAlreadyExistsException e) {
        // username is already in database
        return generateStatusResponse(RestStatusResponse.USER_ALREADY_EXISTS);
    } catch (UserNotFoundException e) {
        return generateStatusResponse(RestStatusResponse.TRANSFERUSER_NOT_FOUND);
    }
    return generateStatusResponse(RestStatusResponse.USER_TRANSFERRED);
}
Also used : OnRecoveryKeyGeneratedEvent(won.owner.web.events.OnRecoveryKeyGeneratedEvent) UserNotFoundException(won.owner.service.impl.UserNotFoundException) User(won.owner.model.User) IncorrectPasswordException(won.owner.service.impl.IncorrectPasswordException) OnRegistrationCompleteEvent(won.owner.web.events.OnRegistrationCompleteEvent) UserAlreadyExistsException(won.owner.service.impl.UserAlreadyExistsException) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

Transactional (org.springframework.transaction.annotation.Transactional)4 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)4 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)4 User (won.owner.model.User)4 IncorrectPasswordException (won.owner.service.impl.IncorrectPasswordException)4 UserNotFoundException (won.owner.service.impl.UserNotFoundException)4 OnRecoveryKeyGeneratedEvent (won.owner.web.events.OnRecoveryKeyGeneratedEvent)4 KeyStoreIOException (won.owner.model.KeyStoreIOException)2 UserAlreadyExistsException (won.owner.service.impl.UserAlreadyExistsException)2 OnPasswordChangedEvent (won.owner.web.events.OnPasswordChangedEvent)2 OnRegistrationCompleteEvent (won.owner.web.events.OnRegistrationCompleteEvent)2