diff --git a/src/main/groovy/com/jdbernard/nlsongs/model/UserCredentials.groovy b/src/main/groovy/com/jdbernard/nlsongs/model/UserCredentials.groovy new file mode 100644 index 0000000..a01ef5a --- /dev/null +++ b/src/main/groovy/com/jdbernard/nlsongs/model/UserCredentials.groovy @@ -0,0 +1,6 @@ +package com.jdbernard.nlsongs.model + +public class UserCredentials { + String username + String password +} diff --git a/src/main/groovy/com/jdbernard/nlsongs/rest/UsersResource.java b/src/main/groovy/com/jdbernard/nlsongs/rest/UsersResource.java index ef7d096..1a1e92e 100644 --- a/src/main/groovy/com/jdbernard/nlsongs/rest/UsersResource.java +++ b/src/main/groovy/com/jdbernard/nlsongs/rest/UsersResource.java @@ -19,8 +19,11 @@ import javax.ws.rs.core.SecurityContext; import com.jdbernard.nlsongs.servlet.NLSongsContext; import com.jdbernard.nlsongs.model.User; +import com.jdbernard.nlsongs.model.UserCredentials; import com.jdbernard.nlsongs.model.Token; +import static javax.ws.rs.core.Response.Status.*; + @Path("v1/users") @AllowCors @PermitAll @Produces({MediaType.APPLICATION_JSON}) @Consumes({MediaType.APPLICATION_JSON}) @@ -47,7 +50,7 @@ public class UsersResource { return Response.ok( NLSongsContext.songsDB.findUser(username)).build(); } - else return Response.status(Response.Status.FORBIDDEN).build(); } + else return Response.status(FORBIDDEN).build(); } @PUT @Path("/{username}") @@ -62,7 +65,7 @@ public class UsersResource { return Response.ok(user).build(); } - else return Response.status(Response.Status.FORBIDDEN).build(); } + else return Response.status(FORBIDDEN).build(); } @DELETE @Path("/{username}") public Response deleteUser(@PathParam("username") String username) { @@ -73,11 +76,36 @@ public class UsersResource { secCtx.isUserInRole("admin")) { User user = NLSongsContext.songsDB.findUser(username); - + if (user != null) NLSongsContext.songsDB.delete(user); return Response.ok(user).build(); } - else return Response.status(Response.Status.FORBIDDEN).build(); } + else return Response.status(FORBIDDEN).build(); } + @POST @Path("/login") + public Response postLogin(UserCredentials cred) { + User user = NLSongsContext.songsDB.findUser(cred.getUsername()); + if (!user.checkPwd(cred.getPassword())) { + return Response.status(UNAUTHORIZED).build(); } + else { + // Look for a token already belonging to this user. + Token token = NLSongsContext.songsDB.findTokenForUser(user); + + // If there is no token, create a new one. + if (token == null) token = new Token(user); + + // If the token has expired, delete it and create a new one. + else if (token.getExpires().compareTo(new Date()) < 0) { + NLSongsContext.songsDB.delete(token); + token = new Token(user); } + + // If the token exists and is still good refresh it and keep using + // it. + else token.refresh(); + + // Save our updated token and return it. + NLSongsContext.songsDB.save(token); + + return Response.ok(token).build(); } } } diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml index 616c3ed..20ac127 100644 --- a/src/main/webapp/WEB-INF/web.xml +++ b/src/main/webapp/WEB-INF/web.xml @@ -1,6 +1,7 @@ + context.config.file