Codiki/codiki
1
0
Fork 0
Code Issues 7 Pull Requests Releases Wiki Activity

Minor corrections for account route.

Browse Source
This commit is contained in:
Florian
2018-05-13 15:11:19 +02:00
parent 3928efbae9
commit 1563e9ed43
2 changed files with 49 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/main/java/org/codiki/account/AccountController.java
View File

@@ -1,5 +1,7 @@
package org.codiki.account; package org.codiki.account;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@@ -27,21 +29,51 @@ public class AccountController {
@Autowired @Autowired
private TokenService tokenService; private TokenService tokenService;
/**
* Log in the user in request body.
*
* @param pUser
* The user to connect.
* @param response
* The reponse injected by Spring.
* @return The connected user object.
* @throws IOException
* If credentials are bad.
*/
@PostMapping("/login") @PostMapping("/login")
public UserDTO login(@RequestBody UserDTO pUser, HttpServletResponse response) { public UserDTO login(@RequestBody UserDTO pUser, HttpServletResponse response) throws IOException {
return accountService.checkCredentials(response, pUser); return accountService.checkCredentials(response, pUser);
} }
/**
* Log out the user.
*
* @param pRequest
* The request injected by Spring.
*/
@GetMapping("/logout") @GetMapping("/logout")
public void logout(HttpServletRequest pRequest) { public void logout(HttpServletRequest pRequest) {
tokenService.removeUser(pRequest.getHeader(HEADER_TOKEN)); tokenService.removeUser(pRequest.getHeader(HEADER_TOKEN));
} }
/**
* Updates the user password.
*
* @param pPasswordWrapper
* The object which contains the old password for verification and
* the new password to set to the user.
* @param pRequest
* The request injected by Spring.
* @param pResponse
* The reponse injected by Spring.
* @throws IOException
* If the old password doesn't match to the user password in
* database.
*/
@PutMapping("/changePassword") @PutMapping("/changePassword")
public boolean changePassword(@RequestBody final PasswordWrapperDTO pPasswordWrapper, public void changePassword(@RequestBody final PasswordWrapperDTO pPasswordWrapper,
final HttpServletRequest pRequest, final HttpServletRequest pRequest,
final HttpServletResponse pResponse) { final HttpServletResponse pResponse) throws IOException {
return accountService.changePassword(tokenService.getAuthenticatedUserByToken(pRequest), pPasswordWrapper, pResponse); accountService.changePassword(tokenService.getAuthenticatedUserByToken(pRequest), pPasswordWrapper, pResponse);
} }
} }

22
src/main/java/org/codiki/account/AccountService.java
View File

@@ -1,5 +1,6 @@
package org.codiki.account; package org.codiki.account;
import java.io.IOException;
import java.util.Optional; import java.util.Optional;
import javax.naming.AuthenticationException; import javax.naming.AuthenticationException;
@@ -29,10 +30,12 @@ public class AccountService {
* @param pUser * @param pUser
* The user sent from client. * The user sent from client.
* @return The user populated with the generated token. * @return The user populated with the generated token.
* @throws IOException
* If the credentials are bad.
* @throws AuthenticationException * @throws AuthenticationException
* If the credentials are wrong. * If the credentials are wrong.
*/ */
public UserDTO checkCredentials(HttpServletResponse pResponse, UserDTO pUser) { public UserDTO checkCredentials(HttpServletResponse pResponse, UserDTO pUser) throws IOException {
UserDTO result = null; UserDTO result = null;
Optional<User> user = userRepository.findByEmail(pUser.getEmail()); Optional<User> user = userRepository.findByEmail(pUser.getEmail());
@@ -41,29 +44,28 @@ public class AccountService {
tokenService.addUser(user.get()); tokenService.addUser(user.get());
result = new UserDTO(user.get(), true); result = new UserDTO(user.get(), true);
} else { } else {
pResponse.setStatus(HttpServletResponse.SC_FORBIDDEN); pResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
} }
return result; return result;
} }
public boolean changePassword(final User pUser, final PasswordWrapperDTO pPasswordWrapper, public void changePassword(final User pUser, final PasswordWrapperDTO pPasswordWrapper,
final HttpServletResponse pResponse) { final HttpServletResponse pResponse) throws IOException {
boolean result = false;
if(pPasswordWrapper.getNewPassword().equals(pPasswordWrapper.getConfirmPassword())) { if(pPasswordWrapper.getNewPassword().equals(pPasswordWrapper.getConfirmPassword())) {
// We fetch the connected user from database to get his hashed password // We fetch the connected user from database to get his hashed password
final Optional<User> userFromDb = userRepository.findById(pUser.getId()); final Optional<User> userFromDb = userRepository.findById(pUser.getId());
if(userFromDb.isPresent() && StringUtils.compareHash(pPasswordWrapper.getOldPassword(), if(userFromDb.isPresent() && StringUtils.compareHash(pPasswordWrapper.getOldPassword(),
userFromDb.get().getPassword())) { userFromDb.get().getPassword())) {
result = true;
userFromDb.get().setPassword(StringUtils.hashPassword(pPasswordWrapper.getNewPassword())); userFromDb.get().setPassword(StringUtils.hashPassword(pPasswordWrapper.getNewPassword()));
userRepository.save(userFromDb.get()); userRepository.save(userFromDb.get());
} else { } else {
pResponse.setStatus(HttpServletResponse.SC_FORBIDDEN); pResponse.sendError(HttpServletResponse.SC_FORBIDDEN,
"Le mot de passe saisi ne correspond pas au votre.");
} }
} else {
pResponse.sendError(HttpServletResponse.SC_BAD_REQUEST,
"Le mot de passe saisi ne correspond pas au votre.");
} }
return result;
} }
} }