Add change user lock status

loolzaaa · loolzaaa · commit af715c579bbc · 2022-10-01T13:22:30.000+05:00
diff --git a/src/main/java/ru/loolzaaa/authserver/controllers/UserController.java b/src/main/java/ru/loolzaaa/authserver/controllers/UserController.java
@@ -59,6 +59,15 @@ ResponseEntity<RequestStatusDTO> deleteUser(@PathVariable("username") String use
         return ResponseEntity.status(requestStatusDTO.getStatusCode()).body(requestStatusDTO);
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
+    @PatchMapping(value = "/user/{username}/lock", produces = "application/json")
+    ResponseEntity<RequestStatusDTO> changeUserLockStatus(@PathVariable("username") String username,
+                                                          @RequestParam(value = "enabled", required = false) Boolean enabled,
+                                                          @RequestParam(value = "lock", required = false) Boolean lock) {
+        RequestStatusDTO requestStatusDTO = userControlService.changeUserLockStatus(username, enabled, lock);
+        return ResponseEntity.status(requestStatusDTO.getStatusCode()).body(requestStatusDTO);
+    }
+
     @PostMapping(value = "/user/{username}/password/change", produces = "application/json")
     ResponseEntity<RequestStatusDTO> changeUserPassword(@PathVariable("username") String username,
                                                         @RequestParam("oldPassword") String oldPassword,
diff --git a/src/main/java/ru/loolzaaa/authserver/model/UserAttributes.java b/src/main/java/ru/loolzaaa/authserver/model/UserAttributes.java
@@ -8,4 +8,5 @@ private UserAttributes() {}
     public static final String PRIVILEGES = "privileges";
     public static final String CREDENTIALS_EXP = "credentials_exp";
     public static final String TEMPORARY = "temporary";
+    public static final String LOCK = "lock";
 }
diff --git a/src/main/java/ru/loolzaaa/authserver/model/UserPrincipal.java b/src/main/java/ru/loolzaaa/authserver/model/UserPrincipal.java
@@ -45,6 +45,9 @@ public UserPrincipal(User user) {
                     log.info("User [{}] credentials is expired", user.getLogin());
                     this.credentialsNonExpired = false;
                 }
+                if (authNode.has(UserAttributes.LOCK)) {
+                    this.accountNonLocked = !authNode.get(UserAttributes.LOCK).asBoolean();
+                }
             } else {
                 log.info("User [{}] is locked", user.getLogin());
                 this.accountNonLocked = false;
diff --git a/src/main/java/ru/loolzaaa/authserver/repositories/UserRepository.java b/src/main/java/ru/loolzaaa/authserver/repositories/UserRepository.java
@@ -14,6 +14,10 @@
 public interface UserRepository extends CrudRepository<User, Long> {
     Optional<User> findByLogin(String username);
 
+    @Modifying
+    @Query("UPDATE users SET enabled = :enabled WHERE login = :login")
+    void updateEnabledByLogin(@Param("enabled") boolean enabled, @Param("login") String login);
+
     @Modifying
     @Query("UPDATE users SET config = :config::jsonb WHERE login = :login")
     void updateConfigByLogin(@Param("config") JsonNode config, @Param("login") String login);
diff --git a/src/main/java/ru/loolzaaa/authserver/services/UserControlService.java b/src/main/java/ru/loolzaaa/authserver/services/UserControlService.java
@@ -163,6 +163,40 @@ public RequestStatusDTO deleteUser(String login, String password) {
         return RequestStatusDTO.ok("User [%s] deleted. Hash %s database", login, isHashDeleted ? "deleted from" : "stayed in");
     }
 
+    @Transactional
+    public RequestStatusDTO changeUserLockStatus(String login, Boolean enabled, Boolean lock) {
+        if (enabled == null && lock == null) {
+            log.warn("Try to change NONE of enabled/lock flags for user: {}", login);
+            throw new RequestErrorException("Try to change NONE of enabled/lock flags for user: [%s]", login);
+        }
+        if (enabled != null && lock != null) {
+            log.warn("Try to change BOTH of enabled/lock flags for user: {}", login);
+            throw new RequestErrorException("Try to change BOTH of enabled/lock flags for user: [%s]", login);
+        }
+
+        User user = userRepository.findByLogin(login).orElse(null);
+
+        if (user == null) {
+            log.warn("Try to lock non existing user: {}", login);
+            throw new RequestErrorException("There is no user with login [%s]", login);
+        }
+
+        StringBuilder answer = new StringBuilder("User [%s] ");
+        if (enabled != null) {
+            userRepository.updateEnabledByLogin(enabled, login);
+            log.info("User [{}] {}", login, enabled ? "enabled" : "disabled");
+            answer.append(enabled ? "enabled" : "disabled");
+        }
+        if (lock != null) {
+            JsonNode userConfig = user.getConfig();
+            ((ObjectNode) userConfig.get(ssoServerProperties.getApplication().getName())).put(UserAttributes.LOCK, lock);
+            userRepository.updateConfigByLogin(userConfig, login);
+            log.info("User [{}] {}", login, lock ? "locked" : "unlocked");
+            answer.append(lock ? "locked" : "unlocked");
+        }
+        return RequestStatusDTO.ok(answer.toString(), login);
+    }
+
     @Transactional
     public RequestStatusDTO changeUserPassword(String login, String oldPassword, String newPassword) {
         User user = userRepository.findByLogin(login).orElse(null);
diff --git a/src/main/resources/templates/admin.html b/src/main/resources/templates/admin.html
@@ -107,6 +107,43 @@ <h5>Reset user password</h5>
             </div>
         </div>
     </div>
+    <div class="container border rounded my-3 p-3">
+        <h5>Update user enabled/lock flags</h5>
+        <div class="row">
+            <div class="col">
+                <div class="mb-3">
+                    <label for="usernameInput4" class="form-label">Username</label>
+                    <input type="text" class="form-control" id="usernameInput4">
+                </div>
+            </div>
+            <div class="col">
+                <div class="mb-3">
+                    <label for="userEnabledSelect" class="form-label">Enabled</label>
+                    <select class="form-select" aria-label="Default select example" id="userEnabledSelect">
+                        <option selected>Open this select menu</option>
+                        <option value="1">True</option>
+                        <option value="0">False</option>
+                    </select>
+                </div>
+            </div>
+            <div class="col">
+                <div class="mb-3">
+                    <label for="userLockSelect" class="form-label">Lock</label>
+                    <select class="form-select" aria-label="Default select example" id="userLockSelect">
+                        <option selected>Open this select menu</option>
+                        <option value="1">True</option>
+                        <option value="0">False</option>
+                    </select>
+                </div>
+            </div>
+            <div class="col-2">
+                <div class="d-grid mb-3">
+                    <label class="form-label">&nbsp;</label>
+                    <button class="btn btn-warning" type="button" onclick="changeUserLockStatus()">Change</button>
+                </div>
+            </div>
+        </div>
+    </div>
     <div class="d-grid">
         <a href="/" class="btn btn-secondary" type="button">Back to main page</a>
     </div>
@@ -191,6 +228,39 @@ <h5>Reset user password</h5>
                 }
             });
     }
+    function changeUserLockStatus() {
+        let username = document.getElementById('usernameInput4').value;
+        let enabled = document.getElementById('userEnabledSelect').value;
+        let lock = document.getElementById('userLockSelect').value;
+        let valid1 = username != '';
+        let valid2 = ((enabled == '0' || enabled == '1') && lock != '0' && lock != '1') ||
+                     ((lock == '0' || lock == '1') && enabled != '0' && enabled != '1');
+        if (!valid1) {
+            alert('Username must not be empty');
+            return;
+        }
+        if (!valid2) {
+            alert('Only one flag can update');
+            return;
+        }
+        let params = new URLSearchParams();
+        if (enabled == '0' || enabled == '1') {
+            params.append('enabled', enabled == '1');
+        }
+        if (lock == '0' || lock == '1') {
+            params.append('lock', lock == '1');
+        }
+        instance.patch(`/api/user/${username}/lock`, params)
+            .then(resp => alert(resp.data.text))
+            .catch(err => {
+                console.log(err);
+                if (err?.response?.data?.text) {
+                    alert(err.response.data.text);
+                } else {
+                    alert('ERROR! See console');
+                }
+            });
+    }
     instance.interceptors.response.use(function (response) {
         const _csrf = document.cookie.match(new RegExp(`XSRF-TOKEN=([^;]+)`));
         if (_csrf !== undefined && _csrf !== null) document.getElementsByName('_csrf').forEach(el => el.value = _csrf[1]);

Original file line number	Diff line number	Diff line change
`@@ -8,4 +8,5 @@ private UserAttributes() {}`
`8`	`8`	`public static final String PRIVILEGES = "privileges";`
`9`	`9`	`public static final String CREDENTIALS_EXP = "credentials_exp";`
`10`	`10`	`public static final String TEMPORARY = "temporary";`
	`11`	`+ public static final String LOCK = "lock";`
`11`	`12`	`}`