#9 Implemented support for admin password change use case.

sibbr · Nov 25, 2015 · c2db4de · c2db4de
1 parent 02b6736
commit c2db4de
Show file tree

Hide file tree

Showing 8 changed files with 306 additions and 30 deletions.
diff --git a/src/main/java/br/gov/sibbr/api/controller/AdminController.java b/src/main/java/br/gov/sibbr/api/controller/AdminController.java
@@ -0,0 +1,46 @@
+package br.gov.sibbr.api.controller;
+
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import br.gov.sibbr.api.service.AuthService;
+
+/**
+ * Controller responsible for managing URL requests and calling for services to
+ * provide administrative operations
+ * 
+ * @author Pedro Guimarães
+ *
+ */
+@RestController
+public class AdminController {
+
+	AuthService authService = new AuthService();
+
+	// Method responsible for providing the list of all users
+	@RequestMapping(value = "/admin/users", method = RequestMethod.GET)
+	public String listUsers(@RequestParam(value = "token", defaultValue = "null") String token, Model model) {
+		String message = authService.checkTokenAdmin(token);
+		// Something went wrong. Display error message.
+		if (message != null) {
+			model.addAttribute("error", message);
+		}
+		// Proper admin identification, display
+		return "users";
+	}
+
+	// Method responsible for providing the list of all users
+	@RequestMapping(value = "/admin/users/authorized", method = RequestMethod.GET)
+	public String listAuthorizedUsers(@RequestParam(value = "token", defaultValue = "null") String token, Model model) {
+		String message = authService.checkTokenAdmin(token);
+		// Something went wrong. Display error message.
+		if (message != null) {
+			model.addAttribute("error", message);
+		}
+		// Proper admin identification, display
+		return "users";
+	}
+}
diff --git a/src/main/java/br/gov/sibbr/api/controller/InterfaceController.java b/src/main/java/br/gov/sibbr/api/controller/InterfaceController.java
@@ -20,6 +20,7 @@
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
 
 import br.gov.sibbr.api.model.LoginForm;
 import br.gov.sibbr.api.service.AuthService;
@@ -45,12 +46,17 @@ public String login(LoginForm loginForm, Model model) {
 		if (email != null && password != null) {
 			String message = authService.checkPassword(email, password);
 			if (message == null) {
-				// Successful authentication with valid credentials, fetch user
-				// token:
-				String token = authService.fetchToken(email);
-				if (token != null) {
-					model.addAttribute("token", token);
-					return "login_success";
+				if (email.equalsIgnoreCase(AuthService.ADMIN_EMAIL)) {
+
+				} else {
+					// Successful authentication with valid credentials, fetch
+					// user
+					// token:
+					String token = authService.fetchToken(email);
+					if (token != null) {
+						model.addAttribute("token", token);
+						return "login_success";
+					}
 				}
 			}
 			model.addAttribute("message", message);
@@ -90,31 +96,70 @@ public String register(LoginForm loginForm, Model model) {
 			}
 		}
 		// One of the fields was left blank:
-		else { 
-			model.addAttribute("error", "You must provide a valid password and repeat it on the Veirification field. Please, try again.");
+		else {
+			model.addAttribute("error",
+					"You must provide a valid password and repeat it on the Veirification field. Please, try again.");
 		}
 		return "register";
 	}
 
-	// Method responsible for managing occurrence requests
-	@RequestMapping(value = "/admin", method = RequestMethod.POST)
-	public String admin(LoginForm loginForm, Model model) {
-		String email = loginForm.getEmail();
+	// Method responsible for managing admin password change
+	@RequestMapping(value = "/admin/changePassword", method = RequestMethod.POST)
+	public String adminChangePassword(LoginForm loginForm, Model model) {
+		String token = loginForm.getToken();
 		String password = loginForm.getPassword();
-		if (email != null && password != null) {
-			String message = authService.checkPassword(email, password);
-			if (message == null) {
-				// Successful authentication with valid credentials, fetch user
-				// token:
-				String token = authService.fetchToken(email);
-				if (token != null) {
-					model.addAttribute("token", token);
-					return "admin_login_success";
+		String passwordCheck = loginForm.getPasswordCheck();
+		if (password != null && passwordCheck != null) {
+			if (token != null) {
+				// Check if token is valid for admin:
+				String tokenCheck = authService.checkTokenAdmin(token);
+				// Token is valid for user admin, authorize operation to continue:
+				if (tokenCheck == null) {
+					// Check if both passwords are equal:
+					if (password.equalsIgnoreCase(passwordCheck)) {
+						if (password.length() >= 8) {
+							String message = authService.updateAdminPassword(password);
+							model.addAttribute("success", message);
+						}
+						// Password too small:
+						else {
+							model.addAttribute("error",
+									"Password too small. Password must be at least 5 characters long, with a valid address.");
+						}
+					}
+					// Passwords don't match
+					else {
+						model.addAttribute("error",
+								"The passwords don't match. Try again, and make sure the same password is entered in both password and password verification fields.");
+					}
+				}
+				else {
+					model.addAttribute("error", tokenCheck);
 				}
 			}
-			model.addAttribute("message", message);
+			// Token not provided
+			else {
+				model.addAttribute("error", "You must provide a valid token. Please, try again.");
+			}
+		}
+		// Invalid e-mail information
+		else {
+			model.addAttribute("error",
+					"You must provide a valid password and repeat it on the Veirification field. Please, try again.");
 		}
-		return "admin_login_fail";
+		return "admin_password_change";
+	}
+
+	// Method responsible for calling the documentation on admin operations
+	@RequestMapping(value = "/admin/", method = RequestMethod.GET)
+	public String admin(@RequestParam(value = "token", defaultValue = "null") String token, Model model) {
+		String message = authService.checkTokenAdmin(token);
+		// Something went wrong. Display error message.
+		if (message != null) {
+			model.addAttribute("error", message);
+		}
+		// Proper admin identification, display
+		return "admin";
 	}
 
 	@RequestMapping("/")
@@ -134,10 +179,10 @@ public String register() {
 		return "register";
 	}
 
-	// Method responsible for calling the login template
-	@RequestMapping(value = "/admin", method = RequestMethod.GET)
-	public String admin() {
-		return "admin";
+	// Method responsible for calling the admin change password template
+	@RequestMapping(value = "/admin/changePassword", method = RequestMethod.GET)
+	public String adminPasswordChange() {
+		return "admin_password_change";
 	}
 
 	// Method responsible for managing occurrence requests

diff --git a/src/main/java/br/gov/sibbr/api/db/DatabaseAuth.java b/src/main/java/br/gov/sibbr/api/db/DatabaseAuth.java
@@ -160,7 +160,13 @@ public ResultSet generateNewToken(String email, String token) {
 		return resultSet;
 	}
 
-	public int updateApiUserToken(String email, Long auto_id) {
+	/**
+	 * Updates the api_user table so that the token_id points to the provided auto_id
+	 * @param email the user account
+	 * @param auto_id the unique identifier of an api_token record
+	 * @return update an integer indicating 0 error or N the amount of updated records
+	 */
+	public int updateApiUserTokenId(String email, Long auto_id) {
 		Statement statement = null;
 		int update = 0;
 		try {
@@ -173,6 +179,13 @@ public int updateApiUserToken(String email, Long auto_id) {
 		return update;
 	}
 
+	/**
+	 * Auxiliary method to create a new user in the database with the given provided paramenters
+	 * @param email valid user email account
+	 * @param password hashed password
+	 * @param salt md5 password hash
+	 * @return result an integer indicating 0 error or N the amount of updated records
+	 */
 	public int createApiUser(String email, String password, String salt) {
 		Statement statement = null;
 		int result = 0;
@@ -187,4 +200,26 @@ public int createApiUser(String email, String password, String salt) {
 		}
 		return result;
 	}
+
+	/**
+	 * Update an api user record with provided password and salt
+	 * @param email valid user email account
+	 * @param password hashed password
+	 * @param salt md5 password hash
+	 * @return result an integer indicating 0 error or N the amount of updated records
+	 */
+	public int updateApiUser(String email, String password, String salt) {
+		Statement statement = null;
+		int result = 0;
+		// New user, insert into the database
+		try {
+			statement = conn.createStatement();
+			String sql = "UPDATE " + API_USER_TABLE + " SET " + API_USER_PASSWORD + " = \'" + password + "\', "
+					+ API_USER_SALT + " = \'" + salt + "\' WHERE " + API_USER_EMAIL + " = \'" + email + "\'";
+			result = statement.executeUpdate(sql);
+		} catch (SQLException e) {
+			e.printStackTrace();
+		}
+		return result;
+	}
 }
diff --git a/src/main/java/br/gov/sibbr/api/model/ApiUserResult.java b/src/main/java/br/gov/sibbr/api/model/ApiUserResult.java
@@ -0,0 +1,50 @@
+package br.gov.sibbr.api.model;
+
+/**
+ * Class to model a POJO for an api_user instance
+ * 
+ * @author Pedro Guimarães
+ *
+ */
+public class ApiUserResult {
+
+	private Long auto_id;
+	private String email;
+	private Boolean authorized;
+
+	/**
+	 * Default class constructor
+	 * @param auto_id
+	 * @param email
+	 * @param authorized
+	 */
+	public ApiUserResult(Long auto_id, String email, Boolean authorized) {
+		this.auto_id = auto_id;
+		this.email = email;
+		this.authorized = authorized;
+	}
+
+	public Long getAuto_id() {
+		return auto_id;
+	}
+
+	public void setAuto_id(Long auto_id) {
+		this.auto_id = auto_id;
+	}
+
+	public String getEmail() {
+		return email;
+	}
+
+	public void setEmail(String email) {
+		this.email = email;
+	}
+
+	public Boolean getAuthorized() {
+		return authorized;
+	}
+
+	public void setAuthorized(Boolean authorized) {
+		this.authorized = authorized;
+	}
+}
diff --git a/src/main/java/br/gov/sibbr/api/model/LoginForm.java b/src/main/java/br/gov/sibbr/api/model/LoginForm.java
@@ -24,6 +24,7 @@
 public class LoginForm {
 
 	private String email;
+	private String token;
 	private String password;
 	private String passwordCheck;
 
@@ -50,4 +51,12 @@ public String getPasswordCheck() {
 	public void setPasswordCheck(String passwordCheck) {
 		this.passwordCheck = passwordCheck;
 	}
+
+	public String getToken() {
+		return token;
+	}
+
+	public void setToken(String token) {
+		this.token = token;
+	}
 }