Commit 5c56d0fd authored by Matija Obreza's avatar Matija Obreza
Browse files

Merge branch '152-updated-me-controller' into 'master'

Resolve "Updated /me controller"

Closes #152

See merge request !143
parents 309ac333 7f1f8e6b
/*
* Copyright 2017 Global Crop Diversity Trust
* Copyright 2018 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
......@@ -15,10 +15,12 @@
*/
package org.genesys.catalog.server.config;
import org.genesys.blocks.security.lockout.AccountLockoutConfig;
import org.genesys.catalog.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
......@@ -31,12 +33,18 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true /*, securedEnabled = true */)
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true /* , securedEnabled = true */)
@Import({ AccountLockoutConfig.class })
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userDetailsService;
/**
* Password encoder.
*
* @return the password encoder
*/
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
......
/*
* Copyright 2017 Global Crop Diversity Trust
* Copyright 2018 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
......@@ -15,9 +15,16 @@
*/
package org.genesys.catalog.server.controller.api.v0.me;
import java.util.UUID;
import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.blocks.security.UserException;
import org.genesys.blocks.security.lockout.AccountLockoutManager;
import org.genesys.catalog.model.dataset.Dataset;
import org.genesys.catalog.model.traits.Descriptor;
import org.genesys.catalog.model.traits.DescriptorList;
import org.genesys.catalog.model.user.User;
import org.genesys.catalog.service.UserService;
import org.genesys.catalog.service.DatasetService;
import org.genesys.catalog.service.DescriptorListService;
import org.genesys.catalog.service.DescriptorService;
......@@ -33,7 +40,10 @@ import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Sort;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
......@@ -63,14 +73,49 @@ public class MeController {
private DescriptorListService descriptorListService;
@Autowired
@Qualifier("tokenServices")
private DefaultTokenServices defaultTokenServices;
@Qualifier("tokenServices")
private DefaultTokenServices defaultTokenServices;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private AccountLockoutManager lockoutManager;
@Autowired
private UserService userService;
@PostMapping(value = "/token", consumes = "text/plain")
public Object removeToken(@RequestBody final String token) {
defaultTokenServices.revokeToken(token);
return token;
}
@GetMapping(value = "/profile")
public User getProfile() {
final User currentUser = SecurityContextUtil.getMe();
return userService.getUser(UUID.fromString(currentUser.getUuid()));
}
@PostMapping(value = "/password")
public String changePassword(@RequestParam(name = "old", required = true) final String oldPassword, @RequestParam(name = "new", required = true) final String newPassword)
throws UserException {
@PostMapping(value = "/token", consumes = "text/plain")
public Object removeToken(@RequestBody final String token) {
defaultTokenServices.revokeToken(token);
return token;
}
final User currentUser = userService.getUser(UUID.fromString(SecurityContextUtil.getMe().getUuid()));
if (currentUser.isAccountLocked()) {
throw new LockedException("Too many failed login attempts.");
}
if (passwordEncoder.matches(oldPassword, currentUser.getPassword())) {
lockoutManager.handleSuccessfulLogin(currentUser.getUsername());
userService.changePassword(currentUser, newPassword);
return "OK";
} else {
lockoutManager.handleFailedLogin(currentUser.getUsername());
throw new UserException("Your old password was entered incorrectly. Please enter it again.");
}
}
@PostMapping(value = "/partners")
public Page<Partner> myPartners(@RequestParam(name = "p", required = false, defaultValue = "0") final int page,
......@@ -99,7 +144,6 @@ public class MeController {
return descriptorService.listDescriptorsForCurrentUser(descriptorFilter, new PageRequest(page, Integer.min(pageSize, 100), direction, sort));
}
@PostMapping(value = "/descriptorlists")
public Page<DescriptorList> myDescriptorLists(@RequestParam(name = "p", required = false, defaultValue = "0") final int page,
@RequestParam(name = "l", required = false, defaultValue = "50") final int pageSize,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment