/** GET /account/sessions -> get the current open sessions. */
@RequestMapping(
value = "/account/sessions",
method = RequestMethod.GET,
produces = MediaType.APPLICATION_JSON_VALUE)
@Timed
public ResponseEntity<List<PersistentToken>> getCurrentSessions() {
User user = userRepository.findOneByLogin(SecurityUtils.getCurrentLogin());
if (user == null) {
return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
}
return new ResponseEntity<>(persistentTokenRepository.findByUser(user), HttpStatus.OK);
}
/**
* DELETE /account/sessions?series={series} -> invalidate an existing session.
*
* <p>- You can only delete your own sessions, not any other user's session - If you delete one of
* your existing sessions, and that you are currently logged in on that session, you will still be
* able to use that session, until you quit your browser: it does not work in real time (there is
* no API for that), it only removes the "remember me" cookie - This is also true if you
* invalidate your current session: you will still be able to use it until you close your browser
* or that the session times out. But automatic login (the "remember me" cookie) will not work
* anymore. There is an API to invalidate the current session, but there is no API to check which
* session uses which cookie.
*/
@RequestMapping(value = "/account/sessions/{series}", method = RequestMethod.DELETE)
@Timed
public void invalidateSession(@PathVariable String series) throws UnsupportedEncodingException {
String decodedSeries = URLDecoder.decode(series, "UTF-8");
User user = userRepository.findOneByLogin(SecurityUtils.getCurrentLogin());
List<PersistentToken> persistentTokens = persistentTokenRepository.findByUser(user);
for (PersistentToken persistentToken : persistentTokens) {
if (StringUtils.equals(persistentToken.getSeries(), decodedSeries)) {
persistentTokenRepository.delete(decodedSeries);
}
}
}
/** POST /account -> update the current user information. */
@RequestMapping(
value = "/account",
method = RequestMethod.POST,
produces = MediaType.APPLICATION_JSON_VALUE)
@Timed
public ResponseEntity<String> saveAccount(@RequestBody UserDTO userDTO) {
User userHavingThisLogin = userRepository.findOneByLogin(userDTO.getLogin());
if (userHavingThisLogin != null
&& !userHavingThisLogin.getLogin().equals(SecurityUtils.getCurrentLogin())) {
return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
}
// Do not update Information of external accounts, because that information is stored there
if (userHavingThisLogin.getExternalAccounts().size() > 0) {
return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
}
userService.updateUserInformation(
userDTO.getFirstName(), userDTO.getLastName(), userDTO.getEmail());
return new ResponseEntity<>(HttpStatus.OK);
}