bocajbee

Untitled

Nov 29th, 2021 (edited)
836
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. package com.example.passwordKeepr.passwordKeeprTest.Users;
  2. import org.springframework.beans.factory.annotation.Autowired;
  3. import org.springframework.mail.javamail.JavaMailSender;
  4. import org.springframework.mail.javamail.MimeMessageHelper;
  5. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  6. import org.springframework.security.crypto.password.PasswordEncoder;
  7. import org.springframework.stereotype.Service;
  8. import javax.mail.MessagingException;
  9. import javax.mail.internet.MimeMessage;
  10. import java.io.UnsupportedEncodingException;
  11. import java.time.LocalDateTime;
  12. import java.util.HashMap;
  13. import java.util.Map;
  14.  
  15. @Service
  16. public class LoginService {
  17.  
  18.     @Autowired
  19.     private JavaMailSender mailSender;
  20.     private final UsersRepository usersRepository;
  21.     private PasswordEncoder passwordEncoder;
  22.  
  23.     @Autowired
  24.     public LoginService(UsersRepository usersRepository)  {
  25.         this.usersRepository = usersRepository;
  26.     }
  27.  
  28.     public <lookupRequestObject> HashMap<String, String> loginUser(Map<String, Object> lookupRequestObject) {
  29.         String email = (String) lookupRequestObject.get("email");
  30.         String password = (String) lookupRequestObject.get("password");
  31.  
  32.         if (email == "") {
  33.             throw new IllegalStateException("Must provide email!");
  34.         } else if (password == "") {
  35.             throw new IllegalStateException("Must provide password!");
  36.         }
  37.  
  38.         return this.loginUser(email, password);
  39.     }
  40.  
  41.     // https://stackoverflow.com/questions/32129123/how-to-convert-boolean-true-or-false-to-string-value-in-groovy
  42.     private HashMap<String, String> loginUser(String email, String password) {
  43.         this.passwordEncoder = new BCryptPasswordEncoder();
  44.         User userFromDb = usersRepository.findByEmail(email);
  45.         String emailPassword = email + password;
  46.         long accountFirstFailedAttemptTimestamp = 0;
  47.         long accountLockedTimestamp = 0;
  48.  
  49.         if (userFromDb == null) {
  50.             throw new IllegalStateException("We couldn't find an account with that email!");
  51.         }
  52.  
  53.         boolean matches = passwordEncoder.matches(emailPassword, userFromDb.getMasterPassword());
  54.  
  55.         if (userFromDb.getFirst_failed_attempt_time() != null) {
  56.             accountFirstFailedAttemptTimestamp = getMinuteDuration(userFromDb.getFirst_failed_attempt_time());
  57.         }
  58.  
  59.         if (userFromDb.getLock_time() != null) {
  60.             accountLockedTimestamp = getMinuteDuration(userFromDb.getLock_time());
  61.         }
  62.  
  63.         LocalDateTime currentDateTime = LocalDateTime.now();
  64.         long currentDateTimeSecondDuration = getMinuteDuration(LocalDateTime.now());
  65.         long minutesDifferenceFirstFailedAttempt = currentDateTimeSecondDuration - accountFirstFailedAttemptTimestamp;
  66.         long minutesDifferenceSinceAccountLock = currentDateTimeSecondDuration - accountLockedTimestamp;
  67.  
  68.         if (matches == true) {
  69.             verifyAccountIsStillLocked(userFromDb, minutesDifferenceSinceAccountLock, currentDateTime, true);
  70.             return loginUser(userFromDb);
  71.         } else {
  72.  
  73.             if (accountLockedTimestamp != 0) {
  74.                 verifyAccountIsStillLocked(userFromDb, minutesDifferenceSinceAccountLock, currentDateTime, false);
  75.             }
  76.             verifyLoginAttempts(userFromDb, currentDateTime, minutesDifferenceFirstFailedAttempt);
  77.         }
  78.  
  79.         return null;
  80.     }
  81.  
  82.     public void resetPasswordEmail(Map<String, Object> lookupRequestObject) throws UnsupportedEncodingException, MessagingException {
  83.         String email = (String) lookupRequestObject.get("passwordResetEmail");
  84.         User userFromDb = usersRepository.findByEmail(email);
  85.  
  86.         if (userFromDb == null) {
  87.             throw new IllegalStateException("Uh oh! Doesn't look like that's a valid email address! Did you make a typo?");
  88.         }
  89.  
  90.         LocalDateTime currentDateTime = LocalDateTime.now();
  91.         userFromDb.setTimestamp_pw_reset(currentDateTime);
  92.         usersRepository.save(userFromDb);
  93.  
  94.         String siteUrl = "http:/localhost:3000";
  95.         String verifyUrl = siteUrl + "/resetPasswordForm" + userFromDb.getVerificationCode();
  96.         String subject = "Please click on the following link to reset your password";
  97.         String senderName = "PasswordKeepr Team";
  98.         String mailContent = "<p>Dear " + userFromDb.getEmail() + ", </p>";
  99.         mailContent += "<p>Please click the link below to reset your master password and access passWordKeepr's features!</p>";
  100.         mailContent += "<h3><a =\"href=" + verifyUrl + "\">VERIFY</a></h3>";
  101.         mailContent += "<p>Thank you, The PasswordKeepr team</p>";
  102.  
  103.         MimeMessage message = mailSender.createMimeMessage();
  104.         MimeMessageHelper helper = new MimeMessageHelper(message);
  105.  
  106.         helper.setFrom("jallen209972@gmail.com", senderName);
  107.         helper.setTo(userFromDb.getEmail());
  108.         helper.setSubject(subject);
  109.         helper.setText(mailContent, true);
  110.  
  111.         mailSender.send(message);
  112.     }
  113.  
  114.     public String verify(String verificationCode) {
  115.         User userToVerify = usersRepository.findByVerificationCode(verificationCode);
  116.  
  117.         if (userToVerify == null) {
  118.             return "Oops, doesn't look like a valid account exists for this request!";
  119.         } else if (userToVerify.getEnabled()) {
  120.             return "This user has already been verified! Go log in!";
  121.         } else {
  122.             usersRepository.enableUser(userToVerify.getId());
  123.             return "Account successfully verified! Go log in!";
  124.         }
  125.     }
  126.  
  127.     private long getMinuteDuration(LocalDateTime t) {
  128.         long hour = t.getHour();
  129.         long minute = t.getMinute();
  130.         long second = t.getSecond();
  131.         return  ((hour * 3600) + (minute * 60) + second) / 60;
  132.     }
  133.  
  134.     private void verifyAccountIsStillLocked(User userFromDb, long minutesDifferenceSinceAccountLock, LocalDateTime currentDateTime, boolean loginSuccess) {
  135.  
  136.         if (userFromDb.getAccount_locked() == true && minutesDifferenceSinceAccountLock < 60) {
  137.             throw new IllegalStateException("Sorry your account is locked for 1 hour!");
  138.         } else if (userFromDb.getAccount_locked() == true && minutesDifferenceSinceAccountLock > 60 && loginSuccess == false) {
  139.             userFromDb.setAccount_locked(false);
  140.             userFromDb.setFailed_attempt(1);
  141.             userFromDb.setFirst_failed_attempt_time(currentDateTime);
  142.             usersRepository.save(userFromDb);
  143.             throw new IllegalStateException("Sorry that password is incorrect!");
  144.         } else if(userFromDb.getAccount_locked() == true && minutesDifferenceSinceAccountLock > 60 && loginSuccess == true) {
  145.             userFromDb.setAccount_locked(false);
  146.             userFromDb.setFailed_attempt(0);
  147.             userFromDb.setFirst_failed_attempt_time(null);
  148.             usersRepository.save(userFromDb);
  149.         }
  150.  
  151.         return;
  152.     }
  153.  
  154.     private void verifyLoginAttempts(User userFromDb, LocalDateTime currentDateTime, long minutesDifferenceFirstFailedAttempt) {
  155.  
  156.         if (userFromDb.getFailed_attempt() == 0) {
  157.             int updatedFailedAttempt = userFromDb.getFailed_attempt() + 1;
  158.             userFromDb.setFirst_failed_attempt_time(currentDateTime);
  159.             userFromDb.setFailed_attempt(updatedFailedAttempt);
  160.         } else if (userFromDb.getFailed_attempt() < 3 && minutesDifferenceFirstFailedAttempt < 20) {
  161.             int updatedFailedAttempt = userFromDb.getFailed_attempt() + 1;
  162.             userFromDb.setFailed_attempt(updatedFailedAttempt);
  163.         } else if (userFromDb.getFailed_attempt() < 3 && minutesDifferenceFirstFailedAttempt > 20) {
  164.             userFromDb.setFirst_failed_attempt_time(currentDateTime);
  165.             userFromDb.setFailed_attempt(1);
  166.         } else if (userFromDb.getFailed_attempt() >= 3) {
  167.             userFromDb.setAccount_locked(true);
  168.             userFromDb.setLock_time(currentDateTime);
  169.             userFromDb.setFailed_attempt(0);
  170.         }
  171.  
  172.         usersRepository.save(userFromDb);
  173.         throw new IllegalStateException("Sorry that password is incorrect!");
  174.     }
  175.  
  176.     private HashMap loginUser(User userFromDb) {
  177.         userFromDb.setFailed_attempt(0);
  178.         String uuid = userFromDb.getUuid();
  179.         String enabled = String.valueOf(userFromDb.getEnabled());
  180.         HashMap<String, String> map = new HashMap<>();
  181.         map.put("uuid", uuid);
  182.         map.put("enabled", enabled);
  183.         usersRepository.save(userFromDb);
  184.         return map;
  185.     }
  186. }
  187.  
RAW Paste Data