From 65d5257d0c3273894505c48fa56005aa211fb696 Mon Sep 17 00:00:00 2001 From: sdimi98 Date: Wed, 20 Mar 2024 01:08:26 +0200 Subject: [PATCH] Error handling for user. --- .../controllers/mvc/UserMvcController.java | 151 +++++++++++++----- .../services/UserServiceImpl.java | 10 +- .../utils/AuthenticationHelper.java | 2 +- 3 files changed, 112 insertions(+), 51 deletions(-) diff --git a/src/main/java/com/telerikacademy/web/virtualwallet/controllers/mvc/UserMvcController.java b/src/main/java/com/telerikacademy/web/virtualwallet/controllers/mvc/UserMvcController.java index 96d684b..70a6cdb 100644 --- a/src/main/java/com/telerikacademy/web/virtualwallet/controllers/mvc/UserMvcController.java +++ b/src/main/java/com/telerikacademy/web/virtualwallet/controllers/mvc/UserMvcController.java @@ -1,9 +1,6 @@ package com.telerikacademy.web.virtualwallet.controllers.mvc; -import com.telerikacademy.web.virtualwallet.exceptions.AuthenticationException; -import com.telerikacademy.web.virtualwallet.exceptions.EntityNotFoundException; -import com.telerikacademy.web.virtualwallet.exceptions.InvalidFileException; -import com.telerikacademy.web.virtualwallet.exceptions.TransactionsNotFoundException; +import com.telerikacademy.web.virtualwallet.exceptions.*; import com.telerikacademy.web.virtualwallet.filters.TransactionFilterOptions; import com.telerikacademy.web.virtualwallet.filters.UserFilterOptions; import com.telerikacademy.web.virtualwallet.filters.dtos.TransactionFilterDto; @@ -30,6 +27,7 @@ import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; +import org.springframework.web.servlet.mvc.support.RedirectAttributes; import java.io.IOException; import java.util.List; @@ -38,6 +36,7 @@ @RequestMapping("/users") public class UserMvcController { + public static final String AUTHORIZATION_ERR = "You are not authorized to perform this action."; private final ProfilePhotoMapper profilePhotoMapper; private final CloudinaryHelper cloudinaryHelper; @@ -93,51 +92,97 @@ public String requestURI(final HttpServletRequest request) { @GetMapping public String showAllUsers(Model model , HttpSession session - , @ModelAttribute("userFilterOptionsDto") UserFilterOptionsDto filterDto) { - User user = authenticationHelper.tryGetCurrentUser(session); - UserFilterOptions userFilterOptions = userFilterOptionsMapper.fromDto(filterDto); - model.addAttribute("allUsers", userService.getAll(userFilterOptions, user)); - return "UsersView"; + , @ModelAttribute("userFilterOptionsDto") UserFilterOptionsDto filterDto + , RedirectAttributes redirectAttributes) { + try { + User user = authenticationHelper.tryGetCurrentUser(session); + UserFilterOptions userFilterOptions = userFilterOptionsMapper.fromDto(filterDto); + model.addAttribute("allUsers", userService.getAll(userFilterOptions, user)); + return "UsersView"; + } catch (AuthenticationException e) { + return "redirect:/auth/login"; + } + catch (AuthorizationException e) { + redirectAttributes.addFlashAttribute("error", e.getMessage()); + return "redirect:/"; + } } @GetMapping("/{username}") public String showUserPage(@PathVariable String username, Model model, HttpSession session) { - User currentUser = authenticationHelper.tryGetCurrentUser(session); - User viewedUser = userService.getByUsername(username); - boolean isBlocked = userService.isBlocked(viewedUser); - List userJoinWallets = joinWalletService.getAllByUser(viewedUser); - model.addAttribute("isBlocked", isBlocked); - model.addAttribute("viewedUser", viewedUser); - model.addAttribute("userJoinWallets",userJoinWallets); - model.addAttribute("currentUser", currentUser); - return "UserView"; + try { + User currentUser = authenticationHelper.tryGetCurrentUser(session); + User viewedUser = userService.getByUsername(username); + boolean isBlocked = userService.isBlocked(viewedUser); + List userJoinWallets = joinWalletService.getAllByUser(viewedUser); + model.addAttribute("isBlocked", isBlocked); + model.addAttribute("viewedUser", viewedUser); + model.addAttribute("userJoinWallets",userJoinWallets); + model.addAttribute("currentUser", currentUser); + return "UserView"; + } catch (AuthenticationException e) { + return "redirect:/auth/login"; + } } @GetMapping("/{username}/update") - public String showUpdatePage(@PathVariable String username, Model model, HttpSession session) { - User loggedInUser = authenticationHelper.tryGetCurrentUser(session); - User userToBeUpdated = userService.getByUsername(username); - UserUpdateDto userDto = userUpdateMapper.toDto(userToBeUpdated); - model.addAttribute("userUpdateDto", userDto); - return "UserUpdateView"; + public String showUpdatePage(@PathVariable String username, Model model, HttpSession session, RedirectAttributes redirectAttributes) { + try { + User loggedInUser = authenticationHelper.tryGetCurrentUser(session); + User userToBeUpdated = userService.getByUsername(username); + if (!loggedInUser.equals(userToBeUpdated)){ + throw new AuthorizationException(AUTHORIZATION_ERR); + } + UserUpdateDto userDto = userUpdateMapper.toDto(userToBeUpdated); + model.addAttribute("userUpdateDto", userDto); + return "UserUpdateView"; + } catch (AuthenticationException e) { + return "redirect:/auth/login"; + } + catch (AuthorizationException e) { + redirectAttributes.addFlashAttribute("error", e.getMessage()); + return "redirect:/"; + } } @GetMapping("/{username}/changeProfilePhoto") - public String showChangeProfilePhoto(@PathVariable String username, Model model, HttpSession session) { - User loggedInUser = authenticationHelper.tryGetCurrentUser(session); - User userToBeUpdated = userService.getByUsername(username); - UserProfilePhotoDto userProfilePhotoDto = new UserProfilePhotoDto(); - model.addAttribute("userProfilePhotoDto", userProfilePhotoDto); - return "UserProfilePhotoUpdateView"; + public String showChangeProfilePhoto(@PathVariable String username, Model model, HttpSession session,RedirectAttributes redirectAttributes) { + try { + User loggedInUser = authenticationHelper.tryGetCurrentUser(session); + User userToBeUpdated = userService.getByUsername(username); + if (!loggedInUser.equals(userToBeUpdated)){ + throw new AuthorizationException(AUTHORIZATION_ERR); + } + UserProfilePhotoDto userProfilePhotoDto = new UserProfilePhotoDto(); + model.addAttribute("userProfilePhotoDto", userProfilePhotoDto); + return "UserProfilePhotoUpdateView"; + } catch (AuthenticationException e) { + return "redirect:/auth/login"; + } + catch (AuthorizationException e) { + redirectAttributes.addFlashAttribute("error", e.getMessage()); + return "redirect:/"; + } } @GetMapping("/{username}/changePassword") - public String showChangePassword(@PathVariable String username, Model model, HttpSession session) { - User loggedInUser = authenticationHelper.tryGetCurrentUser(session); - User userToBeUpdated = userService.getByUsername(username); - UserPasswordDto userPasswordDto = new UserPasswordDto(); - model.addAttribute("userPasswordDto", userPasswordDto); - return "UserPasswordUpdateView"; + public String showChangePassword(@PathVariable String username, Model model, HttpSession session, RedirectAttributes redirectAttributes) { + try { + User loggedInUser = authenticationHelper.tryGetCurrentUser(session); + User userToBeUpdated = userService.getByUsername(username); + if (!loggedInUser.equals(userToBeUpdated)){ + throw new AuthorizationException(AUTHORIZATION_ERR); + } + UserPasswordDto userPasswordDto = new UserPasswordDto(); + model.addAttribute("userPasswordDto", userPasswordDto); + return "UserPasswordUpdateView"; + } catch (AuthenticationException e) { + return "redirect:/auth/login"; + } + catch (AuthorizationException e) { + redirectAttributes.addFlashAttribute("error", e.getMessage()); + return "redirect:/"; + } } @PostMapping("/{username}/update") @@ -225,22 +270,40 @@ public String get(@ModelAttribute("transactionFilterOptions") TransactionFilterD @GetMapping("/{username}/block") public String block(@PathVariable String username , HttpSession session + ,RedirectAttributes redirectAttributes ) { - User loggedInUser = authenticationHelper.tryGetCurrentUser(session); - User viewedUser = userService.getByUsername(username); - userService.block(viewedUser.getId(),loggedInUser); - return "redirect:/users"; + try { + User loggedInUser = authenticationHelper.tryGetCurrentUser(session); + User viewedUser = userService.getByUsername(username); + userService.block(viewedUser.getId(),loggedInUser); + return "redirect:/users"; + } catch (AuthenticationException e) { + return "redirect:/auth/login"; + } + catch (AuthorizationException e) { + redirectAttributes.addFlashAttribute("error", e.getMessage()); + return "redirect:/"; + } } @GetMapping("/{username}/unblock") public String unblock(@PathVariable String username , HttpSession session + , RedirectAttributes redirectAttributes ) { - User loggedInUser = authenticationHelper.tryGetCurrentUser(session); - User viewedUser = userService.getByUsername(username); - userService.unblock(viewedUser.getId(),loggedInUser); - return "redirect:/users"; + try { + User loggedInUser = authenticationHelper.tryGetCurrentUser(session); + User viewedUser = userService.getByUsername(username); + userService.unblock(viewedUser.getId(),loggedInUser); + return "redirect:/users"; + } catch (AuthenticationException e) { + return "redirect:/auth/login"; + } + catch (AuthorizationException e) { + redirectAttributes.addFlashAttribute("error", e.getMessage()); + return "redirect:/"; + } } } diff --git a/src/main/java/com/telerikacademy/web/virtualwallet/services/UserServiceImpl.java b/src/main/java/com/telerikacademy/web/virtualwallet/services/UserServiceImpl.java index d6ad279..aceb776 100644 --- a/src/main/java/com/telerikacademy/web/virtualwallet/services/UserServiceImpl.java +++ b/src/main/java/com/telerikacademy/web/virtualwallet/services/UserServiceImpl.java @@ -22,9 +22,7 @@ @Service public class UserServiceImpl implements UserService { - private static final String MODIFY_USER_ERROR_MESSAGE = "Only admin or account holder can modify a user."; - public static final String BLOCK_UNBLOCK_PERMISSIONS_ERR = "Only admins are allowed to block or unblock users."; - public static final String GETALL_AUTH_ERR = "Only admins are allowed to view all users."; + private static final String MODIFY_USER_ERROR_MESSAGE = "You are not authorized to perform this action"; public static final String DEFAULT_PROFILE_SRC_PATH = "./src/main/resources/static/images/default_profile.jpg"; private final UserRepository userRepository; private final ProfilePhotoRepository profilePhotoRepository; @@ -77,7 +75,7 @@ public User getByPhoneNumber(String phoneNumber) { @Override public List getAll(UserFilterOptions userFilterOptions,User user) { if (!isAdmin(user)){ - throw new AuthorizationException(GETALL_AUTH_ERR); + throw new AuthorizationException(MODIFY_USER_ERROR_MESSAGE); } return userRepository.getAllUsersFiltered(userFilterOptions); } @@ -119,7 +117,7 @@ public void delete(int id, User user) { @Override public void block(int userId, User admin) { - checkAdmin(admin,BLOCK_UNBLOCK_PERMISSIONS_ERR); + checkAdmin(admin,MODIFY_USER_ERROR_MESSAGE); User userToBeBlocked = userRepository.getById(userId); userToBeBlocked.getUserRoles().add(roleRepository.getByField("roleType", UserRole.blocked.toString())); userRepository.update(userToBeBlocked); @@ -128,7 +126,7 @@ public void block(int userId, User admin) { @Override public void unblock(int userId, User admin) { - checkAdmin(admin,BLOCK_UNBLOCK_PERMISSIONS_ERR); + checkAdmin(admin,MODIFY_USER_ERROR_MESSAGE); User userToBeUnBlocked = userRepository.getById(userId); userToBeUnBlocked.getUserRoles().remove(roleRepository.getByField("roleType", UserRole.blocked.toString())); userRepository.update(userToBeUnBlocked); diff --git a/src/main/java/com/telerikacademy/web/virtualwallet/utils/AuthenticationHelper.java b/src/main/java/com/telerikacademy/web/virtualwallet/utils/AuthenticationHelper.java index 523f0cf..a3f2dec 100644 --- a/src/main/java/com/telerikacademy/web/virtualwallet/utils/AuthenticationHelper.java +++ b/src/main/java/com/telerikacademy/web/virtualwallet/utils/AuthenticationHelper.java @@ -12,7 +12,7 @@ @Component public class AuthenticationHelper { private static final String AUTHENTICATION_HEADER_NAME = "Authentication"; - private static final String INVALID_AUTHENTICATION_ERROR = "Invalid authentication."; + private static final String INVALID_AUTHENTICATION_ERROR = "Invalid username or password."; private final HttpHeaders headers = new HttpHeaders(); private final UserService userService;