From a0fe5f989a0e97728392b08f785324be63190d80 Mon Sep 17 00:00:00 2001 From: Claudio Maggioni Date: Fri, 6 Mar 2020 10:21:36 +0100 Subject: [PATCH] Revert "Added support for password reset (still needs testing)" This reverts commit 7396e6f0d949cecb48f63663855c25aee43a673c. --- .../smarthut/config/WebSecurityConfig.java | 3 +- .../controller/UserAccountController.java | 110 ++++-------------- .../dto/InitPasswordResetRequest.java | 25 ---- .../smarthut/dto/PasswordResetRequest.java | 34 ------ .../smarthut/models/ConfirmationToken.java | 14 +-- src/main/resources/application.properties | 10 +- 6 files changed, 25 insertions(+), 171 deletions(-) delete mode 100644 src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/dto/InitPasswordResetRequest.java delete mode 100644 src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/dto/PasswordResetRequest.java diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/WebSecurityConfig.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/WebSecurityConfig.java index 253998d..e38d0df 100644 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/WebSecurityConfig.java +++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/WebSecurityConfig.java @@ -52,11 +52,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .authorizeRequests() .antMatchers( "/auth/login", + "/auth/register", "/swagger-ui.html", "/register", "/register/confirm-account", - "/register/init-reset-password", - "/register/reset-password", "/v2/api-docs", "/webjars/**", "/swagger-resources/**", diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/UserAccountController.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/UserAccountController.java index 4959e79..e238f16 100644 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/UserAccountController.java +++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/UserAccountController.java @@ -1,12 +1,9 @@ package ch.usi.inf.sa4.sanmarinoes.smarthut.controller; -import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.InitPasswordResetRequest; import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.OkResponse; -import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.PasswordResetRequest; import ch.usi.inf.sa4.sanmarinoes.smarthut.dto.UserRegistrationRequest; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.DuplicateRegistrationException; import ch.usi.inf.sa4.sanmarinoes.smarthut.error.EmailTokenNotFoundException; -import ch.usi.inf.sa4.sanmarinoes.smarthut.error.UserNotFoundException; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.ConfirmationToken; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.ConfirmationTokenRepository; import ch.usi.inf.sa4.sanmarinoes.smarthut.models.User; @@ -15,11 +12,15 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.service.EmailSenderService; import javax.validation.Valid; import javax.validation.constraints.NotNull; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.mail.SimpleMailMessage; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.RestController; @RestController @EnableAutoConfiguration @@ -34,36 +35,6 @@ public class UserAccountController { @Autowired private BCryptPasswordEncoder encoder; - @Value("email.registrationsubject") - private String emailRegistrationSubject; - - @Value("email.resetpasswordsubject") - private String resetPasswordSubject; - - @Value("email.registration") - private String emailRegistrationText; - - @Value("email.resetpassword") - private String resetPasswordText; - - @Value("email.serverhost") - private String serverHost; - - private void sendEmail(String email, ConfirmationToken token, boolean isRegistration) { - SimpleMailMessage mailMessage = new SimpleMailMessage(); - mailMessage.setTo(email); - mailMessage.setSubject(isRegistration ? emailRegistrationSubject : resetPasswordSubject); - mailMessage.setFrom("smarthut.sm@gmail.com"); - mailMessage.setText( - (isRegistration ? emailRegistrationText : resetPasswordText) - + " " - + serverHost - + "/register/confirm-account?token=" - + token.getConfirmationToken()); - - emailSenderService.sendEmail(mailMessage); - } - @PostMapping public OkResponse registerUser(@Valid @RequestBody UserRegistrationRequest registrationData) throws DuplicateRegistrationException { @@ -89,72 +60,35 @@ public class UserAccountController { toSave.setEmail(registrationData.getEmail()); userRepository.save(toSave); - ConfirmationToken token; - do { - token = new ConfirmationToken(toSave); - } while (confirmationTokenRepository.findByConfirmationToken( - token.getConfirmationToken()) - != null); + ConfirmationToken confirmationToken = new ConfirmationToken(toSave); - confirmationTokenRepository.save(token); + confirmationTokenRepository.save(confirmationToken); - sendEmail(toSave.getEmail(), token, true); + SimpleMailMessage mailMessage = new SimpleMailMessage(); + mailMessage.setTo(registrationData.getEmail()); + mailMessage.setSubject("Complete Registration!"); + mailMessage.setFrom("smarthut.sm@gmail.com"); + mailMessage.setText( + "To confirm your account, please click here : " + + "http://localhost:8080/register/confirm-account?token=" + + confirmationToken.getConfirmationToken()); + + emailSenderService.sendEmail(mailMessage); return new OkResponse(); } } - @PostMapping("/init-reset-password") - public OkResponse initResetPassword(@Valid @RequestBody InitPasswordResetRequest resetRequest) - throws UserNotFoundException { - final User toReset = userRepository.findByEmailIgnoreCase(resetRequest.getEmail()); - - // Check if an User with the same email already exists - if (toReset == null) { - throw new UserNotFoundException(); - } - - ConfirmationToken token; - do { - token = new ConfirmationToken(toReset); - token.setResetPassword(true); - } while (confirmationTokenRepository.findByConfirmationToken(token.getConfirmationToken()) - != null); - - confirmationTokenRepository.save(token); - - sendEmail(toReset.getEmail(), token, false); - - return new OkResponse(); - } - - @PutMapping("/reset-password") - public OkResponse resetPassword(@Valid @RequestBody PasswordResetRequest resetRequest) - throws EmailTokenNotFoundException { - final ConfirmationToken token = - confirmationTokenRepository.findByConfirmationToken( - resetRequest.getConfirmationToken()); - - if (token == null || token.getResetPassword()) { - throw new EmailTokenNotFoundException(); - } - - final User user = token.getUser(); - user.setPassword(encoder.encode(resetRequest.getPassword())); - userRepository.save(user); - - return new OkResponse(); - } - @GetMapping(value = "/confirm-account") public OkResponse confirmUserAccount(@RequestParam("token") @NotNull String confirmationToken) throws EmailTokenNotFoundException { final ConfirmationToken token = confirmationTokenRepository.findByConfirmationToken(confirmationToken); - if (token != null && !token.getResetPassword()) { - token.getUser().setEnabled(true); - userRepository.save(token.getUser()); + if (token != null) { + final User user = userRepository.findByEmailIgnoreCase(token.getUser().getEmail()); + user.setEnabled(true); + userRepository.save(user); // TODO: redirect to frontend return new OkResponse(); } else { diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/dto/InitPasswordResetRequest.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/dto/InitPasswordResetRequest.java deleted file mode 100644 index d82c4f0..0000000 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/dto/InitPasswordResetRequest.java +++ /dev/null @@ -1,25 +0,0 @@ -package ch.usi.inf.sa4.sanmarinoes.smarthut.dto; - -import javax.validation.constraints.Email; -import javax.validation.constraints.NotEmpty; -import javax.validation.constraints.Pattern; - -/** DTO for password reset request */ -public class InitPasswordResetRequest { - /** - * The user's email (validated according to criteria used in >input type="email"<> - * , technically not RFC 5322 compliant - */ - @NotEmpty(message = "Please provide an email") - @Email(message = "Please provide a valid email address") - @Pattern(regexp = ".+@.+\\..+", message = "Please provide a valid email address") - private String email; - - public String getEmail() { - return email; - } - - public void setEmail(String email) { - this.email = email; - } -} diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/dto/PasswordResetRequest.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/dto/PasswordResetRequest.java deleted file mode 100644 index bf5bccf..0000000 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/dto/PasswordResetRequest.java +++ /dev/null @@ -1,34 +0,0 @@ -package ch.usi.inf.sa4.sanmarinoes.smarthut.dto; - -import javax.validation.constraints.*; - -/** DTO for password reset request */ -public class PasswordResetRequest { - - @NotNull private String confirmationToken; - - /** A properly salted way to store the password */ - @NotNull - @NotEmpty(message = "Please provide a password") - @Size( - min = 6, - max = 255, - message = "Your password should be at least 6 characters long and up to 255 chars long") - private String password; - - public String getConfirmationToken() { - return confirmationToken; - } - - public void setConfirmationToken(String confirmationToken) { - this.confirmationToken = confirmationToken; - } - - public String getPassword() { - return password; - } - - public void setPassword(String password) { - this.password = password; - } -} diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/models/ConfirmationToken.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/models/ConfirmationToken.java index d324724..f6c86a0 100644 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/models/ConfirmationToken.java +++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/models/ConfirmationToken.java @@ -21,7 +21,7 @@ public class ConfirmationToken { @Column(name = "id", updatable = false, nullable = false) private Long id; - @Column(name = "confirmation_token", unique = true) + @Column(name = "confirmation_token") private String confirmationToken; @Temporal(TemporalType.TIMESTAMP) @@ -31,14 +31,10 @@ public class ConfirmationToken { @JoinColumn(nullable = false, name = "user_id") private User user; - @Column(nullable = false) - private Boolean resetPassword; - public ConfirmationToken(User user) { this.user = user; createdDate = new Date(); confirmationToken = UUID.randomUUID().toString(); - resetPassword = false; } /** Constructor for hibernate reflective stuff things whatever */ @@ -75,12 +71,4 @@ public class ConfirmationToken { public void setUser(User user) { this.user = user; } - - public Boolean getResetPassword() { - return resetPassword; - } - - public void setResetPassword(Boolean resetPassword) { - this.resetPassword = resetPassword; - } } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 26d5e8e..9bfe2a7 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -22,12 +22,4 @@ spring.mail.properties.mail.smtp.starttls.required=true spring.mail.properties.mail.smtp.auth=true spring.mail.properties.mail.smtp.connectiontimeout=5000 spring.mail.properties.mail.smtp.timeout=5000 -spring.mail.properties.mail.smtp.writetimeout=5000 - -email.registrationsubject=Complete your SmartHut.sm registration -email.registration=To confirm your registration, please click here: - -email.resetpasswordsubject=SmartHut.sm password reset -email.resetpassword=To reset your password, please click here: - -email.serverhost=http://localhost:8080/ \ No newline at end of file +spring.mail.properties.mail.smtp.writetimeout=5000 \ No newline at end of file