#849 | Introduce generateToken user external api

avniproject · Jan 16, 2025 · 0c1b543 · 0c1b543
1 parent 944bf96
commit 0c1b543
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 2 deletions.
diff --git a/avni-server-api/src/main/java/org/avni/server/dao/UserRepository.java b/avni-server-api/src/main/java/org/avni/server/dao/UserRepository.java
@@ -67,7 +67,7 @@ Page<User> findByOrganisationIdAndIsVoidedFalse(@Param("organisationId") Long or
 
     List<User> findByCatchmentAndIsVoidedFalse(Catchment catchment);
 
-    default User getUser(String userId) {
+    default User getUser(String userId) throws EntityNotFoundException {
         User user = null;
         if (RequestUtils.isValidUUID(userId)) {
             user = findByUuid(userId);

diff --git a/...server-api/src/main/java/org/avni/server/framework/security/ResourceProtectionStatus.java b/...server-api/src/main/java/org/avni/server/framework/security/ResourceProtectionStatus.java
@@ -24,7 +24,8 @@ public class ResourceProtectionStatus {
             "/service-worker.js",
             "/ping",
             "/web/media",
-            "/config"
+            "/config",
+            "/api/user/generateToken"
     );
 
     public static boolean isProtected(HttpServletRequest request) {

diff --git a/avni-server-api/src/main/java/org/avni/server/web/api/UserLoginApiController.java b/avni-server-api/src/main/java/org/avni/server/web/api/UserLoginApiController.java
@@ -0,0 +1,35 @@
+package org.avni.server.web.api;
+
+import jakarta.persistence.EntityNotFoundException;
+import org.avni.server.dao.UserRepository;
+import org.avni.server.domain.User;
+import org.avni.server.domain.accessControl.AvniAccessException;
+import org.avni.server.framework.security.AuthService;
+import org.avni.server.web.request.auth.GenerateTokenRequest;
+import org.avni.server.web.request.auth.GenerateTokenResult;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+@Controller
+public class UserLoginApiController {
+
+    private final AuthService authService;
+    private final UserRepository userRepository;
+
+    public UserLoginApiController(AuthService authService, UserRepository userRepository) {
+        this.authService = authService;
+        this.userRepository = userRepository;
+    }
+
+    @RequestMapping(value = "/api/user/generateToken", method = RequestMethod.POST)
+    public ResponseEntity<GenerateTokenResult> generateTokenForUser(@RequestBody GenerateTokenRequest request) throws EntityNotFoundException {
+        User user = userRepository.findByUsername(request.getUsername());
+        if (!user.getUserSettings().isAllowedToInvokeTokenGenerationAPI()) {
+            throw AvniAccessException.createForUserNotAllowedTokenGeneration(user);
+        }
+        return ResponseEntity.ok(new GenerateTokenResult(authService.generateTokenForUser(request.getUsername(), request.getPassword())));
+    }
+}