Skip to content

Commit d965292

Browse files
devondragondevondragon
authored
Merge pull request #46 from devondragon/issue-33-Build-User-Delete/Disable-Feature
Issue 33 build user delete/disable feature
2 parents 063b411 + edb07a5 commit d965292

22 files changed

+250
-72
lines changed

README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,10 @@ Additionally, a docker-compose file is included, which launches a stack with the
7777

7878

7979

80+
## Overriding Spring Security Messages
81+
82+
You may want to override the default Spring Security user facing messages. You can do this in your messages.properties file, by adding any of the message keys from Spring Security (found here: [Spring Security Messages](https://github.com/spring-projects/spring-security/blob/main/core/src/main/resources/org/springframework/security/messages.properties)) and providing your own values.
83+
8084

8185
## Dev Tools
8286

src/main/java/com/digitalsanctuary/spring/user/api/UserAPI.java

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
import org.springframework.http.ResponseEntity;
1111
import org.springframework.security.core.annotation.AuthenticationPrincipal;
1212
import org.springframework.security.core.context.SecurityContextHolder;
13+
import org.springframework.web.bind.annotation.DeleteMapping;
1314
import org.springframework.web.bind.annotation.PostMapping;
1415
import org.springframework.web.bind.annotation.RequestMapping;
1516
import org.springframework.web.bind.annotation.RestController;
@@ -25,6 +26,7 @@
2526
import com.digitalsanctuary.spring.user.service.UserService.TokenValidationResult;
2627
import com.digitalsanctuary.spring.user.util.JSONResponse;
2728
import com.digitalsanctuary.spring.user.util.UserUtils;
29+
import jakarta.servlet.ServletException;
2830
import jakarta.servlet.http.HttpServletRequest;
2931
import lombok.RequiredArgsConstructor;
3032
import lombok.extern.slf4j.Slf4j;
@@ -64,6 +66,10 @@ public class UserAPI {
6466
@Value("${user.security.forgotPasswordChangeURI}")
6567
private String forgotPasswordChangeURI;
6668

69+
@Value("${user.actuallyDeleteAccount:false}")
70+
private boolean actuallyDeleteAccount;
71+
72+
6773
/**
6874
* Register a new user account.
6975
*
@@ -293,4 +299,40 @@ public ResponseEntity<JSONResponse> changeUserPassword(@AuthenticationPrincipal
293299
HttpStatus.OK);
294300
}
295301

302+
/**
303+
* Deletes the current user's account.
304+
*
305+
* @param locale the locale
306+
* @param request the request
307+
* @return the generic response
308+
*/
309+
@DeleteMapping("/deleteAccount")
310+
public ResponseEntity<JSONResponse> deleteAccount(@AuthenticationPrincipal DSUserDetails userDetails, final Locale locale,
311+
final HttpServletRequest request) {
312+
313+
if (userDetails == null || userDetails.getUser() == null) {
314+
log.error("UserAPI.deleteAccount:" + "deleteAccount called with null userDetails or user.");
315+
return new ResponseEntity<JSONResponse>(
316+
JSONResponse.builder().success(false).code(2).message(messages.getMessage("message.error", null, locale)).build(),
317+
HttpStatus.INTERNAL_SERVER_ERROR);
318+
}
319+
final User user = userDetails.getUser();
320+
321+
if (actuallyDeleteAccount) {
322+
userService.deleteUser(user);
323+
} else {
324+
user.setEnabled(false);
325+
userService.saveRegisteredUser(user);
326+
}
327+
try {
328+
SecurityContextHolder.clearContext();
329+
request.logout();
330+
} catch (ServletException e) {
331+
log.warn("UserAPI.deleteAccount:" + "Exception on logout!", e);
332+
}
333+
334+
return new ResponseEntity<JSONResponse>(JSONResponse.builder().success(true).message("Account Deleted").build(), HttpStatus.OK);
335+
}
336+
337+
296338
}

src/main/java/com/digitalsanctuary/spring/user/controller/UserPageController.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -142,4 +142,9 @@ public String updatePassword() {
142142
return "user/update-password";
143143
}
144144

145+
@GetMapping("/user/delete-account.html")
146+
public String deleteAccount() {
147+
return "user/delete-account";
148+
}
149+
145150
}

src/main/resources/META-INF/additional-spring-configuration-metadata.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -164,6 +164,11 @@
164164
"name": "spring.devtools.livereload.https",
165165
"type": "java.lang.String",
166166
"description": "A description for 'spring.devtools.livereload.https'"
167+
},
168+
{
169+
"name": "user.actuallyDeleteAccount",
170+
"type": "java.lang.String",
171+
"description": "A description for 'user.actuallyDeleteAccount'"
167172
}
168173
]
169174
}

src/main/resources/application.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,7 @@ spring:
7070
messages:
7171
basename: messages/messages
7272
user:
73+
actuallyDeleteAccount: false
7374
registration:
7475
sendVerificationEmail: true
7576
googleEnabled: false

src/main/resources/messages/messages.properties

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ page.title.forgotPassword=Forgot Your Password?
1111
page.title.forgotPasswordPending=Forgot Password Pending Verification
1212
page.title.updateUser=Update Your Profile
1313
page.title.updatePassword=Change Your Password
14+
page.title.deleteAccount=Delete Your Account
1415

1516

1617

@@ -25,6 +26,7 @@ action.register=Register Here
2526
action.forgotPassword=Forgot Your Password?
2627
action.updateUser=Update Profile
2728
action.updatePassword=Change Password
29+
action.deleteAccount=Delete Account
2830

2931
email.forgotPassword.introPara=A forgot password email has been requested for your account. If this was you, please click the link below and reset your password. If this wasn't you, it is safe to ignore this, no changes have been made to your account or password. If you belive someone is trying to gain access to your account, please contact support!
3032
email.forgotPassword.linkExpPara=Please note that this link will only be valid for 24 hours. Click if you need to <a href="{0}/user/forgot-password.html">request another forgot password link</a>.
@@ -44,6 +46,7 @@ message.userNotFound=User Not Found
4446
message.resetPasswordSuccess=Password reset successfully
4547
message.resetYourPassword=Reset your password
4648
message.resetPasswordEmail=You should receive a password reset email shortly
49+
message.deleteAccount=Delete Your Account
4750
4851
message.updateUserSuccess=Your Profile Was Successfully Updated.
4952

src/main/resources/static/js/register.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,11 @@ function register(event) {
2424
$("#globalError").show().html(/*[[#{PasswordMatches.user}]]*/);
2525
return;
2626
}
27-
var token = $('input[name="_csrf"]').attr('value')
2827
$.ajaxSetup({
2928
beforeSend: function (xhr) {
30-
xhr.setRequestHeader('Csrf-Token', token);
29+
var token = $("meta[name='_csrf']").attr("content");
30+
var header = $("meta[name='_csrf_header']").attr("content");
31+
xhr.setRequestHeader(header, token);
3132
}
3233
});
3334
var formData = $('form').serialize();

src/main/resources/templates/index.html

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,7 @@
11
<!DOCTYPE HTML>
2-
<html lang="en" xmlns:th="http://www.thymeleaf.org" layout:decorate="~{layout}">
2+
<html xmlns:th="http://www.thymeleaf.org" layout:decorate="~{layout}">
33

44
<head>
5-
<meta charset="utf-8">
65
<title th:utext="#{page.title.home}">Home Page</title>
76
</head>
87

src/main/resources/templates/layout.html

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,15 @@
11
<!DOCTYPE html>
2-
<html>
2+
<html xmlns:th="http://www.thymeleaf.org" th:lang="${#locale.language}">
33

44
<head>
55
<meta charset="utf-8">
66
<meta name="viewport" content="width=device-width, initial-scale=1">
77
<meta th:if="${@environment.acceptsProfiles('dev','local')}" http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
88

9-
<sec:csrfMetaTags />
9+
<meta name="_csrf" th:content="${_csrf.token}" />
10+
<!-- default header name is X-CSRF-TOKEN -->
11+
<meta name="_csrf_header" th:content="${_csrf.headerName}" />
12+
1013
<!--/* Each token will be replaced by their respective titles in the resulting page. */-->
1114
<title layout:title-pattern="$LAYOUT_TITLE - $CONTENT_TITLE">Spring User Framework</title>
1215

src/main/resources/templates/protected.html

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!DOCTYPE HTML>
2-
<html lang="en" xmlns:th="http://www.thymeleaf.org" layout:decorate="~{layout}">
2+
<html xmlns:th="http://www.thymeleaf.org" layout:decorate="~{layout}">
33

44
<head>
55
<title>Protected Page</title>
@@ -17,4 +17,4 @@
1717
</div>
1818
</body>
1919

20-
</html>
20+
</html>

0 commit comments

Comments
 (0)