MeController.java

/*
 * Copyright 2019 Global Crop Diversity Trust
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.gringlobal.api.v1.impl;

import lombok.extern.slf4j.Slf4j;
import org.genesys.blocks.oauth.model.OAuthClient;
import org.genesys.blocks.oauth.service.OAuthClientService;
import org.gringlobal.api.exception.InvalidApiUsageException;
import org.gringlobal.api.v1.ApiBaseController;
import org.gringlobal.model.SysUser;
import org.gringlobal.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;

@RestController("meApi1")
@RequestMapping(MeController.API_URL)
@PreAuthorize("isAuthenticated() && (hasRole('USER') || hasRole('ADMINISTRATOR'))") // Don't allow OAuth clients here
@Tag(name = "Profile")
@Slf4j
public class MeController extends ApiBaseController {

	/** The Constant API_URL. */
	public static final String API_URL = ApiBaseController.APIv1_BASE + "/me";

	@Autowired
	private UserService userService;

	@Autowired
	private OAuthClientService oauthClientService;

	@Autowired
	@Qualifier("soapPasswordEncoder")
	private PasswordEncoder soapPasswordEncoder;

	/**
	 * Gets the profile.
	 *
	 * @return the profile
	 */
	@PreAuthorize("isAuthenticated()") // Available for OAuth clients
	@GetMapping(value = "/user")
	@Operation(summary = "Get current user")
	public SysUser getProfile() {
		final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
		if (authentication instanceof AbstractOAuth2TokenAuthenticationToken<?>) {
			var oauthAuth = (AbstractOAuth2TokenAuthenticationToken<?>) authentication;
			if (oauthAuth != null) {
				final SysUser currentUser = (SysUser) oauthAuth.getPrincipal();
				return userService.loadUserByUsername(currentUser.getUsername());
			}
		}
		// This is added for unit test support
		if (authentication instanceof UsernamePasswordAuthenticationToken) {
			final SysUser currentUser = (SysUser) authentication.getPrincipal();
			return userService.loadUserByUsername(currentUser.getUsername());
		}
		throw new InvalidApiUsageException("Not using user authentication");
	}

	@GetMapping(value = "/client")
	@Operation(summary = "Get current client")
	public OAuthClient getClient() {
		final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
		if (authentication instanceof AbstractOAuth2TokenAuthenticationToken<?>) {
			var oauthAuth = (AbstractOAuth2TokenAuthenticationToken<?>) authentication;
//			if (oauthAuth.isClientOnly()) {
				log.debug("OAuth client-only authentication: {}", oauthAuth);
				final Object principal = oauthAuth.getPrincipal();
				log.debug("OAuth client-only principal: {} {}", principal.getClass(), principal);
				return oauthClientService.getClient(oauthAuth.getName());
//			}
		}
		throw new InvalidApiUsageException("Not using client authentication");
	}

	/**
	 * Change password.
	 *
	 * @param oldPassword the old password
	 * @param newPassword the new password
	 * @return the string
	 */
	@PostMapping(value = "/password")
	@Operation(summary = "Change own password")
	public ResponseEntity<HttpStatus> changePassword(@RequestParam(name = "old", required = true) final String oldPassword,
			@RequestParam(name = "new", required = true) final String newPassword) throws Exception {

		final SysUser currentUser = getProfile();

		if (soapPasswordEncoder.matches(oldPassword, currentUser.getPassword())) {
			userService.setPassword(currentUser, newPassword);
			return ResponseEntity.ok().build();
		} else {
			throw new InvalidApiUsageException("The current password is not valid.");
		}
	}

}
Created with JaCoCo 0.8.11.202310140853