api

ad71e2c6 · Jan Hrabal · db503a46 · ad71e2c6 · ad71e2c6
Commit ad71e2c6 authored Aug 26, 2019 by Jan Hrabal
Showing with 131 additions and 128 deletions

AuthApiController.java ...main/java/com/jh/boot/security/api/AuthApiController.java +1 -1

AppUserAuthService.java ...java/com/jh/boot/security/service/AppUserAuthService.java +130 -127

No files found.
--- a/src/main/java/com/jh/boot/security/api/AuthApiController.java
+++ b/src/main/java/com/jh/boot/security/api/AuthApiController.java
@@ -179,7 +179,7 @@ public class AuthApiController {
    	Utils.sleep(250);
    	String token = resetPassword.getToken();
    	if (!StringUtils.hasText(token)) {
-    		return new ResponseEntity<>(Collections.singletonList(new AuthError(null, "NO_TOKEN")), HttpStatus.BAD_REQUEST);
+    		return new ResponseEntity<>(Collections.singletonList(new AuthError(null, "AUTH.NO_TOKEN")), HttpStatus.BAD_REQUEST);
    	}
    	List<ErrorMessage> errors = new ArrayList<>();

--- a/src/main/java/com/jh/boot/security/service/AppUserAuthService.java
+++ b/src/main/java/com/jh/boot/security/service/AppUserAuthService.java
 package com.jh.boot.security.service;
 import java.util.Collection;
 import java.util.Date;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.UUID;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
 import com.jh.boot.security.AppUserAuthentication;
 import com.jh.boot.security.AuthService;
 import com.jh.boot.security.AuthServiceListener;
 import com.jh.boot.security.GrantedRole;
 import com.jh.boot.security.PasswordHash;
 import com.jh.boot.security.PasswordUtils;
 import com.jh.boot.security.model.AppUser;
 import com.jh.boot.security.model.ResetPasswordToken;
 import com.jh.boot.security.repository.AppUserRepository;
 public class AppUserAuthService implements AuthService {
 	private static final Logger LOG = LoggerFactory.getLogger(AppUserAuthService.class);
 	private AppUserRepository appUserRepository;
 	private Collection<AuthServiceListener> authListeners;
 	@Override
 	@Transactional
 	public Authentication authenticate(String login, String password) throws BadCredentialsException {
 		AppUser user = appUserRepository.fetchByLoginDetached(login);
 		if (user == null) {
-			throw new BadCredentialsException("User not found");
+			throw new BadCredentialsException("AUTH.USER_NOT_FOUND");
 		}
 		if (!PasswordUtils.checkPassword(password, user.getPassword(), user.getPasswordSalt())) {
-			throw new BadCredentialsException("Bad password");
+			throw new BadCredentialsException("AUTH.BAD_PASSWORD");
 		}
 		//sanitize object
 		user.setDeleted(null);
 		user.setPassword(null);
 		user.setPasswordSalt(null);
 		user.setVersion(null);
 		Set<GrantedRole> roles = new HashSet<>();
 		AppUserAuthentication auth = new AppUserAuthentication(user, roles);
 		return auth;
 	}
 	@Override
 	@Transactional
 	public void register(String login, String password) throws AuthenticationException {
 		AppUser user = appUserRepository.findByLogin(login);
 		if (user != null) {
-			throw new BadCredentialsException("User already exists");
+			throw new BadCredentialsException("AUTH.USER_ALREADY_EXISTS");
 		}
 		if (!StringUtils.hasText(login) || !StringUtils.hasText(password)) {
-			throw new BadCredentialsException("Bad username or password");
+			throw new BadCredentialsException("AUTH.BAD_USERNAME_OR_PASSWORD");
 		}
-		AppUser appUser = appUserRepository.registerUser(login, password);
+		if (!PasswordUtils.validatePassword(password)) {
+			throw new BadCredentialsException("AUTH.BAD_PASSWORD");
-		if (authListeners != null) {
+		}
-			authListeners.forEach(al -> al.registerUser(appUser));
+		AppUser appUser = appUserRepository.registerUser(login, password);
-		}
-	}
+		if (authListeners != null) {
+			authListeners.forEach(al -> al.registerUser(appUser));
-	@Override
+		}
-	@Transactional
+	}
-	public String generateResetToken(String login) {
-		AppUser user = appUserRepository.findByLogin(login);
+	@Override
-		if (user == null) {
+	@Transactional
-			throw new BadCredentialsException("User does not exist");
+	public String generateResetToken(String login) {
-		}
+		AppUser user = appUserRepository.findByLogin(login);
+		if (user == null) {
-		ResetPasswordToken token = new ResetPasswordToken(login, new Date(), UUID.randomUUID().toString());
+			throw new BadCredentialsException("AUTH.USER_NOT_FOUND");
-		appUserRepository.saveResetPasswordToken(token);
+		}
-		if (authListeners != null) {
+		ResetPasswordToken token = new ResetPasswordToken(login, new Date(), UUID.randomUUID().toString());
-			authListeners.forEach(al -> al.generateResetToken(user, token));
+		appUserRepository.saveResetPasswordToken(token);
-		}
+		if (authListeners != null) {
-		return token.getToken();
+			authListeners.forEach(al -> al.generateResetToken(user, token));
-	}
+		}
+		return token.getToken();
-	@Override
+	}
-	@Transactional
-	public void resetPassword(String login, String token, String newPassword) throws AuthenticationException {
-		ResetPasswordToken rpt = appUserRepository.findResetPasswordToken(login, token);
+	@Override
-		if (rpt == null) {
+	@Transactional
-			throw new BadCredentialsException("Invalid token");
+	public void resetPassword(String login, String token, String newPassword) throws AuthenticationException {
-		}
+		ResetPasswordToken rpt = appUserRepository.findResetPasswordToken(login, token);
+		if (rpt == null) {
-		AppUser user = appUserRepository.findByLogin(login);
+			throw new BadCredentialsException("AUTH.INVALID_TOKEN");
-		if (user == null) {
+		}
-			throw new BadCredentialsException("User does not exist");
-		}
+		AppUser user = appUserRepository.findByLogin(login);
+		if (user == null) {
-		PasswordHash hash = PasswordUtils.hashPassword(newPassword);
+			throw new BadCredentialsException("AUTH.USER_NOT_FOUND");
-		user.setPassword(hash.getHash());
+		}
-		user.setPasswordSalt(hash.getSalt());
-	}
+		PasswordHash hash = PasswordUtils.hashPassword(newPassword);
+		user.setPassword(hash.getHash());
+		user.setPasswordSalt(hash.getSalt());
-	@Autowired(required = false)
+	}
-	public void setAppUserRepository(AppUserRepository appUserRepository) {
-		this.appUserRepository = appUserRepository;
-	}
+	@Autowired(required = false)
+	public void setAppUserRepository(AppUserRepository appUserRepository) {
-	@Autowired(required = false)
+		this.appUserRepository = appUserRepository;
-	public void setAuthListeners(Collection<AuthServiceListener> authListeners) {
+	}
-		this.authListeners = authListeners;
-	}
+	@Autowired(required = false)
+	public void setAuthListeners(Collection<AuthServiceListener> authListeners) {
-}
+		this.authListeners = authListeners;
+	}
+}