Commit e83dc3dd authored by Viacheslav Pavlov's avatar Viacheslav Pavlov Committed by Matija Obreza

Divided emailValidation/passwordReset cancellation

Added "type" to smtp cancellation links

Added articles to show on request canceled
parent f7335444
......@@ -211,7 +211,7 @@ public class MeController extends ApiBaseController {
@PreAuthorize("hasRole('TRUSTED_CLIENT') || hasRole('USER')")
@PostMapping(value = "/{tokenUuid:.+}/cancel")
public boolean cancelValidation(@PathVariable("tokenUuid") String tokenUuid, HttpServletRequest req, @RequestParam(value = "g-recaptcha-response", required = false) String response) throws IOException, UserException {
public boolean cancelValidation(@PathVariable("tokenUuid") String tokenUuid, HttpServletRequest req, @RequestParam(value = "g-recaptcha-response", required = false) String response) throws IOException, UserException, TokenVerificationService.NoSuchVerificationTokenException {
// Validate the reCAPTCHA
if (!ReCaptchaUtil.isValid(response, req.getRemoteAddr(), captchaPrivateKey)) {
......@@ -219,7 +219,7 @@ public class MeController extends ApiBaseController {
throw new UserException("Captcha check failed.");
}
emailVerificationService.cancelValidation(tokenUuid);
emailVerificationService.cancelPasswordReset(tokenUuid);
return true;
}
......
......@@ -41,6 +41,7 @@ import org.springframework.dao.DataIntegrityViolationException;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
......@@ -116,4 +117,17 @@ public class UserRegistrationController {
throw new Exception("Verification token has expired");
}
}
@PostMapping(value = "/{tokenUuid:.+}/cancel")
public boolean cancelValidation(@PathVariable("tokenUuid") String tokenUuid, HttpServletRequest req, @RequestParam(value = "g-recaptcha-response", required = false) String response) throws Exception {
// Validate the reCAPTCHA
if (!ReCaptchaUtil.isValid(response, req.getRemoteAddr(), captchaPrivateKey)) {
LOG.warn("Invalid captcha.");
throw new UserException("Captcha check failed.");
}
emailVerificationService.cancelValidation(tokenUuid);
return true;
}
}
......@@ -160,11 +160,16 @@ public class UserProfileController extends BaseController {
}
@RequestMapping(value = "/{tokenUuid:.+}/cancel", method = RequestMethod.GET)
public String cancelValidation(ModelMap model, @PathVariable("tokenUuid") String tokenUuid) {
public String cancelValidation(ModelMap model, @PathVariable("tokenUuid") String tokenUuid) throws Exception {
emailVerificationService.cancelValidation(tokenUuid);
return "redirect:/";
return "redirect:/content/user-registration-canceled";
}
@RequestMapping(value = "/{tokenUuid:.+}/cancel", method = RequestMethod.GET, params = { "type=pass" })
public String cancelPasswordReset(ModelMap model, @PathVariable("tokenUuid") String tokenUuid) throws NoSuchVerificationTokenException {
emailVerificationService.cancelPasswordReset(tokenUuid);
return "redirect:/content/user-password-reset-canceled";
}
@RequestMapping(value = "/{tokenUuid:.+}/validate", method = RequestMethod.GET)
public String validateEmail(ModelMap model, @PathVariable("tokenUuid") String tokenUuid) {
model.addAttribute("tokenUuid", tokenUuid);
......
......@@ -104,7 +104,7 @@ public class UserProfileController extends BaseController {
}
@RequestMapping(value = "/{tokenUuid:.+}/cancel", method = RequestMethod.GET)
public String cancelValidation(ModelMap model, @PathVariable("tokenUuid") String tokenUuid) {
public String cancelValidation(ModelMap model, @PathVariable("tokenUuid") String tokenUuid) throws Exception {
emailVerificationService.cancelValidation(tokenUuid);
return "redirect:" + URLBASE;
}
......
......@@ -28,7 +28,9 @@ public interface EMailVerificationService {
void sendPasswordResetEmail(User user);
void cancelValidation(String tokenUuid);
void cancelPasswordReset(String tokenUuid) throws NoSuchVerificationTokenException;
void cancelValidation(String tokenUuid) throws Exception;
void validateEMail(String tokenUuid, String key) throws NoSuchVerificationTokenException, TokenExpiredException;
......
......@@ -37,6 +37,17 @@ public interface TokenVerificationService {
*/
void cancel(String tokenUuid) throws NoSuchVerificationTokenException;
/**
* Fetch the token
*
* @param purpose
* @param tokenUuid
* @throws NoSuchVerificationTokenException
*
* @return
*/
VerificationToken fetchToken(String purpose, String tokenUuid) throws NoSuchVerificationTokenException;
/**
* Check token validity, remove it from persistence
*
......
......@@ -23,6 +23,9 @@ import java.util.UUID;
import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.blocks.security.UserException;
import org.genesys.blocks.security.service.PasswordPolicy.PasswordPolicyException;
import org.genesys2.server.component.security.AsAdminInvoker;
import org.genesys2.server.exception.InvalidApiUsageException;
import org.genesys2.server.model.UserRole;
import org.genesys2.server.model.impl.Article;
import org.genesys2.server.model.impl.User;
import org.genesys2.server.model.impl.VerificationToken;
......@@ -60,6 +63,9 @@ public class EMailVerificationServiceImpl implements EMailVerificationService {
@Autowired
private ContentService contentService;
@Autowired
private AsAdminInvoker asAdminInvoker;
@Value("${frontend.url}")
private String frontendUrl;
......@@ -100,11 +106,38 @@ public class EMailVerificationServiceImpl implements EMailVerificationService {
@Override
@Transactional
public void cancelValidation(String tokenUuid) {
public void cancelPasswordReset(String tokenUuid) throws InvalidApiUsageException {
try {
tokenVerificationService.cancel(tokenUuid);
} catch (NoSuchVerificationTokenException e) {
LOG.warn("No such token. Error message {}", e.getMessage());
throw new InvalidApiUsageException("No such verification token");
}
}
@Override
@Transactional
public void cancelValidation(String tokenUuid) throws Exception {
try {
VerificationToken verificationToken = tokenVerificationService.fetchToken("email-verification", tokenUuid);
String userUuid = verificationToken.getData();
User user = userService.getUser(UUID.fromString(userUuid));
if (user.hasRole(UserRole.VALIDATEDUSER.getName())) {
throw new InvalidApiUsageException("User already validated");
}
asAdminInvoker.invoke(() -> {
userService.deleteUser(user);
return true;
});
tokenVerificationService.cancel(tokenUuid);
} catch (final NoSuchVerificationTokenException e) {
// Silently cancel exception
LOG.warn("No such token. Error message {}", e.getMessage());
throw new InvalidApiUsageException("No such verification token");
}
}
......
......@@ -73,6 +73,18 @@ public class TokenVerificationServiceImpl implements TokenVerificationService, J
}
}
@Override
public VerificationToken fetchToken(String purpose, String tokenUuid) throws NoSuchVerificationTokenException {
final VerificationToken verificationToken = verificationTokenRepository.findByPurposeAndUuid(purpose, tokenUuid);
if (verificationToken == null) {
LOG.warn("No such verification token {}", tokenUuid);
throw new NoSuchVerificationTokenException();
}
return verificationToken;
}
@Override
@Transactional
public VerificationToken consumeToken(String purpose, String tokenUuid, String key) throws NoSuchVerificationTokenException, TokenExpiredException {
......
{
"en": {
"title": "Reset password",
"body": "<h2><small>Genesys account</small><br/>Reset password</h2><p>Click <a href=\"{0}/profile/{1}/pwdreset\">this link</a> to reset your password.</p><h2>Validation key: {3}</h2><p>If you didn't make this request, <a href=\"{0}/profile/{1}/cancel\">click here to cancel</a>.</p><p>Thanks,<br/ >Genesys team</p>"
"body": "<h2><small>Genesys account</small><br/>Reset password</h2><p>Click <a href=\"{0}/profile/{1}/pwdreset\">this link</a> to reset your password.</p><h2>Validation key: {3}</h2><p>If you didn't make this request, <a href=\"{0}/profile/{1}/cancel?type=pass\">click here to cancel</a>.</p><p>Thanks,<br/ >Genesys team</p>"
}
}
\ No newline at end of file
{
"en": {
"title": "Verify your email address",
"body": "<h2><small>Genesys account</small><br/>Verify your email address</h2><p>You can already use your Genesys account. We need to confirm your email account before granting you access to all Genesys features.</p><p><a href=\"{0}/profile/{1}/validate\">Verify {2}</a></p><h2>Validation key: {3}</h2><p>If you didn't make this request, <a href=\"{0}/profile/{1}/cancel\">click here to cancel</a>.</p><p>Thanks,<br/ >Genesys team</p>"
"body": "<h2><small>Genesys account</small><br/>Verify your email address</h2><p>You can already use your Genesys account. We need to confirm your email account before granting you access to all Genesys features.</p><p><a href=\"{0}/profile/{1}/validate\">Verify {2}</a></p><h2>Validation key: {3}</h2><p>If you didn't make this request, <a href=\"{0}/profile/{1}/cancel?type=email\">click here to cancel</a>.</p><p>Thanks,<br/ >Genesys team</p>"
}
}
\ No newline at end of file
{
"en": {
"title": "Password resetting canceled",
"body": "<p>Your password reset request is canceled.</p>"
}
}
{
"en": {
"title": "Registration request canceled",
"body": "<p>Your registration request was canceled. Any personal information associated with your account will be removed from Genesys.</p>"
}
}
......@@ -130,7 +130,7 @@ public class EmailVerificationServiceTest extends AbstractServicesTest {
// FIXME Does not consider existing data
@Ignore
@Test
public void cancelValidationTest() throws TokenVerificationService.NoSuchVerificationTokenException {
public void cancelValidationTest() throws TokenVerificationService.NoSuchVerificationTokenException, Exception {
LOG.info("Start test-method cancelValidationTest");
assertTrue(!verificationTokenRepository.findAll().isEmpty());
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment