From e13bf171b180b76f9c4c4245ff9c2adbbe25ade6 Mon Sep 17 00:00:00 2001
From: Jonathan Bernard <jdb@jdb-labs.com>
Date: Sat, 7 Mar 2015 14:18:05 -0600
Subject: [PATCH] Added user login endpoint.

---
 .../nlsongs/model/UserCredentials.groovy      |  6 ++++
 .../jdbernard/nlsongs/rest/UsersResource.java | 36 ++++++++++++++++---
 src/main/webapp/WEB-INF/web.xml               |  1 +
 3 files changed, 39 insertions(+), 4 deletions(-)
 create mode 100644 src/main/groovy/com/jdbernard/nlsongs/model/UserCredentials.groovy

diff --git a/src/main/groovy/com/jdbernard/nlsongs/model/UserCredentials.groovy b/src/main/groovy/com/jdbernard/nlsongs/model/UserCredentials.groovy
new file mode 100644
index 0000000..a01ef5a
--- /dev/null
+++ b/src/main/groovy/com/jdbernard/nlsongs/model/UserCredentials.groovy
@@ -0,0 +1,6 @@
+package com.jdbernard.nlsongs.model
+
+public class UserCredentials {
+    String username
+    String password
+}
diff --git a/src/main/groovy/com/jdbernard/nlsongs/rest/UsersResource.java b/src/main/groovy/com/jdbernard/nlsongs/rest/UsersResource.java
index ef7d096..1a1e92e 100644
--- a/src/main/groovy/com/jdbernard/nlsongs/rest/UsersResource.java
+++ b/src/main/groovy/com/jdbernard/nlsongs/rest/UsersResource.java
@@ -19,8 +19,11 @@ import javax.ws.rs.core.SecurityContext;
 
 import com.jdbernard.nlsongs.servlet.NLSongsContext;
 import com.jdbernard.nlsongs.model.User;
+import com.jdbernard.nlsongs.model.UserCredentials;
 import com.jdbernard.nlsongs.model.Token;
 
+import static javax.ws.rs.core.Response.Status.*;
+
 @Path("v1/users") @AllowCors @PermitAll
 @Produces({MediaType.APPLICATION_JSON})
 @Consumes({MediaType.APPLICATION_JSON})
@@ -47,7 +50,7 @@ public class UsersResource {
             return Response.ok(
                 NLSongsContext.songsDB.findUser(username)).build(); }
 
-        else return Response.status(Response.Status.FORBIDDEN).build(); }
+        else return Response.status(FORBIDDEN).build(); }
 
 
     @PUT @Path("/{username}")
@@ -62,7 +65,7 @@ public class UsersResource {
 
             return Response.ok(user).build(); }
 
-        else return Response.status(Response.Status.FORBIDDEN).build(); }
+        else return Response.status(FORBIDDEN).build(); }
 
     @DELETE @Path("/{username}")
     public Response deleteUser(@PathParam("username") String username) {
@@ -73,11 +76,36 @@ public class UsersResource {
             secCtx.isUserInRole("admin")) {
 
             User user = NLSongsContext.songsDB.findUser(username);
-            
+
             if (user != null) NLSongsContext.songsDB.delete(user);
 
             return Response.ok(user).build(); }
 
-        else return Response.status(Response.Status.FORBIDDEN).build(); }
+        else return Response.status(FORBIDDEN).build(); }
 
+    @POST @Path("/login")
+    public Response postLogin(UserCredentials cred) {
+        User user = NLSongsContext.songsDB.findUser(cred.getUsername());
+        if (!user.checkPwd(cred.getPassword())) {
+            return Response.status(UNAUTHORIZED).build(); }
+        else {
+            // Look for a token already belonging to this user.
+            Token token = NLSongsContext.songsDB.findTokenForUser(user);
+
+            // If there is no token, create a new one.
+            if (token == null) token = new Token(user);
+
+            // If the token has expired, delete it and create a new one.
+            else if (token.getExpires().compareTo(new Date()) < 0) {
+                NLSongsContext.songsDB.delete(token);
+                token = new Token(user); }
+
+            // If the token exists and is still good refresh it and keep using
+            // it.
+            else token.refresh();
+
+            // Save our updated token and return it.
+            NLSongsContext.songsDB.save(token);
+
+            return Response.ok(token).build(); } }
 }
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index 616c3ed..20ac127 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- This web.xml file is not required when using Servlet 3.0 container,
      see implementation details http://jersey.java.net/nonav/documentation/latest/jax-rs.html -->
+<!-- PRODUCTION -->
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
     <context-param>
         <param-name>context.config.file</param-name>