@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@RolesAllowed({ADMIN, USER})
public User modify(@NotNull User user) {
User existingUser = null;
if (sessionContext.isCallerInRole(USER) && !sessionContext.isCallerInRole(ADMIN)) {
existingUser = userFinder.findByLogin(sessionContext.getCallerPrincipal().getName());
if (!existingUser.getId().equals(user.getId())
|| !existingUser.getLogin().equals(user.getLogin())) {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
user.setActivated(existingUser.getActivated());
user.setDisabled(existingUser.getDisabled());
user.setActionToken(existingUser.getActionToken());
}
if (existingUser == null) {
existingUser = entityManager.find(User.class, user.getId());
}
checkNotNull(existingUser);
user.setPassword(existingUser.getPassword());
user.setCreationDate(existingUser.getCreationDate());
user.setRoles(existingUser.getRoles());
return entityManager.merge(user);
}
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@PermitAll
public User create(@NotNull User user) {
if (user.getId() != null) {
throw new WebApplicationException(Response.Status.BAD_REQUEST);
}
User userByLogin = userFinder.findByLogin(user.getLogin());
if (userByLogin != null) {
throw new WebApplicationException(Response.Status.CONFLICT);
}
final Address userAddress = user.getAddress();
if (userAddress != null) {
if (userAddress.getId() != null) {
throw new WebApplicationException(Response.Status.BAD_REQUEST);
}
if (!countryChecker.isAvailable(userAddress.getCountryIso3Code())) {
LOG.error("Country {} is not available", userAddress.getCountryIso3Code());
throw new WebApplicationException(Response.Status.BAD_REQUEST);
}
}
entityManager.persist(user);
Role userRole = roleFinder.findByName(RoleName.user);
user.setRoles(Sets.newHashSet(userRole));
user.setPassword(hashSha256Base64(user.getPassword()));
if (!sessionContext.isCallerInRole(ADMIN)) {
user.setActivated(false);
generateActionTokenAndSendMail(user, Mails.userRegistration);
}
return user;
}
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("/{userLogin}/password")
@PermitAll
public void resetPassword(
@NotNull @PathParam("userLogin") String userLogin,
@QueryParam("token") String token,
@NotNull String newPassword) {
User user;
if (sessionContext.isCallerInRole(ADMIN)) {
user = userFinder.findByLogin(userLogin);
} else if (sessionContext.isCallerInRole(USER)) {
user = userFinder.findByLogin(sessionContext.getCallerPrincipal().getName());
if (!userLogin.equals(user.getLogin())) {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
} else {
user = userFinder.findByLogin(userLogin);
if (user == null || !user.getActionToken().equals(UUID.fromString(token))) {
throw new WebApplicationException(Response.Status.NOT_FOUND);
}
user.setActionToken(null);
}
user.setPassword(hashSha256Base64(newPassword));
user.setActivated(true);
sendMail(user, Mails.userChangePassword);
}