javier/Stirling-PDF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cred change start

Browse Source
This commit is contained in:
Anthony Stirling
2023-09-03 16:40:40 +01:00
parent 9fe96bec40
commit 146dd3c00b
11 changed files with 275 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
src/main/java/stirling/software/SPDF/controller/api/UserController.java
View File

@@ -16,6 +16,8 @@ import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import org.springframework.web.servlet.view.RedirectView;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
@@ -39,25 +41,80 @@ public class UserController {
return "redirect:/login?registered=true";
}
@PostMapping("/change-username")
public ResponseEntity<String> changeUsername(Principal principal, @RequestParam String currentPassword, @RequestParam String newUsername, HttpServletRequest request, HttpServletResponse response) {
@PostMapping("/change-username-and-password")
public RedirectView changeUsernameAndPassword(Principal principal,
@RequestParam String currentPassword,
@RequestParam String newUsername,
@RequestParam String newPassword,
HttpServletRequest request,
HttpServletResponse response,
RedirectAttributes redirectAttributes) {
if (principal == null) {
return ResponseEntity.status(HttpStatus.FORBIDDEN).body("User not authenticated.");
redirectAttributes.addFlashAttribute("error", "User not authenticated.");
return new RedirectView("/error");
}
Optional<User> userOpt = userService.findByUsername(principal.getName());
if(userOpt == null || userOpt.isEmpty()) {
return ResponseEntity.status(HttpStatus.NOT_FOUND).body("User not found.");
if (userOpt == null || userOpt.isEmpty()) {
redirectAttributes.addFlashAttribute("error", "User not found.");
return new RedirectView("/error");
}
User user = userOpt.get();
if(!userService.isPasswordCorrect(user, currentPassword)) {
return ResponseEntity.status(HttpStatus.FORBIDDEN).body("Current password is incorrect.");
if (!userService.isPasswordCorrect(user, currentPassword)) {
redirectAttributes.addFlashAttribute("error", "Current password is incorrect.");
return new RedirectView("/error");
}
if(userService.usernameExists(newUsername)) {
return ResponseEntity.status(HttpStatus.CONFLICT).body("New username already exists.");
if (!user.getUsername().equals(newUsername) && userService.usernameExists(newUsername)) {
redirectAttributes.addFlashAttribute("error", "New username already exists.");
return new RedirectView("/error");
}
userService.changePassword(user, newPassword);
if(!user.getUsername().equals(newUsername)) {
userService.changeUsername(user, newUsername);
}
userService.changeFirstUse(user, false);
// Logout using Spring's utility
new SecurityContextLogoutHandler().logout(request, response, null);
redirectAttributes.addFlashAttribute("credsUpdated", true);
return new RedirectView("/login");
}
@PostMapping("/change-username")
public RedirectView changeUsername(Principal principal,
@RequestParam String currentPassword,
@RequestParam String newUsername,
HttpServletRequest request,
HttpServletResponse response,
RedirectAttributes redirectAttributes) {
if (principal == null) {
redirectAttributes.addFlashAttribute("error", "User not authenticated.");
return new RedirectView("/account");
}
Optional<User> userOpt = userService.findByUsername(principal.getName());
if (userOpt == null || userOpt.isEmpty()) {
redirectAttributes.addFlashAttribute("error", "User not found.");
return new RedirectView("/account");
}
User user = userOpt.get();
if (!userService.isPasswordCorrect(user, currentPassword)) {
redirectAttributes.addFlashAttribute("error", "Current password is incorrect.");
return new RedirectView("/account");
}
if (userService.usernameExists(newUsername)) {
redirectAttributes.addFlashAttribute("error", "New username already exists.");
return new RedirectView("/account");
}
userService.changeUsername(user, newUsername);
@@ -65,33 +122,44 @@ public class UserController {
// Logout using Spring's utility
new SecurityContextLogoutHandler().logout(request, response, null);
return ResponseEntity.ok("Username updated successfully.");
redirectAttributes.addFlashAttribute("message", "Username updated successfully.");
return new RedirectView("/login");
}
@PostMapping("/change-password")
public ResponseEntity<String> changePassword(Principal principal, @RequestParam String currentPassword, @RequestParam String newPassword, HttpServletRequest request, HttpServletResponse response) {
public RedirectView changePassword(Principal principal,
@RequestParam String currentPassword,
@RequestParam String newPassword,
HttpServletRequest request,
HttpServletResponse response,
RedirectAttributes redirectAttributes) {
if (principal == null) {
return ResponseEntity.status(HttpStatus.FORBIDDEN).body("User not authenticated.");
redirectAttributes.addFlashAttribute("error", "User not authenticated.");
return new RedirectView("/account");
}
Optional<User> userOpt = userService.findByUsername(principal.getName());
if(userOpt == null || userOpt.isEmpty()) {
return ResponseEntity.status(HttpStatus.NOT_FOUND).body("User not found.");
if (userOpt == null || userOpt.isEmpty()) {
redirectAttributes.addFlashAttribute("error", "User not found.");
return new RedirectView("/account");
}
User user = userOpt.get();
if(!userService.isPasswordCorrect(user, currentPassword)) {
return ResponseEntity.status(HttpStatus.FORBIDDEN).body("Current password is incorrect.");
if (!userService.isPasswordCorrect(user, currentPassword)) {
redirectAttributes.addFlashAttribute("error", "Current password is incorrect.");
return new RedirectView("/account");
}
userService.changePassword(user, newPassword);
// Logout using Spring's utility
new SecurityContextLogoutHandler().logout(request, response, null);
return ResponseEntity.ok("Password updated successfully.");
redirectAttributes.addFlashAttribute("message", "Password updated successfully.");
return new RedirectView("/login");
}
@PostMapping("/updateUserSettings")
public String updateUserSettings(HttpServletRequest request, Principal principal) {

31
src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java
View File

@@ -91,6 +91,7 @@ public class AccountWebController {
model.addAttribute("username", username);
model.addAttribute("role", user.get().getRolesAsString());
model.addAttribute("settings", settingsJson);
model.addAttribute("changeCredsFlag", user.get().isFirstLogin());
}
} else {
return "redirect:/";
@@ -100,5 +101,35 @@ public class AccountWebController {
@GetMapping("/change-creds")
public String changeCreds(HttpServletRequest request, Model model, Authentication authentication) {
if (authentication == null || !authentication.isAuthenticated()) {
return "redirect:/";
}
if (authentication != null && authentication.isAuthenticated()) {
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetails) {
// Cast the principal object to UserDetails
UserDetails userDetails = (UserDetails) principal;
// Retrieve username and other attributes
String username = userDetails.getUsername();
// Fetch user details from the database
Optional<User> user = userRepository.findByUsername(username); // Assuming findByUsername method exists
if (!user.isPresent()) {
// Handle error appropriately
return "redirect:/error"; // Example redirection in case of error
}
// Add attributes to the model
model.addAttribute("username", username);
}
} else {
return "redirect:/";
}
return "change-creds";
}
}