Example #1
0
  @PUT
  @Consumes(MediaType.APPLICATION_JSON)
  @Produces(MediaType.APPLICATION_JSON)
  @RolesAllowed({ADMIN, USER})
  public User modify(@NotNull User user) {

    User existingUser = null;
    if (sessionContext.isCallerInRole(USER) && !sessionContext.isCallerInRole(ADMIN)) {
      existingUser = userFinder.findByLogin(sessionContext.getCallerPrincipal().getName());

      if (!existingUser.getId().equals(user.getId())
          || !existingUser.getLogin().equals(user.getLogin())) {
        throw new WebApplicationException(Response.Status.UNAUTHORIZED);
      }

      user.setActivated(existingUser.getActivated());
      user.setDisabled(existingUser.getDisabled());
      user.setActionToken(existingUser.getActionToken());
    }

    if (existingUser == null) {
      existingUser = entityManager.find(User.class, user.getId());
    }
    checkNotNull(existingUser);
    user.setPassword(existingUser.getPassword());
    user.setCreationDate(existingUser.getCreationDate());
    user.setRoles(existingUser.getRoles());
    return entityManager.merge(user);
  }
Example #2
0
 @POST
 @Consumes(MediaType.APPLICATION_JSON)
 @Produces(MediaType.APPLICATION_JSON)
 @Path("/{userLogin}/password")
 @PermitAll
 public void sendResetPasswordMail(@NotNull @PathParam("userLogin") String userLogin) {
   User user = userFinder.findByLogin(userLogin);
   if (user != null) {
     generateActionTokenAndSendMail(user, Mails.userResetPassword);
   } else {
     throw new WebApplicationException(Response.Status.NOT_FOUND);
   }
 }
Example #3
0
  @GET
  @Path("/current")
  @Produces(MediaType.APPLICATION_JSON)
  @RolesAllowed({ADMIN, ADMIN_READONLY, USER})
  public User findCurrentUser() {

    User user = userFinder.findByLogin(sessionContext.getCallerPrincipal().getName());

    if (user == null) {
      throw new WebApplicationException(Response.Status.NOT_FOUND);
    }

    return user;
  }
Example #4
0
  @PUT
  @Consumes(MediaType.APPLICATION_JSON)
  @Produces(MediaType.APPLICATION_JSON)
  @Path("/{userLogin}/password")
  @PermitAll
  public void resetPassword(
      @NotNull @PathParam("userLogin") String userLogin,
      @QueryParam("token") String token,
      @NotNull String newPassword) {

    User user;

    if (sessionContext.isCallerInRole(ADMIN)) {

      user = userFinder.findByLogin(userLogin);

    } else if (sessionContext.isCallerInRole(USER)) {

      user = userFinder.findByLogin(sessionContext.getCallerPrincipal().getName());

      if (!userLogin.equals(user.getLogin())) {
        throw new WebApplicationException(Response.Status.UNAUTHORIZED);
      }
    } else {
      user = userFinder.findByLogin(userLogin);

      if (user == null || !user.getActionToken().equals(UUID.fromString(token))) {
        throw new WebApplicationException(Response.Status.NOT_FOUND);
      }
      user.setActionToken(null);
    }

    user.setPassword(hashSha256Base64(newPassword));
    user.setActivated(true);
    sendMail(user, Mails.userChangePassword);
  }
Example #5
0
 @PUT
 @Consumes(MediaType.APPLICATION_JSON)
 @Produces(MediaType.APPLICATION_JSON)
 @Path("/{userLogin}")
 @PermitAll
 public void activate(@NotNull @PathParam("userLogin") String userLogin, @NotNull String token) {
   User user = userFinder.findByLogin(userLogin);
   if (user != null
       && user.getActionToken() != null
       && user.getActionToken().equals(UUID.fromString(token))) {
     user.setActivated(true);
     user.setActionToken(null);
   } else {
     throw new WebApplicationException(Response.Status.NOT_FOUND);
   }
 }
Example #6
0
  @POST
  @Consumes(MediaType.APPLICATION_JSON)
  @Produces(MediaType.APPLICATION_JSON)
  @PermitAll
  public User create(@NotNull User user) {

    if (user.getId() != null) {
      throw new WebApplicationException(Response.Status.BAD_REQUEST);
    }
    User userByLogin = userFinder.findByLogin(user.getLogin());

    if (userByLogin != null) {
      throw new WebApplicationException(Response.Status.CONFLICT);
    }

    final Address userAddress = user.getAddress();

    if (userAddress != null) {
      if (userAddress.getId() != null) {
        throw new WebApplicationException(Response.Status.BAD_REQUEST);
      }

      if (!countryChecker.isAvailable(userAddress.getCountryIso3Code())) {
        LOG.error("Country {} is not available", userAddress.getCountryIso3Code());
        throw new WebApplicationException(Response.Status.BAD_REQUEST);
      }
    }

    entityManager.persist(user);
    Role userRole = roleFinder.findByName(RoleName.user);
    user.setRoles(Sets.newHashSet(userRole));

    user.setPassword(hashSha256Base64(user.getPassword()));

    if (!sessionContext.isCallerInRole(ADMIN)) {
      user.setActivated(false);
      generateActionTokenAndSendMail(user, Mails.userRegistration);
    }

    return user;
  }