/**
* Interface: POST /yes-api/rest/auth/resetpassword
*
* <p>
*
* <p>Reset password interface that allows to request password to be reset and reset it. Password
* reset is a two step process. First step is to provide valid email of registered customer and
* generate authToken. Second step is to use authToken in order to confirm password reset.
*
* <p>
*
* <p>
*
* <h3>Headers for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>Accept</td><td>application/json or application/xml</td></tr>
* <tr><td>yc</td><td>token uuid (optional)</td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Parameters for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>email</td><td>
* E-mail of a registered customer. Supplying this parameter will trigger an email
* with authToken.
* </td></tr>
* <tr><td>authToken</td><td>
* E-mail of a registered customer. Supplying this parameter will trigger an
* email with new password.
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Output</h3>
*
* <p>
*
* <p>Output that does not have error code indicates successful processing.
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "success" : false,
* "greeting" : null,
* "token" : null,
* "error" : null
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <authentication-result>
* <greeting/>
* <success>false</success>
* <token/>
* </authentication-result>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Error codes</h3>
*
* <p>
*
* <table border="1">
* <tr><td>INVALID_PARAMETERS</td><td>if either "email" or "authToken" was not sent</td></tr>
* <tr><td>INVALID_TOKEN</td><td>Supplied authToken is not valid or expired</td></tr>
* <tr><td>INVALID_EMAIL</td><td>Supplied email does not belong to a registered customer</td></tr>
* </table>
*
* @param request request
* @param response response
* @return authentication result
*/
@RequestMapping(
value = "/resetpassword",
method = RequestMethod.POST,
produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE})
public @ResponseBody AuthenticationResultRO resetPassword(
@RequestParam(value = "email", required = false) final String email,
@RequestParam(value = "authToken", required = false) final String authToken,
final HttpServletRequest request,
final HttpServletResponse response) {
cartMixin.persistShoppingCart(request, response);
if (StringUtils.isNotBlank(authToken)) {
if (executePasswordResetCommand(authToken)) {
return new AuthenticationResultRO();
}
return new AuthenticationResultRO("INVALID_TOKEN");
} else if (StringUtils.isNotBlank(email)) {
final Shop shop = cartMixin.getCurrentShop();
final Customer customer = customerServiceFacade.getCustomerByEmail(email);
if (customer == null) {
return new AuthenticationResultRO("INVALID_EMAIL");
}
customerServiceFacade.resetPassword(shop, customer);
return new AuthenticationResultRO();
}
return new AuthenticationResultRO("INVALID_PARAMETERS");
}
/**
* Interface: PUT /yes-api/rest/auth/login
*
* <p>
*
* <p>Login interface that allows to authenticate user cart. The token for the authenticated cart
* is returned back as response header and also as a cookie.
*
* <p>
*
* <p>
*
* <h3>Headers for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>Content-Type</td><td>application/json or application/xml</td></tr>
* <tr><td>Accept</td><td>application/json or application/xml</td></tr>
* <tr><td>yc</td><td>token uuid (optional)</td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Parameters for login PUT operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "username": "******",
* "password": "******",
* "activate": true
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <login>
* <username>[email protected]</username>
* <password>bBuyM-6-</password>
* <activate>true</activate>
* </login>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Output</h3>
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "success" : true,
* "greeting" : "Bob Doe",
* "token" : {
* "uuid" : "1db8def2-21e0-44d2-aeb0-56baae761129"
* },
* "error" : null
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <authentication-result>
* <greeting>Bob Doe</greeting>
* <success>true</success>
* <token>
* <uuid>1db8def2-21e0-44d2-aeb0-56baae761129</uuid>
* </token>
* </authentication-result>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Error codes</h3>
*
* <p>
*
* <table border="1">
* <tr><td>USER_FAILED</td><td>user does not exist</td></tr>
* <tr><td>AUTH_FAILED</td><td>user exists but credentials are not valid</td></tr>
* <tr><td>INACTIVE_FOR_SHOP</td><td>user exists but profile is active for given shop, use activate=true to force activation on login</td></tr>
* </table>
*
* @param loginRO login parameters (see examples above)
* @param request request
* @param response response
* @return authentication result
*/
@RequestMapping(
value = "/login",
method = RequestMethod.PUT,
produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE})
public @ResponseBody AuthenticationResultRO login(
final @RequestBody LoginRO loginRO,
final HttpServletRequest request,
final HttpServletResponse response) {
final Customer customer = customerServiceFacade.getCustomerByEmail(loginRO.getUsername());
if (customer != null) {
do {
executeLoginCommand(loginRO.getUsername(), loginRO.getPassword());
final TokenRO token = cartMixin.persistShoppingCart(request, response);
ShoppingCart cart = cartMixin.getCurrentCart();
final int logOnState = cart.getLogonState();
if (logOnState == ShoppingCart.LOGGED_IN) {
return new AuthenticationResultRO(cart.getCustomerName(), token);
} else if (logOnState == ShoppingCart.INACTIVE_FOR_SHOP) {
if (loginRO.isActivate()) {
// Login again with inactive state adds customer to shop
continue;
}
return new AuthenticationResultRO("INACTIVE_FOR_SHOP");
} else {
// any other state should break to AUTH_FAILED
break;
}
} while (true);
return new AuthenticationResultRO("AUTH_FAILED");
}
return new AuthenticationResultRO("USER_FAILED");
}
/**
* Construct page.
*
* @param params page parameters
*/
public WishListPage(final PageParameters params) {
super(params);
final String email;
final Customer customer;
final String publicKey;
final String key = params.get("token").toString();
final String tag = params.get("tag").toString();
if (StringUtils.isBlank(key)) {
// Trying to view own wish list
final ShoppingCart cart = ApplicationDirector.getShoppingCart();
if (cart.getLogonState() == ShoppingCart.LOGGED_IN
&& ((AuthenticatedWebSession) getSession()).isSignedIn()) {
email = cart.getCustomerEmail();
customer =
customerServiceFacade.getCustomerByEmail(ApplicationDirector.getCurrentShop(), email);
publicKey = customerServiceFacade.getCustomerPublicKey(customer);
} else {
email = "";
customer = null;
publicKey = null;
// Redirect away from profile!
final PageParameters rparams = new PageParameters();
rparams.set(ShoppingCartCommand.CMD_LOGOUT, ShoppingCartCommand.CMD_LOGOUT);
setResponsePage(Application.get().getHomePage(), rparams);
}
} else {
publicKey = null;
customer = customerServiceFacade.getCustomerByPublicKey(key);
if (customer == null) {
info(getLocalizer().getString("wishListNotFound", this));
email = "";
} else {
email = customer.getEmail();
}
}
add(new FeedbackPanel(FEEDBACK));
add(
new WishListView(
WISHLIST_PANEL,
new Model<String>(email),
new Model<String>(CustomerWishList.SIMPLE_WISH_ITEM),
new Model<String>(tag))
.setVisible(customer != null)
.add(new AttributeModifier("data-publickey", publicKey)));
add(new StandardFooter(FOOTER));
add(new StandardHeader(HEADER));
add(new ServerSideJs("serverSideJs"));
add(new HeaderMetaInclude("headerInclude"));
if (StringUtils.isNotBlank(publicKey)) {
String content =
contentServiceFacade.getContentBody(
"profile_wishlist_owner_include",
ShopCodeContext.getShopId(),
getLocale().getLanguage());
add(new Label("wishListOwnerInfo", content).setEscapeModelStrings(false));
add(new Label("wishListViewerInfo", ""));
} else {
String content =
contentServiceFacade.getContentBody(
"profile_wishlist_viewer_include",
ShopCodeContext.getShopId(),
getLocale().getLanguage());
add(new Label("wishListOwnerInfo", ""));
add(new Label("wishListViewerInfo", content).setEscapeModelStrings(false));
}
}
