/** * Interface: POST /yes-api/rest/auth/resetpassword * * <p> * * <p>Reset password interface that allows to request password to be reset and reset it. Password * reset is a two step process. First step is to provide valid email of registered customer and * generate authToken. Second step is to use authToken in order to confirm password reset. * * <p> * * <p> * * <h3>Headers for operation</h3> * * <p> * * <table border="1"> * <tr><td>Accept</td><td>application/json or application/xml</td></tr> * <tr><td>yc</td><td>token uuid (optional)</td></tr> * </table> * * <p> * * <p> * * <h3>Parameters for operation</h3> * * <p> * * <table border="1"> * <tr><td>email</td><td> * E-mail of a registered customer. Supplying this parameter will trigger an email * with authToken. * </td></tr> * <tr><td>authToken</td><td> * E-mail of a registered customer. Supplying this parameter will trigger an * email with new password. * </td></tr> * </table> * * <p> * * <p> * * <h3>Output</h3> * * <p> * * <p>Output that does not have error code indicates successful processing. * * <p> * * <table border="1"> * <tr><td>JSON example</td><td> * <pre><code> * { * "success" : false, * "greeting" : null, * "token" : null, * "error" : null * } * </code></pre> * </td></tr> * <tr><td>XML example</td><td> * <pre><code> * <authentication-result> * <greeting/> * <success>false</success> * <token/> * </authentication-result> * </code></pre> * </td></tr> * </table> * * <p> * * <p> * * <h3>Error codes</h3> * * <p> * * <table border="1"> * <tr><td>INVALID_PARAMETERS</td><td>if either "email" or "authToken" was not sent</td></tr> * <tr><td>INVALID_TOKEN</td><td>Supplied authToken is not valid or expired</td></tr> * <tr><td>INVALID_EMAIL</td><td>Supplied email does not belong to a registered customer</td></tr> * </table> * * @param request request * @param response response * @return authentication result */ @RequestMapping( value = "/resetpassword", method = RequestMethod.POST, produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE}) public @ResponseBody AuthenticationResultRO resetPassword( @RequestParam(value = "email", required = false) final String email, @RequestParam(value = "authToken", required = false) final String authToken, final HttpServletRequest request, final HttpServletResponse response) { cartMixin.persistShoppingCart(request, response); if (StringUtils.isNotBlank(authToken)) { if (executePasswordResetCommand(authToken)) { return new AuthenticationResultRO(); } return new AuthenticationResultRO("INVALID_TOKEN"); } else if (StringUtils.isNotBlank(email)) { final Shop shop = cartMixin.getCurrentShop(); final Customer customer = customerServiceFacade.getCustomerByEmail(email); if (customer == null) { return new AuthenticationResultRO("INVALID_EMAIL"); } customerServiceFacade.resetPassword(shop, customer); return new AuthenticationResultRO(); } return new AuthenticationResultRO("INVALID_PARAMETERS"); }
/** * Interface: PUT /yes-api/rest/auth/login * * <p> * * <p>Login interface that allows to authenticate user cart. The token for the authenticated cart * is returned back as response header and also as a cookie. * * <p> * * <p> * * <h3>Headers for operation</h3> * * <p> * * <table border="1"> * <tr><td>Content-Type</td><td>application/json or application/xml</td></tr> * <tr><td>Accept</td><td>application/json or application/xml</td></tr> * <tr><td>yc</td><td>token uuid (optional)</td></tr> * </table> * * <p> * * <p> * * <h3>Parameters for login PUT operation</h3> * * <p> * * <table border="1"> * <tr><td>JSON example</td><td> * <pre><code> * { * "username": "******", * "password": "******", * "activate": true * } * </code></pre> * </td></tr> * <tr><td>XML example</td><td> * <pre><code> * <login> * <username>[email protected]</username> * <password>bBuyM-6-</password> * <activate>true</activate> * </login> * </code></pre> * </td></tr> * </table> * * <p> * * <p> * * <h3>Output</h3> * * <p> * * <table border="1"> * <tr><td>JSON example</td><td> * <pre><code> * { * "success" : true, * "greeting" : "Bob Doe", * "token" : { * "uuid" : "1db8def2-21e0-44d2-aeb0-56baae761129" * }, * "error" : null * } * </code></pre> * </td></tr> * <tr><td>XML example</td><td> * <pre><code> * <authentication-result> * <greeting>Bob Doe</greeting> * <success>true</success> * <token> * <uuid>1db8def2-21e0-44d2-aeb0-56baae761129</uuid> * </token> * </authentication-result> * </code></pre> * </td></tr> * </table> * * <p> * * <p> * * <h3>Error codes</h3> * * <p> * * <table border="1"> * <tr><td>USER_FAILED</td><td>user does not exist</td></tr> * <tr><td>AUTH_FAILED</td><td>user exists but credentials are not valid</td></tr> * <tr><td>INACTIVE_FOR_SHOP</td><td>user exists but profile is active for given shop, use activate=true to force activation on login</td></tr> * </table> * * @param loginRO login parameters (see examples above) * @param request request * @param response response * @return authentication result */ @RequestMapping( value = "/login", method = RequestMethod.PUT, produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE}) public @ResponseBody AuthenticationResultRO login( final @RequestBody LoginRO loginRO, final HttpServletRequest request, final HttpServletResponse response) { final Customer customer = customerServiceFacade.getCustomerByEmail(loginRO.getUsername()); if (customer != null) { do { executeLoginCommand(loginRO.getUsername(), loginRO.getPassword()); final TokenRO token = cartMixin.persistShoppingCart(request, response); ShoppingCart cart = cartMixin.getCurrentCart(); final int logOnState = cart.getLogonState(); if (logOnState == ShoppingCart.LOGGED_IN) { return new AuthenticationResultRO(cart.getCustomerName(), token); } else if (logOnState == ShoppingCart.INACTIVE_FOR_SHOP) { if (loginRO.isActivate()) { // Login again with inactive state adds customer to shop continue; } return new AuthenticationResultRO("INACTIVE_FOR_SHOP"); } else { // any other state should break to AUTH_FAILED break; } } while (true); return new AuthenticationResultRO("AUTH_FAILED"); } return new AuthenticationResultRO("USER_FAILED"); }
/** * Interface: GET /yes-api/rest/auth/register * * <p> * * <p>Interface to list all attributes required for registration * * <p> * * <p> * * <h3>Headers for operation</h3> * * <p> * * <table border="1"> * <tr><td>Content-Type</td><td>application/json or application/xml</td></tr> * <tr><td>Accept</td><td>application/json or application/xml</td></tr> * <tr><td>yc</td><td>token uuid (optional)</td></tr> * </table> * * <p> * * <p> * * <h3>Parameters for register GET operation</h3> * * <p> * * <p>NONE * * <p> * * <h3>Output</h3> * * <p> * * <table border="1"> * <tr><td>JSON example</td><td> * <pre><code> * { * "phone" : null, * "custom" : [ * { * "attrvalueId" : 0, * "val" : null, * "displayVals" : null, * "attributeName" : "Marketing Opt in", * "attributeId" : 11051, * "attributeDisplayNames" : {}, * "attributeDisplayChoices" : {}, * "customerId" : 0 * }, * { * "attrvalueId" : 0, * "val" : null, * "displayVals" : null, * "attributeName" : "Customer Type", * "attributeId" : 1611, * "attributeDisplayNames" : { * "uk" : "тип пользователя", * "en" : "Customer Type" * }, * "attributeDisplayChoices" : { * "uk" : "B-Покупатель,S-Продавец", * "ru" : "B-Покупатель,S-Продавец", * "en" : "B-Buyer,S-Seller" * }, * "customerId" : 0 * } * ], * "lastname" : null, * "firstname" : null, * "email" : null * } * </code></pre> * </td></tr> * <tr><td>XML example</td><td> * <pre><code> * <register-form> * <custom> * <attribute attribute-id="11051" attrvalue-id="0" customer-id="0"> * <attribute-display-choices/> * <attribute-display-names/> * <attribute-name>Marketing Opt in</attribute-name> * </attribute> * <attribute attribute-id="1611" attrvalue-id="0" customer-id="0"> * <attribute-display-choices> * <entry lang="uk">B-Покупатель,S-Продавец</entry> * <entry lang="en">B-Buyer,S-Seller</entry> * <entry lang="ru">B-Покупатель,S-Продавец</entry> * </attribute-display-choices> * <attribute-display-names> * <entry lang="uk">тип пользователя</entry> * <entry lang="en">Customer Type</entry> * </attribute-display-names> * <attribute-name>Customer Type</attribute-name> * </attribute> * </custom> * </register-form> * </code></pre> * </td></tr> * </table> * * <p> * * <p> * * @param request request * @param response response * @return registration data */ @RequestMapping( value = "/register", method = RequestMethod.GET, produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE}) public @ResponseBody RegisterFormRO register( final HttpServletRequest request, final HttpServletResponse response) { cartMixin.persistShoppingCart(request, response); final Shop shop = cartMixin.getCurrentShop(); final List<AttrValueCustomer> avs = customerServiceFacade.getShopRegistrationAttributes(shop); final RegisterFormRO formRO = new RegisterFormRO(); formRO.setCustom(mappingMixin.map(avs, AttrValueCustomerRO.class, AttrValueCustomer.class)); return formRO; }
/** * Interface: PUT /yes-api/rest/auth/register * * <p> * * <p>Register interface that allows to register user. The token for the authenticated cart is * returned back as response header and also as a cookie. * * <p> * * <p> * * <h3>Headers for operation</h3> * * <p> * * <table border="1"> * <tr><td>Content-Type</td><td>application/json or application/xml</td></tr> * <tr><td>Accept</td><td>application/json or application/xml</td></tr> * <tr><td>yc</td><td>token uuid (optional)</td></tr> * </table> * * <p> * * <p> * * <h3>Parameters for register PUT operation</h3> * * <p> * * <p> * * <p> * * <table border="1"> * <tr><td>JSON example:</td><td> * <pre><code> * { * "email" : "*****@*****.**", * "firstname" : "Bob", * "lastname" : "Doe", * "phone" : "123123123123", * "custom" : { * "attr1": "value1", * "attr2": "value2", * ... * "attrN": "valueN" * } * } * </code></pre> * </td></tr> * <tr><td>XML example:</td><td> * <pre><code> * <login> * <email>[email protected]</email> * <firstname>Bob</firstname> * <lastname>Doe</lastname> * <phone>123123123123</phone> * <custom> * <entry key="attr1">value1</entry> * <entry key="attr2">value2</entry> * ... * <entry key="attrN">valueN</entry> * </custom> * </login> * </code></pre> * </td></tr> * </table> * * <p> * * <p> * * <h3>Output</h3> * * <p> * * <table border="1"> * <tr><td>JSON example</td><td> * <pre><code> * { * "success" : true, * "greeting" : "Bob Doe", * "token" : { * "uuid" : "1db8def2-21e0-44d2-aeb0-56baae761129" * }, * "error" : null * } * </code></pre> * </td></tr> * <tr><td>XML example</td><td> * <pre><code> * <authentication-result> * <greeting>Bob Doe</greeting> * <success>true</success> * <token> * <uuid>1db8def2-21e0-44d2-aeb0-56baae761129</uuid> * </token> * </authentication-result> * </code></pre> * </td></tr> * </table> * * <p> * * <p> * * <h3>Error codes</h3> * * <p> * * <table border="1"> * <tr><td>EMAIL_FAILED</td><td>email must be more than 6 and less than 256 chars (^[_A-Za-z0-9-]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9-]+)*((\.[A-Za-z]{2,}){1}$)) </td></tr> * <tr><td>FIRSTNAME_FAILED</td><td>must be not blank</td></tr> * <tr><td>LASTNAME_FAILED</td><td>must be not blank</td></tr> * <tr><td>PHONE_FAILED</td><td>phone must be more than 4 and less than 13 chars</td></tr> * <tr><td>[ATTRIBUTE CODE]:FAILED</td><td> * E.g. CUSTOMERTYPE_FAILED denoting that mandatory value was missing (could also happen if regex fails but there is no * validation message specified on the {@link org.yes.cart.domain.entity.Attribute#getValidationFailedMessage()}) * </td></tr> * <tr><td>[ATTRIBUTE CODE]:FAILED:[Message]</td><td> * E.g. "CUSTOMERTYPE:FAILED:Please choose either Buyer or Seller (UK)" denoting that regex test failed. * RegEx and Message come from {@link org.yes.cart.domain.entity.Attribute#getRegexp()} and * {@link org.yes.cart.domain.entity.Attribute#getValidationFailedMessage()} respectively * </td></tr> * <tr><td>USER_FAILED</td><td>email must not be already registered</td></tr> * </table> * * @param registerRO register parameters (see examples above) * @param request request * @param response response * @return authentication result */ @RequestMapping( value = "/register", method = RequestMethod.PUT, produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE}, consumes = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE}) public @ResponseBody AuthenticationResultRO register( final @RequestBody RegisterRO registerRO, final HttpServletRequest request, final HttpServletResponse response) { if (StringUtils.isBlank(registerRO.getEmail()) || registerRO.getEmail().length() < 6 || registerRO.getEmail().length() > 256 || !EMAIL.matcher(registerRO.getEmail()).matches()) { return new AuthenticationResultRO("EMAIL_FAILED"); } if (StringUtils.isBlank(registerRO.getFirstname())) { return new AuthenticationResultRO("FIRSTNAME_FAILED"); } if (StringUtils.isBlank(registerRO.getLastname())) { return new AuthenticationResultRO("LASTNAME_FAILED"); } if (StringUtils.isBlank(registerRO.getPhone()) || registerRO.getPhone().length() < 4 || registerRO.getPhone().length() > 13) { return new AuthenticationResultRO("PHONE_FAILED"); } if (customerServiceFacade.isCustomerRegistered(registerRO.getEmail())) { return new AuthenticationResultRO("USER_FAILED"); } final ShoppingCart cart = cartMixin.getCurrentCart(); final Shop shop = cartMixin.getCurrentShop(); final Map<String, Object> data = new HashMap<String, Object>(); if (registerRO.getCustom() != null) { for (final AttrValueCustomer av : customerServiceFacade.getShopRegistrationAttributes(shop)) { final Attribute attr = av.getAttribute(); final String value = registerRO.getCustom().get(attr.getCode()); if (attr.isMandatory() && StringUtils.isBlank(value)) { return new AuthenticationResultRO(attr.getCode() + ":FAILED"); } else if (StringUtils.isNotBlank(attr.getRegexp()) && !Pattern.compile(attr.getRegexp()).matcher(value).matches()) { final String regexError = new FailoverStringI18NModel(attr.getValidationFailedMessage(), null) .getValue(cart.getCurrentLocale()); if (StringUtils.isBlank(regexError)) { return new AuthenticationResultRO(attr.getCode() + ":FAILED"); } return new AuthenticationResultRO(attr.getCode() + ":FAILED:" + regexError); } else { data.put(attr.getCode(), value); } } } data.put("firstname", registerRO.getFirstname()); data.put("lastname", registerRO.getLastname()); data.put("phone", registerRO.getPhone()); final String password = customerServiceFacade.registerCustomer(shop, registerRO.getEmail(), data); final LoginRO loginRO = new LoginRO(); loginRO.setUsername(registerRO.getEmail()); loginRO.setPassword(password); return login(loginRO, request, response); }
/** * Construct page. * * @param params page parameters */ public WishListPage(final PageParameters params) { super(params); final String email; final Customer customer; final String publicKey; final String key = params.get("token").toString(); final String tag = params.get("tag").toString(); if (StringUtils.isBlank(key)) { // Trying to view own wish list final ShoppingCart cart = ApplicationDirector.getShoppingCart(); if (cart.getLogonState() == ShoppingCart.LOGGED_IN && ((AuthenticatedWebSession) getSession()).isSignedIn()) { email = cart.getCustomerEmail(); customer = customerServiceFacade.getCustomerByEmail(ApplicationDirector.getCurrentShop(), email); publicKey = customerServiceFacade.getCustomerPublicKey(customer); } else { email = ""; customer = null; publicKey = null; // Redirect away from profile! final PageParameters rparams = new PageParameters(); rparams.set(ShoppingCartCommand.CMD_LOGOUT, ShoppingCartCommand.CMD_LOGOUT); setResponsePage(Application.get().getHomePage(), rparams); } } else { publicKey = null; customer = customerServiceFacade.getCustomerByPublicKey(key); if (customer == null) { info(getLocalizer().getString("wishListNotFound", this)); email = ""; } else { email = customer.getEmail(); } } add(new FeedbackPanel(FEEDBACK)); add( new WishListView( WISHLIST_PANEL, new Model<String>(email), new Model<String>(CustomerWishList.SIMPLE_WISH_ITEM), new Model<String>(tag)) .setVisible(customer != null) .add(new AttributeModifier("data-publickey", publicKey))); add(new StandardFooter(FOOTER)); add(new StandardHeader(HEADER)); add(new ServerSideJs("serverSideJs")); add(new HeaderMetaInclude("headerInclude")); if (StringUtils.isNotBlank(publicKey)) { String content = contentServiceFacade.getContentBody( "profile_wishlist_owner_include", ShopCodeContext.getShopId(), getLocale().getLanguage()); add(new Label("wishListOwnerInfo", content).setEscapeModelStrings(false)); add(new Label("wishListViewerInfo", "")); } else { String content = contentServiceFacade.getContentBody( "profile_wishlist_viewer_include", ShopCodeContext.getShopId(), getLocale().getLanguage()); add(new Label("wishListOwnerInfo", "")); add(new Label("wishListViewerInfo", content).setEscapeModelStrings(false)); } }