From e3a437bd76f12f1c1d1489fdc6fa7fb231345b67 Mon Sep 17 00:00:00 2001 From: _Bastler Date: Sun, 30 Jan 2022 13:48:42 +0100 Subject: [PATCH] do not purge user object to block username --- .../bstly/we/businesslogic/UserManager.java | 72 +++++++++++++------ .../PermissionManagementController.java | 24 ++++++- pom.xml | 2 +- 3 files changed, 76 insertions(+), 22 deletions(-) diff --git a/core/src/main/java/de/bstly/we/businesslogic/UserManager.java b/core/src/main/java/de/bstly/we/businesslogic/UserManager.java index aec80ae..d0349d6 100755 --- a/core/src/main/java/de/bstly/we/businesslogic/UserManager.java +++ b/core/src/main/java/de/bstly/we/businesslogic/UserManager.java @@ -97,19 +97,23 @@ public class UserManager implements UserDataProvider { * @return the password hash */ public String getPasswordHash(Long id) { - Assert.isTrue(userRepository.existsById(id), "User with id '" + id + "' not exists!"); + Assert.isTrue(userRepository.existsById(id), "User with id '" + + id + + "' not exists!"); return userRepository.findById(id).get().getPasswordHash(); } /** * Sets the password. * - * @param id the id + * @param id the id * @param password the password * @return the user */ public User setPassword(Long id, String password) { - Assert.isTrue(userRepository.existsById(id), "User with id '" + id + "' not exists!"); + Assert.isTrue(userRepository.existsById(id), "User with id '" + + id + + "' not exists!"); User user = userRepository.findById(id).get(); user.setPasswordHash(passwordEncoder.encode(password)); return userRepository.save(user); @@ -120,12 +124,14 @@ public class UserManager implements UserDataProvider { * * @param username the username * @param password the password - * @param status the status + * @param status the status * @return the user */ public User create(String username, String password, UserStatus status) { Assert.isTrue(!userRepository.exists(qUser.username.equalsIgnoreCase(username)), - "Username '" + username + "' already exists!"); + "Username '" + + username + + "' already exists!"); User user = new User(); user.setUsername(username); if (StringUtils.hasText(password)) { @@ -142,9 +148,9 @@ public class UserManager implements UserDataProvider { /** * Gets the. * - * @param page the page - * @param size the size - * @param sortBy the sort by + * @param page the page + * @param size the size + * @param sortBy the sort by * @param descending the descending * @return the page */ @@ -160,8 +166,9 @@ public class UserManager implements UserDataProvider { * @return the user */ public User update(User user) { - Assert.isTrue(userRepository.existsById(user.getId()), - "User with id '" + user.getId() + "' not exists!"); + Assert.isTrue(userRepository.existsById(user.getId()), "User with id '" + + user.getId() + + "' not exists!"); User merge = get(user.getId()); merge.setUsername(user.getUsername()); @@ -182,8 +189,9 @@ public class UserManager implements UserDataProvider { * @param user the user */ public void delete(User user) { - Assert.isTrue(userRepository.existsById(user.getId()), - "User with id '" + user.getId() + "' not exists!"); + Assert.isTrue(userRepository.existsById(user.getId()), "User with id '" + + user.getId() + + "' not exists!"); File publicKey = new File(getPublicKeyPath(user.getUsername())); if (publicKey.exists()) { @@ -202,13 +210,15 @@ public class UserManager implements UserDataProvider { * @return the bstly email */ public String getBstlyEmail(String username) { - return username + "@" + userEmailDomain; + return username + + "@" + + userEmailDomain; } /** * Write public key. * - * @param username the username + * @param username the username * @param publicKey the public key */ public void writePublicKey(String username, String publicKey) { @@ -228,7 +238,8 @@ public class UserManager implements UserDataProvider { FileWriter myWriter = new FileWriter(publicKeyPath); myWriter.write(publicKey); myWriter.close(); - String command = "gpg --import " + publicKeyPath; + String command = "gpg --import " + + publicKeyPath; Runtime.getRuntime().exec(command); } catch (IOException e) { e.printStackTrace(); @@ -243,19 +254,25 @@ public class UserManager implements UserDataProvider { * @return the public key path */ public String getPublicKeyPath(String username) { - return userDataDirectory + username + File.separator + "public.key"; + return userDataDirectory + + username + + File.separator + + "public.key"; } /** * Password reset. * - * @param user the user + * @param user the user * @param outputStream the output stream */ public void passwordReset(User user, ServletOutputStream outputStream) { String resetToken = RandomStringUtils.random(64, true, true); - String command = "echo \"" + resetToken + "\" | gpg -ear " - + getBstlyEmail(user.getUsername()) + " --always-trust"; + String command = "echo \"" + + resetToken + + "\" | gpg -ear " + + getBstlyEmail(user.getUsername()) + + " --always-trust"; user.setResetToken(resetToken); @@ -328,7 +345,22 @@ public class UserManager implements UserDataProvider { */ @Override public void purgeUserData(Long userId) { - userRepository.deleteById(userId); + User user = get(userId); + if (user != null) { + user.setDisabled(true); + user.setLocked(true); + user = update(user); + logger.warn("User '" + + user.getUsername() + + "' [" + + user.getId() + + "] should be purged!"); + + } else { + logger.error("No user found for [" + + userId + + "]!"); + } } } diff --git a/core/src/main/java/de/bstly/we/controller/PermissionManagementController.java b/core/src/main/java/de/bstly/we/controller/PermissionManagementController.java index 6223f45..2fc7c4e 100644 --- a/core/src/main/java/de/bstly/we/controller/PermissionManagementController.java +++ b/core/src/main/java/de/bstly/we/controller/PermissionManagementController.java @@ -17,6 +17,8 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; +import com.google.common.collect.Lists; + import de.bstly.we.businesslogic.PermissionManager; import de.bstly.we.businesslogic.UserManager; import de.bstly.we.controller.support.EntityResponseStatusException; @@ -100,10 +102,30 @@ public class PermissionManagementController extends BaseController { return permissionManager.update(permission); } + /** + * Update permission. + * + * @param permission the permission + * @return the permission + */ + @PreAuthorize("hasRole('ROLE_ADMIN')") + @PatchMapping("list") + public List updatePermissions(@RequestBody List permissions) { + List result = Lists.newArrayList(); + for (Permission permission : permissions) { + if (permission.getId() == null) { + throw new EntityResponseStatusException(HttpStatus.CONFLICT); + } + + result.add(permissionManager.update(permission)); + } + return result; + } + /** * Clone. * - * @param name the name + * @param name the name * @param clone the clone * @return the list */ diff --git a/pom.xml b/pom.xml index 3f2ed69..20477d2 100755 --- a/pom.xml +++ b/pom.xml @@ -13,7 +13,7 @@ UTF-8 11 2.17.1 - 1.5.0-SNAPSHOT + 1.6.0-SNAPSHOT