modules

39a08cb7 · jhrabal · d41ee4c2 · 39a08cb7 · 39a08cb7 · 39a08cb7
Commit 39a08cb7 authored Aug 12, 2019 by jhrabal
6 changed files
--- a/src/main/java/com/jh/boot/email/LocalEmailService.java
+++ b/src/main/java/com/jh/boot/email/LocalEmailService.java
@@ -15,7 +15,6 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.io.ByteArrayResource;
 import org.springframework.mail.javamail.JavaMailSender;
 import org.springframework.mail.javamail.MimeMessageHelper;
-import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.util.StringUtils;

 /**
@@ -66,25 +65,26 @@ public class LocalEmailService implements EmailService {
 		}
 		
 		repo.save(email);
+		
+		//TODO
+		doSendEmail(email);
+		
 		return email;
 	}

 		
-	/**
-	 * Scheduled.
-	 */
-	@Scheduled(fixedDelayString = "${localEmail.scheduled.interval.ms:120000}")
-	@Transactional
-	public void scheduled() {
-		List<Email> emails = repo.fetchEmailsToSend();
-		if (emails == null || emails.isEmpty()) {
-			return;
-		}
-		LOG.info("Going to send {} emails", emails.size());
-		for (Email email : emails) {
-			doSendEmail(email);
-		}
-	}
+//	@Scheduled(fixedDelayString = "${localEmail.scheduled.interval.ms:120000}")
+//	@Transactional
+//	public void scheduled() {
+//		List<Email> emails = repo.fetchEmailsToSend();
+//		if (emails == null || emails.isEmpty()) {
+//			return;
+//		}
+//		LOG.info("Going to send {} emails", emails.size());
+//		for (Email email : emails) {
+//			doSendEmail(email);
+//		}
+//	}


 	/**

--- a/src/main/java/com/jh/boot/security/AppUserAuthentication.java
+++ b/src/main/java/com/jh/boot/security/AppUserAuthentication.java
+package com.jh.boot.security;
+
+import java.util.Collection;
+
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+
+import com.jh.boot.security.model.AppUser;
+
+public class AppUserAuthentication extends AbstractAuthenticationToken {
+	
+	private static final long serialVersionUID = 1L;
+
+	private AppUser user;
+	
+	public AppUserAuthentication(AppUser user, Collection<? extends GrantedAuthority> authorities) {
+		super(authorities);
+		this.user = user;
+	}
+
+	@Override
+	public Object getCredentials() {
+		return null;
+	}
+
+	@Override
+	public Object getPrincipal() {
+		return user;
+	}
+
+	public AppUser getUser() {
+		return user;
+	}
+
+	@Override
+	public boolean isAuthenticated() {
+		return true;
+	}
+
+
+	
+}
--- a/src/main/java/com/jh/boot/security/SecurityHelper.java
+++ b/src/main/java/com/jh/boot/security/SecurityHelper.java
+package com.jh.boot.security;
+
+import com.jh.boot.security.model.AppUser;
+
+public class SecurityHelper {
+
+	private SecurityHelper() {
+	}
+
+	public boolean hasRole(AppUser user, String...roles) {
+		return true;
+	}
+	
+	
+}
--- a/src/main/java/com/jh/boot/security/api/AuthApiController.java
+++ b/src/main/java/com/jh/boot/security/api/AuthApiController.java
@@ -20,15 +20,19 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.ResponseStatus;

+import com.jh.boot.security.AppUserAuthentication;
 import com.jh.boot.security.AuthError;
 import com.jh.boot.security.AuthService;
 import com.jh.boot.security.PasswordUtils;
+import com.jh.boot.security.model.AppUser;
 import com.jh.boot.utils.Utils;
 import com.jh.boot.web.error.BadRequestException;
 import com.jh.boot.web.error.ErrorMessage;
@@ -150,7 +154,7 @@ public class AuthApiController {
    }
    
    
-    @RequestMapping(path = "/auth/resetPassword", method = RequestMethod.POST)
+    @PostMapping(path = "/auth/resetPassword")
    public ResponseEntity<List<AuthError>> reset(@RequestBody ResetPassword resetPassword) {
    	if (!resetEnabled) {
    		return ResponseEntity.notFound().build();
@@ -185,4 +189,15 @@ public class AuthApiController {
    }
    
    
+    @GetMapping("/auth/user")
+    public @ResponseBody AppUser user() {
+    	Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+    	if (auth instanceof AppUserAuthentication) {
+    		return ((AppUserAuthentication) auth).getUser();
+    	}
+
+    	//TODO other auth types?
+    	return null;
+    }
+    
 }
--- a/src/main/java/com/jh/boot/security/repository/AppUserRepository.java
+++ b/src/main/java/com/jh/boot/security/repository/AppUserRepository.java
@@ -23,6 +23,21 @@ public class AppUserRepository extends AbstractHibernateRepository {
 	}
 	
 	
+	public AppUser fetchByLoginDetached(String username) {
+		if (!StringUtils.hasText(username)) {
+			return null;
+		}
+		Query q = entityManager.createQuery("select au from AppUser au left join fetch au.roles where lower(au.email) = :email");
+		q.setParameter("email", username.trim().toLowerCase());
+		AppUser user = singleResult(q);
+		if (user == null) {
+			return null;
+		}
+		entityManager.detach(user);
+		return user;
+	}
+	
+	
 	public AppUser registerUser(String username, String password) {
 		AppUser user = new AppUser();
 		user.setEmail(username);

--- a/src/main/java/com/jh/boot/security/service/AppUserAuthService.java
+++ b/src/main/java/com/jh/boot/security/service/AppUserAuthService.java
@@ -10,12 +10,12 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;

+import com.jh.boot.security.AppUserAuthentication;
 import com.jh.boot.security.AuthService;
 import com.jh.boot.security.AuthServiceListener;
 import com.jh.boot.security.GrantedRole;
@@ -39,7 +39,7 @@ public class AppUserAuthService implements AuthService {
 	@Override
 	@Transactional
 	public Authentication authenticate(String login, String password) throws BadCredentialsException {
-		AppUser user = appUserRepository.findByLogin(login);
+		AppUser user = appUserRepository.fetchByLoginDetached(login);
 		if (user == null) {
 			throw new BadCredentialsException("User not found");
 		}
@@ -47,9 +47,15 @@ public class AppUserAuthService implements AuthService {
 			throw new BadCredentialsException("Bad password");
 		}
 		
+		//sanitize object
+		user.setDeleted(null);
+		user.setPassword(null);
+		user.setPasswordSalt(null);
+		user.setVersion(null);
+		
 		Set<GrantedRole> roles = new HashSet<>();
 		
-		UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(user.getEmail(), user.getPassword(), roles);
+		AppUserAuthentication auth = new AppUserAuthentication(user, roles);
 		return auth;
 	}