Author: bleny Date: 2011-04-20 15:31:49 +0000 (Wed, 20 Apr 2011) New Revision: 1224 Log: use UUID as token for user auth ; make possible to auth on any profile ; fix url in UI Modified: trunk/wao-business/src/main/java/fr/ifremer/wao/PostgresMigrationCallback.java trunk/wao-business/src/main/java/fr/ifremer/wao/WaoContextImpl.java trunk/wao-business/src/main/java/fr/ifremer/wao/WaoMigrationCallBack.java trunk/wao-business/src/main/java/fr/ifremer/wao/bean/ConnectedUserImpl.java trunk/wao-business/src/main/java/fr/ifremer/wao/entity/UserProfileImpl.java trunk/wao-business/src/main/java/fr/ifremer/wao/entity/WaoUserDAOImpl.java trunk/wao-business/src/main/java/fr/ifremer/wao/service/ServiceUserImpl.java trunk/wao-business/src/main/resources/i18n/wao-business_en_GB.properties trunk/wao-business/src/main/resources/i18n/wao-business_fr_FR.properties trunk/wao-business/src/main/xmi/wao.zargo trunk/wao-business/src/test/java/fr/ifremer/wao/service/ObsDebFixtures.java trunk/wao-business/src/test/java/fr/ifremer/wao/service/ObsDebTest.java trunk/wao-business/src/test/java/fr/ifremer/wao/service/ServiceUserImplTest.java trunk/wao-ui/src/main/webapp/ObsDebSamplingPlan.tml Modified: trunk/wao-business/src/main/java/fr/ifremer/wao/PostgresMigrationCallback.java =================================================================== --- trunk/wao-business/src/main/java/fr/ifremer/wao/PostgresMigrationCallback.java 2011-04-20 13:54:23 UTC (rev 1223) +++ trunk/wao-business/src/main/java/fr/ifremer/wao/PostgresMigrationCallback.java 2011-04-20 15:31:49 UTC (rev 1224) @@ -863,4 +863,9 @@ protected void addObsDebToContacts_3_0(List<String> queries) { queries.add("ALTER TABLE Contact ADD landingDate TIMESTAMP WITHOUT TIME ZONE;"); } + + @Override + protected void addTokensToUserProfiles_3_0(List<String> queries) { + queries.add("ALTER TABLE UserProfile ADD token CHARACTER VARYING(50);"); + } } Modified: trunk/wao-business/src/main/java/fr/ifremer/wao/WaoContextImpl.java =================================================================== --- trunk/wao-business/src/main/java/fr/ifremer/wao/WaoContextImpl.java 2011-04-20 13:54:23 UTC (rev 1223) +++ trunk/wao-business/src/main/java/fr/ifremer/wao/WaoContextImpl.java 2011-04-20 15:31:49 UTC (rev 1224) @@ -271,6 +271,8 @@ serviceReferential.importInitialContactStateMotifs(); + serviceUser.addTokensToAllProfiles(); + if (log.isInfoEnabled()) { log.info("wao is started !"); } Modified: trunk/wao-business/src/main/java/fr/ifremer/wao/WaoMigrationCallBack.java =================================================================== --- trunk/wao-business/src/main/java/fr/ifremer/wao/WaoMigrationCallBack.java 2011-04-20 13:54:23 UTC (rev 1223) +++ trunk/wao-business/src/main/java/fr/ifremer/wao/WaoMigrationCallBack.java 2011-04-20 15:31:49 UTC (rev 1224) @@ -141,6 +141,8 @@ protected abstract void addObsDebToContacts_3_0(List<String> queries); + protected abstract void addTokensToUserProfiles_3_0(List<String> queries); + protected static final Version[] VERSIONS = new Version[] { VersionUtil.valueOf("1.0"), VersionUtil.valueOf("1.1"), @@ -501,6 +503,8 @@ addObsDebToContacts_3_0(queries); + addTokensToUserProfiles_3_0(queries); + String[] strings = queries.toArray(new String[queries.size()]); executeSQL(tx, showSql, showProgression, strings); } Modified: trunk/wao-business/src/main/java/fr/ifremer/wao/bean/ConnectedUserImpl.java =================================================================== --- trunk/wao-business/src/main/java/fr/ifremer/wao/bean/ConnectedUserImpl.java 2011-04-20 13:54:23 UTC (rev 1223) +++ trunk/wao-business/src/main/java/fr/ifremer/wao/bean/ConnectedUserImpl.java 2011-04-20 15:31:49 UTC (rev 1224) @@ -126,9 +126,8 @@ } @Override - public String getTokenId() { - - // TODO sletellier 20110413 : change this with a real tokenid - return getUser().getPassword(); + public String getToken() { + String token = getProfile().getToken(); + return token; } } Modified: trunk/wao-business/src/main/java/fr/ifremer/wao/entity/UserProfileImpl.java =================================================================== --- trunk/wao-business/src/main/java/fr/ifremer/wao/entity/UserProfileImpl.java 2011-04-20 13:54:23 UTC (rev 1223) +++ trunk/wao-business/src/main/java/fr/ifremer/wao/entity/UserProfileImpl.java 2011-04-20 15:31:49 UTC (rev 1224) @@ -24,13 +24,19 @@ import fr.ifremer.wao.bean.ObsProgram; import fr.ifremer.wao.bean.UserRole; +import java.util.UUID; + import static org.nuiton.i18n.I18n.n_; public class UserProfileImpl extends UserProfileAbstract { - public UserProfileImpl() {} + public UserProfileImpl() { + String newToken = UUID.randomUUID().toString(); + setToken(newToken); + } public UserProfileImpl(ObsProgram obsProgram, UserRole userRole, boolean canWrite) { + this(); setObsProgram(obsProgram); setUserRole(userRole); setCanWrite(canWrite); Modified: trunk/wao-business/src/main/java/fr/ifremer/wao/entity/WaoUserDAOImpl.java =================================================================== --- trunk/wao-business/src/main/java/fr/ifremer/wao/entity/WaoUserDAOImpl.java 2011-04-20 13:54:23 UTC (rev 1223) +++ trunk/wao-business/src/main/java/fr/ifremer/wao/entity/WaoUserDAOImpl.java 2011-04-20 15:31:49 UTC (rev 1224) @@ -35,4 +35,13 @@ return (List<WaoUser>) findAllByQuery(query); } + + /** Given a profile, return the user who own this profile */ + @Override + public WaoUser findByProfile(UserProfile userProfile) throws TopiaException { + TopiaQuery query = createQuery(); + query.addInElements(":aUserProfile", WaoUser.PROPERTY_USER_PROFILE); + query.addParam("aUserProfile", userProfile); + return findByQuery(query); + } } Modified: trunk/wao-business/src/main/java/fr/ifremer/wao/service/ServiceUserImpl.java =================================================================== --- trunk/wao-business/src/main/java/fr/ifremer/wao/service/ServiceUserImpl.java 2011-04-20 13:54:23 UTC (rev 1223) +++ trunk/wao-business/src/main/java/fr/ifremer/wao/service/ServiceUserImpl.java 2011-04-20 15:31:49 UTC (rev 1224) @@ -44,13 +44,13 @@ import fr.ifremer.wao.entity.SampleRow; import fr.ifremer.wao.entity.SampleRowLog; import fr.ifremer.wao.entity.SampleRowLogDAO; -import fr.ifremer.wao.entity.TargetSpeciesDCF; import fr.ifremer.wao.entity.UserProfile; import fr.ifremer.wao.entity.UserProfileDAO; import fr.ifremer.wao.entity.UserProfileImpl; import fr.ifremer.wao.entity.WaoUser; import fr.ifremer.wao.entity.WaoUserDAO; import fr.ifremer.wao.entity.WaoUserImpl; +import org.apache.commons.lang.StringUtils; import org.apache.commons.mail.EmailException; import org.nuiton.topia.TopiaContext; import org.nuiton.topia.TopiaException; @@ -63,6 +63,7 @@ import java.util.Collection; import java.util.LinkedList; import java.util.List; +import java.util.UUID; /** * ServiceUserImpl @@ -546,33 +547,50 @@ } @Override - protected ConnectedUser executeGetConnectedUserByToken(TopiaContext transaction, String tokenId) throws Exception { - WaoUserDAO waoUserDAO = WaoDAOHelper.getWaoUserDAO(transaction); + protected ConnectedUser executeGetConnectedUserByToken(TopiaContext transaction, String token) throws Exception { - // TODO sletellier 20110413 : change this with a real tokenid - WaoUser user = waoUserDAO.findByPassword(tokenId); + if (StringUtils.isBlank(token)) { + throw new IllegalArgumentException("a valid token must be provided"); + } - if (user == null) { - throw new IllegalArgumentException("tokenId is not valid"); + UserProfileDAO userProfileDAO = WaoDAOHelper.getUserProfileDAO(transaction); + UserProfile userProfile = userProfileDAO.findByToken(token); + + if (userProfile == null) { + if (log.isWarnEnabled()) { + log.warn("user attempt to use an invalid token : " + token); + } + throw new IllegalArgumentException("token '" + token + "' is not a valid token"); } + WaoUserDAO waoUserDAO = WaoDAOHelper.getWaoUserDAO(transaction); + WaoUser user = waoUserDAO.findByProfile(userProfile); + + if ( ! user.isActive()) { + throw new WaoBusinessException("user " + user.getFullName() + + " is not allowed to auth with token since user is inactive"); + } + ConnectedUserImpl result = new ConnectedUserImpl(); result.setUser(user); + result.setProfile(userProfile); - // Determine role for this one - if (user.hasUserRole(UserRole.COORDINATOR, ObsProgram.OBSDEB) || - user.hasUserRole(UserRole.OBSERVER, ObsProgram.OBSDEB)) { - // as coordinator, auth as observer - UserProfile userProfile = new UserProfileImpl(ObsProgram.OBSDEB, UserRole.OBSERVER, false); - result.setProfile(userProfile); - } else { - throw new IllegalArgumentException("User " + user.getLogin() + " is not allowed to use tokenId"); - } - // force load user.getCompany(); return result; } + + @Override + protected void executeAddTokensToAllProfiles(TopiaContext transaction) throws Exception { + UserProfileDAO userProfileDAO = WaoDAOHelper.getUserProfileDAO(transaction); + List<UserProfile> profilesMissingToken = userProfileDAO.findAllByToken(null); + for (UserProfile userProfile : profilesMissingToken) { + String newToken = UUID.randomUUID().toString(); + userProfile.setToken(newToken); + userProfileDAO.update(userProfile); + } + transaction.commitTransaction(); + } } Modified: trunk/wao-business/src/main/resources/i18n/wao-business_en_GB.properties =================================================================== --- trunk/wao-business/src/main/resources/i18n/wao-business_en_GB.properties 2011-04-20 13:54:23 UTC (rev 1223) +++ trunk/wao-business/src/main/resources/i18n/wao-business_en_GB.properties 2011-04-20 15:31:49 UTC (rev 1224) @@ -229,6 +229,7 @@ wao.error.serviceSynthesis.getGlobalSynthesisResult= wao.error.serviceSynthesis.getNonComplianceBoardingIndicator= wao.error.serviceSynthesis.updateGlobalSynthesisParameters=Unable to update global synthesis parameters +wao.error.serviceUser.addTokensToAllProfiles= wao.error.serviceUser.connect= wao.error.serviceUser.createDefaultAdmin= wao.error.serviceUser.createUpdateCompany= Modified: trunk/wao-business/src/main/resources/i18n/wao-business_fr_FR.properties =================================================================== --- trunk/wao-business/src/main/resources/i18n/wao-business_fr_FR.properties 2011-04-20 13:54:23 UTC (rev 1223) +++ trunk/wao-business/src/main/resources/i18n/wao-business_fr_FR.properties 2011-04-20 15:31:49 UTC (rev 1224) @@ -229,6 +229,7 @@ wao.error.serviceSynthesis.getGlobalSynthesisResult= wao.error.serviceSynthesis.getNonComplianceBoardingIndicator=Impossible de r\u00E9cup\u00E9rer l'indicateur de non respect du nombre d'observateurs embarqu\u00E9s wao.error.serviceSynthesis.updateGlobalSynthesisParameters=Impossible de mettre \u00E0 jour les param\u00E8tres de la synth\u00E8se globale +wao.error.serviceUser.addTokensToAllProfiles= wao.error.serviceUser.connect=Une erreur est survenue lors de la demande de connexion wao.error.serviceUser.createDefaultAdmin=Impossible de cr\u00E9er l'administrateur par d\u00E9faut wao.error.serviceUser.createUpdateCompany=Impossible de cr\u00E9er ou de mettre \u00E0 jour la soci\u00E9t\u00E9 Modified: trunk/wao-business/src/main/xmi/wao.zargo =================================================================== (Binary files differ) Modified: trunk/wao-business/src/test/java/fr/ifremer/wao/service/ObsDebFixtures.java =================================================================== --- trunk/wao-business/src/test/java/fr/ifremer/wao/service/ObsDebFixtures.java 2011-04-20 13:54:23 UTC (rev 1223) +++ trunk/wao-business/src/test/java/fr/ifremer/wao/service/ObsDebFixtures.java 2011-04-20 15:31:49 UTC (rev 1224) @@ -24,6 +24,8 @@ protected Company ifremer; protected Boat moise; + protected boolean boatsImported; + protected static final String CSV_CONTENT = "PLAN_CODE;SOCIETE;REGION_IFREMER_COD;OBSERVATEUR_COD;OBSERVATION_DATE;UNITE_OBSERVATION_COD;OBSERVATEURS\n" + "2011_888;Ifremer;GA;OBS1;05/01/2010;UO007;\n" @@ -58,12 +60,36 @@ return ifremer; } + protected void importBoats() { + if ( ! boatsImported) { + ServiceBoat serviceBoat = manager.getServiceBoat(); + InputStream input = getClass().getResourceAsStream("/import/navires.csv"); + try { + serviceBoat.importBoatCsv(input); + } catch (WaoBusinessException e) { + throw new RuntimeException(e); + } + } + } + + public Boat samourai() { + if (moise == null) { + importBoats(); + ServiceBoat serviceBoat = manager.getServiceBoat(); + try { + moise = serviceBoat.getBoat(174258); + } catch (WaoBusinessException e) { + throw new RuntimeException(e); + } + } + return moise; + } + public Boat moise() { if (moise == null) { + importBoats(); ServiceBoat serviceBoat = manager.getServiceBoat(); - InputStream input = getClass().getResourceAsStream("/import/navires.csv"); try { - serviceBoat.importBoatCsv(input); moise = serviceBoat.getBoat(273129); } catch (WaoBusinessException e) { throw new RuntimeException(e); @@ -81,31 +107,40 @@ josh.setPassword(manager.getContext().encodeString("mdp")); josh.setActive(true); josh.setCompany(codeLutin()); + UserProfile adminProfile = new UserProfileImpl(ObsProgram.OBSDEB, UserRole.ADMIN, true); + UserProfile coordinatorProfile = new UserProfileImpl(ObsProgram.OBSDEB, UserRole.COORDINATOR, true); + UserProfile observerProfile = new UserProfileImpl(ObsProgram.OBSDEB, UserRole.OBSERVER, true); + josh.addUserProfile(adminProfile); + josh.addUserProfile(coordinatorProfile); + josh.addUserProfile(observerProfile); manager.getServiceUser().createUpdateUser(josh, false); josh.setPassword("mdp"); } return josh; } - public ConnectedUser joshAsAdministrator() throws WaoBusinessException { - UserProfile userProfile = new UserProfileImpl(ObsProgram.OBSDEB, UserRole.ADMIN, true); + protected ConnectedUser joshAs(UserRole userRole) throws WaoBusinessException { + // first, log in as josh ConnectedUser connectedUser = manager.getServiceUser().connect(josh().getLogin(), josh().getPassword()); - connectedUser.setProfile(userProfile); + // then choose profile + for (UserProfile userProfile : josh().getUserProfile()) { + if (userProfile.getUserRole() == userRole) { + connectedUser.setProfile(userProfile); + } + } return connectedUser; } + public ConnectedUser joshAsAdministrator() throws WaoBusinessException { + return joshAs(UserRole.ADMIN); + } + public ConnectedUser joshAsCoordinator() throws WaoBusinessException { - UserProfile userProfile = new UserProfileImpl(ObsProgram.OBSDEB, UserRole.COORDINATOR, true); - ConnectedUser connectedUser = manager.getServiceUser().connect(josh().getLogin(), josh().getPassword()); - connectedUser.setProfile(userProfile); - return connectedUser; + return joshAs(UserRole.COORDINATOR); } public ConnectedUser joshAsObserver() throws WaoBusinessException { - UserProfile userProfile = new UserProfileImpl(ObsProgram.OBSDEB, UserRole.OBSERVER, true); - ConnectedUser connectedUser = manager.getServiceUser().connect(josh().getLogin(), josh().getPassword()); - connectedUser.setProfile(userProfile); - return connectedUser; + return joshAs(UserRole.OBSERVER); } public String initialSamplingPlanCSV() { Modified: trunk/wao-business/src/test/java/fr/ifremer/wao/service/ObsDebTest.java =================================================================== --- trunk/wao-business/src/test/java/fr/ifremer/wao/service/ObsDebTest.java 2011-04-20 13:54:23 UTC (rev 1223) +++ trunk/wao-business/src/test/java/fr/ifremer/wao/service/ObsDebTest.java 2011-04-20 15:31:49 UTC (rev 1224) @@ -25,6 +25,7 @@ import fr.ifremer.wao.AbstractServiceTest; import fr.ifremer.wao.WaoBusinessException; +import fr.ifremer.wao.bean.ConnectedUser; import fr.ifremer.wao.bean.SamplingFilter; import fr.ifremer.wao.bean.SamplingFilterValues; import fr.ifremer.wao.bean.ValidationResult; @@ -314,8 +315,11 @@ coordinatorCanAddObserversViaImport(); manager.setCurrentDate(DateUtil.createDate(10, 2, 2010)); - InputStream in = serviceSampling.exportSamplingPlanICalendar(fixtures.joshAsObserver()); + String joshAsObserverToken = fixtures.joshAsObserver().getToken(); + ConnectedUser joshAsObserver = serviceUser.getConnectedUserByToken(joshAsObserverToken); + InputStream in = serviceSampling.exportSamplingPlanICalendar(joshAsObserver); + String result = IOUtils.toString(in); if (log.isDebugEnabled()) { log.debug("exported iCal for observer is " + result); @@ -372,5 +376,11 @@ Assert.assertNotNull("service must have save the data given by observer", contact.getTerrestrialLocation()); Assert.assertNotNull("service must have save the data given by observer", contact.getObservationBeginDate()); Assert.assertNotNull("service must have save the data given by observer", contact.getObservationEndDate()); + + // now, i want to create another contact because, at the same + // day, and the same time, i've seen another boat + contact = serviceContact.getNewContact(fixtures.joshAsObserver(), row, fixtures.samourai()); + Assert.assertNotNull("service must have pre filled field", contact.getObservationEndDate()); + Assert.assertNotNull("service must have pre filled field", contact.getTerrestrialLocation()); } } Modified: trunk/wao-business/src/test/java/fr/ifremer/wao/service/ServiceUserImplTest.java =================================================================== --- trunk/wao-business/src/test/java/fr/ifremer/wao/service/ServiceUserImplTest.java 2011-04-20 13:54:23 UTC (rev 1223) +++ trunk/wao-business/src/test/java/fr/ifremer/wao/service/ServiceUserImplTest.java 2011-04-20 15:31:49 UTC (rev 1224) @@ -36,11 +36,13 @@ import fr.ifremer.wao.entity.UserProfileImpl; import fr.ifremer.wao.entity.WaoUser; import fr.ifremer.wao.entity.WaoUserImpl; +import org.apache.commons.lang.StringUtils; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.nuiton.topia.TopiaContext; import org.nuiton.topia.TopiaException; +import org.nuiton.util.StringUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -111,6 +113,11 @@ Assert.assertNotNull(userFound); Assert.assertEquals(1, userFound.getUserProfile().size()); + // check that user has a token + for (UserProfile userProfile : user.getUserProfile()) { + Assert.assertTrue("all profiles must have a token", StringUtils.isNotBlank(userProfile.getToken())); + } + // check that creating two user with the same login is not allowed try { user = new WaoUserImpl(); Modified: trunk/wao-ui/src/main/webapp/ObsDebSamplingPlan.tml =================================================================== --- trunk/wao-ui/src/main/webapp/ObsDebSamplingPlan.tml 2011-04-20 13:54:23 UTC (rev 1223) +++ trunk/wao-ui/src/main/webapp/ObsDebSamplingPlan.tml 2011-04-20 15:31:49 UTC (rev 1224) @@ -46,7 +46,7 @@ </t:unless> <t:unless test="connectedUser.admin"> <li> - <a t:type="pagelink" t:page="roadMap" t:context="connectedUser.tokenId"> + <a t:type="pagelink" t:page="roadMap" t:context="connectedUser.token"> ${message:wao.ui.misc.iCalendarExport} </a> </li>