diff --git a/backend/core/src/main/java/org/opencdmp/service/user/UserService.java b/backend/core/src/main/java/org/opencdmp/service/user/UserService.java index 8c4947890..8661de670 100644 --- a/backend/core/src/main/java/org/opencdmp/service/user/UserService.java +++ b/backend/core/src/main/java/org/opencdmp/service/user/UserService.java @@ -37,6 +37,8 @@ public interface UserService { void sendRemoveCredentialConfirmation(RemoveCredentialRequestPersist model) throws InvalidApplicationException, JAXBException; + boolean doesTokenBelongToLoggedInUser(String token) throws InvalidApplicationException, IOException; + void confirmMergeAccount(String token) throws InvalidApplicationException, IOException; void confirmRemoveCredential(String token) throws InvalidApplicationException; diff --git a/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java index 3b2b66384..bdd1831f2 100644 --- a/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java @@ -601,6 +601,12 @@ public class UserServiceImpl implements UserService { return (String.format("%02d", hour) + ":" + String.format("%02d", min) + ":" + String.format("%02d", sec)); } + public boolean doesTokenBelongToLoggedInUser(String token) throws IOException, InvalidApplicationException { + UserEntity userToBeMerge = this.getUserEntityFromToken(token); + + return this.userScope.getUserIdSafe().equals(userToBeMerge.getId()); + } + public void confirmMergeAccount(String token) throws IOException, InvalidApplicationException { ActionConfirmationEntity action = this.queryFactory.query(ActionConfirmationQuery.class).tokens(token).types(ActionConfirmationType.MergeAccount).isActive(IsActive.Active).first(); if (action == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{token, ActionConfirmationEntity.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -842,4 +848,22 @@ public class UserServiceImpl implements UserService { } } + private UserEntity getUserEntityFromToken(String token) throws MyForbiddenException, MyNotFoundException { + ActionConfirmationEntity action = this.queryFactory.query(ActionConfirmationQuery.class).tokens(token).types(ActionConfirmationType.MergeAccount).isActive(IsActive.Active).first(); + if (action == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{token, ActionConfirmationEntity.class.getSimpleName()}, LocaleContextHolder.getLocale())); + + this.checkActionState(action); + + MergeAccountConfirmationEntity mergeAccountConfirmationEntity = this.xmlHandlingService.fromXmlSafe(MergeAccountConfirmationEntity.class, action.getData()); + if (mergeAccountConfirmationEntity == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{action.getId(), MergeAccountConfirmationEntity.class.getSimpleName()}, LocaleContextHolder.getLocale())); + + UserContactInfoEntity userContactInfoEntity = this.queryFactory.query(UserContactInfoQuery.class).values(mergeAccountConfirmationEntity.getEmail()).types(ContactInfoType.Email).first(); + if (userContactInfoEntity == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{mergeAccountConfirmationEntity.getEmail(), User.class.getSimpleName()}, LocaleContextHolder.getLocale())); + + UserEntity userToBeMerge = this.queryFactory.query(UserQuery.class).ids(userContactInfoEntity.getUserId()).isActive(IsActive.Active).first(); + + if (userToBeMerge == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{userContactInfoEntity.getUserId(), User.class.getSimpleName()}, LocaleContextHolder.getLocale())); + + return userToBeMerge; + } } \ No newline at end of file diff --git a/backend/web/src/main/java/org/opencdmp/controllers/UserController.java b/backend/web/src/main/java/org/opencdmp/controllers/UserController.java index 36cd9e359..66ea3b76e 100644 --- a/backend/web/src/main/java/org/opencdmp/controllers/UserController.java +++ b/backend/web/src/main/java/org/opencdmp/controllers/UserController.java @@ -297,6 +297,14 @@ public class UserController { return true; } + @GetMapping("mine/get-permission/token/{token}") + @Transactional + public Boolean getUserTokenPermission(@PathVariable("token") String token) throws InvalidApplicationException, IOException { + logger.debug(new MapLogEntry("confirm merge account to user").And("token", token)); + + return this.userTypeService.doesTokenBelongToLoggedInUser(token); + } + @PostMapping("mine/remove-credential-request") @Transactional @ValidationFilterAnnotation(validator = RemoveCredentialRequestPersist.RemoveCredentialRequestPersistValidator.ValidatorName, argumentName = "model") diff --git a/dmp-frontend/src/app/core/services/user/user.service.ts b/dmp-frontend/src/app/core/services/user/user.service.ts index 0ed666ee3..0f3a3c14a 100644 --- a/dmp-frontend/src/app/core/services/user/user.service.ts +++ b/dmp-frontend/src/app/core/services/user/user.service.ts @@ -117,6 +117,14 @@ export class UserService { catchError((error: any) => throwError(error))); } + getUserTokenPermission(token: Guid): Observable { + const url = `${this.apiBase}/mine/get-permission/token/${token}`; + + return this.http + .get(url).pipe( + catchError((error: any) => throwError(error))); + } + confirmMergeAccount(token: Guid): Observable { const url = `${this.apiBase}/mine/confirm-merge-account/token/${token}`; diff --git a/dmp-frontend/src/app/ui/auth/login/merge-email-confirmation/merge-email-confirmation.component.html b/dmp-frontend/src/app/ui/auth/login/merge-email-confirmation/merge-email-confirmation.component.html index d6f8d073f..4dcd1e0bd 100644 --- a/dmp-frontend/src/app/ui/auth/login/merge-email-confirmation/merge-email-confirmation.component.html +++ b/dmp-frontend/src/app/ui/auth/login/merge-email-confirmation/merge-email-confirmation.component.html @@ -4,7 +4,7 @@