/**
* Interface: GET /yes-api/rest/auth/check
*
* <p>
*
* <p>Check interface that allows to check authentication state of user. The token for the
* authenticated cart is returned back as response header and also as a cookie.
*
* <p>
*
* <p>
*
* <h3>Headers for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>Accept</td><td>application/json or application/xml</td></tr>
* <tr><td>yc</td><td>token uuid</td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Parameters for operation</h3>
*
* <p>NONE
*
* <p>
*
* <p>
*
* <h3>Output</h3>
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "success" : true,
* "greeting" : "Bob Doe",
* "token" : {
* "uuid" : "1db8def2-21e0-44d2-aeb0-56baae761129"
* },
* "error" : null
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <authentication-result>
* <greeting>Bob Doe</greeting>
* <success>true</success>
* <token>
* <uuid>1db8def2-21e0-44d2-aeb0-56baae761129</uuid>
* </token>
* </authentication-result>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Error codes</h3>
*
* <p>
*
* <table border="1">
* <tr><td>SESSION_EXPIRED</td><td>user session expired</td></tr>
* <tr><td>INACTIVE_FOR_SHOP</td><td>user is inactive for shop</td></tr>
* <tr><td>AUTH_FAILED</td><td>user exists but credentials are not valid</td></tr>
* </table>
*
* @param request request
* @param response response
* @return authentication result
*/
@RequestMapping(
value = "/check",
method = RequestMethod.GET,
produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE})
public @ResponseBody AuthenticationResultRO check(
final HttpServletRequest request, final HttpServletResponse response) {
final ShoppingCart cart = cartMixin.getCurrentCart();
cartMixin.persistShoppingCart(request, response);
switch (cart.getLogonState()) {
case ShoppingCart.LOGGED_IN:
return new AuthenticationResultRO(cart.getCustomerName(), new TokenRO(cart.getGuid()));
case ShoppingCart.SESSION_EXPIRED:
final AuthenticationResultRO authExpired =
new AuthenticationResultRO(cart.getCustomerName(), new TokenRO(cart.getGuid()));
authExpired.setAuthenticated(false);
authExpired.setCode("SESSION_EXPIRED");
return authExpired;
case ShoppingCart.INACTIVE_FOR_SHOP:
final AuthenticationResultRO authInactive =
new AuthenticationResultRO(cart.getCustomerName(), new TokenRO(cart.getGuid()));
authInactive.setAuthenticated(false);
authInactive.setCode("INACTIVE_FOR_SHOP");
return authInactive;
case ShoppingCart.NOT_LOGGED:
default:
return new AuthenticationResultRO("AUTH_FAILED");
}
}
/**
* Interface: PUT /yes-api/rest/auth/login
*
* <p>
*
* <p>Login interface that allows to authenticate user cart. The token for the authenticated cart
* is returned back as response header and also as a cookie.
*
* <p>
*
* <p>
*
* <h3>Headers for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>Content-Type</td><td>application/json or application/xml</td></tr>
* <tr><td>Accept</td><td>application/json or application/xml</td></tr>
* <tr><td>yc</td><td>token uuid (optional)</td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Parameters for login PUT operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "username": "******",
* "password": "******",
* "activate": true
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <login>
* <username>[email protected]</username>
* <password>bBuyM-6-</password>
* <activate>true</activate>
* </login>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Output</h3>
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "success" : true,
* "greeting" : "Bob Doe",
* "token" : {
* "uuid" : "1db8def2-21e0-44d2-aeb0-56baae761129"
* },
* "error" : null
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <authentication-result>
* <greeting>Bob Doe</greeting>
* <success>true</success>
* <token>
* <uuid>1db8def2-21e0-44d2-aeb0-56baae761129</uuid>
* </token>
* </authentication-result>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Error codes</h3>
*
* <p>
*
* <table border="1">
* <tr><td>USER_FAILED</td><td>user does not exist</td></tr>
* <tr><td>AUTH_FAILED</td><td>user exists but credentials are not valid</td></tr>
* <tr><td>INACTIVE_FOR_SHOP</td><td>user exists but profile is active for given shop, use activate=true to force activation on login</td></tr>
* </table>
*
* @param loginRO login parameters (see examples above)
* @param request request
* @param response response
* @return authentication result
*/
@RequestMapping(
value = "/login",
method = RequestMethod.PUT,
produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE})
public @ResponseBody AuthenticationResultRO login(
final @RequestBody LoginRO loginRO,
final HttpServletRequest request,
final HttpServletResponse response) {
final Customer customer = customerServiceFacade.getCustomerByEmail(loginRO.getUsername());
if (customer != null) {
do {
executeLoginCommand(loginRO.getUsername(), loginRO.getPassword());
final TokenRO token = cartMixin.persistShoppingCart(request, response);
ShoppingCart cart = cartMixin.getCurrentCart();
final int logOnState = cart.getLogonState();
if (logOnState == ShoppingCart.LOGGED_IN) {
return new AuthenticationResultRO(cart.getCustomerName(), token);
} else if (logOnState == ShoppingCart.INACTIVE_FOR_SHOP) {
if (loginRO.isActivate()) {
// Login again with inactive state adds customer to shop
continue;
}
return new AuthenticationResultRO("INACTIVE_FOR_SHOP");
} else {
// any other state should break to AUTH_FAILED
break;
}
} while (true);
return new AuthenticationResultRO("AUTH_FAILED");
}
return new AuthenticationResultRO("USER_FAILED");
}
/**
* Interface: GET /yes-api/rest/auth/logout
*
* <p>
*
* <p>Logout interface that allows to de-authenticate user cart. The token for the authenticated
* cart is returned back as response header and also as a cookie.
*
* <p>
*
* <p>
*
* <h3>Headers for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>Accept</td><td>application/json or application/xml</td></tr>
* <tr><td>yc</td><td>token uuid</td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Parameters for logout operation</h3>
*
* <p>NONE
*
* <p>
*
* <p>
*
* <h3>Output</h3>
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "success" : true,
* "greeting" : null,
* "tokenRO" : null,
* "error" : 'LOGOUT_SUCCESS'
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <authentication-result>
* <greeting>Bob Doe</greeting>
* <success>true</success>
* <token>
* <uuid>1db8def2-21e0-44d2-aeb0-56baae761129</uuid>
* </token>
* </authentication-result>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Error codes</h3>
*
* <p>
*
* <table border="1">
* <tr><td>LOGOUT_SUCCESS</td><td>if logout was successful</td></tr>
* </table>
*
* @param request request
* @param response response
* @return authentication result
*/
@RequestMapping(
value = "/logout",
method = RequestMethod.GET,
produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE})
public @ResponseBody AuthenticationResultRO logout(
final HttpServletRequest request, final HttpServletResponse response) {
final ShoppingCart cart = cartMixin.getCurrentCart();
if (cart.getLogonState() == ShoppingCart.LOGGED_IN) {
executeLogoutCommand();
cartMixin.persistShoppingCart(request, response);
}
return new AuthenticationResultRO("LOGOUT_SUCCESS");
}
private void removeWishListItem(
final ShoppingCart shoppingCart, final ProductSku productSku, final long pk) {
final List<CustomerWishList> wishList =
customerWishListService.getWishListByCustomerEmail(shoppingCart.getCustomerEmail());
for (final CustomerWishList item : wishList) {
if (item.getCustomerwishlistId() == pk) {
customerWishListService.delete(item);
return;
}
}
}
/**
* Interface: PUT /yes-api/rest/auth/register
*
* <p>
*
* <p>Register interface that allows to register user. The token for the authenticated cart is
* returned back as response header and also as a cookie.
*
* <p>
*
* <p>
*
* <h3>Headers for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>Content-Type</td><td>application/json or application/xml</td></tr>
* <tr><td>Accept</td><td>application/json or application/xml</td></tr>
* <tr><td>yc</td><td>token uuid (optional)</td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Parameters for register PUT operation</h3>
*
* <p>
*
* <p>
*
* <p>
*
* <table border="1">
* <tr><td>JSON example:</td><td>
* <pre><code>
* {
* "email" : "*****@*****.**",
* "firstname" : "Bob",
* "lastname" : "Doe",
* "phone" : "123123123123",
* "custom" : {
* "attr1": "value1",
* "attr2": "value2",
* ...
* "attrN": "valueN"
* }
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example:</td><td>
* <pre><code>
* <login>
* <email>[email protected]</email>
* <firstname>Bob</firstname>
* <lastname>Doe</lastname>
* <phone>123123123123</phone>
* <custom>
* <entry key="attr1">value1</entry>
* <entry key="attr2">value2</entry>
* ...
* <entry key="attrN">valueN</entry>
* </custom>
* </login>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Output</h3>
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "success" : true,
* "greeting" : "Bob Doe",
* "token" : {
* "uuid" : "1db8def2-21e0-44d2-aeb0-56baae761129"
* },
* "error" : null
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <authentication-result>
* <greeting>Bob Doe</greeting>
* <success>true</success>
* <token>
* <uuid>1db8def2-21e0-44d2-aeb0-56baae761129</uuid>
* </token>
* </authentication-result>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Error codes</h3>
*
* <p>
*
* <table border="1">
* <tr><td>EMAIL_FAILED</td><td>email must be more than 6 and less than 256 chars (^[_A-Za-z0-9-]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9-]+)*((\.[A-Za-z]{2,}){1}$)) </td></tr>
* <tr><td>FIRSTNAME_FAILED</td><td>must be not blank</td></tr>
* <tr><td>LASTNAME_FAILED</td><td>must be not blank</td></tr>
* <tr><td>PHONE_FAILED</td><td>phone must be more than 4 and less than 13 chars</td></tr>
* <tr><td>[ATTRIBUTE CODE]:FAILED</td><td>
* E.g. CUSTOMERTYPE_FAILED denoting that mandatory value was missing (could also happen if regex fails but there is no
* validation message specified on the {@link org.yes.cart.domain.entity.Attribute#getValidationFailedMessage()})
* </td></tr>
* <tr><td>[ATTRIBUTE CODE]:FAILED:[Message]</td><td>
* E.g. "CUSTOMERTYPE:FAILED:Please choose either Buyer or Seller (UK)" denoting that regex test failed.
* RegEx and Message come from {@link org.yes.cart.domain.entity.Attribute#getRegexp()} and
* {@link org.yes.cart.domain.entity.Attribute#getValidationFailedMessage()} respectively
* </td></tr>
* <tr><td>USER_FAILED</td><td>email must not be already registered</td></tr>
* </table>
*
* @param registerRO register parameters (see examples above)
* @param request request
* @param response response
* @return authentication result
*/
@RequestMapping(
value = "/register",
method = RequestMethod.PUT,
produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE},
consumes = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE})
public @ResponseBody AuthenticationResultRO register(
final @RequestBody RegisterRO registerRO,
final HttpServletRequest request,
final HttpServletResponse response) {
if (StringUtils.isBlank(registerRO.getEmail())
|| registerRO.getEmail().length() < 6
|| registerRO.getEmail().length() > 256
|| !EMAIL.matcher(registerRO.getEmail()).matches()) {
return new AuthenticationResultRO("EMAIL_FAILED");
}
if (StringUtils.isBlank(registerRO.getFirstname())) {
return new AuthenticationResultRO("FIRSTNAME_FAILED");
}
if (StringUtils.isBlank(registerRO.getLastname())) {
return new AuthenticationResultRO("LASTNAME_FAILED");
}
if (StringUtils.isBlank(registerRO.getPhone())
|| registerRO.getPhone().length() < 4
|| registerRO.getPhone().length() > 13) {
return new AuthenticationResultRO("PHONE_FAILED");
}
if (customerServiceFacade.isCustomerRegistered(registerRO.getEmail())) {
return new AuthenticationResultRO("USER_FAILED");
}
final ShoppingCart cart = cartMixin.getCurrentCart();
final Shop shop = cartMixin.getCurrentShop();
final Map<String, Object> data = new HashMap<String, Object>();
if (registerRO.getCustom() != null) {
for (final AttrValueCustomer av : customerServiceFacade.getShopRegistrationAttributes(shop)) {
final Attribute attr = av.getAttribute();
final String value = registerRO.getCustom().get(attr.getCode());
if (attr.isMandatory() && StringUtils.isBlank(value)) {
return new AuthenticationResultRO(attr.getCode() + ":FAILED");
} else if (StringUtils.isNotBlank(attr.getRegexp())
&& !Pattern.compile(attr.getRegexp()).matcher(value).matches()) {
final String regexError =
new FailoverStringI18NModel(attr.getValidationFailedMessage(), null)
.getValue(cart.getCurrentLocale());
if (StringUtils.isBlank(regexError)) {
return new AuthenticationResultRO(attr.getCode() + ":FAILED");
}
return new AuthenticationResultRO(attr.getCode() + ":FAILED:" + regexError);
} else {
data.put(attr.getCode(), value);
}
}
}
data.put("firstname", registerRO.getFirstname());
data.put("lastname", registerRO.getLastname());
data.put("phone", registerRO.getPhone());
final String password =
customerServiceFacade.registerCustomer(shop, registerRO.getEmail(), data);
final LoginRO loginRO = new LoginRO();
loginRO.setUsername(registerRO.getEmail());
loginRO.setPassword(password);
return login(loginRO, request, response);
}
/**
* Construct page.
*
* @param params page parameters
*/
public WishListPage(final PageParameters params) {
super(params);
final String email;
final Customer customer;
final String publicKey;
final String key = params.get("token").toString();
final String tag = params.get("tag").toString();
if (StringUtils.isBlank(key)) {
// Trying to view own wish list
final ShoppingCart cart = ApplicationDirector.getShoppingCart();
if (cart.getLogonState() == ShoppingCart.LOGGED_IN
&& ((AuthenticatedWebSession) getSession()).isSignedIn()) {
email = cart.getCustomerEmail();
customer =
customerServiceFacade.getCustomerByEmail(ApplicationDirector.getCurrentShop(), email);
publicKey = customerServiceFacade.getCustomerPublicKey(customer);
} else {
email = "";
customer = null;
publicKey = null;
// Redirect away from profile!
final PageParameters rparams = new PageParameters();
rparams.set(ShoppingCartCommand.CMD_LOGOUT, ShoppingCartCommand.CMD_LOGOUT);
setResponsePage(Application.get().getHomePage(), rparams);
}
} else {
publicKey = null;
customer = customerServiceFacade.getCustomerByPublicKey(key);
if (customer == null) {
info(getLocalizer().getString("wishListNotFound", this));
email = "";
} else {
email = customer.getEmail();
}
}
add(new FeedbackPanel(FEEDBACK));
add(
new WishListView(
WISHLIST_PANEL,
new Model<String>(email),
new Model<String>(CustomerWishList.SIMPLE_WISH_ITEM),
new Model<String>(tag))
.setVisible(customer != null)
.add(new AttributeModifier("data-publickey", publicKey)));
add(new StandardFooter(FOOTER));
add(new StandardHeader(HEADER));
add(new ServerSideJs("serverSideJs"));
add(new HeaderMetaInclude("headerInclude"));
if (StringUtils.isNotBlank(publicKey)) {
String content =
contentServiceFacade.getContentBody(
"profile_wishlist_owner_include",
ShopCodeContext.getShopId(),
getLocale().getLanguage());
add(new Label("wishListOwnerInfo", content).setEscapeModelStrings(false));
add(new Label("wishListViewerInfo", ""));
} else {
String content =
contentServiceFacade.getContentBody(
"profile_wishlist_viewer_include",
ShopCodeContext.getShopId(),
getLocale().getLanguage());
add(new Label("wishListOwnerInfo", ""));
add(new Label("wishListViewerInfo", content).setEscapeModelStrings(false));
}
}
