/** POST /account -> update the current user information. */
 @RequestMapping(
     value = "/account",
     method = RequestMethod.POST,
     produces = MediaType.APPLICATION_JSON_VALUE)
 @Timed
 public ResponseEntity<String> saveAccount(@RequestBody UserDTO userDTO) {
   Optional<User> existingUser = userRepository.findOneByEmail(userDTO.getEmail());
   if (existingUser.isPresent()
       && (!existingUser.get().getLogin().equalsIgnoreCase(userDTO.getLogin()))) {
     return ResponseEntity.badRequest()
         .headers(
             HeaderUtil.createFailureAlert(
                 "user-management", "emailexists", "Email already in use"))
         .body(null);
   }
   return userRepository
       .findOneByLogin(SecurityUtils.getCurrentUser().getUsername())
       .map(
           u -> {
             userService.updateUserInformation(
                 userDTO.getFirstName(),
                 userDTO.getLastName(),
                 userDTO.getEmail(),
                 userDTO.getLangKey());
             return new ResponseEntity<String>(HttpStatus.OK);
           })
       .orElseGet(() -> new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR));
 }
 public void deleteUserInformation(String login) {
   userRepository
       .findOneByLogin(login)
       .ifPresent(
           u -> {
             userRepository.delete(u);
             log.debug("Deleted User: {}", u);
           });
 }
 /**
  * Not activated users should be automatically deleted after 3 days.
  *
  * <p>
  *
  * <p>This is scheduled to get fired everyday, at 01:00 (am).
  */
 @Scheduled(cron = "0 0 1 * * ?")
 public void removeNotActivatedUsers() {
   DateTime now = new DateTime();
   List<User> users =
       userRepository.findAllByActivatedIsFalseAndCreatedDateBefore(now.minusDays(3));
   for (User user : users) {
     log.debug("Deleting not activated user {}", user.getLogin());
     userRepository.delete(user);
   }
 }
Beispiel #4
0
 public void changePassword(String password) {
   userRepository
       .findOneByLogin(SecurityUtils.getCurrentUserLogin())
       .ifPresent(
           u -> {
             String encryptedPassword = passwordEncoder.encode(password);
             u.setPassword(encryptedPassword);
             userRepository.save(u);
             log.debug("Changed password for User: {}", u);
           });
 }
Beispiel #5
0
 public Optional<User> requestPasswordReset(String mail) {
   return userRepository
       .findOneByEmail(mail)
       .filter(user -> user.getActivated())
       .map(
           user -> {
             user.setResetKey(RandomUtil.generateResetKey());
             user.setResetDate(ZonedDateTime.now());
             userRepository.save(user);
             return user;
           });
 }
 public void updateUserInformation(
     String firstName, String lastName, String email, String langKey) {
   userRepository
       .findOneByLogin(SecurityUtils.getCurrentLogin())
       .ifPresent(
           u -> {
             u.setFirstName(firstName);
             u.setLastName(lastName);
             u.setEmail(email);
             u.setLangKey(langKey);
             userRepository.save(u);
             log.debug("Changed Information for User: {}", u);
           });
 }
 public Optional<User> activateRegistration(String key) {
   log.debug("Activating user for activation key {}", key);
   userRepository
       .findOneByActivationKey(key)
       .map(
           user -> {
             // activate given user for the registration key.
             user.setActivated(true);
             user.setActivationKey(null);
             userRepository.save(user);
             log.debug("Activated user: {}", user);
             return user;
           });
   return Optional.empty();
 }
  @Test
  @Transactional
  public void testRegisterAdminIsIgnored() throws Exception {
    UserDTO u =
        new UserDTO(
            "badguy", // login
            "password", // password
            "Bad", // firstName
            "Guy", // lastName
            "*****@*****.**", // e-mail
            true, // activated
            "en", // langKey
            new HashSet<>(
                Arrays.asList(
                    AuthoritiesConstants.ADMIN)) // <-- only admin should be able to do that
            );

    restMvc
        .perform(
            post("/api/register")
                .contentType(TestUtil.APPLICATION_JSON_UTF8)
                .content(TestUtil.convertObjectToJsonBytes(u)))
        .andExpect(status().isCreated());

    Optional<User> userDup = userRepository.findOneByLogin("badguy");
    assertThat(userDup.isPresent()).isTrue();
    assertThat(userDup.get().getAuthorities())
        .hasSize(1)
        .containsExactly(authorityRepository.findOne(AuthoritiesConstants.USER));
  }
 public User createUser(ManagedUserDTO managedUserDTO) {
   User user = new User();
   user.setLogin(managedUserDTO.getLogin());
   user.setFirstName(managedUserDTO.getFirstName());
   user.setLastName(managedUserDTO.getLastName());
   user.setEmail(managedUserDTO.getEmail());
   if (managedUserDTO.getLangKey() == null) {
     user.setLangKey("en"); // default language is English
   } else {
     user.setLangKey(managedUserDTO.getLangKey());
   }
   Set<Authority> authorities = new HashSet<>();
   managedUserDTO
       .getAuthorities()
       .stream()
       .forEach(authority -> authorities.add(authorityRepository.findOne(authority)));
   user.setAuthorities(authorities);
   String encryptedPassword = passwordEncoder.encode(RandomUtil.generatePassword());
   user.setPassword(encryptedPassword);
   user.setResetKey(RandomUtil.generateResetKey());
   user.setResetDate(ZonedDateTime.now());
   user.setActivated(true);
   userRepository.save(user);
   log.debug("Created Information for User: {}", user);
   return user;
 }
  @Override
  protected void onLoginSuccess(
      HttpServletRequest request,
      HttpServletResponse response,
      Authentication successfulAuthentication) {

    String login = successfulAuthentication.getName();

    log.debug("Creating new persistent login for user {}", login);
    PersistentToken token =
        userRepository
            .findOneByLogin(login)
            .map(
                u -> {
                  PersistentToken t = new PersistentToken();
                  t.setSeries(generateSeriesData());
                  t.setUser(u);
                  t.setTokenValue(generateTokenData());
                  t.setTokenDate(LocalDate.now());
                  t.setIpAddress(request.getRemoteAddr());
                  t.setUserAgent(request.getHeader("User-Agent"));
                  return t;
                })
            .orElseThrow(
                () ->
                    new UsernameNotFoundException(
                        "User " + login + " was not found in the database"));
    try {
      persistentTokenRepository.saveAndFlush(token);
      addCookie(token, request, response);
    } catch (DataAccessException e) {
      log.error("Failed to save persistent token ", e);
    }
  }
Beispiel #11
0
  public User createUserInformation(
      String login,
      String password,
      String firstName,
      String lastName,
      String email,
      String langKey) {

    User newUser = new User();
    Authority authority = authorityRepository.findOne("ROLE_USER");
    Set<Authority> authorities = new HashSet<>();
    String encryptedPassword = passwordEncoder.encode(password);
    newUser.setLogin(login);
    // new user gets initially a generated password
    newUser.setPassword(encryptedPassword);
    newUser.setFirstName(firstName);
    newUser.setLastName(lastName);
    newUser.setEmail(email);
    newUser.setLangKey(langKey);
    // new user is not active
    newUser.setActivated(false);
    // new user gets registration key
    newUser.setActivationKey(RandomUtil.generateActivationKey());
    authorities.add(authority);
    newUser.setAuthorities(authorities);
    userRepository.save(newUser);
    userSearchRepository.save(newUser);
    log.debug("Created Information for User: {}", newUser);
    return newUser;
  }
  /** POST /register -> register the user. */
  @RequestMapping(
      value = "/register",
      method = RequestMethod.POST,
      produces = MediaType.TEXT_PLAIN_VALUE)
  @Timed
  public ResponseEntity<?> registerAccount(
      @Valid @RequestBody UserDTO userDTO, HttpServletRequest request) {
    return userRepository
        .findOneByLogin(userDTO.getLogin())
        .map(user -> new ResponseEntity<>("login already in use", HttpStatus.BAD_REQUEST))
        .orElseGet(
            () ->
                userRepository
                    .findOneByEmail(userDTO.getEmail())
                    .map(
                        user ->
                            new ResponseEntity<>(
                                "e-mail address already in use", HttpStatus.BAD_REQUEST))
                    .orElseGet(
                        () -> {
                          User user =
                              userService.createUserInformation(
                                  userDTO.getLogin(),
                                  userDTO.getPassword(),
                                  userDTO.getFirstName(),
                                  userDTO.getLastName(),
                                  userDTO.getEmail().toLowerCase(),
                                  userDTO.getLangKey());
                          String baseUrl =
                              request.getScheme()
                                  + // "http"
                                  "://"
                                  + // "://"
                                  request.getServerName()
                                  + // "myhost"
                                  ":"
                                  + // ":"
                                  request.getServerPort()
                                  + // "80"
                                  request
                                      .getContextPath(); // "/myContextPath" or "" if deployed in
                                                         // root context

                          mailService.sendActivationEmail(user, baseUrl);
                          return new ResponseEntity<>(HttpStatus.CREATED);
                        }));
  }
 public Optional<User> getUserWithAuthoritiesByLogin(String login) {
   return userRepository
       .findOneByLogin(login)
       .map(
           u -> {
             u.getAuthorities().size();
             return u;
           });
 }
Beispiel #14
0
  public Optional<User> completePasswordReset(String newPassword, String key) {
    log.debug("Reset user password for reset key {}", key);

    return userRepository
        .findOneByResetKey(key)
        .filter(
            user -> {
              ZonedDateTime oneDayAgo = ZonedDateTime.now().minusHours(24);
              return user.getResetDate().isAfter(oneDayAgo);
            })
        .map(
            user -> {
              user.setPassword(passwordEncoder.encode(newPassword));
              user.setResetKey(null);
              user.setResetDate(null);
              userRepository.save(user);
              return user;
            });
  }
 /** GET /account/sessions -> get the current open sessions. */
 @RequestMapping(
     value = "/account/sessions",
     method = RequestMethod.GET,
     produces = MediaType.APPLICATION_JSON_VALUE)
 @Timed
 public ResponseEntity<List<PersistentToken>> getCurrentSessions() {
   return userRepository
       .findOneByLogin(SecurityUtils.getCurrentLogin())
       .map(
           user -> new ResponseEntity<>(persistentTokenRepository.findByUser(user), HttpStatus.OK))
       .orElse(new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR));
 }
  @Test
  @Transactional
  public void testRegisterDuplicateEmail() throws Exception {
    // Good
    UserDTO u =
        new UserDTO(
            "john", // login
            "password", // password
            "John", // firstName
            "Doe", // lastName
            "*****@*****.**", // e-mail
            true, // activated
            "en", // langKey
            new HashSet<>(Arrays.asList(AuthoritiesConstants.USER)));

    // Duplicate e-mail, different login
    UserDTO dup =
        new UserDTO(
            "johnjr",
            u.getPassword(),
            u.getLogin(),
            u.getLastName(),
            u.getEmail(),
            true,
            u.getLangKey(),
            u.getAuthorities());

    // Good user
    restMvc
        .perform(
            post("/api/register")
                .contentType(TestUtil.APPLICATION_JSON_UTF8)
                .content(TestUtil.convertObjectToJsonBytes(u)))
        .andExpect(status().isCreated());

    // Duplicate e-mail
    restMvc
        .perform(
            post("/api/register")
                .contentType(TestUtil.APPLICATION_JSON_UTF8)
                .content(TestUtil.convertObjectToJsonBytes(dup)))
        .andExpect(status().is4xxClientError());

    Optional<User> userDup = userRepository.findOneByLogin("johnjr");
    assertThat(userDup.isPresent()).isFalse();
  }
 /**
  * DELETE /account/sessions?series={series} -> invalidate an existing session.
  *
  * <p>- You can only delete your own sessions, not any other user's session - If you delete one of
  * your existing sessions, and that you are currently logged in on that session, you will still be
  * able to use that session, until you quit your browser: it does not work in real time (there is
  * no API for that), it only removes the "remember me" cookie - This is also true if you
  * invalidate your current session: you will still be able to use it until you close your browser
  * or that the session times out. But automatic login (the "remember me" cookie) will not work
  * anymore. There is an API to invalidate the current session, but there is no API to check which
  * session uses which cookie.
  */
 @RequestMapping(value = "/account/sessions/{series}", method = RequestMethod.DELETE)
 @Timed
 public void invalidateSession(@PathVariable String series) throws UnsupportedEncodingException {
   String decodedSeries = URLDecoder.decode(series, "UTF-8");
   userRepository
       .findOneByLogin(SecurityUtils.getCurrentLogin())
       .ifPresent(
           u -> {
             persistentTokenRepository
                 .findByUser(u)
                 .stream()
                 .filter(
                     persistentToken ->
                         StringUtils.equals(persistentToken.getSeries(), decodedSeries))
                 .findAny()
                 .ifPresent(t -> persistentTokenRepository.delete(decodedSeries));
           });
 }
 /** POST /account -> update the current user information. */
 @RequestMapping(
     value = "/account",
     method = RequestMethod.POST,
     produces = MediaType.APPLICATION_JSON_VALUE)
 @Timed
 public ResponseEntity<String> saveAccount(@RequestBody UserDTO userDTO) {
   return userRepository
       .findOneByLogin(userDTO.getLogin())
       .filter(u -> u.getLogin().equals(SecurityUtils.getCurrentLogin()))
       .map(
           u -> {
             userService.updateUserInformation(
                 userDTO.getFirstName(),
                 userDTO.getLastName(),
                 userDTO.getEmail(),
                 userDTO.getLangKey());
             return new ResponseEntity<String>(HttpStatus.OK);
           })
       .orElseGet(() -> new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR));
 }
  @Test
  @Transactional
  public void testRegisterValid() throws Exception {
    UserDTO u =
        new UserDTO(
            "joe", // login
            "password", // password
            "Joe", // firstName
            "Shmoe", // lastName
            "*****@*****.**", // e-mail
            true, // activated
            "en", // langKey
            new HashSet<>(Arrays.asList(AuthoritiesConstants.USER)));

    restMvc
        .perform(
            post("/api/register")
                .contentType(TestUtil.APPLICATION_JSON_UTF8)
                .content(TestUtil.convertObjectToJsonBytes(u)))
        .andExpect(status().isCreated());

    Optional<User> user = userRepository.findOneByLogin("joe");
    assertThat(user.isPresent()).isTrue();
  }
  @Test
  @Transactional
  public void testRegisterInvalidEmail() throws Exception {
    UserDTO u =
        new UserDTO(
            "bob", // login
            "password", // password
            "Bob", // firstName
            "Green", // lastName
            "invalid", // e-mail <-- invalid
            true, // activated
            "en", // langKey
            new HashSet<>(Arrays.asList(AuthoritiesConstants.USER)));

    restUserMockMvc
        .perform(
            post("/api/register")
                .contentType(TestUtil.APPLICATION_JSON_UTF8)
                .content(TestUtil.convertObjectToJsonBytes(u)))
        .andExpect(status().isBadRequest());

    Optional<User> user = userRepository.findOneByLogin("bob");
    assertThat(user.isPresent()).isFalse();
  }
 public User getUserWithAuthorities(String id) {
   User user = userRepository.findOne(id);
   user.getAuthorities().size(); // eagerly load the association
   return user;
 }
Beispiel #22
0
 @Transactional(readOnly = true)
 public User getUserWithAuthorities() {
   User user = userRepository.findOneByLogin(SecurityUtils.getCurrentUserLogin()).get();
   user.getAuthorities().size(); // eagerly load the association
   return user;
 }
Beispiel #23
0
 @Transactional(readOnly = true)
 public User getUserWithAuthorities(Long id) {
   User user = userRepository.findOne(id);
   user.getAuthorities().size(); // eagerly load the association
   return user;
 }