You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
262 lines
9.9 KiB
262 lines
9.9 KiB
package org.waterproofingdata.wpdauth.controller;
|
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
|
import org.waterproofingdata.wpdauth.dto.CustomMapper;
|
|
import org.waterproofingdata.wpdauth.dto.UsersRequestDTO;
|
|
import org.waterproofingdata.wpdauth.dto.UsersResponseDTO;
|
|
import org.waterproofingdata.wpdauth.model.Users;
|
|
import org.waterproofingdata.wpdauth.service.UsersService;
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.http.ResponseEntity;
|
|
import org.springframework.security.access.prepost.PreAuthorize;
|
|
import org.springframework.web.bind.annotation.GetMapping;
|
|
import org.springframework.web.bind.annotation.PathVariable;
|
|
import org.springframework.web.bind.annotation.PostMapping;
|
|
import org.springframework.web.bind.annotation.PutMapping;
|
|
import org.springframework.web.bind.annotation.RequestBody;
|
|
import org.springframework.web.bind.annotation.RequestMapping;
|
|
import org.springframework.web.bind.annotation.RequestParam;
|
|
import org.springframework.web.bind.annotation.RestController;
|
|
|
|
import io.swagger.annotations.Api;
|
|
import io.swagger.annotations.ApiOperation;
|
|
import io.swagger.annotations.ApiParam;
|
|
import io.swagger.annotations.ApiResponse;
|
|
import io.swagger.annotations.ApiResponses;
|
|
import io.swagger.annotations.Authorization;
|
|
|
|
@RestController
|
|
@RequestMapping("/users")
|
|
@Api(tags = "users")
|
|
public class UsersController {
|
|
@Autowired
|
|
private UsersService userService;
|
|
|
|
@PutMapping("/update")
|
|
public ResponseEntity<Users> editUser(@RequestBody Users updatedUser) {
|
|
Users editedUser = userService.editUser(updatedUser);
|
|
if (editedUser != null) {
|
|
return ResponseEntity.ok(editedUser);
|
|
} else {
|
|
return ResponseEntity.notFound().build();
|
|
}
|
|
}
|
|
|
|
@GetMapping(value = "/{id}")
|
|
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_INSTITUTION') or hasRole('ROLE_CLIENT')")
|
|
@ApiOperation(
|
|
value = "${UserController.findById}",
|
|
response = UsersResponseDTO.class,
|
|
authorizations = { @Authorization(value="apiKey") },
|
|
notes = "This is the user findById search method."
|
|
)
|
|
@ApiResponses(value = {//
|
|
@ApiResponse(code = 403, message = "Access denied"), //
|
|
@ApiResponse(code = 404, message = "The user doesn't exist"), //
|
|
@ApiResponse(code = 500, message = "Expired or invalid JWT token")
|
|
}
|
|
)
|
|
public UsersResponseDTO findById (
|
|
@ApiParam(
|
|
name = "id",
|
|
type = "Integer",
|
|
value = "user id",
|
|
example = "A positive numeric id.",
|
|
required = true
|
|
)
|
|
@RequestParam Integer id
|
|
) {
|
|
UsersResponseDTO urDTO = CustomMapper.map(userService.findById(id), UsersResponseDTO.class);
|
|
urDTO.setEduCemadenOrganization(userService.findEduCemadenOrganizationById(urDTO.getId()));
|
|
urDTO.setProviderActivationKey(userService.findProviderActivationKeyById(urDTO.getId()));
|
|
return urDTO;
|
|
}
|
|
|
|
@PostMapping("/existsByUsername")
|
|
@ApiOperation(
|
|
value = "${UserController.existsByUsername}",
|
|
notes = "From a username, this method returns if there is a username in db or not."
|
|
)
|
|
@ApiResponses(value = {//
|
|
@ApiResponse(code = 400, message = "Something went wrong")
|
|
}
|
|
)
|
|
public boolean existsByUsername(//
|
|
@ApiParam(
|
|
name = "username",
|
|
type = "String",
|
|
value = "username of the user",
|
|
example = "This is an unique field, and consumers should be aware of it. By convention, WP6 should send the user phone number (i.e. (99)99999-9999).",
|
|
required = true
|
|
)
|
|
@RequestParam String username
|
|
) {
|
|
return userService.existsByUsername(username);
|
|
}
|
|
|
|
@PostMapping("/existsByNickname")
|
|
@ApiOperation(
|
|
value = "${UserController.existsByNickname}",
|
|
notes = "From a nickname, this method returns if there is a nickname in db or not."
|
|
)
|
|
@ApiResponses(value = {//
|
|
@ApiResponse(code = 400, message = "Something went wrong")
|
|
}
|
|
)
|
|
public boolean existsByNickname(//
|
|
@ApiParam(
|
|
name = "nickname",
|
|
type = "String",
|
|
value = "nickname of the user",
|
|
example = "This is an unique field, and consumers should be aware of it.",
|
|
required = true
|
|
)
|
|
@RequestParam String nickname
|
|
) {
|
|
return userService.existsByNickname(nickname);
|
|
}
|
|
|
|
@PostMapping("/login")
|
|
@ApiOperation(
|
|
value = "${UserController.login}",
|
|
notes = "From a valid username and password, this method returns the JWT Token to be used in secure methods."
|
|
)
|
|
@ApiResponses(value = {//
|
|
@ApiResponse(code = 400, message = "Something went wrong"), //
|
|
@ApiResponse(code = 404, message = "Invalid username/password supplied")
|
|
}
|
|
)
|
|
public String login(//
|
|
@ApiParam(
|
|
name = "username",
|
|
type = "String",
|
|
value = "username of the user",
|
|
example = "This is an unique field, and consumers should be aware of it. By convention, WP6 should send the user phone number (i.e. (99)99999-9999).",
|
|
required = true
|
|
)
|
|
@RequestParam String username, //
|
|
@ApiParam(
|
|
name = "password",
|
|
type = "String",
|
|
value = "password of the user",
|
|
example = "i.e. P@s5w0rD",
|
|
required = true
|
|
)
|
|
@RequestParam String password
|
|
) {
|
|
return userService.login(username, password);
|
|
}
|
|
|
|
@PostMapping("/signup")
|
|
@ApiOperation(
|
|
value = "${UserController.signup}",
|
|
notes = "This the signup method to create new users. By defaul all users are created as inactive. To activate, the method ${UserController.activate} should be invoked."
|
|
)
|
|
@ApiResponses(value = {//
|
|
@ApiResponse(code = 400, message = "Something went wrong"), //
|
|
@ApiResponse(code = 422, message = "Required parameters should be provided")
|
|
}
|
|
)
|
|
public String signup(
|
|
@ApiParam(
|
|
name = "user",
|
|
value = "Signup User",
|
|
required = true
|
|
)
|
|
@RequestBody UsersRequestDTO user
|
|
) {
|
|
return userService.signup(CustomMapper.map(user, Users.class));
|
|
}
|
|
|
|
@PostMapping("/activate")
|
|
@PreAuthorize("hasRole('ROLE_INSTITUTION') or hasRole('ROLE_CLIENT')")
|
|
@ApiOperation(
|
|
value = "${UserController.activate}",
|
|
authorizations = { @Authorization(value="apiKey") },
|
|
notes = "This is the user activation method."
|
|
)
|
|
@ApiResponses(value = {//
|
|
@ApiResponse(code = 400, message = "Something went wrong"), //
|
|
@ApiResponse(code = 403, message = "Access denied"), //
|
|
@ApiResponse(code = 422, message = "User or ActivationKey registration issues"), //
|
|
@ApiResponse(code = 500, message = "Expired or invalid JWT token")
|
|
}
|
|
)
|
|
public String activate(
|
|
@ApiParam(
|
|
name = "username",
|
|
type = "String",
|
|
value = "username of the user",
|
|
example = "This is an unique field, and consumers should be aware of it. By convention, WP6 should send the user phone number (i.e. (99)99999-9999).",
|
|
required = true
|
|
)
|
|
@RequestParam String username, //
|
|
@ApiParam(
|
|
name = "activationkey",
|
|
type = "String",
|
|
value = "Activation Key to activate the user",
|
|
example = "If user belongs to 'ROLE_INSTITUTION' the key should be collected from the EduCemadenOrganization registration. If the user belongs to 'ROLE_CLIENT' the key should be provided by a 'ROLE_INSTITUTION' valid user.",
|
|
required = true
|
|
)
|
|
@RequestParam String activationkey
|
|
) {
|
|
userService.activate(username, activationkey);
|
|
return username;
|
|
}
|
|
|
|
@GetMapping(value = "/{username}")
|
|
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
@ApiOperation(
|
|
value = "${UserController.search}",
|
|
response = UsersResponseDTO.class,
|
|
authorizations = { @Authorization(value="apiKey") },
|
|
notes = "This is the user search method by username."
|
|
)
|
|
@ApiResponses(value = {//
|
|
@ApiResponse(code = 403, message = "Access denied"), //
|
|
@ApiResponse(code = 404, message = "The user doesn't exist"), //
|
|
@ApiResponse(code = 500, message = "Expired or invalid JWT token")
|
|
}
|
|
)
|
|
public UsersResponseDTO search(
|
|
@ApiParam(
|
|
name = "username",
|
|
type = "String",
|
|
value = "username of the user",
|
|
example = "This is an unique field, and consumers should be aware of it. By convention, WP6 should send the user phone number (i.e. (99)99999-9999).",
|
|
required = true
|
|
)
|
|
@RequestParam String username
|
|
) {
|
|
UsersResponseDTO urDTO = CustomMapper.map(userService.search(username), UsersResponseDTO.class);
|
|
urDTO.setEduCemadenOrganization(userService.findEduCemadenOrganizationById(urDTO.getId()));
|
|
urDTO.setProviderActivationKey(userService.findProviderActivationKeyById(urDTO.getId()));
|
|
return urDTO;
|
|
}
|
|
|
|
@GetMapping(value = "/me")
|
|
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_INSTITUTION') or hasRole('ROLE_CLIENT')")
|
|
@ApiOperation(
|
|
value = "${UserController.me}",
|
|
response = UsersResponseDTO.class,
|
|
authorizations = { @Authorization(value="apiKey") },
|
|
notes = "This is the user search method by token."
|
|
)
|
|
@ApiResponses(value = {//
|
|
@ApiResponse(code = 400, message = "Something went wrong"), //
|
|
@ApiResponse(code = 403, message = "Access denied"), //
|
|
@ApiResponse(code = 500, message = "Expired or invalid JWT token")})
|
|
public UsersResponseDTO whoami(HttpServletRequest req) {
|
|
UsersResponseDTO urDTO = CustomMapper.map(userService.whoami(req), UsersResponseDTO.class);
|
|
urDTO.setEduCemadenOrganization(userService.findEduCemadenOrganizationById(urDTO.getId()));
|
|
urDTO.setProviderActivationKey(userService.findProviderActivationKeyById(urDTO.getId()));
|
|
return urDTO;
|
|
}
|
|
|
|
@GetMapping("/refresh")
|
|
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_INSTITUTION') or hasRole('ROLE_CLIENT')")
|
|
public String refresh(HttpServletRequest req) {
|
|
return userService.refresh(req.getRemoteUser());
|
|
}
|
|
}
|