96 lines
4.1 KiB
Java
Executable File
96 lines
4.1 KiB
Java
Executable File
package com.plannaplan.controllers;
|
|
|
|
import java.util.Optional;
|
|
import java.util.UUID;
|
|
|
|
import com.plannaplan.entities.User;
|
|
import com.plannaplan.exceptions.UserNotFoundException;
|
|
import com.plannaplan.responses.models.TokenResponse;
|
|
import com.plannaplan.security.cas.CasUserIdentity;
|
|
import com.plannaplan.security.cas.CasValidationExcepiton;
|
|
import com.plannaplan.security.cas.CasValidator;
|
|
import com.plannaplan.security.cas.CustomUAMCasValidator;
|
|
import com.plannaplan.security.cas.DefaultUAMCasValidator;
|
|
import com.plannaplan.services.UserService;
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.beans.factory.annotation.Value;
|
|
import org.springframework.http.HttpStatus;
|
|
import org.springframework.http.ResponseEntity;
|
|
import org.springframework.web.bind.annotation.CrossOrigin;
|
|
import org.springframework.web.bind.annotation.GetMapping;
|
|
import org.springframework.web.bind.annotation.RequestParam;
|
|
import org.springframework.web.bind.annotation.RestController;
|
|
|
|
import io.swagger.annotations.Api;
|
|
import io.swagger.annotations.ApiOperation;
|
|
import io.swagger.annotations.ApiParam;
|
|
|
|
/**
|
|
* Rest controller to Token related endpoints. More detailed api docs is
|
|
* available via swagger
|
|
*/
|
|
@RestController
|
|
@CrossOrigin
|
|
@Api(tags = { "Token" }, value = "Token", description = "Enpoints to get authorization.")
|
|
public class TokenController {
|
|
|
|
@Value("${plannaplan.frontendUrl}")
|
|
private String serviceUrl;
|
|
|
|
@Value("${plannaplan.dev}")
|
|
private boolean isDev;
|
|
|
|
@Autowired
|
|
private UserService userService;
|
|
|
|
/**
|
|
* @param ticket via CAS obtained ticket - it's base to auth user
|
|
* @return TokenResponse if operation was success
|
|
*/
|
|
@GetMapping("/token")
|
|
@ApiOperation(value = "Endpoint to access token required to call secured endpoints. In order to access token we need to provide access token comming from unviersity CAS system")
|
|
public ResponseEntity<TokenResponse> getToken(
|
|
@RequestParam("ticket") @ApiParam(value = "Ticket get from CAS system. It should look like ST-1376572-wo41gty5R0JCZFKMMie2-cas.amu.edu.psl") final String ticket) {
|
|
final CasValidator validator = isDev ? new DefaultUAMCasValidator(serviceUrl, ticket)
|
|
: new CustomUAMCasValidator(serviceUrl, ticket);
|
|
|
|
try {
|
|
final CasUserIdentity casUserIdentity = validator.validate();
|
|
final String usosId = casUserIdentity.getUsosId();
|
|
final String authority = casUserIdentity.getEmail();
|
|
User user = this.userService.checkForUser(authority, usosId);
|
|
user = this.userService.login(user);
|
|
|
|
return new ResponseEntity<>(new TokenResponse(user), HttpStatus.OK);
|
|
} catch (CasValidationExcepiton e) {
|
|
return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED);
|
|
} catch (UserNotFoundException e) {
|
|
return new ResponseEntity<>(null, HttpStatus.NOT_FOUND);
|
|
} catch (Exception e) {
|
|
return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @param refreshToken refresh token obtained via /token endpoint
|
|
* @return TokenResponse if operation was success
|
|
* @throws NullPointerException is thrown if user was not found by refrshtoken
|
|
*/
|
|
@GetMapping("/token/refresh")
|
|
@ApiOperation(value = "Endpoint to access new token based on refresh token. It's needed when request with provided token fail with code 403")
|
|
public ResponseEntity<TokenResponse> getRefreshToken(
|
|
@RequestParam("refreshToken") @ApiParam(value = "Refresh token obtained in /token request") final String refreshToken)
|
|
throws NullPointerException {
|
|
Optional<User> userResult = this.userService.getUserByRefreshToken(refreshToken);
|
|
if (userResult.isEmpty()) {
|
|
return new ResponseEntity<>(null, HttpStatus.NOT_FOUND);
|
|
}
|
|
User user = userResult.get();
|
|
user.setToken(UUID.randomUUID().toString());
|
|
user = this.userService.save(user);
|
|
return new ResponseEntity<>(new TokenResponse(user), HttpStatus.OK);
|
|
|
|
}
|
|
}
|