diff --git a/src/main/java/com/tarento/retail/config/WebSecurityConfig.java b/src/main/java/com/tarento/retail/config/WebSecurityConfig.java
index 9716cf79409f3d466735a15121b87bff148b3ae5..332ea879553ffd04c4ce65a88fd3e66c1aa4bb07 100644
--- a/src/main/java/com/tarento/retail/config/WebSecurityConfig.java
+++ b/src/main/java/com/tarento/retail/config/WebSecurityConfig.java
@@ -58,7 +58,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
"/user/mapUserMasterRoleCountryOrg", "/user/getMasterRoleByOrgDomain", "/user/domainRole",
"/user/getUsersByRole", "/user/addOrgDomainRoles",
PathRoutes.USER_ACTIONS_URL + PathRoutes.UserRoutes.REQUEST_OTP,
- PathRoutes.AuthenticationRoutes.SIGN_IN)
+ PathRoutes.AuthenticationRoutes.SIGN_IN,
+ PathRoutes.USER_ACTIONS_URL + PathRoutes.UserRoutes.GENERATE_PIN)
.permitAll().anyRequest().authenticated().and().exceptionHandling()
.authenticationEntryPoint(unauthorizedHandler).and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
diff --git a/src/main/java/com/tarento/retail/controller/AuthenticationController.java b/src/main/java/com/tarento/retail/controller/AuthenticationController.java
index 0e9d31e384d3b0847f7247092df05b5f9ca67fb0..e9b161a822b02c5fda769b86e97ba1c20dc6adda 100644
--- a/src/main/java/com/tarento/retail/controller/AuthenticationController.java
+++ b/src/main/java/com/tarento/retail/controller/AuthenticationController.java
@@ -115,8 +115,13 @@ public class AuthenticationController {
@RequestMapping(value = PathRoutes.AuthenticationRoutes.SIGN_IN, method = RequestMethod.POST)
public String signIn(@RequestBody LoginUser loginUser) throws JsonProcessingException {
- if (StringUtils.isNotBlank(loginUser.getUsername()) && StringUtils.isNotBlank(loginUser.getOtp())) {
- Boolean valid = userService.validateUserOTP(loginUser.getUsername(), loginUser.getOtp());
+ if (StringUtils.isNotBlank(loginUser.getUsername())) {
+ Boolean valid = Boolean.FALSE;
+ if (StringUtils.isNotBlank(loginUser.getOtp())) {
+ valid = userService.validateUserOTP(loginUser.getUsername(), loginUser.getOtp());
+ } else if (String.valueOf(loginUser.getPin()).length() == 4) {
+ valid = userService.validateUserPin(loginUser.getUsername(), loginUser.getPin());
+ }
if (valid) {
// Generate JWT token
User user = new User();
@@ -133,7 +138,8 @@ public class AuthenticationController {
userProfile.setAuthToken(token);
// get user roles
- List<Role> userRoles = userService.findAllRolesByUser(userProfile.getId(), userProfile.getOrgId(), null);
+ List<Role> userRoles = userService.findAllRolesByUser(userProfile.getId(), userProfile.getOrgId(),
+ null);
LOGGER.info("Fetched Roles Assigned for the User");
userProfile.setRoles(userRoles);
diff --git a/src/main/java/com/tarento/retail/controller/UserController.java b/src/main/java/com/tarento/retail/controller/UserController.java
index a690dc338c083893561715157f01234f430cd6ed..502c7903c688c462d8df8988aa8c1642b1a7acf1 100644
--- a/src/main/java/com/tarento/retail/controller/UserController.java
+++ b/src/main/java/com/tarento/retail/controller/UserController.java
@@ -574,4 +574,17 @@ public class UserController {
}
}
+ @RequestMapping(value = PathRoutes.UserRoutes.GENERATE_PIN, method = RequestMethod.POST)
+ public String generatePin(@RequestBody LoginUser loginUser) throws JsonProcessingException {
+ if (StringUtils.isNotBlank(loginUser.getUsername()) && String.valueOf(loginUser.getPin()).length() == 4
+ && StringUtils.isNotBlank(loginUser.getOtp())) {
+ Long userId = userService.checkUserNameExists(loginUser.getUsername(), null);
+ if (userId != 0L && userService.validateUserOTP(loginUser.getUsername(), loginUser.getOtp())) {
+ return ResponseGenerator.successResponse(userService.setUserPin(loginUser.getPin(), userId));
+ }
+ return ResponseGenerator.failureResponse(Constants.UNAUTHORIZED_USER);
+ }
+ return ResponseGenerator.failureResponse("Check your request params");
+ }
+
}
diff --git a/src/main/java/com/tarento/retail/dao/UserDao.java b/src/main/java/com/tarento/retail/dao/UserDao.java
index 75f7e394742a2601ccb2e115d98c39b553fe5832..42273d346ede51dc478d9d225f766a01ee0f45c5 100644
--- a/src/main/java/com/tarento/retail/dao/UserDao.java
+++ b/src/main/java/com/tarento/retail/dao/UserDao.java
@@ -258,4 +258,8 @@ public interface UserDao {
public List<KeyValue> getNumberOfUsersAndRoles();
+ public Boolean setUserPin(String encryptedPin, Long userId);
+
+ public Boolean validateUserPin(int pin, String username);
+
}
diff --git a/src/main/java/com/tarento/retail/dao/impl/UserDaoImpl.java b/src/main/java/com/tarento/retail/dao/impl/UserDaoImpl.java
index 5db456be85885342edb31afb5cfee162d876c9f4..35265205e9b3040f4ba020f3266f9920312dd694 100644
--- a/src/main/java/com/tarento/retail/dao/impl/UserDaoImpl.java
+++ b/src/main/java/com/tarento/retail/dao/impl/UserDaoImpl.java
@@ -20,6 +20,7 @@ import org.springframework.jdbc.core.PreparedStatementCreator;
import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
import org.springframework.jdbc.support.GeneratedKeyHolder;
import org.springframework.jdbc.support.KeyHolder;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Repository;
import com.tarento.retail.config.JwtTokenUtil;
@@ -68,6 +69,9 @@ public class UserDaoImpl implements UserDao {
@Autowired
private JwtTokenUtil jwtTokenUtil;
+ @Autowired
+ private BCryptPasswordEncoder bcryptEncoder;
+
@Override
public List<Action> findAllActionsByRoleID(Integer roleID) {
List<Action> actions = new ArrayList<Action>();
@@ -985,4 +989,29 @@ public class UserDaoImpl implements UserDao {
}
return userList;
}
+
+ @Override
+ public Boolean setUserPin(String encryptedPin, Long userId) {
+ try {
+ jdbcTemplate.update(UserQueries.SET_USER_PIN, new Object[] { encryptedPin, userId });
+ return Boolean.TRUE;
+ } catch (Exception e) {
+ LOGGER.error(String.format(Constants.EXCEPTION_METHOD, "setUserPin", e.getMessage()));
+ return Boolean.FALSE;
+ }
+ }
+
+ @Override
+ public Boolean validateUserPin(int pin, String username) {
+ try {
+ List<String> userPin = jdbcTemplate.queryForList(UserQueries.GET_USER_PIN, new Object[] { username },
+ String.class);
+ if (userPin != null && userPin.size() > 0 && bcryptEncoder.matches(String.valueOf(pin), userPin.get(0))) {
+ return Boolean.TRUE;
+ }
+ } catch (Exception e) {
+ LOGGER.error(String.format(Constants.EXCEPTION_METHOD, "validateUserPin", e.getMessage()));
+ }
+ return Boolean.FALSE;
+ }
}
diff --git a/src/main/java/com/tarento/retail/model/LoginUser.java b/src/main/java/com/tarento/retail/model/LoginUser.java
index 6dd2a2675beb3abf0bbfa340b9863b4ac112fca7..0bdb91a1cf988dee9b8cce0c9903d468f0cef86c 100644
--- a/src/main/java/com/tarento/retail/model/LoginUser.java
+++ b/src/main/java/com/tarento/retail/model/LoginUser.java
@@ -13,4 +13,5 @@ public class LoginUser {
private String organization;
private String otp;
private Boolean isMobile;
+ private int pin;
}
diff --git a/src/main/java/com/tarento/retail/service/UserService.java b/src/main/java/com/tarento/retail/service/UserService.java
index 19d664e238c44af8023e2841aa963b51215d1aa3..6a65f8530bcadfac0a3fb7e45ff12965351daf85 100644
--- a/src/main/java/com/tarento/retail/service/UserService.java
+++ b/src/main/java/com/tarento/retail/service/UserService.java
@@ -237,4 +237,8 @@ public interface UserService {
List<KeyValue> getNumberOfUsersAndRoles();
+ public Boolean setUserPin(int pin, Long userId);
+
+ public Boolean validateUserPin(String username, int pin);
+
}
\ No newline at end of file
diff --git a/src/main/java/com/tarento/retail/service/impl/UserServiceImpl.java b/src/main/java/com/tarento/retail/service/impl/UserServiceImpl.java
index 9c870dea8d681ecc05e645cf0f93d2aaff889de8..e4dfcad95601a7033f9d0e6874c7fcba43bad803 100644
--- a/src/main/java/com/tarento/retail/service/impl/UserServiceImpl.java
+++ b/src/main/java/com/tarento/retail/service/impl/UserServiceImpl.java
@@ -596,4 +596,15 @@ public class UserServiceImpl implements UserDetailsService, UserService {
return userDao.getNumberOfUsersAndRoles();
}
+ @Override
+ public Boolean setUserPin(int pin, Long userId) {
+ String encryptedPin = bcryptEncoder.encode(String.valueOf(pin));
+ return userDao.setUserPin(encryptedPin, userId);
+ }
+
+ @Override
+ public Boolean validateUserPin(String username, int pin) {
+ return userDao.validateUserPin(pin, username);
+ }
+
}
diff --git a/src/main/java/com/tarento/retail/util/PathRoutes.java b/src/main/java/com/tarento/retail/util/PathRoutes.java
index 8797b32d924b627a7619370e928326f6c42bb55e..aed37d701583197bf5d54fd262f6955cab0b7381 100644
--- a/src/main/java/com/tarento/retail/util/PathRoutes.java
+++ b/src/main/java/com/tarento/retail/util/PathRoutes.java
@@ -40,6 +40,7 @@ public interface PathRoutes {
final String REQUEST_OTP = "/requestOTP";
final String NUMBER_OF_USERS_ROLES_GET = "/getNumberOfUsersAndRoles";
final String GET_USER_DEVICE_TOKEN = "getDeviceTokenForUserIds";
+ final String GENERATE_PIN = "/generatePin";
}
public interface AuthenticationRoutes {
diff --git a/src/main/java/com/tarento/retail/util/Sql.java b/src/main/java/com/tarento/retail/util/Sql.java
index bf3c3a2ffb69ecf732e314c6026abf1beeef29d6..da91a8b156988a0aef534b9acbae56df9ae2ed5c 100644
--- a/src/main/java/com/tarento/retail/util/Sql.java
+++ b/src/main/java/com/tarento/retail/util/Sql.java
@@ -176,6 +176,8 @@ public interface Sql {
final String GET_USER_ID = "SELECT id FROM user WHERE username = ? OR email_id = ? OR phone_no = ?";
final String GET_USER_PROFILE = "SELECT user.id, user.username, user.email_id as emailId, user.phone_no as phoneNo, user.avatar_url as avatarUrl, user_profile.first_name, user_profile.last_name, user_profile.dob FROM user LEFT JOIN user_profile on user_profile.user_id = user.id WHERE (user.username = ? or user.email_id = ? ) and is_active is TRUE";
final String GET_NUMBER_USER_ROLES = "SELECT count(*) as 'numberOfUsers', r.role_name as 'roleName' from user usr LEFT JOIN user_role ur ON usr.id = ur.user_id LEFT JOIN role r ON ur.role_id = r.id where r.id > 2090 group by r.role_name ";
+ final String SET_USER_PIN = "UPDATE user SET pin=? WHERE id= ?";
+ final String GET_USER_PIN = "SELECT pin FROM user where username = ?";
}
public interface NamedUserQueries {