api

ad71e2c6 · Jan Hrabal · db503a46 · ad71e2c6 · ad71e2c6
Commit ad71e2c6 authored Aug 26, 2019 by Jan Hrabal
Showing with 131 additions and 128 deletions

AuthApiController.java ...main/java/com/jh/boot/security/api/AuthApiController.java +1 -1

AppUserAuthService.java ...java/com/jh/boot/security/service/AppUserAuthService.java +130 -127

No files found.
--- a/src/main/java/com/jh/boot/security/api/AuthApiController.java
+++ b/src/main/java/com/jh/boot/security/api/AuthApiController.java
@@ -179,7 +179,7 @@ public class AuthApiController {
    	Utils.sleep(250);
    	String token = resetPassword.getToken();
    	if (!StringUtils.hasText(token)) {
-    		return new ResponseEntity<>(Collections.singletonList(new AuthError(null, "NO_TOKEN")), HttpStatus.BAD_REQUEST);
+    		return new ResponseEntity<>(Collections.singletonList(new AuthError(null, "AUTH.NO_TOKEN")), HttpStatus.BAD_REQUEST);
    	}
    	
    	List<ErrorMessage> errors = new ArrayList<>();

--- a/src/main/java/com/jh/boot/security/service/AppUserAuthService.java
+++ b/src/main/java/com/jh/boot/security/service/AppUserAuthService.java
-package com.jh.boot.security.service;
-
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.UUID;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.transaction.annotation.Transactional;
-import org.springframework.util.StringUtils;
-
-import com.jh.boot.security.AppUserAuthentication;
-import com.jh.boot.security.AuthService;
-import com.jh.boot.security.AuthServiceListener;
-import com.jh.boot.security.GrantedRole;
-import com.jh.boot.security.PasswordHash;
-import com.jh.boot.security.PasswordUtils;
-import com.jh.boot.security.model.AppUser;
-import com.jh.boot.security.model.ResetPasswordToken;
-import com.jh.boot.security.repository.AppUserRepository;
-
-
-
-public class AppUserAuthService implements AuthService {
-
-	private static final Logger LOG = LoggerFactory.getLogger(AppUserAuthService.class);
-	
-	private AppUserRepository appUserRepository;
-	
-	private Collection<AuthServiceListener> authListeners;
-	
-
-	@Override
-	@Transactional
-	public Authentication authenticate(String login, String password) throws BadCredentialsException {
-		AppUser user = appUserRepository.fetchByLoginDetached(login);
-		if (user == null) {
-			throw new BadCredentialsException("User not found");
-		}
-		if (!PasswordUtils.checkPassword(password, user.getPassword(), user.getPasswordSalt())) {
-			throw new BadCredentialsException("Bad password");
-		}
-		
-		//sanitize object
-		user.setDeleted(null);
-		user.setPassword(null);
-		user.setPasswordSalt(null);
-		user.setVersion(null);
-		
-		Set<GrantedRole> roles = new HashSet<>();
-		
-		AppUserAuthentication auth = new AppUserAuthentication(user, roles);
-		return auth;
-	}
-
-	@Override
-	@Transactional
-	public void register(String login, String password) throws AuthenticationException {
-		AppUser user = appUserRepository.findByLogin(login);
-		if (user != null) {
-			throw new BadCredentialsException("User already exists");
-		}
-		if (!StringUtils.hasText(login) || !StringUtils.hasText(password)) {
-			throw new BadCredentialsException("Bad username or password");
-		}
-		AppUser appUser = appUserRepository.registerUser(login, password);
-		
-		if (authListeners != null) {
-			authListeners.forEach(al -> al.registerUser(appUser));
-		}
-	}
-
-	@Override
-	@Transactional
-	public String generateResetToken(String login) {
-		AppUser user = appUserRepository.findByLogin(login);
-		if (user == null) {
-			throw new BadCredentialsException("User does not exist");
-		}
-		
-		ResetPasswordToken token = new ResetPasswordToken(login, new Date(), UUID.randomUUID().toString());
-		appUserRepository.saveResetPasswordToken(token);
-		
-		if (authListeners != null) {
-			authListeners.forEach(al -> al.generateResetToken(user, token));
-		}
-		
-		return token.getToken();
-	}
-
-	
-	@Override
-	@Transactional
-	public void resetPassword(String login, String token, String newPassword) throws AuthenticationException {
-		ResetPasswordToken rpt = appUserRepository.findResetPasswordToken(login, token);
-		if (rpt == null) {
-			throw new BadCredentialsException("Invalid token");
-		}
-	
-		AppUser user = appUserRepository.findByLogin(login);
-		if (user == null) {
-			throw new BadCredentialsException("User does not exist");
-		}
-		
-		PasswordHash hash = PasswordUtils.hashPassword(newPassword);
-		user.setPassword(hash.getHash());
-		user.setPasswordSalt(hash.getSalt());
-	}
-	
-	
-	@Autowired(required = false)
-	public void setAppUserRepository(AppUserRepository appUserRepository) {
-		this.appUserRepository = appUserRepository;
-	}
-
-	@Autowired(required = false)
-	public void setAuthListeners(Collection<AuthServiceListener> authListeners) {
-		this.authListeners = authListeners;
-	}
-	
-}
+package com.jh.boot.security.service;
+
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.UUID;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.StringUtils;
+
+import com.jh.boot.security.AppUserAuthentication;
+import com.jh.boot.security.AuthService;
+import com.jh.boot.security.AuthServiceListener;
+import com.jh.boot.security.GrantedRole;
+import com.jh.boot.security.PasswordHash;
+import com.jh.boot.security.PasswordUtils;
+import com.jh.boot.security.model.AppUser;
+import com.jh.boot.security.model.ResetPasswordToken;
+import com.jh.boot.security.repository.AppUserRepository;
+
+
+
+public class AppUserAuthService implements AuthService {
+
+	private static final Logger LOG = LoggerFactory.getLogger(AppUserAuthService.class);
+	
+	private AppUserRepository appUserRepository;
+	
+	private Collection<AuthServiceListener> authListeners;
+	
+
+	@Override
+	@Transactional
+	public Authentication authenticate(String login, String password) throws BadCredentialsException {
+		AppUser user = appUserRepository.fetchByLoginDetached(login);
+		if (user == null) {
+			throw new BadCredentialsException("AUTH.USER_NOT_FOUND");
+		}
+		if (!PasswordUtils.checkPassword(password, user.getPassword(), user.getPasswordSalt())) {
+			throw new BadCredentialsException("AUTH.BAD_PASSWORD");
+		}
+		
+		//sanitize object
+		user.setDeleted(null);
+		user.setPassword(null);
+		user.setPasswordSalt(null);
+		user.setVersion(null);
+		
+		Set<GrantedRole> roles = new HashSet<>();
+		
+		AppUserAuthentication auth = new AppUserAuthentication(user, roles);
+		return auth;
+	}
+
+	@Override
+	@Transactional
+	public void register(String login, String password) throws AuthenticationException {
+		AppUser user = appUserRepository.findByLogin(login);
+		if (user != null) {
+			throw new BadCredentialsException("AUTH.USER_ALREADY_EXISTS");
+		}
+		if (!StringUtils.hasText(login) || !StringUtils.hasText(password)) {
+			throw new BadCredentialsException("AUTH.BAD_USERNAME_OR_PASSWORD");
+		}
+		if (!PasswordUtils.validatePassword(password)) {
+			throw new BadCredentialsException("AUTH.BAD_PASSWORD");
+		}
+		AppUser appUser = appUserRepository.registerUser(login, password);
+		
+		if (authListeners != null) {
+			authListeners.forEach(al -> al.registerUser(appUser));
+		}
+	}
+
+	@Override
+	@Transactional
+	public String generateResetToken(String login) {
+		AppUser user = appUserRepository.findByLogin(login);
+		if (user == null) {
+			throw new BadCredentialsException("AUTH.USER_NOT_FOUND");
+		}
+		
+		ResetPasswordToken token = new ResetPasswordToken(login, new Date(), UUID.randomUUID().toString());
+		appUserRepository.saveResetPasswordToken(token);
+		
+		if (authListeners != null) {
+			authListeners.forEach(al -> al.generateResetToken(user, token));
+		}
+		
+		return token.getToken();
+	}
+
+	
+	@Override
+	@Transactional
+	public void resetPassword(String login, String token, String newPassword) throws AuthenticationException {
+		ResetPasswordToken rpt = appUserRepository.findResetPasswordToken(login, token);
+		if (rpt == null) {
+			throw new BadCredentialsException("AUTH.INVALID_TOKEN");
+		}
+	
+		AppUser user = appUserRepository.findByLogin(login);
+		if (user == null) {
+			throw new BadCredentialsException("AUTH.USER_NOT_FOUND");
+		}
+		
+		PasswordHash hash = PasswordUtils.hashPassword(newPassword);
+		user.setPassword(hash.getHash());
+		user.setPasswordSalt(hash.getSalt());
+	}
+	
+	
+	@Autowired(required = false)
+	public void setAppUserRepository(AppUserRepository appUserRepository) {
+		this.appUserRepository = appUserRepository;
+	}
+
+	@Autowired(required = false)
+	public void setAuthListeners(Collection<AuthServiceListener> authListeners) {
+		this.authListeners = authListeners;
+	}
+	
+}