Skip to content
Find file Normal view History Permalink
InvitedRegistrationManager.java 4.49 KiB
Newer Older
Sonia Zorba's avatar
#4 Implemented invited registration
Sonia Zorba committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 
package it.inaf.ia2.gms.manager;

import it.inaf.ia2.gms.exception.NotFoundException;
import it.inaf.ia2.gms.exception.UnauthorizedException;
import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.persistence.GroupsDAO;
import it.inaf.ia2.gms.persistence.InvitedRegistrationDAO;
import it.inaf.ia2.gms.persistence.LoggingDAO;
import it.inaf.ia2.gms.persistence.MembershipsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.InvitedRegistration;
import it.inaf.ia2.gms.persistence.model.MembershipEntity;
import it.inaf.ia2.gms.service.PermissionsService;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
public class InvitedRegistrationManager extends UserAwareComponent {

    private static final String INVITED_REGISTRATION = "invited-registration";

    @Autowired
    private GroupsDAO groupsDAO;

    @Autowired
    private MembershipsDAO membershipsDAO;

    @Autowired
    private PermissionsService permissionsService;

    @Autowired
    private PermissionsManager permissionsManager;

    @Autowired
    private InvitedRegistrationDAO invitedRegistrationDAO;

    @Autowired
    private LoggingDAO loggingDAO;

    @Autowired
    private HttpSession httpSession;

    public void addInvitedRegistration(String tokenHash, String email, Map<GroupEntity, Permission> groupsPermissions) {

        Map<String, Permission> groupIdsPermissions = new HashMap<>();
        for (Map.Entry<GroupEntity, Permission> entry : groupsPermissions.entrySet()) {
            GroupEntity group = entry.getKey();
            if (permissionsManager.getCurrentUserPermission(group) != Permission.ADMIN) {
                throw new UnauthorizedException("You don't have the permission to perform invited registrations");
            }
            groupIdsPermissions.put(group.getId(), entry.getValue());
        }

        InvitedRegistration invitedRegistration = new InvitedRegistration()
                .setId(UUID.randomUUID().toString().replaceAll("-", ""))
                .setEmail(email)
                .setTokenHash(tokenHash)
                .setGroupsPermissions(groupIdsPermissions);

        invitedRegistrationDAO.addInvitedRegistration(invitedRegistration);
    }

    public InvitedRegistration getInvitedRegistrationFromToken(String token) {

        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-256");
            byte[] hash = digest.digest(token.getBytes(StandardCharsets.UTF_8));
            String tokenHash = Base64.getEncoder().encodeToString(hash);

            InvitedRegistration invitedRegistration = invitedRegistrationDAO.getInvitedRegistrationFromToken(tokenHash)
                    .orElseThrow(() -> new NotFoundException("No invited registrations found for this token"));

            httpSession.setAttribute(INVITED_REGISTRATION, invitedRegistration);

            loggingDAO.logAction("Started invited registration for email " + invitedRegistration.getEmail());

            return invitedRegistration;
        } catch (NoSuchAlgorithmException ex) {
            throw new RuntimeException(ex);
        }
    }

    public Optional<InvitedRegistration> completeInvitedRegistrationIfNecessary() {

        InvitedRegistration invitedRegistration = (InvitedRegistration) httpSession.getAttribute(INVITED_REGISTRATION);

        if (invitedRegistration != null) {

            for (Map.Entry<String, Permission> entry : invitedRegistration.getGroupsPermissions().entrySet()) {
                String groupId = entry.getKey();
                String userId = getCurrentUserId();

                GroupEntity groupEntity = groupsDAO.findGroupById(groupId).get();

                MembershipEntity membershipEntity = new MembershipEntity();
                membershipEntity.setUserId(userId);
                membershipEntity.setGroupId(groupId);
                membershipsDAO.addMember(membershipEntity);

                permissionsService.addPermission(groupEntity, userId, entry.getValue());
            }

            invitedRegistrationDAO.setRegistrationDone(invitedRegistration);

            httpSession.removeAttribute(INVITED_REGISTRATION);
        }

        return Optional.ofNullable(invitedRegistration);
    }
}