SysUserController.java
/*
* Copyright 2022 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.gringlobal.mvc.user;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.validator.routines.EmailValidator;
import org.genesys.blocks.oauth.model.OAuthClient;
import org.genesys.blocks.oauth.service.OAuthClientService;
import org.genesys.blocks.security.NoUserFoundException;
import org.genesys.blocks.security.UserException;
import org.genesys.blocks.security.service.PasswordPolicy.PasswordPolicyException;
import org.gringlobal.api.exception.InvalidApiUsageException;
import org.gringlobal.model.SysUser;
import org.gringlobal.service.EMailVerificationService;
import org.gringlobal.service.TemplatingService;
import org.gringlobal.service.TokenVerificationService;
import org.gringlobal.service.UserService;
/*
* Copyright 2022 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Optional;
@Controller
@RequestMapping("/sysuser")
@Slf4j
public class SysUserController {
@Value("${default.oauthclient.clientId}")
private String defaultOAuthClientId;
@Autowired
private OAuthClientService oauthClientService;
@Autowired
private UserService userService;
@Autowired
private EMailVerificationService eMailVerificationService;
private final EmailValidator emailValidator = EmailValidator.getInstance();
@Value("${base.url}")
private String baseUrl;
@GetMapping("/password/reset")
public String resetPassword() {
return "/user/reset";
}
@PostMapping(value = "/password/reset")
public String resetPassword(HttpServletRequest request, @RequestParam("email") String email) throws UserException {
if (!emailValidator.isValid(email)) {
log.warn("Invalid email provided: {}", email);
request.setAttribute("error", "Invalid email provided");
return "/user/reset";
}
String referer = request.getHeader("Referer");
OAuthClient client = oauthClientService.loadClientByClientId(defaultOAuthClientId);
Optional<String> origin = client.getAllowedOrigins().stream().filter(referer::startsWith).findFirst();
if (origin.isEmpty()) {
log.warn("Invalid origin provided for: {}", referer);
throw new InvalidApiUsageException("Provided origin is not allowed: " + referer);
}
try {
final SysUser user = userService.loadSysUserByEmail(email);
// if (!user.isAccountNonLocked()) {
// LOG.warn("Password for locked user accounts can't be reset!");
// throw new UserException("Password for locked user accounts can't be reset!");
// }
if (!user.isEnabled()) {
log.warn("Password for disabled user accounts can't be reset!");
request.setAttribute("error", "Password for disabled user accounts can't be reset!");
return "/user/reset";
}
eMailVerificationService.sendPasswordResetEmail(email, user.getUsername(), TemplatingService.PASSWORD_USER_RESET, origin.get());
return "/user/reset-sent";
} catch (UsernameNotFoundException | NoUserFoundException e) {
request.setAttribute("error", "No such user!");
return "/user/reset";
}
}
@GetMapping(value = "/password/update/{tokenUuid:.+}", params = { "key" })
public String updatePassword(@PathVariable("tokenUuid") String tokenUuid, @RequestParam(value = "key") String key, HttpServletRequest request) {
request.setAttribute("tokenUuid", tokenUuid);
request.setAttribute("key", key);
return "/user/password-update";
}
@PostMapping(value = "/password/update/{tokenUuid:.+}", params = { "key", "password" })
public String updatePassword(@PathVariable("tokenUuid") String tokenUuid, HttpServletRequest request,
@RequestParam(value = "key") String key, @RequestParam("password") String password) throws IOException, UserException {
try {
eMailVerificationService.changeSysUserPassword(tokenUuid, key, password, baseUrl);
return "redirect:/login";
} catch (final TokenVerificationService.NoSuchVerificationTokenException e) {
request.setAttribute("error", "No such verification token!");
return updatePassword(tokenUuid, key, request);
} catch (TokenVerificationService.TokenExpiredException e) {
request.setAttribute("error", "Your token expired!");
return updatePassword(tokenUuid, key, request);
} catch (PasswordPolicyException e) {
request.setAttribute("error", e.getMessage());
return updatePassword(tokenUuid, key, request);
}
}
@GetMapping("/password/reset/{tokenUuid:.+}/cancel")
public String cancelPasswordReset(@PathVariable("tokenUuid") String tokenUuid) throws Exception {
eMailVerificationService.cancelPasswordReset(tokenUuid);
return "redirect:/login";
}
}