From ab6ce66db650f8e78735e6584862a91bf3fc27ac Mon Sep 17 00:00:00 2001
From: nivetha <nivetha.mariappan@tarento.com>
Date: Tue, 8 Mar 2022 16:29:22 +0530
Subject: [PATCH] Generate user pin & validation

---
 .../retail/config/WebSecurityConfig.java      |  3 +-
 .../controller/AuthenticationController.java  | 12 ++++++--
 .../retail/controller/UserController.java     | 13 +++++++++
 .../java/com/tarento/retail/dao/UserDao.java  |  4 +++
 .../tarento/retail/dao/impl/UserDaoImpl.java  | 29 +++++++++++++++++++
 .../com/tarento/retail/model/LoginUser.java   |  1 +
 .../tarento/retail/service/UserService.java   |  4 +++
 .../retail/service/impl/UserServiceImpl.java  | 11 +++++++
 .../com/tarento/retail/util/PathRoutes.java   |  1 +
 .../java/com/tarento/retail/util/Sql.java     |  2 ++
 10 files changed, 76 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/tarento/retail/config/WebSecurityConfig.java b/src/main/java/com/tarento/retail/config/WebSecurityConfig.java
index 9716cf7..332ea87 100644
--- a/src/main/java/com/tarento/retail/config/WebSecurityConfig.java
+++ b/src/main/java/com/tarento/retail/config/WebSecurityConfig.java
@@ -58,7 +58,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 						"/user/mapUserMasterRoleCountryOrg", "/user/getMasterRoleByOrgDomain", "/user/domainRole",
 						"/user/getUsersByRole", "/user/addOrgDomainRoles",
 						PathRoutes.USER_ACTIONS_URL + PathRoutes.UserRoutes.REQUEST_OTP,
-						PathRoutes.AuthenticationRoutes.SIGN_IN)
+						PathRoutes.AuthenticationRoutes.SIGN_IN,
+						PathRoutes.USER_ACTIONS_URL + PathRoutes.UserRoutes.GENERATE_PIN)
 				.permitAll().anyRequest().authenticated().and().exceptionHandling()
 				.authenticationEntryPoint(unauthorizedHandler).and().sessionManagement()
 				.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
diff --git a/src/main/java/com/tarento/retail/controller/AuthenticationController.java b/src/main/java/com/tarento/retail/controller/AuthenticationController.java
index 0e9d31e..e9b161a 100644
--- a/src/main/java/com/tarento/retail/controller/AuthenticationController.java
+++ b/src/main/java/com/tarento/retail/controller/AuthenticationController.java
@@ -115,8 +115,13 @@ public class AuthenticationController {
 
 	@RequestMapping(value = PathRoutes.AuthenticationRoutes.SIGN_IN, method = RequestMethod.POST)
 	public String signIn(@RequestBody LoginUser loginUser) throws JsonProcessingException {
-		if (StringUtils.isNotBlank(loginUser.getUsername()) && StringUtils.isNotBlank(loginUser.getOtp())) {
-			Boolean valid = userService.validateUserOTP(loginUser.getUsername(), loginUser.getOtp());
+		if (StringUtils.isNotBlank(loginUser.getUsername())) {
+			Boolean valid = Boolean.FALSE;
+			if (StringUtils.isNotBlank(loginUser.getOtp())) {
+				valid = userService.validateUserOTP(loginUser.getUsername(), loginUser.getOtp());
+			} else if (String.valueOf(loginUser.getPin()).length() == 4) {
+				valid = userService.validateUserPin(loginUser.getUsername(), loginUser.getPin());
+			}
 			if (valid) {
 				// Generate JWT token
 				User user = new User();
@@ -133,7 +138,8 @@ public class AuthenticationController {
 
 				userProfile.setAuthToken(token);
 				// get user roles
-				List<Role> userRoles = userService.findAllRolesByUser(userProfile.getId(), userProfile.getOrgId(), null);
+				List<Role> userRoles = userService.findAllRolesByUser(userProfile.getId(), userProfile.getOrgId(),
+						null);
 				LOGGER.info("Fetched Roles Assigned for the User");
 				userProfile.setRoles(userRoles);
 
diff --git a/src/main/java/com/tarento/retail/controller/UserController.java b/src/main/java/com/tarento/retail/controller/UserController.java
index a690dc3..502c790 100644
--- a/src/main/java/com/tarento/retail/controller/UserController.java
+++ b/src/main/java/com/tarento/retail/controller/UserController.java
@@ -574,4 +574,17 @@ public class UserController {
 		}
 	}
 
+	@RequestMapping(value = PathRoutes.UserRoutes.GENERATE_PIN, method = RequestMethod.POST)
+	public String generatePin(@RequestBody LoginUser loginUser) throws JsonProcessingException {
+		if (StringUtils.isNotBlank(loginUser.getUsername()) && String.valueOf(loginUser.getPin()).length() == 4
+				&& StringUtils.isNotBlank(loginUser.getOtp())) {
+			Long userId = userService.checkUserNameExists(loginUser.getUsername(), null);
+			if (userId != 0L && userService.validateUserOTP(loginUser.getUsername(), loginUser.getOtp())) {
+				return ResponseGenerator.successResponse(userService.setUserPin(loginUser.getPin(), userId));
+			}
+			return ResponseGenerator.failureResponse(Constants.UNAUTHORIZED_USER);
+		}
+		return ResponseGenerator.failureResponse("Check your request params");
+	}
+
 }
diff --git a/src/main/java/com/tarento/retail/dao/UserDao.java b/src/main/java/com/tarento/retail/dao/UserDao.java
index 75f7e39..42273d3 100644
--- a/src/main/java/com/tarento/retail/dao/UserDao.java
+++ b/src/main/java/com/tarento/retail/dao/UserDao.java
@@ -258,4 +258,8 @@ public interface UserDao {
 
 	public List<KeyValue> getNumberOfUsersAndRoles();
 
+	public Boolean setUserPin(String encryptedPin, Long userId);
+
+	public Boolean validateUserPin(int pin, String username);
+
 }
diff --git a/src/main/java/com/tarento/retail/dao/impl/UserDaoImpl.java b/src/main/java/com/tarento/retail/dao/impl/UserDaoImpl.java
index 5db456b..3526520 100644
--- a/src/main/java/com/tarento/retail/dao/impl/UserDaoImpl.java
+++ b/src/main/java/com/tarento/retail/dao/impl/UserDaoImpl.java
@@ -20,6 +20,7 @@ import org.springframework.jdbc.core.PreparedStatementCreator;
 import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
 import org.springframework.jdbc.support.GeneratedKeyHolder;
 import org.springframework.jdbc.support.KeyHolder;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Repository;
 
 import com.tarento.retail.config.JwtTokenUtil;
@@ -68,6 +69,9 @@ public class UserDaoImpl implements UserDao {
 	@Autowired
 	private JwtTokenUtil jwtTokenUtil;
 
+	@Autowired
+	private BCryptPasswordEncoder bcryptEncoder;
+
 	@Override
 	public List<Action> findAllActionsByRoleID(Integer roleID) {
 		List<Action> actions = new ArrayList<Action>();
@@ -985,4 +989,29 @@ public class UserDaoImpl implements UserDao {
 		}
 		return userList;
 	}
+
+	@Override
+	public Boolean setUserPin(String encryptedPin, Long userId) {
+		try {
+			jdbcTemplate.update(UserQueries.SET_USER_PIN, new Object[] { encryptedPin, userId });
+			return Boolean.TRUE;
+		} catch (Exception e) {
+			LOGGER.error(String.format(Constants.EXCEPTION_METHOD, "setUserPin", e.getMessage()));
+			return Boolean.FALSE;
+		}
+	}
+
+	@Override
+	public Boolean validateUserPin(int pin, String username) {
+		try {
+			List<String> userPin = jdbcTemplate.queryForList(UserQueries.GET_USER_PIN, new Object[] { username },
+					String.class);
+			if (userPin != null && userPin.size() > 0 && bcryptEncoder.matches(String.valueOf(pin), userPin.get(0))) {
+				return Boolean.TRUE;
+			}
+		} catch (Exception e) {
+			LOGGER.error(String.format(Constants.EXCEPTION_METHOD, "validateUserPin", e.getMessage()));
+		}
+		return Boolean.FALSE;
+	}
 }
diff --git a/src/main/java/com/tarento/retail/model/LoginUser.java b/src/main/java/com/tarento/retail/model/LoginUser.java
index 6dd2a26..0bdb91a 100644
--- a/src/main/java/com/tarento/retail/model/LoginUser.java
+++ b/src/main/java/com/tarento/retail/model/LoginUser.java
@@ -13,4 +13,5 @@ public class LoginUser {
 	private String organization;
 	private String otp;
 	private Boolean isMobile;
+	private int pin;
 }
diff --git a/src/main/java/com/tarento/retail/service/UserService.java b/src/main/java/com/tarento/retail/service/UserService.java
index 19d664e..6a65f85 100644
--- a/src/main/java/com/tarento/retail/service/UserService.java
+++ b/src/main/java/com/tarento/retail/service/UserService.java
@@ -237,4 +237,8 @@ public interface UserService {
 
 	List<KeyValue> getNumberOfUsersAndRoles();
 
+	public Boolean setUserPin(int pin, Long userId);
+
+	public Boolean validateUserPin(String username, int pin);
+
 }
\ No newline at end of file
diff --git a/src/main/java/com/tarento/retail/service/impl/UserServiceImpl.java b/src/main/java/com/tarento/retail/service/impl/UserServiceImpl.java
index 9c870de..e4dfcad 100644
--- a/src/main/java/com/tarento/retail/service/impl/UserServiceImpl.java
+++ b/src/main/java/com/tarento/retail/service/impl/UserServiceImpl.java
@@ -596,4 +596,15 @@ public class UserServiceImpl implements UserDetailsService, UserService {
 		return userDao.getNumberOfUsersAndRoles();
 	}
 
+	@Override
+	public Boolean setUserPin(int pin, Long userId) {
+		String encryptedPin = bcryptEncoder.encode(String.valueOf(pin));
+		return userDao.setUserPin(encryptedPin, userId);
+	}
+
+	@Override
+	public Boolean validateUserPin(String username, int pin) {
+		return userDao.validateUserPin(pin, username);
+	}
+
 }
diff --git a/src/main/java/com/tarento/retail/util/PathRoutes.java b/src/main/java/com/tarento/retail/util/PathRoutes.java
index 8797b32..aed37d7 100644
--- a/src/main/java/com/tarento/retail/util/PathRoutes.java
+++ b/src/main/java/com/tarento/retail/util/PathRoutes.java
@@ -40,6 +40,7 @@ public interface PathRoutes {
 		final String REQUEST_OTP = "/requestOTP";
 		final String NUMBER_OF_USERS_ROLES_GET = "/getNumberOfUsersAndRoles";
 		final String GET_USER_DEVICE_TOKEN = "getDeviceTokenForUserIds";
+		final String GENERATE_PIN = "/generatePin";
 	}
 
 	public interface AuthenticationRoutes {
diff --git a/src/main/java/com/tarento/retail/util/Sql.java b/src/main/java/com/tarento/retail/util/Sql.java
index bf3c3a2..da91a8b 100644
--- a/src/main/java/com/tarento/retail/util/Sql.java
+++ b/src/main/java/com/tarento/retail/util/Sql.java
@@ -176,6 +176,8 @@ public interface Sql {
 		final String GET_USER_ID = "SELECT id FROM user WHERE username = ? OR email_id = ? OR phone_no = ?";
 		final String GET_USER_PROFILE = "SELECT user.id, user.username, user.email_id as emailId, user.phone_no as phoneNo, user.avatar_url  as avatarUrl, user_profile.first_name, user_profile.last_name, user_profile.dob FROM user LEFT JOIN user_profile on user_profile.user_id = user.id WHERE (user.username = ? or user.email_id = ? ) and is_active is TRUE";
 		final String GET_NUMBER_USER_ROLES = "SELECT count(*) as 'numberOfUsers', r.role_name as 'roleName' from user usr LEFT JOIN user_role ur ON usr.id = ur.user_id LEFT JOIN role r ON ur.role_id = r.id where r.id > 2090 group by r.role_name ";
+		final String SET_USER_PIN = "UPDATE user SET pin=? WHERE id= ?";
+		final String GET_USER_PIN = "SELECT pin FROM user where username = ?";
 	}
 
 	public interface NamedUserQueries {
-- 
GitLab