@Test public void delete_tokens_by_user() { UserDto user1 = db.users().insertUser(); UserDto user2 = db.users().insertUser(); db.users().insertToken(user1); db.users().insertToken(user1); db.users().insertToken(user2); underTest.deleteByUser(dbSession, user1); db.commit(); assertThat(underTest.selectByUser(dbSession, user1)).isEmpty(); assertThat(underTest.selectByUser(dbSession, user2)).hasSize(1); }
@Test public void delete_token_by_user_and_name() { UserDto user1 = db.users().insertUser(); UserDto user2 = db.users().insertUser(); db.users().insertToken(user1, t -> t.setName("name")); db.users().insertToken(user1, t -> t.setName("another-name")); db.users().insertToken(user2, t -> t.setName("name")); underTest.deleteByUserAndName(dbSession, user1, "name"); assertThat(underTest.selectByUserAndName(dbSession, user1, "name")).isNull(); assertThat(underTest.selectByUserAndName(dbSession, user1, "another-name")).isNotNull(); assertThat(underTest.selectByUserAndName(dbSession, user2, "name")).isNotNull(); }
@Test public void insert_token() { UserTokenDto userToken = newUserToken(); underTest.insert(db.getSession(), userToken); UserTokenDto userTokenFromDb = underTest.selectByTokenHash(db.getSession(), userToken.getTokenHash()); assertThat(userTokenFromDb).isNotNull(); assertThat(userTokenFromDb.getName()).isEqualTo(userToken.getName()); assertThat(userTokenFromDb.getCreatedAt()).isEqualTo(userToken.getCreatedAt()); assertThat(userTokenFromDb.getTokenHash()).isEqualTo(userToken.getTokenHash()); assertThat(userTokenFromDb.getUserUuid()).isEqualTo(userToken.getUserUuid()); }
private SearchWsResponse doHandle(Request request) { try (DbSession dbSession = dbClient.openSession(false)) { UserDto user = userTokenSupport.getUser(dbSession, request); List<UserTokenDto> userTokens = dbClient.userTokenDao().selectByUser(dbSession, user); return buildResponse(user, userTokens); } }
@CheckForNull public UserTokenDto selectByTokenHash(DbSession dbSession, String tokenHash) { return mapper(dbSession).selectByTokenHash(tokenHash); }
private String hashToken(DbSession dbSession, String token) { String tokenHash = tokenGenerator.hash(token); UserTokenDto userToken = dbClient.userTokenDao().selectByTokenHash(dbSession, tokenHash); if (userToken == null) { return tokenHash; } throw new ServerException(HTTP_INTERNAL_ERROR, "Error while generating token. Please try again."); }
@Test public void count_tokens_by_user() { UserDto user = db.users().insertUser(); db.users().insertToken(user, t -> t.setName("name")); db.users().insertToken(user, t -> t.setName("another-name")); Map<String, Integer> result = underTest.countTokensByUsers(dbSession, singletonList(user)); assertThat(result.get(user.getUuid())).isEqualTo(2); assertThat(result.get("unknown-user_uuid")).isNull(); } }
private void checkTokenDoesNotAlreadyExists(DbSession dbSession, UserDto user, String name) { UserTokenDto userTokenDto = dbClient.userTokenDao().selectByUserAndName(dbSession, user, name); checkRequest(userTokenDto == null, "A user token for login '%s' and name '%s' already exists", user.getLogin(), name); }
@SafeVarargs public final UserTokenDto insertToken(UserDto user, Consumer<UserTokenDto>... populators) { UserTokenDto dto = newUserToken().setUserUuid(user.getUuid()); stream(populators).forEach(p -> p.accept(dto)); db.getDbClient().userTokenDao().insert(db.getSession(), dto); db.commit(); return dto; }
@Override public void handle(Request request, Response response) throws Exception { String name = request.mandatoryParam(PARAM_NAME); try (DbSession dbSession = dbClient.openSession(false)) { UserDto user = userTokenSupport.getUser(dbSession, request); dbClient.userTokenDao().deleteByUserAndName(dbSession, user, name); dbSession.commit(); } response.noContent(); } }
@Override public void handle(Request request, Response response) throws Exception { userSession.checkLoggedIn().checkIsSystemAdministrator(); String login = request.mandatoryParam(PARAM_LOGIN); checkRequest(!login.equals(userSession.getLogin()), "Self-deactivation is not possible"); try (DbSession dbSession = dbClient.openSession(false)) { UserDto user = dbClient.userDao().selectByLogin(dbSession, login); checkFound(user, "User '%s' doesn't exist", login); ensureNotLastAdministrator(dbSession, user); Integer userId = user.getId(); dbClient.userTokenDao().deleteByUser(dbSession, user); dbClient.propertiesDao().deleteByKeyAndValue(dbSession, DEFAULT_ISSUE_ASSIGNEE, user.getLogin()); dbClient.propertiesDao().deleteByQuery(dbSession, PropertyQuery.builder().setUserId(userId).build()); dbClient.userGroupDao().deleteByUserId(dbSession, userId); dbClient.userPermissionDao().deleteByUserId(dbSession, userId); dbClient.permissionTemplateDao().deleteUserPermissionsByUserId(dbSession, userId); dbClient.qProfileEditUsersDao().deleteByUser(dbSession, user); dbClient.organizationMemberDao().deleteByUserId(dbSession, userId); dbClient.userPropertiesDao().deleteByUser(dbSession, user); dbClient.userDao().deactivateUser(dbSession, user); userIndexer.commitAndIndex(dbSession, user); } writeResponse(response, login); }
@Test public void user_can_delete_its_own_tokens() { UserDto user = db.users().insertUser(); UserTokenDto token = db.users().insertToken(user); userSession.logIn(user); String response = newRequest(null, token.getName()); assertThat(response).isEmpty(); assertThat(dbClient.userTokenDao().selectByUser(dbSession, user)).isEmpty(); }
public void insert(DbSession dbSession, UserTokenDto userTokenDto) { mapper(dbSession).insert(userTokenDto); }
/** * Returns the user uuid if the token hash is found, else {@code Optional.absent()}. * The returned uuid is not validated. If database is corrupted (table USER_TOKENS badly purged * for instance), then the uuid may not relate to a valid user. */ public Optional<String> authenticate(String token) { String tokenHash = tokenGenerator.hash(token); try (DbSession dbSession = dbClient.openSession(false)) { UserTokenDto userToken = dbClient.userTokenDao().selectByTokenHash(dbSession, tokenHash); if (userToken == null) { return empty(); } return of(userToken.getUserUuid()); } } }
private Users.SearchWsResponse doHandle(SearchRequest request) { SearchOptions options = new SearchOptions().setPage(request.getPage(), request.getPageSize()); List<String> fields = request.getPossibleFields(); SearchResult<UserDoc> result = userIndex.search(UserQuery.builder().setTextQuery(request.getQuery()).build(), options); try (DbSession dbSession = dbClient.openSession(false)) { List<String> logins = result.getDocs().stream().map(UserDoc::login).collect(toList()); Multimap<String, String> groupsByLogin = dbClient.groupMembershipDao().selectGroupsByLogins(dbSession, logins); List<UserDto> users = dbClient.userDao().selectByOrderedLogins(dbSession, logins); Map<String, Integer> tokenCountsByLogin = dbClient.userTokenDao().countTokensByUsers(dbSession, users); Paging paging = forPageIndex(request.getPage()).withPageSize(request.getPageSize()).andTotal((int) result.getTotal()); return buildResponse(users, groupsByLogin, tokenCountsByLogin, fields, paging); } }
@Test public void select_by_user_and_name() { UserDto user = db.users().insertUser(); UserTokenDto userToken = db.users().insertToken(user, t -> t.setName("name").setTokenHash("token")); UserTokenDto resultByLoginAndName = underTest.selectByUserAndName(db.getSession(), user, userToken.getName()); assertThat(resultByLoginAndName.getUserUuid()).isEqualTo(user.getUuid()); assertThat(resultByLoginAndName.getName()).isEqualTo(userToken.getName()); assertThat(resultByLoginAndName.getCreatedAt()).isEqualTo(userToken.getCreatedAt()); assertThat(resultByLoginAndName.getTokenHash()).isEqualTo(userToken.getTokenHash()); assertThat(underTest.selectByUserAndName(db.getSession(), user, "unknown-name")).isNull(); }
private UserTokenDto insertTokenInDb(DbSession dbSession, UserDto user, String name, String tokenHash) { UserTokenDto userTokenDto = new UserTokenDto() .setUserUuid(user.getUuid()) .setName(name) .setTokenHash(tokenHash) .setCreatedAt(system.now()); dbClient.userTokenDao().insert(dbSession, userTokenDto); dbSession.commit(); return userTokenDto; }
@Override public void handle(Request request, Response response) throws Exception { String name = request.mandatoryParam(PARAM_NAME); try (DbSession dbSession = dbClient.openSession(false)) { UserDto user = userTokenSupport.getUser(dbSession, request); dbClient.userTokenDao().deleteByUserAndName(dbSession, user, name); dbSession.commit(); } response.noContent(); } }
@Override public void handle(Request request, Response response) throws Exception { userSession.checkLoggedIn().checkIsSystemAdministrator(); String login = request.mandatoryParam(PARAM_LOGIN); checkRequest(!login.equals(userSession.getLogin()), "Self-deactivation is not possible"); try (DbSession dbSession = dbClient.openSession(false)) { UserDto user = dbClient.userDao().selectByLogin(dbSession, login); checkFound(user, "User '%s' doesn't exist", login); ensureNotLastAdministrator(dbSession, user); Integer userId = user.getId(); dbClient.userTokenDao().deleteByUser(dbSession, user); dbClient.propertiesDao().deleteByKeyAndValue(dbSession, DEFAULT_ISSUE_ASSIGNEE, user.getLogin()); dbClient.propertiesDao().deleteByQuery(dbSession, PropertyQuery.builder().setUserId(userId).build()); dbClient.userGroupDao().deleteByUserId(dbSession, userId); dbClient.userPermissionDao().deleteByUserId(dbSession, userId); dbClient.permissionTemplateDao().deleteUserPermissionsByUserId(dbSession, userId); dbClient.qProfileEditUsersDao().deleteByUser(dbSession, user); dbClient.organizationMemberDao().deleteByUserId(dbSession, userId); dbClient.userDao().deactivateUser(dbSession, user); userIndexer.commitAndIndex(dbSession, user); } writeResponse(response, login); }
@Test public void deactivate_user_deletes_his_tokens() { logInAsSystemAdministrator(); UserDto user = db.users().insertUser(); db.users().insertToken(user); db.users().insertToken(user); db.commit(); deactivate(user.getLogin()); assertThat(db.getDbClient().userTokenDao().selectByUser(dbSession, user)).isEmpty(); }