@PreAuthorize("hasRole('AUTH')") @RequestMapping( value = "/admin/users/checkUserCode.html", method = RequestMethod.POST, produces = "application/json") public @ResponseBody String checkUserCode( HttpServletRequest request, HttpServletResponse response, Locale locale) { String code = request.getParameter("code"); String id = request.getParameter("id"); AjaxResponse resp = new AjaxResponse(); try { if (StringUtils.isBlank(code)) { resp.setStatus(AjaxResponse.CODE_ALREADY_EXIST); return resp.toJSONString(); } User user = userService.getByUserName(code); if (!StringUtils.isBlank(id) && user != null) { try { Long lid = Long.parseLong(id); if (user.getAdminName().equals(code) && user.getId() == lid) { resp.setStatus(AjaxResponse.RESPONSE_STATUS_SUCCESS); return resp.toJSONString(); } } catch (Exception e) { resp.setStatus(AjaxResponse.CODE_ALREADY_EXIST); return resp.toJSONString(); } } if (StringUtils.isBlank(code)) { resp.setStatus(AjaxResponse.CODE_ALREADY_EXIST); return resp.toJSONString(); } if (user != null) { resp.setStatus(AjaxResponse.CODE_ALREADY_EXIST); return resp.toJSONString(); } resp.setStatus(AjaxResponse.RESPONSE_OPERATION_COMPLETED); } catch (Exception e) { LOGGER.error("Error while getting user", e); resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); resp.setErrorMessage(e); } String returnString = resp.toJSONString(); return returnString; }
/** * From user profile * * @param model * @param request * @param response * @param locale * @return * @throws Exception */ @PreAuthorize("hasRole('AUTH')") @RequestMapping(value = "/admin/users/displayUser.html", method = RequestMethod.GET) public String displayUserEdit( Model model, HttpServletRequest request, HttpServletResponse response, Locale locale) throws Exception { String userName = request.getRemoteUser(); User user = userService.getByUserName(userName); return displayUser(user, model, request, response, locale); }
/** * Displays a list of users that can be managed by admins * * @param request * @param response * @return */ @SuppressWarnings("unchecked") @PreAuthorize("hasRole('STORE_ADMIN')") @RequestMapping( value = "/admin/users/paging.html", method = RequestMethod.POST, produces = "application/json") public @ResponseBody String pageUsers(HttpServletRequest request, HttpServletResponse response) { AjaxResponse resp = new AjaxResponse(); MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE); String sCurrentUser = request.getRemoteUser(); try { User currentUser = userService.getByUserName(sCurrentUser); List<User> users = null; if (UserUtils.userInGroup(currentUser, Constants.GROUP_SUPERADMIN)) { users = userService.listUser(); } else { users = userService.listByStore(store); } for (User user : users) { if (!UserUtils.userInGroup(user, Constants.GROUP_SUPERADMIN)) { if (!currentUser.equals(user.getAdminName())) { @SuppressWarnings("rawtypes") Map entry = new HashMap(); entry.put("userId", user.getId()); entry.put("name", user.getFirstName() + " " + user.getLastName()); entry.put("email", user.getAdminEmail()); entry.put("active", user.isActive()); resp.addDataEntry(entry); } } } resp.setStatus(AjaxResponse.RESPONSE_STATUS_SUCCESS); } catch (Exception e) { LOGGER.error("Error while paging products", e); resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); } String returnString = resp.toJSONString(); return returnString; }
// password reset functionality --- Sajid Shajahan @RequestMapping( value = "/admin/users/resetPassword.html", method = RequestMethod.POST, produces = "application/json") public @ResponseBody String resetPassword( HttpServletRequest request, HttpServletResponse response, Locale locale) { AjaxResponse resp = new AjaxResponse(); String userName = request.getParameter("username"); /** * Get User with userService.getByUserName Get 3 security questions from User.getQuestion1, * user.getQuestion2, user.getQuestion3 */ HttpSession session = request.getSession(); session.setAttribute("username_reset", userName); try { if (!StringUtils.isBlank(userName)) { User dbUser = userService.getByUserName(userName); if (dbUser == null) { resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); resp.setStatusMessage(messages.getMessage("message.username.notfound", locale)); return resp.toJSONString(); } Map<String, String> entry = new HashMap<String, String>(); entry.put(QUESTION_1, dbUser.getQuestion1()); entry.put(QUESTION_2, dbUser.getQuestion2()); entry.put(QUESTION_3, dbUser.getQuestion3()); resp.addDataEntry(entry); resp.setStatus(AjaxResponse.RESPONSE_OPERATION_COMPLETED); } else { resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); resp.setStatusMessage(messages.getMessage("User.resetPassword.Error", locale)); } } catch (Exception e) { e.printStackTrace(); resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); resp.setStatusMessage(messages.getMessage("User.resetPassword.Error", locale)); return resp.toJSONString(); } String returnString = resp.toJSONString(); return returnString; }
@PreAuthorize("hasRole('AUTH')") @RequestMapping(value = "/admin/users/password.html", method = RequestMethod.GET) public String displayChangePassword( Model model, HttpServletRequest request, HttpServletResponse response, Locale locale) throws Exception { setMenu(model, request); String userName = request.getRemoteUser(); User user = userService.getByUserName(userName); Password password = new Password(); password.setUser(user); model.addAttribute("password", password); model.addAttribute("user", user); return ControllerConstants.Tiles.User.password; }
// password reset functionality --- Sajid Shajahan @RequestMapping( value = "/admin/users/resetPasswordSecurityQtn.html", method = RequestMethod.POST, produces = "application/json") public @ResponseBody String resetPasswordSecurityQtn( @ModelAttribute(value = "userReset") UserReset userReset, HttpServletRequest request, HttpServletResponse response, Locale locale) { MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE); Language userLanguage = null; Locale userLocale = null; AjaxResponse resp = new AjaxResponse(); // String question1 = request.getParameter("question1"); // String question2 = request.getParameter("question2"); // String question3 = request.getParameter("question3"); String answer1 = request.getParameter("answer1"); String answer2 = request.getParameter("answer2"); String answer3 = request.getParameter("answer3"); try { HttpSession session = request.getSession(); User dbUser = userService.getByUserName((String) session.getAttribute("username_reset")); if (dbUser != null) { if (dbUser.getAnswer1().equals(answer1.trim()) && dbUser.getAnswer2().equals(answer2.trim()) && dbUser.getAnswer3().equals(answer3.trim())) { userLanguage = dbUser.getDefaultLanguage(); userLocale = LocaleUtils.getLocale(userLanguage); String tempPass = userReset.generateRandomString(); String pass = passwordEncoder.encodePassword(tempPass, null); dbUser.setAdminPassword(pass); userService.update(dbUser); // send email try { String[] storeEmail = {store.getStoreEmailAddress()}; Map<String, String> templateTokens = EmailUtils.createEmailObjectsMap( request.getContextPath(), store, messages, userLocale); templateTokens.put( EmailConstants.EMAIL_RESET_PASSWORD_TXT, messages.getMessage("email.user.resetpassword.text", userLocale)); templateTokens.put( EmailConstants.EMAIL_CONTACT_OWNER, messages.getMessage("email.contactowner", storeEmail, userLocale)); templateTokens.put( EmailConstants.EMAIL_PASSWORD_LABEL, messages.getMessage("label.generic.password", userLocale)); templateTokens.put(EmailConstants.EMAIL_USER_PASSWORD, tempPass); Email email = new Email(); email.setFrom(store.getStorename()); email.setFromEmail(store.getStoreEmailAddress()); email.setSubject(messages.getMessage("label.generic.changepassword", userLocale)); email.setTo(dbUser.getAdminEmail()); email.setTemplateName(RESET_PASSWORD_TPL); email.setTemplateTokens(templateTokens); emailService.sendHtmlEmail(store, email); } catch (Exception e) { LOGGER.error("Cannot send email to user", e); } resp.setStatus(AjaxResponse.RESPONSE_OPERATION_COMPLETED); resp.setStatusMessage(messages.getMessage("User.resetPassword.resetSuccess", locale)); } else { resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); resp.setStatusMessage(messages.getMessage("User.resetPassword.wrongSecurityQtn", locale)); } } else { resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); resp.setStatusMessage(messages.getMessage("User.resetPassword.userNotFound", locale)); } } catch (ServiceException e) { e.printStackTrace(); resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); resp.setStatusMessage(messages.getMessage("User.resetPassword.Error", locale)); } String returnString = resp.toJSONString(); return returnString; }
@PreAuthorize("hasRole('AUTH')") @RequestMapping( value = "/admin/users/remove.html", method = RequestMethod.POST, produces = "application/json") public @ResponseBody String removeUser(HttpServletRequest request, Locale locale) throws Exception { // do not remove super admin String sUserId = request.getParameter("userId"); AjaxResponse resp = new AjaxResponse(); String userName = request.getRemoteUser(); User remoteUser = userService.getByUserName(userName); try { Long userId = Long.parseLong(sUserId); User user = userService.getById(userId); /** In order to remove a User the logged in ser must be STORE_ADMIN or SUPER_USER */ if (user == null) { resp.setStatusMessage(messages.getMessage("message.unauthorized", locale)); resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); return resp.toJSONString(); } if (!request.isUserInRole(Constants.GROUP_ADMIN)) { resp.setStatusMessage(messages.getMessage("message.unauthorized", locale)); resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); return resp.toJSONString(); } // check if the user removed has group ADMIN boolean isAdmin = false; if (UserUtils.userInGroup(remoteUser, Constants.GROUP_ADMIN) || UserUtils.userInGroup(remoteUser, Constants.GROUP_SUPERADMIN)) { isAdmin = true; } if (!isAdmin) { resp.setStatusMessage( messages.getMessage("message.security.caanotremovesuperadmin", locale)); resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); return resp.toJSONString(); } userService.delete(user); resp.setStatus(AjaxResponse.RESPONSE_OPERATION_COMPLETED); } catch (Exception e) { LOGGER.error("Error while deleting product price", e); resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); resp.setErrorMessage(e); } String returnString = resp.toJSONString(); return returnString; }
@PreAuthorize("hasRole('AUTH')") @RequestMapping(value = "/admin/users/save.html", method = RequestMethod.POST) public String saveUser( @Valid @ModelAttribute("user") User user, BindingResult result, Model model, HttpServletRequest request, Locale locale) throws Exception { setMenu(model, request); MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE); this.populateUserObjects(user, store, model, locale); Language language = user.getDefaultLanguage(); Language l = languageService.getById(language.getId()); user.setDefaultLanguage(l); Locale userLocale = LocaleUtils.getLocale(l); User dbUser = null; // edit mode, need to get original user important information if (user.getId() != null) { dbUser = userService.getByUserName(user.getAdminName()); if (dbUser == null) { return "redirect://admin/users/displayUser.html"; } } List<Group> submitedGroups = user.getGroups(); Set<Integer> ids = new HashSet<Integer>(); for (Group group : submitedGroups) { ids.add(Integer.parseInt(group.getGroupName())); } // validate security questions not empty if (StringUtils.isBlank(user.getAnswer1())) { ObjectError error = new ObjectError( "answer1", messages.getMessage("security.answer.question1.message", locale)); result.addError(error); } if (StringUtils.isBlank(user.getAnswer2())) { ObjectError error = new ObjectError( "answer2", messages.getMessage("security.answer.question2.message", locale)); result.addError(error); } if (StringUtils.isBlank(user.getAnswer3())) { ObjectError error = new ObjectError( "answer3", messages.getMessage("security.answer.question3.message", locale)); result.addError(error); } if (user.getQuestion1().equals(user.getQuestion2()) || user.getQuestion1().equals(user.getQuestion3()) || user.getQuestion2().equals(user.getQuestion1()) || user.getQuestion1().equals(user.getQuestion3()) || user.getQuestion3().equals(user.getQuestion1()) || user.getQuestion1().equals(user.getQuestion2())) { ObjectError error = new ObjectError( "question1", messages.getMessage("security.questions.differentmessages", locale)); result.addError(error); } Group superAdmin = null; if (user.getId() != null && user.getId() > 0) { if (user.getId().longValue() != dbUser.getId().longValue()) { return "redirect://admin/users/displayUser.html"; } List<Group> groups = dbUser.getGroups(); // boolean removeSuperAdmin = true; for (Group group : groups) { // can't revoke super admin if (group.getGroupName().equals("SUPERADMIN")) { superAdmin = group; } } } else { if (user.getAdminPassword().length() < 6) { ObjectError error = new ObjectError( "adminPassword", messages.getMessage("message.password.length", locale)); result.addError(error); } } if (superAdmin != null) { ids.add(superAdmin.getId()); } List<Group> newGroups = groupService.listGroupByIds(ids); // set actual user groups user.setGroups(newGroups); if (result.hasErrors()) { return ControllerConstants.Tiles.User.profile; } String decodedPassword = user.getAdminPassword(); if (user.getId() != null && user.getId() > 0) { user.setAdminPassword(dbUser.getAdminPassword()); } else { String encoded = passwordEncoder.encodePassword(user.getAdminPassword(), null); user.setAdminPassword(encoded); } if (user.getId() == null || user.getId().longValue() == 0) { // save or update user userService.saveOrUpdate(user); try { // creation of a user, send an email String userName = user.getFirstName(); if (StringUtils.isBlank(userName)) { userName = user.getAdminName(); } String[] userNameArg = {userName}; Map<String, String> templateTokens = EmailUtils.createEmailObjectsMap(request.getContextPath(), store, messages, userLocale); templateTokens.put( EmailConstants.EMAIL_NEW_USER_TEXT, messages.getMessage("email.greeting", userNameArg, userLocale)); templateTokens.put(EmailConstants.EMAIL_USER_FIRSTNAME, user.getFirstName()); templateTokens.put(EmailConstants.EMAIL_USER_LASTNAME, user.getLastName()); templateTokens.put( EmailConstants.EMAIL_ADMIN_USERNAME_LABEL, messages.getMessage("label.generic.username", userLocale)); templateTokens.put(EmailConstants.EMAIL_ADMIN_NAME, user.getAdminName()); templateTokens.put( EmailConstants.EMAIL_TEXT_NEW_USER_CREATED, messages.getMessage("email.newuser.text", userLocale)); templateTokens.put( EmailConstants.EMAIL_ADMIN_PASSWORD_LABEL, messages.getMessage("label.generic.password", userLocale)); templateTokens.put(EmailConstants.EMAIL_ADMIN_PASSWORD, decodedPassword); templateTokens.put( EmailConstants.EMAIL_ADMIN_URL_LABEL, messages.getMessage("label.adminurl", userLocale)); templateTokens.put( EmailConstants.EMAIL_ADMIN_URL, FilePathUtils.buildAdminUri(store, request)); Email email = new Email(); email.setFrom(store.getStorename()); email.setFromEmail(store.getStoreEmailAddress()); email.setSubject(messages.getMessage("email.newuser.title", userLocale)); email.setTo(user.getAdminEmail()); email.setTemplateName(NEW_USER_TMPL); email.setTemplateTokens(templateTokens); emailService.sendHtmlEmail(store, email); } catch (Exception e) { LOGGER.error("Cannot send email to user", e); } } else { // save or update user userService.saveOrUpdate(user); } model.addAttribute("success", "success"); return ControllerConstants.Tiles.User.profile; }
@PreAuthorize("hasRole('AUTH')") @RequestMapping(value = "/admin/users/savePassword.html", method = RequestMethod.POST) public String changePassword( @ModelAttribute("password") Password password, BindingResult result, Model model, HttpServletRequest request, HttpServletResponse response, Locale locale) throws Exception { setMenu(model, request); String userName = request.getRemoteUser(); User dbUser = userService.getByUserName(userName); if (password.getUser().getId().longValue() != dbUser.getId().longValue()) { return "redirect:/admin/users/displayUser.html"; } // validate password not empty if (StringUtils.isBlank(password.getPassword())) { ObjectError error = new ObjectError( "password", new StringBuilder() .append(messages.getMessage("label.generic.password", locale)) .append(" ") .append(messages.getMessage("message.cannot.empty", locale)) .toString()); result.addError(error); return ControllerConstants.Tiles.User.password; } String tempPass = passwordEncoder.encodePassword(password.getPassword(), null); // password match if (!tempPass.equals(dbUser.getAdminPassword())) { ObjectError error = new ObjectError("password", messages.getMessage("message.password.invalid", locale)); result.addError(error); return ControllerConstants.Tiles.User.password; } if (StringUtils.isBlank(password.getNewPassword())) { ObjectError error = new ObjectError( "newPassword", new StringBuilder() .append(messages.getMessage("label.generic.newpassword", locale)) .append(" ") .append(messages.getMessage("message.cannot.empty", locale)) .toString()); result.addError(error); } if (StringUtils.isBlank(password.getRepeatPassword())) { ObjectError error = new ObjectError( "newPasswordAgain", new StringBuilder() .append(messages.getMessage("label.generic.newpassword.repeat", locale)) .append(" ") .append(messages.getMessage("message.cannot.empty", locale)) .toString()); result.addError(error); } if (!password.getRepeatPassword().equals(password.getNewPassword())) { ObjectError error = new ObjectError( "newPasswordAgain", messages.getMessage("message.password.different", locale)); result.addError(error); } if (password.getNewPassword().length() < 6) { ObjectError error = new ObjectError("newPassword", messages.getMessage("message.password.length", locale)); result.addError(error); } if (result.hasErrors()) { return ControllerConstants.Tiles.User.password; } String pass = passwordEncoder.encodePassword(password.getNewPassword(), null); dbUser.setAdminPassword(pass); userService.update(dbUser); model.addAttribute("success", "success"); return ControllerConstants.Tiles.User.password; }