do not purge user object to block username

2022-01-30 13:48:42 +01:00 · 2022-01-30 13:48:42 +01:00 · e3a437bd76
commit e3a437bd76
parent f3a309c597
3 changed files with 76 additions and 22 deletions
--- a/core/src/main/java/de/bstly/we/businesslogic/UserManager.java
+++ b/core/src/main/java/de/bstly/we/businesslogic/UserManager.java
@ -97,19 +97,23 @@ public class UserManager implements UserDataProvider {
 	 * @return the password hash
 	 */
 	public String getPasswordHash(Long id) {
-		Assert.isTrue(userRepository.existsById(id), "User with id '" + id + "' not exists!");
+		Assert.isTrue(userRepository.existsById(id), "User with id '"
+				+ id
+				+ "' not exists!");
 		return userRepository.findById(id).get().getPasswordHash();
 	}

 	/**
 	 * Sets the password.
 	 *
-	 * @param id the id
+	 * @param id       the id
 	 * @param password the password
 	 * @return the user
 	 */
 	public User setPassword(Long id, String password) {
-		Assert.isTrue(userRepository.existsById(id), "User with id '" + id + "' not exists!");
+		Assert.isTrue(userRepository.existsById(id), "User with id '"
+				+ id
+				+ "' not exists!");
 		User user = userRepository.findById(id).get();
 		user.setPasswordHash(passwordEncoder.encode(password));
 		return userRepository.save(user);
@ -120,12 +124,14 @@ public class UserManager implements UserDataProvider {
 	 *
 	 * @param username the username
 	 * @param password the password
-	 * @param status the status
+	 * @param status   the status
 	 * @return the user
 	 */
 	public User create(String username, String password, UserStatus status) {
 		Assert.isTrue(!userRepository.exists(qUser.username.equalsIgnoreCase(username)),
-				"Username '" + username + "' already exists!");
+				"Username '"
+						+ username
+						+ "' already exists!");
 		User user = new User();
 		user.setUsername(username);
 		if (StringUtils.hasText(password)) {
@ -142,9 +148,9 @@ public class UserManager implements UserDataProvider {
 	/**
 	 * Gets the.
 	 *
-	 * @param page the page
-	 * @param size the size
-	 * @param sortBy the sort by
+	 * @param page       the page
+	 * @param size       the size
+	 * @param sortBy     the sort by
 	 * @param descending the descending
 	 * @return the page
 	 */
@ -160,8 +166,9 @@ public class UserManager implements UserDataProvider {
 	 * @return the user
 	 */
 	public User update(User user) {
-		Assert.isTrue(userRepository.existsById(user.getId()),
-				"User with id '" + user.getId() + "' not exists!");
+		Assert.isTrue(userRepository.existsById(user.getId()), "User with id '"
+				+ user.getId()
+				+ "' not exists!");

 		User merge = get(user.getId());
 		merge.setUsername(user.getUsername());
@ -182,8 +189,9 @@ public class UserManager implements UserDataProvider {
 	 * @param user the user
 	 */
 	public void delete(User user) {
-		Assert.isTrue(userRepository.existsById(user.getId()),
-				"User with id '" + user.getId() + "' not exists!");
+		Assert.isTrue(userRepository.existsById(user.getId()), "User with id '"
+				+ user.getId()
+				+ "' not exists!");

 		File publicKey = new File(getPublicKeyPath(user.getUsername()));
 		if (publicKey.exists()) {
@ -202,13 +210,15 @@ public class UserManager implements UserDataProvider {
 	 * @return the bstly email
 	 */
 	public String getBstlyEmail(String username) {
-		return username + "@" + userEmailDomain;
+		return username
+				+ "@"
+				+ userEmailDomain;
 	}

 	/**
 	 * Write public key.
 	 *
-	 * @param username the username
+	 * @param username  the username
 	 * @param publicKey the public key
 	 */
 	public void writePublicKey(String username, String publicKey) {
@ -228,7 +238,8 @@ public class UserManager implements UserDataProvider {
 				FileWriter myWriter = new FileWriter(publicKeyPath);
 				myWriter.write(publicKey);
 				myWriter.close();
-				String command = "gpg --import " + publicKeyPath;
+				String command = "gpg --import "
+						+ publicKeyPath;
 				Runtime.getRuntime().exec(command);
 			} catch (IOException e) {
 				e.printStackTrace();
@ -243,19 +254,25 @@ public class UserManager implements UserDataProvider {
 	 * @return the public key path
 	 */
 	public String getPublicKeyPath(String username) {
-		return userDataDirectory + username + File.separator + "public.key";
+		return userDataDirectory
+				+ username
+				+ File.separator
+				+ "public.key";
 	}

 	/**
 	 * Password reset.
 	 *
-	 * @param user the user
+	 * @param user         the user
 	 * @param outputStream the output stream
 	 */
 	public void passwordReset(User user, ServletOutputStream outputStream) {
 		String resetToken = RandomStringUtils.random(64, true, true);
-		String command = "echo \"" + resetToken + "\" | gpg -ear "
-				+ getBstlyEmail(user.getUsername()) + " --always-trust";
+		String command = "echo \""
+				+ resetToken
+				+ "\" | gpg -ear "
+				+ getBstlyEmail(user.getUsername())
+				+ " --always-trust";

 		user.setResetToken(resetToken);

@ -328,7 +345,22 @@ public class UserManager implements UserDataProvider {
 	 */
 	@Override
 	public void purgeUserData(Long userId) {
-		userRepository.deleteById(userId);
+		User user = get(userId);
+		if (user != null) {
+			user.setDisabled(true);
+			user.setLocked(true);
+			user = update(user);
+			logger.warn("User '"
+					+ user.getUsername()
+					+ "' ["
+					+ user.getId()
+					+ "] should be purged!");
+
+		} else {
+			logger.error("No user found for ["
+					+ userId
+					+ "]!");
+		}
 	}

 }
--- a/core/src/main/java/de/bstly/we/controller/PermissionManagementController.java
+++ b/core/src/main/java/de/bstly/we/controller/PermissionManagementController.java
@ -17,6 +17,8 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;

+import com.google.common.collect.Lists;
+
 import de.bstly.we.businesslogic.PermissionManager;
 import de.bstly.we.businesslogic.UserManager;
 import de.bstly.we.controller.support.EntityResponseStatusException;
@ -100,10 +102,30 @@ public class PermissionManagementController extends BaseController {
 		return permissionManager.update(permission);
 	}

+	/**
+	 * Update permission.
+	 *
+	 * @param permission the permission
+	 * @return the permission
+	 */
+	@PreAuthorize("hasRole('ROLE_ADMIN')")
+	@PatchMapping("list")
+	public List<Permission> updatePermissions(@RequestBody List<Permission> permissions) {
+		List<Permission> result = Lists.newArrayList();
+		for (Permission permission : permissions) {
+			if (permission.getId() == null) {
+				throw new EntityResponseStatusException(HttpStatus.CONFLICT);
+			}
+
+			result.add(permissionManager.update(permission));
+		}
+		return result;
+	}
+
 	/**
 	 * Clone.
 	 *
-	 * @param name the name
+	 * @param name  the name
 	 * @param clone the clone
 	 * @return the list
 	 */
--- a/pom.xml
+++ b/pom.xml
@ -13,7 +13,7 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<java.version>11</java.version>
 		<log4j2.version>2.17.1</log4j2.version>
-		<revision>1.5.0-SNAPSHOT</revision>
+		<revision>1.6.0-SNAPSHOT</revision>
 	</properties>

 	<parent>