@RequestMapping(
value = "/user/{LOCALID}/delete",
method = RequestMethod.GET,
produces = MediaType.APPLICATION_JSON_VALUE)
@Timed
public ResponseEntity<DeleteUserIdResponseDTO> deleteUser(@PathVariable("LOCALID") String localID)
throws ApplicationNotFoundException, LocalIdMissingException {
log.debug("REST DELETE_ID START. localid [{}]", localID);
String currentLogin = SecurityUtils.getCurrentLogin();
Application application = applicationRepository.findOneByApplicationID(currentLogin);
if (application == null) {
throw new ApplicationNotFoundException(currentLogin);
}
Person person = personRepository.findOneByLocalID(localID);
if (person == null) {
throw new LocalIdMissingException();
}
orcidService.deleteUser(person);
DeleteUserIdResponseDTO response = new DeleteUserIdResponseDTO();
response.setResultCode(ResultCode.SUCCESS.getCode());
return new ResponseEntity<DeleteUserIdResponseDTO>(response, HttpStatus.OK);
}
@RequestMapping(value = "/oauth/finish", method = RequestMethod.GET)
@Timed
public void oauthUserFinish(
HttpServletRequest request,
HttpServletResponse response,
@RequestParam(value = "code", required = false) String code,
@RequestParam(value = "state", required = false) String state,
@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "error_description", required = false) String errorDescription)
throws IOException, JAXBException, RelPersonApplicationNotFoundException,
InterruptedException {
log.debug(
"REST OAUTHFINISH START. code [{}],state/relId [{}],error [{}], error_description [{}]",
code,
state,
error,
errorDescription);
RelPersonApplication relPersonApplication =
relPersonApplicationRepository.findOne(new Long(state));
if ((relPersonApplication == null) || (relPersonApplication.getValid() != null)) {
String relPersonApplicationId = "-1";
if (relPersonApplication != null)
relPersonApplicationId = relPersonApplication.getId().toString();
throw new RelPersonApplicationNotFoundException(relPersonApplicationId);
}
Application application = relPersonApplication.getApplication();
Person person = relPersonApplication.getPerson();
Token token = relPersonApplication.getToken();
// invalido token
if (token.getDateUsed() == null) {
token.setDateUsed(DateTime.now());
tokenRepository.save(token);
}
if (error != null) {
log.info(
"REST OAUTHFINISH {}. localId [{}],appId [{}],error [{}], error_description [{}]",
error,
person.getLocalID(),
application.getApplicationID(),
error,
errorDescription);
if (error.equals("access_denied")) {
relPersonApplication.setDenied(true);
relPersonApplication.setDateDenied(DateTime.now());
relPersonApplication.setValid(true);
} else {
relPersonApplication.setValid(false);
}
relPersonApplication.setErrorDescription(error);
relPersonApplication.setDateReleased(DateTime.now());
relPersonApplicationRepository.save(relPersonApplication);
} else {
String callBackUrl = getCallbackOrcidURL(request);
OrcidOAuthClient clientOrcid =
new OrcidOAuthClient(
application.getApplicationID(),
application.getApplicationSecret(),
callBackUrl,
orcidApiType);
log.info(
"REST OAUTHFINISH REQUEST ACCESSTOKEN. localId [{}],appId [{}], appSecret [{}]. orcidApiType [{}]",
person.getLocalID(),
application.getApplicationID(),
application.getApplicationSecret(),
orcidApiType);
OrcidAccessToken tokenOrcid = clientOrcid.getAccessToken(code);
log.info(
"REST OAUTHFINISH ACCESSTOKEN RELEASED. localId [{}],appId [{}],accessToken [{}], orcid [{}]",
person.getLocalID(),
application.getApplicationID(),
tokenOrcid.getAccess_token(),
tokenOrcid.getOrcid());
relPersonApplication.setDateReleased(DateTime.now());
relPersonApplication.setOauthAccessToken(tokenOrcid.getAccess_token());
relPersonApplication.setValid(true);
relPersonApplication.setDenied(false);
if ((person.getOrcid() == null)
|| ((tokenOrcid.getOrcid() != null)
&& (!person.getOrcid().equals(tokenOrcid.getOrcid())))) {
person.setOrcid(tokenOrcid.getOrcid());
person.setOrcidReleaseDate(DateTime.now());
}
relPersonApplicationRepository.save(relPersonApplication);
personRepository.save(person);
// async
orcidService.sendNotify(relPersonApplication);
}
List<RelPersonApplication> listApplicationAuth =
relPersonApplicationRepository.findAllByTokenIsAndValidIsNull(token);
if (listApplicationAuth.size() > 0) {
Application applicationAuthorize = listApplicationAuth.get(0).getApplication();
String callBackUrl = getCallbackOrcidURL(request);
OrcidOAuthClient clientOrcid =
new OrcidOAuthClient(
applicationAuthorize.getApplicationID(),
applicationAuthorize.getApplicationSecret(),
callBackUrl,
orcidApiType);
List<OrcidAuthScope> orcidScopes = clientOrcid.getListAllScope();
String urlToRedirect =
clientOrcid.getAuthzCodeRegisterRequest(
listApplicationAuth.get(0).getId().toString(),
orcidScopes,
person.getFirstName(),
person.getLastName(),
person.getEmail());
log.debug(
"REST OAUTHFINISH REDIRECT TO APP. listApp [{}], appId [{}], token [{}], urlRedirect [{}]",
listApplicationAuth.size(),
applicationAuthorize.getApplicationID(),
listApplicationAuth.get(0).getToken().getOtt(),
urlToRedirect);
response.sendRedirect(urlToRedirect);
} else {
String urlToRedirect = token.getUrlCallback();
if ((urlToRedirect == null) || (urlToRedirect.isEmpty())) {
Application appRequest = token.getApplication();
urlToRedirect = appRequest.getUrlCallback();
}
if (urlToRedirect.contains("?")) urlToRedirect = urlToRedirect + "&";
else urlToRedirect = urlToRedirect + "?";
urlToRedirect = urlToRedirect + "ott=" + token.getOtt();
RelPersonApplication resultRel =
relPersonApplicationRepository.findOneByPersonIsAndApplicationIsAndTokenIs(
token.getPerson(), token.getApplication(), token);
String resultCode = null;
if ((resultRel != null)
&& (resultRel.getValid())
&& ((resultRel.getDenied() == null) || (resultRel.getDenied() == false))) {
resultCode = "001";
} else if (resultRel.getDenied()) {
resultCode = ResultCode.ERROR_USER_DENIED.getCode();
} else {
resultCode = ResultCode.ERROR_ORCID_FOR_USER_MISSING.getCode();
}
urlToRedirect = urlToRedirect + "&result-code=" + resultCode;
log.debug(
"REST OAUTHFINISH FINISH. token [{}], urlToRedirect: [{}], resultCode [{}]",
token.getOtt(),
urlToRedirect,
resultCode);
response.sendRedirect(urlToRedirect);
}
return;
}
@RequestMapping(
value = "/user/{LOCALID}/ticket",
method = RequestMethod.POST,
produces = MediaType.APPLICATION_JSON_VALUE)
@Timed
public ResponseEntity<GetTicketResponseDTO> getTicket(
@RequestBody GetTicketRequestDTO jsonGetTicket, @PathVariable("LOCALID") String localID)
throws ApplicationNotFoundException, LocalIDDifferentException, LocalIdMissingException,
ApplicationIdMissingException, ApplicationlIDDifferentException,
OrgIdIsOnlyForPublicAppException, OrgIdIsMissingException {
log.debug("REST GETTICKET START. localid [{}], appid [{}]", localID, jsonGetTicket.getAppId());
checkGetTicketInput(localID, jsonGetTicket);
Application application =
applicationRepository.findOneByApplicationID(jsonGetTicket.getAppId());
if (application == null) {
throw new ApplicationNotFoundException(jsonGetTicket.getAppId());
}
Person person = personRepository.findOneByLocalID(localID);
if (person == null) {
// create new person
person = new Person();
person.setLocalID(localID);
}
// update persona name surname mail
if (jsonGetTicket.getFirstname() != null && !jsonGetTicket.getFirstname().isEmpty())
person.setFirstName(jsonGetTicket.getFirstname());
if (jsonGetTicket.getLastname() != null && !jsonGetTicket.getLastname().isEmpty())
person.setLastName(jsonGetTicket.getLastname());
if (jsonGetTicket.getMail() != null && !jsonGetTicket.getMail().isEmpty())
person.setEmail(jsonGetTicket.getMail());
personRepository.save(person);
if ((jsonGetTicket.getOrgId() != null)
&& (!jsonGetTicket.getOrgId().isEmpty())
&& (!application.getAllOrg())) {
// if app isn't for all org must not specify org-id
throw new OrgIdIsOnlyForPublicAppException(application.getApplicationID());
} else if (application.getAllOrg()
&& ((jsonGetTicket.getOrgId() == null) || (jsonGetTicket.getOrgId().isEmpty()))) {
// if app is for all org must specify org-id
throw new OrgIdIsMissingException(application.getApplicationID());
}
// create token
Token token = new Token();
token.setApplication(application);
token.setPerson(person);
token.setOrgUnit(jsonGetTicket.getOrgId());
token.setUrlCallback(jsonGetTicket.getUrlCallback());
token.setDateReleased(DateTime.now());
tokenRepository.save(token);
token.setOtt(generateTokenData(token.getId().toString()));
tokenRepository.save(token);
// search if person-app have an access-token
RelPersonApplication relPersonApplication =
relPersonApplicationRepository.findOneByPersonIsAndApplicationIsAndLastIsTrue(
person, application);
String orcid = person.getOrcid();
String apiKey = null;
GetTicketResponseDTO response = new GetTicketResponseDTO();
response.setToken(token.getOtt());
if ((relPersonApplication != null)
&& ((relPersonApplication.getDenied() == null)
|| (relPersonApplication.getDenied() == false))) {
apiKey = relPersonApplication.getOauthAccessToken();
response.setOrcidAccessToken(apiKey);
}
response.setOrcid(person.getOrcid());
if ((orcid != null) && (apiKey != null)) response.setResultCode(ResultCode.SUCCESS.getCode());
else response.setResultCode(ResultCode.SUCCESS_ALREADY_EXISTS.getCode());
log.info(
"REST GETTICKET NEW TICKET.appid [{}], localid [{}], token [{}], resultCode [{}]",
jsonGetTicket.getAppId(),
localID,
token.getOtt(),
response.getResultCode());
log.debug(
"REST GETTICKET END. localid [{}], token [{}], resultCode [{}]",
localID,
token.getOtt(),
response.getResultCode());
return new ResponseEntity<GetTicketResponseDTO>(response, HttpStatus.OK);
}