/**
* Interface: POST /yes-api/rest/auth/resetpassword
*
* <p>
*
* <p>Reset password interface that allows to request password to be reset and reset it. Password
* reset is a two step process. First step is to provide valid email of registered customer and
* generate authToken. Second step is to use authToken in order to confirm password reset.
*
* <p>
*
* <p>
*
* <h3>Headers for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>Accept</td><td>application/json or application/xml</td></tr>
* <tr><td>yc</td><td>token uuid (optional)</td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Parameters for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>email</td><td>
* E-mail of a registered customer. Supplying this parameter will trigger an email
* with authToken.
* </td></tr>
* <tr><td>authToken</td><td>
* E-mail of a registered customer. Supplying this parameter will trigger an
* email with new password.
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Output</h3>
*
* <p>
*
* <p>Output that does not have error code indicates successful processing.
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "success" : false,
* "greeting" : null,
* "token" : null,
* "error" : null
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <authentication-result>
* <greeting/>
* <success>false</success>
* <token/>
* </authentication-result>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Error codes</h3>
*
* <p>
*
* <table border="1">
* <tr><td>INVALID_PARAMETERS</td><td>if either "email" or "authToken" was not sent</td></tr>
* <tr><td>INVALID_TOKEN</td><td>Supplied authToken is not valid or expired</td></tr>
* <tr><td>INVALID_EMAIL</td><td>Supplied email does not belong to a registered customer</td></tr>
* </table>
*
* @param request request
* @param response response
* @return authentication result
*/
@RequestMapping(
value = "/resetpassword",
method = RequestMethod.POST,
produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE})
public @ResponseBody AuthenticationResultRO resetPassword(
@RequestParam(value = "email", required = false) final String email,
@RequestParam(value = "authToken", required = false) final String authToken,
final HttpServletRequest request,
final HttpServletResponse response) {
cartMixin.persistShoppingCart(request, response);
if (StringUtils.isNotBlank(authToken)) {
if (executePasswordResetCommand(authToken)) {
return new AuthenticationResultRO();
}
return new AuthenticationResultRO("INVALID_TOKEN");
} else if (StringUtils.isNotBlank(email)) {
final Shop shop = cartMixin.getCurrentShop();
final Customer customer = customerServiceFacade.getCustomerByEmail(email);
if (customer == null) {
return new AuthenticationResultRO("INVALID_EMAIL");
}
customerServiceFacade.resetPassword(shop, customer);
return new AuthenticationResultRO();
}
return new AuthenticationResultRO("INVALID_PARAMETERS");
}
/**
* Interface: PUT /yes-api/rest/auth/login
*
* <p>
*
* <p>Login interface that allows to authenticate user cart. The token for the authenticated cart
* is returned back as response header and also as a cookie.
*
* <p>
*
* <p>
*
* <h3>Headers for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>Content-Type</td><td>application/json or application/xml</td></tr>
* <tr><td>Accept</td><td>application/json or application/xml</td></tr>
* <tr><td>yc</td><td>token uuid (optional)</td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Parameters for login PUT operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "username": "******",
* "password": "******",
* "activate": true
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <login>
* <username>[email protected]</username>
* <password>bBuyM-6-</password>
* <activate>true</activate>
* </login>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Output</h3>
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "success" : true,
* "greeting" : "Bob Doe",
* "token" : {
* "uuid" : "1db8def2-21e0-44d2-aeb0-56baae761129"
* },
* "error" : null
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <authentication-result>
* <greeting>Bob Doe</greeting>
* <success>true</success>
* <token>
* <uuid>1db8def2-21e0-44d2-aeb0-56baae761129</uuid>
* </token>
* </authentication-result>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Error codes</h3>
*
* <p>
*
* <table border="1">
* <tr><td>USER_FAILED</td><td>user does not exist</td></tr>
* <tr><td>AUTH_FAILED</td><td>user exists but credentials are not valid</td></tr>
* <tr><td>INACTIVE_FOR_SHOP</td><td>user exists but profile is active for given shop, use activate=true to force activation on login</td></tr>
* </table>
*
* @param loginRO login parameters (see examples above)
* @param request request
* @param response response
* @return authentication result
*/
@RequestMapping(
value = "/login",
method = RequestMethod.PUT,
produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE})
public @ResponseBody AuthenticationResultRO login(
final @RequestBody LoginRO loginRO,
final HttpServletRequest request,
final HttpServletResponse response) {
final Customer customer = customerServiceFacade.getCustomerByEmail(loginRO.getUsername());
if (customer != null) {
do {
executeLoginCommand(loginRO.getUsername(), loginRO.getPassword());
final TokenRO token = cartMixin.persistShoppingCart(request, response);
ShoppingCart cart = cartMixin.getCurrentCart();
final int logOnState = cart.getLogonState();
if (logOnState == ShoppingCart.LOGGED_IN) {
return new AuthenticationResultRO(cart.getCustomerName(), token);
} else if (logOnState == ShoppingCart.INACTIVE_FOR_SHOP) {
if (loginRO.isActivate()) {
// Login again with inactive state adds customer to shop
continue;
}
return new AuthenticationResultRO("INACTIVE_FOR_SHOP");
} else {
// any other state should break to AUTH_FAILED
break;
}
} while (true);
return new AuthenticationResultRO("AUTH_FAILED");
}
return new AuthenticationResultRO("USER_FAILED");
}
/**
* Interface: GET /yes-api/rest/auth/register
*
* <p>
*
* <p>Interface to list all attributes required for registration
*
* <p>
*
* <p>
*
* <h3>Headers for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>Content-Type</td><td>application/json or application/xml</td></tr>
* <tr><td>Accept</td><td>application/json or application/xml</td></tr>
* <tr><td>yc</td><td>token uuid (optional)</td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Parameters for register GET operation</h3>
*
* <p>
*
* <p>NONE
*
* <p>
*
* <h3>Output</h3>
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "phone" : null,
* "custom" : [
* {
* "attrvalueId" : 0,
* "val" : null,
* "displayVals" : null,
* "attributeName" : "Marketing Opt in",
* "attributeId" : 11051,
* "attributeDisplayNames" : {},
* "attributeDisplayChoices" : {},
* "customerId" : 0
* },
* {
* "attrvalueId" : 0,
* "val" : null,
* "displayVals" : null,
* "attributeName" : "Customer Type",
* "attributeId" : 1611,
* "attributeDisplayNames" : {
* "uk" : "тип пользователя",
* "en" : "Customer Type"
* },
* "attributeDisplayChoices" : {
* "uk" : "B-Покупатель,S-Продавец",
* "ru" : "B-Покупатель,S-Продавец",
* "en" : "B-Buyer,S-Seller"
* },
* "customerId" : 0
* }
* ],
* "lastname" : null,
* "firstname" : null,
* "email" : null
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <register-form>
* <custom>
* <attribute attribute-id="11051" attrvalue-id="0" customer-id="0">
* <attribute-display-choices/>
* <attribute-display-names/>
* <attribute-name>Marketing Opt in</attribute-name>
* </attribute>
* <attribute attribute-id="1611" attrvalue-id="0" customer-id="0">
* <attribute-display-choices>
* <entry lang="uk">B-Покупатель,S-Продавец</entry>
* <entry lang="en">B-Buyer,S-Seller</entry>
* <entry lang="ru">B-Покупатель,S-Продавец</entry>
* </attribute-display-choices>
* <attribute-display-names>
* <entry lang="uk">тип пользователя</entry>
* <entry lang="en">Customer Type</entry>
* </attribute-display-names>
* <attribute-name>Customer Type</attribute-name>
* </attribute>
* </custom>
* </register-form>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* @param request request
* @param response response
* @return registration data
*/
@RequestMapping(
value = "/register",
method = RequestMethod.GET,
produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE})
public @ResponseBody RegisterFormRO register(
final HttpServletRequest request, final HttpServletResponse response) {
cartMixin.persistShoppingCart(request, response);
final Shop shop = cartMixin.getCurrentShop();
final List<AttrValueCustomer> avs = customerServiceFacade.getShopRegistrationAttributes(shop);
final RegisterFormRO formRO = new RegisterFormRO();
formRO.setCustom(mappingMixin.map(avs, AttrValueCustomerRO.class, AttrValueCustomer.class));
return formRO;
}
/**
* Interface: PUT /yes-api/rest/auth/register
*
* <p>
*
* <p>Register interface that allows to register user. The token for the authenticated cart is
* returned back as response header and also as a cookie.
*
* <p>
*
* <p>
*
* <h3>Headers for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>Content-Type</td><td>application/json or application/xml</td></tr>
* <tr><td>Accept</td><td>application/json or application/xml</td></tr>
* <tr><td>yc</td><td>token uuid (optional)</td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Parameters for register PUT operation</h3>
*
* <p>
*
* <p>
*
* <p>
*
* <table border="1">
* <tr><td>JSON example:</td><td>
* <pre><code>
* {
* "email" : "*****@*****.**",
* "firstname" : "Bob",
* "lastname" : "Doe",
* "phone" : "123123123123",
* "custom" : {
* "attr1": "value1",
* "attr2": "value2",
* ...
* "attrN": "valueN"
* }
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example:</td><td>
* <pre><code>
* <login>
* <email>[email protected]</email>
* <firstname>Bob</firstname>
* <lastname>Doe</lastname>
* <phone>123123123123</phone>
* <custom>
* <entry key="attr1">value1</entry>
* <entry key="attr2">value2</entry>
* ...
* <entry key="attrN">valueN</entry>
* </custom>
* </login>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Output</h3>
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "success" : true,
* "greeting" : "Bob Doe",
* "token" : {
* "uuid" : "1db8def2-21e0-44d2-aeb0-56baae761129"
* },
* "error" : null
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <authentication-result>
* <greeting>Bob Doe</greeting>
* <success>true</success>
* <token>
* <uuid>1db8def2-21e0-44d2-aeb0-56baae761129</uuid>
* </token>
* </authentication-result>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Error codes</h3>
*
* <p>
*
* <table border="1">
* <tr><td>EMAIL_FAILED</td><td>email must be more than 6 and less than 256 chars (^[_A-Za-z0-9-]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9-]+)*((\.[A-Za-z]{2,}){1}$)) </td></tr>
* <tr><td>FIRSTNAME_FAILED</td><td>must be not blank</td></tr>
* <tr><td>LASTNAME_FAILED</td><td>must be not blank</td></tr>
* <tr><td>PHONE_FAILED</td><td>phone must be more than 4 and less than 13 chars</td></tr>
* <tr><td>[ATTRIBUTE CODE]:FAILED</td><td>
* E.g. CUSTOMERTYPE_FAILED denoting that mandatory value was missing (could also happen if regex fails but there is no
* validation message specified on the {@link org.yes.cart.domain.entity.Attribute#getValidationFailedMessage()})
* </td></tr>
* <tr><td>[ATTRIBUTE CODE]:FAILED:[Message]</td><td>
* E.g. "CUSTOMERTYPE:FAILED:Please choose either Buyer or Seller (UK)" denoting that regex test failed.
* RegEx and Message come from {@link org.yes.cart.domain.entity.Attribute#getRegexp()} and
* {@link org.yes.cart.domain.entity.Attribute#getValidationFailedMessage()} respectively
* </td></tr>
* <tr><td>USER_FAILED</td><td>email must not be already registered</td></tr>
* </table>
*
* @param registerRO register parameters (see examples above)
* @param request request
* @param response response
* @return authentication result
*/
@RequestMapping(
value = "/register",
method = RequestMethod.PUT,
produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE},
consumes = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE})
public @ResponseBody AuthenticationResultRO register(
final @RequestBody RegisterRO registerRO,
final HttpServletRequest request,
final HttpServletResponse response) {
if (StringUtils.isBlank(registerRO.getEmail())
|| registerRO.getEmail().length() < 6
|| registerRO.getEmail().length() > 256
|| !EMAIL.matcher(registerRO.getEmail()).matches()) {
return new AuthenticationResultRO("EMAIL_FAILED");
}
if (StringUtils.isBlank(registerRO.getFirstname())) {
return new AuthenticationResultRO("FIRSTNAME_FAILED");
}
if (StringUtils.isBlank(registerRO.getLastname())) {
return new AuthenticationResultRO("LASTNAME_FAILED");
}
if (StringUtils.isBlank(registerRO.getPhone())
|| registerRO.getPhone().length() < 4
|| registerRO.getPhone().length() > 13) {
return new AuthenticationResultRO("PHONE_FAILED");
}
if (customerServiceFacade.isCustomerRegistered(registerRO.getEmail())) {
return new AuthenticationResultRO("USER_FAILED");
}
final ShoppingCart cart = cartMixin.getCurrentCart();
final Shop shop = cartMixin.getCurrentShop();
final Map<String, Object> data = new HashMap<String, Object>();
if (registerRO.getCustom() != null) {
for (final AttrValueCustomer av : customerServiceFacade.getShopRegistrationAttributes(shop)) {
final Attribute attr = av.getAttribute();
final String value = registerRO.getCustom().get(attr.getCode());
if (attr.isMandatory() && StringUtils.isBlank(value)) {
return new AuthenticationResultRO(attr.getCode() + ":FAILED");
} else if (StringUtils.isNotBlank(attr.getRegexp())
&& !Pattern.compile(attr.getRegexp()).matcher(value).matches()) {
final String regexError =
new FailoverStringI18NModel(attr.getValidationFailedMessage(), null)
.getValue(cart.getCurrentLocale());
if (StringUtils.isBlank(regexError)) {
return new AuthenticationResultRO(attr.getCode() + ":FAILED");
}
return new AuthenticationResultRO(attr.getCode() + ":FAILED:" + regexError);
} else {
data.put(attr.getCode(), value);
}
}
}
data.put("firstname", registerRO.getFirstname());
data.put("lastname", registerRO.getLastname());
data.put("phone", registerRO.getPhone());
final String password =
customerServiceFacade.registerCustomer(shop, registerRO.getEmail(), data);
final LoginRO loginRO = new LoginRO();
loginRO.setUsername(registerRO.getEmail());
loginRO.setPassword(password);
return login(loginRO, request, response);
}
/**
* Construct page.
*
* @param params page parameters
*/
public WishListPage(final PageParameters params) {
super(params);
final String email;
final Customer customer;
final String publicKey;
final String key = params.get("token").toString();
final String tag = params.get("tag").toString();
if (StringUtils.isBlank(key)) {
// Trying to view own wish list
final ShoppingCart cart = ApplicationDirector.getShoppingCart();
if (cart.getLogonState() == ShoppingCart.LOGGED_IN
&& ((AuthenticatedWebSession) getSession()).isSignedIn()) {
email = cart.getCustomerEmail();
customer =
customerServiceFacade.getCustomerByEmail(ApplicationDirector.getCurrentShop(), email);
publicKey = customerServiceFacade.getCustomerPublicKey(customer);
} else {
email = "";
customer = null;
publicKey = null;
// Redirect away from profile!
final PageParameters rparams = new PageParameters();
rparams.set(ShoppingCartCommand.CMD_LOGOUT, ShoppingCartCommand.CMD_LOGOUT);
setResponsePage(Application.get().getHomePage(), rparams);
}
} else {
publicKey = null;
customer = customerServiceFacade.getCustomerByPublicKey(key);
if (customer == null) {
info(getLocalizer().getString("wishListNotFound", this));
email = "";
} else {
email = customer.getEmail();
}
}
add(new FeedbackPanel(FEEDBACK));
add(
new WishListView(
WISHLIST_PANEL,
new Model<String>(email),
new Model<String>(CustomerWishList.SIMPLE_WISH_ITEM),
new Model<String>(tag))
.setVisible(customer != null)
.add(new AttributeModifier("data-publickey", publicKey)));
add(new StandardFooter(FOOTER));
add(new StandardHeader(HEADER));
add(new ServerSideJs("serverSideJs"));
add(new HeaderMetaInclude("headerInclude"));
if (StringUtils.isNotBlank(publicKey)) {
String content =
contentServiceFacade.getContentBody(
"profile_wishlist_owner_include",
ShopCodeContext.getShopId(),
getLocale().getLanguage());
add(new Label("wishListOwnerInfo", content).setEscapeModelStrings(false));
add(new Label("wishListViewerInfo", ""));
} else {
String content =
contentServiceFacade.getContentBody(
"profile_wishlist_viewer_include",
ShopCodeContext.getShopId(),
getLocale().getLanguage());
add(new Label("wishListOwnerInfo", ""));
add(new Label("wishListViewerInfo", content).setEscapeModelStrings(false));
}
}
