Improved user endpoints

This commit is contained in:
Marc Beyer 2022-01-28 05:52:48 +01:00
parent 3575dccf94
commit f22bdf3040
2 changed files with 69 additions and 21 deletions

View File

@ -118,7 +118,8 @@ public class UserController {
} }
@PostMapping(path = "/login-with-token") @PostMapping(path = "/login-with-token")
public @ResponseBody ResponseEntity<String> loginWithToken( public @ResponseBody
ResponseEntity<String> loginWithToken(
@RequestHeader("Authorization") String authorizationHeader, @RequestHeader("Authorization") String authorizationHeader,
@RequestParam long userId @RequestParam long userId
) { ) {
@ -130,18 +131,65 @@ public class UserController {
} }
@PostMapping(path = "/del") @PostMapping(path = "/del")
public @ResponseBody ResponseEntity<String> deleteUser( public @ResponseBody
ResponseEntity<String> deleteUser(
@RequestHeader("Authorization") String authorizationHeader, @RequestHeader("Authorization") String authorizationHeader,
@RequestParam long userId @RequestParam long userId
) { ) {
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository); User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if (authUser == null || !authUser.isAdmin()) { if (authUser == null || !authUser.isAdmin()) {
return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED); return new ResponseEntity<>("Du hast keine Rechte um den User zu löschen", HttpStatus.UNAUTHORIZED);
} }
User user = userRepository.findById(userId); User user = userRepository.findById(userId);
if (user == null) { if (user == null) {
return new ResponseEntity<>("User nicht in der Datenbank vorhanden", HttpStatus.BAD_REQUEST); return new ResponseEntity<>("User nicht in der Datenbank vorhanden", HttpStatus.BAD_REQUEST);
} }
userRepository.delete(user);
return new ResponseEntity<>("", HttpStatus.OK);
}
@PostMapping(path = "/edit")
public @ResponseBody ResponseEntity<String> editUser(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam long userId,
@RequestParam String name,
@RequestParam String forename,
@RequestParam String login,
@RequestParam String password,
@RequestParam Boolean isAdmin
) {
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if (authUser == null || (!authUser.isAdmin() && authUser.getId() != userId)) {
return new ResponseEntity<>("Du hast keine Rechte um den User zu editieren", HttpStatus.UNAUTHORIZED);
}
User user = userRepository.findById(userId);
if (user == null) {
return new ResponseEntity<>("User nicht in der Datenbank vorhanden", HttpStatus.BAD_REQUEST);
}
User userWithLogin = userRepository.findByLogin(login);
if (userWithLogin != null && userWithLogin.getId() != userId) {
return new ResponseEntity<>("Login exestiert bereits", HttpStatus.BAD_REQUEST);
}
byte[] salt = Hasher.GenerateSalt();
byte[] hash;
try {
hash = Hasher.HashPassword(password, salt);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
return new ResponseEntity<>("Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
}
user.setName(name);
user.setForename(forename);
user.setLogin(login);
user.setPassword(hash);
user.setSalt(salt);
user.setToken("");
user.setAdmin(isAdmin);
userRepository.save(user);
return new ResponseEntity<>("", HttpStatus.OK); return new ResponseEntity<>("", HttpStatus.OK);
} }

View File

@ -17,7 +17,7 @@ public class JSONMapper {
"\"forename\": \"" + user.getForename() + "\", " + "\"forename\": \"" + user.getForename() + "\", " +
"\"name\": \"" + user.getName() + "\", " + "\"name\": \"" + user.getName() + "\", " +
"\"login\": \"" + user.getLogin() + "\"," + "\"login\": \"" + user.getLogin() + "\"," +
"\"isAdmin\": " + user.isAdmin() + "\"admin\": " + user.isAdmin() +
"}"; "}";
} }