Archives/Athou_commafeed
1
0
Fork 1
mirror of https://github.com/Athou/commafeed.git synced 2026-03-21 21:37:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

security revamp

Browse Source
This commit is contained in:
Athou
2014-08-08 21:57:16 +02:00
parent 9d070bd33c
commit c56c213da7
17 changed files with 209 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/main/java/com/commafeed/frontend/resource/UserREST.java
View File

@@ -1,6 +1,5 @@
package com.commafeed.frontend.resource;
import io.dropwizard.auth.Auth;
import io.dropwizard.hibernate.UnitOfWork;
import java.util.Arrays;
@@ -31,6 +30,7 @@ import com.commafeed.backend.model.UserSettings.ReadingOrder;
import com.commafeed.backend.model.UserSettings.ViewMode;
import com.commafeed.backend.service.PasswordEncryptionService;
import com.commafeed.backend.service.UserService;
import com.commafeed.frontend.auth.SecurityCheck;
import com.commafeed.frontend.model.Settings;
import com.commafeed.frontend.model.UserModel;
import com.commafeed.frontend.model.request.ProfileModificationRequest;
@@ -57,7 +57,7 @@ public class UserREST {
@GET
@UnitOfWork
@ApiOperation(value = "Retrieve user settings", notes = "Retrieve user settings", response = Settings.class)
public Response getSettings(@Auth User user) {
public Response getSettings(@SecurityCheck User user) {
Settings s = new Settings();
UserSettings settings = userSettingsDAO.findByUser(user);
if (settings != null) {
@@ -111,7 +111,7 @@ public class UserREST {
@POST
@UnitOfWork
@ApiOperation(value = "Save user settings", notes = "Save user settings")
public Response saveSettings(@Auth User user, @ApiParam(required = true) Settings settings) {
public Response saveSettings(@SecurityCheck User user, @ApiParam(required = true) Settings settings) {
Preconditions.checkNotNull(settings);
UserSettings s = userSettingsDAO.findByUser(user);
@@ -149,7 +149,7 @@ public class UserREST {
@GET
@UnitOfWork
@ApiOperation(value = "Retrieve user's profile", response = UserModel.class)
public Response get(@Auth User user) {
public Response get(@SecurityCheck User user) {
UserModel userModel = new UserModel();
userModel.setId(user.getId());
userModel.setName(user.getName());
@@ -168,7 +168,7 @@ public class UserREST {
@POST
@UnitOfWork
@ApiOperation(value = "Save user's profile")
public Response save(@Auth User user, @ApiParam(required = true) ProfileModificationRequest request) {
public Response save(@SecurityCheck User user, @ApiParam(required = true) ProfileModificationRequest request) {
Preconditions.checkArgument(StringUtils.isBlank(request.getPassword()) || request.getPassword().length() >= 6);
if (StringUtils.isNotBlank(request.getEmail())) {
User u = userDAO.findByEmail(request.getEmail());
@@ -210,7 +210,7 @@ public class UserREST {
@POST
@UnitOfWork
@ApiOperation(value = "Delete the user account")
public Response delete(@Auth User user) {
public Response delete(@SecurityCheck User user) {
if (CommaFeedApplication.USERNAME_ADMIN.equals(user.getName()) || CommaFeedApplication.USERNAME_DEMO.equals(user.getName())) {
return Response.status(Status.FORBIDDEN).build();
}