Invite stuff:

* Login after accepting invite * Allow accepting of invite with existing user * Minor auth validation stuff

Invite stuff:
* Login after accepting invite * Allow accepting of invite with existing user * Minor auth validation stuff
Tuomas Riihimäki
Commit 1edf8ff4 authored Apr 28, 2014 by Tuomas Riihimäki
Showing with 144 additions and 15 deletions
code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/UserBean.java
code/MoyaBeansClient/ejbModule/fi/codecrew/moya/beans/UserBeanLocal.java
code/MoyaWeb/WebContent/user/acceptInvite.xhtml
code/MoyaWeb/WebContent/user/invite.xhtml
code/MoyaWeb/src/fi/codecrew/moya/resources/i18n.properties
code/MoyaWeb/src/fi/codecrew/moya/resources/i18n_en.properties
code/MoyaWeb/src/fi/codecrew/moya/resources/i18n_fi.properties
code/MoyaWeb/src/fi/codecrew/moya/web/ErrorPageView.java
code/MoyaWeb/src/fi/codecrew/moya/web/cdiview/shop/InviteAcceptView.java
code/MoyaWeb/src/fi/codecrew/moya/web/cdiview/shop/InviteView.java
--- a/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/UserBean.java
+++ b/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/UserBean.java
@@ -493,7 +493,9 @@ public class UserBean implements UserBeanLocal {
 		MailMessage msg = new MailMessage();
 		msg.setSubject(eventBean.getPropertyString(LanEventPropertyKey.INVITEMAIL_SUBJECT));
-		msg.setMessage(MessageFormat.format(eventBean.getPropertyString(LanEventPropertyKey.INVITEMAIL_CONTENT), MessageFormat.format(url, token), creator.getUser().getWholeName()));
+		String formatUrl = MessageFormat.format(url, token);
+		logger.info("Sending invite url {}", formatUrl);
+		msg.setMessage(MessageFormat.format(eventBean.getPropertyString(LanEventPropertyKey.INVITEMAIL_CONTENT), formatUrl, creator.getUser().getWholeName()));
 		msg.setToAddress(invitemail);
 		utilbean.sendMail(msg);
 		return true;
@@ -507,13 +509,35 @@ public class UserBean implements UserBeanLocal {
 	@Override
 	@PermitAll
-	public void createFromToken(EventUser user, String token) {
+	public EventUser acceptInviteForExistingUser(String username, String password, String token) {
 		GroupMembership gm = findToken(token);
+		if (gm == null || gm.getUser() != null || gm.getInviteAccepted() != null) {
+			return null;
+		}
+		User u = userFacade.findByLogin(username);
+		EventUser eu = this.getEventUser(u, true);
+		gm.setUser(eu);
+		gm.setInviteAccepted(Calendar.getInstance());
+		return eu;
+	}
+	@Override
+	@PermitAll
+	public boolean createFromInviteToken(EventUser user, String token) {
+		GroupMembership gm = findToken(token);
+		// Check that invite has not already been accepted!
+		if (gm == null || gm.getUser() != null || gm.getInviteAccepted() != null) {
+			return false;
+		}
 		user.setEvent(eventBean.getCurrentEvent());
 		gm.setUser(user);
 		gm.setInviteAccepted(Calendar.getInstance());
 		eventUserFacade.create(user);
+		return true;
 	}
 	// private void jaiCrop()
@@ -885,4 +909,5 @@ public class UserBean implements UserBeanLocal {
 		return eventUserFacade.getOtherOrganisationsEventuser(user, event);
 	}
 }
\ No newline at end of file
--- a/code/MoyaBeansClient/ejbModule/fi/codecrew/moya/beans/UserBeanLocal.java
+++ b/code/MoyaBeansClient/ejbModule/fi/codecrew/moya/beans/UserBeanLocal.java
@@ -57,7 +57,9 @@ public interface UserBeanLocal {
 	GroupMembership findToken(String token);
-	void createFromToken(EventUser user, String token);
+	boolean createFromInviteToken(EventUser user, String token);
+	EventUser acceptInviteForExistingUser(String username, String password, String token);
 	UserImage findUserimageFORCE(Integer id);

--- a/code/MoyaWeb/WebContent/user/acceptInvite.xhtml
+++ b/code/MoyaWeb/WebContent/user/acceptInvite.xhtml
@@ -16,12 +16,25 @@
 		</ui:define>
 		<ui:define name="content">
 			<ui:fragment rendered="#{!inviteAcceptView.done}">
+				<h2>
+					<h:outputText value="#{i18n['invite.existingUserHeader']}" />
+				</h2>
 				<h:form>
-					<p:inputText label="#{i18n['login.username']}" id="login" value="#{acceptInviteView.login}" />
+					<h:panelGrid columns="2">
-					<p:password label="#{i18n['login.password']}" id="pwd" value="#{acceptInviteView.password}" />
+						<h:outputLabel for="login" />
-					<p:commandButton id="submit" action="#{acceptInviteView.loginWithExisting}" ajax="false" value="#{i18n['login.submit']}" />
+						<p:inputText label="#{i18n['login.username']}" id="login" value="#{inviteAcceptView.username}" />
+						<h:outputLabel for="pwd" />
+						<p:password label="#{i18n['login.password']}" id="pwd" value="#{inviteAcceptView.password}" />
+					</h:panelGrid>
+					<p:commandButton id="submit" action="#{inviteAcceptView.loginWithExisting()}" ajax="false" value="#{i18n['login.submit']}" />
 				</h:form>
+				<h2>
+					<h:outputText value="#{i18n['invite.createNewUserHeader']}" />
+				</h2>
 				<users:create creating="true" commitaction="#{inviteAcceptView.createUser()}" commitvalue="#{i18n['user.create']}" />
 			</ui:fragment>
 		</ui:define>

--- a/code/MoyaWeb/WebContent/user/invite.xhtml
+++ b/code/MoyaWeb/WebContent/user/invite.xhtml
@@ -5,7 +5,9 @@
 	xmlns:f="http://java.sun.com/jsf/core" xmlns:c="http://java.sun.com/jsp/jstl/core">
 <h:body>
 	<ui:composition template="#{sessionHandler.template}">
+		<f:metadata>
+			<f:event type="preRenderView" listener="#{inviteView.initView}" />
+		</f:metadata>
 		<ui:define name="title">
 			<h1>#{i18n['user.page.invite']}</h1>
 		</ui:define>

--- a/code/MoyaWeb/src/fi/codecrew/moya/resources/i18n.properties
+++ b/code/MoyaWeb/src/fi/codecrew/moya/resources/i18n.properties
@@ -241,7 +241,7 @@ submenu.info.index          = Infon\u00E4kym\u00E4
 subnavi.cards = \u0009\u0009
 subnavi.info  = Info
-topnavi.license   = Lisenssikoodit
+topnavi.license = Lisenssikoodit
 user.cropImage                 = Crop
 user.imageUpload.imageNotFound = Select image to upload

--- a/code/MoyaWeb/src/fi/codecrew/moya/resources/i18n_en.properties
+++ b/code/MoyaWeb/src/fi/codecrew/moya/resources/i18n_en.properties
@@ -429,7 +429,9 @@ inventory.product.quantity     = Quantatity
 inventory.product.submitButton = Add
 inventory.product.title        = Add items to storage
+invite.createNewUserHeader   = Create new user
 invite.emailexists           = User with that email address already exists in the system.
+invite.existingUserHeader    = Login with existing username
 invite.notFound              = Invite invalid or already used
 invite.successfull           = Invite sent successfully
 invite.userCreateSuccessfull = User successfully created. You can now login.

--- a/code/MoyaWeb/src/fi/codecrew/moya/resources/i18n_fi.properties
+++ b/code/MoyaWeb/src/fi/codecrew/moya/resources/i18n_fi.properties
@@ -440,7 +440,9 @@ inventory.product.quantity     = M\u00E4\u00E4r\u00E4
 inventory.product.submitButton = Lis\u00E4\u00E4
 inventory.product.title        = Lis\u00E4\u00E4 tuottetta varastoon
+invite.createNewUserHeader   = Luo uusi k\u00E4ytt\u00E4j\u00E4tunnus
 invite.emailexists           = J\u00E4rjestelm\u00E4ss\u00E4 on jo k\u00E4ytt\u00E4j\u00E4tunnus samalla s\u00E4hk\u00F6postiosoitteella.
+invite.existingUserHeader    = Kirjaudu sis\u00E4\u00E4n olemassaolevalla tunnuksella
 invite.notFound              = Kutsu virheellinen tai jo k\u00E4ytetty.
 invite.successfull           = Kutsu l\u00E4hetetty
 invite.userCreateSuccessfull = K\u00E4ytt\u00E4j\u00E4tunnus luotu onnistuneesti. Voit nyt kirjautua sis\u00E4\u00E4n j\u00E4rjeselm\u00E4\u00E4n.

--- a/code/MoyaWeb/src/fi/codecrew/moya/web/ErrorPageView.java
+++ b/code/MoyaWeb/src/fi/codecrew/moya/web/ErrorPageView.java
@@ -4,7 +4,6 @@ import java.io.PrintWriter;
 import java.io.Serializable;
 import java.io.StringWriter;
 import java.util.Arrays;
-import java.util.Calendar;
 import java.util.Map;
 import java.util.zip.CRC32;
@@ -55,9 +54,8 @@ public class ErrorPageView implements Serializable {
 	public String getStackTraceHash() {
 		FacesContext context = FacesContext.getCurrentInstance();
-		Map requestMap = context.getExternalContext().getRequestMap();
+		Map<?, ?> requestMap = context.getExternalContext().getRequestMap();
-		Throwable ex =
+		Throwable ex = (Throwable) requestMap.get("javax.servlet.error.exception");
-				(Throwable) requestMap.get("javax.servlet.error.exception");
 		CRC32 stackHash = new CRC32();
 		stackHash.update(Arrays.toString(ex.getStackTrace()).getBytes());
@@ -66,7 +64,7 @@ public class ErrorPageView implements Serializable {
 	}
 	public String getTime() {
-		String stamp = "0x" + Long.toHexString(Calendar.getInstance().getTimeInMillis());
+		String stamp = "0x" + Long.toHexString(System.currentTimeMillis());
 		logger.error("Error occured at {} trail {}", stamp, getTrail());
 		return stamp;
 	}

--- a/code/MoyaWeb/src/fi/codecrew/moya/web/cdiview/shop/InviteAcceptView.java
+++ b/code/MoyaWeb/src/fi/codecrew/moya/web/cdiview/shop/InviteAcceptView.java
@@ -2,8 +2,15 @@ package fi.codecrew.moya.web.cdiview.shop;
 import javax.ejb.EJB;
 import javax.enterprise.context.ConversationScoped;
+import javax.faces.context.ExternalContext;
+import javax.faces.context.FacesContext;
 import javax.inject.Inject;
 import javax.inject.Named;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import fi.codecrew.moya.beans.UserBeanLocal;
 import fi.codecrew.moya.model.EventUser;
@@ -19,6 +26,8 @@ public class InviteAcceptView extends GenericCDIView {
 	private static final long serialVersionUID = 1972813452261491814L;
 	private String token;
+	private String username;
+	private String password;
 	@Inject
 	private UserView userview;
@@ -31,6 +40,8 @@ public class InviteAcceptView extends GenericCDIView {
 	private GroupMembership membership;
+	private static final Logger logger = LoggerFactory.getLogger(InviteAcceptView.class);
 	public void initView() {
 		if (membership == null) {
@@ -48,10 +59,57 @@ public class InviteAcceptView extends GenericCDIView {
 	}
+	private HttpServletRequest getRequest() {
+		FacesContext facesContext = FacesContext.getCurrentInstance();
+		ExternalContext externalContext = facesContext.getExternalContext();
+		Object request = externalContext.getRequest();
+		return request instanceof HttpServletRequest ? (HttpServletRequest) request : null;
+	}
+	public String loginWithExisting() {
+		EventUser eu = userbean.acceptInviteForExistingUser(username, password, token);
+		if (eu != null) {
+			login(username, password);
+		}
+		this.username = null;
+		this.password = null;
+		super.addFaceMessage("invite.userCreateSuccessfull");
+		return null;
+	}
+	private void login(String usr, String pwd) {
+		HttpServletRequest req = getRequest();
+		String existingUsername = null;
+		if (req.getUserPrincipal() != null) {
+			if (User.ANONYMOUS_LOGINNAME.equals(req.getUserPrincipal().getName())) {
+				try {
+					req.logout();
+				} catch (ServletException e) {
+					logger.warn("Logging out anonymous failed!", e);
+				}
+			} else {
+				existingUsername = req.getUserPrincipal().getName();
+			}
+		}
+		if (existingUsername == null) {
+			try {
+				req.login(usr, pwd);
+			} catch (ServletException e) {
+				logger.warn("Login failed for invite user " + usr, e);
+			}
+		}
+	}
 	public String createUser() {
 		user.getUser().resetPassword(userview.getPassword());
-		userbean.createFromToken(user, token);
+		if (userbean.createFromInviteToken(user, token)) {
+			login(user.getUser().getLogin(), userview.getPassword());
+		}
 		super.addFaceMessage("invite.userCreateSuccessfull");
 		done = true;
 		user = null;
@@ -81,4 +139,21 @@ public class InviteAcceptView extends GenericCDIView {
 	public void setDone(boolean done) {
 		this.done = done;
 	}
+	public String getUsername() {
+		return username;
+	}
+	public void setUsername(String username) {
+		this.username = username;
+	}
+	public String getPassword() {
+		return password;
+	}
+	public void setPassword(String password) {
+		this.password = password;
+	}
 }
--- a/code/MoyaWeb/src/fi/codecrew/moya/web/cdiview/shop/InviteView.java
+++ b/code/MoyaWeb/src/fi/codecrew/moya/web/cdiview/shop/InviteView.java
@@ -6,7 +6,11 @@ import javax.faces.context.ExternalContext;
 import javax.faces.context.FacesContext;
 import javax.inject.Named;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import fi.codecrew.moya.beans.UserBeanLocal;
+import fi.codecrew.moya.enums.apps.UserPermission;
 import fi.codecrew.moya.web.cdiview.GenericCDIView;
 @Named
@@ -20,6 +24,12 @@ public class InviteView extends GenericCDIView {
 	@EJB
 	private transient UserBeanLocal userbean;
+	private static final Logger logger = LoggerFactory.getLogger(InviteView.class);
+	public void initView() {
+		super.requirePermissions(UserPermission.INVITE_USERS);
+	}
 	public String invite() {
 		ExternalContext extcontext = FacesContext.getCurrentInstance().getExternalContext();
@@ -40,7 +50,6 @@ public class InviteView extends GenericCDIView {
 		path.append("/")
 				.append(FacesContext.getCurrentInstance().getExternalContext().getContextName())
 				.append("/user/acceptInvite.jsf?token={0}");
 		boolean ret = userbean.invite(invitemail, path.toString());
 		if (ret) {
 			this.addFaceMessage("invite.successfull");