Merge branch '88-change-password' into 'dev'

Resolve "Смена пароля" Closes #88 See merge request romanov73/ng-tracker!96
5 years ago · 3dbf635fb6
parent 83aba158b6 3da374326b
commit 3dbf635fb6
19 changed files with 452 additions and 73 deletions
--- a/src/main/java/ru/ulstu/configuration/Constants.java
+++ b/src/main/java/ru/ulstu/configuration/Constants.java
@ -5,7 +5,11 @@ public class Constants {

    public static final String MAIL_ACTIVATE = "Account activation";
    public static final String MAIL_RESET = "Password reset";
+    public static final String MAIL_INVITE = "Account registration";
+    public static final String MAIL_CHANGE_PASSWORD = "Password has been changed";
+
    public static final int MIN_PASSWORD_LENGTH = 6;
+    public static final int MAX_PASSWORD_LENGTH = 32;

    public static final String LOGIN_REGEX = "^[_'.@A-Za-z0-9-]*$";

--- a/src/main/java/ru/ulstu/core/model/ErrorConstants.java
+++ b/src/main/java/ru/ulstu/core/model/ErrorConstants.java
@ -8,7 +8,7 @@ public enum ErrorConstants {
    USER_ACTIVATION_ERROR(101, "Invalid activation key"),
    USER_EMAIL_EXISTS(102, "User with same email already exists"),
    USER_LOGIN_EXISTS(103, "User with same login already exists"),
-    USER_PASSWORDS_NOT_VALID_OR_NOT_MATCH(104, "User passwords is not valid or not match"),
+    USER_PASSWORDS_NOT_VALID_OR_NOT_MATCH(104, "Пароли введены неверно"),
    USER_NOT_FOUND(105, "User is not found"),
    USER_NOT_ACTIVATED(106, "User is not activated"),
    USER_RESET_ERROR(107, "Invalid reset key"),
--- a/src/main/java/ru/ulstu/core/model/response/Response.java
+++ b/src/main/java/ru/ulstu/core/model/response/Response.java
@ -11,6 +11,6 @@ public class Response<D> extends ResponseEntity<Object> {
    }

    public Response(ErrorConstants error) {
-        super(new ControllerResponse<Void, Void>(new ControllerResponseError<>(error, null)), HttpStatus.OK);
+        super(new ControllerResponse<Void, Void>(new ControllerResponseError<>(error, null)), HttpStatus.BAD_REQUEST);
    }
 }
--- a/src/main/java/ru/ulstu/core/model/response/ResponseExtended.java
+++ b/src/main/java/ru/ulstu/core/model/response/ResponseExtended.java
@ -7,6 +7,6 @@ import ru.ulstu.core.model.ErrorConstants;
 public class ResponseExtended<E> extends ResponseEntity<Object> {

    public ResponseExtended(ErrorConstants error, E errorData) {
-        super(new ControllerResponse<Void, E>(new ControllerResponseError<E>(error, errorData)), HttpStatus.OK);
+        super(new ControllerResponse<Void, E>(new ControllerResponseError<E>(error, errorData)), HttpStatus.BAD_REQUEST);
    }
 }
--- a/src/main/java/ru/ulstu/user/controller/UserController.java
+++ b/src/main/java/ru/ulstu/user/controller/UserController.java
@ -19,6 +19,7 @@ import ru.ulstu.odin.controller.OdinController;
 import ru.ulstu.odin.model.OdinMetadata;
 import ru.ulstu.odin.model.OdinVoid;
 import ru.ulstu.odin.service.OdinService;
+import ru.ulstu.user.model.User;
 import ru.ulstu.user.model.UserDto;
 import ru.ulstu.user.model.UserListDto;
 import ru.ulstu.user.model.UserResetPasswordDto;
@ -28,8 +29,12 @@ import ru.ulstu.user.model.UserSessionListDto;
 import ru.ulstu.user.service.UserService;
 import ru.ulstu.user.service.UserSessionService;

+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 import javax.validation.Valid;

+import java.util.Map;
+
 import static ru.ulstu.user.controller.UserController.URL;

@RestController
@ -141,20 +146,6 @@ public class UserController extends OdinController<UserListDto, UserDto> {
        return new Response<>(userService.activateUser(activationKey));
    }

-    // TODO: add page for user edit (user-profile)
-    @PostMapping("/change-information")
-    public Response<UserDto> changeInformation(@Valid @RequestBody UserDto userDto) {
-        log.debug("REST: UserController.changeInformation( {} )", userDto.getLogin());
-        return new Response<>(userService.updateUserInformation(userDto));
-    }
-
-    // TODO: add page for user password change (user-profile)
-    @PostMapping("/change-password")
-    public Response<UserDto> changePassword(@Valid @RequestBody UserDto userDto) {
-        log.debug("REST: UserController.changePassword( {} )", userDto.getLogin());
-        return new Response<>(userService.changeUserPassword(userDto));
-    }
-
    @PostMapping(PASSWORD_RESET_REQUEST_URL)
    public Response<Boolean> requestPasswordReset(@RequestParam("email") String email) {
        log.debug("REST: UserController.requestPasswordReset( {} )", email);
@ -167,4 +158,12 @@ public class UserController extends OdinController<UserListDto, UserDto> {
        log.debug("REST: UserController.requestPasswordReset( {} )", key);
        return new Response<>(userService.completeUserPasswordReset(key, userResetPasswordDto));
    }
+
+    @PostMapping("/changePassword")
+    public void changePassword(@RequestBody Map<String, String> payload, HttpServletRequest request) {
+        HttpSession session = request.getSession(false);
+        final String sessionId = session.getAttribute(Constants.SESSION_ID_ATTR).toString();
+        User user = userSessionService.getUserBySessionId(sessionId);
+        userService.changeUserPassword(user, payload);
+    }
 }
--- a/src/main/java/ru/ulstu/user/controller/UserMvcController.java
+++ b/src/main/java/ru/ulstu/user/controller/UserMvcController.java
@ -0,0 +1,58 @@
+package ru.ulstu.user.controller;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import ru.ulstu.configuration.Constants;
+import ru.ulstu.odin.controller.OdinController;
+import ru.ulstu.user.model.UserDto;
+import ru.ulstu.user.model.User;
+import ru.ulstu.user.model.UserListDto;
+import ru.ulstu.user.service.UserService;
+import ru.ulstu.user.service.UserSessionService;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+@Controller
+@RequestMapping(value = "/users")
+public class UserMvcController extends OdinController<UserListDto, UserDto> {
+
+    private final Logger log = LoggerFactory.getLogger(UserMvcController.class);
+
+    private final UserService userService;
+    private final UserSessionService userSessionService;
+
+    public UserMvcController(UserService userService,
+                             UserSessionService userSessionService) {
+        super(UserListDto.class, UserDto.class);
+        this.userService = userService;
+        this.userSessionService = userSessionService;
+    }
+
+    @GetMapping("/profile")
+    public void getUserProfile(ModelMap modelMap, HttpServletRequest request) {
+        HttpSession session = request.getSession(false);
+        final String sessionId = session.getAttribute(Constants.SESSION_ID_ATTR).toString();
+        modelMap.addAttribute("userDto", new UserDto(userSessionService.getUserBySessionId(sessionId)));
+    }
+
+    @PostMapping("/profile")
+    public void updateUserProfile(ModelMap modelMap, HttpServletRequest request, UserDto userDto) {
+        HttpSession session = request.getSession(false);
+        final String sessionId = session.getAttribute(Constants.SESSION_ID_ATTR).toString();
+        User user = userSessionService.getUserBySessionId(sessionId);
+        modelMap.addAttribute("userDto", userService.updateUserInformation(user, userDto));
+    }
+
+    @PostMapping("/invite")
+    public String inviteUser(@RequestParam(value = "email") String email, ModelMap modelMap) {
+        userService.inviteUser(email);
+        return "redirect:/";
+    }
+}
--- a/src/main/java/ru/ulstu/user/error/UserPasswordsNotValidOrNotMatchException.java
+++ b/src/main/java/ru/ulstu/user/error/UserPasswordsNotValidOrNotMatchException.java
@ -1,6 +1,7 @@
 package ru.ulstu.user.error;

 public class UserPasswordsNotValidOrNotMatchException extends RuntimeException {
-    public UserPasswordsNotValidOrNotMatchException() {
+    public UserPasswordsNotValidOrNotMatchException(String message) {
+        super(message);
    }
 }
--- a/src/main/java/ru/ulstu/user/error/UserSendingMailException.java
+++ b/src/main/java/ru/ulstu/user/error/UserSendingMailException.java
@ -0,0 +1,7 @@
+package ru.ulstu.user.error;
+
+public class UserSendingMailException extends RuntimeException {
+    public UserSendingMailException(String message) {
+        super(message);
+    }
+}
--- a/src/main/java/ru/ulstu/user/service/MailService.java
+++ b/src/main/java/ru/ulstu/user/service/MailService.java
@ -3,6 +3,7 @@ package ru.ulstu.user.service;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.autoconfigure.mail.MailProperties;
+import org.springframework.mail.MailException;
 import org.springframework.mail.javamail.JavaMailSender;
 import org.springframework.mail.javamail.MimeMessageHelper;
 import org.springframework.scheduling.annotation.Async;
@ -13,6 +14,7 @@ import ru.ulstu.configuration.ApplicationProperties;
 import ru.ulstu.configuration.Constants;
 import ru.ulstu.user.model.User;

+import javax.mail.MessagingException;
 import javax.mail.internet.MimeMessage;
 import java.nio.charset.StandardCharsets;
 import java.util.Map;
@ -38,44 +40,65 @@ public class MailService {
    }

    @Async
-    public void sendEmail(String to, String subject, String content) {
+    public void sendEmail(String to, String subject, String content) throws MessagingException {
        log.debug("Send email to '{}' with subject '{}'", to, subject);
        MimeMessage mimeMessage = javaMailSender.createMimeMessage();
+        MimeMessageHelper message = new MimeMessageHelper(mimeMessage, false, StandardCharsets.UTF_8.name());
+        message.setTo(to);
+        message.setFrom(mailProperties.getUsername());
+        message.setSubject(subject);
+        message.setText(content, true);
+        javaMailSender.send(mimeMessage);
+        log.debug("Sent email to User '{}'", to);
+    }
+
+    @Async
+    public void sendEmailFromTemplate(User user, String templateName, String subject) {
+        Context context = new Context();
+        context.setVariable(USER, user);
+        context.setVariable(BASE_URL, applicationProperties.getBaseUrl());
+        String content = templateEngine.process(templateName, context);
        try {
-            MimeMessageHelper message = new MimeMessageHelper(mimeMessage, false, StandardCharsets.UTF_8.name());
-            message.setTo(to);
-            message.setFrom(mailProperties.getUsername());
-            message.setSubject(subject);
-            message.setText(content, true);
-            javaMailSender.send(mimeMessage);
-            log.debug("Sent email to User '{}'", to);
-        } catch (Exception e) {
+            sendEmail(user.getEmail(), subject, content);
+        } catch (
+                Exception e) {
            if (log.isDebugEnabled()) {
-                log.warn("Email could not be sent to user '{}'", to, e);
+                log.warn("Email could not be sent to user '{}'", user.getEmail(), e);
            } else {
-                log.warn("Email could not be sent to user '{}': {}", to, e.getMessage());
+                log.warn("Email could not be sent to user '{}': {}", user.getEmail(), e.getMessage());
            }
        }
+
    }

+    //Todo: выделить сервис нотификаций
    @Async
-    public void sendEmailFromTemplate(User user, String templateName, String subject) {
+    public void sendEmailFromTemplate(Map<String, Object> variables, User user, String templateName, String subject) {
        Context context = new Context();
+        variables.entrySet().forEach(entry -> context.setVariable(entry.getKey(), entry.getValue()));
        context.setVariable(USER, user);
        context.setVariable(BASE_URL, applicationProperties.getBaseUrl());
        String content = templateEngine.process(templateName, context);
-        sendEmail(user.getEmail(), subject, content);
+        try {
+            sendEmail(user.getEmail(), subject, content);
+        } catch (
+                Exception e) {
+            if (log.isDebugEnabled()) {
+                log.warn("Email could not be sent to user '{}'", user.getEmail(), e);
+            } else {
+                log.warn("Email could not be sent to user '{}': {}", user.getEmail(), e.getMessage());
+            }
+        }
    }

-    //Todo: выделить сервис нотификаций
    @Async
-    public void sendEmailFromTemplate(Map<String, Object> variables, User user, String templateName, String subject) {
+    public void sendEmailFromTemplate(Map<String, Object> variables, String templateName, String subject, String email)
+            throws MessagingException {
        Context context = new Context();
        variables.entrySet().forEach(entry -> context.setVariable(entry.getKey(), entry.getValue()));
-        context.setVariable(USER, user);
        context.setVariable(BASE_URL, applicationProperties.getBaseUrl());
        String content = templateEngine.process(templateName, context);
-        sendEmail(user.getEmail(), subject, content);
+        sendEmail(email, subject, content);
    }

    @Async
@ -87,4 +110,14 @@ public class MailService {
    public void sendPasswordResetMail(User user) {
        sendEmailFromTemplate(user, "passwordResetEmail", Constants.MAIL_RESET);
    }
+
+    public void sendInviteMail(Map<String, Object> variables, String email) throws MessagingException {
+        sendEmailFromTemplate(variables, "userInviteEmail", Constants.MAIL_INVITE, email);
+    }
+
+    @Async
+    public void sendChangePasswordMail(User user) {
+        sendEmailFromTemplate(user, "passwordChangeEmail", Constants.MAIL_CHANGE_PASSWORD);
+
+    }
 }
--- a/src/main/java/ru/ulstu/user/service/UserService.java
+++ b/src/main/java/ru/ulstu/user/service/UserService.java
@ -1,5 +1,6 @@
 package ru.ulstu.user.service;

+import com.google.common.collect.ImmutableMap;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.data.domain.Page;
@ -25,6 +26,7 @@ import ru.ulstu.user.error.UserNotActivatedException;
 import ru.ulstu.user.error.UserNotFoundException;
 import ru.ulstu.user.error.UserPasswordsNotValidOrNotMatchException;
 import ru.ulstu.user.error.UserResetKeyError;
+import ru.ulstu.user.error.UserSendingMailException;
 import ru.ulstu.user.model.User;
 import ru.ulstu.user.model.UserDto;
 import ru.ulstu.user.model.UserListDto;
@ -36,10 +38,12 @@ import ru.ulstu.user.repository.UserRepository;
 import ru.ulstu.user.repository.UserRoleRepository;
 import ru.ulstu.user.util.UserUtils;

+import javax.mail.MessagingException;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.Date;
 import java.util.List;
+import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
@ -48,6 +52,8 @@ import java.util.stream.Collectors;
@Service
@Transactional
 public class UserService implements UserDetailsService {
+    private static final String INVITE_USER_EXCEPTION = "Во время отправки приглашения произошла ошибка";
+
    private final Logger log = LoggerFactory.getLogger(UserService.class);
    private final UserRepository userRepository;
    private final PasswordEncoder passwordEncoder;
@ -122,7 +128,7 @@ public class UserService implements UserDetailsService {
            throw new UserEmailExistsException(userDto.getEmail());
        }
        if (!userDto.isPasswordsValid()) {
-            throw new UserPasswordsNotValidOrNotMatchException();
+            throw new UserPasswordsNotValidOrNotMatchException("");
        }
        User user = userMapper.userDtoToUserEntity(userDto);
        user.setActivated(false);
@ -192,10 +198,10 @@ public class UserService implements UserDetailsService {
                : roles);
        if (!StringUtils.isEmpty(userDto.getOldPassword())) {
            if (!userDto.isPasswordsValid() || !userDto.isOldPasswordValid()) {
-                throw new UserPasswordsNotValidOrNotMatchException();
+                throw new UserPasswordsNotValidOrNotMatchException("");
            }
            if (!passwordEncoder.matches(userDto.getOldPassword(), user.getPassword())) {
-                throw new UserPasswordsNotValidOrNotMatchException();
+                throw new UserPasswordsNotValidOrNotMatchException("");
            }
            user.setPassword(passwordEncoder.encode(userDto.getPassword()));
            log.debug("Changed password for User: {}", user.getLogin());
@ -205,46 +211,28 @@ public class UserService implements UserDetailsService {
        return userMapper.userEntityToUserDto(user);
    }

-    public UserDto updateUserInformation(UserDto userDto) {
-        if (userDto.getId() == null) {
-            throw new EntityIdIsNullException();
-        }
-        if (!Objects.equals(
-                Optional.ofNullable(getUserByEmail(userDto.getEmail()))
-                        .map(BaseEntity::getId).orElse(userDto.getId()),
-                userDto.getId())) {
-            throw new UserEmailExistsException(userDto.getEmail());
-        }
-        User user = userRepository.findOne(userDto.getId());
-        if (user == null) {
-            throw new UserNotFoundException(userDto.getId().toString());
-        }
-        user.setFirstName(userDto.getFirstName());
-        user.setLastName(userDto.getLastName());
-        user.setEmail(userDto.getEmail());
+    public UserDto updateUserInformation(User user, UserDto updateUser) {
+        user.setFirstName(updateUser.getFirstName());
+        user.setLastName(updateUser.getLastName());
+        user.setEmail(updateUser.getEmail());
+        user.setLogin(updateUser.getLogin());
        user = userRepository.save(user);
        log.debug("Updated Information for User: {}", user.getLogin());
        return userMapper.userEntityToUserDto(user);
    }

-    public UserDto changeUserPassword(UserDto userDto) {
-        if (userDto.getId() == null) {
-            throw new EntityIdIsNullException();
-        }
-        if (!userDto.isPasswordsValid() || !userDto.isOldPasswordValid()) {
-            throw new UserPasswordsNotValidOrNotMatchException();
+    public void changeUserPassword(User user, Map<String, String> payload) {
+        if (!payload.get("password").equals(payload.get("confirmPassword"))) {
+            throw new UserPasswordsNotValidOrNotMatchException("");
        }
-        final String login = UserUtils.getCurrentUserLogin();
-        final User user = userRepository.findOneByLoginIgnoreCase(login);
-        if (user == null) {
-            throw new UserNotFoundException(login);
+        if (!passwordEncoder.matches(payload.get("oldPassword"), user.getPassword())) {
+            throw new UserPasswordsNotValidOrNotMatchException("Старый пароль введен неправильно");
        }
-        if (!passwordEncoder.matches(userDto.getOldPassword(), user.getPassword())) {
-            throw new UserPasswordsNotValidOrNotMatchException();
-        }
-        user.setPassword(passwordEncoder.encode(userDto.getPassword()));
+        user.setPassword(passwordEncoder.encode(payload.get("password")));
        log.debug("Changed password for User: {}", user.getLogin());
-        return userMapper.userEntityToUserDto(userRepository.save(user));
+        userRepository.save(user);
+
+        mailService.sendChangePasswordMail(user);
    }

    public boolean requestUserPasswordReset(String email) {
@ -265,7 +253,7 @@ public class UserService implements UserDetailsService {

    public boolean completeUserPasswordReset(String key, UserResetPasswordDto userResetPasswordDto) {
        if (!userResetPasswordDto.isPasswordsValid()) {
-            throw new UserPasswordsNotValidOrNotMatchException();
+            throw new UserPasswordsNotValidOrNotMatchException("");
        }
        User user = userRepository.findOneByResetKey(key);
        if (user == null) {
@ -328,4 +316,28 @@ public class UserService implements UserDetailsService {
    public List<User> filterByAgeAndDegree(boolean hasDegree, boolean hasAge) {
        return userRepository.filterByAgeAndDegree(hasDegree, hasAge);
    }
+
+    public void inviteUser(String email) throws UserSendingMailException {
+        if (userRepository.findOneByEmailIgnoreCase(email) != null) {
+            throw new UserEmailExistsException(email);
+        }
+
+        String password = UserUtils.generatePassword();
+
+        User user = new User();
+        user.setPassword(passwordEncoder.encode(password));
+        user.setLogin(email);
+        user.setEmail(email);
+        user.setFirstName("user");
+        user.setLastName("user");
+        user.setActivated(true);
+        userRepository.save(user);
+
+        Map<String, Object> variables = ImmutableMap.of("password", password, "email", email);
+        try {
+            mailService.sendInviteMail(variables, email);
+        } catch (MessagingException e) {
+            throw new UserSendingMailException(INVITE_USER_EXCEPTION);
+        }
+    }
 }
--- a/src/main/java/ru/ulstu/user/service/UserSessionService.java
+++ b/src/main/java/ru/ulstu/user/service/UserSessionService.java
@ -54,4 +54,8 @@ public class UserSessionService {
        userSessionRepository.save(userSession);
        log.debug("User session {} closed", sessionId);
    }
+
+    public User getUserBySessionId(String sessionId) {
+        return userSessionRepository.findOneBySessionId(sessionId).getUser();
+    }
 }
--- a/src/main/java/ru/ulstu/user/util/UserUtils.java
+++ b/src/main/java/ru/ulstu/user/util/UserUtils.java
@ -5,6 +5,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
+import ru.ulstu.configuration.Constants;

 public class UserUtils {
    private static final int DEF_COUNT = 20;
@ -32,4 +33,8 @@ public class UserUtils {
        }
        return null;
    }
+
+    public static String generatePassword() {
+        return RandomStringUtils.randomAscii(Constants.MIN_PASSWORD_LENGTH, Constants.MAX_PASSWORD_LENGTH);
+    }
 }
--- a/src/main/resources/mail_templates/passwordChangeEmail.html
+++ b/src/main/resources/mail_templates/passwordChangeEmail.html
@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <title>Password reset</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+    <link rel="shortcut icon" th:href="@{|${baseUrl}/favicon.ico|}"/>
+</head>
+<body>
+<p>
+    Dear <span th:text="${user.firstName + ' ' + user.lastName}">Ivan Ivanov</span>
+</p>
+<p>
+    Your password has been changed.
+</p>
+<p>
+    Regards,
+    <br/>
+    <em>Balance Team.</em>
+</p>
+</body>
+</html>
--- a/src/main/resources/mail_templates/userInviteEmail.html
+++ b/src/main/resources/mail_templates/userInviteEmail.html
@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <title>Account activation</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+    <link rel="shortcut icon" th:href="@{|${baseUrl}/favicon.ico|}"/>
+</head>
+<body>
+<p>
+    Аккаунт в системе NG-Tracker был создан. <br />
+    Данные для входа: <br />
+    Логин - <span th:text="${email}"></span> <br />
+    Пароль - <span th:text="${password}"></span>
+</p>
+<p>
+    Regards,
+    <br/>
+    <em>Balance Team.</em>
+</p>
+</body>
+</html>
--- a/src/main/resources/public/js/users.js
+++ b/src/main/resources/public/js/users.js
@ -0,0 +1,58 @@
+function changePassword() {
+    oldPassword = document.getElementById("oldPassword").value
+    password = document.getElementById("password").value
+    confirmPassword = document.getElementById("confirmPassword").value
+
+    if ([oldPassword.length, password.length, confirmPassword.length].includes(0)) {
+        showFeedbackMessage("Заполните все поля", MessageTypesEnum.WARNING);
+        return;
+    }
+
+    if (password != confirmPassword) {
+        showFeedbackMessage("Повторный пароль введен неверно", MessageTypesEnum.WARNING);
+        return;
+    }
+
+    $.ajax({
+        url:"/api/1.0/users/changePassword",
+        contentType: "application/json; charset=utf-8",
+        data: JSON.stringify({
+            "oldPassword": oldPassword,
+            "password": password,
+            "confirmPassword": confirmPassword,
+        }),
+        method: "POST",
+        success: function() {
+            document.getElementById("closeModalPassword").click();
+                showFeedbackMessage("Пароль был обновлен", MessageTypesEnum.SUCCESS)
+
+        },
+        error: function(errorData) {
+            showFeedbackMessage(errorData.responseJSON.error.message, MessageTypesEnum.WARNING)
+        }
+    })
+}
+
+function inviteUser() {
+    email = document.getElementById("email").value;
+    re = /\S+@\S+\.\S+/;
+
+
+    if (!re.test(email)) {
+        showFeedbackMessage("Некорректный почтовый ящик", MessageTypesEnum.WARNING);
+        return;
+    }
+
+    $.ajax({
+        url:"/api/1.0/users/invite?email=" + email,
+        contentType: "application/json; charset=utf-8",
+        method: "POST",
+        success: function() {
+            document.getElementById("closeModalInvite").click();
+            showFeedbackMessage("Пользователь был успешно приглашен", MessageTypesEnum.SUCCESS)
+        },
+        error: function(errorData) {
+            showFeedbackMessage(errorData.responseJSON.error.message, MessageTypesEnum.WARNING)
+        }
+    })
+}
--- a/src/main/resources/templates/default.html
+++ b/src/main/resources/templates/default.html
@ -61,13 +61,24 @@
                <li class="nav-item">
                    <a class="nav-link js-scroll-trigger" target="_blank" href="https://kias.rfbr.ru/">КИАС РФФИ</a>
                </li>
-                <li class="nav-item">
-                    <a class="nav-link js-scroll-trigger" href="/logout">Выход</a>
+                <li class="nav-item dropdown">
+                    <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button"
+                       data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">
+                        Профиль
+                    </a>
+                    <div class="dropdown-menu" aria-labelledby="navbarDropdown">
+                        <a class="dropdown-item" href="/users/profile">Личный кабинет</a>
+                        <a class="dropdown-item" href="/logout">Выход</a>
+                        <a class="dropdown-item" data-toggle="modal" href="invite.html" data-target="#inviteModal">Пригласить</a>
+                        <a class="dropdown-item" data-toggle="modal" data-target="#changePasswordModal">Сменить пароль</a>
+                    </div>
                </li>
            </ul>
        </div>
    </div>
 </nav>
+<div th:replace="users/inviteModal"/>
+<div th:replace="users/changePassword"/>
 <div class="container-fluid">
    <div class="container">
        <ul id="messages" class="feedback-panel">
@ -108,6 +119,7 @@
    /*]]>*/


+
 </script>
 <th:block layout:fragment="scripts">
 </th:block>
@ -142,6 +154,7 @@
            f();
        }
    })(document, window, "yandex_metrika_callbacks2");
+
 </script>
 <noscript>
    <div><img src="https://mc.yandex.ru/watch/49387279" style="position:absolute; left:-9999px;" alt=""/></div>
--- a/src/main/resources/templates/users/changePassword.html
+++ b/src/main/resources/templates/users/changePassword.html
@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html xmlns:th="http://www.thymeleaf.org">
+<head th:fragment="headerfiles">
+    <meta charset="UTF-8"/>
+    <script type='text/javascript' src="js/users.js"></script>
+</head>
+<body>
+<div id="changePasswordModal" class="modal fade text-center">
+    <div class="modal-dialog">
+        <div class="modal-content">
+            <div class="modal-header">
+                <h5 class="modal-title" id="label">Пригласить пользователя</h5>
+                <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+                    <span aria-hidden="true">&times;</span>
+                </button>
+            </div>
+            <div class="modal-body">
+                <input class="form-control" id="oldPassword" type="password"
+                       placeholder="Старый пароль" required="required" name="oldPassword"/>
+                <br/>
+                <input class="form-control" id="password" type="password"
+                       placeholder="Новый пароль" required="required" name="password"/>
+                <br/>
+                <input class="form-control" id="confirmPassword" type="password"
+                       placeholder="Подтверждение нового пароля" required="required" name="confirmPassword"/>
+            </div>
+            <div class="modal-footer">
+                <button id="closeModalPassword" type="button" class="btn btn-secondary" data-dismiss="modal">Закрыть
+                </button>
+                <button type="button" onclick="changePassword()" class="btn btn-primary">Сохранить</button>
+            </div>
+        </div>
+    </div>
+</div>
+</body>
+</html>
--- a/src/main/resources/templates/users/inviteModal.html
+++ b/src/main/resources/templates/users/inviteModal.html
@ -0,0 +1,32 @@
+<!DOCTYPE HTML>
+<html xmlns:th="http://www.thymeleaf.org">
+<head th:fragment="headerfiles">
+    <meta charset="UTF-8"/>
+</head>
+<body>
+<div id="inviteModal" class="modal fade text-center">
+    <div class="modal-dialog">
+        <div class="modal-content">
+            <form id="invite-form" method="post" action="/users/invite">
+
+                <div class="modal-header">
+                    <h5 class="modal-title" id="label">Пригласить пользователя</h5>
+                    <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+                        <span aria-hidden="true">&times;</span>
+                    </button>
+                </div>
+                <div class="modal-body">
+                    <input class="form-control" id="email" type="text"
+                           placeholder="email" name="email"/>
+
+                </div>
+                <div class="modal-footer">
+                    <button type="button" class="btn btn-secondary" data-dismiss="modal">Закрыть</button>
+                    <button type="submit" class="btn btn-primary">Пригласить</button>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+</body>
+</html>
--- a/src/main/resources/templates/users/profile.html
+++ b/src/main/resources/templates/users/profile.html
@ -0,0 +1,75 @@
+<!DOCTYPE html>
+<html lang="en"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      layout:decorator="default"  xmlns:th="http://www.w3.org/1999/xhtml" xmlns="http://www.w3.org/1999/html">
+<head>
+    <link rel="stylesheet" href="../css/grant.css"/>
+</head>
+<body>
+
+
+<div class="container" layout:fragment="content">
+    <section id="ewrq">
+        <div class="container">
+            <div class="row">
+                <div class="col-lg-12 text-center">
+                    <h2 class="section-heading text-uppercase">Личный кабинет</h2>
+                </div>
+            </div>
+            <hr/>
+            <div class="row">
+                <div class="col-lg-12">
+                    <form id="profile-form" method="post" th:action="@{'/users/profile'}"
+                          th:object="${userDto}">
+                        <input type="hidden" name="id" th:field="*{id}"/>
+                        <div class="form-group">
+                            <label for="firstName">Имя:</label>
+                            <input class="form-control" id="firstName" type="text"
+                                   placeholder="Имя"
+                                   th:field="*{firstName}"/>
+                            <p th:if="${#fields.hasErrors('firstName')}" th:errors="*{firstName}"
+                               class="alert alert-danger">Incorrect firstName</p>
+                            <p class="help-block text-danger"></p>
+                        </div>
+                        <div class="form-group">
+                            <label for="lastName">Фамилия:</label>
+                            <input class="form-control" id="lastName" type="text"
+                                   placeholder="lastName"
+                                   th:field="*{lastName}"/>
+                            <p th:if="${#fields.hasErrors('lastName')}" th:errors="*{lastName}"
+                               class="alert alert-danger">Incorrect lastName</p>
+                            <p class="help-block text-danger"></p>
+                        </div>
+                        <div class="form-group">
+                            <label for="email">Email:</label>
+                            <input class="form-control" id="email" type="text"
+                                   placeholder="Email"
+                                   th:field="*{email}"/>
+                            <p th:if="${#fields.hasErrors('email')}" th:errors="*{email}"
+                               class="alert alert-danger">Incorrect email</p>
+                            <p class="help-block text-danger"></p>
+                        </div>
+                        <div class="form-group">
+                            <label for="login">Логин:</label>
+                            <input class="form-control" id="login" type="text"
+                                   placeholder="Login"
+                                   th:field="*{login}"/>
+                            <p th:if="${#fields.hasErrors('login')}" th:errors="*{login}"
+                               class="alert alert-danger">Incorrect email</p>
+                            <p class="help-block text-danger"></p>
+                        </div>
+                        <div class="form-group">
+                            <button id="sendMessageButton" name="save"
+                                    class="btn btn-success text-uppercase"
+                                    type="submit">
+                                Сохранить
+                            </button>
+                        </div>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </section>
+</div>
+</body>
+</html>