package com.plannaplan.controllers; import com.plannaplan.entities.User; import com.plannaplan.exceptions.UserNotFoundException; import com.plannaplan.security.cas.CasUserIdentity; import com.plannaplan.security.cas.CasValidationExcepiton; import com.plannaplan.security.cas.DefaultUAMCasValidator; import com.plannaplan.services.UserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; @RestController @CrossOrigin @Api(tags = { "Token" }, value = "Token", description = "Enpoints to get authorization.") public class TokenController { private final static String SERVICE_URL = "http://localhost:3000"; @Autowired private UserService userService; @GetMapping("/token") @ApiOperation(value = "Endpoint to access token required to call secured endpoints. In order to access token we need to provide access token comming from unviersity CAS system") public ResponseEntity getToken( @RequestParam("ticket") @ApiParam(value = "Ticket get from CAS system. It should look like ST-1376572-wo41gty5R0JCZFKMMie2-cas.amu.edu.pl") final String ticket) { final DefaultUAMCasValidator validator = new DefaultUAMCasValidator(SERVICE_URL, ticket); try { final CasUserIdentity casUserIdentity = validator.validate(); final String usosId = casUserIdentity.getUsosId(); final String authority = casUserIdentity.getEmail(); final User user = this.userService.checkForUser(authority, usosId); String token = this.userService.login(user); return new ResponseEntity<>(token, HttpStatus.OK); } catch (CasValidationExcepiton e) { return new ResponseEntity<>("Wrong ticket", HttpStatus.UNAUTHORIZED); } catch (UserNotFoundException e) { return new ResponseEntity<>("User not found", HttpStatus.NOT_FOUND); } catch (Exception e) { return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR); } } }