diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/directory/DirectoryEntryServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/directory/DirectoryEntryServlet.java index 2b7d57b06ca5807d9ac97c190c4329050f4a08ef..88d3d7e1aa2f0c5d3d45d2025939d6bc5a219340 100644 --- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/directory/DirectoryEntryServlet.java +++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/directory/DirectoryEntryServlet.java @@ -27,9 +27,11 @@ public class DirectoryEntryServlet extends HttpServlet { UserProfile userProfile = JsonIterator.deserialize(req.getInputStream().readAllBytes(), UserProfile.class); userAuthenticationModule.getAuthSources().get(new AuthModuleKey(realm, AuthenticationSourceType.LOCAL)) .setUserProfile(userProfile); + resp.setStatus(200); } catch (Exception e){ - log.error("Could not store a user profile!"); + log.error("Could not store a user profile with error {}",e.getMessage()); + resp.sendError(500,e.getMessage()); } } diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java index 25879185385f6ea30ee9b65cb32eecdc7d4b871e..7b4a9b4592421f876290a90066003ce28eb7beaa 100644 --- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java +++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java @@ -7,6 +7,7 @@ import jakarta.servlet.annotation.WebServlet; import jakarta.servlet.http.HttpServlet; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; +import net.jami.jams.common.authentication.AuthenticationSourceType; import net.jami.jams.common.dao.StatementElement; import net.jami.jams.common.dao.StatementList; import net.jami.jams.common.objects.requests.RevocationRequest; @@ -19,7 +20,7 @@ import net.jami.jams.server.core.workflows.RevokeUserFlow; import java.io.IOException; import java.math.BigInteger; -import static net.jami.jams.server.Server.dataStore; +import static net.jami.jams.server.Server.*; @WebServlet("/api/admin/user") public class UserServlet extends HttpServlet { @@ -36,13 +37,37 @@ public class UserServlet extends HttpServlet { //Create an internal user - this is always technically available, because internal users have the right to exist. @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - + User user = new User(); + user.setUsername(req.getParameter("username")); + user.setPassword("TEMP-PASSWORD"); + user.setRealm("LOCAL"); + user.setUserType(AuthenticationSourceType.LOCAL); + if(userAuthenticationModule.createUser(user.getUserType(),user.getRealm(),nameServer,user)){ + resp.getOutputStream().write(JsonStream.serialize(user).getBytes()); + return; + } + resp.sendError(500,"Could not create a user successfully!"); } //Update user data. @Override protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - + String username = req.getParameter("username"); + //Check if he is AD/LDAP - then return a 403, because we can't set such password. + StatementList select = new StatementList(); + StatementElement st = new StatementElement("username","=",username,""); + if(dataStore.getUserDao().getObjects(select).get(0).getUserType() != AuthenticationSourceType.LOCAL){ + resp.sendError(500,"The user is not a local user, therefore we cannot change his data!"); + return; + } + StatementList update = new StatementList(); + StatementElement st0 = new StatementElement("password","=",req.getParameter("password"),""); + update.addStatement(st0); + StatementList constraint = new StatementList(); + StatementElement st1 = new StatementElement("username","=",username,""); + update.addStatement(st1); + if(dataStore.getUserDao().updateObject(update,constraint)) resp.setStatus(200); + else resp.sendError(500,"could not update the users's data field!"); } //Revoke a user. diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UsersServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UsersServlet.java index 70047352ef4e6e72e6ce91ecb75cac7c0370acc7..0c71a02f55e0f466f3366c8fbae7f41a27bf170a 100644 --- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UsersServlet.java +++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UsersServlet.java @@ -1,5 +1,6 @@ package net.jami.jams.server.servlets.api.admin.users; +import com.jsoniter.output.JsonStream; import jakarta.servlet.ServletException; import jakarta.servlet.annotation.WebServlet; import jakarta.servlet.http.HttpServlet; @@ -8,12 +9,14 @@ import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; +import static net.jami.jams.server.Server.dataStore; + @WebServlet("/api/admin/users") public class UsersServlet extends HttpServlet { //Returns a list of users. @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - super.doGet(req, resp); + resp.getOutputStream().write(JsonStream.serialize(dataStore.getDeviceDao().getObjects(null).get(0)).getBytes()); } } diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/user/UserServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/user/UserServlet.java index fc79b8965fdf5f97a822b60b714f9c7d0a1ef839..9093abfa2b62d7ddd2e2a446f9ce0acfc4ff9cb1 100644 --- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/user/UserServlet.java +++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/user/UserServlet.java @@ -1,8 +1,46 @@ package net.jami.jams.server.servlets.api.auth.user; +import jakarta.servlet.ServletException; import jakarta.servlet.annotation.WebServlet; import jakarta.servlet.http.HttpServlet; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import net.jami.jams.common.authentication.AuthenticationSourceType; +import net.jami.jams.common.dao.StatementElement; +import net.jami.jams.common.dao.StatementList; + +import java.io.IOException; + +import static net.jami.jams.server.Server.dataStore; @WebServlet("/api/auth/user") public class UserServlet extends HttpServlet { + + //User can "read" his own profile. + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + super.doGet(req, resp); + } + + //The user can update 3 fields: password,privatekey,publickey + //For now we do not consider the possibility for privatekey, publickey for other reasons. + @Override + protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + String username = req.getAttribute("username").toString(); + //Check if he is AD/LDAP - then return a 403, because we can't set such password. + StatementList select = new StatementList(); + StatementElement st = new StatementElement("username","=",username,""); + if(dataStore.getUserDao().getObjects(select).get(0).getUserType() != AuthenticationSourceType.LOCAL){ + resp.sendError(500,"The user is not a local user, therefore we cannot change his data!"); + return; + } + StatementList update = new StatementList(); + StatementElement st0 = new StatementElement("password","=",req.getParameter("password"),""); + update.addStatement(st0); + StatementList constraint = new StatementList(); + StatementElement st1 = new StatementElement("username","=",username,""); + update.addStatement(st1); + if(dataStore.getUserDao().updateObject(update,constraint)) resp.setStatus(200); + else resp.sendError(500,"could not update the users's data field!"); + } }