upgrade to Spring Boot 4, add webauthn support, some cleanup

2025-12-18 20:55:43 +01:00
parent c27e68caf0
commit b4b2552e7e
326 changed files with 2768 additions and 1075 deletions
@@ -82,6 +82,11 @@
 			<artifactId>webstly-urlshortener</artifactId>
 			<version>${revision}</version>
 		</dependency>
 		<dependency>
 			<groupId>de.bstly.we</groupId>
 			<artifactId>webauthn</artifactId>
 			<version>${revision}</version>
 		</dependency>
 		<dependency>
 			<groupId>de.bstly.we</groupId>
 			<artifactId>webstly-wireguard</artifactId>
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we;
 import java.util.EnumSet;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.businesslogic;
 import java.util.Iterator;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.businesslogic;
 /**
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.businesslogic;
 import java.text.ParseException;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.controller;
 import java.util.Optional;
@@ -100,7 +97,7 @@ public class BorrowItemController extends BaseController {
 	 */
 	@PreAuthorize("isAuthenticated()")
 	@GetMapping("/{id}")
-	public BorrowItem getBorrowItem(@PathVariable("id") Long id) {
+	public BorrowItem getBorrowItem(@PathVariable Long id) {
 		if (!permissionManager.hasPermission(getCurrentUserId(), BorrowPermissions.BORROW_REQUESTS)
 				|| !permissionManager.isFullUser(getCurrentUserId())) {
 			throw new EntityResponseStatusException(HttpStatus.FORBIDDEN);
@@ -109,7 +106,7 @@ public class BorrowItemController extends BaseController {
 		BorrowItem borrowItem = borrowItemManager.get(id);
 		if (borrowItem == null) {
-			throw new EntityResponseStatusException(HttpStatus.UNPROCESSABLE_ENTITY);
+			throw new EntityResponseStatusException(HttpStatus.CONFLICT);
 		}
 		if (!borrowItem.getOwner().equals(getCurrentUserId())) {
@@ -166,7 +163,7 @@ public class BorrowItemController extends BaseController {
 	 */
 	@PreAuthorize("isAuthenticated()")
 	@DeleteMapping("/{id}")
-	public void deleteBorrowItem(@PathVariable("id") Long id) {
+	public void deleteBorrowItem(@PathVariable Long id) {
 		BorrowItem borrowItem = borrowItemManager.get(id);
 		if (borrowItem == null || !borrowItem.getOwner().equals(getCurrentUserId())) {
 			throw new EntityResponseStatusException(HttpStatus.FORBIDDEN);
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.controller;
 import java.text.ParseException;
@@ -163,7 +160,7 @@ public class BorrowRequestController extends BaseController {
 	 */
 	@PreAuthorize("isAuthenticated()")
 	@DeleteMapping("/{id}")
-	public void deleteBorrowRequest(@PathVariable("id") Long id) {
+	public void deleteBorrowRequest(@PathVariable Long id) {
 		BorrowRequest borrowRequest = borrowRequestManager.get(id);
 		if (borrowRequest == null || !borrowRequest.getUser().equals(getCurrentUserId())) {
 			throw new EntityResponseStatusException(HttpStatus.FORBIDDEN);
@@ -212,14 +209,14 @@ public class BorrowRequestController extends BaseController {
 	 */
 	@PreAuthorize("isAuthenticated()")
 	@GetMapping("/code/{id}")
-	public String getCode(@PathVariable("id") Long id, HttpServletRequest request) {
+	public String getCode(@PathVariable Long id, HttpServletRequest request) {
 		BorrowRequest borrowRequest = borrowRequestManager.get(id);
 		if (borrowRequest == null || !borrowRequest.getUser().equals(getCurrentUserId())) {
 			throw new EntityResponseStatusException(HttpStatus.FORBIDDEN);
 		}
 		if (!borrowRequest.getStatus().equals(BorrowRequestStatus.ACCEPTED)) {
-			throw new EntityResponseStatusException(HttpStatus.UNPROCESSABLE_ENTITY);
+			throw new EntityResponseStatusException(HttpStatus.CONFLICT);
 		}
 		String issuer = jwtBorrowIssuer;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.controller.validation;
 import org.apache.commons.validator.routines.EmailValidator;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.controller.validation;
 import java.text.ParseException;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.controller.validation;
 import java.time.Duration;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.model;
 import java.time.Duration;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.model;
 /**
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.model;
 import java.time.Instant;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.model;
 import java.time.DayOfWeek;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.model;
 import jakarta.persistence.Column;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.model;
 import java.time.Instant;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.model;
 /**
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.repository;
 import org.springframework.data.jpa.repository.JpaRepository;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.repository;
 import org.springframework.data.jpa.repository.JpaRepository;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.repository;
 import org.springframework.data.jpa.repository.JpaRepository;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.repository;
 import org.springframework.data.jpa.repository.JpaRepository;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.borrow.repository;
 import org.springframework.data.domain.Page;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we;
 import jakarta.persistence.EntityManager;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.time.Instant;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.time.Instant;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 /**
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 /**
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.time.Instant;
@@ -0,0 +1,457 @@
 package de.bstly.we.businesslogic;
 import java.time.Instant;
 import java.time.OffsetDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.List;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Sort;
 import org.springframework.stereotype.Component;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import com.google.common.collect.Lists;
 import com.google.gson.JsonArray;
 import com.google.gson.JsonElement;
 import de.bstly.we.businesslogic.support.InstantHelper;
 import de.bstly.we.model.QQuotaExtension;
 import de.bstly.we.model.QuotaExtension;
 import de.bstly.we.model.QuotaExtensionMapping;
 import de.bstly.we.model.UserData;
 import de.bstly.we.repository.QuotaExtensionRepository;
 /**
 * The Class QuotaExtensionManager.
 */
@Component
 public class QuotaExtensionManager implements UserDataProvider {
 	@Autowired
 	private QuotaExtensionRepository quotaExtensionRepository;
 	@Autowired
 	private QuotaExtensionMappingManager quotaExtensionMappingManager;
 	private QQuotaExtension qQuotaExtension = QQuotaExtension.quotaExtension;
 	DateTimeFormatter pretixOffsetDateTime = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ssx");
 	/**
 	 * Gets the active extensions by target.
 	 *
 	 * @param target the target
 	 * @return the active extensions by target
 	 */
 	public List<QuotaExtension> getNotExpiresByTarget(Long target) {
 		return getNotExpiresByTarget(target, null);
 	}
 	/**
 	 * Gets the active extensions by target.
 	 *
 	 * @param target the target
 	 * @param sort   the sort
 	 * @return the active extensions by target
 	 */
 	public List<QuotaExtension> getNotExpiresByTarget(Long target, String sort) {
 		if (target != null) {
 			return Lists.newArrayList(quotaExtensionRepository.findAll(
 					qQuotaExtension.target.eq(target)
 							.and(qQuotaExtension.expires.after(Instant.now())
 									.and(qQuotaExtension.starts.isNull()
 											.or(qQuotaExtension.starts.before(Instant.now())))),
 					Sort.by(StringUtils.hasText(sort) ? sort : "id")));
 		}
 		return Lists.newArrayList();
 	}
 	/**
 	 * Gets the active extensions by target and name.
 	 *
 	 * @param target the target
 	 * @param name   the name
 	 * @return the active extensions by target and name
 	 */
 	public List<QuotaExtension> getActiveExtensions(Long target, String name) {
 		return getActiveExtensions(target, name, null);
 	}
 	/**
 	 * Gets the active extensions by target and name.
 	 *
 	 * @param target the target
 	 * @param name   the name
 	 * @param sort   the sort
 	 * @return the active extensions by target and name
 	 */
 	public List<QuotaExtension> getActiveExtensions(Long target, String name, String sort) {
 		if (target != null && StringUtils.hasText(name)) {
 			return Lists.newArrayList(quotaExtensionRepository.findAll(
 					qQuotaExtension.target.eq(target).and(qQuotaExtension.name.eq(name))
 							.and(qQuotaExtension.expires.after(Instant.now())
 									.and(qQuotaExtension.starts.isNull()
 											.or(qQuotaExtension.starts.before(Instant.now())))),
 					Sort.by(StringUtils.hasText(sort) ? sort : "id")));
 		}
 		return Lists.newArrayList();
 	}
 	/**
 	 * Gets the total active extension value.
 	 *
 	 * @param target the target
 	 * @param name   the name
 	 * @return the total active extension value
 	 */
 	public long getActiveExtensionValue(Long target, String name) {
 		return getActiveExtensions(target, name).stream()
 				.mapToLong(QuotaExtension::getValue)
 				.sum();
 	}
 	/**
 	 * Gets the all by target.
 	 *
 	 * @param target the target
 	 * @return the all by target
 	 */
 	public List<QuotaExtension> getAllByTarget(Long target) {
 		return getAllByTarget(target, null);
 	}
 	/**
 	 * Gets the all by target.
 	 *
 	 * @param target the target
 	 * @param sort   the sort
 	 * @return the all by target
 	 */
 	public List<QuotaExtension> getAllByTarget(Long target, String sort) {
 		if (target != null) {
 			return Lists.newArrayList(quotaExtensionRepository.findAll(qQuotaExtension.target.eq(target),
 					Sort.by(StringUtils.hasText(sort) ? sort : "id")));
 		}
 		return Lists.newArrayList();
 	}
 	/**
 	 * Creates the.
 	 *
 	 * @param target      the target
 	 * @param name        the name
 	 * @param value       the value
 	 * @param unit        the unit
 	 * @param starts      the starts
 	 * @param expires     the expires
 	 * @param source      the source
 	 * @param description the description
 	 * @return the quota extension
 	 */
 	public QuotaExtension create(Long target, String name, long value, String unit, Instant starts, Instant expires,
 			String source, String description) {
 		QuotaExtension newQuotaExtension = new QuotaExtension();
 		newQuotaExtension.setTarget(target);
 		newQuotaExtension.setName(name);
 		newQuotaExtension.setValue(value);
 		newQuotaExtension.setUnit(unit);
 		newQuotaExtension.setStarts(starts);
 		newQuotaExtension.setExpires(expires);
 		newQuotaExtension.setSource(source);
 		newQuotaExtension.setDescription(description);
 		return quotaExtensionRepository.save(newQuotaExtension);
 	}
 	/**
 	 * Update.
 	 *
 	 * @param quotaExtension the quota extension
 	 * @return the quota extension
 	 */
 	public QuotaExtension update(QuotaExtension quotaExtension) {
 		Assert.isTrue(quotaExtensionRepository.existsById(quotaExtension.getId()),
 				"QuotaExtension '" + quotaExtension.getId() + "' does not exists!");
 		QuotaExtension updateQuotaExtension = quotaExtensionRepository.findById(quotaExtension.getId()).get();
 		updateQuotaExtension.setValue(quotaExtension.getValue());
 		updateQuotaExtension.setUnit(quotaExtension.getUnit());
 		updateQuotaExtension.setStarts(quotaExtension.getStarts());
 		updateQuotaExtension.setExpires(quotaExtension.getExpires());
 		updateQuotaExtension.setSource(quotaExtension.getSource());
 		updateQuotaExtension.setDescription(quotaExtension.getDescription());
 		return quotaExtensionRepository.save(updateQuotaExtension);
 	}
 	/**
 	 * Delete.
 	 *
 	 * @param id the id
 	 */
 	public void delete(Long id) {
 		Assert.isTrue(quotaExtensionRepository.existsById(id), "QuotaExtension '" + id + "' does not exists!");
 		quotaExtensionRepository.deleteById(id);
 	}
 	public void addForItem(Long target, Integer item, List<QuotaExtension> quotas) {
 		for (QuotaExtensionMapping quotaMapping : quotaExtensionMappingManager.getAllByItem(item)) {
 			boolean added = false;
 			for (QuotaExtension quotaExtension : quotas) {
 				if (quotaExtension.getName().equals(quotaMapping.getName())) {
 					quotaExtension.setValue(quotaMapping.getValue());
 					added = true;
 				}
 			}
 			if (!added) {
 				QuotaExtension quotaExtension = new QuotaExtension();
 				quotaExtension.setName(quotaMapping.getName());
 				quotaExtension.setValue(quotaMapping.getValue());
 				quotaExtension.setUnit(quotaMapping.getUnit());
 				quotas.add(quotaExtension);
 			}
 		}
 	}
 	/**
 	 * Apply item - creates extensions based on mapping rules.
 	 *
 	 * @param target  the target
 	 * @param item    the item
 	 * @param answers the answers
 	 * @param starts  the starts
 	 * @param expires the expires
 	 */
 	public void applyItem(Long target, Integer item, JsonArray answers, Instant starts, Instant expires) {
 		for (QuotaExtension quotaExtension : getForItem(target, item, answers, starts, expires)) {
 			quotaExtensionRepository.save(quotaExtension);
 		}
 	}
 	/**
 	 * Gets extensions for item - mirrors PermissionManager.getForItem logic.
 	 *
 	 * @param target  the target
 	 * @param item    the item
 	 * @param answers the answers
 	 * @param starts  the starts
 	 * @param expires the expires
 	 * @return the list of quota extensions
 	 */
 	public List<QuotaExtension> getForItem(Long target, Integer item, JsonArray answers, Instant starts,
 			Instant expires) {
 		List<QuotaExtension> extensions = Lists.newArrayList();
 		for (QuotaExtensionMapping extensionMapping : quotaExtensionMappingManager.getAllByItem(item)) {
 			Instant extensionStarts = starts;
 			Instant extensionExpires = expires;
 			if (extensionMapping.getStarts() != null) {
 				extensionStarts = extensionMapping.getStarts();
 			}
 			if (extensionMapping.getExpires() != null) {
 				extensionExpires = extensionMapping.getExpires();
 			}
 			if (extensionExpires == null) {
 				extensionExpires = InstantHelper.plus(extensionStarts == null ? Instant.now() : extensionStarts,
 						extensionMapping.getLifetime(), extensionMapping.getLifetimeUnit());
 			}
 			// Process question-based dates (mirroring permission logic)
 			for (JsonElement answer : answers) {
 				if (answer.isJsonObject() && answer.getAsJsonObject().has("question_identifier")) {
 					if (StringUtils.hasText(extensionMapping.getStartsQuestion())
 							&& extensionMapping.getStartsQuestion()
 									.equals(answer.getAsJsonObject().get("question_identifier").getAsString())
 							&& answer.getAsJsonObject().has("answer")) {
 						String dateTimeString = answer.getAsJsonObject().get("answer").getAsString();
 						if (StringUtils.hasText(dateTimeString)) {
 							dateTimeString = dateTimeString.replace(" ", "T");
 							extensionStarts = OffsetDateTime.parse(dateTimeString).toInstant();
 							extensionExpires = InstantHelper.plus(extensionStarts,
 									extensionMapping.getLifetime(), extensionMapping.getLifetimeUnit());
 						}
 					}
 					if (StringUtils.hasText(extensionMapping.getExpiresQuestion())
 							&& extensionMapping.getExpiresQuestion()
 									.equals(answer.getAsJsonObject().get("question_identifier").getAsString())
 							&& answer.getAsJsonObject().has("answer")) {
 						String dateTimeString = answer.getAsJsonObject().get("answer").getAsString();
 						if (StringUtils.hasText(dateTimeString)) {
 							dateTimeString = dateTimeString.replace(" ", "T");
 							extensionExpires = InstantHelper.plus(
 									OffsetDateTime.parse(dateTimeString).toInstant(),
 									extensionMapping.getLifetime(), extensionMapping.getLifetimeUnit());
 						}
 					}
 				}
 			}
 			// Create the extension
 			QuotaExtension extension = new QuotaExtension();
 			extension.setTarget(target);
 			extension.setName(extensionMapping.getName());
 			extension.setValue(extensionMapping.getValue());
 			extension.setUnit(extensionMapping.getUnit());
 			extension.setStarts(extensionStarts);
 			extension.setExpires(extensionExpires);
 			// Apply start cleanup and lifetime rounding
 			if (extension.getStarts() != null && extension.getStarts().isBefore(Instant.now())) {
 				extension.setStarts(null);
 			}
 			if (extensionMapping.isLifetimeRound()) {
 				extension.setExpires(
 						InstantHelper.truncate(extension.getExpires(), extensionMapping.getLifetimeUnit()));
 			}
 			extensions.add(extension);
 		}
 		return extensions;
 	}
 	/**
 	 * Cleanup expired extensions.
 	 */
 	public void cleanupExpiredExtensions() {
 		for (QuotaExtension extension : quotaExtensionRepository
 				.findAll(qQuotaExtension.expires.before(Instant.now()))) {
 			quotaExtensionRepository.delete(extension);
 		}
 	}
 	/*
 	 * @see de.bstly.we.businesslogic.UserDataProvider#getId()
 	 */
 	@Override
 	public String getId() {
 		return "quota_extensions";
 	}
 	/*
 	 * @see de.bstly.we.businesslogic.UserDataProvider#getUserData(java.lang.Long)
 	 */
 	@Override
 	public List<UserData> getUserData(Long userId) {
 		List<UserData> result = Lists.newArrayList();
 		for (QuotaExtension extension : getAllByTarget(userId)) {
 			result.add(extension);
 		}
 		return result;
 	}
 	/**
 	 * Gets all quota extensions with predicate and pageable.
 	 *
 	 * @param predicate the predicate
 	 * @param pageable  the pageable
 	 * @return the page of quota extensions
 	 */
 	public org.springframework.data.domain.Page<QuotaExtension> getAll(com.querydsl.core.types.Predicate predicate,
 			org.springframework.data.domain.Pageable pageable) {
 		return quotaExtensionRepository.findAll(predicate, pageable);
 	}
 	/**
 	 * Gets quota extension by id.
 	 *
 	 * @param id the id
 	 * @return the quota extension
 	 */
 	public QuotaExtension get(Long id) {
 		Assert.notNull(id, "id must not be null!");
 		return quotaExtensionRepository.findById(id).orElse(null);
 	}
 	/**
 	 * Gets quota extensions by target.
 	 *
 	 * @param target the target
 	 * @return the list of quota extensions
 	 */
 	public List<QuotaExtension> getByTarget(Long target) {
 		Assert.notNull(target, "target must not be empty!");
 		return Lists.newArrayList(quotaExtensionRepository.findAll(qQuotaExtension.target.eq(target),
 				Sort.by("expires").ascending()));
 	}
 	/**
 	 * Gets active quota extensions by target.
 	 *
 	 * @param target the target
 	 * @return the list of active quota extensions
 	 */
 	public List<QuotaExtension> getActiveExtensions(Long target) {
 		Assert.notNull(target, "target must not be empty!");
 		Instant now = Instant.now();
 		return Lists.newArrayList(quotaExtensionRepository.findAll(
 				qQuotaExtension.target.eq(target)
 						.and(qQuotaExtension.expires.after(now))
 						.and(qQuotaExtension.starts.isNull().or(qQuotaExtension.starts.before(now))),
 				Sort.by("expires").ascending()));
 	}
 	/**
 	 * Creates a quota extension.
 	 *
 	 * @param quotaExtension the quota extension to create
 	 * @return the created quota extension
 	 */
 	public QuotaExtension create(QuotaExtension quotaExtension) {
 		Assert.notNull(quotaExtension, "quotaExtension must not be null!");
 		Assert.isNull(quotaExtension.getTarget(), "target must not be empty!");
 		Assert.hasText(quotaExtension.getName(), "name must not be empty!");
 		Assert.notNull(quotaExtension.getExpires(), "expires must not be null!");
 		Assert.isTrue(quotaExtension.getValue() > 0, "value must be positive!");
 		return quotaExtensionRepository.save(quotaExtension);
 	}
 	/**
 	 * Updates a quota extension.
 	 *
 	 * @param id             the id of the quota extension
 	 * @param quotaExtension the updated quota extension data
 	 * @return the updated quota extension
 	 */
 	public QuotaExtension update(Long id, QuotaExtension quotaExtension) {
 		Assert.notNull(id, "id must not be null!");
 		Assert.notNull(quotaExtension, "quotaExtension must not be null!");
 		QuotaExtension existingExtension = get(id);
 		Assert.notNull(existingExtension, "QuotaExtension with id " + id + " not found!");
 		existingExtension.setTarget(quotaExtension.getTarget());
 		existingExtension.setName(quotaExtension.getName());
 		existingExtension.setValue(quotaExtension.getValue());
 		existingExtension.setUnit(quotaExtension.getUnit());
 		existingExtension.setExpires(quotaExtension.getExpires());
 		existingExtension.setStarts(quotaExtension.getStarts());
 		existingExtension.setSource(quotaExtension.getSource());
 		existingExtension.setDescription(quotaExtension.getDescription());
 		return quotaExtensionRepository.save(existingExtension);
 	}
 	/**
 	 * Cleanup expired quota extensions.
 	 */
 	public void cleanupExpired() {
 		Instant now = Instant.now();
 		List<QuotaExtension> expiredExtensions = Lists.newArrayList(quotaExtensionRepository.findAll(
 				qQuotaExtension.expires.before(now)));
 		quotaExtensionRepository.deleteAll(expiredExtensions);
 	}
 	@Override
 	public void purgeUserData(Long userId) {
 		for (QuotaExtension quotaExtension : getAllByTarget(userId)) {
 			quotaExtensionRepository.delete(quotaExtension);
 		}
 	}
 }
@@ -0,0 +1,153 @@
 package de.bstly.we.businesslogic;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.List;
 import java.util.Set;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Sort;
 import org.springframework.stereotype.Component;
 import org.springframework.util.Assert;
 import com.google.common.collect.Lists;
 import de.bstly.we.model.QQuotaExtensionMapping;
 import de.bstly.we.model.QuotaExtensionMapping;
 import de.bstly.we.repository.QuotaExtensionMappingRepository;
 /**
 * The Class QuotaExtensionMappingManager.
 */
@Component
 public class QuotaExtensionMappingManager {
 	@Autowired
 	private QuotaExtensionMappingRepository quotaExtensionMappingRepository;
 	private QQuotaExtensionMapping qQuotaExtensionMapping = QQuotaExtensionMapping.quotaExtensionMapping;
 	/**
 	 * Gets the all by item.
 	 *
 	 * @param item the item
 	 * @return the all by item
 	 */
 	public List<QuotaExtensionMapping> getAllByItem(Integer item) {
 		return Lists.newArrayList(quotaExtensionMappingRepository.findAll(qQuotaExtensionMapping.items.contains(item)));
 	}
 	/**
 	 * Exists.
 	 *
 	 * @param item the item
 	 * @return true, if successful
 	 */
 	public boolean exists(Integer item) {
 		return quotaExtensionMappingRepository.exists(qQuotaExtensionMapping.items.contains(item));
 	}
 	/**
 	 * Exists.
 	 *
 	 * @param item the item
 	 * @param name the name
 	 * @return true, if successful
 	 */
 	public boolean exists(Integer item, String name) {
 		return quotaExtensionMappingRepository
 				.exists(qQuotaExtensionMapping.items.contains(item).and(qQuotaExtensionMapping.name.eq(name)));
 	}
 	/**
 	 * Creates the.
 	 *
 	 * @param items           the items
 	 * @param name            the name
 	 * @param value           the value
 	 * @param unit            the unit
 	 * @param lifetime        the lifetime
 	 * @param lifetimeUnit    the lifetime unit
 	 * @param lifetimeRound   the lifetime round
 	 * @param products        the products
 	 * @param starts          the starts
 	 * @param expires         the expires
 	 * @param startsQuestion  the starts question
 	 * @param expiresQuestion the expires question
 	 * @return the quota extension mapping
 	 */
 	public QuotaExtensionMapping create(Set<Integer> items, String name, long value, String unit, Long lifetime,
 			ChronoUnit lifetimeUnit, boolean lifetimeRound, Set<String> products, Instant starts, Instant expires,
 			String startsQuestion, String expiresQuestion) {
 		QuotaExtensionMapping quotaExtensionMapping = new QuotaExtensionMapping();
 		quotaExtensionMapping.setItems(items);
 		quotaExtensionMapping.setName(name);
 		quotaExtensionMapping.setValue(value);
 		quotaExtensionMapping.setUnit(unit);
 		quotaExtensionMapping.setLifetime(lifetime);
 		quotaExtensionMapping.setLifetimeUnit(lifetimeUnit);
 		quotaExtensionMapping.setLifetimeRound(lifetimeRound);
 		quotaExtensionMapping.setProducts(products);
 		quotaExtensionMapping.setStarts(starts);
 		quotaExtensionMapping.setExpires(expires);
 		quotaExtensionMapping.setStartsQuestion(startsQuestion);
 		quotaExtensionMapping.setExpiresQuestion(expiresQuestion);
 		return quotaExtensionMappingRepository.save(quotaExtensionMapping);
 	}
 	/**
 	 * Update.
 	 *
 	 * @param quotaExtensionMapping the quota extension mapping
 	 * @return the quota extension mapping
 	 */
 	public QuotaExtensionMapping update(QuotaExtensionMapping quotaExtensionMapping) {
 		Assert.isTrue(
 				quotaExtensionMapping.getId() != null
 						&& quotaExtensionMappingRepository.existsById(quotaExtensionMapping.getId()),
 				"QuotaExtensionMapping '" + quotaExtensionMapping.getId() + "' does not exists!");
 		QuotaExtensionMapping updateQuotaExtensionMapping = quotaExtensionMappingRepository
 				.findById(quotaExtensionMapping.getId()).get();
 		updateQuotaExtensionMapping.setItems(quotaExtensionMapping.getItems());
 		updateQuotaExtensionMapping.setName(quotaExtensionMapping.getName());
 		updateQuotaExtensionMapping.setValue(quotaExtensionMapping.getValue());
 		updateQuotaExtensionMapping.setUnit(quotaExtensionMapping.getUnit());
 		updateQuotaExtensionMapping.setLifetime(quotaExtensionMapping.getLifetime());
 		updateQuotaExtensionMapping.setLifetimeUnit(quotaExtensionMapping.getLifetimeUnit());
 		updateQuotaExtensionMapping.setLifetimeRound(quotaExtensionMapping.isLifetimeRound());
 		updateQuotaExtensionMapping.setProducts(quotaExtensionMapping.getProducts());
 		updateQuotaExtensionMapping.setStarts(quotaExtensionMapping.getStarts());
 		updateQuotaExtensionMapping.setExpires(quotaExtensionMapping.getExpires());
 		updateQuotaExtensionMapping.setStartsQuestion(quotaExtensionMapping.getStartsQuestion());
 		updateQuotaExtensionMapping.setExpiresQuestion(quotaExtensionMapping.getExpiresQuestion());
 		return quotaExtensionMappingRepository.save(updateQuotaExtensionMapping);
 	}
 	/**
 	 * Delete.
 	 *
 	 * @param id the id
 	 */
 	public void delete(Long id) {
 		Assert.isTrue(quotaExtensionMappingRepository.existsById(id),
 				"QuotaExtensionMapping '" + id + "' does not exists!");
 		quotaExtensionMappingRepository.deleteById(id);
 	}
 	/**
 	 * Gets the.
 	 *
 	 * @param page       the page
 	 * @param size       the size
 	 * @param sortBy     the sort by
 	 * @param descending the descending
 	 * @return the page
 	 */
 	public Page<QuotaExtensionMapping> get(int page, int size, String sortBy, boolean descending) {
 		Sort sort = descending ? Sort.by(sortBy).descending() : Sort.by(sortBy).ascending();
 		return quotaExtensionMappingRepository.findAll(PageRequest.of(page, size, sort));
 	}
 }
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.util.List;
@@ -29,6 +26,8 @@ public class QuotaManager implements UserDataProvider {
 	private QuotaRepository quotaRepository;
 	@Autowired
 	private QuotaMappingManager quotaMappingManager;
 	@Autowired
 	private QuotaExtensionManager quotaExtensionManager;
 	private QQuota qQuota = QQuota.quota;
 	/**
@@ -129,6 +128,23 @@ public class QuotaManager implements UserDataProvider {
 				&& quotaRepository.exists(qQuota.name.eq(name).and(qQuota.target.eq(target)).and(qQuota.value.gt(0)));
 	}
 	/**
 	 * Gets the effective quota value (base quota + active extensions).
 	 *
 	 * @param target the target
 	 * @param name   the name
 	 * @return the effective quota value
 	 */
 	public long getEffectiveQuotaValue(Long target, String name) {
 		Quota baseQuota = get(target, name);
 		long baseValue = baseQuota != null ? baseQuota.getValue() : 0;
 		// Add all active extension values
 		long extensionValue = quotaExtensionManager.getActiveExtensionValue(target, name);
 		return baseValue + extensionValue;
 	}
 	/**
 	 * Creates the.
 	 *
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 /**
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.time.Instant;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.io.BufferedReader;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.time.Instant;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.util.Hashtable;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.io.BufferedReader;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 /**
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic.support;
 import jakarta.persistence.PostLoad;
@@ -0,0 +1,21 @@
 package de.bstly.we.businesslogic.support;
 import java.time.temporal.ChronoUnit;
 import jakarta.persistence.AttributeConverter;
 import jakarta.persistence.Converter;
@Converter
 public class ChronoUnitConverter implements AttributeConverter<ChronoUnit, String> {
    @Override
    public String convertToDatabaseColumn(ChronoUnit chronoUnit) {
        return chronoUnit.name();
    }
    @Override
    public ChronoUnit convertToEntityAttribute(String value) {
        return ChronoUnit.valueOf(value);
    }
 }
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.businesslogic.support;
 import java.time.Instant;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -110,8 +107,8 @@ public class Authentication2FAController extends BaseController {
 	 */
 	@PreAuthorize("authentication.authenticated")
 	@GetMapping("/{id}")
-	public void isSecondFactorEnabled(@PathVariable("id") String providerId) {
+	public void isSecondFactorEnabled(@PathVariable String id) {
-		SecondFactorProvider<?> provider = secondFactorProviderManager.getProvider(providerId);
+		SecondFactorProvider<?> provider = secondFactorProviderManager.getProvider(id);
 		if (provider == null) {
 			throw new EntityResponseStatusException(HttpStatus.UNAUTHORIZED);
@@ -123,18 +120,19 @@ public class Authentication2FAController extends BaseController {
 	}
 	/**
-	 * Request second factor mail.
+	 * Request second factor.
 	 *
 	 * @param providerId the provider id
 	 * @return the challenge data (e.g., PublicKeyCredentialRequestOptions for WebAuthn)
 	 */
 	@PreAuthorize("hasRole('ROLE_PRE_AUTH_USER')")
 	@PostMapping("/{id}")
-	public void requestSecondFactorMail(@PathVariable("id") String providerId) {
+	public Object requestSecondFactor(@PathVariable String id) {
 		Long userId = getPreAuthenticationId();
 		if (userId == null) {
 			throw new EntityResponseStatusException(HttpStatus.UNAUTHORIZED);
 		}
-		SecondFactorProvider<?> provider = secondFactorProviderManager.getProvider(providerId);
+		SecondFactorProvider<?> provider = secondFactorProviderManager.getProvider(id);
 		if (provider == null) {
 			throw new EntityResponseStatusException(HttpStatus.UNAUTHORIZED);
@@ -146,7 +144,7 @@ public class Authentication2FAController extends BaseController {
 		SecondFactorRequestProvider<?> requestProvider = (SecondFactorRequestProvider<?>) provider;
-		requestProvider.request(userId);
+		return requestProvider.request(userId);
 	}
 	/**
@@ -157,8 +155,8 @@ public class Authentication2FAController extends BaseController {
 	 */
 	@PreAuthorize("authentication.authenticated")
 	@PutMapping("/{id}")
-	public SecondFactor createSecondFactor(@PathVariable("id") String providerId) {
+	public SecondFactor createSecondFactor(@PathVariable String id) {
-		SecondFactorProvider<?> provider = secondFactorProviderManager.getProvider(providerId);
+		SecondFactorProvider<?> provider = secondFactorProviderManager.getProvider(id);
 		if (provider == null) {
 			throw new EntityResponseStatusException(HttpStatus.UNAUTHORIZED);
@@ -179,8 +177,8 @@ public class Authentication2FAController extends BaseController {
 	 */
 	@PreAuthorize("authentication.authenticated")
 	@PatchMapping("/{id}")
-	public void enableSecondFactor(@PathVariable("id") String providerId, @RequestBody String token) {
+	public void enableSecondFactor(@PathVariable String id, @RequestBody String token) {
-		SecondFactorProvider<?> provider = secondFactorProviderManager.getProvider(providerId);
+		SecondFactorProvider<?> provider = secondFactorProviderManager.getProvider(id);
 		if (provider == null) {
 			throw new EntityResponseStatusException(HttpStatus.UNAUTHORIZED);
@@ -198,8 +196,8 @@ public class Authentication2FAController extends BaseController {
 	 */
 	@PreAuthorize("authentication.authenticated")
 	@DeleteMapping("/{id}")
-	public void removeSecondFactorMail(@PathVariable("id") String providerId) {
+	public void removeSecondFactorMail(@PathVariable String id) {
-		SecondFactorProvider<?> provider = secondFactorProviderManager.getProvider(providerId);
+		SecondFactorProvider<?> provider = secondFactorProviderManager.getProvider(id);
 		if (provider == null) {
 			throw new EntityResponseStatusException(HttpStatus.UNAUTHORIZED);
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.io.IOException;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import org.springframework.security.core.Authentication;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.Map;
@@ -135,7 +132,7 @@ public class ItemController extends BaseController {
 	 */
 	@PreAuthorize("isAuthenticated()")
 	@PostMapping("/{username}")
-	public void redeemForUser(@PathVariable("username") String username, HttpSession session) {
+	public void redeemForUser(@PathVariable String username, HttpSession session) {
 		if (tokenSessionManager.getTokenFromSession(session).isEmpty()) {
 			throw new EntityResponseStatusException(HttpStatus.NOT_MODIFIED);
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.time.Instant;
@@ -49,8 +46,8 @@ public class PermissionManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/{username}")
-	public List<Permission> getPermissionsForUser(@PathVariable("username") String username,
+	public List<Permission> getPermissionsForUser(@PathVariable String username,
-			@RequestParam("sort") Optional<String> sort, @RequestParam("ignoreStart") Optional<Boolean> ignoreStart) {
+			@RequestParam Optional<String> sort, @RequestParam Optional<Boolean> ignoreStart) {
 		User user = userManager.getByUsername(username);
 		if (user == null) {
@@ -73,7 +70,7 @@ public class PermissionManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/{username}/all")
-	public List<Permission> getAllPermissionsForUser(@PathVariable("username") String username,
+	public List<Permission> getAllPermissionsForUser(@PathVariable String username,
 			@RequestParam("sort") Optional<String> sort) {
 		User user = userManager.getByUsername(username);
@@ -161,7 +158,7 @@ public class PermissionManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PostMapping("/{name}/clone/{clone}")
-	public List<Permission> clone(@PathVariable("name") String name, @PathVariable("clone") String clone) {
+	public List<Permission> clone(@PathVariable String name, @PathVariable String clone) {
 		if (name.equals(clone)) {
 			throw new EntityResponseStatusException(HttpStatus.CONFLICT);
 		}
@@ -192,7 +189,7 @@ public class PermissionManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping("/{target}")
-	public void deleteAll(@PathVariable("target") Long target) {
+	public void deleteAll(@PathVariable Long target) {
 		permissionManager.deleteAll(target);
 	}
@@ -203,7 +200,7 @@ public class PermissionManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping("/byname/{name}")
-	public void deleteAllByName(@PathVariable("name") String name) {
+	public void deleteAllByName(@PathVariable String name) {
 		permissionManager.deleteAll(name);
 	}
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.io.IOException;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -0,0 +1,77 @@
 package de.bstly.we.controller;
 import java.util.List;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.google.common.collect.Lists;
 import de.bstly.we.businesslogic.QuotaExtensionManager;
 import de.bstly.we.controller.support.TokenSessionManager;
 import de.bstly.we.model.QuotaExtension;
 import jakarta.servlet.http.HttpSession;
 /**
 * The Class QuotaExtensionController.
 */
@RestController
@RequestMapping("/quota/extensions")
 public class QuotaExtensionController extends BaseController {
 	@Autowired
 	private QuotaExtensionManager quotaExtensionManager;
 	@Autowired
 	private TokenSessionManager tokenSessionManager;
 	/**
 	 * Gets the quotas.
 	 *
 	 * @return the quotas
 	 */
 	@GetMapping
 	public List<QuotaExtension> getQuotaExtensions() {
 		if (getCurrentUserId() == null) {
 			return Lists.newArrayList();
 		}
 		return quotaExtensionManager.getNotExpiresByTarget(getCurrentUserId());
 	}
 	/**
 	 * Gets the new quotas.
 	 *
 	 * @param session the session
 	 * @return the new quotas
 	 */
 	@GetMapping("/new")
 	public List<QuotaExtension> getNewQuotaExtensions(HttpSession session) {
 		List<QuotaExtension> quotas = Lists.newArrayList();
 		if (tokenSessionManager.getTokenFromSession(session).isEmpty()) {
 			return quotas;
 		}
 		for (String token : tokenSessionManager.getTokenFromSession(session)) {
 			tokenSessionManager.addQuotaExtensionsForToken(getCurrentUserId(), token, quotas);
 		}
 		return quotas;
 	}
 	/**
 	 * Gets the all quotas.
 	 *
 	 * @return the all quotas
 	 */
 	@GetMapping("/all")
 	public List<QuotaExtension> getAllQuotas() {
 		if (getCurrentUserId() == null) {
 			return Lists.newArrayList();
 		}
 		return quotaExtensionManager.getAllByTarget(getCurrentUserId());
 	}
 }
@@ -0,0 +1,122 @@
 package de.bstly.we.controller;
 import java.util.List;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.querydsl.binding.QuerydslPredicate;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 import com.querydsl.core.types.Predicate;
 import de.bstly.we.businesslogic.QuotaExtensionManager;
 import de.bstly.we.businesslogic.UserManager;
 import de.bstly.we.controller.support.EntityResponseStatusException;
 import de.bstly.we.model.QuotaExtension;
 import de.bstly.we.model.User;
 /**
 * The Class QuotaExtensionManagementController.
 */
@RestController
@RequestMapping("/management/quota/extensions")
@PreAuthorize("hasRole('ROLE_ADMIN')")
 public class QuotaExtensionManagementController {
 	@Autowired
 	private QuotaExtensionManager quotaExtensionManager;
 	@Autowired
 	private UserManager userManager;
 	/**
 	 * Get all quota extensions.
 	 */
 	@GetMapping
 	public Page<QuotaExtension> get(@QuerydslPredicate(root = QuotaExtension.class) Predicate predicate,
 			Pageable pageable) {
 		return quotaExtensionManager.getAll(predicate, pageable);
 	}
 	/**
 	 * Get quota extension by id.
 	 */
 	@GetMapping("/{id}")
 	public QuotaExtension get(@PathVariable Long id) {
 		return quotaExtensionManager.get(id);
 	}
 	/**
 	 * Get quota extensions by target.
 	 */
 	@GetMapping("/by-target/{target}")
 	public List<QuotaExtension> getByTarget(@PathVariable String username) {
 		User user = userManager.getByUsername(username);
 		if (user == null) {
 			throw new EntityResponseStatusException(HttpStatus.NO_CONTENT);
 		}
 		return quotaExtensionManager.getByTarget(user.getId());
 	}
 	/**
 	 * Get active quota extensions for target.
 	 */
 	@GetMapping("/by-target/{target}/active")
 	public List<QuotaExtension> getActiveByTarget(@PathVariable String username) {
 		User user = userManager.getByUsername(username);
 		if (user == null) {
 			throw new EntityResponseStatusException(HttpStatus.NO_CONTENT);
 		}
 		return quotaExtensionManager.getActiveExtensions(user.getId());
 	}
 	/**
 	 * Create quota extension.
 	 */
 	@PostMapping
 	@ResponseStatus(HttpStatus.CREATED)
 	public QuotaExtension create(@RequestBody QuotaExtension quotaExtension) {
 		return quotaExtensionManager.create(quotaExtension);
 	}
 	/**
 	 * Update quota extension.
 	 */
 	@PatchMapping("/{id}")
 	public QuotaExtension update(@PathVariable Long id, @RequestBody QuotaExtension quotaExtension) {
 		return quotaExtensionManager.update(id, quotaExtension);
 	}
 	/**
 	 * Delete quota extension.
 	 */
 	@DeleteMapping("/{id}")
 	@ResponseStatus(HttpStatus.NO_CONTENT)
 	public void delete(@PathVariable Long id) {
 		quotaExtensionManager.delete(id);
 	}
 	/**
 	 * Cleanup expired quota extensions.
 	 */
 	@PostMapping("/cleanup")
 	@ResponseStatus(HttpStatus.NO_CONTENT)
 	public void cleanup() {
 		quotaExtensionManager.cleanupExpired();
 	}
 }
@@ -0,0 +1,141 @@
 package de.bstly.we.controller;
 import java.util.List;
 import java.util.Optional;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.Errors;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import com.google.common.collect.Lists;
 import de.bstly.we.businesslogic.QuotaExtensionMappingManager;
 import de.bstly.we.controller.support.EntityResponseStatusException;
 import de.bstly.we.controller.support.RequestBodyErrors;
 import de.bstly.we.controller.validation.QuotaExtensionMappingValidator;
 import de.bstly.we.model.QuotaExtensionMapping;
 /**
 * The Class QuotaExtensionMappingController.
 */
@RestController
@RequestMapping("/quotas/extension-mappings")
 public class QuotaExtensionMappingController extends BaseController {
 	@Autowired
 	private QuotaExtensionMappingManager quotaExtensionMappingManager;
 	@Autowired
 	private QuotaExtensionMappingValidator quotaExtensionMappingValidator;
 	/**
 	 * Gets the quota extension mappings.
 	 *
 	 * @param pageParameter the page parameter
 	 * @param sizeParameter the size parameter
 	 * @return the quota extension mappings
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping
 	public Page<QuotaExtensionMapping> getQuotaExtensionMappings(@RequestParam("page") Optional<Integer> pageParameter,
 			@RequestParam("size") Optional<Integer> sizeParameter) {
 		return quotaExtensionMappingManager.get(pageParameter.orElse(0), sizeParameter.orElse(10), "id", true);
 	}
 	/**
 	 * Creates the.
 	 *
 	 * @param quotaExtensionMapping the quota extension mapping
 	 * @return the quota extension mapping
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PostMapping
 	public QuotaExtensionMapping create(@RequestBody QuotaExtensionMapping quotaExtensionMapping) {
 		Errors errors = new RequestBodyErrors(quotaExtensionMapping);
 		quotaExtensionMappingValidator.validate(quotaExtensionMapping, errors);
 		if (errors.hasErrors()) {
 			throw new EntityResponseStatusException(errors.getAllErrors(), HttpStatus.CONFLICT);
 		}
 		return quotaExtensionMappingManager.create(quotaExtensionMapping.getItems(), quotaExtensionMapping.getName(),
 				quotaExtensionMapping.getValue(), quotaExtensionMapping.getUnit(), quotaExtensionMapping.getLifetime(),
 				quotaExtensionMapping.getLifetimeUnit(), quotaExtensionMapping.isLifetimeRound(),
 				quotaExtensionMapping.getProducts(), quotaExtensionMapping.getStarts(),
 				quotaExtensionMapping.getExpires(),
 				quotaExtensionMapping.getStartsQuestion(), quotaExtensionMapping.getExpiresQuestion());
 	}
 	/**
 	 * Creates the list.
 	 *
 	 * @param quotaExtensionMappings the quota extension mappings
 	 * @return the list
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PostMapping("/list")
 	public List<QuotaExtensionMapping> createList(@RequestBody List<QuotaExtensionMapping> quotaExtensionMappings) {
 		List<QuotaExtensionMapping> result = Lists.newArrayList();
 		for (QuotaExtensionMapping quotaExtensionMapping : quotaExtensionMappings) {
 			Errors errors = new RequestBodyErrors(quotaExtensionMapping);
 			quotaExtensionMappingValidator.validate(quotaExtensionMapping, errors);
 			if (errors.hasErrors()) {
 				throw new EntityResponseStatusException(errors.getAllErrors(), HttpStatus.CONFLICT);
 			}
 			result.add(quotaExtensionMappingManager.create(quotaExtensionMapping.getItems(),
 					quotaExtensionMapping.getName(),
 					quotaExtensionMapping.getValue(), quotaExtensionMapping.getUnit(),
 					quotaExtensionMapping.getLifetime(),
 					quotaExtensionMapping.getLifetimeUnit(), quotaExtensionMapping.isLifetimeRound(),
 					quotaExtensionMapping.getProducts(), quotaExtensionMapping.getStarts(),
 					quotaExtensionMapping.getExpires(),
 					quotaExtensionMapping.getStartsQuestion(), quotaExtensionMapping.getExpiresQuestion()));
 		}
 		return result;
 	}
 	/**
 	 * Update.
 	 *
 	 * @param quotaExtensionMapping the quota extension mapping
 	 * @return the quota extension mapping
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PatchMapping
 	public QuotaExtensionMapping update(@RequestBody QuotaExtensionMapping quotaExtensionMapping) {
 		Errors errors = new RequestBodyErrors(quotaExtensionMapping);
 		if (errors.hasErrors()) {
 			throw new EntityResponseStatusException(errors.getAllErrors(), HttpStatus.CONFLICT);
 		}
 		return quotaExtensionMappingManager.update(quotaExtensionMapping);
 	}
 	/**
 	 * Delete.
 	 *
 	 * @param quotaExtensionMapping the quota extension mapping
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping
 	public void delete(@RequestBody QuotaExtensionMapping quotaExtensionMapping) {
 		quotaExtensionMappingManager.delete(quotaExtensionMapping.getId());
 	}
 }
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -48,8 +45,8 @@ public class QuotaManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/{username}")
-	public List<Quota> getQuotasForUser(@PathVariable("username") String username,
+	public List<Quota> getQuotasForUser(@PathVariable String username,
-			@RequestParam("sort") Optional<String> sort) {
+			@RequestParam Optional<String> sort) {
 		User user = userManager.getByUsername(username);
 		if (user == null) {
@@ -68,8 +65,8 @@ public class QuotaManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/{username}/all")
-	public List<Quota> getAllQuotasForUser(@PathVariable("username") String username,
+	public List<Quota> getAllQuotasForUser(@PathVariable String username,
-			@RequestParam("sort") Optional<String> sort) {
+			@RequestParam Optional<String> sort) {
 		User user = userManager.getByUsername(username);
 		if (user == null) {
@@ -88,7 +85,7 @@ public class QuotaManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/byname/{name}")
-	public List<Quota> getQuotasByName(@PathVariable("name") String name, @RequestParam("sort") Optional<String> sort) {
+	public List<Quota> getQuotasByName(@PathVariable String name, @RequestParam Optional<String> sort) {
 		return quotaManager.getAllByName(name, sort.orElse(null));
 	}
@@ -174,7 +171,7 @@ public class QuotaManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PostMapping("/{name}/clone/{clone}")
-	public List<Quota> clone(@PathVariable("name") String name, @PathVariable("clone") String clone,
+	public List<Quota> clone(@PathVariable String name, @PathVariable String clone,
 			@RequestBody long value) {
 		if (name.equals(clone)) {
 			throw new EntityResponseStatusException(HttpStatus.CONFLICT);
@@ -205,7 +202,7 @@ public class QuotaManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping("/{target}")
-	public void deleteAll(@PathVariable("target") Long target) {
+	public void deleteAll(@PathVariable Long target) {
 		quotaManager.deleteAll(target);
 	}
@@ -216,7 +213,7 @@ public class QuotaManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping("/byname/{name}")
-	public void deleteAllByName(@PathVariable("name") String name) {
+	public void deleteAllByName(@PathVariable String name) {
 		quotaManager.deleteAll(name);
 	}
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -73,7 +70,7 @@ public class SystemController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/properties/{key}")
-	public SystemProperty getProperty(@PathVariable("key") String key) {
+	public SystemProperty getProperty(@PathVariable String key) {
 		if (!systemPropertyRepository.existsById(key)) {
 			throw new EntityResponseStatusException(HttpStatus.NO_CONTENT);
 		}
@@ -111,7 +108,7 @@ public class SystemController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping("/properties/{key}")
-	public void deleteProperty(@PathVariable("key") String key) {
+	public void deleteProperty(@PathVariable String key) {
 		if (!systemPropertyRepository.existsById(key)) {
 			throw new EntityResponseStatusException(HttpStatus.NOT_MODIFIED);
 		}
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -57,7 +54,7 @@ public class SystemProfileFieldController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/{name}")
-	public SystemProfileField getByName(@PathVariable("name") String name) {
+	public SystemProfileField getByName(@PathVariable String name) {
 		SystemProfileField systemProfileField = systemProfileFieldManager.get(name);
 		if (systemProfileField == null) {
@@ -104,7 +101,7 @@ public class SystemProfileFieldController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping("/{name}")
-	public void deleteByName(@PathVariable("name") String name) {
+	public void deleteByName(@PathVariable String name) {
 		SystemProfileField systemProfileField = systemProfileFieldManager.get(name);
 		if (systemProfileField == null) {
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -123,7 +120,7 @@ public class UserAliasController extends BaseController {
 	 */
 	@PreAuthorize("isAuthenticated()")
 	@DeleteMapping("/{id}")
-	public void deleteAlias(@PathVariable("id") Long id) {
+	public void deleteAlias(@PathVariable Long id) {
 		UserAlias userAlias = userAliasManager.get(id);
 		if (userAlias == null || !userAlias.getTarget().equals(getCurrentUserId())) {
 			throw new EntityResponseStatusException(HttpStatus.CONFLICT);
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -64,7 +61,7 @@ public class UserAliasManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/{username}")
-	public List<UserAlias> getAliasesForUser(@PathVariable("username") String username) {
+	public List<UserAlias> getAliasesForUser(@PathVariable String username) {
 		User user = userManager.getByUsername(username);
 		if (user == null) {
@@ -100,7 +97,7 @@ public class UserAliasManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping("/{id}")
-	public void deleteAlias(@PathVariable("id") Long id) {
+	public void deleteAlias(@PathVariable Long id) {
 		UserAlias userAlias = userAliasManager.get(id);
 		if (userAlias == null) {
 			throw new EntityResponseStatusException(HttpStatus.CONFLICT);
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import jakarta.servlet.http.HttpSession;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -42,7 +39,7 @@ public class UserDataManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/{username}")
-	public Map<String, List<UserData>> getForUser(@PathVariable("username") String username) {
+	public Map<String, List<UserData>> getForUser(@PathVariable String username) {
 		User user = userManager.getByUsername(username);
 		if (user == null) {
@@ -59,7 +56,7 @@ public class UserDataManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PostMapping("/purge")
-	public void purge(@RequestParam("dry") boolean dry) {
+	public void purge(@RequestParam boolean dry) {
 		userDataManager.purge(dry);
 	}
@@ -71,7 +68,7 @@ public class UserDataManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PostMapping("/purge/{username}")
-	public void purgeByUsername(@PathVariable("username") String username, @RequestParam("dry") boolean dry) {
+	public void purgeByUsername(@PathVariable String username, @RequestParam boolean dry) {
 		User user = userManager.getByUsername(username);
 		if (user == null) {
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -118,7 +115,7 @@ public class UserDomainController extends BaseController {
 	 */
 	@PreAuthorize("isAuthenticated()")
 	@DeleteMapping("/{id}")
-	public void deleteDomain(@PathVariable("id") Long id) {
+	public void deleteDomain(@PathVariable Long id) {
 		UserDomain userDomain = userDomainManager.get(id);
 		if (userDomain == null || !userDomain.getTarget().equals(getCurrentUserId())) {
 			throw new EntityResponseStatusException(HttpStatus.CONFLICT);
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -68,7 +65,7 @@ public class UserDomainManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/{username}")
-	public List<UserDomain> getDomainsForUser(@PathVariable("username") String username) {
+	public List<UserDomain> getDomainsForUser(@PathVariable String username) {
 		User user = userManager.getByUsername(username);
 		if (user == null) {
@@ -113,7 +110,7 @@ public class UserDomainManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping("/{id}")
-	public void deleteDomain(@PathVariable("id") Long id) {
+	public void deleteDomain(@PathVariable Long id) {
 		UserDomain userDomain = userDomainManager.get(id);
 		if (userDomain == null) {
 			throw new EntityResponseStatusException(HttpStatus.CONFLICT);
@@ -128,7 +125,7 @@ public class UserDomainManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PostMapping("/validate/{id}")
-	public void validate(@PathVariable("id") Long id) {
+	public void validate(@PathVariable Long id) {
 		UserDomain userDomain = userDomainManager.get(id);
 		if (userDomain == null) {
 			throw new EntityResponseStatusException(HttpStatus.CONFLICT);
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.time.Instant;
@@ -95,7 +92,7 @@ public class UserManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/{username}")
-	public User getUserByUsername(@PathVariable("username") String username) {
+	public User getUserByUsername(@PathVariable String username) {
 		User user = userManager.getByUsername(username);
 		if (user == null) {
@@ -201,7 +198,7 @@ public class UserManagementController extends BaseController {
 	 */
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping("/{username}")
-	public void deleteUserByUsername(@PathVariable("username") String username) {
+	public void deleteUserByUsername(@PathVariable String username) {
 		User user = userManager.getByUsername(username);
 		if (user == null) {
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -79,7 +76,7 @@ public class UserProfileFieldController extends BaseController {
 	 */
 	@PreAuthorize("isAuthenticated()")
 	@GetMapping("/field/{name}")
-	public UserProfileField getField(@PathVariable("name") String name) {
+	public UserProfileField getField(@PathVariable String name) {
 		UserProfileField userProfileField = userProfileFieldManager.get(getCurrentUserId(), name);
 		if (userProfileField == null) {
@@ -96,7 +93,7 @@ public class UserProfileFieldController extends BaseController {
 	 * @return the for user
 	 */
 	@GetMapping("/{username}")
-	public ProfileModel getForUser(@PathVariable("username") String username) {
+	public ProfileModel getForUser(@PathVariable String username) {
 		Long currentUserId = getCurrentUserId();
 		User user = userManager.getByUsername(username);
@@ -182,8 +179,8 @@ public class UserProfileFieldController extends BaseController {
 	 * @return the field for user
 	 */
 	@GetMapping("/{username}/field/{name}")
-	public UserProfileField getFieldForUser(@PathVariable("username") String username,
+	public UserProfileField getFieldForUser(@PathVariable String username,
-			@PathVariable("name") String name) {
+			@PathVariable String name) {
 		User user = userManager.getByUsername(username);
@@ -275,7 +272,7 @@ public class UserProfileFieldController extends BaseController {
 	 */
 	@PreAuthorize("isAuthenticated()")
 	@DeleteMapping("/{name}")
-	public void delete(@PathVariable("name") String name) {
+	public void delete(@PathVariable String name) {
 		if (userProfileFieldManager.get(getCurrentUserId(), name) == null) {
 			throw new EntityResponseStatusException(HttpStatus.NOT_MODIFIED);
 		}
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -66,7 +63,7 @@ public class VoucherController extends BaseController {
 	 */
 	@PreAuthorize("isAuthenticated()")
 	@PostMapping("/{name}")
-	public String getVoucher(@PathVariable("name") String name) {
+	public String getVoucher(@PathVariable String name) {
 		if (!permissionManager.isFullUser(getCurrentUserId())) {
 			throw new EntityResponseStatusException(HttpStatus.FORBIDDEN);
 		}
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.debug;
 import java.util.Map;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.model;
 import java.util.Map;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.model;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.model;
 import lombok.Getter;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.model;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.model;
 import lombok.Getter;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.model;
 import lombok.Getter;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.model;
 import java.util.Map;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.model;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.model;
 import lombok.AllArgsConstructor;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.model;
 import java.util.List;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.support;
 import org.springframework.http.HttpHeaders;
@@ -1,10 +1,5 @@
 /**
 * 
 */
 package de.bstly.we.controller.support;
 import org.springframework.lang.Nullable;
 import org.springframework.core.NestedRuntimeException;
 import org.springframework.http.HttpStatusCode;
 import org.springframework.util.Assert;
@@ -21,7 +16,6 @@ public class EntityResponseStatusException extends NestedRuntimeException {
 	private final HttpStatusCode status;
 	@Nullable
 	private final Object body;
 	/**
@@ -39,7 +33,7 @@ public class EntityResponseStatusException extends NestedRuntimeException {
 	 * @param body   the body
 	 * @param status the status
 	 */
-	public EntityResponseStatusException(@Nullable Object body, HttpStatusCode status) {
+	public EntityResponseStatusException(Object body, HttpStatusCode status) {
 		this(body, status, null);
 	}
@@ -50,7 +44,7 @@ public class EntityResponseStatusException extends NestedRuntimeException {
 	 * @param status the status
 	 * @param cause  the cause
 	 */
-	public EntityResponseStatusException(@Nullable Object body, HttpStatusCode status, @Nullable Throwable cause) {
+	public EntityResponseStatusException(Object body, HttpStatusCode status, Throwable cause) {
 		super(null, cause);
 		Assert.notNull(status, "HttpStatus is required");
 		this.status = status;
@@ -71,7 +65,6 @@ public class EntityResponseStatusException extends NestedRuntimeException {
 	 *
 	 * @return the body
 	 */
 	@Nullable
 	public Object getBody() {
 		return this.body;
 	}
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.support;
 import java.io.IOException;
@@ -1,9 +1,5 @@
 /**
 * 
 */
 package de.bstly.we.controller.support;
 import org.springframework.lang.Nullable;
 import org.springframework.validation.AbstractBindingResult;
 /**
@@ -12,7 +8,6 @@ import org.springframework.validation.AbstractBindingResult;
@SuppressWarnings("serial")
 public class RequestBodyErrors extends AbstractBindingResult {
 	@Nullable
 	private final Object target;
 	/**
@@ -20,7 +15,7 @@ public class RequestBodyErrors extends AbstractBindingResult {
 	 *
 	 * @param target the target
 	 */
-	public RequestBodyErrors(@Nullable Object target) {
+	public RequestBodyErrors(Object target) {
 		super("request-body");
 		this.target = target;
 	}
@@ -1,14 +1,9 @@
 /**
 * 
 */
 package de.bstly.we.controller.support;
 import java.time.Instant;
 import java.util.List;
 import java.util.Set;
 import jakarta.servlet.http.HttpSession;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -22,15 +17,20 @@ import com.google.gson.JsonObject;
 import de.bstly.we.businesslogic.PermissionManager;
 import de.bstly.we.businesslogic.PermissionMappingManager;
 import de.bstly.we.businesslogic.PretixManager;
 import de.bstly.we.businesslogic.QuotaExtensionManager;
 import de.bstly.we.businesslogic.QuotaExtensionMappingManager;
 import de.bstly.we.businesslogic.QuotaManager;
 import de.bstly.we.businesslogic.QuotaMappingManager;
 import de.bstly.we.controller.model.ItemResultModel;
 import de.bstly.we.model.Permission;
 import de.bstly.we.model.PermissionMapping;
 import de.bstly.we.model.Quota;
 import de.bstly.we.model.QuotaExtension;
 import de.bstly.we.model.QuotaExtensionMapping;
 import de.bstly.we.model.QuotaMapping;
 import de.bstly.we.security.model.LocalUserDetails;
 import de.bstly.we.security.token.LocalAnonymousAuthenticationToken;
 import jakarta.servlet.http.HttpSession;
 /**
 * The Class TokenSessionManager.
@@ -47,8 +47,12 @@ public class TokenSessionManager {
 	@Autowired
 	private QuotaMappingManager quotaMappingManager;
 	@Autowired
 	private QuotaExtensionMappingManager quotaExtensionMappingManager;
 	@Autowired
 	private QuotaManager quotaManager;
 	@Autowired
 	private QuotaExtensionManager quotaExtensionManager;
 	@Autowired
 	private PretixManager pretixManager;
 	/**
@@ -154,6 +158,51 @@ public class TokenSessionManager {
 		}
 	}
 	/**
 	 * Gets the quota mappings for token.
 	 *
 	 * @param userId the user id
 	 * @param token  the token
 	 * @return the quota mappings for token
 	 */
 	public List<QuotaExtensionMapping> getQuotaExtensionMappingsForToken(Long userId, String token) {
 		List<QuotaExtensionMapping> quotaMappings = Lists.newArrayList();
 		try {
 			JsonObject result = pretixManager.getCheckInItemBySecret(token);
 			if (result != null && result.get("secret").getAsString().equals(token)
 					&& result.getAsJsonArray("checkins").size() < 1
 					&& "p".equals(result.get("order__status").getAsString())) {
 				int item = result.get("item").getAsInt();
 				quotaMappings.addAll(quotaExtensionMappingManager.getAllByItem(item));
 			}
 		} catch (Exception e) {
 			// ignore
 		}
 		return quotaMappings;
 	}
 	/**
 	 * Adds the quotas for token.
 	 *
 	 * @param userId the user id
 	 * @param token  the token
 	 * @param quotas the quotas
 	 */
 	public void addQuotaExtensionsForToken(Long userId, String token, List<QuotaExtension> quotas) {
 		try {
 			JsonObject result = pretixManager.getCheckInItemBySecret(token);
 			if (result != null && result.get("secret").getAsString().equals(token)
 					&& result.getAsJsonArray("checkins").size() < 1
 					&& "p".equals(result.get("order__status").getAsString())) {
 				int item = result.get("item").getAsInt();
 				quotaExtensionManager.addForItem(userId, item, quotas);
 			}
 		} catch (Exception e) {
 			// ignore
 		}
 	}
 	/**
 	 * Apply tokens.
 	 *
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.validation;
 import java.util.ArrayList;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.validation;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -0,0 +1,53 @@
 package de.bstly.we.controller.validation;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.validation.Errors;
 import org.springframework.validation.Validator;
 import de.bstly.we.businesslogic.QuotaExtensionMappingManager;
 import de.bstly.we.model.QuotaExtensionMapping;
 /**
 * The Class QuotaExtensionMappingValidator.
 */
@Component
 public class QuotaExtensionMappingValidator implements Validator {
 	@Autowired
 	private QuotaExtensionMappingManager quotaExtensionMappingManager;
 	/*
 	 * @see org.springframework.validation.Validator#supports(java.lang.Class)
 	 */
 	@Override
 	public boolean supports(Class<?> clazz) {
 		return clazz.isAssignableFrom(QuotaExtensionMapping.class);
 	}
 	/*
 	 * 
 	 * @see org.springframework.validation.Validator#validate(java.lang.Object,
 	 * org.springframework.validation.Errors)
 	 */
 	@Override
 	public void validate(Object target, Errors errors) {
 		QuotaExtensionMapping quotaExtensionMapping = (QuotaExtensionMapping) target;
 		for (Integer item : quotaExtensionMapping.getItems()) {
 			if (quotaExtensionMappingManager.exists(item, quotaExtensionMapping.getName())) {
 				errors.rejectValue("item", "ALREADY_EXISTS");
 				errors.rejectValue("name", "ALREADY_EXISTS");
 			}
 		}
 		if (quotaExtensionMapping.getValue() <= 0) {
 			errors.rejectValue("value", "TOO_SHORT");
 		}
 		if (quotaExtensionMapping.getLifetime() != null && quotaExtensionMapping.getLifetime() <= 0) {
 			errors.rejectValue("lifetime", "TOO_SHORT");
 		}
 	}
 }
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.validation;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.validation;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.validation;
 import org.apache.commons.validator.routines.DomainValidator;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.validation;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.validation;
 import java.time.Instant;
@@ -1,6 +1,3 @@
 /**
 * 
 */
 package de.bstly.we.controller.validation;
 import org.springframework.beans.factory.annotation.Autowired;
--- a/Show More
+++ b/Show More