Reset password and create account through email and token query param…

…eter. other things as well.
cthit · Jun 15, 2024 · 16c97f8 · 16c97f8
1 parent b6f89de
commit 16c97f8
Show file tree

Hide file tree

Showing 35 changed files with 322 additions and 332 deletions.
diff --git a/app/src/main/java/it/chalmers/gamma/adapter/primary/web/AdminController.java b/app/src/main/java/it/chalmers/gamma/adapter/primary/web/AdminController.java
@@ -80,6 +80,6 @@ public ModelAndView setAdmins(
       return this.getAdmins(htmxRequest);
     }
 
-    return new ModelAndView("redirect:admins");
+    return new ModelAndView("redirect:/admins");
   }
 }
diff --git a/app/src/main/java/it/chalmers/gamma/adapter/primary/web/AllowListController.java b/app/src/main/java/it/chalmers/gamma/adapter/primary/web/AllowListController.java
@@ -47,7 +47,7 @@ public ModelAndView allow(
       return getAllowList(htmxRequest);
     }
 
-    return new ModelAndView("redirect:allow-list");
+    return new ModelAndView("redirect:/allow-list");
   }
 
   public record AllowCidForm(String cid) {}

diff --git a/app/src/main/java/it/chalmers/gamma/adapter/primary/web/ApiKeyController.java b/app/src/main/java/it/chalmers/gamma/adapter/primary/web/ApiKeyController.java
@@ -1,19 +1,20 @@
 package it.chalmers.gamma.adapter.primary.web;
 
-import static it.chalmers.gamma.adapter.primary.web.WebValidationHelper.validateObject;
-import static it.chalmers.gamma.app.common.UUIDValidator.isValidUUID;
-
 import it.chalmers.gamma.app.apikey.ApiKeyFacade;
 import it.chalmers.gamma.app.apikey.ApiKeySettingsFacade;
 import it.chalmers.gamma.app.common.PrettyName.PrettyNameValidator;
 import it.chalmers.gamma.app.supergroup.SuperGroupFacade;
 import jakarta.servlet.http.HttpServletResponse;
-import java.util.*;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.ModelAndView;
 
+import java.util.*;
+
+import static it.chalmers.gamma.adapter.primary.web.WebValidationHelper.validateObject;
+import static it.chalmers.gamma.app.common.UUIDValidator.isValidUUID;
+
 @Controller
 public class ApiKeyController {
 
@@ -129,11 +130,8 @@ public record CreateApiKey(
       String enDescription,
       String keyType) {}
 
-  @GetMapping("/api-keys/create")
-  public ModelAndView getCreateApiKey(
-      @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest,
-      CreateApiKey form,
-      BindingResult bindingResult) {
+  public ModelAndView createGetCreateApiKey(
+      boolean htmxRequest, CreateApiKey form, BindingResult bindingResult) {
     ModelAndView mv = new ModelAndView();
 
     if (htmxRequest) {
@@ -150,13 +148,19 @@ public ModelAndView getCreateApiKey(
     mv.addObject("form", form);
     mv.addObject("keyTypes", this.apiKeyFacade.getApiKeyTypes());
 
-    if (bindingResult.hasErrors()) {
+    if (bindingResult != null && bindingResult.hasErrors()) {
       mv.addObject(BindingResult.MODEL_KEY_PREFIX + "form", bindingResult);
     }
 
     return mv;
   }
 
+  @GetMapping("/api-keys/create")
+  public ModelAndView getCreateApiKey(
+      @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest) {
+    return createGetCreateApiKey(htmxRequest, null, null);
+  }
+
   @PostMapping("/api-keys/create")
   public ModelAndView createApiKey(
       @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest,
@@ -168,7 +172,7 @@ public ModelAndView createApiKey(
     validateObject(form, bindingResult);
 
     if (bindingResult.hasErrors()) {
-      return getCreateApiKey(htmxRequest, form, bindingResult);
+      return createGetCreateApiKey(htmxRequest, form, bindingResult);
     }
 
     ApiKeyFacade.CreatedApiKey createdApiKey =

diff --git a/app/src/main/java/it/chalmers/gamma/adapter/primary/web/ClientsController.java b/app/src/main/java/it/chalmers/gamma/adapter/primary/web/ClientsController.java
@@ -1,8 +1,5 @@
 package it.chalmers.gamma.adapter.primary.web;
 
-import static it.chalmers.gamma.adapter.primary.web.WebValidationHelper.validateObject;
-import static it.chalmers.gamma.app.common.UUIDValidator.isValidUUID;
-
 import it.chalmers.gamma.app.client.ClientApprovalFacade;
 import it.chalmers.gamma.app.client.ClientAuthorityFacade;
 import it.chalmers.gamma.app.client.ClientFacade;
@@ -15,13 +12,17 @@
 import it.chalmers.gamma.security.authentication.AuthenticationExtractor;
 import it.chalmers.gamma.security.authentication.UserAuthentication;
 import jakarta.servlet.http.HttpServletResponse;
-import java.util.*;
-import java.util.stream.Collectors;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.ModelAndView;
 
+import java.util.*;
+import java.util.stream.Collectors;
+
+import static it.chalmers.gamma.adapter.primary.web.WebValidationHelper.validateObject;
+import static it.chalmers.gamma.app.common.UUIDValidator.isValidUUID;
+
 @Controller
 public class ClientsController {
 
@@ -222,11 +223,8 @@ public void setRestrictions(List<UUID> restrictions) {
     }
   }
 
-  @GetMapping("/clients/create")
-  public ModelAndView getCreateClient(
-      @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest,
-      CreateClient form,
-      BindingResult bindingResult) {
+  public ModelAndView createGetCreateClient(
+      boolean htmxRequest, CreateClient form, BindingResult bindingResult) {
     ModelAndView mv = new ModelAndView();
 
     if (form == null) {
@@ -242,13 +240,19 @@ public ModelAndView getCreateClient(
 
     mv.addObject("form", form);
 
-    if (bindingResult.hasErrors()) {
+    if (bindingResult != null && bindingResult.hasErrors()) {
       mv.addObject(BindingResult.MODEL_KEY_PREFIX + "form", bindingResult);
     }
 
     return mv;
   }
 
+  @GetMapping("/clients/create")
+  public ModelAndView getCreateClient(
+      @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest) {
+    return createGetCreateClient(htmxRequest, null, null);
+  }
+
   @GetMapping("/clients/create/new-restriction")
   public ModelAndView newRestrictionRow(
       @RequestHeader(value = "HX-Request", required = true) boolean htmxRequest) {
@@ -283,7 +287,7 @@ public ModelAndView getCreateClient(
     validateObject(form, bindingResult);
 
     if (bindingResult.hasErrors()) {
-      return getCreateClient(htmxRequest, form, bindingResult);
+      return createGetCreateClient(htmxRequest, form, bindingResult);
     }
 
     ModelAndView mv = new ModelAndView();

diff --git a/app/src/main/java/it/chalmers/gamma/adapter/primary/web/ForgotPasswordController.java b/app/src/main/java/it/chalmers/gamma/adapter/primary/web/ForgotPasswordController.java
@@ -1,7 +1,5 @@
 package it.chalmers.gamma.adapter.primary.web;
 
-import static it.chalmers.gamma.adapter.primary.web.WebValidationHelper.validateObject;
-
 import it.chalmers.gamma.app.common.Email.EmailValidator;
 import it.chalmers.gamma.app.user.domain.Cid.CidValidator;
 import it.chalmers.gamma.app.user.passwordreset.UserResetPasswordFacade;
@@ -11,11 +9,15 @@
 import it.chalmers.gamma.app.validation.Validator;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
+import org.springframework.validation.ObjectError;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.servlet.ModelAndView;
 
+import static it.chalmers.gamma.adapter.primary.web.WebValidationHelper.validateObject;
+
 @Controller
 public class ForgotPasswordController {
 
@@ -41,15 +43,8 @@ public ValidationResult validate(String value) {
 
   public record ForgotPassword(@ValidatedWith(IdentifierValidator.class) String cidOrEmail) {}
 
-  @GetMapping("/forgot-password")
-  public ModelAndView getForgotPassword(
-      @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest,
-      ForgotPassword form,
-      BindingResult bindingResult) {
-    if (form == null) {
-      form = new ForgotPassword("");
-    }
-
+  public ModelAndView createGetForgotPassword(
+      boolean htmxRequest, ForgotPassword form, BindingResult bindingResult, boolean hasSent) {
     ModelAndView mv = new ModelAndView();
 
     if (htmxRequest) {
@@ -60,40 +55,43 @@ public ModelAndView getForgotPassword(
     }
 
     mv.addObject("form", form);
+    mv.addObject("hasSent", hasSent);
 
-    if (bindingResult.hasErrors()) {
+    if (bindingResult != null && bindingResult.hasErrors()) {
       mv.addObject(BindingResult.MODEL_KEY_PREFIX + "form", bindingResult);
     }
 
     return mv;
   }
 
+  @GetMapping("/forgot-password")
+  public ModelAndView getForgotPassword(
+      @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest) {
+    return createGetForgotPassword(htmxRequest, new ForgotPassword(""), null, false);
+  }
+
   @PostMapping("/forgot-password")
   public ModelAndView sendForgotPassword(
       @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest,
       ForgotPassword form,
       final BindingResult bindingResult) {
-    ModelAndView mv = new ModelAndView();
-
     validateObject(form, bindingResult);
 
     if (bindingResult.hasErrors()) {
-      return getForgotPassword(htmxRequest, form, bindingResult);
+      return createGetForgotPassword(htmxRequest, form, bindingResult, false);
     }
 
     try {
       this.userResetPasswordFacade.startResetPasswordProcess(form.cidOrEmail);
-      mv.setViewName("redirect:forgot-password/finalize");
     } catch (UserResetPasswordFacade.PasswordResetProcessException e) {
-      mv.setViewName("redirect:forgot-password/finalize");
+      // ignore
     }
 
-    return mv;
+    return createGetForgotPassword(htmxRequest, form, bindingResult, true);
   }
 
-  @GetMapping("/forgot-password/finalize")
-  public ModelAndView getFinalizeForgotPassword(
-      @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest) {
+  public ModelAndView createGetFinalizeForgotPassword(
+      boolean htmxRequest, FinalizeForgotPassword form, BindingResult bindingResult) {
     ModelAndView mv = new ModelAndView();
 
     if (htmxRequest) {
@@ -103,29 +101,42 @@ public ModelAndView getFinalizeForgotPassword(
       mv.addObject("page", "pages/finalize-forgot-password");
     }
 
-    mv.addObject("form", new FinalizeForgotPassword("", "", "", ""));
+    mv.addObject("form", form);
+
+    if (bindingResult != null && bindingResult.hasErrors()) {
+      mv.addObject(BindingResult.MODEL_KEY_PREFIX + "form", bindingResult);
+    }
 
     return mv;
   }
 
-  public record FinalizeForgotPassword(
-      String email, String token, String password, String confirmPassword) {}
+  @GetMapping("/forgot-password/finalize")
+  public ModelAndView getFinalizeForgotPassword(
+      @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest,
+      @RequestParam(value = "token", required = true) String token) {
+    FinalizeForgotPassword form = new FinalizeForgotPassword(token, "", "");
+
+    return createGetFinalizeForgotPassword(htmxRequest, form, null);
+  }
+
+  public record FinalizeForgotPassword(String token, String password, String confirmPassword) {}
 
   @PostMapping("/forgot-password/finalize")
   public ModelAndView finalizeForgotPassword(
       @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest,
-      FinalizeForgotPassword form) {
+      FinalizeForgotPassword form,
+      BindingResult bindingResult) {
     try {
       this.userResetPasswordFacade.finishResetPasswordProcess(
-          form.email, form.token, form.password, form.confirmPassword);
+          form.token, form.password, form.confirmPassword);
     } catch (UserResetPasswordFacade.PasswordResetProcessException e) {
       throw new RuntimeException(e);
+    } catch (IllegalArgumentException e) {
+      bindingResult.addError(new ObjectError("global", e.getMessage()));
+      return createGetFinalizeForgotPassword(
+          htmxRequest, new FinalizeForgotPassword(form.token, "", ""), bindingResult);
     }
 
-    ModelAndView mv = new ModelAndView();
-
-    mv.setViewName("redirect:login?password-reset");
-
-    return mv;
+    return new ModelAndView("redirect:/");
   }
 }
diff --git a/app/src/main/java/it/chalmers/gamma/adapter/primary/web/GdprController.java b/app/src/main/java/it/chalmers/gamma/adapter/primary/web/GdprController.java
@@ -82,6 +82,6 @@ public ModelAndView setGdprTrained(
       this.userGdprTrainingFacade.updateGdprTrainedStatus(userId, false);
     }
 
-    return new ModelAndView("redirect:gdpr");
+    return new ModelAndView("redirect:/gdpr");
   }
 }
diff --git a/app/src/main/java/it/chalmers/gamma/adapter/primary/web/GroupsController.java b/app/src/main/java/it/chalmers/gamma/adapter/primary/web/GroupsController.java
@@ -1,17 +1,12 @@
 package it.chalmers.gamma.adapter.primary.web;
 
-import static it.chalmers.gamma.adapter.primary.web.WebValidationHelper.validateObject;
-import static it.chalmers.gamma.app.common.UUIDValidator.isValidUUID;
-
 import it.chalmers.gamma.app.common.PrettyName.PrettyNameValidator;
 import it.chalmers.gamma.app.group.GroupFacade;
 import it.chalmers.gamma.app.post.PostFacade;
 import it.chalmers.gamma.app.supergroup.SuperGroupFacade;
 import it.chalmers.gamma.app.user.UserFacade;
 import it.chalmers.gamma.app.user.domain.Name.NameValidator;
 import jakarta.servlet.http.HttpServletResponse;
-import java.util.*;
-import java.util.stream.Collectors;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
@@ -20,6 +15,12 @@
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.ModelAndView;
 
+import java.util.*;
+import java.util.stream.Collectors;
+
+import static it.chalmers.gamma.adapter.primary.web.WebValidationHelper.validateObject;
+import static it.chalmers.gamma.app.common.UUIDValidator.isValidUUID;
+
 @Controller
 public class GroupsController {
 
@@ -435,11 +436,7 @@ public ModelAndView getNewMember(
     return mv;
   }
 
-  @GetMapping("/groups/create")
-  public ModelAndView getCreateGroup(
-      @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest,
-      GroupForm form,
-      BindingResult bindingResult) {
+  public ModelAndView createGetCreateGroup(boolean htmxRequest, GroupForm form, BindingResult bindingResult) {
     ModelAndView mv = new ModelAndView();
 
     if (htmxRequest) {
@@ -456,13 +453,19 @@ public ModelAndView getCreateGroup(
     mv.addObject("form", form);
     mv.addObject("superGroups", this.superGroupFacade.getAll());
 
-    if (bindingResult.hasErrors()) {
+    if (bindingResult != null && bindingResult.hasErrors()) {
       mv.addObject(BindingResult.MODEL_KEY_PREFIX + "form", bindingResult);
     }
 
     return mv;
   }
 
+  @GetMapping("/groups/create")
+  public ModelAndView getCreateGroup(
+      @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest) {
+    return createGetCreateGroup(htmxRequest, null, null);
+  }
+
   @PostMapping("/groups/create")
   public ModelAndView createGroup(
       @RequestHeader(value = "HX-Request", required = false) boolean htmxRequest,
@@ -472,7 +475,7 @@ public ModelAndView createGroup(
     validateObject(form, bindingResult);
 
     if (bindingResult.hasErrors()) {
-      return getCreateGroup(htmxRequest, form, bindingResult);
+      return createGetCreateGroup(htmxRequest, form, bindingResult);
     }
 
     UUID groupId =