@Test
@Transactional
public void testRegisterAdminIsIgnored() throws Exception {
UserDTO u =
new UserDTO(
"badguy", // login
"password", // password
"Bad", // firstName
"Guy", // lastName
"*****@*****.**", // e-mail
true, // activated
"en", // langKey
new HashSet<>(
Arrays.asList(
AuthoritiesConstants.ADMIN)) // <-- only admin should be able to do that
);
restMvc
.perform(
post("/api/register")
.contentType(TestUtil.APPLICATION_JSON_UTF8)
.content(TestUtil.convertObjectToJsonBytes(u)))
.andExpect(status().isCreated());
Optional<User> userDup = userRepository.findOneByLogin("badguy");
assertThat(userDup.isPresent()).isTrue();
assertThat(userDup.get().getAuthorities())
.hasSize(1)
.containsExactly(authorityRepository.findOne(AuthoritiesConstants.USER));
}
@Override
protected void onLoginSuccess(
HttpServletRequest request,
HttpServletResponse response,
Authentication successfulAuthentication) {
String login = successfulAuthentication.getName();
log.debug("Creating new persistent login for user {}", login);
PersistentToken token =
userRepository
.findOneByLogin(login)
.map(
u -> {
PersistentToken t = new PersistentToken();
t.setSeries(generateSeriesData());
t.setUser(u);
t.setTokenValue(generateTokenData());
t.setTokenDate(LocalDate.now());
t.setIpAddress(request.getRemoteAddr());
t.setUserAgent(request.getHeader("User-Agent"));
return t;
})
.orElseThrow(
() ->
new UsernameNotFoundException(
"User " + login + " was not found in the database"));
try {
persistentTokenRepository.saveAndFlush(token);
addCookie(token, request, response);
} catch (DataAccessException e) {
log.error("Failed to save persistent token ", e);
}
}
/** POST /account -> update the current user information. */
@RequestMapping(
value = "/account",
method = RequestMethod.POST,
produces = MediaType.APPLICATION_JSON_VALUE)
@Timed
public ResponseEntity<String> saveAccount(@RequestBody UserDTO userDTO) {
Optional<User> existingUser = userRepository.findOneByEmail(userDTO.getEmail());
if (existingUser.isPresent()
&& (!existingUser.get().getLogin().equalsIgnoreCase(userDTO.getLogin()))) {
return ResponseEntity.badRequest()
.headers(
HeaderUtil.createFailureAlert(
"user-management", "emailexists", "Email already in use"))
.body(null);
}
return userRepository
.findOneByLogin(SecurityUtils.getCurrentUser().getUsername())
.map(
u -> {
userService.updateUserInformation(
userDTO.getFirstName(),
userDTO.getLastName(),
userDTO.getEmail(),
userDTO.getLangKey());
return new ResponseEntity<String>(HttpStatus.OK);
})
.orElseGet(() -> new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR));
}
public Optional<User> getUserWithAuthoritiesByLogin(String login) {
return userRepository
.findOneByLogin(login)
.map(
u -> {
u.getAuthorities().size();
return u;
});
}
public void deleteUserInformation(String login) {
userRepository
.findOneByLogin(login)
.ifPresent(
u -> {
userRepository.delete(u);
log.debug("Deleted User: {}", u);
});
}
public void changePassword(String password) {
userRepository
.findOneByLogin(SecurityUtils.getCurrentUserLogin())
.ifPresent(
u -> {
String encryptedPassword = passwordEncoder.encode(password);
u.setPassword(encryptedPassword);
userRepository.save(u);
log.debug("Changed password for User: {}", u);
});
}
/** GET /account/sessions -> get the current open sessions. */
@RequestMapping(
value = "/account/sessions",
method = RequestMethod.GET,
produces = MediaType.APPLICATION_JSON_VALUE)
@Timed
public ResponseEntity<List<PersistentToken>> getCurrentSessions() {
return userRepository
.findOneByLogin(SecurityUtils.getCurrentLogin())
.map(
user -> new ResponseEntity<>(persistentTokenRepository.findByUser(user), HttpStatus.OK))
.orElse(new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR));
}
public void updateUserInformation(
String firstName, String lastName, String email, String langKey) {
userRepository
.findOneByLogin(SecurityUtils.getCurrentLogin())
.ifPresent(
u -> {
u.setFirstName(firstName);
u.setLastName(lastName);
u.setEmail(email);
u.setLangKey(langKey);
userRepository.save(u);
log.debug("Changed Information for User: {}", u);
});
}
/** POST /register -> register the user. */
@RequestMapping(
value = "/register",
method = RequestMethod.POST,
produces = MediaType.TEXT_PLAIN_VALUE)
@Timed
public ResponseEntity<?> registerAccount(
@Valid @RequestBody UserDTO userDTO, HttpServletRequest request) {
return userRepository
.findOneByLogin(userDTO.getLogin())
.map(user -> new ResponseEntity<>("login already in use", HttpStatus.BAD_REQUEST))
.orElseGet(
() ->
userRepository
.findOneByEmail(userDTO.getEmail())
.map(
user ->
new ResponseEntity<>(
"e-mail address already in use", HttpStatus.BAD_REQUEST))
.orElseGet(
() -> {
User user =
userService.createUserInformation(
userDTO.getLogin(),
userDTO.getPassword(),
userDTO.getFirstName(),
userDTO.getLastName(),
userDTO.getEmail().toLowerCase(),
userDTO.getLangKey());
String baseUrl =
request.getScheme()
+ // "http"
"://"
+ // "://"
request.getServerName()
+ // "myhost"
":"
+ // ":"
request.getServerPort()
+ // "80"
request
.getContextPath(); // "/myContextPath" or "" if deployed in
// root context
mailService.sendActivationEmail(user, baseUrl);
return new ResponseEntity<>(HttpStatus.CREATED);
}));
}
@Test
@Transactional
public void testRegisterDuplicateEmail() throws Exception {
// Good
UserDTO u =
new UserDTO(
"john", // login
"password", // password
"John", // firstName
"Doe", // lastName
"*****@*****.**", // e-mail
true, // activated
"en", // langKey
new HashSet<>(Arrays.asList(AuthoritiesConstants.USER)));
// Duplicate e-mail, different login
UserDTO dup =
new UserDTO(
"johnjr",
u.getPassword(),
u.getLogin(),
u.getLastName(),
u.getEmail(),
true,
u.getLangKey(),
u.getAuthorities());
// Good user
restMvc
.perform(
post("/api/register")
.contentType(TestUtil.APPLICATION_JSON_UTF8)
.content(TestUtil.convertObjectToJsonBytes(u)))
.andExpect(status().isCreated());
// Duplicate e-mail
restMvc
.perform(
post("/api/register")
.contentType(TestUtil.APPLICATION_JSON_UTF8)
.content(TestUtil.convertObjectToJsonBytes(dup)))
.andExpect(status().is4xxClientError());
Optional<User> userDup = userRepository.findOneByLogin("johnjr");
assertThat(userDup.isPresent()).isFalse();
}
/**
* DELETE /account/sessions?series={series} -> invalidate an existing session.
*
* <p>- You can only delete your own sessions, not any other user's session - If you delete one of
* your existing sessions, and that you are currently logged in on that session, you will still be
* able to use that session, until you quit your browser: it does not work in real time (there is
* no API for that), it only removes the "remember me" cookie - This is also true if you
* invalidate your current session: you will still be able to use it until you close your browser
* or that the session times out. But automatic login (the "remember me" cookie) will not work
* anymore. There is an API to invalidate the current session, but there is no API to check which
* session uses which cookie.
*/
@RequestMapping(value = "/account/sessions/{series}", method = RequestMethod.DELETE)
@Timed
public void invalidateSession(@PathVariable String series) throws UnsupportedEncodingException {
String decodedSeries = URLDecoder.decode(series, "UTF-8");
userRepository
.findOneByLogin(SecurityUtils.getCurrentLogin())
.ifPresent(
u -> {
persistentTokenRepository
.findByUser(u)
.stream()
.filter(
persistentToken ->
StringUtils.equals(persistentToken.getSeries(), decodedSeries))
.findAny()
.ifPresent(t -> persistentTokenRepository.delete(decodedSeries));
});
}
/** POST /account -> update the current user information. */
@RequestMapping(
value = "/account",
method = RequestMethod.POST,
produces = MediaType.APPLICATION_JSON_VALUE)
@Timed
public ResponseEntity<String> saveAccount(@RequestBody UserDTO userDTO) {
return userRepository
.findOneByLogin(userDTO.getLogin())
.filter(u -> u.getLogin().equals(SecurityUtils.getCurrentLogin()))
.map(
u -> {
userService.updateUserInformation(
userDTO.getFirstName(),
userDTO.getLastName(),
userDTO.getEmail(),
userDTO.getLangKey());
return new ResponseEntity<String>(HttpStatus.OK);
})
.orElseGet(() -> new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR));
}
@Test
@Transactional
public void testRegisterInvalidEmail() throws Exception {
UserDTO u =
new UserDTO(
"bob", // login
"password", // password
"Bob", // firstName
"Green", // lastName
"invalid", // e-mail <-- invalid
true, // activated
"en", // langKey
new HashSet<>(Arrays.asList(AuthoritiesConstants.USER)));
restUserMockMvc
.perform(
post("/api/register")
.contentType(TestUtil.APPLICATION_JSON_UTF8)
.content(TestUtil.convertObjectToJsonBytes(u)))
.andExpect(status().isBadRequest());
Optional<User> user = userRepository.findOneByLogin("bob");
assertThat(user.isPresent()).isFalse();
}
@Test
@Transactional
public void testRegisterValid() throws Exception {
UserDTO u =
new UserDTO(
"joe", // login
"password", // password
"Joe", // firstName
"Shmoe", // lastName
"*****@*****.**", // e-mail
true, // activated
"en", // langKey
new HashSet<>(Arrays.asList(AuthoritiesConstants.USER)));
restMvc
.perform(
post("/api/register")
.contentType(TestUtil.APPLICATION_JSON_UTF8)
.content(TestUtil.convertObjectToJsonBytes(u)))
.andExpect(status().isCreated());
Optional<User> user = userRepository.findOneByLogin("joe");
assertThat(user.isPresent()).isTrue();
}
@Transactional(readOnly = true)
public User getUserWithAuthorities() {
User user = userRepository.findOneByLogin(SecurityUtils.getCurrentUserLogin()).get();
user.getAuthorities().size(); // eagerly load the association
return user;
}