From 22abf6a27d64b851a40d76e51013e08d8a7b6f2b Mon Sep 17 00:00:00 2001
From: "Artem.Arefev" <a.arefyev@mediasoft.team>
Date: Mon, 3 Jun 2019 02:11:35 +0400
Subject: [PATCH] #95 blocking user

---
 .../configuration/SecurityConfiguration.java  |  8 +++++++-
 .../core/controller/AdviceController.java     |  1 +
 .../RestAuthenticationFailureHandler.java     | 20 +++++++++++++++++++
 .../ulstu/user/controller/UserController.java |  5 +++++
 .../user/error/UserBlockedException.java      |  4 +++-
 src/main/java/ru/ulstu/user/model/User.java   | 13 ++++++++++++
 .../ru/ulstu/user/service/UserService.java    | 14 ++++++++++++-
 src/main/resources/db/changelog-master.xml    |  1 +
 src/main/resources/public/js/users.js         | 14 +++++++++++++
 src/main/resources/templates/default.html     |  1 +
 .../fragments/userDashboardFragment.html      |  2 ++
 11 files changed, 80 insertions(+), 3 deletions(-)
 create mode 100644 src/main/java/ru/ulstu/core/model/RestAuthenticationFailureHandler.java

diff --git a/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java b/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java
index 894cf39..2feb8ba 100644
--- a/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java
+++ b/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java
@@ -13,8 +13,10 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+import ru.ulstu.core.model.RestAuthenticationFailureHandler;
 import ru.ulstu.user.controller.UserController;
 import ru.ulstu.user.model.UserRoleConstants;
 import ru.ulstu.user.service.UserService;
@@ -35,17 +37,20 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     private final AuthenticationSuccessHandler authenticationSuccessHandler;
     private final LogoutSuccessHandler logoutSuccessHandler;
     private final ApplicationProperties applicationProperties;
+    private final AuthenticationFailureHandler authenticationFailureHandler;
 
     public SecurityConfiguration(UserService userService,
                                  BCryptPasswordEncoder bCryptPasswordEncoder,
                                  AuthenticationSuccessHandler authenticationSuccessHandler,
                                  LogoutSuccessHandler logoutSuccessHandler,
-                                 ApplicationProperties applicationProperties) {
+                                 ApplicationProperties applicationProperties,
+                                 RestAuthenticationFailureHandler authenticationFailureHandler) {
         this.userService = userService;
         this.bCryptPasswordEncoder = bCryptPasswordEncoder;
         this.authenticationSuccessHandler = authenticationSuccessHandler;
         this.logoutSuccessHandler = logoutSuccessHandler;
         this.applicationProperties = applicationProperties;
+        this.authenticationFailureHandler = authenticationFailureHandler;
     }
 
     @Override
@@ -76,6 +81,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                     .formLogin()
                     .loginPage("/login")
                     .successHandler(authenticationSuccessHandler)
+                    .failureHandler(authenticationFailureHandler)
                     .permitAll()
                     .and()
                     .logout()
diff --git a/src/main/java/ru/ulstu/core/controller/AdviceController.java b/src/main/java/ru/ulstu/core/controller/AdviceController.java
index f89001a..78a7771 100644
--- a/src/main/java/ru/ulstu/core/controller/AdviceController.java
+++ b/src/main/java/ru/ulstu/core/controller/AdviceController.java
@@ -12,6 +12,7 @@ import ru.ulstu.core.model.ErrorConstants;
 import ru.ulstu.core.model.response.Response;
 import ru.ulstu.core.model.response.ResponseExtended;
 import ru.ulstu.user.error.UserActivationError;
+import ru.ulstu.user.error.UserBlockedException;
 import ru.ulstu.user.error.UserEmailExistsException;
 import ru.ulstu.user.error.UserIdExistsException;
 import ru.ulstu.user.error.UserIsUndeadException;
diff --git a/src/main/java/ru/ulstu/core/model/RestAuthenticationFailureHandler.java b/src/main/java/ru/ulstu/core/model/RestAuthenticationFailureHandler.java
new file mode 100644
index 0000000..4e07d0d
--- /dev/null
+++ b/src/main/java/ru/ulstu/core/model/RestAuthenticationFailureHandler.java
@@ -0,0 +1,20 @@
+package ru.ulstu.core.model;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Component
+public class RestAuthenticationFailureHandler implements AuthenticationFailureHandler {
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+                                        AuthenticationException ex) throws IOException, ServletException {
+
+        response.sendRedirect("/login.html?error=fail");
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/ru/ulstu/user/controller/UserController.java b/src/main/java/ru/ulstu/user/controller/UserController.java
index c40ed8f..8b63264 100644
--- a/src/main/java/ru/ulstu/user/controller/UserController.java
+++ b/src/main/java/ru/ulstu/user/controller/UserController.java
@@ -171,4 +171,9 @@ public class UserController extends OdinController<UserListDto, UserDto> {
     public void inviteUser(@RequestParam("email") String email) {
         userService.inviteUser(email);
     }
+
+    @PostMapping("/block")
+    public void blockUser(@RequestParam("userId") Integer userId) {
+        userService.blockUser(userId);
+    }
 }
diff --git a/src/main/java/ru/ulstu/user/error/UserBlockedException.java b/src/main/java/ru/ulstu/user/error/UserBlockedException.java
index 6de97e9..23b9b3a 100644
--- a/src/main/java/ru/ulstu/user/error/UserBlockedException.java
+++ b/src/main/java/ru/ulstu/user/error/UserBlockedException.java
@@ -1,6 +1,8 @@
 package ru.ulstu.user.error;
 
-public class UserBlockedException extends RuntimeException {
+import org.springframework.security.core.AuthenticationException;
+
+public class UserBlockedException extends AuthenticationException {
     public UserBlockedException(String message) {
         super(message);
     }
diff --git a/src/main/java/ru/ulstu/user/model/User.java b/src/main/java/ru/ulstu/user/model/User.java
index 520b439..bb76618 100644
--- a/src/main/java/ru/ulstu/user/model/User.java
+++ b/src/main/java/ru/ulstu/user/model/User.java
@@ -12,6 +12,7 @@ import javax.persistence.Enumerated;
 import javax.persistence.JoinColumn;
 import javax.persistence.JoinTable;
 import javax.persistence.ManyToMany;
+import javax.persistence.ManyToOne;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.TemporalType;
@@ -91,6 +92,10 @@ public class User extends BaseEntity {
     @Temporal(TemporalType.TIMESTAMP)
     private Date birthDate;
 
+    @ManyToOne()
+    @JoinColumn(name = "blocker_id")
+    private User blocker;
+
     public enum UserDegree {
         CANDIDATE("Кандидат технических наук"),
         DOCTOR("Доктор технических наук");
@@ -229,6 +234,14 @@ public class User extends BaseEntity {
         this.degree = degree;
     }
 
+    public User getBlocker() {
+        return blocker;
+    }
+
+    public void setBlocker(User blocker) {
+        this.blocker = blocker;
+    }
+
     public String getUserAbbreviate() {
         return String.format(USER_ABBREVIATE_TEMPLATE,
                 lastName == null ? "" : lastName,
diff --git a/src/main/java/ru/ulstu/user/service/UserService.java b/src/main/java/ru/ulstu/user/service/UserService.java
index 217215b..a58b6db 100644
--- a/src/main/java/ru/ulstu/user/service/UserService.java
+++ b/src/main/java/ru/ulstu/user/service/UserService.java
@@ -14,13 +14,16 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import ru.ulstu.conference.service.ConferenceService;
 import ru.ulstu.configuration.ApplicationProperties;
 import ru.ulstu.core.error.EntityIdIsNullException;
 import ru.ulstu.core.jpa.OffsetablePageRequest;
 import ru.ulstu.core.model.BaseEntity;
 import ru.ulstu.core.model.response.PageableItems;
+import ru.ulstu.core.model.response.Response;
 import ru.ulstu.user.error.UserActivationError;
+import ru.ulstu.user.error.UserBlockedException;
 import ru.ulstu.user.error.UserEmailExistsException;
 import ru.ulstu.user.error.UserIdExistsException;
 import ru.ulstu.user.error.UserIsUndeadException;
@@ -252,7 +255,7 @@ public class UserService implements UserDetailsService {
         mailService.sendChangePasswordMail(user);
     }
 
-    public boolean requestUserPasswordReset(String email)  {
+    public boolean requestUserPasswordReset(String email) {
         User user = userRepository.findOneByEmailIgnoreCase(email);
         if (user == null) {
             throw new UserNotFoundException(email);
@@ -313,6 +316,9 @@ public class UserService implements UserDetailsService {
         if (!user.getActivated()) {
             throw new UserNotActivatedException();
         }
+        if (user.getBlocker() != null) {
+            throw new UserBlockedException(String.format("Вы заблокированы пользователем %s", user.getBlocker().getUserAbbreviate()));
+        }
         return new org.springframework.security.core.userdetails.User(user.getLogin(),
                 user.getPassword(),
                 Optional.ofNullable(user.getRoles()).orElse(Collections.emptySet()).stream()
@@ -389,4 +395,10 @@ public class UserService implements UserDetailsService {
         }
         return ImmutableMap.of("users", usersInfoNow, "error", err);
     }
+
+    public void blockUser(int userId) {
+        User userToBlock = findById(userId);
+        userToBlock.setBlocker(getCurrentUser());
+        userRepository.save(userToBlock);
+    }
 }
diff --git a/src/main/resources/db/changelog-master.xml b/src/main/resources/db/changelog-master.xml
index c8a6e63..3719ac5 100644
--- a/src/main/resources/db/changelog-master.xml
+++ b/src/main/resources/db/changelog-master.xml
@@ -49,4 +49,5 @@
     <include file="db/changelog-20190523_000000-schema.xml"/>
     <include file="db/changelog-20190528_000000-schema.xml"/>
     <include file="db/changelog-20190528_000002-schema.xml"/>
+    <include file="db/changelog-20190531_000002-schema.xml"/>
 </databaseChangeLog>
\ No newline at end of file
diff --git a/src/main/resources/public/js/users.js b/src/main/resources/public/js/users.js
index e31d3ad..68fbf55 100644
--- a/src/main/resources/public/js/users.js
+++ b/src/main/resources/public/js/users.js
@@ -120,6 +120,20 @@ function resetPassword() {
     })
 }
 
+function blockUser() {
+    userId = $('#userId').val();
+    $.ajax({
+        url:"/api/1.0/users/block?userId=" + userId,
+        contentType: "application/json; charset=utf-8",
+        method: "POST",
+        success: function() {
+            showFeedbackMessage("Пользователь заблокирован", MessageTypesEnum.SUCCESS)
+        },
+        error: function(errorData) {
+            showFeedbackMessage(errorData.responseJSON.error.message, MessageTypesEnum.WARNING)
+        }
+    })
+}
 
 function isEmailValid(email) {
     re = /\S+@\S+\.\S+/;
diff --git a/src/main/resources/templates/default.html b/src/main/resources/templates/default.html
index 32939e7..d3c49dd 100644
--- a/src/main/resources/templates/default.html
+++ b/src/main/resources/templates/default.html
@@ -109,6 +109,7 @@
 <script src="/js/core.js"></script>
 <script src="/js/config.js"></script>
 <script src="/js/odin.js"></script>
+<script src="/js/users.js"></script>
 <script th:inline="javascript">
 
     /*<![CDATA[*/
diff --git a/src/main/resources/templates/users/fragments/userDashboardFragment.html b/src/main/resources/templates/users/fragments/userDashboardFragment.html
index 267bbf8..b7d1d55 100644
--- a/src/main/resources/templates/users/fragments/userDashboardFragment.html
+++ b/src/main/resources/templates/users/fragments/userDashboardFragment.html
@@ -7,10 +7,12 @@
 <div th:fragment="userDashboard (user)" class="col-12 col-sm-12 col-md-12 col-lg-4 col-xl-3 dashboard-card">
     <div class="row">
         <div class="col col-10">
+            <input type="hidden" id="userId" th:value="${user.user.id}"/>
             <b><p th:text="${user.user.lastName} + ' ' + ${user.user.firstName} + ' ' + ${user.user.patronymic}"></p></b>
             <i><p th:if="${user.conference != null}" th:text="'Сейчас на конференции ' + ${user.conference.title}"></p></i>
             <i><p th:if="${user.lesson != null}" th:text="'Сейчас на паре ' + ${user.lesson.nameOfLesson} + ' в аудитории ' + ${user.lesson.room}"></p></i>
             <p th:if="${user.isOnline()}">Онлайн</p>
+            <button onclick="blockUser()">Заблокировать</button>
         </div>
     </div>
 </div>