예제 #1
0
 @GET
 @Path("/count")
 @Produces(MediaType.APPLICATION_JSON)
 @RolesAllowed({ADMIN, ADMIN_READONLY})
 public Long count(@QueryParam("search") String search) {
   if (search != null) return userFinder.countBySearchCriteria(search);
   else return userFinder.countAll();
 }
예제 #2
0
 @GET
 @Path("/")
 @Produces(MediaType.APPLICATION_JSON)
 @RolesAllowed({ADMIN, ADMIN_READONLY})
 public List<User> findAll(
     @QueryParam("search") String search,
     @QueryParam("start") Integer start,
     @QueryParam("size") Integer size,
     @QueryParam("orderBy") String orderBy,
     @QueryParam("isDesc") Boolean isDesc) {
   if (search != null)
     return userFinder.findBySearchCriteria(search, start, size, orderBy, isDesc);
   else return userFinder.findAll(start, size, orderBy, isDesc);
 }
예제 #3
0
  @PUT
  @Consumes(MediaType.APPLICATION_JSON)
  @Produces(MediaType.APPLICATION_JSON)
  @RolesAllowed({ADMIN, USER})
  public User modify(@NotNull User user) {

    User existingUser = null;
    if (sessionContext.isCallerInRole(USER) && !sessionContext.isCallerInRole(ADMIN)) {
      existingUser = userFinder.findByLogin(sessionContext.getCallerPrincipal().getName());

      if (!existingUser.getId().equals(user.getId())
          || !existingUser.getLogin().equals(user.getLogin())) {
        throw new WebApplicationException(Response.Status.UNAUTHORIZED);
      }

      user.setActivated(existingUser.getActivated());
      user.setDisabled(existingUser.getDisabled());
      user.setActionToken(existingUser.getActionToken());
    }

    if (existingUser == null) {
      existingUser = entityManager.find(User.class, user.getId());
    }
    checkNotNull(existingUser);
    user.setPassword(existingUser.getPassword());
    user.setCreationDate(existingUser.getCreationDate());
    user.setRoles(existingUser.getRoles());
    return entityManager.merge(user);
  }
예제 #4
0
 @POST
 @Consumes(MediaType.APPLICATION_JSON)
 @Produces(MediaType.APPLICATION_JSON)
 @Path("/{userLogin}/password")
 @PermitAll
 public void sendResetPasswordMail(@NotNull @PathParam("userLogin") String userLogin) {
   User user = userFinder.findByLogin(userLogin);
   if (user != null) {
     generateActionTokenAndSendMail(user, Mails.userResetPassword);
   } else {
     throw new WebApplicationException(Response.Status.NOT_FOUND);
   }
 }
예제 #5
0
  @GET
  @Path("/current")
  @Produces(MediaType.APPLICATION_JSON)
  @RolesAllowed({ADMIN, ADMIN_READONLY, USER})
  public User findCurrentUser() {

    User user = userFinder.findByLogin(sessionContext.getCallerPrincipal().getName());

    if (user == null) {
      throw new WebApplicationException(Response.Status.NOT_FOUND);
    }

    return user;
  }
예제 #6
0
  @PUT
  @Consumes(MediaType.APPLICATION_JSON)
  @Produces(MediaType.APPLICATION_JSON)
  @Path("/{userLogin}/password")
  @PermitAll
  public void resetPassword(
      @NotNull @PathParam("userLogin") String userLogin,
      @QueryParam("token") String token,
      @NotNull String newPassword) {

    User user;

    if (sessionContext.isCallerInRole(ADMIN)) {

      user = userFinder.findByLogin(userLogin);

    } else if (sessionContext.isCallerInRole(USER)) {

      user = userFinder.findByLogin(sessionContext.getCallerPrincipal().getName());

      if (!userLogin.equals(user.getLogin())) {
        throw new WebApplicationException(Response.Status.UNAUTHORIZED);
      }
    } else {
      user = userFinder.findByLogin(userLogin);

      if (user == null || !user.getActionToken().equals(UUID.fromString(token))) {
        throw new WebApplicationException(Response.Status.NOT_FOUND);
      }
      user.setActionToken(null);
    }

    user.setPassword(hashSha256Base64(newPassword));
    user.setActivated(true);
    sendMail(user, Mails.userChangePassword);
  }
예제 #7
0
 @PUT
 @Consumes(MediaType.APPLICATION_JSON)
 @Produces(MediaType.APPLICATION_JSON)
 @Path("/{userLogin}")
 @PermitAll
 public void activate(@NotNull @PathParam("userLogin") String userLogin, @NotNull String token) {
   User user = userFinder.findByLogin(userLogin);
   if (user != null
       && user.getActionToken() != null
       && user.getActionToken().equals(UUID.fromString(token))) {
     user.setActivated(true);
     user.setActionToken(null);
   } else {
     throw new WebApplicationException(Response.Status.NOT_FOUND);
   }
 }
예제 #8
0
  @Test
  public void shouldResponse() throws Exception {
    when(mockUserFinder.findUsersByName(new String[] {"피평가자1", "평가자1", "계정없음", "피평가자2"}))
        .thenReturn(
            Arrays.asList(
                found("피평가자1", "ratee1"),
                found("평가자1", "rater1"),
                notFound("계정없음"),
                found("피평가자2", "ratee2")));

    mockMvc
        .perform(get("/api/users").param("op", "findId").param("name", "피평가자1,평가자1,계정없음,피평가자2"))
        .andExpect(jsonPath("$.[0].name").value("피평가자1"))
        .andExpect(jsonPath("$.[0].found").value(true))
        .andExpect(jsonPath("$.[0].id").value("ratee1"))
        .andExpect(jsonPath("$.[2].name").value("계정없음"))
        .andExpect(jsonPath("$.[2].found").value(false));
  }
예제 #9
0
  @POST
  @Consumes(MediaType.APPLICATION_JSON)
  @Produces(MediaType.APPLICATION_JSON)
  @PermitAll
  public User create(@NotNull User user) {

    if (user.getId() != null) {
      throw new WebApplicationException(Response.Status.BAD_REQUEST);
    }
    User userByLogin = userFinder.findByLogin(user.getLogin());

    if (userByLogin != null) {
      throw new WebApplicationException(Response.Status.CONFLICT);
    }

    final Address userAddress = user.getAddress();

    if (userAddress != null) {
      if (userAddress.getId() != null) {
        throw new WebApplicationException(Response.Status.BAD_REQUEST);
      }

      if (!countryChecker.isAvailable(userAddress.getCountryIso3Code())) {
        LOG.error("Country {} is not available", userAddress.getCountryIso3Code());
        throw new WebApplicationException(Response.Status.BAD_REQUEST);
      }
    }

    entityManager.persist(user);
    Role userRole = roleFinder.findByName(RoleName.user);
    user.setRoles(Sets.newHashSet(userRole));

    user.setPassword(hashSha256Base64(user.getPassword()));

    if (!sessionContext.isCallerInRole(ADMIN)) {
      user.setActivated(false);
      generateActionTokenAndSendMail(user, Mails.userRegistration);
    }

    return user;
  }