2023-08-12 02:29:10 +01:00
|
|
|
package stirling.software.SPDF.controller.api;
|
|
|
|
|
|
2024-07-05 21:48:33 +02:00
|
|
|
import java.io.IOException;
|
2023-08-13 01:12:29 +01:00
|
|
|
import java.security.Principal;
|
|
|
|
|
import java.util.HashMap;
|
2024-08-16 12:57:37 +02:00
|
|
|
import java.util.List;
|
2023-08-13 01:12:29 +01:00
|
|
|
import java.util.Map;
|
2023-08-15 00:39:13 +01:00
|
|
|
import java.util.Optional;
|
2023-08-13 01:12:29 +01:00
|
|
|
|
2023-08-12 02:29:10 +01:00
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
2023-08-13 18:19:15 +01:00
|
|
|
import org.springframework.http.HttpStatus;
|
|
|
|
|
import org.springframework.http.ResponseEntity;
|
2023-08-13 01:12:29 +01:00
|
|
|
import org.springframework.security.access.prepost.PreAuthorize;
|
2023-08-30 22:52:38 +01:00
|
|
|
import org.springframework.security.core.Authentication;
|
2024-02-18 15:47:19 +00:00
|
|
|
import org.springframework.security.core.session.SessionInformation;
|
|
|
|
|
import org.springframework.security.core.userdetails.UserDetails;
|
2024-08-16 12:57:37 +02:00
|
|
|
import org.springframework.security.oauth2.core.user.OAuth2User;
|
2023-08-27 00:39:22 +01:00
|
|
|
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
|
2023-08-12 02:29:10 +01:00
|
|
|
import org.springframework.stereotype.Controller;
|
|
|
|
|
import org.springframework.ui.Model;
|
2024-01-13 00:37:19 +00:00
|
|
|
import org.springframework.web.bind.annotation.ModelAttribute;
|
2023-08-13 01:12:29 +01:00
|
|
|
import org.springframework.web.bind.annotation.PathVariable;
|
2023-08-12 02:29:10 +01:00
|
|
|
import org.springframework.web.bind.annotation.PostMapping;
|
2023-09-11 23:19:50 +01:00
|
|
|
import org.springframework.web.bind.annotation.RequestMapping;
|
2023-08-12 02:29:10 +01:00
|
|
|
import org.springframework.web.bind.annotation.RequestParam;
|
2023-09-03 16:40:40 +01:00
|
|
|
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
|
|
|
|
|
import org.springframework.web.servlet.view.RedirectView;
|
2023-08-12 02:29:10 +01:00
|
|
|
|
2024-01-13 00:37:19 +00:00
|
|
|
import io.swagger.v3.oas.annotations.tags.Tag;
|
|
|
|
|
|
2023-08-13 01:12:29 +01:00
|
|
|
import jakarta.servlet.http.HttpServletRequest;
|
2023-08-15 00:39:13 +01:00
|
|
|
import jakarta.servlet.http.HttpServletResponse;
|
2024-10-14 22:34:41 +01:00
|
|
|
import lombok.extern.slf4j.Slf4j;
|
2023-08-12 02:29:10 +01:00
|
|
|
import stirling.software.SPDF.config.security.UserService;
|
2024-10-20 13:30:58 +02:00
|
|
|
import stirling.software.SPDF.config.security.saml2.CustomSaml2AuthenticatedPrincipal;
|
2024-08-16 12:57:37 +02:00
|
|
|
import stirling.software.SPDF.config.security.session.SessionPersistentRegistry;
|
|
|
|
|
import stirling.software.SPDF.model.AuthenticationType;
|
2023-12-25 12:58:49 +00:00
|
|
|
import stirling.software.SPDF.model.Role;
|
2023-08-13 18:19:15 +01:00
|
|
|
import stirling.software.SPDF.model.User;
|
2024-01-13 00:37:19 +00:00
|
|
|
import stirling.software.SPDF.model.api.user.UsernameAndPass;
|
2023-08-12 02:29:10 +01:00
|
|
|
|
|
|
|
|
@Controller
|
2024-01-13 00:37:19 +00:00
|
|
|
@Tag(name = "User", description = "User APIs")
|
2023-09-11 23:19:50 +01:00
|
|
|
@RequestMapping("/api/v1/user")
|
2024-10-14 22:34:41 +01:00
|
|
|
@Slf4j
|
2023-08-12 02:29:10 +01:00
|
|
|
public class UserController {
|
2023-12-30 19:11:27 +00:00
|
|
|
|
2023-08-12 02:29:10 +01:00
|
|
|
@Autowired private UserService userService;
|
2023-12-30 19:11:27 +00:00
|
|
|
|
2024-08-16 12:57:37 +02:00
|
|
|
@Autowired SessionPersistentRegistry sessionRegistry;
|
|
|
|
|
|
2023-12-27 22:56:51 +00:00
|
|
|
@PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
|
2023-08-12 02:29:10 +01:00
|
|
|
@PostMapping("/register")
|
2024-07-05 21:48:33 +02:00
|
|
|
public String register(@ModelAttribute UsernameAndPass requestModel, Model model)
|
|
|
|
|
throws IOException {
|
2024-04-14 23:07:03 +02:00
|
|
|
if (userService.usernameExistsIgnoreCase(requestModel.getUsername())) {
|
2023-08-12 02:29:10 +01:00
|
|
|
model.addAttribute("error", "Username already exists");
|
|
|
|
|
return "register";
|
|
|
|
|
}
|
2024-05-12 19:58:34 +02:00
|
|
|
try {
|
|
|
|
|
userService.saveUser(requestModel.getUsername(), requestModel.getPassword());
|
|
|
|
|
} catch (IllegalArgumentException e) {
|
|
|
|
|
return "redirect:/login?messageType=invalidUsername";
|
|
|
|
|
}
|
2023-08-12 02:29:10 +01:00
|
|
|
return "redirect:/login?registered=true";
|
|
|
|
|
}
|
2023-12-30 19:11:27 +00:00
|
|
|
|
2023-12-27 22:56:51 +00:00
|
|
|
@PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
|
2024-03-07 20:12:07 +00:00
|
|
|
@PostMapping("/change-username")
|
|
|
|
|
public RedirectView changeUsername(
|
2023-09-03 16:40:40 +01:00
|
|
|
Principal principal,
|
2024-06-12 21:36:18 +02:00
|
|
|
@RequestParam(name = "currentPasswordChangeUsername") String currentPassword,
|
2024-03-09 14:03:46 +00:00
|
|
|
@RequestParam(name = "newUsername") String newUsername,
|
2023-09-03 16:40:40 +01:00
|
|
|
HttpServletRequest request,
|
|
|
|
|
HttpServletResponse response,
|
2024-07-05 21:48:33 +02:00
|
|
|
RedirectAttributes redirectAttributes)
|
|
|
|
|
throws IOException {
|
2024-03-13 23:09:16 +01:00
|
|
|
|
|
|
|
|
if (!userService.isUsernameValid(newUsername)) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/account?messageType=invalidUsername", true);
|
2024-03-13 23:09:16 +01:00
|
|
|
}
|
|
|
|
|
|
2023-09-04 00:12:27 +01:00
|
|
|
if (principal == null) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/account?messageType=notAuthenticated", true);
|
2023-09-04 00:12:27 +01:00
|
|
|
}
|
2023-09-03 16:40:40 +01:00
|
|
|
|
2024-04-14 23:07:03 +02:00
|
|
|
// The username MUST be unique when renaming
|
|
|
|
|
Optional<User> userOpt = userService.findByUsername(principal.getName());
|
2023-09-03 16:40:40 +01:00
|
|
|
|
2023-09-04 00:12:27 +01:00
|
|
|
if (userOpt == null || userOpt.isEmpty()) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/account?messageType=userNotFound", true);
|
2023-12-30 19:11:27 +00:00
|
|
|
}
|
2023-09-04 00:12:27 +01:00
|
|
|
|
|
|
|
|
User user = userOpt.get();
|
|
|
|
|
|
2024-03-13 23:09:16 +01:00
|
|
|
if (user.getUsername().equals(newUsername)) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/account?messageType=usernameExists", true);
|
2024-03-13 23:09:16 +01:00
|
|
|
}
|
|
|
|
|
|
2023-09-04 00:12:27 +01:00
|
|
|
if (!userService.isPasswordCorrect(user, currentPassword)) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/account?messageType=incorrectPassword", true);
|
2023-09-04 00:12:27 +01:00
|
|
|
}
|
2023-09-03 16:40:40 +01:00
|
|
|
|
2023-09-04 00:12:27 +01:00
|
|
|
if (!user.getUsername().equals(newUsername) && userService.usernameExists(newUsername)) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/account?messageType=usernameExists", true);
|
2023-12-30 19:11:27 +00:00
|
|
|
}
|
2023-09-03 16:40:40 +01:00
|
|
|
|
2024-03-07 20:12:07 +00:00
|
|
|
if (newUsername != null && newUsername.length() > 0) {
|
2024-05-12 19:58:34 +02:00
|
|
|
try {
|
|
|
|
|
userService.changeUsername(user, newUsername);
|
|
|
|
|
} catch (IllegalArgumentException e) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/account?messageType=invalidUsername", true);
|
2024-05-12 19:58:34 +02:00
|
|
|
}
|
2023-09-03 16:40:40 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Logout using Spring's utility
|
|
|
|
|
new SecurityContextLogoutHandler().logout(request, response, null);
|
|
|
|
|
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView(LOGIN_MESSAGETYPE_CREDSUPDATED, true);
|
2023-09-03 16:40:40 +01:00
|
|
|
}
|
|
|
|
|
|
2023-12-27 22:56:51 +00:00
|
|
|
@PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
|
2024-03-07 20:12:07 +00:00
|
|
|
@PostMapping("/change-password-on-login")
|
|
|
|
|
public RedirectView changePasswordOnLogin(
|
2023-09-03 16:40:40 +01:00
|
|
|
Principal principal,
|
2024-03-09 14:03:46 +00:00
|
|
|
@RequestParam(name = "currentPassword") String currentPassword,
|
|
|
|
|
@RequestParam(name = "newPassword") String newPassword,
|
2023-09-03 16:40:40 +01:00
|
|
|
HttpServletRequest request,
|
|
|
|
|
HttpServletResponse response,
|
2024-07-05 21:48:33 +02:00
|
|
|
RedirectAttributes redirectAttributes)
|
|
|
|
|
throws IOException {
|
2023-09-04 00:12:27 +01:00
|
|
|
if (principal == null) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/change-creds?messageType=notAuthenticated", true);
|
2023-09-04 00:12:27 +01:00
|
|
|
}
|
2023-09-03 16:40:40 +01:00
|
|
|
|
2024-04-14 23:07:03 +02:00
|
|
|
Optional<User> userOpt = userService.findByUsernameIgnoreCase(principal.getName());
|
2023-09-03 16:40:40 +01:00
|
|
|
|
2023-09-04 00:12:27 +01:00
|
|
|
if (userOpt == null || userOpt.isEmpty()) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/change-creds?messageType=userNotFound", true);
|
2023-09-04 00:12:27 +01:00
|
|
|
}
|
2023-09-03 16:40:40 +01:00
|
|
|
|
2023-09-04 00:12:27 +01:00
|
|
|
User user = userOpt.get();
|
|
|
|
|
|
|
|
|
|
if (!userService.isPasswordCorrect(user, currentPassword)) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/change-creds?messageType=incorrectPassword", true);
|
2023-09-04 18:42:22 +01:00
|
|
|
}
|
2023-08-15 00:39:13 +01:00
|
|
|
|
2024-03-07 20:12:07 +00:00
|
|
|
userService.changePassword(user, newPassword);
|
|
|
|
|
userService.changeFirstUse(user, false);
|
2023-08-15 00:39:13 +01:00
|
|
|
// Logout using Spring's utility
|
|
|
|
|
new SecurityContextLogoutHandler().logout(request, response, null);
|
|
|
|
|
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView(LOGIN_MESSAGETYPE_CREDSUPDATED, true);
|
2023-08-15 00:39:13 +01:00
|
|
|
}
|
2023-12-30 19:11:27 +00:00
|
|
|
|
2023-12-27 22:56:51 +00:00
|
|
|
@PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
|
2023-08-15 00:39:13 +01:00
|
|
|
@PostMapping("/change-password")
|
2023-09-03 16:40:40 +01:00
|
|
|
public RedirectView changePassword(
|
|
|
|
|
Principal principal,
|
2024-03-09 14:03:46 +00:00
|
|
|
@RequestParam(name = "currentPassword") String currentPassword,
|
|
|
|
|
@RequestParam(name = "newPassword") String newPassword,
|
2023-09-03 16:40:40 +01:00
|
|
|
HttpServletRequest request,
|
|
|
|
|
HttpServletResponse response,
|
2024-07-05 21:48:33 +02:00
|
|
|
RedirectAttributes redirectAttributes)
|
|
|
|
|
throws IOException {
|
2023-09-04 00:12:27 +01:00
|
|
|
if (principal == null) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/account?messageType=notAuthenticated", true);
|
2023-09-04 00:12:27 +01:00
|
|
|
}
|
2023-08-15 00:39:13 +01:00
|
|
|
|
2024-04-14 23:07:03 +02:00
|
|
|
Optional<User> userOpt = userService.findByUsernameIgnoreCase(principal.getName());
|
2023-09-03 16:40:40 +01:00
|
|
|
|
2023-09-04 00:12:27 +01:00
|
|
|
if (userOpt == null || userOpt.isEmpty()) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/account?messageType=userNotFound", true);
|
2023-09-04 00:12:27 +01:00
|
|
|
}
|
2023-09-03 16:40:40 +01:00
|
|
|
|
2023-09-04 00:12:27 +01:00
|
|
|
User user = userOpt.get();
|
|
|
|
|
|
|
|
|
|
if (!userService.isPasswordCorrect(user, currentPassword)) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/account?messageType=incorrectPassword", true);
|
2023-09-04 00:12:27 +01:00
|
|
|
}
|
2023-08-15 00:39:13 +01:00
|
|
|
|
2023-08-19 12:50:49 +01:00
|
|
|
userService.changePassword(user, newPassword);
|
2023-08-15 00:39:13 +01:00
|
|
|
|
|
|
|
|
// Logout using Spring's utility
|
|
|
|
|
new SecurityContextLogoutHandler().logout(request, response, null);
|
2023-09-03 16:40:40 +01:00
|
|
|
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView(LOGIN_MESSAGETYPE_CREDSUPDATED, true);
|
2023-08-15 00:39:13 +01:00
|
|
|
}
|
2023-09-03 16:40:40 +01:00
|
|
|
|
2023-12-27 22:56:51 +00:00
|
|
|
@PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
|
2023-08-13 01:12:29 +01:00
|
|
|
@PostMapping("/updateUserSettings")
|
2024-07-05 21:48:33 +02:00
|
|
|
public String updateUserSettings(HttpServletRequest request, Principal principal)
|
|
|
|
|
throws IOException {
|
2023-08-13 01:12:29 +01:00
|
|
|
Map<String, String[]> paramMap = request.getParameterMap();
|
|
|
|
|
Map<String, String> updates = new HashMap<>();
|
|
|
|
|
|
|
|
|
|
for (Map.Entry<String, String[]> entry : paramMap.entrySet()) {
|
|
|
|
|
updates.put(entry.getKey(), entry.getValue()[0]);
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-14 22:34:41 +01:00
|
|
|
log.debug("Processed updates: " + updates);
|
2023-08-13 01:12:29 +01:00
|
|
|
|
|
|
|
|
// Assuming you have a method in userService to update the settings for a user
|
|
|
|
|
userService.updateUserSettings(principal.getName(), updates);
|
|
|
|
|
|
|
|
|
|
return "redirect:/account"; // Redirect to a page of your choice after updating
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
|
|
|
@PostMapping("/admin/saveUser")
|
2023-09-04 18:42:22 +01:00
|
|
|
public RedirectView saveUser(
|
2024-09-13 16:42:38 +01:00
|
|
|
@RequestParam(name = "username", required = true) String username,
|
2024-10-14 22:34:41 +01:00
|
|
|
@RequestParam(name = "password", required = false) String password,
|
2024-03-09 14:03:46 +00:00
|
|
|
@RequestParam(name = "role") String role,
|
2024-08-16 12:57:37 +02:00
|
|
|
@RequestParam(name = "authType") String authType,
|
2023-09-04 18:42:22 +01:00
|
|
|
@RequestParam(name = "forceChange", required = false, defaultValue = "false")
|
2024-07-05 21:48:33 +02:00
|
|
|
boolean forceChange)
|
|
|
|
|
throws IllegalArgumentException, IOException {
|
2023-12-30 19:11:27 +00:00
|
|
|
|
2024-03-13 23:09:16 +01:00
|
|
|
if (!userService.isUsernameValid(username)) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/addUsers?messageType=invalidUsername", true);
|
2024-03-13 23:09:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Optional<User> userOpt = userService.findByUsernameIgnoreCase(username);
|
|
|
|
|
|
|
|
|
|
if (userOpt.isPresent()) {
|
|
|
|
|
User user = userOpt.get();
|
|
|
|
|
if (user != null && user.getUsername().equalsIgnoreCase(username)) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/addUsers?messageType=usernameExists", true);
|
2024-03-13 23:09:16 +01:00
|
|
|
}
|
|
|
|
|
}
|
2024-04-14 23:07:03 +02:00
|
|
|
if (userService.usernameExistsIgnoreCase(username)) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/addUsers?messageType=usernameExists", true);
|
2023-09-04 18:42:22 +01:00
|
|
|
}
|
2023-12-25 12:58:49 +00:00
|
|
|
try {
|
|
|
|
|
// Validate the role
|
|
|
|
|
Role roleEnum = Role.fromString(role);
|
|
|
|
|
if (roleEnum == Role.INTERNAL_API_USER) {
|
|
|
|
|
// If the role is INTERNAL_API_USER, reject the request
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/addUsers?messageType=invalidRole", true);
|
2023-12-25 12:58:49 +00:00
|
|
|
}
|
|
|
|
|
} catch (IllegalArgumentException e) {
|
|
|
|
|
// If the role ID is not valid, redirect with an error message
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/addUsers?messageType=invalidRole", true);
|
2023-12-25 12:58:49 +00:00
|
|
|
}
|
2023-12-30 19:11:27 +00:00
|
|
|
|
2024-11-29 15:11:59 +00:00
|
|
|
if (authType.equalsIgnoreCase(AuthenticationType.SSO.toString())) {
|
|
|
|
|
userService.saveUser(username, AuthenticationType.SSO, role);
|
2024-08-16 12:57:37 +02:00
|
|
|
} else {
|
|
|
|
|
if (password.isBlank()) {
|
|
|
|
|
return new RedirectView("/addUsers?messageType=invalidPassword", true);
|
|
|
|
|
}
|
|
|
|
|
userService.saveUser(username, password, role, forceChange);
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView(
|
|
|
|
|
"/addUsers", true); // Redirect to account page after adding the user
|
2023-08-13 01:12:29 +01:00
|
|
|
}
|
|
|
|
|
|
2024-05-02 14:52:50 -06:00
|
|
|
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
|
|
|
@PostMapping("/admin/changeRole")
|
|
|
|
|
public RedirectView changeRole(
|
|
|
|
|
@RequestParam(name = "username") String username,
|
|
|
|
|
@RequestParam(name = "role") String role,
|
2024-08-16 12:57:37 +02:00
|
|
|
Authentication authentication)
|
|
|
|
|
throws IOException {
|
2024-05-02 14:52:50 -06:00
|
|
|
|
|
|
|
|
Optional<User> userOpt = userService.findByUsernameIgnoreCase(username);
|
|
|
|
|
|
|
|
|
|
if (!userOpt.isPresent()) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/addUsers?messageType=userNotFound", true);
|
2024-05-02 14:52:50 -06:00
|
|
|
}
|
|
|
|
|
if (!userService.usernameExistsIgnoreCase(username)) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/addUsers?messageType=userNotFound", true);
|
2024-05-02 14:52:50 -06:00
|
|
|
}
|
|
|
|
|
// Get the currently authenticated username
|
|
|
|
|
String currentUsername = authentication.getName();
|
|
|
|
|
|
|
|
|
|
// Check if the provided username matches the current session's username
|
|
|
|
|
if (currentUsername.equalsIgnoreCase(username)) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/addUsers?messageType=downgradeCurrentUser", true);
|
2024-05-02 14:52:50 -06:00
|
|
|
}
|
|
|
|
|
try {
|
|
|
|
|
// Validate the role
|
|
|
|
|
Role roleEnum = Role.fromString(role);
|
|
|
|
|
if (roleEnum == Role.INTERNAL_API_USER) {
|
|
|
|
|
// If the role is INTERNAL_API_USER, reject the request
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/addUsers?messageType=invalidRole", true);
|
2024-05-02 14:52:50 -06:00
|
|
|
}
|
|
|
|
|
} catch (IllegalArgumentException e) {
|
|
|
|
|
// If the role ID is not valid, redirect with an error message
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/addUsers?messageType=invalidRole", true);
|
2024-05-02 14:52:50 -06:00
|
|
|
}
|
|
|
|
|
User user = userOpt.get();
|
|
|
|
|
|
|
|
|
|
userService.changeRole(user, role);
|
2024-08-16 12:57:37 +02:00
|
|
|
|
|
|
|
|
return new RedirectView(
|
|
|
|
|
"/addUsers", true); // Redirect to account page after adding the user
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
|
|
|
@PostMapping("/admin/changeUserEnabled/{username}")
|
|
|
|
|
public RedirectView changeUserEnabled(
|
|
|
|
|
@PathVariable("username") String username,
|
|
|
|
|
@RequestParam("enabled") boolean enabled,
|
|
|
|
|
Authentication authentication)
|
|
|
|
|
throws IOException {
|
|
|
|
|
|
|
|
|
|
Optional<User> userOpt = userService.findByUsernameIgnoreCase(username);
|
|
|
|
|
|
|
|
|
|
if (!userOpt.isPresent()) {
|
|
|
|
|
return new RedirectView("/addUsers?messageType=userNotFound", true);
|
|
|
|
|
}
|
|
|
|
|
if (!userService.usernameExistsIgnoreCase(username)) {
|
|
|
|
|
return new RedirectView("/addUsers?messageType=userNotFound", true);
|
|
|
|
|
}
|
|
|
|
|
// Get the currently authenticated username
|
|
|
|
|
String currentUsername = authentication.getName();
|
|
|
|
|
|
|
|
|
|
// Check if the provided username matches the current session's username
|
|
|
|
|
if (currentUsername.equalsIgnoreCase(username)) {
|
|
|
|
|
return new RedirectView("/addUsers?messageType=disabledCurrentUser", true);
|
|
|
|
|
}
|
|
|
|
|
User user = userOpt.get();
|
|
|
|
|
|
|
|
|
|
userService.changeUserEnabled(user, enabled);
|
|
|
|
|
|
|
|
|
|
if (!enabled) {
|
|
|
|
|
// Invalidate all sessions if the user is being disabled
|
|
|
|
|
List<Object> principals = sessionRegistry.getAllPrincipals();
|
|
|
|
|
String userNameP = "";
|
|
|
|
|
for (Object principal : principals) {
|
|
|
|
|
List<SessionInformation> sessionsInformations =
|
|
|
|
|
sessionRegistry.getAllSessions(principal, false);
|
|
|
|
|
if (principal instanceof UserDetails) {
|
|
|
|
|
userNameP = ((UserDetails) principal).getUsername();
|
|
|
|
|
} else if (principal instanceof OAuth2User) {
|
|
|
|
|
userNameP = ((OAuth2User) principal).getName();
|
2024-10-20 13:30:58 +02:00
|
|
|
} else if (principal instanceof CustomSaml2AuthenticatedPrincipal) {
|
|
|
|
|
userNameP = ((CustomSaml2AuthenticatedPrincipal) principal).getName();
|
2024-08-16 12:57:37 +02:00
|
|
|
} else if (principal instanceof String) {
|
|
|
|
|
userNameP = (String) principal;
|
|
|
|
|
}
|
|
|
|
|
if (userNameP.equalsIgnoreCase(username)) {
|
|
|
|
|
for (SessionInformation sessionsInformation : sessionsInformations) {
|
|
|
|
|
sessionRegistry.expireSession(sessionsInformation.getSessionId());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView(
|
|
|
|
|
"/addUsers", true); // Redirect to account page after adding the user
|
2024-05-02 14:52:50 -06:00
|
|
|
}
|
|
|
|
|
|
2023-08-13 01:12:29 +01:00
|
|
|
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
2023-08-30 22:52:38 +01:00
|
|
|
@PostMapping("/admin/deleteUser/{username}")
|
2024-03-09 14:03:46 +00:00
|
|
|
public RedirectView deleteUser(
|
2024-08-16 12:57:37 +02:00
|
|
|
@PathVariable("username") String username, Authentication authentication) {
|
2024-03-06 23:14:02 +01:00
|
|
|
|
2024-04-14 23:07:03 +02:00
|
|
|
if (!userService.usernameExistsIgnoreCase(username)) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/addUsers?messageType=deleteUsernameExists", true);
|
2024-03-06 23:14:02 +01:00
|
|
|
}
|
2023-12-30 19:11:27 +00:00
|
|
|
|
2023-08-30 22:52:38 +01:00
|
|
|
// Get the currently authenticated username
|
|
|
|
|
String currentUsername = authentication.getName();
|
|
|
|
|
|
|
|
|
|
// Check if the provided username matches the current session's username
|
2024-04-14 23:07:03 +02:00
|
|
|
if (currentUsername.equalsIgnoreCase(username)) {
|
2024-06-06 21:59:13 +01:00
|
|
|
return new RedirectView("/addUsers?messageType=deleteCurrentUser", true);
|
2023-08-30 22:52:38 +01:00
|
|
|
}
|
2024-02-18 15:47:19 +00:00
|
|
|
|
2024-08-16 12:57:37 +02:00
|
|
|
// Invalidate all sessions before deleting the user
|
|
|
|
|
List<SessionInformation> sessionsInformations =
|
|
|
|
|
sessionRegistry.getAllSessions(authentication.getPrincipal(), false);
|
|
|
|
|
for (SessionInformation sessionsInformation : sessionsInformations) {
|
|
|
|
|
sessionRegistry.expireSession(sessionsInformation.getSessionId());
|
|
|
|
|
sessionRegistry.removeSessionInformation(sessionsInformation.getSessionId());
|
2024-02-18 15:47:19 +00:00
|
|
|
}
|
2024-08-16 12:57:37 +02:00
|
|
|
userService.deleteUser(username);
|
|
|
|
|
return new RedirectView("/addUsers", true);
|
2024-02-18 15:47:19 +00:00
|
|
|
}
|
|
|
|
|
|
2023-12-27 22:56:51 +00:00
|
|
|
@PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
|
2023-08-13 18:19:15 +01:00
|
|
|
@PostMapping("/get-api-key")
|
|
|
|
|
public ResponseEntity<String> getApiKey(Principal principal) {
|
|
|
|
|
if (principal == null) {
|
|
|
|
|
return ResponseEntity.status(HttpStatus.FORBIDDEN).body("User not authenticated.");
|
|
|
|
|
}
|
|
|
|
|
String username = principal.getName();
|
|
|
|
|
String apiKey = userService.getApiKeyForUser(username);
|
|
|
|
|
if (apiKey == null) {
|
|
|
|
|
return ResponseEntity.status(HttpStatus.NOT_FOUND).body("API key not found for user.");
|
|
|
|
|
}
|
|
|
|
|
return ResponseEntity.ok(apiKey);
|
|
|
|
|
}
|
2023-08-13 01:12:29 +01:00
|
|
|
|
2023-12-27 22:56:51 +00:00
|
|
|
@PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
|
2023-08-13 18:19:15 +01:00
|
|
|
@PostMapping("/update-api-key")
|
|
|
|
|
public ResponseEntity<String> updateApiKey(Principal principal) {
|
|
|
|
|
if (principal == null) {
|
|
|
|
|
return ResponseEntity.status(HttpStatus.FORBIDDEN).body("User not authenticated.");
|
|
|
|
|
}
|
|
|
|
|
String username = principal.getName();
|
|
|
|
|
User user = userService.refreshApiKeyForUser(username);
|
|
|
|
|
String apiKey = user.getApiKey();
|
|
|
|
|
if (apiKey == null) {
|
|
|
|
|
return ResponseEntity.status(HttpStatus.NOT_FOUND).body("API key not found for user.");
|
|
|
|
|
}
|
|
|
|
|
return ResponseEntity.ok(apiKey);
|
|
|
|
|
}
|
2024-03-29 17:02:33 -04:00
|
|
|
|
2024-03-28 17:44:10 +00:00
|
|
|
private static final String LOGIN_MESSAGETYPE_CREDSUPDATED = "/login?messageType=credsUpdated";
|
2023-08-12 02:29:10 +01:00
|
|
|
}
|
