Commit 04adbdc7 authored by Matija Obreza's avatar Matija Obreza

Merge branch 'ui-206-forgot-password-functionality' into 'master'

Added endpoints for resetting password

See merge request genesys-pgr/genesys-server!345
parents b62eaca0 54effefc
......@@ -16,30 +16,42 @@
package org.genesys2.server.api.v1;
import java.io.IOException;
import java.util.UUID;
import io.swagger.annotations.Api;
import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.blocks.security.UserException;
import org.genesys.blocks.security.lockout.AccountLockoutManager;
import org.genesys.blocks.security.model.BasicUser;
import org.genesys.blocks.security.service.PasswordPolicy;
import org.genesys.catalog.service.ShortFilterService;
import org.genesys2.server.api.ApiBaseController;
import org.genesys2.server.exception.NotFoundElement;
import org.genesys2.server.model.impl.User;
import org.genesys2.server.service.EMailVerificationService;
import org.genesys2.server.service.TokenVerificationService;
import org.genesys2.server.service.UserService;
import org.genesys2.util.ReCaptchaUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.security.oauth2.provider.token.ConsumerTokenServices;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
/**
* Me API v1
*/
......@@ -68,6 +80,12 @@ public class MeController extends ApiBaseController {
@Autowired
protected ShortFilterService shortFilterService;
@Value("${captcha.privateKey}")
private String captchaPrivateKey;
@Autowired
private EMailVerificationService emailVerificationService;
/**
* Gets the profile.
*
......@@ -108,6 +126,81 @@ public class MeController extends ApiBaseController {
}
}
@PreAuthorize("hasRole('TRUSTED_CLIENT') || hasRole('USER')")
@PostMapping(value = "/password/reset")
public boolean resetPassword(HttpServletRequest req, @RequestParam(value = "g-recaptcha-response", required = false) String response, @RequestParam("email") String email) throws IOException, UserException {
// Validate the reCAPTCHA
if (!ReCaptchaUtil.isValid(response, req.getRemoteAddr(), captchaPrivateKey)) {
LOG.warn("Invalid captcha.");
throw new UserException("Captcha check failed.");
}
try {
final User user = userService.getUserByEmail(email);
if (user != null && user.getAccountType() == BasicUser.AccountType.GOOGLE) {
LOG.warn("Password for users with login type GOOGLE can't be reset!");
throw new UserException("Password for users with login type GOOGLE can't be reset!");
}
if (user != null && user.isAccountLocked()) {
LOG.warn("Password for locked user accounts can't be reset!");
throw new UserException("Password for locked user accounts can't be reset!");
}
if (user != null && ! user.isEnabled()) {
LOG.warn("Password for disabled user accounts can't be reset!");
throw new UserException("Password for disabled user accounts can't be reset!");
}
if (user != null) {
emailVerificationService.sendPasswordResetEmail(user);
return true;
}
throw new NotFoundElement("User not found");
} catch (UsernameNotFoundException e) {
throw new UserException("No such user!");
}
}
@PreAuthorize("hasRole('TRUSTED_CLIENT') || hasRole('USER')")
@PostMapping(value = "/{tokenUuid:.+}/pwdreset")
public boolean updatePassword(@PathVariable("tokenUuid") String tokenUuid, HttpServletRequest req, @RequestParam(value = "g-recaptcha-response", required = false) String response,
@RequestParam(value = "key", required = true) String key, @RequestParam("password") String password) throws IOException, UserException {
// Validate the reCAPTCHA
if (!ReCaptchaUtil.isValid(response, req.getRemoteAddr(), captchaPrivateKey)) {
LOG.warn("Invalid captcha.");
throw new UserException("Captcha check failed.");
}
try {
emailVerificationService.changePassword(tokenUuid, key, password);
return true;
} catch (final TokenVerificationService.NoSuchVerificationTokenException e) {
throw new UserException("No such verification token!");
} catch (PasswordPolicy.PasswordPolicyException e) {
throw new UserException("Password for disabled user accounts can't be reset!");
} catch (TokenVerificationService.TokenExpiredException e) {
throw new UserException("Your token expired!");
}
}
@PreAuthorize("hasRole('TRUSTED_CLIENT') || hasRole('USER')")
@PostMapping(value = "/{tokenUuid:.+}/cancel")
public boolean cancelValidation(@PathVariable("tokenUuid") String tokenUuid, HttpServletRequest req, @RequestParam(value = "g-recaptcha-response", required = false) String response) throws IOException, UserException {
// Validate the reCAPTCHA
if (!ReCaptchaUtil.isValid(response, req.getRemoteAddr(), captchaPrivateKey)) {
LOG.warn("Invalid captcha.");
throw new UserException("Captcha check failed.");
}
emailVerificationService.cancelValidation(tokenUuid);
return true;
}
/**
* Delete provided token
*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment