-
Notifications
You must be signed in to change notification settings - Fork 44
Expand file tree
/
Copy pathUserActionController.java
More file actions
147 lines (131 loc) · 6.29 KB
/
Copy pathUserActionController.java
File metadata and controls
147 lines (131 loc) · 6.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
package com.digitalsanctuary.spring.user.controller;
import java.io.UnsupportedEncodingException;
import java.util.Locale;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.MessageSource;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import com.digitalsanctuary.spring.user.audit.AuditEvent;
import com.digitalsanctuary.spring.user.persistence.model.User;
import com.digitalsanctuary.spring.user.service.UserService;
import com.digitalsanctuary.spring.user.service.UserService.TokenValidationResult;
import com.digitalsanctuary.spring.user.service.UserVerificationService;
import com.digitalsanctuary.spring.user.util.UserUtils;
import com.digitalsanctuary.spring.user.web.IncludeUserInModel;
import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
/**
* Controller that handles user action requests triggered by email links.
* <p>
* This controller processes token-based actions such as email verification
* during registration and password reset token validation. These endpoints
* are typically accessed when users click links in system-generated emails.
* </p>
*
* @author Devon Hillard
* @see UserService
* @see UserVerificationService
*/
@Slf4j
@RequiredArgsConstructor
@Controller
@IncludeUserInModel
public class UserActionController {
private static final String AUTH_MESSAGE_PREFIX = "auth.message.";
private final UserService userService;
private final UserVerificationService userVerificationService;
private final MessageSource messages;
private final ApplicationEventPublisher eventPublisher;
// URIs configured in application.properties
/** The registration pending URI. */
@Value("${user.security.registrationPendingURI}")
private String registrationPendingURI;
/** The registration success URI. */
@Value("${user.security.registrationSuccessURI}")
private String registrationSuccessURI;
/** The registration new verification URI. */
@Value("${user.security.registrationNewVerificationURI}")
private String registrationNewVerificationURI;
/** The forgot password pending URI. */
@Value("${user.security.forgotPasswordPendingURI}")
private String forgotPasswordPendingURI;
/** The forgot password change URI. */
@Value("${user.security.forgotPasswordChangeURI}")
private String forgotPasswordChangeURI;
/**
* Validate a forgot password token link from an email, and if valid, show the
* change password page.
*
* @param request the request
* @param model the model
* @param token the token
* @return the model and view
*/
@GetMapping("${user.security.changePasswordURI:/user/changePassword}")
public ModelAndView showChangePasswordPage(final HttpServletRequest request, final ModelMap model,
@RequestParam("token") final String token) {
log.debug("UserAPI.showChangePasswordPage: called with token: {}", token);
final TokenValidationResult result = userService.validatePasswordResetToken(token);
log.debug("UserAPI.showChangePasswordPage: result: {}", result);
AuditEvent changePasswordAuditEvent = AuditEvent.builder().source(this).sessionId(request.getSession().getId())
.ipAddress(UserUtils.getClientIP(request)).userAgent(request.getHeader("User-Agent"))
.action("showChangePasswordPage")
.actionStatus("Success").message("Requested. Result:" + result).build();
eventPublisher.publishEvent(changePasswordAuditEvent);
if (TokenValidationResult.VALID.equals(result)) {
model.addAttribute("token", token);
String redirectString = "redirect:" + forgotPasswordChangeURI;
return new ModelAndView(redirectString, model);
} else {
String messageKey = AUTH_MESSAGE_PREFIX + result.getValue();
model.addAttribute("messageKey", messageKey);
return new ModelAndView("redirect:/index.html", model);
}
}
/**
* Validates a registration token received from an email link, and if valid,
* confirms the user's registration and redirects to the registration success page.
*
* @param request the HTTP request
* @param model the model map
* @param token the verification token to validate
* @return the model and view for redirection
* @throws UnsupportedEncodingException the unsupported encoding exception
*/
@GetMapping("${user.security.registrationConfirmURI:/user/registrationConfirm}")
public ModelAndView confirmRegistration(final HttpServletRequest request, final ModelMap model,
@RequestParam("token") final String token) throws UnsupportedEncodingException {
log.debug("UserAPI.confirmRegistration: called with token: {}", token);
Locale locale = request.getLocale();
model.addAttribute("lang", locale.getLanguage());
final TokenValidationResult result = userVerificationService.validateVerificationToken(token);
if (result == TokenValidationResult.VALID) {
final User user = userVerificationService.getUserByVerificationToken(token);
if (user != null) {
userService.authWithoutPassword(user);
userVerificationService.deleteVerificationToken(token);
AuditEvent registrationAuditEvent = AuditEvent.builder().source(this).user(user)
.sessionId(request.getSession().getId())
.ipAddress(UserUtils.getClientIP(request)).userAgent(request.getHeader("User-Agent"))
.action("Registration Confirmation")
.actionStatus("Success").message("Registration Confirmed. User logged in.").build();
eventPublisher.publishEvent(registrationAuditEvent);
}
model.addAttribute("message", messages.getMessage("message.account.verified", null, locale));
log.debug("UserAPI.confirmRegistration: account verified and user logged in!");
String redirectString = "redirect:" + registrationSuccessURI;
return new ModelAndView(redirectString, model);
}
model.addAttribute("messageKey", AUTH_MESSAGE_PREFIX + result.getValue());
model.addAttribute("expired", result == TokenValidationResult.EXPIRED);
model.addAttribute("token", token);
log.debug("UserAPI.confirmRegistration: failed. Token not found or expired.");
String redirectString = "redirect:" + registrationNewVerificationURI;
return new ModelAndView(redirectString, model);
}
}