Merge pull request #544 from Heigvd/dev

Terms of service / Data policy + mandatory user firstname / lastname

Author: SandraMonnier

client-generator-model/src/main/java/ch/colabproject/colab/generator/model/annotations/ConsentNotRequired.java

@@ -0,0 +1,26 @@
+/*
+ * The coLAB project
+ * Copyright (C) 2021-2023 AlbaSim, MEI, HEIG-VD, HES-SO
+ *
+ * Licensed under the MIT License
+ */
+package ch.colabproject.colab.generator.model.annotations;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * Depict REST classes or methods which are available when user consent is not required.
+ * <p>
+ * If a class is annotated, all methods are impacted
+ *
+ *
+ * @author mikkelvestergaard
+ */
+@Target({ElementType.METHOD})
+@Retention(RetentionPolicy.RUNTIME)
+public @interface ConsentNotRequired {
+
+}

colab-api/src/main/java/ch/colabproject/colab/api/controller/user/UserManager.java

@@ -136,8 +136,7 @@ public User assertAndGetUser(Long userId) {
      * @return the user or null if user not exist or current user has not right to read the user
      */
     public User getUserById(Long id) {
-        User user = userDao.findUser(id);
-        return user;
+        return userDao.findUser(id);
     }
 
     /**
@@ -160,13 +159,13 @@ public List<User> getUsersForProject(Long projectId) {
      * LocalAccount of the user is used.
      * <p>
      * In case no LocalAccount has been found, authentication method with random parameters is
-     * returned. Such parameters may be used by clients to create brand new account. This behavior
+     * returned. Such parameters may be used by clients to create brand-new account. This behavior
      * prevents to easy account existence leaks.
      *
      * @param identifier {@link LocalAccount } email address or {@link User} username
      *
      * @return authentication method to use to authentication as email owner or new random one which
-     *         can be use to create a brand new localAccount
+     *         can be used to create a brand new localAccount
      *
      * @throws HttpErrorMessage badRequest if there is no identifier
      */
@@ -180,8 +179,8 @@ public AuthMethod getAuthenticationMethod(String identifier) {
 
                     if (account != null) {
                         return new AuthMethod(account.getCurrentClientHashMethod(),
-                            account.getClientSalt(),
-                            account.getNextClientHashMethod(), account.getNewClientSalt());
+                                account.getClientSalt(),
+                                account.getNextClientHashMethod(), account.getNewClientSalt());
                     } else {
                         // no account found, return random method
                         // TODO: store it in a tmp cache
@@ -201,90 +200,90 @@ public AuthMethod getAuthenticationMethod(String identifier) {
      */
     public AuthMethod getDefaultRandomAuthenticationMethod() {
         return new AuthMethod(Helper.getDefaultHashMethod(), Helper
-            .generateHexSalt(SALT_LENGTH), null, null);
+                .generateHexSalt(SALT_LENGTH), null, null);
     }
 
     /**
-     * Create a brand new user, which can authenticate with a {@link LocalAccount}.First,
-     * plainPassword will be hashed as any client should do. Then the
-     * {@link #signup(ch.colabproject.colab.api.model.user.SignUpInfo) signup} method is called.
+     * {@link #createAdminUser(String, String, String)} within a brand-new transaction.
      *
      * @param username      username
      * @param email         email address
      * @param plainPassword plain text password
      *
-     * @return a brand new user
-     *
-     * @throws HttpErrorMessage if username is already taken
-     */
-    public User createUser(String username, String email, String plainPassword) {
-        AuthMethod method = getDefaultRandomAuthenticationMethod();
-        SignUpInfo signUpinfo = new SignUpInfo();
-
-        signUpinfo.setUsername(username);
-        signUpinfo.setEmail(email);
-        signUpinfo.setHashMethod(method.getMandatoryMethod());
-
-        signUpinfo.setSalt(method.getSalt());
-
-        byte[] hash = method.getMandatoryMethod().hash(plainPassword, method.getSalt());
-
-        signUpinfo.setHash(Helper.bytesToHex(hash));
-
-        return this.signup(signUpinfo);
-    }
-
-    /**
-     * {@link #createAdminUser(java.lang.String, java.lang.String, java.lang.String)
-     * createAdminUser} within a brand new transaction.
-     *
-     * @param username      username
-     * @param email         email address
-     * @param plainPassword plain text password
-     *
-     * @return a brand new user
+     * @return a brand-new user to rule them all
      */
     @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
     public User createAdminUserTx(String username, String email, String plainPassword) {
         return this.createAdminUser(username, email, plainPassword);
     }
 
     /**
-     * Create a brand new admin user, which can authenticate with a {@link LocalAccount}. First,
-     * plainPassword will be hashed as any client should do. Then the
-     * {@link #signup(ch.colabproject.colab.api.model.user.SignUpInfo) signup} method is called.
+     * Create a brand-new admin user, which can authenticate with a {@link LocalAccount}.
+     * <p>
+     * First create the user and the local account, then authenticate and grant admin rights.
      *
      * @param username      username
      * @param email         email address
      * @param plainPassword plain text password
      *
-     * @return a brand new user
+     * @return a brand-new user to rule them all
      *
      * @throws HttpErrorMessage if username is already taken
      */
-    public User createAdminUser(String username, String email, String plainPassword) {
-        User admin = this.createUser(username, email, plainPassword);
+    private User createAdminUser(String username, String email, String plainPassword) {
+        User admin = this.createUserWithLocalAccount(username, username /* username is also used as firstname */, email, plainPassword);
+
         LocalAccount account = (LocalAccount) admin.getAccounts().get(0);
 
         AuthInfo authInfo = new AuthInfo();
         authInfo.setIdentifier(username);
         authInfo.setMandatoryHash(
-            Helper.bytesToHex(
-                account.getCurrentClientHashMethod().hash(
-                    plainPassword,
-                    account.getClientSalt())));
+                Helper.bytesToHex(
+                        account.getCurrentClientHashMethod().hash(
+                                plainPassword,
+                                account.getClientSalt())));
         this.authenticate(authInfo);
 
         this.grantAdminRight(admin.getId());
         return admin;
     }
 
+    /**
+     * Create a brand-new user, which can authenticate with a {@link LocalAccount}.First,
+     * plainPassword will be hashed as any client should do. Then the
+     * {@link #signup(SignUpInfo) signup} method is called.
+     *
+     * @param username      username
+     * @param firstname     first name
+     * @param email         email address
+     * @param plainPassword plain text password
+     *
+     * @return a brand-new user
+     *
+     * @throws HttpErrorMessage if username is already taken
+     */
+    private User createUserWithLocalAccount(String username, String firstname, String email, String plainPassword) {
+        AuthMethod method = getDefaultRandomAuthenticationMethod();
+        byte[] hash = method.getMandatoryMethod().hash(plainPassword, method.getSalt());
+
+        SignUpInfo signUpInfo = new SignUpInfo();
+
+        signUpInfo.setUsername(username);
+        signUpInfo.setFirstname(firstname);
+        signUpInfo.setEmail(email);
+        signUpInfo.setHashMethod(method.getMandatoryMethod());
+        signUpInfo.setSalt(method.getSalt());
+        signUpInfo.setHash(Helper.bytesToHex(hash));
+
+        return this.signup(signUpInfo);
+    }
+
     /**
      * Create a new user with local account. An e-mail will be sent to user to verify its account
      *
      * @param signup all info to create a new account
      *
-     * @return brand new user embedding an LocalAccount
+     * @return brand-new user embedding an LocalAccount
      *
      * @throws HttpErrorMessage if username is already taken
      */
@@ -315,6 +314,10 @@ public User signup(SignUpInfo signup) {
                 account.setUser(user);
 
                 user.setUsername(signup.getUsername());
+                user.setFirstname(signup.getFirstname());
+                user.setLastname(signup.getLastname());
+                user.setAffiliation(signup.getAffiliation());
+                user.setAgreedTime(OffsetDateTime.now());
 
                 validationManager.assertValid(user);
                 validationManager.assertValid(account);
@@ -363,20 +366,20 @@ public User authenticate(AuthInfo authInfo) {
 
                 AuthenticationFailure aa = sessionManager.getAuthenticationAttempt(account);
                 if (aa != null) {
-                    logger.warn("Attmpt: {}", aa.getCounter());
+                    logger.warn("Attempt: {}", aa.getCounter());
                     if (aa.getCounter() >= AUTHENTICATION_ATTEMPT_MAX) {
                         // max number of failed attempts reached
                         OffsetDateTime lastAttempt = aa.getTimestamp();
                         OffsetDateTime delay = lastAttempt
-                            .plusSeconds(AUTHENTICATION_ATTEMPT_RESET_DELAY_SEC);
+                                .plusSeconds(AUTHENTICATION_ATTEMPT_RESET_DELAY_SEC);
                         if (OffsetDateTime.now().isAfter(delay)) {
                             // delay has been reached, user may try again
                             sessionManager.resetAuthenticationAttemptHistory(account);
                         } else {
                             // user have to wait some time before any new attempt
                             logger.warn(
-                                "Account {} reached the max number of failed authentication",
-                                account);
+                                    "Account {} reached the max number of failed authentication",
+                                    account);
                             throw HttpErrorMessage.tooManyAttempts();
                         }
                     }
@@ -394,7 +397,7 @@ public User authenticate(AuthInfo authInfo) {
 
                     // should rotate client method ?
                     if (account.getNextClientHashMethod() != null
-                        && authInfo.getOptionalHash() != null) {
+                            && authInfo.getOptionalHash() != null) {
                         // rotate method
                         account.setClientSalt(account.getNewClientSalt());
                         account.setNewClientSalt(null);
@@ -470,7 +473,7 @@ public void updatePassword(AuthInfo authInfo) {
      * hash given client-side hash to dbHash and store it
      *
      * @param account  account to update the hash in
-     * @param password hash (ie account.clientMethod.hash(clientSalt + plain_password))
+     * @param hash hash (ie account.clientMethod.hash(clientSalt + plain_password))
      */
     private void shadowHash(LocalAccount account, String hash) {
         // use a new salt
@@ -498,9 +501,7 @@ public void forceLogout(Long sessionId) {
         HttpSession currentSession = requestManager.getHttpSession();
         if (httpSession != null) {
             if (!httpSession.equals(currentSession)) {
-                requestManager.sudo(() -> {
-                    sessionManager.deleteHttpSession(httpSession);
-                });
+                requestManager.sudo(() -> sessionManager.deleteHttpSession(httpSession));
             } else {
                 throw HttpErrorMessage.badRequest();
             }
@@ -510,7 +511,7 @@ public void forceLogout(Long sessionId) {
     /**
      * Grant admin right to a user.
      *
-     * @param user user who will became an admin
+     * @param user user who will become an admin
      */
     public void grantAdminRight(User user) {
         user.setAdmin(true);
@@ -519,7 +520,7 @@ public void grantAdminRight(User user) {
     /**
      * Grant admin right to a user.
      *
-     * @param id id of user who will became an admin
+     * @param id id of user who will become an admin
      */
     public void grantAdminRight(Long id) {
         this.grantAdminRight(userDao.findUser(id));
@@ -598,8 +599,8 @@ public LocalAccount findLocalAccountByIdentifier(String identifier) {
                 // User found, as authenticationMethod is only available for LocalAccount,
                 // try to find one
                 Optional<Account> optAccount = user.getAccounts().stream()
-                    .filter(a -> a instanceof LocalAccount)
-                    .findFirst();
+                        .filter(a -> a instanceof LocalAccount)
+                        .findFirst();
                 if (optAccount.isPresent()) {
                     account = (LocalAccount) optAccount.get();
                 }
@@ -635,7 +636,7 @@ public void requestPasswordReset(String email) {
      * @throws ColabMergeException if something went wrong
      */
     public LocalAccount updateLocalAccountEmailAddress(LocalAccount account)
-        throws ColabMergeException {
+            throws ColabMergeException {
         logger.debug("Update LocalAccount email address: {}", account);
         LocalAccount managedAccount = (LocalAccount) accountDao.findAccount(account.getId());
 
@@ -655,7 +656,7 @@ public LocalAccount updateLocalAccountEmailAddress(LocalAccount account)
                 tokenManager.requestEmailAddressVerification(account, false);
             } catch (Exception e) {
                 // address already used, do not send any email to this address
-                logger.error("Execption", e);
+                logger.error("Exception", e);
             }
         }
 
@@ -671,15 +672,24 @@ public void setLocalAccountAsVerified(LocalAccount account) {
         account.setVerified(Boolean.TRUE);
     }
 
+    /**
+     * Update the user agreedTime to now
+     *
+     * @param userId id of the user to update
+     */
+    public void updateUserAgreedTime(Long userId) {
+        User user = assertAndGetUser(userId);
+        OffsetDateTime now = OffsetDateTime.now();
+        user.setAgreedTime(now);
+    }
+
     /**
      * Get all session linked to the current user
      *
      * @return list of all active sessions
      */
     public List<HttpSession> getCurrentUserActiveHttpSessions() {
         return requestManager.getCurrentUser().getAccounts().stream()
-            .flatMap(account -> {
-                return account.getHttpSessions().stream();
-            }).collect(Collectors.toList());
+                .flatMap(account -> account.getHttpSessions().stream()).collect(Collectors.toList());
     }
 }