From ac79e1cf22f0b4b6157167a59bb5e738af16adf6 Mon Sep 17 00:00:00 2001 From: Tyro Date: Sun, 24 May 2020 21:51:40 +0200 Subject: [PATCH] Check for inactive accounts Check for employee by access on /intern --- .../hso/ecommerce/app/RequestController.java | 8 +++++++- .../ecommerce/components/LoginIntercepter.java | 17 ++++++++++++++++- .../controller/RegisterController.java | 15 +++++---------- .../entities/booking/PaymentMethod.java | 3 +-- 4 files changed, 29 insertions(+), 14 deletions(-) diff --git a/prototype/src/main/java/org/hso/ecommerce/app/RequestController.java b/prototype/src/main/java/org/hso/ecommerce/app/RequestController.java index 2680f28..bb0b5d6 100644 --- a/prototype/src/main/java/org/hso/ecommerce/app/RequestController.java +++ b/prototype/src/main/java/org/hso/ecommerce/app/RequestController.java @@ -46,11 +46,17 @@ public class RequestController { return "login"; } - if (!user.get().validatePassword(password)) { + if (!user.get().validatePassword(password)) { request.setAttribute("error", "Passwort falsch."); response.setStatus(HttpServletResponse.SC_EXPECTATION_FAILED); return "login"; } + + if (!user.get().isActive) { + request.setAttribute("error", "User ist deaktiviert."); + response.setStatus(HttpServletResponse.SC_EXPECTATION_FAILED); + return "login"; + } session.setAttribute("userId", user.get().getId()); diff --git a/prototype/src/main/java/org/hso/ecommerce/components/LoginIntercepter.java b/prototype/src/main/java/org/hso/ecommerce/components/LoginIntercepter.java index 8e1fc1d..e537867 100644 --- a/prototype/src/main/java/org/hso/ecommerce/components/LoginIntercepter.java +++ b/prototype/src/main/java/org/hso/ecommerce/components/LoginIntercepter.java @@ -24,6 +24,7 @@ public class LoginIntercepter implements HandlerInterceptor { HttpSession session = request.getSession(); Object userId = session.getAttribute("userId"); + Optional user = null; if (request.getRequestURI().startsWith("/user/")) { System.out.println("USER"); @@ -43,10 +44,24 @@ public class LoginIntercepter implements HandlerInterceptor { response.sendRedirect("/login"); return false; } + + user = userRepository.findById((Long) userId); + + if(user.isPresent() && !user.get().isEmployee) + { + session.setAttribute("afterLogin", request.getRequestURI()); + response.sendRedirect("/"); + return false; + } + } + + if (!request.getRequestURI().startsWith("/login")) { + session.removeAttribute("afterLogin"); } if (userId != null) { - Optional user = userRepository.findById((Long) userId); + if (user == null) + user = userRepository.findById((Long) userId); user.ifPresent(value -> request.setAttribute("user", value)); } diff --git a/prototype/src/main/java/org/hso/ecommerce/controller/RegisterController.java b/prototype/src/main/java/org/hso/ecommerce/controller/RegisterController.java index e38a583..00ade5d 100644 --- a/prototype/src/main/java/org/hso/ecommerce/controller/RegisterController.java +++ b/prototype/src/main/java/org/hso/ecommerce/controller/RegisterController.java @@ -1,6 +1,5 @@ package org.hso.ecommerce.controller; -import org.hso.ecommerce.entities.booking.PaymentMethod; import org.hso.ecommerce.entities.shop.Address; import org.hso.ecommerce.entities.user.User; import org.hso.ecommerce.repos.user.UserRepository; @@ -21,7 +20,7 @@ public class RegisterController { private final UserRepository userRepository = null; @PostMapping("/register") - public String register( + public String registerPost( HttpServletRequest request, HttpServletResponse response, @RequestParam("username") String username, @@ -37,7 +36,7 @@ public class RegisterController { Optional user = userRepository.findByEmail(username); if (user.isPresent()) { request.setAttribute("error", "Email Adresse existiert bereits!"); - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); + response.setStatus(HttpServletResponse.SC_EXPECTATION_FAILED); return "register"; } @@ -52,10 +51,9 @@ public class RegisterController { newUser.email = username; newUser.setPassword(password); newUser.email = username; - if (type.equals("bus")) - newUser.isEmployee = true; - else - newUser.isEmployee = false; + newUser.isEmployee = false; + //TODO for salutation, type, ad are no attributes/fields in the class/database. Add when they are there. + newUser.isActive = true; newUser.created = new java.sql.Timestamp(System.currentTimeMillis()); @@ -64,9 +62,6 @@ public class RegisterController { newAddress.addressString = address; newUser.defaultDeliveryAddress = newAddress; - PaymentMethod defaultPaymentMethod = PaymentMethod.fromCreditCarNumber("123456"); - newUser.defaultPayment = defaultPaymentMethod; - userRepository.save(newUser); // save newUser return "login"; diff --git a/prototype/src/main/java/org/hso/ecommerce/entities/booking/PaymentMethod.java b/prototype/src/main/java/org/hso/ecommerce/entities/booking/PaymentMethod.java index 4f81062..af0a9c0 100644 --- a/prototype/src/main/java/org/hso/ecommerce/entities/booking/PaymentMethod.java +++ b/prototype/src/main/java/org/hso/ecommerce/entities/booking/PaymentMethod.java @@ -1,11 +1,10 @@ package org.hso.ecommerce.entities.booking; import javax.persistence.Embeddable; -import javax.validation.constraints.NotNull; @Embeddable public class PaymentMethod { - @NotNull + public String creditCardNumber; public static PaymentMethod fromCreditCarNumber(String cardnumber) {