snowcycle · njfredri · Feb 18, 2021 · Feb 18, 2021 · Feb 18, 2021 · Feb 19, 2021
diff --git a/.project b/.project
@@ -20,4 +20,17 @@
 		<nature>org.eclipse.jdt.core.javanature</nature>
 		<nature>org.eclipse.m2e.core.maven2Nature</nature>
 	</natures>
+	<filteredResources>
+		<filter>
+
+			<id>1613690915857</id>
+
+			<name></name>
+			<type>30</type>
+			<matcher>
+				<id>org.eclipse.core.resources.regexFilterMatcher</id>
+				<arguments>node_modules|.git|__CREATED_BY_JAVA_LANGUAGE_SERVER__</arguments>
+			</matcher>
+		</filter>
+	</filteredResources>
 </projectDescription>
diff --git a/src/main/java/edu/uark/registerapp/commands/activeUsers/ActiveUserDeleteCommand.java b/src/main/java/edu/uark/registerapp/commands/activeUsers/ActiveUserDeleteCommand.java
@@ -0,0 +1,53 @@
+package edu.uark.registerapp.commands.activeUsers;
+
+import java.util.Optional;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import edu.uark.registerapp.commands.VoidCommandInterface;
+import edu.uark.registerapp.commands.exceptions.UnprocessableEntityException;
+import edu.uark.registerapp.models.entities.ActiveUserEntity;
+import edu.uark.registerapp.models.repositories.ActiveUserRepository;
+
+@Service
+public class ActiveUserDeleteCommand implements VoidCommandInterface {
+
+	@Transactional
+	@Override
+	public void execute() {
+		final Optional<ActiveUserEntity> activeUserEntity =
+			this.activeUserRepository.findBySessionKey(this.sessionKey);
+
+		validateEmployeeRequestObject(activeUserEntity);
+
+		//removes active user
+		if (activeUserEntity.isPresent()) {
+			this.activeUserRepository.delete(activeUserEntity.get());
+		}
+	}
+
+	private void validateEmployeeRequestObject(Optional<ActiveUserEntity> activeUserEntity){
+		if (StringUtils.isBlank(activeUserEntity.get().getName())) {
+			throw new UnprocessableEntityException("Name");
+		}
+		String [] name = activeUserEntity.get().getName().split(" ", 2);
+		if (StringUtils.isBlank(name[0])) {throw new UnprocessableEntityException("First Name");}
+		if (StringUtils.isBlank(name[1])) {throw new UnprocessableEntityException("Last Name");}
+	}
+
+	// Properties
+	private String sessionKey;
+	public String getSessionKey() {
+		return this.sessionKey;
+	}
+	public ActiveUserDeleteCommand setSessionKey(final String sessionKey) {
+		this.sessionKey = sessionKey;
+		return this;
+	}
+
+	@Autowired
+	private ActiveUserRepository activeUserRepository;
+}
diff --git a/src/main/java/edu/uark/registerapp/commands/activeUsers/ValidateActiveUserCommand.java b/src/main/java/edu/uark/registerapp/commands/activeUsers/ValidateActiveUserCommand.java
@@ -0,0 +1,41 @@
+package edu.uark.registerapp.commands.activeUsers;
+
+import java.util.Optional;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import edu.uark.registerapp.commands.ResultCommandInterface;
+import edu.uark.registerapp.commands.exceptions.UnauthorizedException;
+import edu.uark.registerapp.models.entities.ActiveUserEntity;
+import edu.uark.registerapp.models.repositories.ActiveUserRepository;
+
+@Service
+public class ValidateActiveUserCommand implements ResultCommandInterface<ActiveUserEntity> {
+	@Override
+	public ActiveUserEntity execute() {
+		final Optional<ActiveUserEntity> activeUserEntity =
+			this.activeUserRepository.findBySessionKey(this.sessionKey);
+
+		if (!activeUserEntity.isPresent()) {
+			throw new UnauthorizedException();
+		}
+
+		return activeUserEntity.get();
+	}
+
+	// Properties
+	private String sessionKey;
+
+	public String getSessionKey() {
+		return this.sessionKey;
+	}
+
+	public ValidateActiveUserCommand setSessionKey(final String sessionKey) {
+		this.sessionKey = sessionKey;
+		return this;
+	}
+
+	@Autowired
+	private ActiveUserRepository activeUserRepository;
+}
diff --git a/src/main/java/edu/uark/registerapp/commands/employees/ActiveEmployeeExistsQuery.java b/src/main/java/edu/uark/registerapp/commands/employees/ActiveEmployeeExistsQuery.java
@@ -0,0 +1,21 @@
+package edu.uark.registerapp.commands.employees;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import edu.uark.registerapp.commands.VoidCommandInterface;
+import edu.uark.registerapp.models.repositories.EmployeeRepository;
+import edu.uark.registerapp.commands.exceptions.NotFoundException;
+
+@Service
+public class ActiveEmployeeExistsQuery implements VoidCommandInterface{
+	@Override
+	public void execute() {
+		if (!this.employeerepository.existsByIsActive(true)) {
+			throw new NotFoundException("Employee");
+		}
+	}
+
+	@Autowired
+	private EmployeeRepository employeerepository;
+}
diff --git a/src/main/java/edu/uark/registerapp/commands/employees/EmployeeSignInCommand.java b/src/main/java/edu/uark/registerapp/commands/employees/EmployeeSignInCommand.java
@@ -0,0 +1,112 @@
+package edu.uark.registerapp.commands.employees;
+
+import java.util.Arrays;
+import java.util.Optional;
+
+import javax.transaction.Transactional;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import edu.uark.registerapp.commands.ResultCommandInterface;
+import edu.uark.registerapp.commands.employees.helpers.EmployeeHelper;
+import edu.uark.registerapp.commands.exceptions.UnauthorizedException;
+import edu.uark.registerapp.commands.exceptions.UnprocessableEntityException;
+import edu.uark.registerapp.models.api.Employee;
+import edu.uark.registerapp.models.api.EmployeeSignIn;
+import edu.uark.registerapp.models.entities.ActiveUserEntity;
+import edu.uark.registerapp.models.entities.EmployeeEntity;
+import edu.uark.registerapp.models.repositories.ActiveUserRepository;
+import edu.uark.registerapp.models.repositories.EmployeeRepository;
+
+@Service
+public class EmployeeSignInCommand implements ResultCommandInterface<Employee> {
+	@Override
+	public Employee execute() {
+		this.validateProperties();
+		return new Employee(this.SignInEmployee());
+	}
+
+	// Helper methods
+	private void validateProperties() {
+		//check if employeeID is blank
+		if (StringUtils.isBlank(this.employeeSignIn.getEmployeeId())) {
+			throw new UnprocessableEntityException("employee ID");
+		}
+		//check if you can get only a number out of the ID
+		try {
+			Integer.parseInt(this.employeeSignIn.getEmployeeId());
+		} catch (final NumberFormatException e) {
+			//throw an exception if the ID is not just numbers
+			throw new UnprocessableEntityException("employee ID");
+		}
+		if (StringUtils.isBlank(this.employeeSignIn.getPassword())) {
+			//throw exception if the password is blank
+			throw new UnprocessableEntityException("password");
+		}
+	}
+
+	@Transactional
+	private EmployeeEntity SignInEmployee() {
+		//tries to find existing employee using the id
+		final Optional<EmployeeEntity> employeeEntity =
+			this.employeeRepository.findByEmployeeId(
+				Integer.parseInt(this.employeeSignIn.getEmployeeId()));
+		//verifies ifthe employee exists
+		if (!employeeEntity.isPresent()
+			|| !Arrays.equals(
+				employeeEntity.get().getPassword(),
+				EmployeeHelper.hashPassword(this.employeeSignIn.getPassword()))
+		) {
+
+			throw new UnauthorizedException();
+		}
+
+		final Optional<ActiveUserEntity> activeUserEntity =
+			this.activeUserRepository
+				.findByEmployeeId(employeeEntity.get().getId());
+
+		if (!activeUserEntity.isPresent()) {
+			this.activeUserRepository.save(
+					(new ActiveUserEntity())
+						.setSessionKey(this.sessionId)
+						.setEmployeeId(employeeEntity.get().getId())
+						.setClassification(
+							employeeEntity.get().getClassification())
+						.setName(
+							employeeEntity.get().getFirstName()
+								.concat(" ")
+								.concat(employeeEntity.get().getLastName())));
+		} else {
+			this.activeUserRepository.save(
+				activeUserEntity.get().setSessionKey(this.sessionId));
+		}
+
+		return employeeEntity.get();
+	}
+
+	// Properties
+	private EmployeeSignIn employeeSignIn;
+	public EmployeeSignIn getEmployeeSignIn() {
+		return this.employeeSignIn;
+	}
+	public EmployeeSignInCommand setEmployeeSignIn(final EmployeeSignIn employeeSignIn) {
+		this.employeeSignIn = employeeSignIn;
+		return this;
+	}
+
+	private String sessionId;
+	public String getSessionId() {
+		return this.sessionId;
+	}
+	public EmployeeSignInCommand setSessionId(final String sessionId) {
+		this.sessionId = sessionId;
+		return this;
+	}
+
+	@Autowired
+	private EmployeeRepository employeeRepository;
+	@Autowired
+	private ActiveUserRepository activeUserRepository;
+}
diff --git a/src/main/java/edu/uark/registerapp/commands/employees/helpers/EmployeeHelper.java b/src/main/java/edu/uark/registerapp/commands/employees/helpers/EmployeeHelper.java
@@ -0,0 +1,34 @@
+package edu.uark.registerapp.commands.employees.helpers;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import org.apache.commons.lang3.StringUtils;
+
+public class EmployeeHelper {
+	public static String padEmployeeId(final int employeeId) {
+		final String employeeIdAsString = Integer.toString(employeeId);
+
+		return ((employeeIdAsString.length() < EMPLOYEE_ID_MAXIMUM_LENGTH)
+			? StringUtils.leftPad(
+				employeeIdAsString,
+				EMPLOYEE_ID_MAXIMUM_LENGTH,
+				"0")
+			: employeeIdAsString);
+	}
+
+	public static byte[] hashPassword(final String password) {
+		try {
+			final MessageDigest messageDigest =
+				MessageDigest.getInstance("SHA-256");
+
+			messageDigest.update(password.getBytes());
+
+			return messageDigest.digest();
+		} catch (final NoSuchAlgorithmException e) {
+			return new byte[0];
+		}
+	}
+
+	private static final int EMPLOYEE_ID_MAXIMUM_LENGTH = 5;
+}
diff --git a/src/main/java/edu/uark/registerapp/controllers/BaseRestController.java b/src/main/java/edu/uark/registerapp/controllers/BaseRestController.java
@@ -0,0 +1,89 @@
+package edu.uark.registerapp.controllers;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import edu.uark.registerapp.commands.activeUsers.ValidateActiveUserCommand;
+import edu.uark.registerapp.commands.exceptions.ConflictException;
+import edu.uark.registerapp.commands.exceptions.NotFoundException;
+import edu.uark.registerapp.commands.exceptions.UnauthorizedException;
+import edu.uark.registerapp.commands.exceptions.UnprocessableEntityException;
+import edu.uark.registerapp.controllers.enums.QueryParameterMessages;
+import edu.uark.registerapp.controllers.enums.QueryParameterNames;
+import edu.uark.registerapp.controllers.enums.ViewNames;
+import edu.uark.registerapp.models.api.ApiResponse;
+import edu.uark.registerapp.models.entities.ActiveUserEntity;
+import edu.uark.registerapp.models.enums.EmployeeClassification;
+
+public class BaseRestController extends BaseController {
+	protected ApiResponse redirectSessionNotActive(
+		final HttpServletResponse response
+	) {
+
+		response.setStatus(HttpStatus.FOUND.value());
+		return (new ApiResponse())
+			.setRedirectUrl(
+				ViewNames.SIGN_IN.getRoute().concat(
+					this.buildInitialQueryParameter(
+						QueryParameterNames.ERROR_CODE.getValue(),
+						QueryParameterMessages.SESSION_NOT_ACTIVE.getKeyAsString())));
+	}
+
+	protected ApiResponse redirectUserNotElevated(
+		final HttpServletRequest request,
+		final HttpServletResponse response
+	) {
+
+		return this.redirectUserNotElevated(request, response, ViewNames.MAIN_MENU.getRoute());
+	}
+
+	protected ApiResponse redirectUserNotElevated(
+		final HttpServletRequest request,
+		final HttpServletResponse response,
+		final String redirectRoute
+	) {
+
+		try {
+			final ActiveUserEntity activeUserEntity =
+				this.validateActiveUserCommand
+					.setSessionKey(request.getSession().getId())
+					.execute();
+
+			if (activeUserEntity == null) {
+				return this.redirectSessionNotActive(response);
+			} else if (!EmployeeClassification.isElevatedUser(activeUserEntity.getClassification())) {
+				response.setStatus(HttpStatus.FOUND.value());
+
+				return (new ApiResponse())
+					.setRedirectUrl(
+						redirectRoute.concat(
+							this.buildInitialQueryParameter(
+								QueryParameterNames.ERROR_CODE.getValue(),
+								QueryParameterMessages.NO_PERMISSIONS_FOR_ACTION.getKeyAsString())));
+			}
+		} catch (final UnauthorizedException e) {
+			return this.redirectSessionNotActive(response);
+		}
+
+		return new ApiResponse();
+	}
+
+	@ExceptionHandler({
+		ConflictException.class,
+		NotFoundException.class,
+		UnauthorizedException.class,
+		UnprocessableEntityException.class
+	})
+	public @ResponseBody ApiResponse handleError(final Exception e) {
+		return (new ApiResponse()).setErrorMessage(e.getMessage());
+	}
+
+	// Properties
+	@Autowired
+	private ValidateActiveUserCommand validateActiveUserCommand;
+}