codiki/src/main/java/org/codiki/account/AccountController.java

package org.codiki.account;

import java.io.IOException;
import java.security.Principal;
import java.util.Optional;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.codiki.core.entities.dto.PasswordWrapperDTO;
import org.codiki.core.entities.dto.UserDTO;
import org.codiki.core.entities.dto.View;
import org.codiki.core.entities.persistence.User;
import org.codiki.core.services.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import com.fasterxml.jackson.annotation.JsonView;

@RestController
@RequestMapping("/api/account")
public class AccountController {
	@Autowired
	private AccountService accountService;
	@Autowired
	private UserService userService;

	@JsonView(View.UserDTO.class)
	@PostMapping("/login")
	public User login(@RequestBody final User pUser) throws BadCredentialsException {
		return accountService.authenticate(pUser);
	}
	
	@GetMapping("/logout")
	public void logout(final HttpServletRequest request, final HttpServletResponse response) {
		final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
		if(auth != null) {
			new SecurityContextLogoutHandler().logout(request, response, auth);
		}
	}
	
	/**
	 * Updates the user password.
	 * 
	 * @param pPasswordWrapper
	 *            The object which contains the old password for verification and
	 *            the new password to set to the user.
	 * @param pRequest
	 *            The request injected by Spring.
	 * @param pResponse
	 *            The reponse injected by Spring.
	 * @throws IOException
	 *             If the old password doesn't match to the user password in
	 *             database.
	 */
	@PutMapping("/changePassword")
	public void changePassword(@RequestBody final PasswordWrapperDTO pPasswordWrapper,
			final HttpServletRequest pRequest,
			final HttpServletResponse pResponse,
			final Principal pPrincipal) throws IOException {
		final Optional<User> connectedUser = userService.getUserByPrincipal(pPrincipal);
		if(connectedUser.isPresent()) {
			accountService.changePassword(connectedUser.get(), pPasswordWrapper, pResponse);
		} else {
			pResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
		}
	}
	
	@PostMapping("/signin")
	public UserDTO signin(@RequestBody final UserDTO pUser, final HttpServletResponse pResponse) throws IOException {
		return accountService.signin(pUser, pResponse);
	}
	
	@PutMapping("/")
	public void update(@RequestBody final UserDTO pUser, final HttpServletRequest pRequest,
			final HttpServletResponse pResponse, final Principal pPrincipal) throws IOException {
		accountService.updateUser(pUser, pRequest, pResponse, pPrincipal);
	}
}