/** POST /register -> register the user. */ @RequestMapping( value = "/register", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE) @Timed public ResponseEntity<?> registerAccount( @Valid @RequestBody UserDTO userDTO, HttpServletRequest request) { return userRepository .findOneByLogin(userDTO.getLogin()) .map(user -> new ResponseEntity<>("login already in use", HttpStatus.BAD_REQUEST)) .orElseGet( () -> userRepository .findOneByEmail(userDTO.getEmail()) .map( user -> new ResponseEntity<>( "e-mail address already in use", HttpStatus.BAD_REQUEST)) .orElseGet( () -> { User user = userService.createUserInformation( userDTO.getLogin(), userDTO.getPassword(), userDTO.getFirstName(), userDTO.getLastName(), userDTO.getEmail().toLowerCase(), userDTO.getLangKey()); String baseUrl = request.getScheme() + // "http" "://" + // "://" request.getServerName() + // "myhost" ":" + // ":" request.getServerPort() + // "80" request.getContextPath(); // "/myContextPath" or "" if deployed in // root context mailService.sendActivationEmail(user, baseUrl); return new ResponseEntity<>(HttpStatus.CREATED); })); }
/** GET /account/sessions -> get the current open sessions. */ @RequestMapping( value = "/account/sessions", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) @Timed public ResponseEntity<List<PersistentToken>> getCurrentSessions() { return userRepository .findOneByLogin(SecurityUtils.getCurrentUser().getUsername()) .map( user -> new ResponseEntity<>(persistentTokenRepository.findByUser(user), HttpStatus.OK)) .orElse(new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR)); }
/** * DELETE /account/sessions?series={series} -> invalidate an existing session. * * <p>- You can only delete your own sessions, not any other user's session - If you delete one of * your existing sessions, and that you are currently logged in on that session, you will still be * able to use that session, until you quit your browser: it does not work in real time (there is * no API for that), it only removes the "remember me" cookie - This is also true if you * invalidate your current session: you will still be able to use it until you close your browser * or that the session times out. But automatic login (the "remember me" cookie) will not work * anymore. There is an API to invalidate the current session, but there is no API to check which * session uses which cookie. */ @RequestMapping(value = "/account/sessions/{series}", method = RequestMethod.DELETE) @Timed public void invalidateSession(@PathVariable String series) throws UnsupportedEncodingException { String decodedSeries = URLDecoder.decode(series, "UTF-8"); userRepository .findOneByLogin(SecurityUtils.getCurrentUser().getUsername()) .ifPresent( u -> { persistentTokenRepository .findByUser(u) .stream() .filter( persistentToken -> StringUtils.equals(persistentToken.getSeries(), decodedSeries)) .findAny() .ifPresent(t -> persistentTokenRepository.delete(decodedSeries)); }); }
/** POST /account -> update the current user information. */ @RequestMapping( value = "/account", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) @Timed public ResponseEntity<String> saveAccount(@RequestBody UserDTO userDTO) { return userRepository .findOneByLogin(SecurityUtils.getCurrentUser().getUsername()) .map( u -> { userService.updateUserInformation( userDTO.getFirstName(), userDTO.getLastName(), userDTO.getEmail(), userDTO.getLangKey()); return new ResponseEntity<String>(HttpStatus.OK); }) .orElseGet(() -> new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR)); }