diff --git a/src/inttest/java/com/faforever/api/data/AvatarAssignmentElideTest.java b/src/inttest/java/com/faforever/api/data/AvatarAssignmentElideTest.java index f9dfea9cb..583843413 100644 --- a/src/inttest/java/com/faforever/api/data/AvatarAssignmentElideTest.java +++ b/src/inttest/java/com/faforever/api/data/AvatarAssignmentElideTest.java @@ -6,7 +6,6 @@ import com.faforever.commons.api.dto.Avatar; import com.faforever.commons.api.dto.AvatarAssignment; import com.faforever.commons.api.dto.Player; -import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.springframework.http.HttpHeaders; import org.springframework.security.test.context.support.WithUserDetails; @@ -53,7 +52,6 @@ public void getAvatarWithPlayer() throws Exception { } @Test - @Disabled("Temporary disabled due to security changes in Player class") public void canAssignAvatarWithScopeAndRole() throws Exception { final Avatar avatar = (Avatar) new Avatar().setId("1"); final Player player = (Player) new Player().setId("1"); diff --git a/src/inttest/java/com/faforever/api/data/BanTest.java b/src/inttest/java/com/faforever/api/data/BanTest.java index b7926d764..11572f207 100644 --- a/src/inttest/java/com/faforever/api/data/BanTest.java +++ b/src/inttest/java/com/faforever/api/data/BanTest.java @@ -7,7 +7,6 @@ import com.faforever.commons.api.dto.BanLevel; import com.faforever.commons.api.dto.ModerationReport; import com.faforever.commons.api.dto.Player; -import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.springframework.http.HttpHeaders; import org.springframework.test.context.jdbc.Sql; @@ -124,7 +123,6 @@ public void cannotCreateBanWithoutRole() throws Exception { } @Test - @Disabled("Temporary disabled due to security changes in Player class") public void canCreateBanWithScopeAndRole() throws Exception { mockMvc.perform(post("/data/banInfo") .with(getOAuthTokenWithTestUser(OAuthScope._ADMINISTRATIVE_ACTION, GroupPermission.ROLE_ADMIN_ACCOUNT_BAN)) @@ -134,7 +132,6 @@ public void canCreateBanWithScopeAndRole() throws Exception { } @Test - @Disabled("Temporary disabled due to security changes in Player class") public void canCreateBanWithModerationWithScopeAndRole() throws Exception { final BanInfo ban = new BanInfo() diff --git a/src/inttest/java/com/faforever/api/data/ClanElideTest.java b/src/inttest/java/com/faforever/api/data/ClanElideTest.java index e9de4958e..ffff76e33 100644 --- a/src/inttest/java/com/faforever/api/data/ClanElideTest.java +++ b/src/inttest/java/com/faforever/api/data/ClanElideTest.java @@ -8,7 +8,6 @@ import com.faforever.api.player.PlayerRepository; import lombok.SneakyThrows; import org.json.JSONObject; -import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpHeaders; @@ -96,7 +95,6 @@ public void cannotDeleteAsMember() throws Exception { } @Test - @Disabled("Temporary disabled due to security changes in Player class") public void getFilteredPlayerForClanInvite() throws Exception { mockMvc.perform(get("/data/player?filter=login==*MEMBER*&sort=login")) .andExpect(status().isOk()) @@ -107,7 +105,6 @@ public void getFilteredPlayerForClanInvite() throws Exception { @Test @WithUserDetails(AUTH_CLAN_LEADER) - @Disabled("Temporary disabled due to security changes in Player class") public void canTransferLeadershipAsLeader() throws Exception { assertThat(clanRepository.getOne(1).getLeader().getLogin(), is(AUTH_CLAN_LEADER)); diff --git a/src/inttest/java/com/faforever/api/data/UserNoteTest.java b/src/inttest/java/com/faforever/api/data/UserNoteTest.java index 639e7f963..39a99b542 100644 --- a/src/inttest/java/com/faforever/api/data/UserNoteTest.java +++ b/src/inttest/java/com/faforever/api/data/UserNoteTest.java @@ -2,19 +2,20 @@ import com.faforever.api.AbstractIntegrationTest; import com.faforever.api.data.domain.GroupPermission; -import com.faforever.api.player.PlayerRepository; import com.faforever.api.security.OAuthScope; -import org.junit.jupiter.api.Disabled; +import com.faforever.api.user.UserRepository; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpHeaders; import org.springframework.test.context.jdbc.Sql; import org.springframework.test.context.jdbc.Sql.ExecutionPhase; +import java.util.Set; + import static com.faforever.api.data.JsonApiMediaType.JSON_API_MEDIA_TYPE; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.hasSize; -import static org.hamcrest.core.Is.is; -import static org.junit.Assert.assertThat; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; @@ -35,13 +36,13 @@ public class UserNoteTest extends AbstractIntegrationTest { "relationships": { "author": { "data": { - "type": "player", + "type": "user", "id": "1" } }, "player": { "data": { - "type": "player", + "type": "user", "id": "3" } } @@ -49,9 +50,9 @@ public class UserNoteTest extends AbstractIntegrationTest { } } */ - private static final String testPost = "{\"data\":{\"type\":\"userNote\",\"attributes\":{\"watched\":false,\"note\":\"This note will be posted\"},\"relationships\":{\"author\":{\"data\":{\"type\":\"player\",\"id\":\"1\"}},\"player\":{\"data\":{\"type\":\"player\",\"id\":\"3\"}}}}}"; + private static final String testPost = "{\"data\":{\"type\":\"userNote\",\"attributes\":{\"watched\":false,\"note\":\"This note will be posted\"},\"relationships\":{\"author\":{\"data\":{\"type\":\"user\",\"id\":\"1\"}},\"player\":{\"data\":{\"type\":\"user\",\"id\":\"3\"}}}}}"; @Autowired - PlayerRepository playerRepository; + UserRepository userRepository; @Test public void emptyResultWithoutScope() throws Exception { @@ -117,16 +118,16 @@ public void cannotCreateUserNoteWithoutRole() throws Exception { } @Test - @Disabled("Temporary disabled due to security changes in Player class") public void canCreateUserNoteWithScopeAndRole() throws Exception { - assertThat(playerRepository.getOne(3).getUserNotes().size(), is(0)); + assertThat(userRepository.getOne(3).getUserNotes().size(), is(0)); mockMvc.perform(post("/data/userNote") - .with(getOAuthTokenWithTestUser(OAuthScope._READ_SENSIBLE_USERDATA, GroupPermission.ROLE_ADMIN_ACCOUNT_NOTE)) + .with(getOAuthTokenWithTestUser(Set.of(OAuthScope._READ_SENSIBLE_USERDATA), + Set.of(GroupPermission.ROLE_READ_ACCOUNT_PRIVATE_DETAILS, GroupPermission.ROLE_ADMIN_ACCOUNT_NOTE))) .header(HttpHeaders.CONTENT_TYPE, JSON_API_MEDIA_TYPE) .content(testPost)) .andExpect(status().isCreated()); - assertThat(playerRepository.getOne(3).getUserNotes().size(), is(1)); + assertThat(userRepository.getOne(3).getUserNotes().size(), is(1)); } } diff --git a/src/inttest/java/com/faforever/api/moderationreport/ModerationReportTest.java b/src/inttest/java/com/faforever/api/moderationreport/ModerationReportTest.java index 190fd5e79..3c3ded6dd 100644 --- a/src/inttest/java/com/faforever/api/moderationreport/ModerationReportTest.java +++ b/src/inttest/java/com/faforever/api/moderationreport/ModerationReportTest.java @@ -9,7 +9,6 @@ import com.faforever.commons.api.dto.Player; import com.google.common.collect.Sets; import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.springframework.http.HttpHeaders; import org.springframework.security.test.context.support.WithAnonymousUser; @@ -71,7 +70,6 @@ public void anonymousUserCannotCreateValidModerationReport() throws Exception { } @Test - @Disabled("Temporary disabled due to security changes in Player class") public void canCreateValidModerationReportWithoutScopeAndRole() throws Exception { mockMvc.perform(get("/data/account")); mockMvc.perform( @@ -159,7 +157,6 @@ public void cannotUpdateSomeoneElsesReport() throws Exception { } @Test - @Disabled("Temporary disabled due to security changes in Player class") public void canUpdateOwnReport() throws Exception { reportedUsers.add((Player) new Player().setId("1")); diff --git a/src/main/java/com/faforever/api/ban/BanService.java b/src/main/java/com/faforever/api/ban/BanService.java index d51f13184..6d386501b 100644 --- a/src/main/java/com/faforever/api/ban/BanService.java +++ b/src/main/java/com/faforever/api/ban/BanService.java @@ -1,22 +1,22 @@ package com.faforever.api.ban; -import com.faforever.api.data.domain.Player; -import com.faforever.api.player.PlayerRepository; +import com.faforever.api.data.domain.User; +import com.faforever.api.user.UserRepository; +import lombok.RequiredArgsConstructor; import org.springframework.stereotype.Service; @Service +@RequiredArgsConstructor public class BanService { - private final PlayerRepository playerRepository; + private final UserRepository userRepository; - public BanService(PlayerRepository playerRepository) { - this.playerRepository = playerRepository; - } - - public boolean hasActiveGlobalBan(Player player) { - return player.isGlobalBanned(); + public boolean hasActiveGlobalBan(User user) { + return user.isGlobalBanned(); } public boolean hasActiveGlobalBan(String username) { - return hasActiveGlobalBan(playerRepository.findOneByLogin(username)); + return userRepository.findOneByLogin(username) + .map(this::hasActiveGlobalBan) + .orElse(false); } } diff --git a/src/main/java/com/faforever/api/data/domain/Login.java b/src/main/java/com/faforever/api/data/domain/Login.java index 955f8386f..93149b1a0 100644 --- a/src/main/java/com/faforever/api/data/domain/Login.java +++ b/src/main/java/com/faforever/api/data/domain/Login.java @@ -1,108 +1,37 @@ package com.faforever.api.data.domain; -import com.faforever.api.data.checks.IsEntityOwner; import com.faforever.api.data.checks.Prefab; -import com.faforever.api.security.elide.permission.AdminAccountBanCheck; -import com.faforever.api.security.elide.permission.AdminAccountNoteCheck; -import com.faforever.api.security.elide.permission.ReadAccountPrivateDetailsCheck; -import com.faforever.api.security.elide.permission.ReadUserGroupCheck; import com.fasterxml.jackson.annotation.JsonIgnore; -import com.yahoo.elide.annotation.ReadPermission; import com.yahoo.elide.annotation.UpdatePermission; import lombok.Setter; import javax.persistence.Column; -import javax.persistence.FetchType; -import javax.persistence.ManyToMany; import javax.persistence.MappedSuperclass; -import javax.persistence.OneToMany; +import javax.persistence.OneToOne; import javax.persistence.Transient; -import java.time.OffsetDateTime; -import java.util.HashSet; -import java.util.Set; -import java.util.stream.Collectors; @MappedSuperclass @Setter public abstract class Login extends AbstractEntity implements OwnableEntity { private String login; - private String email; - private String steamId; - private String userAgent; - private Set bans; - private Set userNotes; - private Set userGroups; - private String recentIpAddress; - private OffsetDateTime lastLogin; - - public Login() { - this.bans = new HashSet<>(0); - this.userNotes = new HashSet<>(0); - } + private ClanMembership clanMembership; @Column(name = "login") public String getLogin() { return login; } - @Column(name = "email") - @ReadPermission(expression = IsEntityOwner.EXPRESSION + " OR " + ReadAccountPrivateDetailsCheck.EXPRESSION) - public String getEmail() { - return email; - } - - @Column(name = "steamid") - @ReadPermission(expression = IsEntityOwner.EXPRESSION + " OR " + ReadAccountPrivateDetailsCheck.EXPRESSION) - public String getSteamId() { - return steamId; - } - - @Column(name = "ip") - @ReadPermission(expression = IsEntityOwner.EXPRESSION + " OR " + ReadAccountPrivateDetailsCheck.EXPRESSION) - public String getRecentIpAddress() { - return recentIpAddress; - } - - @Column(name = "last_login") - @ReadPermission(expression = IsEntityOwner.EXPRESSION + " OR " + ReadAccountPrivateDetailsCheck.EXPRESSION) - public OffsetDateTime getLastLogin() { - return lastLogin; - } - - @Column(name = "user_agent") - public String getUserAgent() { - return userAgent; - } - - @OneToMany(mappedBy = "player", fetch = FetchType.EAGER) - // Permission is managed by BanInfo class - @UpdatePermission(expression = AdminAccountBanCheck.EXPRESSION) - public Set getBans() { - return this.bans; - } - - @OneToMany(mappedBy = "player", fetch = FetchType.EAGER) - @UpdatePermission(expression = AdminAccountNoteCheck.EXPRESSION) - public Set getUserNotes() { - return this.userNotes; - } - - @Transient - public Set getActiveBans() { - return getBans().stream().filter(ban -> ban.getBanStatus() == BanStatus.BANNED).collect(Collectors.toSet()); + // Permission is managed by ClanMembership class + @UpdatePermission(expression = Prefab.ALL) + @OneToOne(mappedBy = "player") + public ClanMembership getClanMembership() { + return this.clanMembership; } @Transient - public boolean isGlobalBanned() { - return getActiveBans().stream().anyMatch(ban -> ban.getLevel() == BanLevel.GLOBAL); - } - - @ReadPermission(expression = IsEntityOwner.EXPRESSION + " OR " + ReadUserGroupCheck.EXPRESSION) - @UpdatePermission(expression = Prefab.ALL) - @ManyToMany(mappedBy = "members") - public Set getUserGroups() { - return userGroups; + public Clan getClan() { + return clanMembership == null ? null : clanMembership.getClan(); } @Override diff --git a/src/main/java/com/faforever/api/data/domain/Player.java b/src/main/java/com/faforever/api/data/domain/Player.java index 6e9d8947e..e833d1335 100644 --- a/src/main/java/com/faforever/api/data/domain/Player.java +++ b/src/main/java/com/faforever/api/data/domain/Player.java @@ -1,11 +1,8 @@ package com.faforever.api.data.domain; -import com.faforever.api.data.checks.IsEntityOwner; import com.faforever.api.data.checks.Prefab; -import com.faforever.api.security.elide.permission.AdminModerationReportCheck; import com.github.jasminb.jsonapi.annotations.Type; import com.yahoo.elide.annotation.Include; -import com.yahoo.elide.annotation.ReadPermission; import com.yahoo.elide.annotation.SharePermission; import com.yahoo.elide.annotation.UpdatePermission; import lombok.Setter; @@ -13,11 +10,9 @@ import javax.persistence.Entity; import javax.persistence.FetchType; -import javax.persistence.ManyToMany; import javax.persistence.OneToMany; import javax.persistence.OneToOne; import javax.persistence.Table; -import javax.persistence.Transient; import java.util.Set; @Entity @@ -27,17 +22,13 @@ @SharePermission @Setter @Type(Player.TYPE_NAME) -@ReadPermission(expression = AdminModerationReportCheck.EXPRESSION + " OR " + IsEntityOwner.EXPRESSION) public class Player extends Login { - public static final String TYPE_NAME = "player"; + private Ladder1v1Rating ladder1v1Rating; private GlobalRating globalRating; - private ClanMembership clanMembership; private Set names; private Set avatarAssignments; - private Set reporterOnModerationReports; - private Set reportedOnModerationReports; @OneToOne(mappedBy = "player", fetch = FetchType.LAZY) @BatchSize(size = 1000) @@ -51,17 +42,6 @@ public GlobalRating getGlobalRating() { return globalRating; } - // Permission is managed by ClanMembership class - @UpdatePermission(expression = Prefab.ALL) - @OneToOne(mappedBy = "player") - public ClanMembership getClanMembership() { - return this.clanMembership; - } - - @Transient - public Clan getClan() { - return clanMembership == null ? null : clanMembership.getClan(); - } // Permission is managed by NameRecord class @UpdatePermission(expression = Prefab.ALL) @@ -78,23 +58,6 @@ public Set getAvatarAssignments() { return avatarAssignments; } - @ReadPermission(expression = AdminModerationReportCheck.EXPRESSION + " OR " + IsEntityOwner.EXPRESSION) - // Permission is managed by Moderation reports class - @UpdatePermission(expression = Prefab.ALL) - @OneToMany(mappedBy = "reporter") - @BatchSize(size = 1000) - public Set getReporterOnModerationReports() { - return reporterOnModerationReports; - } - - // Permission is managed by Moderation reports class - @ReadPermission(expression = AdminModerationReportCheck.EXPRESSION) - @UpdatePermission(expression = Prefab.ALL) - @ManyToMany(mappedBy = "reportedUsers") - public Set getReportedOnModerationReports() { - return reportedOnModerationReports; - } - @Override public String toString() { return "Player(" + getId() + ", " + getLogin() + ")"; diff --git a/src/main/java/com/faforever/api/data/domain/User.java b/src/main/java/com/faforever/api/data/domain/User.java index 47a1fbd1f..ed41a5cd3 100644 --- a/src/main/java/com/faforever/api/data/domain/User.java +++ b/src/main/java/com/faforever/api/data/domain/User.java @@ -1,22 +1,134 @@ package com.faforever.api.data.domain; +import com.faforever.api.data.checks.IsEntityOwner; import com.faforever.api.data.checks.Prefab; +import com.faforever.api.security.elide.permission.AdminAccountBanCheck; +import com.faforever.api.security.elide.permission.AdminAccountNoteCheck; +import com.faforever.api.security.elide.permission.AdminModerationReportCheck; +import com.faforever.api.security.elide.permission.ReadAccountPrivateDetailsCheck; +import com.faforever.api.security.elide.permission.ReadUserGroupCheck; +import com.yahoo.elide.annotation.Include; import com.yahoo.elide.annotation.ReadPermission; +import com.yahoo.elide.annotation.UpdatePermission; import lombok.Setter; +import org.hibernate.annotations.BatchSize; import javax.persistence.Column; import javax.persistence.Entity; +import javax.persistence.FetchType; +import javax.persistence.ManyToMany; +import javax.persistence.OneToMany; import javax.persistence.Table; +import javax.persistence.Transient; +import java.time.OffsetDateTime; +import java.util.HashSet; +import java.util.Set; +import java.util.stream.Collectors; @Entity @Table(name = "login") +@ReadPermission(expression = ReadAccountPrivateDetailsCheck.EXPRESSION + " OR " + IsEntityOwner.EXPRESSION) @Setter +@Include(rootLevel = true, type = User.TYPE_NAME) public class User extends Login { + public static final String TYPE_NAME = "user"; + private String password; + private String email; + private String steamId; + private String userAgent; + private Set bans; + private Set userNotes; + private Set userGroups; + private String recentIpAddress; + private OffsetDateTime lastLogin; + private Set reporterOnModerationReports; + private Set reportedOnModerationReports; + + public User() { + this.bans = new HashSet<>(0); + this.userNotes = new HashSet<>(0); + } @Column(name = "password") @ReadPermission(expression = Prefab.NONE) public String getPassword() { return password; } + + @Column(name = "email") + @ReadPermission(expression = IsEntityOwner.EXPRESSION + " OR " + ReadAccountPrivateDetailsCheck.EXPRESSION) + public String getEmail() { + return email; + } + + @Column(name = "steamid") + @ReadPermission(expression = IsEntityOwner.EXPRESSION + " OR " + ReadAccountPrivateDetailsCheck.EXPRESSION) + public String getSteamId() { + return steamId; + } + + @Column(name = "ip") + @ReadPermission(expression = IsEntityOwner.EXPRESSION + " OR " + ReadAccountPrivateDetailsCheck.EXPRESSION) + public String getRecentIpAddress() { + return recentIpAddress; + } + + @Column(name = "last_login") + @ReadPermission(expression = IsEntityOwner.EXPRESSION + " OR " + ReadAccountPrivateDetailsCheck.EXPRESSION) + public OffsetDateTime getLastLogin() { + return lastLogin; + } + + @Column(name = "user_agent") + public String getUserAgent() { + return userAgent; + } + + @OneToMany(mappedBy = "player", fetch = FetchType.EAGER) + // Permission is managed by BanInfo class + @UpdatePermission(expression = AdminAccountBanCheck.EXPRESSION) + public Set getBans() { + return this.bans; + } + + @OneToMany(mappedBy = "player", fetch = FetchType.EAGER) + @UpdatePermission(expression = AdminAccountNoteCheck.EXPRESSION) + public Set getUserNotes() { + return this.userNotes; + } + + @Transient + public Set getActiveBans() { + return getBans().stream().filter(ban -> ban.getBanStatus() == BanStatus.BANNED).collect(Collectors.toSet()); + } + + @Transient + public boolean isGlobalBanned() { + return getActiveBans().stream().anyMatch(ban -> ban.getLevel() == BanLevel.GLOBAL); + } + + @ReadPermission(expression = IsEntityOwner.EXPRESSION + " OR " + ReadUserGroupCheck.EXPRESSION) + @UpdatePermission(expression = Prefab.ALL) + @ManyToMany(mappedBy = "members") + public Set getUserGroups() { + return userGroups; + } + + @ReadPermission(expression = AdminModerationReportCheck.EXPRESSION + " OR " + IsEntityOwner.EXPRESSION) + // Permission is managed by Moderation reports class + @UpdatePermission(expression = Prefab.ALL) + @OneToMany(mappedBy = "reporter") + @BatchSize(size = 1000) + public Set getReporterOnModerationReports() { + return reporterOnModerationReports; + } + + // Permission is managed by Moderation reports class + @ReadPermission(expression = AdminModerationReportCheck.EXPRESSION) + @UpdatePermission(expression = Prefab.ALL) + @ManyToMany(mappedBy = "reportedUsers") + public Set getReportedOnModerationReports() { + return reportedOnModerationReports; + } } diff --git a/src/main/java/com/faforever/api/data/domain/UserNote.java b/src/main/java/com/faforever/api/data/domain/UserNote.java index ff5a953f6..2d996a769 100644 --- a/src/main/java/com/faforever/api/data/domain/UserNote.java +++ b/src/main/java/com/faforever/api/data/domain/UserNote.java @@ -1,3 +1,4 @@ + package com.faforever.api.data.domain; import com.faforever.api.data.checks.Prefab; @@ -29,22 +30,22 @@ @Audit(action = Action.CREATE, logStatement = "Note `{0}` for user `{1}` added (watched=`{2}`) with text: {3}", logExpressions = {"${userNote.id}", "${userNote.player.id}", "${userNote.watched}", "${userNote.note}"}) @Setter public class UserNote extends AbstractEntity { - private Player player; - private Player author; + private User player; + private User author; private boolean watched; private String note; @ManyToOne(fetch = FetchType.LAZY) @JoinColumn(name = "user_id") @NotNull - public Player getPlayer() { + public User getPlayer() { return player; } @ManyToOne(fetch = FetchType.LAZY) @JoinColumn(name = "author") @NotNull - public Player getAuthor() { + public User getAuthor() { return author; } diff --git a/src/main/java/com/faforever/api/user/MeController.java b/src/main/java/com/faforever/api/user/MeController.java index 034faf91c..fa5072cc4 100644 --- a/src/main/java/com/faforever/api/user/MeController.java +++ b/src/main/java/com/faforever/api/user/MeController.java @@ -1,8 +1,7 @@ package com.faforever.api.user; -import com.faforever.api.data.domain.Player; +import com.faforever.api.data.domain.User; import com.faforever.api.data.domain.UserGroup; -import com.faforever.api.player.PlayerService; import com.faforever.api.security.FafUserDetails; import com.google.common.collect.ImmutableMap; import com.yahoo.elide.jsonapi.models.Data; @@ -11,6 +10,7 @@ import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiResponse; import lombok.Builder; +import lombok.RequiredArgsConstructor; import lombok.Value; import org.springframework.security.access.annotation.Secured; import org.springframework.security.core.GrantedAuthority; @@ -27,12 +27,9 @@ * Provides the route {@code /me} which returns the currently logged in user's information. */ @RestController +@RequiredArgsConstructor public class MeController { - private final PlayerService playerService; - - public MeController(PlayerService playerService) { - this.playerService = playerService; - } + private final UserService userService; @RequestMapping(method = RequestMethod.GET, value = "/me") @ApiOperation("Returns the authentication object of the current user") @@ -40,7 +37,7 @@ public MeController(PlayerService playerService) { @Secured("ROLE_USER") public JsonApiDocument me(@AuthenticationPrincipal FafUserDetails authentication) { - Player player = playerService.getById(authentication.getId()); + User player = userService.getById(authentication.getId()); Set grantedAuthorities = authentication.getAuthorities().stream() .map(GrantedAuthority::getAuthority) .collect(Collectors.toSet()); diff --git a/src/main/java/com/faforever/api/user/UserService.java b/src/main/java/com/faforever/api/user/UserService.java index ad3065162..7f7f5f602 100644 --- a/src/main/java/com/faforever/api/user/UserService.java +++ b/src/main/java/com/faforever/api/user/UserService.java @@ -78,6 +78,11 @@ public UserService(EmailService emailService, PlayerRepository playerRepository, this.passwordEncoder = new FafPasswordEncoder(); } + public User getById(Integer playerId) { + return userRepository.findById(playerId) + .orElseThrow(() -> new ApiException(new Error(ErrorCode.ENTITY_NOT_FOUND, playerId))); + } + void register(String username, String email, String password) { log.debug("Registration requested for user: {}", username); validateUsername(username); diff --git a/src/test/java/com/faforever/api/user/UserServiceTest.java b/src/test/java/com/faforever/api/user/UserServiceTest.java index a476dabc4..1fd3e1bb4 100644 --- a/src/test/java/com/faforever/api/user/UserServiceTest.java +++ b/src/test/java/com/faforever/api/user/UserServiceTest.java @@ -101,8 +101,8 @@ public class UserServiceTest { private static User createUser(int id, String name, String password, String email) { return (User) new User() .setPassword(fafPasswordEncoder.encode(password)) - .setLogin(name) .setEmail(email) + .setLogin(name) .setId(id); }