Changing the ROLE_INSTITUTION activation by guid

3 years ago · d59671cf8d
10 changed files with 62 additions and 124 deletions
--- a/db/ddl.sql
+++ b/db/ddl.sql
@ -53,7 +53,7 @@ CREATE TABLE IF NOT EXISTS auth.users_roles (
 CREATE TABLE IF NOT EXISTS auth.users_provider_activationkey ( 
    id SERIAL PRIMARY KEY,
    users_id INT NOT NULL,
-    activationkey varchar(50) UNIQUE NOT NULL,
+    activationkey UUID UNIQUE NOT NULL,
    FOREIGN KEY (users_id) REFERENCES auth.users (id)
 );

@ -69,14 +69,13 @@ CREATE TABLE IF NOT EXISTS auth.educemaden_organizations (
    login varchar(50) NULL,
    address varchar(50) NULL,
    responsible varchar(50) NULL,
-    email VARCHAR(255) UNIQUE NOT NULL
+    activationkey UUID UNIQUE NOT NULL DEFAULT uuid_generate_v4()
 );

 CREATE TABLE IF NOT EXISTS auth.users_educemaden_organizations ( 
    id SERIAL PRIMARY KEY,
    users_id INT NOT NULL,
    educemaden_organizations_id INT NOT NULL,
-    activationkey varchar(50) UNIQUE NOT NULL,
-    active INT NOT NULL,
+    activationkey UUID UNIQUE NOT NULL,
    FOREIGN KEY (users_id) REFERENCES auth.users (id)
 );
--- a/src/main/java/org/waterproofingdata/wpdauth/controller/UsersController.java
+++ b/src/main/java/org/waterproofingdata/wpdauth/controller/UsersController.java
@ -83,41 +83,6 @@ public class UsersController {
 		  return userService.signup(CustomMapper.map(user, Users.class));
 	  }
 	  
-	  @PostMapping("/sendadminkeybyemailcemaden")
-	  @PreAuthorize("hasRole('ROLE_INSTITUTION')")
-	  @ApiOperation(
-		  value = "${UserController.sendadminkeybyemailcemaden}",
-		  authorizations = {@Authorization(value="apiKey")},
-		  notes = "This method is used for role 'ROLE_INSTITUTION'. To activate these users, a key is sent to the EduCemandenOrg e-mail and the user should inform this key to proceed."
-	  )
-	  @ApiResponses(value = {//
-		      @ApiResponse(code = 400, message = "Something went wrong"), //
-		      @ApiResponse(code = 403, message = "Access denied"), //
-		      @ApiResponse(code = 404, message = "User or Email Cemaden not found"), //
-		      @ApiResponse(code = 500, message = "Expired or invalid JWT token")
-	      }
-	  )
-	  public void sendadminkeybyemailcemaden(
-			  @ApiParam(
-	    		  name = "emailcemaden",
-	    		  type = "String",
-	    		  value = "Emailcemaden associated to the user",
-	    		  example = "The Cemaden e-mail registred in the database. The key will be sent to this e-mail, and the user should be inform this key to proceed.",
-	    		  required = true					  
-			  ) 
-			  @RequestParam String emailcemaden, //
-		      @ApiParam(
-	    		  name = "username",
-	    		  type = "String",
-	    		  value = "username of the user",
-	    		  example = "This is an unique field, and consumers should be aware of it. By convention, WP6 should send the user phone number (i.e. (99)99999-9999).",
-	    		  required = true
-			  ) 
-			  @RequestParam String username
-		  ) {
-		  userService.sendAdminKeyByEmailCemaden(emailcemaden, username);
-	  }	  
-
 	  @PostMapping("/activate")
 	  @PreAuthorize("hasRole('ROLE_INSTITUTION') or hasRole('ROLE_CLIENT')")
 	  @ApiOperation(
--- a/src/main/java/org/waterproofingdata/wpdauth/model/EduCemadenOrganizations.java
+++ b/src/main/java/org/waterproofingdata/wpdauth/model/EduCemadenOrganizations.java
@ -1,5 +1,7 @@
 package org.waterproofingdata.wpdauth.model;

+import java.util.UUID;
+
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.Id;
@ -47,5 +49,5 @@ public class EduCemadenOrganizations {
    private String responsible;
    
    @Column(nullable = false)
-    private String email;
+    private UUID activationkey;
 }
--- a/src/main/java/org/waterproofingdata/wpdauth/model/UsersEducemadenOrganizations.java
+++ b/src/main/java/org/waterproofingdata/wpdauth/model/UsersEducemadenOrganizations.java
@ -28,8 +28,5 @@ public class UsersEducemadenOrganizations {
    private Integer educemadenorganizationsid;

    @Column(nullable = false)
-    private String activationkey;
-    
-    @Column(nullable = false)
-    private Integer active;
+    private UUID activationkey;
 }
--- a/src/main/java/org/waterproofingdata/wpdauth/model/UsersProviderActivationKey.java
+++ b/src/main/java/org/waterproofingdata/wpdauth/model/UsersProviderActivationKey.java
@ -1,5 +1,7 @@
 package org.waterproofingdata.wpdauth.model;

+import java.util.UUID;
+
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.GeneratedValue;
@ -24,5 +26,5 @@ public class UsersProviderActivationKey {
    private Integer usersid;

    @Column(nullable = false)
-    private String activationkey;
+    private UUID activationkey;
 }
--- a/src/main/java/org/waterproofingdata/wpdauth/repository/EduCemadenOrganizationsRepository.java
+++ b/src/main/java/org/waterproofingdata/wpdauth/repository/EduCemadenOrganizationsRepository.java
@ -1,10 +1,10 @@
 package org.waterproofingdata.wpdauth.repository;

+import java.util.UUID;
+
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.waterproofingdata.wpdauth.model.EduCemadenOrganizations;

 public interface EduCemadenOrganizationsRepository extends JpaRepository<EduCemadenOrganizations, Integer> {
-	EduCemadenOrganizations findByPhone(String phone);
-	
-	EduCemadenOrganizations findByEmail(String email);
+	EduCemadenOrganizations findByActivationkey(UUID activationkey);
 }
--- a/src/main/java/org/waterproofingdata/wpdauth/repository/UsersEducemadenOrganizationsRepository.java
+++ b/src/main/java/org/waterproofingdata/wpdauth/repository/UsersEducemadenOrganizationsRepository.java
@ -1,5 +1,7 @@
 package org.waterproofingdata.wpdauth.repository;

+import java.util.UUID;
+
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Query;
 import org.waterproofingdata.wpdauth.model.UsersEducemadenOrganizations;
@ -8,8 +10,5 @@ public interface UsersEducemadenOrganizationsRepository extends JpaRepository<Us
 	
 	UsersEducemadenOrganizations findByUsersid(Integer usersid);
 	
-	UsersEducemadenOrganizations findByActivationkey(String activationkey);
-	
-	@Query(value = "SELECT * FROM auth.users_educemaden_organizations WHERE users_id = ?1 AND active = 1", nativeQuery = true)
-	UsersEducemadenOrganizations findByUserIdAndActivated(Integer userid);
+	UsersEducemadenOrganizations findByActivationkey(UUID activationkey);
 }
--- a/src/main/java/org/waterproofingdata/wpdauth/repository/UsersProviderActivationKeyRepository.java
+++ b/src/main/java/org/waterproofingdata/wpdauth/repository/UsersProviderActivationKeyRepository.java
@ -1,10 +1,12 @@
 package org.waterproofingdata.wpdauth.repository;

+import java.util.UUID;
+
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.waterproofingdata.wpdauth.model.UsersProviderActivationKey;

 public interface UsersProviderActivationKeyRepository extends JpaRepository<UsersProviderActivationKey, Integer> {
-	UsersProviderActivationKey findByActivationkey(String activationkey);
+	UsersProviderActivationKey findByActivationkey(UUID activationkey);
 	
 	UsersProviderActivationKey findByUsersid(Integer usersid);
 }
--- a/src/main/java/org/waterproofingdata/wpdauth/service/UsersService.java
+++ b/src/main/java/org/waterproofingdata/wpdauth/service/UsersService.java
@ -1,30 +1,27 @@
 package org.waterproofingdata.wpdauth.service;

-import java.util.List;
 import java.util.UUID;
+
 import javax.servlet.http.HttpServletRequest;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
-import org.springframework.mail.MailException;
-import org.springframework.mail.SimpleMailMessage;
 import org.springframework.mail.javamail.JavaMailSender;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
-
 import org.waterproofingdata.wpdauth.exception.CustomException;
 import org.waterproofingdata.wpdauth.model.EduCemadenOrganizations;
-import org.waterproofingdata.wpdauth.model.Users;
 import org.waterproofingdata.wpdauth.model.Roles;
+import org.waterproofingdata.wpdauth.model.Users;
 import org.waterproofingdata.wpdauth.model.UsersEducemadenOrganizations;
 import org.waterproofingdata.wpdauth.model.UsersProviderActivationKey;
 import org.waterproofingdata.wpdauth.repository.EduCemadenOrganizationsRepository;
 import org.waterproofingdata.wpdauth.repository.UsersEducemadenOrganizationsRepository;
-import org.waterproofingdata.wpdauth.repository.UsersRepository;
 import org.waterproofingdata.wpdauth.repository.UsersProviderActivationKeyRepository;
+import org.waterproofingdata.wpdauth.repository.UsersRepository;
 import org.waterproofingdata.wpdauth.security.JwtTokenProvider;

@Service
@ -50,8 +47,21 @@ public class UsersService {
 	  @Autowired
 	  private AuthenticationManager authenticationManager;
 	  
-	  @Autowired
-	  private JavaMailSender mailSender;	
+	  private void addNewUsersEducemadenOrganization(Integer userid, Integer educemadenorganizationsid, UUID uuid_activationkey, Roles role) {
+		  UsersEducemadenOrganizations userEducemadenOrg = new UsersEducemadenOrganizations();
+		  userEducemadenOrg.setUsersid(userid);
+		  userEducemadenOrg.setEducemadenorganizationsid(educemadenorganizationsid);
+		  userEducemadenOrg.setActivationkey(uuid_activationkey);
+		  usersEducemadenOrganizationsRepository.save(userEducemadenOrg);
+		  
+		  if (role == Roles.ROLE_INSTITUTION) {
+			  UUID new_uuid = UUID.randomUUID();
+			  UsersProviderActivationKey userRolesProviderActivationKey = new UsersProviderActivationKey();
+			  userRolesProviderActivationKey.setUsersid(userid);
+			  userRolesProviderActivationKey.setActivationkey(new_uuid);
+			  usersProviderActivationKeyRepository.save(userRolesProviderActivationKey);
+		  }
+	  }
 	  
 	  public boolean existsByUsername(String username) {
 		  return usersRepository.existsByUsername(username);
@ -126,34 +136,6 @@ public class UsersService {
 		  }
 	  }
 	  
-	  public void sendAdminKeyByEmailCemaden(String emailcemaden, String username) {
-	    Users user = search(username);
-	    EduCemadenOrganizations eduCemadenOrganization = eduCemadenOrganizationsRepository.findByEmail(emailcemaden);
-		if (eduCemadenOrganization == null) {
-			throw new CustomException("Email Cemaden not found.", HttpStatus.NOT_FOUND);
-		}
-		
-		String uuid = UUID.randomUUID().toString();
-        SimpleMailMessage message = new SimpleMailMessage(); 
-        message.setFrom("noreply@wp6.com");
-        message.setTo(emailcemaden); 
-        message.setSubject("Envio de código para alteração de senha"); 
-        message.setText(String.format("Olá! O usuário '%s' solicitou a ativação dele para ADMIN dessa Instituição, por isso você está recebendo esse código: '%s'. Se estiver correto, informe esse código ao solicitante e peça para entrar no aplicativo para prosseguir.", user.getNickname(), uuid));
-        try {
-        	mailSender.send(message);
-        }
-        catch (MailException me) {
-        	throw new CustomException("Something went wrong", HttpStatus.BAD_REQUEST);
-        }
-        
-        UsersEducemadenOrganizations userEducemadenOrg = new UsersEducemadenOrganizations();
-        userEducemadenOrg.setUsersid(user.getId());
-        userEducemadenOrg.setEducemadenorganizationsid(eduCemadenOrganization.getId());
-        userEducemadenOrg.setActivationkey(uuid);
-        userEducemadenOrg.setActive(0);
-        usersEducemadenOrganizationsRepository.save(userEducemadenOrg);
-	  }
-	  
 	  public void activate(String username, String activationkey) {
 		  Users user = search(username);
 		  if (user.getActive() != 0) {
@ -163,45 +145,26 @@ public class UsersService {
 			  throw new CustomException("User must have only one user.role", HttpStatus.UNPROCESSABLE_ENTITY);				  
 		  }
 		  
+		  UUID uuid_activationkey = UUID.fromString(activationkey);
 		  if (user.getRoles().get(0) == Roles.ROLE_INSTITUTION) {
-			  UsersEducemadenOrganizations userEducemadenOrganization = usersEducemadenOrganizationsRepository.findByActivationkey(activationkey); 
-			  if (userEducemadenOrganization == null) {
-				  throw new CustomException("ROLE_INSTITUTION Activationkey not found.", HttpStatus.NOT_FOUND);				  
-			  }
-			  else if (user.getId() != userEducemadenOrganization.getUsersid()) {
-				  throw new CustomException("Activationkey does not belong to the informed user", HttpStatus.UNPROCESSABLE_ENTITY);
+			  EduCemadenOrganizations eco = eduCemadenOrganizationsRepository.findByActivationkey(uuid_activationkey);
+			  if (eco == null) {
+				  throw new CustomException("EduCemadenOrganization Activationkey not found.", HttpStatus.NOT_FOUND);				  
 			  }
-			  
-			  userEducemadenOrganization.setActive(1);
-			  usersEducemadenOrganizationsRepository.save(userEducemadenOrganization);
-			  
 			  usersRepository.activateByUsername(username, 1);
-			  
-			  String uuid = UUID.randomUUID().toString();
-			  UsersProviderActivationKey userRolesProviderActivationKey = new UsersProviderActivationKey();
-			  userRolesProviderActivationKey.setUsersid(user.getId());
-			  userRolesProviderActivationKey.setActivationkey(uuid);
-			  usersProviderActivationKeyRepository.save(userRolesProviderActivationKey);
+			  addNewUsersEducemadenOrganization(user.getId(), eco.getId(), uuid_activationkey,  Roles.ROLE_INSTITUTION);
 		  }
 		  else if (user.getRoles().get(0) == Roles.ROLE_CLIENT) {
-			  UsersProviderActivationKey userAdmProviderActivationKey = usersProviderActivationKeyRepository.findByActivationkey(activationkey);
+			  UsersProviderActivationKey userAdmProviderActivationKey = usersProviderActivationKeyRepository.findByActivationkey(uuid_activationkey);
 			  if (userAdmProviderActivationKey == null) {
-				  throw new CustomException(String.format("Activationkey '%s' not found.", activationkey), HttpStatus.NOT_FOUND);
+				  throw new CustomException(String.format("userAdmProvider.ActivationKey '%s' not found.", activationkey), HttpStatus.NOT_FOUND);
 			  }
-			  
-			  UsersEducemadenOrganizations userAdmEducemadenOrganization = usersEducemadenOrganizationsRepository.findByUserIdAndActivated(userAdmProviderActivationKey.getUsersid());
+			  UsersEducemadenOrganizations userAdmEducemadenOrganization = usersEducemadenOrganizationsRepository.findByUsersid(userAdmProviderActivationKey.getUsersid());
 			  if (userAdmEducemadenOrganization == null) {
 				  throw new CustomException("ROLE_INSTITUTION EduCemadenOrganization not found.", HttpStatus.NOT_FOUND);
 			  }
-			  
 			  usersRepository.activateByUsername(username, 1);
-			  
-			  UsersEducemadenOrganizations userEducemadenOrg = new UsersEducemadenOrganizations();
-			  userEducemadenOrg.setUsersid(user.getId());
-			  userEducemadenOrg.setEducemadenorganizationsid(userAdmEducemadenOrganization.getEducemadenorganizationsid());
-			  userEducemadenOrg.setActivationkey(activationkey);
-			  userEducemadenOrg.setActive(1);
-			  usersEducemadenOrganizationsRepository.save(userEducemadenOrg);
+			  addNewUsersEducemadenOrganization(user.getId(), userAdmEducemadenOrganization.getEducemadenorganizationsid(), uuid_activationkey,  Roles.ROLE_CLIENT);			  
 		  }
 		  else if (user.getRoles().get(0) == Roles.ROLE_ADMIN) {
 			  throw new CustomException("Admin users should be activated through database.", HttpStatus.UNPROCESSABLE_ENTITY);
@ -216,7 +179,7 @@ public class UsersService {
 	  }
 	  
 	  public EduCemadenOrganizations findEduCemadenOrganizationById(Integer userid) {
-		  UsersEducemadenOrganizations userAdmEducemadenOrganization = usersEducemadenOrganizationsRepository.findByUserIdAndActivated(userid);
+		  UsersEducemadenOrganizations userAdmEducemadenOrganization = usersEducemadenOrganizationsRepository.findByUsersid(userid);
 		  if (userAdmEducemadenOrganization == null) {
 			  return null;
 		  }
--- a/src/test/java/org/waterproofingdata/wpdauth/integrationtest/UsersServiceIntegrationTest.java
+++ b/src/test/java/org/waterproofingdata/wpdauth/integrationtest/UsersServiceIntegrationTest.java
@ -2,6 +2,7 @@ package org.waterproofingdata.wpdauth.integrationtest;

 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.List;
 import java.util.UUID; 

 import com.google.gson.Gson;
@ -16,10 +17,12 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.http.HttpStatus;
 import org.waterproofingdata.wpdauth.exception.CustomException;
+import org.waterproofingdata.wpdauth.model.EduCemadenOrganizations;
 import org.waterproofingdata.wpdauth.model.Roles;
 import org.waterproofingdata.wpdauth.model.Users;
 import org.waterproofingdata.wpdauth.model.UsersEducemadenOrganizations;
 import org.waterproofingdata.wpdauth.model.UsersProviderActivationKey;
+import org.waterproofingdata.wpdauth.repository.EduCemadenOrganizationsRepository;
 import org.waterproofingdata.wpdauth.repository.UsersEducemadenOrganizationsRepository;
 import org.waterproofingdata.wpdauth.repository.UsersProviderActivationKeyRepository;
 import org.waterproofingdata.wpdauth.service.UsersService;
@ -29,6 +32,9 @@ public class UsersServiceIntegrationTest {
 	@Autowired
 	private UsersService usersService;
 	
+	@Autowired
+	private EduCemadenOrganizationsRepository eduCemadenOrganizationsRepository;
+	
 	@Autowired
 	private UsersEducemadenOrganizationsRepository usersEducemadenOrganizationsRepository;
 	
@ -88,17 +94,20 @@ public class UsersServiceIntegrationTest {
 	
 	@Test 
 	public void testRandomUserInstitutionAndClientRegistration() {
+		List<EduCemadenOrganizations> leco = eduCemadenOrganizationsRepository.findAll();
+		assertTrue(leco.size() > 0, "List<EduCemadenOrganizations> should return rows.");
+		UUID u_s = leco.get(0).getActivationkey(); 
+		EduCemadenOrganizations eco = eduCemadenOrganizationsRepository.findByActivationkey(u_s);
+		assertNotNull(eco, "EduCemadenOrganizations should be returned.");
+		
 		Users userInst = setUpUserTest("user_institution_", Roles.ROLE_INSTITUTION);
 		String signup = usersService.signup(userInst);
 		assertNotNull(signup, "Signup token returned from usersService.signup(userInst) should not be null");
-		usersService.sendAdminKeyByEmailCemaden("danieldrb@gmail.com", userInst.getUsername());
+		usersService.activate(userInst.getUsername(), eco.getActivationkey().toString());
 		Users userInstUpdated = usersService.search(userInst.getUsername());
-		UsersEducemadenOrganizations userInstUpdatedEducemadenOrg = usersEducemadenOrganizationsRepository.findByUsersid(userInstUpdated.getId());
-		String keyFromUserInst = userInstUpdatedEducemadenOrg.getActivationkey();
-		usersService.activate(userInstUpdated.getUsername(), keyFromUserInst);
-		
+
 		UsersProviderActivationKey userInstUpdatedProviderKey = usersProviderActivationKeyRepository.findByUsersid(userInstUpdated.getId());
-		String keyFromUserInstToUserClient = userInstUpdatedProviderKey.getActivationkey();
+		String keyFromUserInstToUserClient = userInstUpdatedProviderKey.getActivationkey().toString();
 		Users userClient = setUpUserTest("user_client_institution_",  Roles.ROLE_CLIENT);
 		String signup2 = usersService.signup(userClient);
 		assertNotNull(signup2, "Signup token returned from usersService.signup(userClient) should not be null");