@Override
  protected void onLoginSuccess(
      HttpServletRequest request,
      HttpServletResponse response,
      Authentication successfulAuthentication) {
    String login = successfulAuthentication.getName();

    log.debug("Creating new persistent login for user {}", login);
    PersistentToken token =
        userRepository
            .findOneByLogin(login)
            .map(
                u -> {
                  PersistentToken t = new PersistentToken();
                  t.setSeries(generateSeriesData());
                  t.setUser(u);
                  t.setTokenValue(generateTokenData());
                  t.setTokenDate(new LocalDate());
                  t.setIpAddress(request.getRemoteAddr());
                  t.setUserAgent(request.getHeader("User-Agent"));
                  return t;
                })
            .orElseThrow(
                () ->
                    new UsernameNotFoundException(
                        "User " + login + " was not found in the database"));
    try {
      persistentTokenRepository.saveAndFlush(token);
      addCookie(token, request, response);
    } catch (DataAccessException e) {
      log.error("Failed to save persistent token ", e);
    }
  }
Exemplo n.º 2
0
  /** POST /register -> register the user. */
  @RequestMapping(
      value = "/register",
      method = RequestMethod.POST,
      produces = MediaType.TEXT_PLAIN_VALUE)
  @Timed
  public ResponseEntity<?> registerAccount(
      @Valid @RequestBody UserDTO userDTO, HttpServletRequest request) {
    return userRepository
        .findOneByLogin(userDTO.getLogin())
        .map(user -> new ResponseEntity<>("login already in use", HttpStatus.BAD_REQUEST))
        .orElseGet(
            () ->
                userRepository
                    .findOneByEmail(userDTO.getEmail())
                    .map(
                        user ->
                            new ResponseEntity<>(
                                "e-mail address already in use", HttpStatus.BAD_REQUEST))
                    .orElseGet(
                        () -> {
                          User user =
                              userService.createUserInformation(
                                  userDTO.getLogin(),
                                  userDTO.getPassword(),
                                  userDTO.getFirstName(),
                                  userDTO.getLastName(),
                                  userDTO.getEmail().toLowerCase(),
                                  userDTO.getLangKey());
                          String baseUrl =
                              request.getScheme()
                                  + // "http"
                                  "://"
                                  + // "://"
                                  request.getServerName()
                                  + // "myhost"
                                  ":"
                                  + // ":"
                                  request.getServerPort(); // "80"

                          mailService.sendActivationEmail(user, baseUrl);
                          return new ResponseEntity<>(HttpStatus.CREATED);
                        }));
  }
Exemplo n.º 3
0
 /** GET /account/sessions -> get the current open sessions. */
 @RequestMapping(
     value = "/account/sessions",
     method = RequestMethod.GET,
     produces = MediaType.APPLICATION_JSON_VALUE)
 @Timed
 public ResponseEntity<List<PersistentToken>> getCurrentSessions() {
   return userRepository
       .findOneByLogin(SecurityUtils.getCurrentLogin())
       .map(
           user -> new ResponseEntity<>(persistentTokenRepository.findByUser(user), HttpStatus.OK))
       .orElse(new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR));
 }
Exemplo n.º 4
0
 /** POST /account -> update the current user information. */
 @RequestMapping(
     value = "/account",
     method = RequestMethod.POST,
     produces = MediaType.APPLICATION_JSON_VALUE)
 @Timed
 public ResponseEntity<String> saveAccount(@RequestBody UserDTO userDTO) {
   return userRepository
       .findOneByLogin(userDTO.getLogin())
       .filter(u -> u.getLogin().equals(SecurityUtils.getCurrentLogin()))
       .map(
           u -> {
             userService.updateUserInformation(
                 userDTO.getFirstName(), userDTO.getLastName(), userDTO.getEmail());
             return new ResponseEntity<String>(HttpStatus.OK);
           })
       .orElseGet(() -> new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR));
 }
Exemplo n.º 5
0
 /**
  * DELETE /account/sessions?series={series} -> invalidate an existing session.
  *
  * <p>- You can only delete your own sessions, not any other user's session - If you delete one of
  * your existing sessions, and that you are currently logged in on that session, you will still be
  * able to use that session, until you quit your browser: it does not work in real time (there is
  * no API for that), it only removes the "remember me" cookie - This is also true if you
  * invalidate your current session: you will still be able to use it until you close your browser
  * or that the session times out. But automatic login (the "remember me" cookie) will not work
  * anymore. There is an API to invalidate the current session, but there is no API to check which
  * session uses which cookie.
  */
 @RequestMapping(value = "/account/sessions/{series}", method = RequestMethod.DELETE)
 @Timed
 public void invalidateSession(@PathVariable String series) throws UnsupportedEncodingException {
   String decodedSeries = URLDecoder.decode(series, "UTF-8");
   userRepository
       .findOneByLogin(SecurityUtils.getCurrentLogin())
       .ifPresent(
           u -> {
             persistentTokenRepository
                 .findByUser(u)
                 .stream()
                 .filter(
                     persistentToken ->
                         StringUtils.equals(persistentToken.getSeries(), decodedSeries))
                 .findAny()
                 .ifPresent(t -> persistentTokenRepository.delete(decodedSeries));
           });
 }