Added email verification alongside env-variables to configure an smtp server.

Author: dterefe

DUUIRestService/build_run.sh

@@ -12,20 +12,18 @@ export DBX_REDIRECT_URL=http://localhost:5173/account/dropbox
 export GOOGLE_CLIENT_ID=
 export GOOGLE_CLIENT_SECRET=
 export GOOGLE_REDIRECT_URI=http://localhost:5173/account/google
-export JAVA_TOOL_OPTIONS="--add-opens=java.base/java.util=ALL-UNNAMED"
+export SMPTP_HOST=localhost
+export SMTP_PORT=1025
+export SMTP_USER=
+export SMTP_PASSWORD=
+export MAIL_FROM_EMAIL=help@duui.de
+export USE_SMTP_DEBUG=true
 
+export JAVA_TOOL_OPTIONS="--add-opens=java.base/java.util=ALL-UNNAMED"
 
-# mvn clean compile
-# mvn exec:java -Dexec.mainClass="org.texttechnologylab.duui.api.Main"
-mvn clean -Dstyle.color=never -Djansi.strip=true package
-#java -jar target/DUUIRestService-1.0-all.jar
+# To run a local SMTP server for testing email sending, you can use MailHog:
+#  docker run --rm -p 1025:1025 -p 8025:8025 mailhog/mailhog
 
-#mvn -q -DskipTests package
-#
-## Confirm no signatures inside the fat jar
-#jar tf target/*-all.jar | egrep 'META-INF/.*\.(SF|DSA|RSA|EC)' || echo "no signatures"
-#
-## (optional) confirm uimaFIT indices exist
-#jar tf target/*-all.jar | grep 'META-INF/org.apache.uima.fit/'
-#
-java -jar target/DUUIRestService-1.0-all.jar
+mvn clean compile
+mvn  -Dstyle.color=never -Djansi.strip=true package
+java -Djava.net.preferIPv4Stack=true -jar target/DUUIRestService-1.0-all.jar

DUUIRestService/pom.xml

@@ -42,7 +42,7 @@
         <maven.javadoc.skip>true</maven.javadoc.skip>
         <duui.version>efaf4412ee</duui.version>
         <uima.version>3.5.0</uima.version>
-        <typesystem.version>3.0.8</typesystem.version>
+        <typesystem.version>3.0.12</typesystem.version>
         <maven.javadoc.skip>false</maven.javadoc.skip>
         <dkpro.core.version>2.4.0</dkpro.core.version>
     </properties>
@@ -51,6 +51,8 @@
         <repository>
             <id>jitpack.io</id>
             <url>https://jitpack.io</url>
+            <releases><enabled>true</enabled></releases>
+            <snapshots><enabled>true</enabled></snapshots>
         </repository>
     </repositories>
 

DUUIRestService/src/main/java/org/texttechnologylab/duui/api/Config.java

@@ -72,12 +72,10 @@ public String getMongoPassword() {
     }
 
     public String getSmtpHost() {
-        return getValue("SMTP_HOST", null);
+        return getValue("SMTP_HOST", "localhost");
     }
 
-    public int getSmtpPort() {
-        return Integer.parseInt(getValue("SMTP_PORT", "587"));
-    }
+    public String getSmtpPort() { return getValue("SMTP_PORT", "587"); }
 
     public String getSmtpUser() {
         return getValue("SMTP_USERNAME", null);
@@ -91,6 +89,10 @@ public String getSmtpFromEmail() {
         return getValue("MAIL_FROM_EMAIL", null);
     }
 
+    public boolean getUseSmptpDebug() {
+        return Boolean.parseBoolean(getValue("USE_SMTP_DEBUG", "true"));
+    }
+
     public String getDropboxKey() {
 
         String value; 

DUUIRestService/src/main/java/org/texttechnologylab/duui/api/Methods.java

@@ -1,5 +1,7 @@
 package org.texttechnologylab.duui.api;
 
+import com.mongodb.client.MongoCollection;
+import org.bson.Document;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.texttechnologylab.duui.api.controllers.users.DUUIUserController;
@@ -9,6 +11,8 @@
 import org.texttechnologylab.duui.api.routes.components.DUUIComponentRequestHandler;
 import org.texttechnologylab.duui.api.routes.pipelines.DUUIPipelineRequestHandler;
 import org.texttechnologylab.duui.api.routes.processes.DUUIProcessRequestHandler;
+import org.texttechnologylab.duui.api.storage.DUUIMongoDBStorage;
+import org.texttechnologylab.duui.api.utils.DUUIMailClient;
 
 import java.time.Duration;
 
@@ -151,25 +155,74 @@ public static void init() {
                 put("/google", DUUIUserController::finishGoogleOAuthFromCode);
             });
 
-            path("/activation", () -> {
-                post("/send", (req, res) -> {
-                    String userId = req.queryParams("userId");
-                    String email  = req.queryParams("email");
+            path("/verification", () -> {
+                get("/email/:email", (req, res) -> {
+                    String email = req.params("email");
+                    MongoCollection<Document> usersCollection = DUUIMongoDBStorage.Users();
 
-                    String code = DUUIUserController.issueActivationCode(userId, Duration.ofMinutes(10));
+                    Document userDoc = usersCollection.find(new Document("email", email)).limit(1).first();
+                    if (userDoc == null) {
+                        res.status(401);
+                        return null;
+                    }
 
-                    DUUIUserController.sendMail(email, "Your activation code", "Code: " + code + "\nExpires in 10 minutes.");
-                    return "ok";
+                    org.bson.types.ObjectId id = userDoc.getObjectId("_id");
+                    if (id == null) {
+                        res.status(404);
+                        return null;
+                    }
+
+                    return id.toHexString();
+                });
+
+                path("/activation", () -> {
+                    post("/send", (req, res) -> {
+                        String userId = req.queryParams("userId");
+                        String email = req.queryParams("email");
+
+                        String code = DUUIUserController.issueActivationCode(userId, Duration.ofMinutes(10));
+
+                        DUUIMailClient.sendMail(email, "Your activation code", "Code: " + code + "\nExpires in 10 minutes.");
+
+                        res.status(200);
+                        return "ok";
+                    });
+
+                    post("/verify", (req, res) -> {
+                        String userId = req.queryParams("userId");
+                        String code = req.queryParams("code");
+
+                        boolean ok = DUUIUserController.verifyActivationCode(userId, code);
+                        if (!ok) halt(400, "invalid or expired");
+
+                        res.status(200);
+                        return "activated";
+                    });
                 });
 
-                post("/verify", (req, res) -> {
-                    String userId = req.queryParams("userId");
-                    String code   = req.queryParams("code");
+                path("/recovery", () -> {
+                    post("/send", (req, res) -> {
+                        String userId = req.queryParams("userId");
+                        String email = req.queryParams("email");
+
+                        String code = DUUIUserController.issueRecoveryCode(userId, Duration.ofMinutes(10));
+
+                        DUUIMailClient.sendMail(email, "Your password reset code", "Code: " + code + "\nExpires in 10 minutes.");
+
+                        res.status(200);
+                        return "ok";
+                    });
+
+                    post("/verify", (req, res) -> {
+                        String userId = req.queryParams("userId");
+                        String code = req.queryParams("code");
+
+                        boolean ok = DUUIUserController.verifyRecoveryCode(userId, code);
+                        if (!ok) halt(400, "invalid or expired");
 
-                    boolean ok = DUUIUserController.verifyActivationCode(userId, code);
-                    if (!ok) halt(400, "invalid or expired");
-                    // mark user activated in your users collection here
-                    return "activated";
+                        res.status(200);
+                        return "reset";
+                    });
                 });
 
             });

DUUIRestService/src/main/java/org/texttechnologylab/duui/api/controllers/users/DUUIUserController.java

@@ -22,7 +22,6 @@
 import org.texttechnologylab.duui.api.controllers.pipelines.DUUIPipelineController;
 import org.texttechnologylab.duui.api.routes.DUUIRequestHelper;
 
-import static com.amazonaws.regions.ServiceAbbreviations.Config;
 import static org.texttechnologylab.duui.api.routes.DUUIRequestHelper.*;
 
 import org.texttechnologylab.duui.api.storage.DUUIMongoDBStorage;
@@ -45,10 +44,6 @@
 import spark.Request;
 import spark.Response;
 
-import javax.mail.*;
-import javax.mail.internet.InternetAddress;
-import javax.mail.internet.MimeMessage;
-
 
 /**
  * A Controller for database operations related to the users collection.
@@ -1420,42 +1415,122 @@ public static boolean verifyActivationCode(String userId, String code) throws Ex
                 Filters.gte("expiresAt", now)
         );
 
+        log.info("verifyActivationCode: start | userId={} now={}", userId, now);
+        log.debug("verifyActivationCode: filter={}", filter.toString());
+
         var update = Updates.combine(
                 Updates.set("used", true)
         );
 
-        var res = col.findOneAndUpdate(filter, update, new FindOneAndUpdateOptions()
-                .returnDocument(ReturnDocument.AFTER));
+        var options = new FindOneAndUpdateOptions().returnDocument(ReturnDocument.AFTER);
+
+        var res = col.findOneAndUpdate(filter, update, options);
+
+        if (res != null) {
+            log.info("verifyActivationCode: activation record matched and marked used for userId={}", userId);
+            log.debug("verifyActivationCode: activation record after update={}", res.toString());
+
+            try {
+                // Korrigierter Filter: match by _id as ObjectId
+                Bson userFilter = Filters.eq("_id", new ObjectId(userId));
+                var userDoc = DUUIMongoDBStorage
+                        .Users()
+                        .findOneAndUpdate(userFilter, Updates.set("activated", true), new FindOneAndUpdateOptions().returnDocument(ReturnDocument.AFTER));
+
+                if (userDoc != null) {
+                    log.info("verifyActivationCode: user document updated, activated=true for userId={}", userId);
+                    log.info("verifyActivationCode: updated user document={}", userDoc.toJson());
+                } else {
+                    // Fallback: inspect UpdateResult to get matched/modified counts
+                    UpdateResult ur = DUUIMongoDBStorage.Users().updateOne(userFilter, Updates.set("activated", true));
+                    log.warn("verifyActivationCode: findOneAndUpdate returned null for userId={}, fallback updateOne result: matched={}, modified={}, acknowledged={}",
+                            userId, ur.getMatchedCount(), ur.getModifiedCount(), ur.wasAcknowledged());
+                }
+            } catch (IllegalArgumentException iae) {
+                log.error("verifyActivationCode: invalid userId format: {}", userId, iae);
+            } catch (Exception e) {
+                log.error("verifyActivationCode: failed to set activated=true for userId={}", userId, e);
+            }
+        } else {
+            log.info("verifyActivationCode: no activation record found (invalid/expired/already used) for userId={}", userId);
+        }
 
         return res != null; // true => success; false => invalid/expired/already used
     }
 
-    public static void sendMail(String to, String subject, String body) throws MessagingException {
-        String host = Main.config.getSmtpHost();
-        String port = Main.config.getSmtpPort();
-        String user = Main.config.getSmtpUser();
-        String pass = Main.config.getSmtpPassword();
-        String from = Main.config.getSmtpFromEmail();
-
-        Properties props = new Properties();
-        props.put("mail.smtp.auth", "true");
-        props.put("mail.smtp.starttls.enable", "true");
-        props.put("mail.smtp.host", host);
-        props.put("mail.smtp.port", port);
-
-        Session session = Session.getInstance(props, new Authenticator() {
-            protected PasswordAuthentication getPasswordAuthentication() {
-                return new PasswordAuthentication(user, pass);
-            }
-        });
 
-        Message message = new MimeMessage(session);
-        message.setFrom(new InternetAddress(from));
-        message.setRecipients(Message.RecipientType.TO, InternetAddress.parse(to));
-        message.setSubject(subject);
-        message.setText(body);
+//    public static boolean verifyActivationCode(String userId, String code) throws Exception {
+//        MongoCollection<DataModel.MongoActivation> col = DUUIMongoDBStorage.Activations();
+//        String codeHash = hashCode(code);
+//        Instant now = Instant.now();
+//
+//        var filter = Filters.and(
+//                Filters.eq("userId", userId),
+//                Filters.eq("purpose", "activation"),
+//                Filters.eq("codeHash", codeHash),
+//                Filters.eq("used", false),
+//                Filters.gte("expiresAt", now)
+//        );
+//
+//        var update = Updates.combine(
+//                Updates.set("used", true)
+//        );
+//
+//        var res = col.findOneAndUpdate(filter, update, new FindOneAndUpdateOptions()
+//                .returnDocument(ReturnDocument.AFTER));
+//
+//        if (res != null) {
+//            DUUIMongoDBStorage
+//                .Users()
+//                .findOneAndUpdate(
+//                    Filters.eq(userId),
+//                    Updates.set("activated", true)
+//                );
+//        }
+//
+//
+//        return res != null; // true => success; false => invalid/expired/already used
+//    }
 
-        Transport.send(message);
+    public static String issueRecoveryCode(String userId, Duration ttl) throws Exception {
+        MongoCollection<DataModel.MongoActivation> col = DUUIMongoDBStorage.Activations();
+        String code = sixDigit();
+        String codeHash = hashCode(code);
+        Instant now = Instant.now();
+        Instant exp = now.plus(ttl);
+
+        // upsert: replace any previous unused code for this user/purpose
+        var filter = Filters.and(Filters.eq("userId", userId),
+                Filters.eq("purpose", "recovery"),
+                Filters.eq("used", false));
+        var rec = new DataModel.MongoActivation(null, userId, "recovery", codeHash, exp, now, false);
+        var options = new FindOneAndReplaceOptions().upsert(true).returnDocument(ReturnDocument.AFTER);
+        col.findOneAndReplace(filter, rec, options);
+
+        return code; // send this in the email
+    }
+
+    public static boolean verifyRecoveryCode(String userId, String code) throws Exception {
+        MongoCollection<DataModel.MongoActivation> col = DUUIMongoDBStorage.Activations();
+        String codeHash = hashCode(code);
+        Instant now = Instant.now();
+
+        var filter = Filters.and(
+                Filters.eq("userId", userId),
+                Filters.eq("purpose", "recovery"),
+                Filters.eq("codeHash", codeHash),
+                Filters.eq("used", false),
+                Filters.gte("expiresAt", now)
+        );
+
+        var update = Updates.combine(
+                Updates.set("used", true)
+        );
+
+        var res = col.findOneAndUpdate(filter, update, new FindOneAndUpdateOptions()
+                .returnDocument(ReturnDocument.AFTER));
+
+        return res != null; // true => success; false => invalid/expired/already used
     }
 
 

DUUIRestService/src/main/java/org/texttechnologylab/duui/api/storage/DUUIMongoDBStorage.java

@@ -363,6 +363,11 @@ public static MongoCollection<Document> Users() {
         return getClient().getDatabase(config.getMongoDatabase()).getCollection("users");
     }
 
+    public static MongoCollection<DataModel.MongoUser> TypedUsers() {
+        DUUIStorageMetrics.incrementUsersCounter();
+        return getClient().getDatabase(config.getMongoDatabase()).getCollection("users", DataModel.MongoUser.class);
+    }
+
     /**
      * Utility functions for fast access to collections in the database.
      *

DUUIRestService/src/main/java/org/texttechnologylab/duui/api/storage/DataModel.java

@@ -175,6 +175,7 @@ public record MongoUser(
             Role role,
             Integer workers,
             String session,
+            Boolean activated,
             String password_reset_token,
             Long reset_token_expiration,
             Map<String, MongoPreference> preferences,